Rebina[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Rebina.zip
Size

35.1MB
MD5

2a8a9a89dd0a8570e1aa64e4bf875100
SHA1

46581177ec3f584c33412dc9971697ebab653a65
SHA256

dcb4c895d922f85a24bef9f605aacc4503ea7e68546ca10207ac8f2441bedb14
SHA512

1a59bb98389ee1fe51309e09b39acf473af6004598c05c2e4e5b5c183259d1a115d5d96dd2b1126e603acdcaca0d5a4d66152509d5ec9f0b4dcc26b95c869c52
SSDEEP

786432:hWNG30XdkVBTqUMx1S7kz6tlXVvCxZUXrfuF5hToducIvnm:cAPsQT8mzevoBUnm

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/Rebina/ocx/TabS.ocx	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Rebina/ocx/TabS.ocx	upx

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Rebina/FIX.exe
unpack001/Rebina/cc32100mt.dll
unpack001/Rebina/ocx/TabS.oca
unpack001/Rebina/ocx/TabS.ocx

Files

Rebina.zip
.zip

Password: ez
Rebina/FIX.exe
.exe windows:4 windows x64 arch:x64

Password: ez

d439aad54e7fd85f5adafe6dba0c5d42

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddVectoredExceptionHandler
CheckRemoteDebuggerPresent
CloseHandle
CompareStringOrdinal
CreateDirectoryW
CreateFileW
CreateNamedPipeW
CreateProcessW
CreateThread
CreateWaitableTimerExW
DeleteCriticalSection
DeleteProcThreadAttributeList
DuplicateHandle
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileW
FreeEnvironmentStringsW
FreeLibrary
GetComputerNameExW
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFullPathNameW
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetProcessIoCounters
GetProcessTimes
GetStdHandle
GetSystemDirectoryW
GetSystemInfo
GetSystemTimePreciseAsFileTime
GetSystemTimes
GetTempPathW
GetTickCount64
GetWindowsDirectoryW
GlobalMemoryStatusEx
HeapAlloc
HeapFree
HeapReAlloc
InitOnceBeginInitialize
InitOnceComplete
InitializeCriticalSection
InitializeProcThreadAttributeList
K32GetPerformanceInfo
LeaveCriticalSection
LoadLibraryExA
LocalFree
MultiByteToWideChar
OpenProcess
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFileEx
ReadProcessMemory
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetFileInformationByHandle
SetFilePointerEx
SetLastError
SetThreadExecutionState
SetThreadStackGuarantee
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SleepEx
SwitchToThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UpdateProcThreadAttribute
VirtualProtect
VirtualQuery
VirtualQueryEx
WaitForSingleObject
WriteConsoleW
WriteFileEx
__C_specific_handler

api-ms-win-crt-environment-l1-1-0

__p__environ
__p__wenviron

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
malloc

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-private-l1-1-0

memcmp
memcpy
memmove

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
__p___wargv
_cexit
_configure_narrow_argv
_configure_wide_argv
_crt_at_quick_exit
_crt_atexit
_exit
_fpreset
_initialize_narrow_environment
_initialize_wide_environment
_initterm
_set_app_type
_set_invalid_parameter_handler
abort
exit
signal

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__commode
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfwprintf
fwrite

api-ms-win-crt-string-l1-1-0

memset
strlen
strncmp
wcslen

api-ms-win-crt-time-l1-1-0

__daylight
__timezone
__tzname
_tzset

advapi32

CopySid
GetLengthSid
GetTokenInformation
IsValidSid
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
SystemFunction036

ntdll

NtQueryInformationProcess
NtQuerySystemInformation
NtWriteFile
RtlGetVersion
RtlNtStatusToDosError

bcrypt

BCryptGenRandom

ole32

CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket

oleaut32

GetErrorInfo
SafeArrayAccessData
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayUnaccessData
SysAllocStringLen
SysFreeString
SysStringLen
VariantClear

pdh

PdhAddEnglishCounterW
PdhCloseQuery
PdhCollectQueryData
PdhGetFormattedCounterValue
PdhOpenQueryA
PdhRemoveCounter

powrprof

CallNtPowerInformation

psapi

GetModuleFileNameExW

shell32

CommandLineToArgvW
ShellExecuteExW

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressAll
WakeByAddressSingle

bcryptprimitives

ProcessPrng

Sections

.text
Size: 369KB - Virtual size: 369KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 29.4MB - Virtual size: 29.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 576B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rebina/Rebina.exe
.exe windows:4 windows x86 arch:x86

Password: ez

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

5c:ca:a8:23:69:a2:6a:ee:30:d0:17:61:6b:1c:eb:69
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/02/2017, 00:00

Not After

23/02/2018, 23:59

Subject

CN=Wondershare Technology Co.\,Ltd,OU=Information Security,O=Wondershare Technology Co.\,Ltd,L=Lasa,ST=Xizang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:57:24:d0:90:e9:62:0d:6f:f0:b1:84:72:79:a6:8d
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/02/2017, 00:00

