c23e6d5592c2999a915eb34623afe102_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c23e6d5592c2999a915eb34623afe102_JaffaCakes118
Size

30.5MB
MD5

c23e6d5592c2999a915eb34623afe102
SHA1

3572045f7c55d46bdd280483b53849b593552096
SHA256

535895bf65901f1bc45ccdc4826086fe160ebba38e3009be87728e543f9fbba0
SHA512

18d30e837c526dc4cdd1e0aeecbb8b6430f57fd095736e1096ece33a77e5dc144c5a6805099406215a9bb9da72a8c9c53158d08236919fb5ec794ff25c9401c4
SSDEEP

786432:S59lRw8G22NM7CApo9z/qLIE4CblNK4zvDpAQHZO:S59lR022NM7CM6qLR4KlNK4TlX5O

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/$PLUGINSDIR/KillProc.dll	acprotect
static1/unpack001/nat.dll	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/$PLUGINSDIR/KillProc.dll	upx
static1/unpack001/nat.dll	upx

Unsigned PE 20 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/KillProc.dll
unpack002/out.upx
unpack001/$PLUGINSDIR/KillProcDLL.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsExec.dll
unpack001/CCheck.dll
unpack001/MCheck.dll
unpack001/UNACEV2.DLL
unpack001/ZHashGen.dll
unpack001/ccd.exe
unpack001/ckpcodec.dll
unpack001/conkeeper.dll
unpack003/out.upx
unpack001/sfdcd.dll
unpack001/sffilecast.dll
unpack001/ssmfileinfo.dll
unpack004/$PLUGINSDIR/ExecDos.dll
unpack004/$PLUGINSDIR/nsProcess.dll
unpack004/$PLUGINSDIR/nsSCM.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/v_filecast_setup.exe	nsis_installer_1
static1/unpack001/v_filecast_setup.exe	nsis_installer_2

Files

c23e6d5592c2999a915eb34623afe102_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/11/2009, 10:00

Not After

18/03/2019, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

27:84:3e:e2:10:20:e5:69:08:de:ca:ad
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

24/01/2019, 07:30

Not After

24/01/2021, 07:30

Subject

SERIALNUMBER=131111-0340297,CN=TIDYWEB Co.\,LTD.,O=TIDYWEB Co.\,LTD.,STREET=1102\, 1103\, 165\, Gasan digital 2-ro,L=Geumcheon-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19/02/2018, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/11/2009, 10:00

Not After

18/03/2019, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

27:84:3e:e2:10:20:e5:69:08:de:ca:ad
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

24/01/2019, 07:30

Not After

24/01/2021, 07:30

Subject

SERIALNUMBER=131111-0340297,CN=TIDYWEB Co.\,LTD.,O=TIDYWEB Co.\,LTD.,STREET=1102\, 1103\, 165\, Gasan digital 2-ro,L=Geumcheon-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19/02/2018, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cd:c6:9f:ad:96:67:53:09:d3:32:91:d2:4a:03:e2:4c:f0:5c:f6:ae:86:3f:bb:2a:d3:53:20:35:0f:db:23:35
Signer

Actual PE Digest

cd:c6:9f:ad:96:67:53:09:d3:32:91:d2:4a:03:e2:4c:f0:5c:f6:ae:86:3f:bb:2a:d3:53:20:35:0f:db:23:35

Digest Algorithm

sha256

PE Digest Matches

true

4f:34:3d:78:e9:ab:d4:10:45:fb:45:c8:af:1e:4e:a6:bb:39:e6:0c
Signer

Actual PE Digest

4f:34:3d:78:e9:ab:d4:10:45:fb:45:c8:af:1e:4e:a6:bb:39:e6:0c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProc.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

FindProcesses
KillProcesses

Sections

UPX0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 101B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

153027ec3b10bcea606b777657dd3402

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
TerminateProcess
OpenProcess
LoadLibraryA
CloseHandle
GetProcAddress
FreeLibrary
GlobalFree
lstrcpyA
DisableThreadLibraryCalls

msvcrt

strcmp
_strupr
toupper
strlen
free
_initterm
malloc
_adjust_fdiv
strcpy
_itoa

Exports

Exports

KillProc

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

d83f71e61ee459ee63ca3e829966a9dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetExitCodeProcess
WaitForSingleObject
Sleep
TerminateProcess
lstrcpyA
lstrcpynA
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
PeekNamedPipe
GetTickCount
CreateProcessA
GetStartupInfoA
CreatePipe
GetVersionExA
GetModuleHandleA
DeleteFileA
lstrcmpiA
lstrlenA
lstrcatA
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CopyFileA
GetTempFileNameA
GlobalFree
GlobalAlloc
GetModuleFileNameA
ExitProcess
GetCommandLineA
GetProcAddress
GlobalLock
GetCurrentProcess

user32

SendMessageA
OemToCharBuffA
CharNextA
wsprintfA
CharPrevA
FindWindowExA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 410B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/FileCast.ico
Ark32.dll
.dll windows:5 windows x86 arch:x86

bb0bc3e6d92c94be66f374a731e7f7b9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:08:e4:25:dd:db:b3:4e:1e:26:d6:e7:85:6e:9f:b8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/09/2013, 00:00

Not After

26/12/2016, 23:59

Subject

CN=Bandisoft,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Bandisoft,L=Yeongdeungpogu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\devel\Ark5\bin\Ark32.pdb

Imports

kernel32

CloseHandle
GetCurrentThread
SetFileTime
FileTimeToSystemTime
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
FileTimeToDosDateTime
InterlockedIncrement
InterlockedDecrement
FreeLibrary
lstrcpyA
DeleteFileW
GetFileAttributesExW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetModuleFileNameW
LoadLibraryW
GetProcAddress
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateEventW
SetEvent
WaitForSingleObject
ResetEvent
SetFileAttributesW
Sleep
WriteFile
CreateFileA
ReadFile
SetFilePointer
GetFileTime
MoveFileW
LocalFileTimeToFileTime
lstrcpynA
GetTickCount
SetThreadPriority
InterlockedExchange
FileTimeToLocalFileTime
lstrcmpW
VirtualAlloc
VirtualFree
GetSystemDirectoryW
GetCurrentProcessId
GetVersion
GetCurrentProcess
CreatePipe
DuplicateHandle
GetExitCodeProcess
TerminateThread
TerminateProcess
GlobalAlloc
CreateProcessW
GlobalFree
WaitForMultipleObjects
CreateSemaphoreW
ReleaseSemaphore
GetFileSizeEx
QueryPerformanceCounter
GetSystemInfo
GetModuleHandleW
GetCPInfo
IsDBCSLeadByte
CompareStringA
CompareStringW
InterlockedCompareExchange
GetSystemTimeAsFileTime
GetThreadLocale
GetACP
LoadLibraryA
GetLocaleInfoA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
GetCommandLineA
ExitThread
CreateThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
LCMapStringW
LCMapStringA
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetEnvironmentVariableA
GetModuleHandleA
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileW
GetFileSize
WideCharToMultiByte
MultiByteToWideChar
CreateDirectoryW
lstrcpyW
lstrlenA
GetLastError
GetFileAttributesW
GetFileAttributesA
lstrcatW
lstrlenW
GetCurrentThreadId
GetVersionExW

user32

CharToOemBuffA
CharUpperW
SendMessageW
FindWindowW
wsprintfW

advapi32

RevertToSelf
GetFileSecurityW
OpenThreadToken
AccessCheck
AreAllAccessesGranted
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ImpersonateSelf

oleaut32

VariantClear
SysAllocStringByteLen
SysStringByteLen
SysFreeString
SysAllocString

Exports

Exports

CreateArk
CreateArkCompressor

Sections

.text
Size: 955KB - Virtual size: 954KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 308KB - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ark32_v2.dll
.dll windows:5 windows x86 arch:x86

c04a32761b82ce14aa23ba289d6edae9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:08:e4:25:dd:db:b3:4e:1e:26:d6:e7:85:6e:9f:b8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/09/2013, 00:00

Not After

26/12/2016, 23:59

Subject

CN=Bandisoft,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Bandisoft,L=Yeongdeungpogu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\devel\Ark6\bin\Ark32.pdb

Imports

kernel32

SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
FileTimeToDosDateTime
InterlockedIncrement
InterlockedDecrement
FreeLibrary
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
lstrcpyA
DeleteFileW
GetFileAttributesExW
GetModuleFileNameW
LoadLibraryW
GetProcAddress
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateEventW
SetEvent
WaitForSingleObject
ResetEvent
Sleep
WriteFile
CreateFileA
ReadFile
SetFilePointer
GetFileTime
MoveFileW
LocalFileTimeToFileTime
GetSystemInfo
lstrcpynA
GetTickCount
SetThreadPriority
InterlockedExchange
FileTimeToLocalFileTime
lstrcmpW
VirtualAlloc
VirtualFree
GetSystemDirectoryW
GetCurrentProcessId
GetModuleHandleW
GlobalMemoryStatus
CreateProcessW
GetExitCodeProcess
QueryPerformanceCounter
GetCurrentProcess
GetThreadTimes
GetVersion
CreatePipe
DuplicateHandle
TerminateThread
TerminateProcess
GetTimeZoneInformation
GlobalFree
WaitForMultipleObjects
CreateSemaphoreW
ReleaseSemaphore
GetCurrentThreadId
CompareStringA
CompareStringW
CreateThread
InterlockedCompareExchange
GetSystemTimeAsFileTime
GetThreadLocale
GetACP
LoadLibraryA
GetLocaleInfoA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
GetCommandLineA
ExitThread
SetStdHandle
GetFileType
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
SetHandleCount
GetStdHandle
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
LCMapStringA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetEnvironmentVariableA
GetModuleHandleA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FileTimeToSystemTime
SetFileTime
GetCurrentThread
CloseHandle
GetFileSizeEx
CreateFileW
GetFileSize
SetFileAttributesW
WideCharToMultiByte
MultiByteToWideChar
CreateDirectoryW
lstrcpyW
lstrlenA
GetLastError
GetFileAttributesW
GetFileAttributesA
lstrcatW
lstrlenW
GlobalAlloc
GetVersionExW

user32

CharUpperW
SendMessageW
FindWindowW
MessageBoxW
wsprintfW

advapi32

AreAllAccessesGranted
OpenThreadToken
RevertToSelf
ImpersonateSelf
GetFileSecurityW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
AccessCheck

oleaut32

VariantClear
SysAllocStringByteLen
SysStringByteLen
SysFreeString
SysAllocString

Exports

Exports

CreateArk
CreateArkCompressor

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 335KB - Virtual size: 335KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 332KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ark32lgpl.dll
.dll windows:5 windows x86 arch:x86

213561b663826c12cff8d69c48cf7345

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:08:e4:25:dd:db:b3:4e:1e:26:d6:e7:85:6e:9f:b8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/09/2013, 00:00

Not After

26/12/2016, 23:59

Subject

CN=Bandisoft,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Bandisoft,L=Yeongdeungpogu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\devel\Ark5\bin\Ark32lgpl.pdb

Imports

kernel32

VirtualFree
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLastError
CloseHandle
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
CompareFileTime
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
RaiseException
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
RtlUnwind
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA

user32

CharUpperW
CharNextA

oleaut32

VariantClear
SysAllocString
SysAllocStringByteLen

Exports

Exports

AllocWinZipJPEGDecompressor
AreMoreWinZipJPEGBytesAvailable
AreMoreWinZipJPEGSlicesAvailable
Create7zArc
EncodeWinZipJPEGBlocksToBuffer
FreeWinZipJPEGDecompressor
IsFinalWinZipJPEGBundle
ReadNextWinZipJPEGBundle
ReadNextWinZipJPEGSlice
ReadWinZipJPEGHeader
WinZipJPEGBundleMetadataBytes
WinZipJPEGBundleMetadataLength

Sections

.text
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ArkZip32.dll
.dll .pdf windows:5 windows x86 arch:x86 polyglot

b86798315b7e15450e64c193548c0c9b

Code Sign

36:12:22:96:c5:e3:38:a5:20:a1:d2:5f:4c:d7:09:54
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

01/01/2021, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:3b:ba:fc:e9:94:ec:7f:e8:d2:ca:56:8f:2a:b6:4b
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

23/11/2011, 00:00

Not After

21/02/2014, 23:59

Subject

CN=Bandisoft,OU=Dev Team,O=Bandisoft,L=Yeongdeungpo-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\devel\Ark5\bin\ArkZip32.pdb

Imports

kernel32

CreateDirectoryW
MultiByteToWideChar
WideCharToMultiByte
GetFileSize
CreateFileW
GetFileSizeEx
CloseHandle
GetCurrentThread
SetFileTime
FileTimeToSystemTime
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
FileTimeToDosDateTime
InterlockedIncrement
InterlockedDecrement
VirtualAlloc
VirtualFree
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WaitForSingleObject
CreateEventW
SetEvent
ResetEvent
lstrcpyW
InitializeCriticalSection
SetFileAttributesW
DeleteFileW
Sleep
WriteFile
CreateFileA
ReadFile
SetFilePointer
GetFileTime
MoveFileW
lstrcpyA
GetFileAttributesExW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
SetThreadPriority
InterlockedExchange
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
lstrlenA
GetLastError
GetFileAttributesW
GetFileAttributesA
lstrcatW
lstrlenW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
ExitThread
GetCurrentThreadId
CreateThread
GetSystemTimeAsFileTime
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
GetModuleHandleW
GetProcAddress
ExitProcess
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
RtlUnwind
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetLocaleInfoA
LCMapStringA
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
GetModuleHandleA

user32

SendMessageW
FindWindowW
wsprintfW

advapi32

AccessCheck
OpenThreadToken
RevertToSelf
ImpersonateSelf
GetFileSecurityW
AreAllAccessesGranted

Exports

Exports

CreateArk
CreateArkCompressor

Sections

.text
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CCheck.dll
.dll windows:4 windows x86 arch:x86

3ccd7aeac3502efb4aa98f641179ddca

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

WSAStartup
gethostname
gethostbyname
inet_addr
WSACleanup

wininet

InternetOpenA
InternetSetOptionA
InternetConnectA
HttpOpenRequestA
HttpQueryInfoA
InternetSetCookieA
InternetQueryOptionA
HttpSendRequestA
InternetErrorDlg
InternetQueryDataAvailable
InternetReadFile
InternetCloseHandle

mfc42

ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord537
ord6467
ord800
ord860
ord2614
ord823
ord540
ord858
ord1567
ord268
ord2818
ord535
ord939
ord4698
ord941
ord6283
ord6282
ord4278
ord5710
ord4129
ord5683
ord1116
ord2915
ord4202
ord859
ord940
ord926
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord269
ord826
ord600
ord1578
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176

msvcrt

_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
fopen
fclose
fread
_mbsstr
isdigit
_mbctype
_atoi64
__CxxFrameHandler
atoi
_stati64
malloc
free
_mbscmp

kernel32

HeapAlloc
HeapFree
lstrlenA
LocalFree
LocalAlloc
HeapDestroy
HeapCreate
WideCharToMultiByte
GetLastError
InitializeCriticalSection
DeleteCriticalSection

user32

GetDesktopWindow

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Exports

Exports

CopyrightInfo

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Check.exe
.exe windows:5 windows x86 arch:x86

eb87572b82b0ef7e2a2e96b03a50d6e9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:6f:12:d1:04:74:ed:4d:1c:13:a2:6f:4e:40:1b:ce
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

21/01/2016, 00:00

Not After

07/05/2016, 23:59

Subject

CN=iMBC Co.\, Ltd.,O=iMBC Co.\, Ltd.,L=Mapo-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4b:5f:59:08:9e:d9:de:c7:f5:79:56:5a:c5:76:5d:96:6c:84:7f:04:83:68:13:81:4e:e8:9a:b0:f3:7e:ba:66
Signer

Actual PE Digest

4b:5f:59:08:9e:d9:de:c7:f5:79:56:5a:c5:76:5d:96:6c:84:7f:04:83:68:13:81:4e:e8:9a:b0:f3:7e:ba:66

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\project_svn\WebHard\trunk\ConKeeper\고도화_new\ConKeeper\Release\Check.pdb

Imports

kernel32

LoadLibraryA
CloseHandle
GetProcAddress
GlobalMemoryStatus
WriteFile
FreeLibrary
FindResourceA
CreateFileA
GetTickCount
GetModuleFileNameA
LockResource
MultiByteToWideChar
SizeofResource
WideCharToMultiByte
LoadResource
FindResourceW
FindResourceExW
lstrlenA
FlushConsoleInputBuffer
GetStdHandle
GetFileType
GetVersion
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
HeapSetInformation
InterlockedCompareExchange
SetLastError
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
Sleep
DecodePointer
EncodePointer
InterlockedDecrement
InterlockedIncrement
GetVersionExA

oleaut32

SysAllocStringLen

shlwapi

PathFileExistsA

ws2_32

htons
WSAGetLastError
recv
select
closesocket
gethostbyname
send
WSAStartup
connect
ioctlsocket
shutdown
WSASetLastError
socket
setsockopt

msvcr100

_CxxThrowException
_purecall
memcpy
__CxxFrameHandler3
strerror
setlocale
__uncaught_exception
__crtLCMapStringA
__pctype_func
isupper
___lc_codepage_func
___lc_handle_func
_calloc_crt
islower
abort
memset
strncmp
_errno
_unlock
_mbscspn
_lock
_onexit
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
_time32
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
_mbscmp
_splitpath
_mbsspn
atoi
_atoi64
_mbslwr_s
strncpy
strnlen
_time64
fclose
fwrite
_vsnprintf
fopen
_localtime64_s
free
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
sprintf
??2@YAPAXI@Z
_vscprintf
memcpy_s
??_V@YAXPAX@Z
vsprintf_s
_mbsstr
malloc
memmove
??0exception@std@@QAE@ABV01@@Z
realloc
strchr
qsort
wcsstr
vfprintf
_iob
strcmp
tolower
_pctype
__mb_cur_max
_isctype
memchr
_ftol
getenv
fread
fflush
_setmode
ftell
fseek
fgets
fprintf
sscanf
strtoul
fputs
signal
strstr
_gmtime32
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
memmove_s
??3@YAXPAX@Z
_fileno
_stat32
__dllonexit
_getch

user32

GetProcessWindowStation
MessageBoxA
GetUserObjectInformationW
GetDesktopWindow

advapi32

ReportEventA
DeregisterEventSource
RegisterEventSourceA

Sections

.text
Size: 426KB - Virtual size: 425KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8.7MB - Virtual size: 8.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DownProcessor_filecast.exe
.exe windows:5 windows x86 arch:x86

420954eb46cd3242fabe3874ace46db0

Code Sign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/11/2009, 10:00

Not After

18/03/2019, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

27:84:3e:e2:10:20:e5:69:08:de:ca:ad
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

24/01/2019, 07:30

Not After

24/01/2021, 07:30

Subject

SERIALNUMBER=131111-0340297,CN=TIDYWEB Co.\,LTD.,O=TIDYWEB Co.\,LTD.,STREET=1102\, 1103\, 165\, Gasan digital 2-ro,L=Geumcheon-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19/02/2018, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/11/2009, 10:00

Not After

18/03/2019, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

27:84:3e:e2:10:20:e5:69:08:de:ca:ad
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

24/01/2019, 07:30

Not After

24/01/2021, 07:30

Subject

SERIALNUMBER=131111-0340297,CN=TIDYWEB Co.\,LTD.,O=TIDYWEB Co.\,LTD.,STREET=1102\, 1103\, 165\, Gasan digital 2-ro,L=Geumcheon-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19/02/2018, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a6:78:4d:f4:f4:a1:db:db:ae:7c:ba:4b:63:43:ce:3d:25:b2:4f:a5:ac:3b:d5:90:69:a8:ca:1d:8e:4f:53:10
Signer