Not After

22/02/2018, 23:59

Subject

CN=Wondershare Technology Co.\,Ltd,OU=Information Security,O=Wondershare Technology Co.\,Ltd,L=Lasa,ST=Xizang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

af:1e:53:11:51:9a:1d:2a:62:94:47:31:95:f4:4d:ac:4e:0a:0b:fe:ed:00:ee:5c:de:0c:12:47:7c:14:70:04
Signer

Actual PE Digest

af:1e:53:11:51:9a:1d:2a:62:94:47:31:95:f4:4d:ac:4e:0a:0b:fe:ed:00:ee:5c:de:0c:12:47:7c:14:70:04

Digest Algorithm

sha256

PE Digest Matches

false

e5:9a:3e:85:46:f2:8f:98:fa:49:1a:14:95:2a:bd:69:4b:db:95:ac
Signer

Actual PE Digest

e5:9a:3e:85:46:f2:8f:98:fa:49:1a:14:95:2a:bd:69:4b:db:95:ac

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rebina/borlndmm.dll
.dll windows:5 windows x86 arch:x86

Password: ez

7028057a1895f8e9d0c743af27770b1a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:17:85:f6:b6:bc:98:c1:4a:5f:0b:89:76:96:f8:a8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/07/2013, 00:00

Not After

09/08/2016, 23:59

Subject

CN=Embarcadero Technologies Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Embarcadero Technologies Inc.,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

89:b5:c2:26:95:c0:90:93:d5:fb:3e:bd:56:2c:a5:a9:e2:78:f9:54
Signer

Actual PE Digest

89:b5:c2:26:95:c0:90:93:d5:fb:3e:bd:56:2c:a5:a9:e2:78:f9:54

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

MessageBoxA
MessageBoxA

kernel32

Sleep
VirtualFree
VirtualAlloc
VirtualQuery
GetSystemInfo
GetVersion
SetThreadLocale
WideCharToMultiByte
GetACP
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetCommandLineW
FreeLibrary
UnhandledExceptionFilter
RtlUnwind
RaiseException
ExitProcess
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSection
WriteFile
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
FreeLibrary
VirtualQuery
GetVersionExW
GetProcAddress
InterlockedIncrement
InterlockedDecrement
FreeLibrary
CloseHandle
Sleep
VirtualFree
VirtualAlloc

Exports

Exports

@Borlndmm@HeapAddRef$qqrv
@Borlndmm@HeapRelease$qqrv
@Borlndmm@SysAllocMem$qqri
@Borlndmm@SysFreeMem$qqrpv
@Borlndmm@SysGetMem$qqri
@Borlndmm@SysReallocMem$qqrpvi
@Borlndmm@SysRegisterExpectedMemoryLeak$qqrpi
@Borlndmm@SysUnregisterExpectedMemoryLeak$qqrpi
DumpBlocks
FreeMemory
GetAllocMemCount
GetAllocMemSize
GetHeapStatus
GetMemory
ReallocMemory

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 19KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 553B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Rebina/cc32100mt.dll
.dll windows:4 windows x86 arch:x86

Password: ez

8c6b03eae8fd279390ca970d47f5e142

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

Beep
CloseHandle
CompareStringA
CompareStringW
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileMappingA
CreateFileW
CreatePipe
CreateProcessA
CreateProcessW
CreateThread
DeleteCriticalSection
DeleteFileA
DeleteFileW
DosDateTimeToFileTime
DuplicateHandle
EnterCriticalSection
ExitProcess
ExitThread
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FlushConsoleInputBuffer
FlushFileBuffers
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleScreenBufferInfo
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceA
GetDriveTypeA
GetDriveTypeW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetExitCodeProcess
GetFileAttributesA
GetFileAttributesW
GetFileInformationByHandle
GetFileSize
GetFileTime
GetFileType
GetFullPathNameA
GetFullPathNameW
GetLargestConsoleWindowSize
GetLastError
GetLocalTime
GetLocaleInfoA
GetLogicalDrives
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetNumberOfConsoleInputEvents
GetOEMCP
GetProcAddress
GetProcessHeap
GetShortPathNameA
GetShortPathNameW
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetVersion
GetVersionExA
GetVolumeInformationA
GetVolumeInformationW
GlobalAlloc
GlobalFree
GlobalLock
GlobalReAlloc
GlobalSize
GlobalUnlock
HeapAlloc
HeapFree
HeapReAlloc
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsDBCSLeadByteEx
IsDebuggerPresent
IsValidLocale
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalAlloc
LocalFileTimeToFileTime
LocalFree
LockFile
MapViewOfFile
MoveFileA
MoveFileW
MultiByteToWideChar
OpenFileMappingA
PeekConsoleInputA
RaiseException
ReadConsoleInputA
ReadConsoleOutputA
ReadFile
RemoveDirectoryA
RemoveDirectoryW
RtlUnwind
ScrollConsoleScreenBufferA
SetConsoleCtrlHandler
SetConsoleCursorInfo
SetConsoleCursorPosition
SetConsoleMode
SetConsoleScreenBufferSize
SetConsoleWindowInfo
SetCurrentDirectoryA
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableA
SetEnvironmentVariableW
SetErrorMode
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileTime
SetHandleCount
SetLastError
SetLocalTime
SetStdHandle
SetThreadLocale
Sleep
SystemTimeToFileTime
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnlockFile
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleInputA
WriteConsoleOutputA
WriteFile
lstrcmpiA