Actual PE Digest

a6:78:4d:f4:f4:a1:db:db:ae:7c:ba:4b:63:43:ce:3d:25:b2:4f:a5:ac:3b:d5:90:69:a8:ca:1d:8e:4f:53:10

Digest Algorithm

sha256

PE Digest Matches

true

e0:ad:2d:ee:0c:63:e5:b4:99:91:eb:c8:56:86:6a:d5:87:65:ee:df
Signer

Actual PE Digest

e0:ad:2d:ee:0c:63:e5:b4:99:91:eb:c8:56:86:6a:d5:87:65:ee:df

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\backup\윈도우\FileCast (2)\__Webhard\MultiDownload\KGrid_DownProcessor\Release\DownProcessor.pdb

Imports

v_down

?GetSpeed@@YAHXZ
?GetDownSize@@YA_JXZ
?GetStartPoint@@YA_JXZ
?GetStatus@@YAHXZ
?OnStop_Download@@YAXXZ
?OnStart_Download@@YAHH@Z
?SetDownloadFileEx@@YAXPAD00_J0H@Z
?SetDownMainSvrInfo@@YAXPADHH@Z
?InitNodeLib@@YAXPAD@Z

nat

ord23
ord5
ord21
ord18
ord22
ord17
ord15
ord16
ord40
ord38
ord29
ord36
ord35
ord37
ord39

kernel32

WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
GetFileType
SetStdHandle
ResetEvent
VirtualQuery
VirtualAlloc
GetSystemInfo
GetCommandLineW
FindFirstFileExW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlUnwind
OutputDebugStringW
HeapQueryInformation
SearchPathA
GetProfileIntA
GetTempFileNameA
GetTempPathA
VerifyVersionInfoA
VerSetConditionMask
GetWindowsDirectoryA
FindResourceExW
lstrcpyA
GetFileTime
GetFileSizeEx
GetFileAttributesExA
GetFileAttributesA
SetErrorMode
GetACP
GetCPInfo
GetOEMCP
VirtualProtect
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GetCurrentDirectoryA
LocalReAlloc
GlobalHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
LocalAlloc
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindNextFileA
FileTimeToLocalFileTime
GetThreadLocale
GetVolumeInformationA
lstrcmpiA
GetCurrentProcess
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetFullPathNameA
GetFileSize
FlushFileBuffers
FindFirstFileA
FindClose
DeleteFileA
CreateFileA
GetCurrentProcessId
ResumeThread
WaitForSingleObject
SetEvent
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GlobalGetAtomNameA
GlobalFindAtomA
GlobalAddAtomA
FindResourceA
LoadLibraryW
lstrcmpW
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
FreeResource
GetSystemDirectoryW
EncodePointer
OutputDebugStringA
SetLastError
CopyFileA
FormatMessageA
MulDiv
LocalFree
GlobalSize
CompareStringA
MultiByteToWideChar
lstrcmpA
GlobalDeleteAtom
LoadLibraryExW
GetModuleFileNameA
GetCurrentThreadId
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
GetCurrentThread
SetThreadPriority
CreateDirectoryA
LeaveCriticalSection
EnterCriticalSection
GetTickCount
Sleep
GetLocalTime
GetVersionExA
FreeLibrary
GetProcAddress
LoadLibraryA
GetProcessHeap
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionAndSpinCount
HeapFree
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
OpenProcess
GetCommandLineA
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
QueryPerformanceFrequency
ExitProcess
GetStdHandle
WriteConsoleW
GetStringTypeW
LCMapStringW
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetDriveTypeW
GetTimeZoneInformation
GetConsoleCP
FindFirstFileExA
IsValidCodePage
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
CreateFileW
GetCurrentDirectoryW

user32

CopyImage
LoadCursorW
LoadCursorA
WaitMessage
CharUpperA
IsDialogMessageA
SetWindowTextA
SendDlgItemMessageA
CheckDlgButton
MoveWindow
ShowWindow
FillRect
ReleaseDC
GetWindowDC
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
GetWindowThreadProcessId
ShowOwnedPopups
GetCursorPos
TranslateMessage
GetMessageA
SetMenuItemInfoA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetDesktopWindow
IsWindowEnabled
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
MapDialogRect
SetWindowContextHelpId
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
LoadIconA
CallNextHookEx
SetWindowsHookExA
GetWindow
GetLastActivePopup
GetTopWindow
GetClassNameA
GetClassLongA
SetWindowLongA
EqualRect
CopyRect
MapWindowPoints
ScreenToClient
MessageBoxA
AdjustWindowRectEx
GetWindowTextLengthA
GetWindowTextA
RemovePropA
GetPropA
SetPropA
ShowScrollBar
SystemParametersInfoA
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
ValidateRect
EndPaint
LoadImageW
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
TrackPopupMenu
SetMenu
GetMenu
GetKeyState
GetFocus
SetFocus
GetDlgCtrlID
GetDlgItem
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
SetWindowPos
DestroyWindow
IsChild
IsMenu
IsWindow
CreateWindowExA
GetClassInfoExA
RegisterClassA
CallWindowProcA
DefWindowProcA
GetMessageTime
GetMessagePos
PeekMessageA
DispatchMessageA
RegisterWindowMessageA
UnhookWindowsHookEx
RemoveMenu
RegisterClipboardFormatA
GetMenuDefaultItem
DestroyCursor
GetWindowRgn
AppendMenuA
InsertMenuA
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringA
PostQuitMessage
GetWindowRect
SetWindowRgn
ReleaseCapture
WindowFromPoint
ClientToScreen
SetCapture
GetCapture
GetActiveWindow
DeleteMenu
RealChildWindowFromPoint
GetSysColorBrush
DestroyMenu
GetMenuItemInfoA
InflateRect
SetRectEmpty
OffsetRect
GetAsyncKeyState
CharNextA
CopyAcceleratorTableA
InvalidateRgn
IntersectRect
IsRectEmpty
GetNextDlgGroupItem
GetParent
PtInRect
MessageBeep
DestroyIcon
BringWindowToTop
LoadAcceleratorsA
TranslateAcceleratorA
LoadMenuA
CreatePopupMenu
InsertMenuItemA
GetScrollRange
LoadImageA
CreateMenu
SubtractRect
TranslateMDISysAccel
DefMDIChildProcA
DefFrameProcA
DrawMenuBar
GetUpdateRect
IsClipboardFormatAvailable
CharUpperBuffA
ModifyMenuA
GetDoubleClickTime
SetMenuDefaultItem
DestroyAcceleratorTable
CreateAcceleratorTableA
LoadAcceleratorsW
ToAsciiEx
GetKeyboardState
MapVirtualKeyExA
IsCharLowerA
GetKeyboardLayout
GetClassInfoA
LoadIconW
SendMessageA
FindWindowA
SetTimer
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
EnableWindow
UnregisterClassA
PostMessageA
KillTimer
GetSysColor
RedrawWindow
InvalidateRect
UpdateWindow
SetCursor
LoadBitmapW
GetWindowLongA
GetDC
SetRect
GetComboBoxInfo
MonitorFromPoint
UpdateLayeredWindow
LockWindowUpdate
UnpackDDElParam
ReuseDDElParam
GetWindowPlacement
TrackMouseEvent
PostThreadMessageA
FrameRect
CopyIcon
SetCursorPos
LoadMenuW
IsZoomed
DrawFrameControl
DrawEdge
DrawStateA
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
SetClassLongA
EnumDisplayMonitors
SetLayeredWindowAttributes
NotifyWinEvent
InvertRect
HideCaret
EnableScrollBar
GetIconInfo
DrawIconEx
DrawFocusRect
SetParent
GetSystemMenu
UnionRect
MapVirtualKeyA
BeginPaint
GetKeyNameTextA

gdi32

CombineRgn
CopyMetaFileA
CreateDCA
GetDeviceCaps
SetTextColor
CreateHatchBrush
CreatePen
CreatePatternBrush
CreateRectRgn
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
TextOutA
ExtTextOutA
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleWindowExtEx
GetTextExtentPoint32A
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetTextMetricsA
PatBlt
SetRectRgn
EnumFontFamiliesExA
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
SetPixel
SetDIBColorTable
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
Rectangle
OffsetRgn
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
GetTextFaceA
CreateDIBSection
DeleteDC
SetBkColor
BitBlt
GetMapMode
SetMapMode
CreateBitmap
DPtoLP
StretchBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
DeleteObject
CreateFontIndirectA
GetStockObject
GetObjectA
ScaleViewportExtEx
CreateSolidBrush

msimg32

TransparentBlt
AlphaBlend

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegEnumKeyA
RegEnumKeyExA
RegEnumValueA
RegQueryValueA
RegCloseKey
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA

shell32

SHAppBarMessage
ShellExecuteA
SHGetFileInfoA
DragQueryFileA
DragFinish
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetSpecialFolderPathA
SHBrowseForFolderA

comctl32

InitCommonControlsEx

shlwapi

PathGetArgsA
StrFormatByteSize64A
PathFindExtensionA
PathFindFileNameA
PathIsUNCA
PathStripToRootA
UrlUnescapeA
StrFormatKBSizeA
PathRemoveFileSpecW

uxtheme

GetThemeSysColor
GetWindowTheme
IsAppThemed
GetThemePartSize
GetCurrentThemeName
GetThemeColor
CloseThemeData
OpenThemeData
DrawThemeParentBackground
IsThemeBackgroundPartiallyTransparent
DrawThemeBackground
DrawThemeText

ole32

RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CoRegisterMessageFilter
OleIsCurrentClipboard
OleFlushClipboard
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoRevokeClassObject
CreateStreamOnHGlobal
CoInitializeEx
RevokeDragDrop
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CoInitialize
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoCreateGuid
CoUninitialize
OleLockRunning

oleaut32

VarBstrFromDate
OleCreateFontIndirect
SysAllocString
VariantCopy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
LoadTypeLi
VariantChangeType
SysFreeString
SysAllocStringLen
SysAllocStringByteLen
VariantInit
SafeArrayDestroy
VariantClear

oledlg

ord8

urlmon

URLDownloadToFileA

ws2_32

connect
select
setsockopt
recv
htons
inet_addr
closesocket
socket
WSACleanup
WSAGetLastError
WSAStartup

wininet

InternetCanonicalizeUrlA
InternetCrackUrlA
InternetCloseHandle
InternetReadFile
InternetQueryDataAvailable
InternetOpenUrlA
InternetOpenA
DeleteUrlCacheEntry

psapi

EnumProcesses
GetModuleBaseNameA
EnumProcessModules

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

gdiplus

GdipGetImagePalette
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdiplusShutdown
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundA

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 314KB - Virtual size: 314KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FileCast.ico
FileCast_ClientDown.exe
.exe windows:5 windows x86 arch:x86

eee8b37a99cd027e5ea4705d60ae2d6b

Code Sign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/11/2009, 10:00

Not After

18/03/2019, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

27:84:3e:e2:10:20:e5:69:08:de:ca:ad
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

24/01/2019, 07:30

Not After

24/01/2021, 07:30

Subject

SERIALNUMBER=131111-0340297,CN=TIDYWEB Co.\,LTD.,O=TIDYWEB Co.\,LTD.,STREET=1102\, 1103\, 165\, Gasan digital 2-ro,L=Geumcheon-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19/02/2018, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/11/2009, 10:00

Not After

18/03/2019, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

27:84:3e:e2:10:20:e5:69:08:de:ca:ad
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

24/01/2019, 07:30

Not After

24/01/2021, 07:30

Subject

SERIALNUMBER=131111-0340297,CN=TIDYWEB Co.\,LTD.,O=TIDYWEB Co.\,LTD.,STREET=1102\, 1103\, 165\, Gasan digital 2-ro,L=Geumcheon-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19/02/2018, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ea:9e:ad:f5:80:76:5f:81:21:6b:aa:40:cb:60:33:da:d8:47:e9:8d:12:bb:f4:61:8f:99:a9:a3:7a:5d:37:7e
Signer

Actual PE Digest

ea:9e:ad:f5:80:76:5f:81:21:6b:aa:40:cb:60:33:da:d8:47:e9:8d:12:bb:f4:61:8f:99:a9:a3:7a:5d:37:7e

Digest Algorithm

sha256

PE Digest Matches

true

db:8a:fb:7d:40:df:2f:07:83:02:b6:14:c0:97:28:ce:87:28:cc:64
Signer

Actual PE Digest

db:8a:fb:7d:40:df:2f:07:83:02:b6:14:c0:97:28:ce:87:28:cc:64

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\backup\윈도우\FileCast (2)\__Webhard\MultiDownload\MultiMain\Release\MultiMain.pdb

Imports

kernel32

ReadConsoleW
GetConsoleMode
GetConsoleCP
GetDriveTypeW
GetFileAttributesExW
GetStringTypeW
GetTimeZoneInformation
LCMapStringW
GetStdHandle
QueryPerformanceFrequency
HeapQueryInformation
SetFilePointerEx
GetEnvironmentStringsW
GetCommandLineW
VirtualQuery
VirtualAlloc
FreeLibraryAndExitThread
ExitThread
CreateThread
GetModuleHandleExW
ExitProcess
FindNextFileW
FindFirstFileExW
RtlUnwind
OutputDebugStringW
FindFirstFileExA
GetFileType
IsValidCodePage
FreeEnvironmentStringsW
SetEnvironmentVariableA
CreateFileW
GetCurrentDirectoryW
WriteConsoleW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
CreateEventW
WaitForSingleObjectEx
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SearchPathA
GetProfileIntA
GetTempPathA
VerifyVersionInfoA
VerSetConditionMask
GetWindowsDirectoryA
FindResourceExW
GetTempFileNameA
SetErrorMode
GetACP
GetFileTime
GetFileSizeEx
GetFileAttributesExA
GetFileAttributesA
GetCPInfo
GetOEMCP
VirtualProtect
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GetCurrentDirectoryA
LocalReAlloc
GlobalHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetThreadLocale
lstrcmpiA
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetFullPathNameA
FlushFileBuffers
FindNextFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
LocalAlloc
SuspendThread
SetThreadPriority
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GlobalGetAtomNameA
GlobalFindAtomA
GlobalAddAtomA
LoadLibraryW
lstrcmpW
GetModuleHandleW
GetModuleFileNameW
GetSystemDirectoryW
EncodePointer
OutputDebugStringA
CompareStringA
GlobalDeleteAtom
LoadLibraryExW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
SetLastError
CopyFileA
FormatMessageA
LocalFree
GlobalSize
lstrcpynA
GlobalReAlloc
InterlockedExchange
HeapCreate
ResetEvent
FreeResource
FindResourceA
GlobalAlloc
ResumeThread
GlobalFree
MulDiv
GlobalUnlock
GlobalLock
GetModuleFileNameA
lstrlenA
GetSystemInfo
SetEvent
CreateEventA
MultiByteToWideChar
WideCharToMultiByte
GetTickCount
WaitForSingleObject
DeleteFileA
GetModuleHandleA
Process32Next
Process32First
CreateToolhelp32Snapshot
GetCurrentProcess
RemoveDirectoryA
CreateDirectoryA
GetSystemDirectoryA
GetFileSize
CreateFileA
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
HeapFree
CloseHandle
GetLastError
CreateMutexA
lstrcpyA
lstrcmpA
InitializeCriticalSection
Sleep
GetLocalTime
GetCommandLineA
FindResourceW
LoadResource
LockResource
SizeofResource
SetStdHandle

user32

CharNextA
IntersectRect
InflateRect
LoadCursorW
IsRectEmpty
CharUpperA
SetRectEmpty
IsDialogMessageA
SetWindowTextA
SendDlgItemMessageA
CheckDlgButton
MoveWindow
MapVirtualKeyA
GetKeyNameTextA
GetWindowDC
ShowOwnedPopups
TranslateMessage
GetMessageA
SetMenuItemInfoA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetDesktopWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
MapDialogRect
SetWindowContextHelpId
WaitMessage
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
CallNextHookEx
SetWindowsHookExA
GetWindow
GetTopWindow
GetClassNameA
GetClassLongA
EqualRect
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetWindowTextLengthA
GetWindowTextA
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
GetSysColorBrush
EndPaint
BeginPaint
GetForegroundWindow
SetMenu
GetMenu
GetDlgCtrlID
GetDlgItem
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
IsChild
IsMenu
GetClassInfoExA
RegisterClassA
CallWindowProcA
InvertRect
GetMessagePos
PeekMessageA
DispatchMessageA
RegisterWindowMessageA
UnhookWindowsHookEx
PostQuitMessage
NotifyWinEvent
SetLayeredWindowAttributes
EnumDisplayMonitors
GetLastActivePopup
GetWindowThreadProcessId
RemoveMenu
SetClassLongA
SetParent
GetClassInfoA
FindWindowA
SetForegroundWindow
InsertMenuA
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringA
SetFocus
IsWindowEnabled
GetFocus
FindWindowExA
IsWindow
SetWindowRgn
LoadImageA
CreateWindowExA
GetWindowRect
LoadCursorA
DefWindowProcA
DestroyWindow
ReleaseCapture
WindowFromPoint
CopyImage
DeleteMenu
RealChildWindowFromPoint
GetMenuItemInfoA
GetAsyncKeyState
CopyAcceleratorTableA
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
DestroyIcon
TrackMouseEvent
LoadImageW
BringWindowToTop
LoadAcceleratorsA
TranslateAcceleratorA
LoadMenuA
InsertMenuItemA
ClientToScreen
SetCapture
GetCapture
GetActiveWindow
UnpackDDElParam
ReuseDDElParam
RegisterClipboardFormatA
GetMenuDefaultItem
DrawFocusRect
DrawIconEx
GetIconInfo
EnableScrollBar
ValidateRect
HideCaret
ShowWindow
SetActiveWindow
SendMessageA
EnableWindow
LoadIconW
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
GetKeyState
UnregisterClassA
InvalidateRect
PostMessageA
ExitWindowsEx
SetTimer
LoadBitmapW
KillTimer
MessageBoxA
ReplyMessage
SetRect
SetWindowLongA
LoadIconA
CreatePopupMenu
AppendMenuA
SetMenuDefaultItem
GetCursorPos
TrackPopupMenu
DestroyMenu
GetKeyboardLayout
GetSysColor
RedrawWindow
UpdateWindow
SetCursor
GetDC
ReleaseDC
FillRect
CopyRect
SystemParametersInfoA
OffsetRect
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
GetWindowLongA
PtInRect
GetParent
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateA
DrawEdge
DrawFrameControl
IsZoomed
LoadMenuW
GetSystemMenu
SetCursorPos
CopyIcon
FrameRect
UnionRect
LoadAcceleratorsW
PostThreadMessageA
UpdateLayeredWindow
MonitorFromPoint
GetComboBoxInfo
DestroyCursor
GetWindowRgn
CreateMenu
SubtractRect
TranslateMDISysAccel
DefMDIChildProcA
DefFrameProcA
DrawMenuBar
GetUpdateRect
IsClipboardFormatAvailable
CharUpperBuffA
ModifyMenuA
GetDoubleClickTime
LockWindowUpdate
DestroyAcceleratorTable
CreateAcceleratorTableA
ToAsciiEx
GetKeyboardState
MapVirtualKeyExA
IsCharLowerA
GetMessageTime

gdi32

CombineRgn
CreatePen
Rectangle
CopyMetaFileA
CreateDCA
SetTextColor
CreateHatchBrush
CreatePatternBrush
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetViewportExtEx
IntersectClipRect
LineTo
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ExtCreateRegion
CreateRectRgnIndirect
PatBlt
CreateEllipticRgn
Ellipse
LPtoDP
SetRectRgn
GetBkColor
GetTextColor
GetRgnBox
GetTextMetricsA
EnumFontFamiliesExA
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
SetPixel
SetDIBColorTable
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
OffsetRgn
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetTextFaceA
CreateDIBSection
SetBkColor
GetMapMode
SetMapMode
CreateBitmap
DPtoLP
StretchBlt
Escape
ExtTextOutA
RectVisible
PtVisible
TextOutA
CreateRectRgn
GetViewportOrgEx
GetTextExtentPoint32A
GetWindowOrgEx
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
SelectObject
GetDeviceCaps
GetObjectA
DeleteObject
CreateSolidBrush
GetStockObject
CreateFontIndirectA
ScaleWindowExtEx
GetWindowExtEx
DeleteDC

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetOpenFileNameA
GetSaveFileNameA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegDeleteValueA
LookupPrivilegeValueA
AdjustTokenPrivileges
RegEnumKeyExA
RegQueryValueA
RegDeleteKeyA
OpenProcessToken
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegEnumKeyA
RegEnumValueA
RegCloseKey
RegOpenKeyExA

shell32

SHGetDesktopFolder
ShellExecuteExA
ShellExecuteA
SHGetFolderPathA
SHChangeNotify
SHGetFileInfoA
Shell_NotifyIconA
DragQueryFileA
SHAppBarMessage
SHBrowseForFolderA
SHGetSpecialFolderPathA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
DragFinish

comctl32

ImageList_AddMasked
InitCommonControlsEx
ImageList_Draw

shlwapi

PathGetArgsA
StrFormatByteSize64A
PathFindExtensionA
PathFindFileNameA
UrlUnescapeA
PathIsUNCA
PathStripToRootA
PathRemoveFileSpecW
StrFormatKBSizeA

uxtheme

GetThemeColor
GetThemeSysColor
DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetCurrentThemeName
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
IsAppThemed
GetWindowTheme

ole32

OleFlushClipboard
CoRevokeClassObject
OleIsCurrentClipboard
CoRegisterMessageFilter
DoDragDrop
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CoInitializeEx
OleDraw
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CreateStreamOnHGlobal
CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

VariantInit
SafeArrayDestroy
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetLBound
SafeArrayGetUBound
VariantChangeType
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocString
SysAllocStringLen
SafeArrayGetElemsize
VariantCopy
VarBstrFromDate
OleCreateFontIndirect
LoadTypeLi
OleLoadPicture
SysAllocStringByteLen
SysFreeString
SafeArrayGetDim
VariantClear

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipFree
GdipAlloc
GdipCloneImage
GdiplusShutdown
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdiplusStartup
GdipDisposeImage

ws2_32

WSASetLastError
WSAStartup
WSACleanup
WSASocketA
WSAGetLastError
htons
inet_addr
WSAConnect
closesocket
setsockopt
WSAWaitForMultipleEvents
WSASend
WSARecv

oledlg

ord8

urlmon

URLDownloadToFileA

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

wininet

InternetOpenA
InternetOpenUrlA
InternetQueryDataAvailable
InternetReadFile
InternetCanonicalizeUrlA
InternetCrackUrlA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCloseHandle
DeleteUrlCacheEntry

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundA

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 352KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MCheck.dll
.dll windows:4 windows x86 arch:x86

1ac7223910003e225ff5fe9ce6c9122a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

inet_addr
gethostbyname
WSAStartup
gethostname
WSACleanup

wininet

InternetCloseHandle
InternetReadFile
InternetQueryDataAvailable
InternetErrorDlg
HttpSendRequestA
InternetOpenA
InternetSetOptionA
InternetConnectA
HttpOpenRequestA
HttpQueryInfoA
InternetSetCookieA
InternetQueryOptionA

kernel32

GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetVersion
FreeLibrary
LocalAlloc
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalFree
GlobalHandle
TlsFree
LeaveCriticalSection
GlobalReAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
SetErrorMode
GlobalFlags
WritePrivateProfileStringA
GetCurrentDirectoryA
GetProcessVersion
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCPInfo
GetOEMCP
RtlUnwind
GetACP
GetCommandLineA
ExitProcess
TerminateProcess
RaiseException
HeapSize
HeapReAlloc
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetEnvironmentVariableA
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
LocalFree
FormatMessageA
GetLastError
lstrcpynA
lstrlenA
lstrcatA
lstrcpyA
FindClose
FindFirstFileA
GetDriveTypeA
GlobalLock
GetModuleFileNameA
GetVersionExA
WideCharToMultiByte
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
InterlockedIncrement
InterlockedDecrement
MultiByteToWideChar
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
GlobalAlloc
CloseHandle
SetLastError
GetCurrentProcess
CreateFileA
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
GetProcAddress
LoadLibraryA
GetFullPathNameA
GetModuleHandleA
GlobalUnlock
GetFileAttributesA

user32

IsIconic
SystemParametersInfoA
RegisterWindowMessageA
GetWindow
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenuItemCount
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
UnregisterClassA
LoadStringA
GetClassNameA
PtInRect
LoadCursorA
GetSysColorBrush
DestroyMenu
GetWindowPlacement
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
GetDlgCtrlID
GetWindowTextA
SetWindowTextA
UnhookWindowsHookEx
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
ClientToScreen
GetSystemMetrics
wsprintfA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetLastActivePopup
GetWindowLongA
MessageBoxA
EnableWindow
SetCursor
SendMessageA
PostMessageA
PostQuitMessage
GetDesktopWindow
GetClientRect
GetDlgItem
GetWindowRect
GetParent
GetKeyState
IsWindowEnabled

gdi32

Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetDeviceCaps
DeleteObject
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkColor
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
CreateBitmap
GetObjectA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA

comctl32

ord17

Exports

Exports

L_DownFiltering

Sections

.text
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MediaInfo.dll
.dll windows:5 windows x86 arch:x86

64f05548760ebfde5e1f166b124b8db1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:d6:e7:4d:7f:de:17:c5:b2:fb:8f:47:87:47:cc:46
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

29/09/2013, 00:00

Not After

27/11/2016, 23:59

Subject

CN=MediaArea.net,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=MediaArea.net,L=Curienne,ST=France,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d3:05:95:d5:3a:a0:02:c6:e8:ec:e7:c4:90:07:ed:c4:46:94:d6:8b
Signer

Actual PE Digest

d3:05:95:d5:3a:a0:02:c6:e8:ec:e7:c4:90:07:ed:c4:46:94:d6:8b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
CloseHandle
ReadFile
WriteFile
SetFilePointerEx
SetFilePointer
GetFileSizeEx
GetFileTime
GetTimeZoneInformation
GetFileAttributesW
LoadLibraryW
GetProcAddress
SetEvent
WaitForSingleObject
Sleep
CreateEventW
GetStringTypeW
EncodePointer
DecodePointer
GetCommandLineA
GetCurrentThreadId
GetLastError
HeapFree
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
RtlUnwind
HeapAlloc
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
GetModuleHandleExW
HeapSize
GetACP
GetProcessHeap
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetConsoleMode
GetModuleFileNameW
HeapReAlloc
LoadLibraryExW
GetConsoleCP
SetEnvironmentVariableA
FlushFileBuffers
SetStdHandle
OutputDebugStringW
WriteConsoleW
ResumeThread
GetFullPathNameW
FindFirstFileW
FindNextFileW
FindClose
CreateThread
ExitThread

Exports

Exports

MediaInfoA_Close
MediaInfoA_Count_Get
MediaInfoA_Delete
MediaInfoA_Get
MediaInfoA_GetI
MediaInfoA_Inform
MediaInfoA_New
MediaInfoA_New_Quick
MediaInfoA_Open
MediaInfoA_Open_Buffer
MediaInfoA_Open_Buffer_Continue
MediaInfoA_Open_Buffer_Continue_GoTo_Get
MediaInfoA_Open_Buffer_Finalize
MediaInfoA_Open_Buffer_Init
MediaInfoA_Open_NextPacket
MediaInfoA_Option
MediaInfoA_Output_Buffer_Get
MediaInfoA_Output_Buffer_GetI
MediaInfoA_Save
MediaInfoA_Set
MediaInfoA_SetI
MediaInfoA_State_Get
MediaInfoListA_Close
MediaInfoListA_Count_Get
MediaInfoListA_Count_Get_Files
MediaInfoListA_Delete
MediaInfoListA_Get
MediaInfoListA_GetI
MediaInfoListA_Inform
MediaInfoListA_New
MediaInfoListA_New_Quick
MediaInfoListA_Open
MediaInfoListA_Open_Buffer
MediaInfoListA_Option
MediaInfoListA_Save
MediaInfoListA_Set
MediaInfoListA_SetI
MediaInfoListA_State_Get
MediaInfoList_Close
MediaInfoList_Count_Get
MediaInfoList_Count_Get_Files
MediaInfoList_Delete
MediaInfoList_Get
MediaInfoList_GetI
MediaInfoList_Inform
MediaInfoList_New
MediaInfoList_New_Quick
MediaInfoList_Open
MediaInfoList_Open_Buffer
MediaInfoList_Option
MediaInfoList_Save
MediaInfoList_Set
MediaInfoList_SetI
MediaInfoList_State_Get
MediaInfo_Close
MediaInfo_Count_Get
MediaInfo_Delete
MediaInfo_Get
MediaInfo_GetI
MediaInfo_Info_Version
MediaInfo_Inform
MediaInfo_New
MediaInfo_New_Quick
MediaInfo_Open
MediaInfo_Open_Buffer
MediaInfo_Open_Buffer_Continue
MediaInfo_Open_Buffer_Continue_GoTo_Get
MediaInfo_Open_Buffer_Finalize
MediaInfo_Open_Buffer_Init
MediaInfo_Open_NextPacket
MediaInfo_Option
MediaInfo_Output_Buffer_Get
MediaInfo_Output_Buffer_GetI
MediaInfo_Save
MediaInfo_Set
MediaInfo_SetI
MediaInfo_State_Get

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 920KB - Virtual size: 920KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MediaInfo_v2.dll
.dll windows:4 windows x86 arch:x86

9516debaeb501cc020b83265018f09ca

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

37:22:0b:5b:1e:8c:5c:de:dd:07:2a:b1:df:5c:f3:4c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

19/10/2012, 00:00

Not After

19/10/2013, 23:59

Subject

CN=MediaArea.net,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=MediaArea.net,L=Curienne,ST=France,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cb:ed:03:88:f2:c8:ee:ce:5f:0b:b1:71:28:5e:1f:29:fe:fb:42:f2
Signer

Actual PE Digest

cb:ed:03:88:f2:c8:ee:ce:5f:0b:b1:71:28:5e:1f:29:fe:fb:42:f2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
MultiByteToWideChar
WideCharToMultiByte
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
ResumeThread
GetVersion
CreateFileA
CreateFileW
GetLastError
ReadFile
WriteFile
SetFilePointer
GetFileSize
GetFileTime
GetTimeZoneInformation
GetFileAttributesA
GetFileAttributesW
GetFullPathNameA
GetFullPathNameW
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindClose
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetSystemTimeAsFileTime
ExitThread
CreateThread
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetCPInfo
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
VirtualAlloc
HeapReAlloc
LoadLibraryA
GetLocaleInfoW
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

Exports

Exports

MediaInfoA_Close
MediaInfoA_Count_Get
MediaInfoA_Delete
MediaInfoA_Get
MediaInfoA_GetI
MediaInfoA_Inform
MediaInfoA_New
MediaInfoA_New_Quick
MediaInfoA_Open
MediaInfoA_Open_Buffer
MediaInfoA_Open_Buffer_Continue
MediaInfoA_Open_Buffer_Continue_GoTo_Get
MediaInfoA_Open_Buffer_Finalize
MediaInfoA_Open_Buffer_Init
MediaInfoA_Open_NextPacket
MediaInfoA_Option
MediaInfoA_Output_Buffer_Get
MediaInfoA_Output_Buffer_GetI
MediaInfoA_Save
MediaInfoA_Set
MediaInfoA_SetI
MediaInfoA_State_Get
MediaInfoListA_Close
MediaInfoListA_Count_Get
MediaInfoListA_Count_Get_Files
MediaInfoListA_Delete
MediaInfoListA_Get
MediaInfoListA_GetI
MediaInfoListA_Inform
MediaInfoListA_New
MediaInfoListA_New_Quick
MediaInfoListA_Open
MediaInfoListA_Open_Buffer
MediaInfoListA_Option
MediaInfoListA_Save
MediaInfoListA_Set
MediaInfoListA_SetI
MediaInfoListA_State_Get
MediaInfoList_Close
MediaInfoList_Count_Get
MediaInfoList_Count_Get_Files
MediaInfoList_Delete
MediaInfoList_Get
MediaInfoList_GetI
MediaInfoList_Inform
MediaInfoList_New
MediaInfoList_New_Quick
MediaInfoList_Open
MediaInfoList_Open_Buffer
MediaInfoList_Option
MediaInfoList_Save
MediaInfoList_Set
MediaInfoList_SetI
MediaInfoList_State_Get
MediaInfo_Close
MediaInfo_Count_Get
MediaInfo_Delete
MediaInfo_Get
MediaInfo_GetI
MediaInfo_Info_Version
MediaInfo_Inform
MediaInfo_New
MediaInfo_New_Quick
MediaInfo_Open
MediaInfo_Open_Buffer
MediaInfo_Open_Buffer_Continue
MediaInfo_Open_Buffer_Continue_GoTo_Get
MediaInfo_Open_Buffer_Finalize
MediaInfo_Open_Buffer_Init
MediaInfo_Open_NextPacket
MediaInfo_Option
MediaInfo_Output_Buffer_Get
MediaInfo_Output_Buffer_GetI
MediaInfo_Save
MediaInfo_Set
MediaInfo_SetI
MediaInfo_State_Get

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 544KB - Virtual size: 542KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Mfilter.dll
.dll windows:5 windows x86 arch:x86

06c3be29433398a47f8d7248582d0ef8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:6f:12:d1:04:74:ed:4d:1c:13:a2:6f:4e:40:1b:ce
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

21/01/2016, 00:00

Not After

07/05/2016, 23:59

Subject

CN=iMBC Co.\, Ltd.,O=iMBC Co.\, Ltd.,L=Mapo-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

94:db:8c:f1:01:25:f9:c1:2a:0c:3f:38:da:f3:59:77:93:d3:29:82:ee:6a:4d:7d:65:a1:80:91:0c:87:bc:9e
Signer

Actual PE Digest

94:db:8c:f1:01:25:f9:c1:2a:0c:3f:38:da:f3:59:77:93:d3:29:82:ee:6a:4d:7d:65:a1:80:91:0c:87:bc:9e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\project_svn\WebHard\trunk\ConKeeper\고도화_new\ConKeeper\Release\Mfilter.pdb

Imports

quartz

AMGetErrorTextA

kernel32

LoadLibraryA
CloseHandle
GetTempPathA
Sleep
GetTickCount
WriteFile
lstrlenW
DeleteFileA
MapViewOfFile
GetCurrentProcess
GetCurrentProcessId
SetCurrentDirectoryA
GetCurrentDirectoryA
GetProcAddress
GetLastError
RemoveDirectoryA
OpenMutexA
CreateMutexA
GetVersionExA
OpenFileMappingA
InterlockedCompareExchange
InterlockedExchange
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetFileSize
CreateFileA
GetModuleFileNameA
LockResource
MultiByteToWideChar
SizeofResource
WideCharToMultiByte
LoadResource
FindResourceW
FindResourceExW
lstrlenA
CreateDirectoryA
GetFileAttributesA
InterlockedDecrement
FlushConsoleInputBuffer
GlobalMemoryStatus
GetStdHandle
GetFileType
GetVersion
LeaveCriticalSection
HeapDestroy
HeapAlloc
WaitForSingleObject
IsProcessorFeaturePresent
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
InitializeCriticalSectionAndSpinCount
SetLastError
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InterlockedIncrement

user32

GetProcessWindowStation
DispatchMessageA
PeekMessageA
MessageBoxA
SendMessageA
GetDesktopWindow
GetUserObjectInformationW

shell32

ShellExecuteExA
SHGetSpecialFolderPathA

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysAllocStringLen

shlwapi

PathFileExistsA

wininet

DeleteUrlCacheEntry

urlmon

URLDownloadToFileA

ckpcodec

avformat_close_input
avcodec_close
av_log_set_level
avcodec_open2
av_register_all
swr_free
av_samples_get_buffer_size
avcodec_find_decoder
av_init_packet
av_read_frame
avcodec_get_frame_defaults
avformat_find_stream_info
swr_convert
av_free_packet
avformat_open_input
av_get_default_channel_layout
avcodec_alloc_frame
swr_init
av_free
swr_alloc_set_opts
avcodec_decode_audio4

ws2_32

WSACleanup
WSAStartup
inet_ntoa
gethostname
send
closesocket
gethostbyname
shutdown
socket
recv
setsockopt
htons
WSAGetLastError
select
connect
ioctlsocket
WSASetLastError

msvcr100

vfprintf
wcsstr
qsort
realloc
strcmp
_pctype
__mb_cur_max
_isctype
_ftol
getenv
_setmode
ftell
fgets
fprintf
sscanf
strtoul
fputs
signal
_gmtime32
_fileno
_stat32
_getch
floor
_CIsqrt
_CIpow
_CIsin
_CIcos
_CIexp
??3@YAXPAX@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
memmove
_access
_chdir
??2@YAPAXI@Z
memmove_s
memchr
strnlen
memcpy_s
sprintf
free
malloc
strstr
fwrite
fclose
_mbsstr
vsprintf_s
??_V@YAXPAX@Z
_vscprintf
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
_localtime64_s
fopen
_vsnprintf
_time64
??0exception@std@@QAE@XZ
sprintf_s
localeconv
_wassert
strcpy_s
strcspn
_atoi64
_purecall
_splitpath
_wcsicmp
printf
fputc
mbstowcs
_unlock_file
ungetc
wcsncpy
strchr
fgetpos
_fseeki64
fflush
atoi
fgetc
fsetpos
strncpy
_access_s
setvbuf
_lock_file
strrchr
_localtime64
strncpy_s
_mbscmp
tolower
_mbsrchr
towlower
??8type_info@@QBE_NABV0@@Z
iswspace
iswdigit
feof
fread
fseek
_findfirst64i32
strcat_s
_mbslwr_s
_CxxThrowException
memcpy
__CxxFrameHandler3
strerror
setlocale
__uncaught_exception
__crtLCMapStringA
__pctype_func
isupper
___lc_codepage_func
___lc_handle_func
_calloc_crt
islower
_errno
memset
__iob_func
_free_locale
_malloc_crt
abort
strncmp
calloc
_unlock
__dllonexit
_lock
_onexit
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_time32
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
_iob

advapi32

ReportEventA
DeregisterEventSource
RegisterEventSourceA

Exports

Exports

CheckCompressed
DownEnd
DownEnd_U
DownStart
DownStart_U
PayLog
PayLog_U
SetCustomZipPasswordDialog
SetExtractProgressBarVisibility
SetModulePath
SetOSPId
Upload
Upload_U
initConKeeper
initDll
releaseDll

Sections

.text
Size: 686KB - Virtual size: 686KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UNACEV2.DLL
.dll windows:1 windows x86 arch:x86

8390514c40641509cd0941c1fb7588ab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shell32