user32

CharLowerW
CharUpperW
EnumThreadWindows
MessageBoxA
wsprintfA
wsprintfW

Exports

Exports

@$bdele$qpv
@$bdele$qpvrx13std@nothrow_t
@$bdele$qpvt1
@$bdla$qpv
@$bdla$qpvrx13std@nothrow_t
@$bdla$qpvt1
@$blsh$qr42std@%basic_ostream$c19std@%char_traits$c%%rx3bcd
@$bnew$qui
@$bnew$quirx13std@nothrow_t
@$bnwa$qui
@$bnwa$quirx13std@nothrow_t
@$brsh$qr42std@%basic_istream$c19std@%char_traits$c%%r3bcd
@%time_put$b48std@%ostreambuf_iterator$b19std@%char_traits$b%%%@$bdtr$qv
@%time_put$b48std@%ostreambuf_iterator$b19std@%char_traits$b%%%@do_put$xq48std@%ostreambuf_iterator$b19std@%char_traits$b%%r12std@ios_basebpx6std@tmcc
@%time_put$b48std@%ostreambuf_iterator$b19std@%char_traits$b%%%@id
@TRegexp@$bctr$qpxc
@TRegexp@$bctr$qrx7TRegexp
@TRegexp@$bdtr$qv
@TRegexp@copy_pattern$qrx7TRegexp
@TRegexp@find$xqpxcpuiui
@TRegexp@gen_pattern$qpxc
@TRegexp@maxpat
@_CatchCleanup$qv
@_FastMM_AllocMem
@_FastMM_BinMediumSequentialFeedRemainder
@_FastMM_FreeMem
@_FastMM_GetMem
@_FastMM_InsertMediumBlockIntoBin
@_FastMM_LockCmpxchg
@_FastMM_Move12
@_FastMM_Move20
@_FastMM_Move28
@_FastMM_Move36
@_FastMM_Move44
@_FastMM_Move52
@_FastMM_Move60
@_FastMM_Move68
@_FastMM_MoveX16L4
@_FastMM_MoveX8L4
@_FastMM_ReallocMem
@_FastMM_RemoveMediumFreeBlock
@_InitTermAndUnexPtrs$qv
@_ReThrowException$quipuc
@_ThrowExceptionLDTC$qpvt1t1t1uiuiuipuct1
@__DynamicCast$qpvt1t1t1i
@__DynamicCastVCLptr$qqrpvt1
@__DynamicCastVCLref$qqrpvt1
@__GetTypeInfo$qpvt1t1
@__GetTypeInfo$qpvt1t1t1
@__ThrowExceptionName$qv
@__ThrowFileName$qv
@__ThrowLineNumber$qv
@__getExceptVarRec$qv
@_cast_memptr$qpvt1uiuiui
@_internal_memmove
@_vcl_GetHeapStatus$qv
@_vector_apply_$qpvt1uiuiuit1
@_vector_vapply_$qpvt1uiuiuit1
@setExceptionFuncAddr$qpqp17_EXCEPTION_RECORDpp4tpid$pvppqqrp17_EXCEPTION_RECORD$v
@setRaiseListFuncAddr$qpvt1
@std@$badd$qpxbrx60std@%basic_string$b19std@%char_traits$b%17std@%allocator$b%%$60std@%basic_string$b19std@%char_traits$b%17std@%allocator$b%%
@std@$badd$qpxcrx60std@%basic_string$c19std@%char_traits$c%17std@%allocator$c%%$60std@%basic_string$c19std@%char_traits$c%17std@%allocator$c%%
@std@$badd$qrx60std@%basic_string$b19std@%char_traits$b%17std@%allocator$b%%pxb$60std@%basic_string$b19std@%char_traits$b%17std@%allocator$b%%
@std@$badd$qrx60std@%basic_string$b19std@%char_traits$b%17std@%allocator$b%%t1$60std@%basic_string$b19std@%char_traits$b%17std@%allocator$b%%
@std@$badd$qrx60std@%basic_string$b19std@%char_traits$b%17std@%allocator$b%%xb$60std@%basic_string$b19std@%char_traits$b%17std@%allocator$b%%
@std@$badd$qrx60std@%basic_string$c19std@%char_traits$c%17std@%allocator$c%%pxc$60std@%basic_string$c19std@%char_traits$c%17std@%allocator$c%%
@std@$badd$qrx60std@%basic_string$c19std@%char_traits$c%17std@%allocator$c%%t1$60std@%basic_string$c19std@%char_traits$c%17std@%allocator$c%%
@std@$badd$qrx60std@%basic_string$c19std@%char_traits$c%17std@%allocator$c%%xc$60std@%basic_string