ShellExecuteA
ShellExecuteExA

kernel32

AllocConsole
CloseHandle
CreateDirectoryA
CreateFileA
CreateProcessA
DeleteFileA
DeviceIoControl
DisableThreadLibraryCalls
DosDateTimeToFileTime
ExitProcess
ExitThread
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FindClose
FindFirstFileA
FindNextFileA
FlushFileBuffers
FreeConsole
GetCommandLineA
GetConsoleCursorInfo
GetConsoleScreenBufferInfo
GetCurrentDirectoryA
GetCurrentProcess
GetDiskFreeSpaceA
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentVariableA
GetExitCodeProcess
GetFileAttributesA
GetFileInformationByHandle
GetFileTime
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetShortPathNameA
GetStartupInfoA
GetStdHandle
GetSystemTime
GetTempPathA
GetTimeZoneInformation
GetVersion
GetVolumeInformationA
GlobalMemoryStatus
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
LCMapStringA
LoadLibraryA
LocalFileTimeToFileTime
MoveFileA
PeekConsoleInputA
ReadConsoleInputA
ReadConsoleOutputAttribute
ReadConsoleOutputA
ReadFile
RemoveDirectoryA
ScrollConsoleScreenBufferA
SearchPathA
SetConsoleCtrlHandler
SetConsoleCursorInfo
SetConsoleCursorPosition
SetConsoleScreenBufferSize
SetConsoleWindowInfo
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetFileAttributesA
SetFilePointer
SetFileTime
SetHandleCount
SetStdHandle
Sleep
SystemTimeToFileTime
TerminateProcess
VirtualAlloc
VirtualFree
WaitForSingleObject
WriteConsoleOutputA
WriteConsoleOutputCharacterA
WriteFile

advapi32

RegCloseKey
RegCreateKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

gdi32

CreateFontA
DeleteObject

user32

CharToOemBuffA
CreateDialogParamA
DestroyWindow
DialogBoxParamA
DispatchMessageA
EnableWindow
EndDialog
GetDlgItem
GetDlgItemTextA
GetKeyState
GetWindowTextA
KillTimer
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
MessageBeep
MessageBoxA
OemToCharBuffA
PeekMessageA
SendDlgItemMessageA
SetCursor
SetDlgItemTextA
SetFocus
SetTimer
SetWindowTextA
ShowCursor
ShowWindow
TranslateMessage

Exports

Exports

ACEExtract
ACEInitDll
ACEList
ACEReadArchiveData
ACETest
___DllMainCRTStartup@12

Sections

AUTO
Size: 59KB - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DGROUP
Size: 4KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 210KB - Virtual size:

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Uninstall.exe.nsis
ZHashGen.dll
.dll windows:4 windows x86 arch:x86

688716dfabf899ad6c6d910ad6bdb827

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TlsAlloc
GlobalFree
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
SetErrorMode
GlobalFlags
WritePrivateProfileStringA
GetProcessVersion
GetCPInfo
GetOEMCP
RtlUnwind
GetACP
HeapSize
HeapReAlloc
GetTimeZoneInformation
LocalAlloc
GetCommandLineA
ExitProcess
TerminateProcess
RaiseException
SetStdHandle
GetFileType
SetHandleCount
GetStdHandle
GetStartupInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
VirtualFree
VirtualAlloc
IsBadWritePtr
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameA
SetEndOfFile
FlushFileBuffers
ReadFile
GetCurrentProcess
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalUnlock
GetModuleHandleA
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
LocalFree
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
SetLastError
WriteFile
CloseHandle
EnterCriticalSection
LeaveCriticalSection
CreateFileA
SetFilePointer
DeleteCriticalSection
InitializeCriticalSection
GetCurrentDirectoryA
WideCharToMultiByte
GetLastError
GetModuleFileNameA
GlobalLock
GetDriveTypeA
lstrcpyA
lstrcatA
lstrlenA
lstrcpynA
FindFirstFileA
FindClose
LoadLibraryA
GetProcAddress
FreeLibrary

user32

LoadIconA
UnregisterClassA
LoadStringA
GetClassNameA
PtInRect
GetSysColorBrush
DestroyMenu
GetTopWindow
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
DefWindowProcA
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
GetWindow
RegisterWindowMessageA
IsIconic
GetWindowPlacement
SetFocus
ShowWindow
SetWindowPos
MapWindowPoints
SetWindowLongA
GetDlgCtrlID
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
ClientToScreen
ScreenToClient
CopyRect
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetLastActivePopup
IsWindowEnabled
MessageBoxA
SetCursor
PostQuitMessage
UnhookWindowsHookEx
EnableWindow
PostMessageA
GetWindowLongA
GetSystemMetrics
GetDC
AdjustWindowRectEx
ReleaseDC
SystemParametersInfoA
LoadCursorA
SendMessageA
GetClientRect
GetDlgItem
GetWindowRect
GetParent
GetKeyState
OffsetRect
GetSysColor
ModifyMenuA

gdi32

SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
GetStockObject
PtVisible
RectVisible
TextOutA
Escape
SelectObject
RestoreDC
SaveDC
DeleteDC
SetBkMode
DeleteObject
GetDeviceCaps
CreateBitmap
GetObjectA
SetBkColor
ExtTextOutA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegCreateKeyExA

comctl32

ord17

Exports

Exports

L_MurekaIsZipfile

Sections

.text
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ccd.exe
.exe windows:5 windows x86 arch:x86

02d19e3ae5764a3e96b41606bdacddc1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegUnLoadKeyW
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegQueryInfoKeyW
RegLoadKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
GetUserNameW

user32

LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClassLongW
SetCapture
SetActiveWindow
SendMessageA
SendMessageW
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OffsetRect
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MapWindowPoints
MapVirtualKeyW
LoadKeyboardLayoutW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsIconic
IsDialogMessageA
IsDialogMessageW
IsChild
InvalidateRect
IntersectRect
InsertMenuItemW
InsertMenuW
InflateRect
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropW
GetParent
GetWindow
GetMessagePos
GetMessageExtraInfo
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClientRect
GetClassLongW
GetClassInfoW
GetCapture
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
DrawTextExW
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CreateAcceleratorTableW
CopyIcon
ClientToScreen
CheckMenuItem
CharUpperBuffW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

lstrcmpiA
LoadLibraryA
LocalFree
LocalAlloc
GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
IsValidLocale
GetSystemDefaultUILanguage
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetUserDefaultUILanguage
GetLocaleInfoW
GetLastError
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringW
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CreateFileW
CloseHandle
TlsSetValue
TlsGetValue
lstrcpyW
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
TryEnterCriticalSection
SwitchToThread
SuspendThread
SizeofResource
SignalObjectAndWait
SetThreadPriority
SetThreadLocale
SetLastError
SetFileAttributesW
SetEvent
SetErrorMode
ResumeThread
ResetEvent
RemoveDirectoryW
IsDebuggerPresent
MulDiv
MoveFileW
LockResource
LoadResource
LoadLibraryW
GlobalUnlock
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetVersionExW
GetThreadPriority
GetThreadLocale
GetLocalTime
GetFullPathNameW
GetFileAttributesW
GetExitCodeThread
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCPInfo
FreeResource
InterlockedExchangeAdd
InterlockedExchange
InterlockedCompareExchange
FormatMessageW
FindResourceW
FindNextFileW
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumCalendarInfoW
DeleteFileW
CreateEventW

msimg32

AlphaBlend

gdi32

UnrealizeObject
StretchDIBits
StretchBlt
StartPage
StartDocW
SetWindowOrgEx
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SaveDC
RoundRect
RestoreDC
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PolyBezierTo
PolyBezier
Pie
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetTextMetricsW
GetTextExtentPoint32W
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
FrameRgn
ExtTextOutW
ExtFloodFill
ExcludeClipRect
EnumFontsW
EnumFontFamiliesExW
EndPage
EndDoc
Ellipse
DeleteObject
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
Chord
BitBlt
Arc
AbortDoc

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ole32

OleUninitialize
OleInitialize

shell32

ShellExecuteExW
ShellExecuteW

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Copy
ImageList_LoadImageW
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_SetOverlayImage
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

winspool.drv

OpenPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter
GetDefaultPrinterW

Sections

.text
Size: 672KB - Virtual size: 671KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 21KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1024B - Virtual size: 670B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 60B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ckpcodec.dll
.dll windows:4 windows x86 arch:x86

77989818cc4a13d2cd77bfe05183ef25

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext

kernel32

CloseHandle
CreateEventA
CreateFileMappingA
CreateSemaphoreA
DeleteCriticalSection
DisableThreadLibraryCalls
EnterCriticalSection
GetConsoleScreenBufferInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetProcessAffinityMask
GetStdHandle
GetSystemTimeAsFileTime
GetTickCount
GetTimeZoneInformation
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryW
MapViewOfFile
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseSemaphore
ResetEvent
SetConsoleTextAttribute
SetEvent
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
UnmapViewOfFile
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte

msvcrt

__dllonexit
__mb_cur_max
__setusermatherr
_amsg_exit
_beginthreadex
_errno
_exit
_fstati64
_get_osfhandle
_initterm
_iob
_lock
_lseeki64
_onexit
_setjmp3
_snwprintf
_sopen
time
mktime
localtime
gmtime
_unlock
calloc
clock
cosh
exit
fclose
ferror
fflush
fgetc
fopen
fprintf
fputc
fputs
fread
free
frexp
fwprintf
fwrite
getc
getenv
islower
isspace
isupper
isxdigit
localeconv
log10
malloc
memchr
memcmp
memcpy
memmove
memset
printf
puts
qsort
raise
rand
realloc
setlocale
sinh
strchr
strcmp
strcpy
strcspn
strerror
strftime
strlen
strncmp
strrchr
strspn
strstr
strtol
strtoul
_vsnprintf
_wsopen
abort
acos
asin
atan
atan2
atof
atoi
bsearch
tan
tanh
tolower
ungetc
wcscpy
wcslen
longjmp
_write
_unlink
_tempnam
_setmode
_read
_open
_fileno
_fdopen
_close
_access

user32

MessageBoxW

ws2_32

WSACleanup
WSAGetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostname
getnameinfo
getpeername
getsockname
getsockopt
htonl
htons
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Exports

Exports

av_crc
av_crc_get_table
av_d2q
av_default_item_name
av_dict_free
av_dict_get
av_dict_parse_string
av_dict_set
av_div_q
av_fast_malloc
av_find_input_format
av_frame_get_qp_table
av_frame_new_side_data
av_frame_ref
av_frame_set_decode_error_flags
av_frame_unref
av_free
av_free_packet
av_freep
av_gcd
av_get_bytes_per_sample
av_get_channel_layout_channel_index
av_get_channel_layout_nb_channels
av_get_cpu_flags
av_get_default_channel_layout
av_guess_format
av_init_packet
av_interleaved_write_frame
av_lfg_init
av_log
av_log_get_level
av_log_set_callback
av_log_set_level
av_malloc
av_mallocz
av_mul_q
av_nearer_q
av_new_packet
av_opt_set
av_opt_set_double
av_opt_set_int
av_opt_set_q
av_packet_get_side_data
av_packet_new_side_data
av_parser_close
av_parser_init
av_parser_parse2
av_read_frame
av_realloc
av_reduce
av_register_all
av_rescale_q
av_sample_fmt_is_planar
av_samples_fill_arrays
av_samples_get_buffer_size
av_strdup
av_timecode_adjust_ntsc_framenum2
av_timecode_init_from_string
av_timecode_make_mpeg_tc_string
av_vlog
av_write_frame
av_write_trailer
avcodec_alloc_context3
avcodec_alloc_frame
avcodec_close
avcodec_decode_audio4
avcodec_decode_video2
avcodec_default_get_buffer2
avcodec_encode_audio2
avcodec_encode_video2
avcodec_fill_audio_frame
avcodec_find_decoder
avcodec_find_decoder_by_name
avcodec_find_encoder
avcodec_flush_buffers
avcodec_get_frame_defaults
avcodec_h264_search_recovery_point
avcodec_open2
avcodec_register_all
avcodec_set_dimensions
avformat_alloc_context
avformat_close_input
avformat_find_stream_info
avformat_network_init
avformat_new_stream
avformat_open_input
avformat_seek_file
avformat_write_header
avio_alloc_context
avio_close
avio_open
avpicture_deinterlace
avpriv_aac_parse_header
avpriv_ac3_channel_layout_tab
avpriv_ac3_parse_header
avpriv_align_put_bits
avpriv_dca_sample_rates
avpriv_find_start_code
avpriv_float_dsp_init
avpriv_mpeg4audio_get_config
avpriv_mpeg4audio_sample_rates
avpriv_mpegaudio_decode_header
avpriv_report_missing_feature
avpriv_request_sample
avpriv_toupper4
avresample_alloc_context
avresample_available
avresample_build_matrix
avresample_close
avresample_convert
avresample_free
avresample_get_delay
avresample_open
avresample_set_matrix
ff_MPV_common_end
ff_MPV_common_init
ff_MPV_decode_defaults
ff_MPV_decode_mb
ff_MPV_encode_end
ff_MPV_encode_init
ff_MPV_encode_picture
ff_MPV_frame_end
ff_MPV_frame_start
ff_MPV_report_decode_progress
ff_aac_codebook_vector_idx
ff_aac_codebook_vector_vals
ff_aac_coders
ff_aac_kbd_long_1024
ff_aac_kbd_short_128
ff_aac_num_swb_1024
ff_aac_num_swb_128
ff_aac_pow2sf_tab
ff_aac_pred_sfb_max
ff_aac_sbr_ctx_close
ff_aac_sbr_ctx_init
ff_aac_sbr_init
ff_aac_scalefactor_bits
ff_aac_scalefactor_code
ff_aac_spectral_bits
ff_aac_spectral_codes
ff_aac_spectral_sizes
ff_aac_tableinit
ff_ac3_adjust_frame_size
ff_ac3_apply_rematrixing
ff_ac3_bap_tab
ff_ac3_bit_alloc_calc_mask
ff_ac3_bit_alloc_calc_psd
ff_ac3_channel_layouts
ff_ac3_common_init
ff_ac3_compute_bit_allocation
ff_ac3_compute_coupling_strategy
ff_ac3_db_per_bit_tab
ff_ac3_dec_channel_map
ff_ac3_encode_close
ff_ac3_encode_init
ff_ac3_fast_decay_tab
ff_ac3_fast_gain_tab
ff_ac3_float_encode_frame
ff_ac3_floor_tab
ff_ac3_group_exponents
ff_ac3_output_frame
ff_ac3_process_exponents
ff_ac3_quantize_mantissas
ff_ac3_rematrix_band_tab
ff_ac3_slow_decay_tab
ff_ac3_slow_gain_tab
ff_ac3_ungroup_3_in_5_bits_tab
ff_ac3_validate_metadata
ff_ac3_window
ff_ac3dsp_init
ff_af_queue_add
ff_af_queue_close
ff_af_queue_init
ff_af_queue_remove
ff_alloc_packet2
ff_alternate_vertical_scan
ff_combine_frame
ff_dc_chroma_vlc
ff_dc_lum_vlc
ff_dca_convert_bitstream
ff_dcadsp_init
ff_decode_sbr_extension
ff_dsputil_init
ff_eac3_apply_spectral_extension
ff_eac3_decode_transform_coeffs_aht_ch
ff_eac3_default_cpl_band_struct
ff_eac3_default_spx_band_struct
ff_eac3_frm_expstr
ff_eac3_hebap_tab
ff_eac3_parse_header
ff_eac3_set_cpl_states
ff_er_add_slice
ff_er_frame_end
ff_fft_end
ff_fft_init
ff_fmt_convert_init
ff_get_buffer
ff_init_block_index
ff_init_ff_sine_windows
ff_init_rl
ff_init_scantable
ff_init_vlc_sparse
ff_inverse
ff_kbd_window_init
ff_mb_btype_vlc
ff_mb_pat_vlc
ff_mb_ptype_vlc
ff_mbincr_vlc
ff_mdct_end
ff_mdct_end_fixed
ff_mdct_init
ff_mdct_init_fixed
ff_mdct_win_fixed
ff_mdct_win_float
ff_mlp_calculate_parity
ff_mlp_checksum8
ff_mlp_huffman_tables
ff_mlp_init_crc
ff_mlp_read_major_sync
ff_mlp_restart_checksum
ff_mlpdsp_init
ff_mpa_alloc_tables
ff_mpa_l2_select_table
ff_mpa_quant_bits
ff_mpa_quant_steps
ff_mpa_sblimit_table
ff_mpa_synth_filter_fixed
ff_mpa_synth_filter_float
ff_mpa_synth_init_fixed
ff_mpa_synth_init_float
ff_mpa_synth_window_fixed
ff_mpa_synth_window_float
ff_mpadsp_init
ff_mpeg12_common_init
ff_mpeg12_frame_rate_tab
ff_mpeg12_init_vlcs
ff_mpeg12_mbAddrIncrTable
ff_mpeg12_mbMotionVectorTable
ff_mpeg12_mbPatTable
ff_mpeg12_static_rl_table_store
ff_mpeg12_vlc_dc_chroma_bits
ff_mpeg12_vlc_dc_chroma_code
ff_mpeg12_vlc_dc_lum_bits
ff_mpeg12_vlc_dc_lum_code
ff_mpeg1_aspect
ff_mpeg1_clean_buffers
ff_mpeg1_default_intra_matrix
ff_mpeg1_default_non_intra_matrix
ff_mpeg1_find_frame_end
ff_mpeg2_aspect
ff_mpeg2_frame_rate_tab
ff_mpeg4audio_channels
ff_mpeg_draw_horiz_band
ff_mpeg_er_frame_start
ff_mpeg_flush
ff_mpeg_update_thread_context
ff_mpv_export_qp_table
ff_mv_vlc
ff_print_debug_info
ff_psy_end
ff_psy_init
ff_psy_preprocess
ff_psy_preprocess_end
ff_psy_preprocess_init
ff_reverse
ff_rl_mpeg1
ff_rl_mpeg2
ff_sbr_apply
ff_sine_1024
ff_sine_128
ff_sqrt_tab
ff_swb_offset_1024
ff_swb_offset_128
ff_synth_filter_init
ff_thread_finish_setup
ff_tns_max_bands_1024
ff_tns_max_bands_128
ff_update_duplicate_context
ff_write_quant_matrix
ff_xvmc_field_end
ff_xvmc_init_block
ff_xvmc_pack_pblocks
ff_zigzag_direct
ffurl_register_protocol
swr_alloc
swr_alloc_set_opts
swr_convert
swr_free
swr_init

Sections

.text
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 6.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
conkeeper.dll
.dll windows:5 windows x86 arch:x86

9628f0e58909bbf12b0fa3d5eb9c1ecf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\project_svn\WebHard\trunk\ConKeeper\고도화_new\ConKeeper\Release\conkeeper.pdb

Imports

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

urlmon

URLDownloadToFileA

kernel32

FindFirstFileExA
CompareStringW
CreateFileW
ReadFile
GetProcessHeap
SetEndOfFile
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameA
Sleep
GetLastError
GetPrivateProfileStringA
OpenMutexA
GetModuleHandleA
CloseHandle
DeleteFileA
FlushFileBuffers
SetStdHandle
WriteConsoleW
CreateFileA
LoadLibraryW
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointer
GetStartupInfoW
GetFileType
SetHandleCount
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetFileAttributesA
FileTimeToSystemTime
FileTimeToLocalFileTime
SetEnvironmentVariableA
GetCurrentThreadId
GetCommandLineA
GetCPInfo
RaiseException
RtlUnwind
LCMapStringW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetProcAddress
IsProcessorFeaturePresent
HeapCreate
HeapDestroy
HeapSize
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
GetLocaleInfoW
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode

user32

SendMessageTimeoutA
wsprintfA
FindWindowA

shell32

ShellExecuteA

wininet

InternetConnectA
InternetCrackUrlA
InternetReadFile
InternetSetOptionA
HttpOpenRequestA
HttpAddRequestHeadersA
InternetCloseHandle
HttpSendRequestA
InternetOpenA

Exports

Exports

initConKeeper

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
detect.exe
.exe windows:5 windows x86 arch:x86

bce2c5434e6542d41b4299029024fd74

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:6f:12:d1:04:74:ed:4d:1c:13:a2:6f:4e:40:1b:ce
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

21/01/2016, 00:00

Not After

07/05/2016, 23:59

Subject

CN=iMBC Co.\, Ltd.,O=iMBC Co.\, Ltd.,L=Mapo-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f4:90:22:30:de:4a:c0:8c:18:98:55:92:be:63:82:d9:f0:5a:91:3d:12:94:94:37:b8:17:7c:14:69:16:b4:9e
Signer

Actual PE Digest

f4:90:22:30:de:4a:c0:8c:18:98:55:92:be:63:82:d9:f0:5a:91:3d:12:94:94:37:b8:17:7c:14:69:16:b4:9e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\project_svn\WebHard\trunk\ConKeeper\고도화_new\ConKeeper\Release\Detect.pdb

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleHandleA
CloseHandle
GetTempPathA
OpenFileMappingA
Sleep
GetCurrentProcess
QueryDosDeviceA
Process32First
VirtualFree
OpenProcess
lstrlenW
GetLogicalDriveStringsA
VirtualAlloc
Process32Next
CreateFileMappingA
CreateToolhelp32Snapshot
DuplicateHandle
GetCurrentProcessId
GetTickCount
UnmapViewOfFile
OpenMutexA
CreateMutexA
DeleteFileA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetVersionExA
MapViewOfFile
GetFileSize
CreateFileA
GetModuleFileNameA
LockResource
MultiByteToWideChar
SizeofResource
WideCharToMultiByte
LoadResource
FindResourceW
FindResourceExW
lstrlenA
CreateDirectoryA
GetFileAttributesA
FlushConsoleInputBuffer
GlobalMemoryStatus
GetStdHandle
GetFileType
GetVersion
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapSetInformation
InitializeCriticalSectionAndSpinCount
RaiseException
GetProcessHeap
GetLastError
QueryPerformanceCounter
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DecodePointer
EncodePointer
InterlockedExchange
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
SetLastError
IsDebuggerPresent
GetCurrentThreadId
GetSystemTimeAsFileTime

user32

DefWindowProcA
CreateWindowExA
TranslateMessage
RegisterClassA
GetWindowThreadProcessId
GetDesktopWindow
GetProcessWindowStation
PostQuitMessage
FindWindowA
GetUserObjectInformationW
PeekMessageA
DispatchMessageA
MessageBoxA

shell32

ShellExecuteA
SHGetSpecialFolderPathA

oleaut32

VariantTimeToSystemTime
SysAllocStringLen
SystemTimeToVariantTime
VarUdateFromDate

shlwapi

PathFileExistsA

iphlpapi

GetAdaptersInfo

psapi

GetMappedFileNameW

ws2_32

select
WSAGetLastError
htons
connect
WSASetLastError
socket
ioctlsocket
setsockopt
recv
gethostbyname
WSACleanup
WSAStartup
inet_ntoa
gethostname
send
closesocket
shutdown

msvcr100

realloc
strchr
??3@YAXPAX@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
memmove
_access
_chdir
??2@YAPAXI@Z
memmove_s
memchr
strnlen
memcpy_s
sprintf
_fsopen
free
malloc
strstr
fwrite
fclose
_mbsstr
vsprintf_s
??_V@YAXPAX@Z
_vscprintf
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
_localtime64_s
qsort
_vsnprintf
_time64
_mbslwr_s
sprintf_s
localeconv
_wassert
strncpy
printf
strcpy_s
strcspn
_localtime64
_splitpath
_mbscmp
fputc
_unlock_file
ungetc
fgetpos
_fseeki64
fflush
fgetc
fsetpos
setvbuf
_lock_file
_CIpow
_atoi64
atoi
tolower
_mbsrchr
asctime
atof
towlower
??8type_info@@QBE_NABV0@@Z
_purecall
iswspace
iswdigit
_ismbcspace
fread
_mbsinc
fseek
strncmp
_errno
_CxxThrowException
memcpy
__CxxFrameHandler3
strerror
setlocale
__uncaught_exception
__crtLCMapStringA
__pctype_func
isupper
___lc_codepage_func
___lc_handle_func
_calloc_crt
islower
memset
__iob_func
_free_locale
abort
_unlock
__dllonexit
_lock
_onexit
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
exit
__initenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
_time32
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
wcsstr
vfprintf
_iob
strcmp
_pctype
__mb_cur_max
_isctype
_ftol
getenv
_setmode
ftell
fgets
fprintf
sscanf
strtoul
fputs
signal
_fileno
_stat32
_getch
_gmtime32
fopen
strftime

advapi32

RegisterEventSourceA
DeregisterEventSource
ReportEventA

Sections

.text
Size: 653KB - Virtual size: 652KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
detect_service.exe
.exe windows:5 windows x86 arch:x86

06df045f03c96a82f2cd1cb580261f3c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:6f:12:d1:04:74:ed:4d:1c:13:a2:6f:4e:40:1b:ce
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

21/01/2016, 00:00

Not After

07/05/2016, 23:59

Subject

CN=iMBC Co.\, Ltd.,O=iMBC Co.\, Ltd.,L=Mapo-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4e:cb:28:7b:10:57:d0:df:92:d9:6d:fc:6b:40:66:67:b5:89:fc:3d:43:6a:dc:82:ab:c3:f1:af:92:b2:df:7f
Signer

Actual PE Digest

4e:cb:28:7b:10:57:d0:df:92:d9:6d:fc:6b:40:66:67:b5:89:fc:3d:43:6a:dc:82:ab:c3:f1:af:92:b2:df:7f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\project_svn\WebHard\trunk\ConKeeper\고도화_new\ConKeeper\Release\detect_service.pdb

Imports

kernel32

MapViewOfFile
UnmapViewOfFile
Process32First
OpenProcess
Sleep
GetExitCodeProcess
TerminateProcess
GetLastError
OpenMutexA
Process32Next
CreateFileMappingA
GetModuleFileNameA
CreateMutexA
CreateToolhelp32Snapshot
CloseHandle
OpenFileMappingA
CreateFileW
WriteConsoleW
SetStdHandle
IsProcessorFeaturePresent
HeapSize
GetStringTypeW
HeapAlloc
ExitThread
ResumeThread
CreateThread
GetCommandLineA
HeapSetInformation
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
WriteFile
GetStdHandle
GetModuleFileNameW
HeapCreate
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RaiseException
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
RtlUnwind
HeapReAlloc
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers

shell32

ShellExecuteExA

wininet

HttpAddRequestHeadersA
InternetOpenA
InternetSetOptionA
InternetConnectA
InternetCloseHandle
HttpOpenRequestA
HttpSendRequestA

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
filecast_splash.exe
.exe windows:5 windows x86 arch:x86

d7ed41cfb97e4a1d33feb4400182a200

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

24:01:0b:67:e8:d5:8c:8d:09:02:01:82:4a:d9:30:cf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/06/2015, 00:00

Not After

02/06/2016, 23:59

Subject

CN=TidyWeb Co.\,Ltd.,O=TidyWeb Co.\,Ltd.,L=Seongnam-si,ST=Bundang-gu,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:8e:09:17:34:eb:e3:98:b9:fb:52:f6:3f:ec:cf:6d:5f:c3:6c:ec
Signer

Actual PE Digest

67:8e:09:17:34:eb:e3:98:b9:fb:52:f6:3f:ec:cf:6d:5f:c3:6c:ec

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\work\FileCast\__Etc\Splash\Release\SplashTest.pdb

Imports

wininet

HttpSendRequestA
InternetConnectA
InternetCloseHandle
HttpOpenRequestA
InternetOpenA

kernel32

SizeofResource
GetLastError
LoadResource
FindResourceA
LoadLibraryExA
GetModuleFileNameA
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
LockResource
FindResourceW
FindResourceExW
GetCommandLineA
lstrcmpA
lstrcpyA
GetCurrentProcess
FlushInstructionCache
SetLastError
GetCurrentThreadId
CloseHandle
ReadFile
WriteFile
EnterCriticalSection
SetFilePointerEx
GetConsoleCP
FlushFileBuffers
SetStdHandle
ReadConsoleW
GetConsoleMode
GetStringTypeW
LoadLibraryW
OutputDebugStringW
LoadLibraryExW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
RaiseException
LeaveCriticalSection
WideCharToMultiByte
IsDBCSLeadByte
MultiByteToWideChar
GetModuleHandleA
lstrcmpiA
GetProcAddress
FreeLibrary
LCMapStringW
CreateFileW
WriteConsoleW
SetEndOfFile
GetFileAttributesExW
IsValidCodePage
GetModuleHandleW
DeleteFileW
GetFileType
RtlUnwind
Sleep
GetStartupInfoW
TlsFree
TlsSetValue
GetCPInfo
GetOEMCP
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InterlockedCompareExchange
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
IsDebuggerPresent
GetSystemInfo
VirtualProtect
VirtualQuery
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
AreFileApisANSI
GetStdHandle
GetModuleFileNameW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
GetACP

user32

UnregisterClassA
CharNextA
GetActiveWindow
DialogBoxParamA
SetWindowLongA
EndDialog
SetTimer
UpdateLayeredWindow
GetWindow
GetWindowLongA
MonitorFromWindow
GetMonitorInfoA
GetWindowRect
GetParent
GetClientRect
MapWindowPoints
SetWindowPos
MoveWindow
PostMessageA
MessageBoxA
SendMessageA
LoadIconA

gdi32

SelectObject
CreateCompatibleDC
CreateDIBSection
DeleteObject
DeleteDC

advapi32

RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyA
RegDeleteValueA

shell32

SHGetSpecialFolderPathA
ShellExecuteA

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance

oleaut32

VarUI4FromStr

shlwapi

PathGetArgsA

Sections

.text
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msvcr100.dll
.dll windows:5 windows x86 arch:x86

5271d5ce8b44dd47bc92563e27585466

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

05:c5:93:9c:0d:cd:fc:08:2e:51:ee:8e:e1:e0:0f:4b:d3:83:4c:d6
Signer

Actual PE Digest

05:c5:93:9c:0d:cd:fc:08:2e:51:ee:8e:e1:e0:0f:4b:d3:83:4c:d6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msvcr100.i386.pdb

Imports

kernel32

EncodePointer
DecodePointer
RaiseException
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetCurrentThreadId
TlsGetValue
GetCommandLineW
GetCommandLineA
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ExitThread
CloseHandle
GetLastError
ResumeThread
CreateThread
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThread
FindNextFileA
FindFirstFileExA
FindClose
FindNextFileW
FindFirstFileExW
GetLogicalDrives
GetDiskFreeSpaceA
FileTimeToSystemTime
FileTimeToLocalFileTime
SetErrorMode
Sleep
Beep
GetFileAttributesA
SetFileAttributesA
SetEnvironmentVariableA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFullPathNameA
GetDriveTypeW
GetCurrentProcessId
CreateDirectoryA
MoveFileA
RemoveDirectoryA
GetDriveTypeA
DeleteFileA
GetFileAttributesW
SetEnvironmentVariableW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
MoveFileW
RemoveDirectoryW
DeleteFileW
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
LoadLibraryA
FreeLibrary
CreateProcessW
ReadFile
DuplicateHandle
GetCurrentProcess
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetLocalTime
WideCharToMultiByte
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetLocalTime
InterlockedPopEntrySList
InterlockedFlushSList
QueryDepthSList
InterlockedPushEntrySList
CreateTimerQueue
CreateTimerQueueTimer
DeleteTimerQueueTimer
SetEvent
CreateEventW
SwitchToThread
SignalObjectAndWait
TryEnterCriticalSection
GetTickCount
VirtualFree
GetVersionExW
SetThreadPriority
VirtualAlloc
GetSystemInfo
GetProcessAffinityMask
VirtualProtect
SetThreadAffinityMask
InitializeSListHead
ReleaseSemaphore
CreateSemaphoreW
WaitForMultipleObjects
GetThreadPriority
LoadLibraryW
SleepEx
OutputDebugStringW
FreeLibraryAndExitThread
GetModuleHandleA
GetThreadTimes
DebugBreak
MultiByteToWideChar
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
GetTimeFormatW
GetDateFormatW
RtlUnwind
HeapAlloc
HeapFree
HeapCreate
HeapDestroy
HeapQueryInformation
HeapReAlloc
HeapSize
HeapValidate
HeapCompact
HeapWalk
VirtualQuery
SetHandleCount
GetFileType
GetStartupInfoW
GetFileInformationByHandle
PeekNamedPipe
CreateFileA
CreateFileW
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CreatePipe
SetStdHandle
ReadConsoleInputA
SetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
ReadConsoleInputW
WriteConsoleW
ReadConsoleW
SetEndOfFile
GetProcessHeap
InterlockedExchange
LockFile
UnlockFile
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
SetConsoleCtrlHandler
GetLocaleInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
LCMapStringW
CompareStringW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsProcessorFeaturePresent

Exports

Exports

$I10_OUTPUT
??0?$_SpinWait@$00@details@Concurrency@@QAE@P6AXXZ@Z
??0?$_SpinWait@$0A@@details@Concurrency@@QAE@P6AXXZ@Z
??0SchedulerPolicy@Concurrency@@QAA@IZZ
??0SchedulerPolicy@Concurrency@@QAE@ABV01@@Z
??0SchedulerPolicy@Concurrency@@QAE@XZ
??0_NonReentrantBlockingLock@details@Concurrency@@QAE@XZ
??0_NonReentrantPPLLock@details@Concurrency@@QAE@XZ
??0_ReaderWriterLock@details@Concurrency@@QAE@XZ
??0_ReentrantBlockingLock@details@Concurrency@@QAE@XZ
??0_ReentrantLock@details@Concurrency@@QAE@XZ
??0_ReentrantPPLLock@details@Concurrency@@QAE@XZ
??0_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QAE@AAV123@@Z
??0_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QAE@AAV123@@Z
??0_SpinLock@details@Concurrency@@QAE@ACJ@Z
??0_TaskCollection@details@Concurrency@@QAE@XZ
??0_Timer@details@Concurrency@@IAE@I_N@Z
??0__non_rtti_object@std@@QAE@ABV01@@Z
??0__non_rtti_object@std@@QAE@PBD@Z
??0bad_cast@std@@AAE@PBQBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
??0bad_target@Concurrency@@QAE@PBD@Z
??0bad_target@Concurrency@@QAE@XZ
??0bad_typeid@std@@QAE@ABV01@@Z
??0bad_typeid@std@@QAE@PBD@Z
??0context_self_unblock@Concurrency@@QAE@PBD@Z
??0context_self_unblock@Concurrency@@QAE@XZ
??0context_unblock_unbalanced@Concurrency@@QAE@PBD@Z
??0context_unblock_unbalanced@Concurrency@@QAE@XZ
??0critical_section@Concurrency@@QAE@XZ
??0default_scheduler_exists@Concurrency@@QAE@PBD@Z
??0default_scheduler_exists@Concurrency@@QAE@XZ
??0event@Concurrency@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABQBDH@Z
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
??0improper_lock@Concurrency@@QAE@PBD@Z
??0improper_lock@Concurrency@@QAE@XZ
??0improper_scheduler_attach@Concurrency@@QAE@PBD@Z
??0improper_scheduler_attach@Concurrency@@QAE@XZ
??0improper_scheduler_detach@Concurrency@@QAE@PBD@Z
??0improper_scheduler_detach@Concurrency@@QAE@XZ
??0improper_scheduler_reference@Concurrency@@QAE@PBD@Z
??0improper_scheduler_reference@Concurrency@@QAE@XZ
??0invalid_link_target@Concurrency@@QAE@PBD@Z
??0invalid_link_target@Concurrency@@QAE@XZ
??0invalid_multiple_scheduling@Concurrency@@QAE@PBD@Z
??0invalid_multiple_scheduling@Concurrency@@QAE@XZ
??0invalid_operation@Concurrency@@QAE@PBD@Z
??0invalid_operation@Concurrency@@QAE@XZ
??0invalid_oversubscribe_operation@Concurrency@@QAE@PBD@Z
??0invalid_oversubscribe_operation@Concurrency@@QAE@XZ
??0invalid_scheduler_policy_key@Concurrency@@QAE@PBD@Z
??0invalid_scheduler_policy_key@Concurrency@@QAE@XZ
??0invalid_scheduler_policy_thread_specification@Concurrency@@QAE@PBD@Z
??0invalid_scheduler_policy_thread_specification@Concurrency@@QAE@XZ
??0invalid_scheduler_policy_value@Concurrency@@QAE@PBD@Z
??0invalid_scheduler_policy_value@Concurrency@@QAE@XZ
??0message_not_found@Concurrency@@QAE@PBD@Z
??0message_not_found@Concurrency@@QAE@XZ
??0missing_wait@Concurrency@@QAE@PBD@Z
??0missing_wait@Concurrency@@QAE@XZ
??0nested_scheduler_missing_detach@Concurrency@@QAE@PBD@Z
??0nested_scheduler_missing_detach@Concurrency@@QAE@XZ
??0operation_timed_out@Concurrency@@QAE@PBD@Z
??0operation_timed_out@Concurrency@@QAE@XZ
??0reader_writer_lock@Concurrency@@QAE@XZ
??0scheduler_not_attached@Concurrency@@QAE@PBD@Z
??0scheduler_not_attached@Concurrency@@QAE@XZ
??0scheduler_resource_allocation_error@Concurrency@@QAE@J@Z
??0scheduler_resource_allocation_error@Concurrency@@QAE@PBDJ@Z
??0scoped_lock@critical_section@Concurrency@@QAE@AAV12@@Z
??0scoped_lock@reader_writer_lock@Concurrency@@QAE@AAV12@@Z
??0scoped_lock_read@reader_writer_lock@Concurrency@@QAE@AAV12@@Z
??0task_canceled@details@Concurrency@@QAE@PBD@Z
??0task_canceled@details@Concurrency@@QAE@XZ
??0unsupported_os@Concurrency@@QAE@PBD@Z
??0unsupported_os@Concurrency@@QAE@XZ
??1SchedulerPolicy@Concurrency@@QAE@XZ
??1_NonReentrantBlockingLock@details@Concurrency@@QAE@XZ
??1_ReentrantBlockingLock@details@Concurrency@@QAE@XZ
??1_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QAE@XZ
??1_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QAE@XZ
??1_SpinLock@details@Concurrency@@QAE@XZ
??1_TaskCollection@details@Concurrency@@QAE@XZ
??1_Timer@details@Concurrency@@IAE@XZ
??1__non_rtti_object@std@@UAE@XZ
??1bad_cast@std@@UAE@XZ
??1bad_typeid@std@@UAE@XZ
??1critical_section@Concurrency@@QAE@XZ
??1event@Concurrency@@QAE@XZ
??1exception@std@@UAE@XZ
??1reader_writer_lock@Concurrency@@QAE@XZ
??1scoped_lock@critical_section@Concurrency@@QAE@XZ
??1scoped_lock@reader_writer_lock@Concurrency@@QAE@XZ
??1scoped_lock_read@reader_writer_lock@Concurrency@@QAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??2@YAPAXIHPBDH@Z
??3@YAXPAX@Z
??4?$_SpinWait@$00@details@Concurrency@@QAEAAV012@ABV012@@Z
??4?$_SpinWait@$0A@@details@Concurrency@@QAEAAV012@ABV012@@Z
??4SchedulerPolicy@Concurrency@@QAEAAV01@ABV01@@Z
??4__non_rtti_object@std@@QAEAAV01@ABV01@@Z
??4bad_cast@std@@QAEAAV01@ABV01@@Z
??4bad_typeid@std@@QAEAAV01@ABV01@@Z
??4exception@std@@QAEAAV01@ABV01@@Z
??8type_info@@QBE_NABV0@@Z
??9type_info@@QBE_NABV0@@Z
??_7__non_rtti_object@std@@6B@
??_7bad_cast@std@@6B@
??_7bad_typeid@std@@6B@
??_7exception@@6B@
??_7exception@std@@6B@
??_F?$_SpinWait@$00@details@Concurrency@@QAEXXZ
??_F?$_SpinWait@$0A@@details@Concurrency@@QAEXXZ
??_Fbad_cast@std@@QAEXXZ
??_Fbad_typeid@std@@QAEXXZ
??_U@YAPAXI@Z
??_U@YAPAXIHPBDH@Z
??_V@YAXPAX@Z
?Alloc@Concurrency@@YAPAXI@Z
?Block@Context@Concurrency@@SAXXZ
?Create@CurrentScheduler@Concurrency@@SAXABVSchedulerPolicy@2@@Z
?Create@Scheduler@Concurrency@@SAPAV12@ABVSchedulerPolicy@2@@Z
?CreateResourceManager@Concurrency@@YAPAUIResourceManager@1@XZ
?CreateScheduleGroup@CurrentScheduler@Concurrency@@SAPAVScheduleGroup@2@XZ
?CurrentContext@Context@Concurrency@@SAPAV12@XZ
?Detach@CurrentScheduler@Concurrency@@SAXXZ
?DisableTracing@Concurrency@@YAJXZ
?EnableTracing@Concurrency@@YAJXZ
?Free@Concurrency@@YAXPAX@Z
?Get@CurrentScheduler@Concurrency@@SAPAVScheduler@2@XZ
?GetExecutionContextId@Concurrency@@YAIXZ
?GetNumberOfVirtualProcessors@CurrentScheduler@Concurrency@@SAIXZ
?GetOSVersion@Concurrency@@YA?AW4OSVersion@IResourceManager@1@XZ
?GetPolicy@CurrentScheduler@Concurrency@@SA?AVSchedulerPolicy@2@XZ
?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z
?GetProcessorCount@Concurrency@@YAIXZ
?GetProcessorNodeCount@Concurrency@@YAIXZ
?GetSchedulerId@Concurrency@@YAIXZ
?GetSharedTimerQueue@details@Concurrency@@YAPAXXZ
?Id@Context@Concurrency@@SAIXZ
?Id@CurrentScheduler@Concurrency@@SAIXZ
?IsCurrentTaskCollectionCanceling@Context@Concurrency@@SA_NXZ
?Log2@details@Concurrency@@YAKI@Z
?Oversubscribe@Context@Concurrency@@SAX_N@Z
?RegisterShutdownEvent@CurrentScheduler@Concurrency@@SAXPAX@Z
?ResetDefaultSchedulerPolicy@Scheduler@Concurrency@@SAXXZ
?ScheduleGroupId@Context@Concurrency@@SAIXZ
?ScheduleTask@CurrentScheduler@Concurrency@@SAXP6AXPAX@Z0@Z
?SetConcurrencyLimits@SchedulerPolicy@Concurrency@@QAEXII@Z
?SetDefaultSchedulerPolicy@Scheduler@Concurrency@@SAXABVSchedulerPolicy@2@@Z
?SetPolicyValue@SchedulerPolicy@Concurrency@@QAEIW4PolicyElementKey@2@I@Z
?VirtualProcessorId@Context@Concurrency@@SAIXZ
?Yield@Context@Concurrency@@SAXXZ
?_Abort@_StructuredTaskCollection@details@Concurrency@@AAEXXZ
?_Acquire@_NonReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Acquire@_NonReentrantPPLLock@details@Concurrency@@QAEXPAX@Z
?_Acquire@_ReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Acquire@_ReentrantLock@details@Concurrency@@QAEXXZ
?_Acquire@_ReentrantPPLLock@details@Concurrency@@QAEXPAX@Z
?_AcquireRead@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_AcquireWrite@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_Cancel@_StructuredTaskCollection@details@Concurrency@@QAEXXZ
?_Cancel@_TaskCollection@details@Concurrency@@QAEXXZ
?_CheckTaskCollection@_UnrealizedChore@details@Concurrency@@IAEXXZ
?_ConcRT_Assert@details@Concurrency@@YAXPBD0H@Z
?_ConcRT_CoreAssert@details@Concurrency@@YAXPBD0H@Z
?_ConcRT_DumpMessage@details@Concurrency@@YAXPB_WZZ
?_ConcRT_Trace@details@Concurrency@@YAXHPB_WZZ
?_Copy_str@exception@std@@AAEXPBD@Z
?_DoYield@?$_SpinWait@$00@details@Concurrency@@IAEXXZ
?_DoYield@?$_SpinWait@$0A@@details@Concurrency@@IAEXXZ
?_IsCanceling@_StructuredTaskCollection@details@Concurrency@@QAE_NXZ
?_IsCanceling@_TaskCollection@details@Concurrency@@QAE_NXZ
?_Name_base@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z
?_Name_base_internal@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z
?_NumberOfSpins@?$_SpinWait@$00@details@Concurrency@@IAEKXZ
?_NumberOfSpins@?$_SpinWait@$0A@@details@Concurrency@@IAEKXZ
?_Release@_NonReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Release@_NonReentrantPPLLock@details@Concurrency@@QAEXXZ
?_Release@_ReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Release@_ReentrantLock@details@Concurrency@@QAEXXZ
?_Release@_ReentrantPPLLock@details@Concurrency@@QAEXXZ
?_ReleaseRead@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_ReleaseWrite@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_Reset@?$_SpinWait@$00@details@Concurrency@@IAEXXZ
?_Reset@?$_SpinWait@$0A@@details@Concurrency@@IAEXXZ
?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z
?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z
?_Schedule@_StructuredTaskCollection@details@Concurrency@@QAEXPAV_UnrealizedChore@23@@Z
?_Schedule@_TaskCollection@details@Concurrency@@QAEXPAV_UnrealizedChore@23@@Z
?_SetSpinCount@?$_SpinWait@$00@details@Concurrency@@QAEXI@Z
?_SetSpinCount@?$_SpinWait@$0A@@details@Concurrency@@QAEXI@Z
?_ShouldSpinAgain@?$_SpinWait@$00@details@Concurrency@@IAE_NXZ
?_ShouldSpinAgain@?$_SpinWait@$0A@@details@Concurrency@@IAE_NXZ
?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QAE_NXZ
?_SpinOnce@?$_SpinWait@$0A@@details@Concurrency@@QAE_NXZ
?_SpinYield@Context@Concurrency@@SAXXZ
?_Start@_Timer@details@Concurrency@@IAEXXZ
?_Stop@_Timer@details@Concurrency@@IAEXXZ
?_Tidy@exception@std@@AAEXXZ
?_Trace_ppl_function@Concurrency@@YAXABU_GUID@@EW4ConcRT_EventType@1@@Z
?_TryAcquire@_NonReentrantBlockingLock@details@Concurrency@@QAE_NXZ
?_TryAcquire@_ReentrantBlockingLock@details@Concurrency@@QAE_NXZ
?_TryAcquire@_ReentrantLock@details@Concurrency@@QAE_NXZ
?_TryAcquireWrite@_ReaderWriterLock@details@Concurrency@@QAE_NXZ
?_Type_info_dtor@type_info@@CAXPAV1@@Z
?_Type_info_dtor_internal@type_info@@CAXPAV1@@Z
?_UnderlyingYield@details@Concurrency@@YAXXZ
?_ValidateExecute@@YAHP6GHXZ@Z
?_ValidateRead@@YAHPBXI@Z
?_ValidateWrite@@YAHPAXI@Z
?_Value@_SpinCount@details@Concurrency@@SAIXZ
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?__ExceptionPtrCompare@@YA_NPBX0@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrCopyException@@YAXPAXPBX1@Z
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
?_inconsistency@@YAXXZ
?_invalid_parameter@@YAXPBG00II@Z
?_is_exception_typeof@@YAHABVtype_info@@PAU_EXCEPTION_POINTERS@@@Z
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
?_open@@YAHPBDHH@Z
?_query_new_handler@@YAP6AHI@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AHI@ZH@Z
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?_sopen@@YAHPBDHHH@Z
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?_wopen@@YAHPB_WHH@Z
?_wsopen@@YAHPB_WHHH@Z
?before@type_info@@QBEHABV1@@Z
?get_error_code@scheduler_resource_allocation_error@Concurrency@@QBEJXZ
?lock@critical_section@Concurrency@@QAEXXZ
?lock@reader_writer_lock@Concurrency@@QAEXXZ
?lock_read@reader_writer_lock@Concurrency@@QAEXXZ
?name@type_info@@QBEPBDPAU__type_info_node@@@Z
?native_handle@critical_section@Concurrency@@QAEAAV12@XZ
?raw_name@type_info@@QBEPBDXZ
?reset@event@Concurrency@@QAEXXZ
?set@event@Concurrency@@QAEXXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZH@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZH@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?swprintf@@YAHPAGIPBGZZ
?swprintf@@YAHPA_WIPB_WZZ
?terminate@@YAXXZ
?try_lock@critical_section@Concurrency@@QAE_NXZ
?try_lock@reader_writer_lock@Concurrency@@QAE_NXZ
?try_lock_read@reader_writer_lock@Concurrency@@QAE_NXZ
?unexpected@@YAXXZ
?unlock@critical_section@Concurrency@@QAEXXZ
?unlock@reader_writer_lock@Concurrency@@QAEXXZ
?vswprintf@@YAHPA_WIPB_WPAD@Z
?wait@Concurrency@@YAXI@Z
?wait@event@Concurrency@@QAEII@Z
?wait_for_multiple@event@Concurrency@@SAIPAPAV12@I_NI@Z
?what@exception@std@@UBEPBDXZ
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CRT_RTC_INIT
_CRT_RTC_INITW
_CreateFrameInfo
_CxxThrowException
_EH_prolog
_FindAndUnlinkFrame
_Getdays
_Getmonths
_Gettnames
_HUGE
_IsExceptionObjectToBeDestroyed
_NLG_Dispatch2
_NLG_Return
_NLG_Return2
_Strftime
_XcptFilter
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__CppXcptFilter
__CxxCallUnwindDelDtor
__CxxCallUnwindDtor
__CxxCallUnwindStdDelDtor
__CxxCallUnwindVecDtor
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
__STRINGTOLD_L
__TypeMatch
___fls_getvalue@4
___fls_setvalue@8
___lc_codepage_func
___lc_collate_cp_func
___lc_handle_func
___mb_cur_max_func
___mb_cur_max_l_func
___setlc_active_func
___unguarded_readlc_active_add_func
__argc
__argv
__badioinfo
__clean_type_info_names_internal
__control87_2
__create_locale
__crtCompareStringA
__crtCompareStringW
__crtLCMapStringA
__crtLCMapStringW
__daylight
__dllonexit
__doserrno
__dstbias
__fpecode
__free_locale
__get_current_locale
__get_flsindex
__get_tlsindex
__getmainargs
__initenv
__iob_func
__isascii
__iscsym
__iscsymf
__iswcsym
__iswcsymf
__lconv
__lconv_init
__libm_sse2_acos
__libm_sse2_acosf
__libm_sse2_asin
__libm_sse2_asinf
__libm_sse2_atan
__libm_sse2_atan2
__libm_sse2_atanf
__libm_sse2_cos
__libm_sse2_cosf
__libm_sse2_exp
__libm_sse2_expf
__libm_sse2_log
__libm_sse2_log10
__libm_sse2_log10f
__libm_sse2_logf
__libm_sse2_pow
__libm_sse2_powf
__libm_sse2_sin
__libm_sse2_sinf
__libm_sse2_tan
__libm_sse2_tanf
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__wpgmptr
__pctype_func
__pioinfo
__pwctype_func
__pxcptinfoptrs
__report_gsfailure
__set_app_type
__set_flsgetvalue
__setlc_active
__setusermatherr
__strncnt
__swprintf_l
__sys_errlist
__sys_nerr
__threadhandle
__threadid
__timezone
__toascii
__tzname
__unDName
__unDNameEx
__unDNameHelper
__uncaught_exception
__unguarded_readlc_active
__vswprintf_l
__wargv
__wcserror
__wcserror_s
__wcsncnt
__wgetmainargs
__winitenv
_abnormal_termination
_abs64
_access
_access_s
_acmdln
_aligned_free
_aligned_malloc
_aligned_msize
_aligned_offset_malloc
_aligned_offset_realloc
_aligned_offset_recalloc
_aligned_realloc
_aligned_recalloc
_amsg_exit
_assert
_atodbl
_atodbl_l
_atof_l
_atoflt
_atoflt_l
_atoi64
_atoi64_l
_atoi_l
_atol_l
_atoldbl
_atoldbl_l
_beep
_beginthread
_beginthreadex
_byteswap_uint64
_byteswap_ulong
_byteswap_ushort
_c_exit
_cabs
_callnewh
_calloc_crt
_cexit
_cgets
_cgets_s
_cgetws
_cgetws_s
_chdir
_chdrive
_chgsign
_chkesp
_chmod
_chsize
_chsize_s
_clearfp
_close
_commit
_commode
_configthreadlocale
_control87
_controlfp
_controlfp_s
_copysign
_cprintf
_cprintf_l
_cprintf_p

Sections

.text
Size: 709KB - Virtual size: 708KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nat.dll
.dll windows:5 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3f:23:c6:f7:d7:b7:23:30:59:09:66:a2:cd:3d:40:0e
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

04/03/2016, 00:00

Not After

04/03/2017, 23:59

Subject

CN=NeoNTech,OU=IT Team,O=NeoNTech,L=Gangnam-gu,ST=SEOUL,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4f:05:00:64:73:80:c0:2f:7f:38:e0:63:44:1b:ea:32:e0:b8:20:75
Signer

Actual PE Digest

4f:05:00:64:73:80:c0:2f:7f:38:e0:63:44:1b:ea:32:e0:b8:20:75

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

_AddHttpServer
_AddServer
_AddServerW
_AppendServer
_AutoSetupServiceApp
_Delete_KGRID
_DownloadCompleteFile
_ExistFile
_GetCurrentFileSize
_GetCurrentFileSize_KGRID
_GetCurrentPeerInfo
_GetKGridHashW
_GetLivePeerCount
_GetMaxSpeed
_GetTraffic
_GetTraffic_KGRID
_Init
_Init_KGRID
_New_KGRID
_NotUseServiceApp
_ReceiveSize
_ReceiveSize_KGRID
_ResumeDownload
_SetCriticalSpeed
_SetCutSpeed
_SetDownloadSpeed
_SetDownloadSpeed2
_SetDownloadSpeed_KGRID
_SetFileServerPeerCount
_SetInitServerPeerConnectCount
_SetPort
_SetServerConnectCount
_Speed
_Speed_KGRID
_StartDownload
_StartDownload2
_StartDownload2W
_StartDownload3
_StartDownloadForLivePeer
_StartDownloadW
_StartDownloadW_KHash
_StartDownloadW_Neo
_StartDownload_Chunk
_StartDownload_KGRID
_StartDownload_NHash
_StartDownload_Neo
_Status
_Status_KGRID
_StopDownload
_StopDownload_KGRID
_SuspendDownload
_UnInit
_UnInit_KGRID
_UseDebugView

Sections

UPX0
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 647KB - Virtual size: 648KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 21KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1024B - Virtual size: 806B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
sfdcd.dll
.exe windows:4 windows x86 arch:x86

f741c204c6b516d49798cd018f5da657

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext

kernel32

CloseHandle
CreateEventA
CreateFileMappingA
CreateSemaphoreA
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
GetCommandLineA
GetConsoleScreenBufferInfo
GetCurrentProcess
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessAffinityMask
GetStdHandle
GetSystemTimeAsFileTime
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsDBCSLeadByteEx
LeaveCriticalSection
MapViewOfFile
MoveFileExA
MoveFileExW
MultiByteToWideChar
ReleaseSemaphore
ResetEvent
SetConsoleTextAttribute
SetEvent
SetLastError
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte

msvcrt

_access
_close
_fdopen
_fstat
_hypot
_isatty
_lseek
_open
_read
_setmode
_strdup
_stricoll
_write
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_beginthreadex
_cexit
_errno
_filbuf
_flsbuf
_fstat64
_fstati64
_fullpath
_get_osfhandle
_iob
_isctype
_lseeki64
_mkdir
_onexit
_pctype
_rmdir
_setmode
_sopen
_stati64
_unlink
_wmkdir
_wrmdir
_wsopen
_wunlink
abort
acos
asin
atan
atan2
atexit
atof
atoi
bsearch
calloc
ceil
clock
cos
cosh
exp
fclose
fflush
floor
fopen
fprintf
fputc
fputs
fread
free
frexp
fseek
ftell
fwrite
getenv
getwc
gmtime
isspace
iswctype
ldexp
localeconv
localtime
log
log10
malloc
mbstowcs
memchr
memcmp
memcpy
memmove
memset
mktime
pow
putwc
qsort
realloc
setlocale
setvbuf
signal
sin
sinh
sprintf
sqrt
sscanf
strcat
strchr
strcmp
strcoll
strcpy
strcspn
strerror
strftime
strlen
strncmp
strncpy
strrchr
strspn
strstr
strtod
strtol
strtoul
strxfrm
tan
tanh
time
tolower
toupper
towlower
towupper
ungetc
ungetwc
vfprintf
vsprintf
wcscoll
wcsftime
wcslen
wcstombs
wcsxfrm

ws2_32

WSACleanup
WSAGetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyaddr
gethostbyname
gethostname
getpeername
getsockname
getsockopt
htonl
htons
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Sections

.text
Size: 9.4MB - Virtual size: 9.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 783KB - Virtual size: 782KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 6.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
sffilecast.dll
.dll windows:4 windows x86 arch:x86

9e678678f2aeeaa71079450e1000f5a4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

gethostname
gethostbyname
inet_addr
WSACleanup
WSAStartup

wininet

InternetReadFile
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpQueryInfoA
InternetSetCookieA
InternetQueryOptionA
HttpSendRequestA
InternetErrorDlg
InternetQueryDataAvailable
InternetCloseHandle
InternetSetOptionA

mfc42

ord940
ord5710
ord536
ord6153
ord3790
ord540
ord924
ord2915
ord2763
ord1168
ord3663
ord939
ord5572
ord2614
ord3880
ord3425
ord3054
ord3227
ord3408
ord3758
ord3810
ord823
ord6197
ord6283
ord6282
ord1567
ord268
ord1979
ord6385
ord665
ord5186
ord354
ord801
ord541
ord941
ord5651
ord3127
ord3616
ord6883
ord350
ord6143
ord923
ord2514
ord4204
ord5265
ord4998
ord6052
ord1775
ord5280
ord4425
ord3597
ord2575
ord4396
ord3574
ord6055
ord4078
ord1776
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord3402
ord4627
ord3698
ord765
ord567
ord324
ord609
ord2302
ord4234
ord4376
ord2379
ord4710
ord5953
ord3092
ord4853
ord3097
ord926
ord2820
ord3811
ord5981
ord6215
ord2086
ord539
ord861
ord668
ord1980
ord551
ord3310
ord3178
ord4058
ord3181
ord2781
ord922
ord356
ord2814
ord5442
ord3318
ord3337
ord4278
ord5683
ord4129
ord858
ord535
ord800
ord6467
ord537
ord860
ord2818
ord815
ord825
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord3953
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord269
ord826
ord600
ord1578
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1575
ord1176
ord1116
ord641
ord2770

msvcrt

qsort
_CIpow
_stati64
fwrite
fflush
isdigit
_atoi64
_purecall
ftell
fseek
fopen
fread
fclose
_mbsstr
memmove
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
malloc
free
atoi
_mbctype
_access
_ftol
sprintf
_mbsicmp
_mbscmp
__CxxFrameHandler
_onexit
__dllonexit
fprintf
_filelength
_fileno

kernel32

GetModuleFileNameA
GetLastError
WideCharToMultiByte
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
MultiByteToWideChar
GetProcAddress
LoadLibraryA
FreeLibrary
GetVersionExA
GetTickCount
GetDriveTypeA
FormatMessageA
CloseHandle
GetLocalTime
CreateFileA
ExpandEnvironmentStringsA
LeaveCriticalSection
EnterCriticalSection
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
TerminateProcess
WaitForSingleObject
CreateProcessA
LocalFree
LocalAlloc
GetDiskFreeSpaceA
CreateDirectoryA
FindFirstFileA
RemoveDirectoryA
FindNextFileA
FindClose
DeleteFileA
lstrlenA
DeleteCriticalSection
GetTempPathA
InitializeCriticalSection

user32

GetSystemMetrics
PeekMessageA
SetTimer
DispatchMessageA
SendMessageA
UpdateWindow
EnableWindow
TranslateMessage
GetDesktopWindow
GetDlgItem
GetWindowRect

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHFileOperationA

oleaut32

SysAllocStringLen
SysFreeString

msvcp60

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Xlen@std@@YAXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

Exports

Exports

DownCancel
Download
End
GetFileFormat
Init
UnzipCancel
UnzipStatus
Upload
VideoPaidReport

Sections

.text
Size: 228KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ssmfileinfo.dll
.dll windows:4 windows x86 arch:x86

36adf6a1423dacf01a70fbb863d71eb1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wmvcore

WMCreateSyncReader

winmm

mmioOpenA
mmioSeek
mmioClose
mmioAscend
mmioRead
mmioDescend

mfc42

ord561
ord825
ord815
ord800
ord823
ord2818
ord535
ord860
ord939
ord540
ord3738
ord1168
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord826
ord600
ord1578
ord6467
ord1255
ord1253
ord1570
ord269
ord1197
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord3953
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord1243
ord342
ord1182
ord1577
ord1575
ord1176
ord1116

msvcrt

memcpy
memset
strncat
__dllonexit
_onexit
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
strlen
_errno
frexp
exit
ldexp
qsort
ceil
floor
memchr
_CIpow
strncmp
_CxxThrowException
_strdup
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
fflush
printf
sprintf
realloc
ftell
memmove
_ftol
_iob
fprintf
calloc
malloc
fseek
fopen
fread
free
fclose
__CxxFrameHandler
??0exception@@QAE@ABV0@@Z

kernel32

CloseHandle
SetFilePointer
GetFileSize
InterlockedIncrement
InterlockedDecrement
GetVolumeInformationA
GetProcAddress
LoadLibraryA
LocalFree
LocalAlloc
ReadFile
CreateFileA
GetLastError

user32

PeekMessageA
TranslateMessage
DispatchMessageA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ole32

CoInitialize
CoUninitialize

Exports

Exports

MusicDNAFunc_AAC
MusicDNAFunc_MP3
MusicDNAFunc_OGG
MusicDNAFunc_WAV
MusicDNAFunc_WMA

Sections

.text
Size: 232KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
svc_setup.exe
.exe windows:1 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3f:23:c6:f7:d7:b7:23:30:59:09:66:a2:cd:3d:40:0e
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

04/03/2016, 00:00

Not After

04/03/2017, 23:59

Subject

CN=NeoNTech,OU=IT Team,O=NeoNTech,L=Gangnam-gu,ST=SEOUL,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fb:b7:a0:ee:f1:68:9a:21:3c:27:74:26:be:a8:bd:ac:ce:c8:52:46
Signer

Actual PE Digest

fb:b7:a0:ee:f1:68:9a:21:3c:27:74:26:be:a8:bd:ac:ce:c8:52:46

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
unace32.exe
.exe windows:5 windows x86 arch:x86

56bac85561f78132ca190bf57013fc88

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:08:e4:25:dd:db:b3:4e:1e:26:d6:e7:85:6e:9f:b8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/09/2013, 00:00

Not After

26/12/2016, 23:59

Subject

CN=Bandisoft,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Bandisoft,L=Yeongdeungpogu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\devel\Ark5\bin\unace32.pdb

Imports

kernel32

FindResourceA
FreeLibrary
LoadResource
FindResourceExA
WideCharToMultiByte
SizeofResource
GetProcAddress
LoadLibraryA
LockResource
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetCommandLineA
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
RtlUnwind
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
CloseHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v_down.dll
.dll windows:5 windows x86 arch:x86

16f74b2499f03ba7d292903d7d7a37f3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4c:d7:51:f8:89:e7:e0:b1:c5:91:bb:eb:f6:3f:32:53
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

24/12/2018, 00:00

Not After

24/12/2019, 23:59

Subject

CN=VGRID CO.\,LTD,O=VGRID CO.\,LTD,L=Suwon-si,ST=Gyeonggi-do,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8c:0f:ef:91:a9:fb:0a:63:1e:61:83:e1:61:77:59:ac:ff:7d:d3:35
Signer

Actual PE Digest

8c:0f:ef:91:a9:fb:0a:63:1e:61:83:e1:61:77:59:ac:ff:7d:d3:35

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\job\jung grid\client_2.0_korea\bin\release\v_down.pdb

Imports

wininet

InternetReadFile
InternetOpenW
InternetOpenUrlW
InternetCloseHandle
InternetQueryDataAvailable

kernel32

GetConsoleMode
GetDriveTypeW
WriteConsoleW
SetEnvironmentVariableA
SetUnhandledExceptionFilter
GetModuleFileNameW
CloseHandle
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
CreateFileW
GetProcAddress
LoadLibraryW
GetLastError
lstrcpyW
QueryPerformanceCounter
GetCurrentThread
FormatMessageW
GetModuleHandleW
GetSystemInfo
GetVersionExW
FreeLibrary
GetModuleFileNameA
SetLastError
GetFileAttributesW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleCP
HeapCreate
ResumeThread
GetStartupInfoW
GetStdHandle
SetHandleCount
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetFileType
SetStdHandle
VirtualQuery
VirtualAlloc
HeapQueryInformation
HeapSize
ExitProcess
HeapReAlloc
GetCommandLineA
GetSystemTimeAsFileTime
CreateThread
ExitThread
EncodePointer
DecodePointer
RaiseException
HeapAlloc
HeapFree
RtlUnwind
FindResourceExW
VirtualProtect
GetNumberFormatW
GetWindowsDirectoryW
SearchPathW
GetProfileIntW
GetTempPathW
GetTempFileNameW
GetFileTime
GetFileSizeEx
GetStringTypeW
HeapDestroy
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
GetFileAttributesExW
FreeResource
GlobalFindAtomW
GlobalFlags
GetSystemDirectoryW
GlobalGetAtomNameW
CompareStringW
InterlockedIncrement
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
InterlockedDecrement
ReleaseActCtx
CreateActCtxW
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
SetFilePointer
lstrcmpiW
GlobalAddAtomW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
SetThreadPriority
GlobalDeleteAtom
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
ActivateActCtx
DeactivateActCtx
lstrcmpW
GetLocaleInfoW
LoadLibraryExW
InterlockedExchange
DeleteCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
FindFirstFileW
FindNextFileW
FindClose
GlobalFree
CopyFileW
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
GetDiskFreeSpaceExW
CreateDirectoryW
FlushFileBuffers
ReadFile
SetFilePointerEx
WriteFile
GetCurrentDirectoryW
CreateProcessW
DeleteFileW
InitializeCriticalSection
LocalFree
LocalAlloc
lstrcmpA
LoadResource
LockResource
SizeofResource
FindResourceW
MultiByteToWideChar
lstrlenA
Sleep
WideCharToMultiByte
SetCurrentDirectoryW
lstrlenW
SetEvent
WaitForSingleObject
CreateEventW
GetTickCount
LeaveCriticalSection
EnterCriticalSection

user32

CloseClipboard
SetClipboardData
OpenClipboard
GetMenuDefaultItem
GetUpdateRect
FrameRect
IsClipboardFormatAvailable
SetMenuDefaultItem
WaitMessage
PostThreadMessageW
CreateMenu
IsMenu
UpdateLayeredWindow
EnableScrollBar
UnionRect
MonitorFromPoint
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
UnpackDDElParam
ReuseDDElParam
LoadImageW
InsertMenuItemW
TranslateAcceleratorW
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
CopyImage
LockWindowUpdate
BringWindowToTop
SetCursorPos
SetRect
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyW
ToUnicodeEx
CopyAcceleratorTableW
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
DrawStateW
MessageBeep
ReleaseCapture
SetCapture
GetSystemMenu
LoadMenuW
IntersectRect
SetClassLongW
GetAsyncKeyState
NotifyWinEvent
WindowFromPoint
CreatePopupMenu
DestroyAcceleratorTable
SetParent
SetWindowRgn
IsZoomed
OffsetRect
IsRectEmpty
DestroyMenu
GetMenuItemInfoW
InflateRect
DestroyIcon
IsIconic
ShowWindow
MoveWindow
IsDialogMessageW
CheckDlgButton
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
EmptyClipboard
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
IsWindow
SetFocus
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
RedrawWindow
CreateWindowExW
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
CallWindowProcW
GetMenu
SetWindowLongW
SetWindowPos
KillTimer
SetTimer
InvalidateRect
UpdateWindow
GetDesktopWindow
RealChildWindowFromPoint
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameW
PtInRect
SetWindowTextW
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
ScreenToClient
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
GetClassInfoW
DefWindowProcW
MapWindowPoints
GetClientRect
SetLayeredWindowAttributes
EnumDisplayMonitors
SystemParametersInfoW
GetMonitorInfoW
SetRectEmpty
CopyRect
DeleteMenu
RegisterClipboardFormatW
CopyIcon
CharUpperBuffW
GetIconInfo
IsCharLowerW
GetKeyNameTextW
MapVirtualKeyExW
SubtractRect
InvertRect
HideCaret
GetNextDlgGroupItem
MapDialogRect
DrawIcon
DestroyCursor
GetWindowTextLengthW
GetWindowTextW
LoadCursorW
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnregisterClassW
UnhookWindowsHookEx
CharUpperW
GetWindowRgn
IsChild
GetWindowThreadProcessId
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
ShowOwnedPopups
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
SendMessageW
ModifyMenuW
EnableMenuItem
CheckMenuItem
PostMessageW
PostQuitMessage
GetMenuState
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
MessageBoxW
GetSystemMetrics
GetDoubleClickTime

gdi32

PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
SelectPalette
GetObjectType
CreateHatchBrush
GetTextExtentPoint32W
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
CombineRgn
GetBkColor
GetTextColor
PatBlt
CreateEllipticRgn
Polyline
Polygon
SetRectRgn
DPtoLP
OffsetRgn
GetRgnBox
SetDIBColorTable
RealizePalette
StretchBlt
SetPixel
Rectangle
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
EnumFontFamiliesExW
GetTextFaceW
SetPixelV
GetPixel
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
DeleteObject
GetTextCharsetInfo
EnumFontFamiliesW
GetTextMetricsW
BitBlt
CreateCompatibleDC
CreateRectRgnIndirect
CreateCompatibleBitmap
GetObjectW
CreateFontIndirectW
CreatePatternBrush
CreateSolidBrush
CreatePen
GetStockObject
CreateDIBitmap
CreateBitmap
CreateDCW
Ellipse
GetDeviceCaps
CopyMetaFileW

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

ControlService
CloseServiceHandle
OpenSCManagerW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegQueryValueW
RegEnumKeyW
RegEnumValueW
OpenServiceW

shell32

SHGetSpecialFolderLocation
SHGetFileInfoW
ShellExecuteW
DragFinish
SHBrowseForFolderW
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHGetDesktopFolder
SHAppBarMessage
DragQueryFileW

comctl32

ImageList_GetIconSize

shlwapi

PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathRemoveFileSpecW

ole32

CoInitializeEx
CoUninitialize
CoInitialize
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
CreateStreamOnHGlobal
DoDragDrop
CoTaskMemFree
CoCreateInstance
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
CoCreateGuid
OleGetClipboard

oleaut32

VariantClear
VariantInit
VarBstrFromDate
SysAllocStringLen
SystemTimeToVariantTime
VariantChangeType
SysAllocString
SysStringLen
VariantTimeToSystemTime
SysFreeString

crypt32

CertFindCertificateInStore
CertGetNameStringW
CertFreeCertificateContext
CertCloseStore
CryptMsgClose
CryptQueryObject
CryptDecodeObject
CryptMsgGetParam

ws2_32

closesocket
gethostbyname
sendto
htons
socket
gethostname
recv
setsockopt
connect
send
WSACleanup
WSAStartup
ioctlsocket
getpeername
WSAGetLastError
inet_addr
__WSAFDIsSet
select
WSAIoctl
inet_ntoa

gdiplus

GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDrawImageI

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

Exports

Exports

?CheckDownFinish@@YAHXZ
?GetCount@@YAHAAH0@Z
?GetDownSize@@YA_JXZ
?GetFileSize@@YA_JXZ
?GetSize@@YAHAA_J0@Z
?GetSpeed@@YAHXZ
?GetStartPoint@@YA_JXZ
?GetStatus@@YAHXZ
?GetValidDownSize@@YA_JXZ
?InitNodeLib@@YAXPAD@Z
?OnStart_Download@@YAHH@Z
?OnStop_Download@@YAXXZ
?SetDownMainSvrInfo@@YAXPADHH@Z
?SetDownloadFileEx@@YAXPAD00_J0H@Z
?SetDownloadFileEx@@YAXPA_W00_J0H@Z
?SetDownloadFileExW@@YAXPA_W00_J0H@Z
?SetFtpAccount@@YAHPAD0@Z
?SetSearchSvrDNS@@YAXPAD@Z
?_SetMinPeerCount@@YAHH@Z
?_SetSpeedLimit@@YAHH@Z

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 282KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v_filecast_setup.exe
.exe windows:4 windows x86 arch:x86

e160ef8e55bb9d162da4e266afd9eef3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4c:d7:51:f8:89:e7:e0:b1:c5:91:bb:eb:f6:3f:32:53
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

24/12/2018, 00:00

Not After

24/12/2019, 23:59

Subject

CN=VGRID CO.\,LTD,O=VGRID CO.\,LTD,L=Suwon-si,ST=Gyeonggi-do,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a8:d6:b6:35:20:a5:2b:bb:6a:e6:f3:44:37:98:99:87:e8:19:af:ab
Signer

Actual PE Digest

a8:d6:b6:35:20:a5:2b:bb:6a:e6:f3:44:37:98:99:87:e8:19:af:ab

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
SearchPathA
GetShortPathNameA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
GetWindowsDirectoryA
GetTempPathA
Sleep
CloseHandle
LoadLibraryA
lstrlenA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
ReadFile
lstrcpyA
lstrcatA
GetSystemDirectoryA
GetVersion
GetProcAddress
GlobalAlloc
CompareFileTime
SetFileTime
ExpandEnvironmentStringsA
lstrcmpiA
lstrcmpA
WaitForSingleObject
GlobalFree
GetExitCodeProcess
GetModuleHandleA
SetErrorMode
GetCommandLineA
LoadLibraryExA
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
WriteFile
FindClose
WritePrivateProfileStringA
MultiByteToWideChar
MulDiv
GetPrivateProfileStringA
FreeLibrary

user32

CreateWindowExA
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
GetDC
SystemParametersInfoA
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
DestroyWindow
CreateDialogParamA
SetTimer
GetDlgItem
wsprintfA
SetForegroundWindow
ShowWindow
IsWindow
LoadImageA
SetWindowLongA
SetClipboardData
EmptyClipboard
OpenClipboard
EndPaint
PostQuitMessage
FindWindowExA
SendMessageTimeoutA
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ExecDos.dll
.dll windows:6 windows x86 arch:x86

7dc70b16176744e9eb1a6b125a945c2f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
FlushFileBuffers
ReadFile
WriteFile
CloseHandle
DuplicateHandle
CreatePipe
PeekNamedPipe
WaitForSingleObject
Sleep
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
CreateThread
GetExitCodeThread
CreateProcessA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
lstrcmpiA
lstrcatA
lstrlenA
lstrcpynA
lstrcpyA

user32

SendMessageA
GetDlgItem
FindWindowExA
GetClassNameA
wsprintfA

Exports

Exports

exec
isdone
wait

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 338B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsProcess.dll
.dll windows:4 windows x86 arch:x86

c9fc7f6df8fedf8f8f1f9f820c072664

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
CloseHandle
TerminateProcess
OpenProcess
lstrcmpiA
WideCharToMultiByte
FreeLibrary
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryA
GetVersionExA
GlobalFree
lstrcpynA
GlobalAlloc

Exports

Exports

_FindProcess
_KillProcess
_Unload

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 646B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsSCM.dll
.dll windows:4 windows x86 arch:x86

cae3b41a07819ca715746a4d081b8a6c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

CreateServiceA
StartServiceA
OpenServiceA
ControlService
QueryServiceStatus
DeleteService
OpenSCManagerA
CloseServiceHandle

kernel32

GlobalFree
GetLastError
lstrcpyA
lstrcpynA
GlobalAlloc

user32

wsprintfA

Exports

Exports

Install
QueryStatus
Remove
Start
Stop

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 650B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninstall.exe.nsis
v_member.exe
.exe windows:5 windows x86 arch:x86

a2ed4f5d50916c789574b02d65ac56dc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4c:d7:51:f8:89:e7:e0:b1:c5:91:bb:eb:f6:3f:32:53
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

24/12/2018, 00:00

Not After

24/12/2019, 23:59

Subject

CN=VGRID CO.\,LTD,O=VGRID CO.\,LTD,L=Suwon-si,ST=Gyeonggi-do,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

66:e2:ff:23:28:1e:d4:b7:23:17:7b:0b:52:4e:47:47:51:9c:16:19
Signer

Actual PE Digest

66:e2:ff:23:28:1e:d4:b7:23:17:7b:0b:52:4e:47:47:51:9c:16:19

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetCrackUrlA
InternetReadFile
InternetQueryDataAvailable
HttpQueryInfoW
InternetCloseHandle
InternetOpenUrlW
InternetOpenW

dnsapi

DnsFree
DnsQuery_W

kernel32

GetACP
GetOEMCP
IsValidCodePage
IsProcessorFeaturePresent
LCMapStringW
GetTimeZoneInformation
GetStringTypeW
GetConsoleCP
GetConsoleMode
GetDriveTypeW
WriteConsoleW
SetEnvironmentVariableA
CreateEventW
CloseHandle
WaitForSingleObject
GetLastError
Sleep
SetThreadPriority
GetCurrentThread
HeapCreate
GetTickCount
GetCPInfo
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetFullPathNameW
GetFullPathNameA
CreateFileA
GetFileSize
SetFilePointer
TlsGetValue
SetEndOfFile
FreeLibrary
UnlockFile
LockFile
GetSystemTimeAsFileTime
WriteFile
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
SetUnhandledExceptionFilter
GetFileType
SetStdHandle
HeapSize
HeapQueryInformation
UnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
QueryPerformanceCounter
lstrlenW
VirtualQuery
GetSystemInfo
VirtualAlloc
RtlUnwind
MoveFileA
ExitProcess
HeapReAlloc
HeapAlloc
HeapFree
EncodePointer
DecodePointer
CreateThread
ExitThread
GetStartupInfoW
HeapSetInformation
GetCommandLineW
GetNumberFormatW
GetWindowsDirectoryW
FindResourceExW
VirtualProtect
GlobalFlags
SearchPathW
GetProfileIntW
GetSystemDirectoryW
GetFileSizeEx
LocalFileTimeToFileTime
GetFileAttributesExW
SetErrorMode
TlsSetValue
LoadLibraryW
GetVersionExW
GetFileAttributesA
TlsFree
GetFileAttributesW
ReadFile
CreateFileW
LocalReAlloc
GlobalHandle
ReleaseActCtx
CreateActCtxW
GetDiskFreeSpaceW
GetTempFileNameW
GetFileTime
SetFileTime
ReplaceFileW
SystemTimeToFileTime
WritePrivateProfileStringW
GetPrivateProfileIntW
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
CompareStringA
GetLocaleInfoW
LoadLibraryExW
GetCurrentProcessId
GlobalGetAtomNameW
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
GlobalReAlloc
InterlockedExchange
lstrcmpW
lstrcpyW
FreeResource
GetCurrentThreadId
GetShortPathNameW
GetVolumeInformationW
GetCurrentProcess
DuplicateHandle
ActivateActCtx
DeactivateActCtx
MoveFileW
lstrcmpiW
GetThreadLocale
GetStringTypeExW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindFirstFileW
FindNextFileW
FindClose
SetLastError
GlobalFree
CopyFileW
GlobalSize
GlobalAlloc
GlobalLock
FlushFileBuffers
GlobalUnlock
MulDiv
FormatMessageW
RaiseException
ResumeThread
InitializeCriticalSection
OpenProcess
GetPrivateProfileStringW
SetCurrentDirectoryW
GetModuleFileNameW
GetModuleHandleW
Process32NextW
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
Process32FirstW
CreateToolhelp32Snapshot
InterlockedDecrement
InterlockedIncrement
CreateMutexW
GetCurrentDirectoryW
FindResourceW
LoadResource
LockResource
SizeofResource
lstrcmpA
LocalAlloc
LocalFree
DeleteFileA
AreFileApisANSI
GetSystemTime
GetTempPathA
DeleteFileW
TlsAlloc
LoadLibraryA
LockFileEx
GetProcAddress
GetTempPathW

user32

DefMDIChildProcW
DefFrameProcW
CreateAcceleratorTableW
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyW
ToUnicodeEx
CopyIcon
FrameRect
SetCursorPos
SetClassLongW
GetMenuDefaultItem
UpdateLayeredWindow
EnableScrollBar
UnionRect
SetRect
SetLayeredWindowAttributes
EnumDisplayMonitors
CopyAcceleratorTableW
IsClipboardFormatAvailable
SetMenuDefaultItem
SetParent
DrawIconEx
DrawFocusRect
DrawEdge
DrawIcon
ShowOwnedPopups
GetMessageW
TranslateMessage
WaitMessage
PostThreadMessageW
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
GetSysColorBrush
SetWindowContextHelpId
MapDialogRect
RegisterClipboardFormatW
PostQuitMessage
UnpackDDElParam
ReuseDDElParam
GetWindowThreadProcessId
GetActiveWindow
LoadAcceleratorsW
InsertMenuItemW
BringWindowToTop
GetDesktopWindow
TranslateAcceleratorW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
LoadIconW
SendDlgItemMessageA
WinHelpW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
GetMessageTime
PeekMessageW
MonitorFromWindow
ScrollWindow
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
TranslateMDISysAccel
ShowScrollBar
ValidateRect
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
DefWindowProcW
CallWindowProcW
GetMenu
TrackPopupMenu
MonitorFromPoint
GetMonitorInfoW
SystemParametersInfoW
ModifyMenuW
CreatePopupMenu
CharUpperBuffW
LockWindowUpdate
MapWindowPoints
GetWindowTextLengthW
GetWindowTextW
SetWindowPos
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowLongW
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SendDlgItemMessageW
GetDlgItem
CheckDlgButton
LoadImageW
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
FillRect
DrawStateW
CopyImage
GetIconInfo
DestroyIcon
CopyRect
DestroyMenu
IsMenu
GetClassLongW
GetWindowLongW
GetMenuItemInfoW
DrawFrameControl
IsRectEmpty
SetFocus
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
IsIconic
IsZoomed
GetAsyncKeyState
GetCursorPos
SetCursor
MessageBeep
ReleaseCapture
RealChildWindowFromPoint
GetKeyNameTextW
GetNextDlgGroupItem
DestroyCursor
EnumChildWindows
CharNextW
InvalidateRgn
UnregisterClassW
GetDoubleClickTime
GetUpdateRect
HideCaret
LoadCursorW
WindowFromPoint
SetCapture
RedrawWindow
InvalidateRect
ScreenToClient
GetClientRect
GetSystemMenu
LoadMenuW
EnableMenuItem
CheckMenuItem
InvertRect
MapVirtualKeyExW
IsCharLowerW
GetWindowRgn
CreateMenu
SetForegroundWindow
SubtractRect
DeleteMenu
BeginDeferWindowPos
EndDeferWindowPos
IsChild
EqualRect
IntersectRect
OffsetRect
InflateRect
SetRectEmpty
PtInRect
DestroyAcceleratorTable
GetParent
DestroyWindow
NotifyWinEvent
GetKeyState
GetTopWindow
GetFocus
GetCapture
IsWindowVisible
GetWindowRect
SetWindowRgn
SendMessageW
GetWindow
CharUpperW
GetMenuState
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
MessageBoxW
PostMessageW
IsWindow
RegisterWindowMessageW
KillTimer
ClientToScreen
SetTimer
EnableWindow
UpdateWindow
FindWindowW
GetSystemMetrics
GetMessagePos
DrawMenuBar

gdi32

LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
SelectClipRgn
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
GetObjectType
CreateHatchBrush
CreateFontIndirectW
CreateEllipticRgn
DPtoLP
SetMapMode
Ellipse
CreateRectRgnIndirect
OffsetRgn
GetRgnBox
CreatePolygonRgn
GetBkColor
GetTextColor
Polyline
Polygon
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
IntersectClipRect
GetMapMode
Rectangle
ExtFloodFill
CreatePalette
GetPaletteEntries
SetPaletteEntries
GetWindowOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetViewportOrgEx
EnumFontFamiliesExW
GetNearestPaletteIndex
GetSystemPaletteEntries
GetTextFaceW
SetPixelV
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreateSolidBrush
SetTextColor
CreateDIBSection
SetPixel
GetPixel
StretchBlt
CombineRgn
CreateRectRgn
GetStockObject
CreateBitmap
SelectPalette
RealizePalette
GetDIBits
SetBkColor
BitBlt
SetDIBColorTable
DeleteDC
ExcludeClipRect
SetRectRgn
GetClipBox
GetObjectW
DeleteObject
GetTextMetricsW
GetTextExtentPoint32W
PatBlt
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
CreateRoundRectRgn
CreatePen
CreateDCW
LPtoDP
GetDeviceCaps
CopyMetaFileW

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

GetFileSecurityW
RegSetValueExW
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegEnumValueW
RegSetValueW
RegEnumKeyW
RegCloseKey
RegQueryValueW
SetFileSecurityW

shell32

SHGetPathFromIDListW
SHGetFileInfoW
SHAppBarMessage
DragFinish
DragQueryFileW
ShellExecuteW
SHAddToRecentDocs
ExtractIconW
SHBrowseForFolderW
SHGetSpecialFolderPathW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder

comctl32

ImageList_Destroy
InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_Create
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_GetIcon
ImageList_DrawEx

shlwapi

PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathFindFileNameW
StrStrIA
PathRemoveFileSpecW

ole32

OleUninitialize
CoCreateGuid
CreateStreamOnHGlobal
OleDuplicateData
OleGetClipboard
CoFreeUnusedLibraries
OleInitialize
CLSIDFromProgID
CLSIDFromString
OleLockRunning
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
CoGetClassObject
CoRevokeClassObject
CoRegisterMessageFilter
StgCreateDocfileOnILockBytes
StringFromCLSID
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CoInitializeEx
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
CoCreateInstance
CoInitialize
CoUninitialize
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
IsAccelerator
OleTranslateAccelerator

oleaut32

OleCreateFontIndirect
VarBstrFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
VariantChangeType
SysAllocStringLen
SysStringLen
VariantClear
VariantInit
SysFreeString
SysAllocString

oledlg

OleUIBusyW

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdipDrawImageI
GdipGetImageGraphicsContext
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree

crypt32

CertFreeCertificateContext
CertGetNameStringW
CertFindCertificateInStore
CryptDecodeObject
CryptMsgGetParam
CryptQueryObject
CertCloseStore
CryptMsgClose

iphlpapi

GetAdaptersInfo

ws2_32

recvfrom
sendto
accept
listen
bind
htonl
WSAIoctl
__WSAFDIsSet
select
connect
htons
inet_addr
WSAGetLastError
gethostbyname
inet_ntoa
getpeername
send
recv
ioctlsocket
setsockopt
socket
WSACleanup
WSAStartup
closesocket

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

winmm

PlaySoundW

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 353KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 53KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 193KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v_service.exe
.exe windows:5 windows x86 arch:x86

57a0583ab27e8b4d64ad8c6fcb60a870

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4c:d7:51:f8:89:e7:e0:b1:c5:91:bb:eb:f6:3f:32:53
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

24/12/2018, 00:00

Not After

24/12/2019, 23:59

Subject

CN=VGRID CO.\,LTD,O=VGRID CO.\,LTD,L=Suwon-si,ST=Gyeonggi-do,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e6:52:2f:a9:76:7f:c8:6e:38:11:99:c8:1c:44:64:10:f0:66:41:8e
Signer

Actual PE Digest

e6:52:2f:a9:76:7f:c8:6e:38:11:99:c8:1c:44:64:10:f0:66:41:8e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\job\grid\jung grid\server\grid_service\Release\SvrService.pdb

Imports

wininet

InternetReadFile
InternetQueryDataAvailable
HttpQueryInfoW
InternetCloseHandle
InternetOpenUrlA
InternetOpenA

kernel32

SetEnvironmentVariableA
GetModuleFileNameA
GetModuleHandleA
SetCurrentDirectoryA
GetLastError
Sleep
LocalAlloc
GetCommandLineA
GetCurrentDirectoryA
DeleteFileA
CreateFileA
WriteFile
CloseHandle
CreateProcessA
InterlockedExchange
SizeofResource
LockResource
LoadResource
FindResourceW
FreeLibrary
GetConsoleMode
GetProcAddress
GetModuleHandleW
GlobalAlloc
lstrcmpA
GlobalLock
SetLastError
DeactivateActCtx
LoadLibraryA
ActivateActCtx
CompareStringA
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryExA
GetLocaleInfoA
GetSystemDefaultUILanguage
CreateFileW
GetConsoleCP
GetTimeZoneInformation
LCMapStringW
CompareStringW
IsProcessorFeaturePresent
GetStringTypeW
IsValidCodePage
QueryPerformanceCounter
HeapCreate
GetStartupInfoW
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetFileType
SetStdHandle
GetSystemTimeAsFileTime
HeapSize
HeapReAlloc
HeapQueryInformation
VirtualQuery
GetSystemInfo
VirtualAlloc
CreateThread
ExitThread
RaiseException
ExitProcess
RtlUnwind
HeapFree
GetUserDefaultUILanguage
WriteConsoleW
ConvertDefaultLocale
HeapAlloc
HeapSetInformation
GetCurrentThreadId
GetCurrentThread
GlobalDeleteAtom
DecodePointer
EncodePointer
FindResourceExW
VirtualProtect
GetNumberFormatA
GetWindowsDirectoryA
SearchPathA
GetProfileIntA
GetTickCount
GetACP
GetOEMCP
GetCPInfo
GetFileTime
GetFileSizeEx
GetFileAttributesA
FileTimeToLocalFileTime
GetFileAttributesExA
FileTimeToSystemTime
GetTempPathA
GetTempFileNameA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
lstrcmpiA
FindResourceA
FreeResource
GlobalGetAtomNameA
GlobalFindAtomA
InitializeCriticalSectionAndSpinCount
lstrcmpW
GetCurrentProcessId
GlobalAddAtomA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
lstrlenA
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
GlobalFlags
InterlockedDecrement
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
GetVersionExA
lstrcpyA
GetSystemDirectoryW
LoadLibraryW
GlobalFree
CopyFileA
GlobalSize
GlobalUnlock
FormatMessageA
LocalFree
lstrlenW
MulDiv
WaitForSingleObject
ResumeThread
SetThreadPriority
SetErrorMode

user32

CopyIcon
RegisterClipboardFormatA
LoadImageW
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
GetMenuDefaultItem
GetNextDlgTabItem
EndDialog
GetUpdateRect
FrameRect
IsClipboardFormatAvailable
SetMenuDefaultItem
WaitMessage
PostThreadMessageA
CreateMenu
IsMenu
UpdateLayeredWindow
EnableScrollBar
UnionRect
MonitorFromPoint
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
DefFrameProcA
UnpackDDElParam
ReuseDDElParam
LoadMenuA
LoadImageA
LoadAcceleratorsA
InsertMenuItemA
TranslateAcceleratorA
CopyImage
DestroyIcon
LockWindowUpdate
BringWindowToTop
SetCursorPos
SetRect
CreateAcceleratorTableA
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyA
ToAsciiEx
CopyAcceleratorTableA
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
DrawStateA
MessageBeep
ReleaseCapture
SetCapture
GetSystemMenu
LoadMenuW
IntersectRect
SetClassLongA
GetAsyncKeyState
NotifyWinEvent
WindowFromPoint
CreatePopupMenu
DestroyAcceleratorTable
SetWindowRgn
IsZoomed
IsIconic
OffsetRect
IsRectEmpty
DestroyMenu
GetMenuItemInfoA
InflateRect
CharUpperA
ShowWindow
MoveWindow
IsDialogMessageA
CheckDlgButton
RegisterWindowMessageA
LoadIconW
LoadIconA
CharUpperBuffA
WinHelpA
IsChild
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
IsWindow
SetFocus
GetWindowTextLengthA
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
RedrawWindow
CreateWindowExA
GetClassInfoExA
RegisterClassA
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
KillTimer
SetTimer
InvalidateRect
UpdateWindow
GetDesktopWindow
RealChildWindowFromPoint
GetWindow
GetDlgCtrlID
GetWindowRect
GetWindowLongA
GetClassNameA
PtInRect
GetWindowTextA
SetWindowTextA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
ScreenToClient
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
UnhookWindowsHookEx
GetSysColorBrush
LoadCursorA
GetClassInfoA
GetDoubleClickTime
GetIconInfo
IsCharLowerA
GetKeyNameTextA
MapVirtualKeyExA
SubtractRect
InvertRect
HideCaret
DefWindowProcA
MapWindowPoints
GetClientRect
LoadCursorW
SetLayeredWindowAttributes
GetSysColor
GetSystemMetrics
EnumDisplayMonitors
SystemParametersInfoA
GetMonitorInfoA
GetWindowRgn
DestroyCursor
DrawIcon
MapDialogRect
SendDlgItemMessageA
GetNextDlgGroupItem
SetRectEmpty
CopyRect
DeleteMenu
ShowOwnedPopups
SetCursor
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuState
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
SendMessageA
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
PostMessageA
PostQuitMessage
FindWindowA
SetParent
CreateDialogIndirectParamA

gdi32

GetLayout
SetLayout
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
GetPixel
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
SelectPalette
GetObjectType
CreateHatchBrush
GetTextExtentPoint32A
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
CombineRgn
GetTextColor
PatBlt
CreateEllipticRgn
Polyline
Ellipse
Polygon
SetRectRgn
DPtoLP
OffsetRgn
GetRgnBox
SetDIBColorTable
RealizePalette
StretchBlt
SetPixel
Rectangle
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
EnumFontFamiliesExA
GetTextFaceA
SetPixelV
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
DeleteObject
GetTextCharsetInfo
EnumFontFamiliesA
GetTextMetricsA
BitBlt
CreateCompatibleDC
CreateRectRgnIndirect
CreateCompatibleBitmap
GetObjectA
CreateFontIndirectA
CreatePatternBrush
CreateSolidBrush
CreatePen
GetStockObject
CreateDIBitmap
CreateBitmap
CreateDCA
GetBkColor
GetDeviceCaps
CopyMetaFileA

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegSetValueExA
CreateServiceA
CloseServiceHandle
OpenServiceA
DeleteService
StartServiceA
ControlService
QueryServiceConfigA
StartServiceCtrlDispatcherA
RegEnumKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteValueA
RegEnumValueA
OpenSCManagerA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegisterServiceCtrlHandlerExA
SetServiceStatus

shell32

SHGetSpecialFolderLocation
SHGetFileInfoA
DragFinish
DragQueryFileA
SHAppBarMessage
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetDesktopFolder
ShellExecuteA

comctl32

ImageList_GetIconSize

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathRemoveFileSpecW

ole32

CoInitializeEx
DoDragDrop
CreateStreamOnHGlobal
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoUninitialize
CoInitialize
CoCreateInstance
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
CoTaskMemFree
CoCreateGuid

oleaut32

SysAllocString
VarBstrFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantInit
VariantChangeType
VariantClear
SysStringLen
SysAllocStringLen
SysFreeString

gdiplus

GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageI

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundA

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 254KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ver.ini

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Code Sign

04:00:00:00:00:01:25:07:1d:f9:afCertificate

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

27:84:3e:e2:10:20:e5:69:08:de:ca:adCertificate

Extended Key Usages

Key Usages

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3aCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

04:00:00:00:00:01:25:07:1d:f9:afCertificate

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

27:84:3e:e2:10:20:e5:69:08:de:ca:adCertificate

Extended Key Usages

Key Usages

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3aCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

cd:c6:9f:ad:96:67:53:09:d3:32:91:d2:4a:03:e2:4c:f0:5c:f6:ae:86:3f:bb:2a:d3:53:20:35:0f:db:23:35Signer

4f:34:3d:78:e9:ab:d4:10:45:fb:45:c8:af:1e:4e:a6:bb:39:e6:0cSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 39KB - Virtual size: 38KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 48KB

UPX1 Size: 21KB - Virtual size: 24KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

27:84:3e:e2:10:20:e5:69:08:de:ca:ad
Certificate

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

27:84:3e:e2:10:20:e5:69:08:de:ca:ad
Certificate

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

cd:c6:9f:ad:96:67:53:09:d3:32:91:d2:4a:03:e2:4c:f0:5c:f6:ae:86:3f:bb:2a:d3:53:20:35:0f:db:23:35
Signer

4f:34:3d:78:e9:ab:d4:10:45:fb:45:c8:af:1e:4e:a6:bb:39:e6:0c
Signer

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 39KB - Virtual size: 38KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

UPX0
Size: - Virtual size: 48KB

UPX1
Size: 21KB - Virtual size: 24KB

.rsrc
Size: 2KB - Virtual size: 4KB

CODE
Size: 33KB - Virtual size: 33KB

DATA
Size: 1KB - Virtual size: 1KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 2KB - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 101B

.reloc
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 4KB

.text
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 172B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 410B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

1a:08:e4:25:dd:db:b3:4e:1e:26:d6:e7:85:6e:9f:b8
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate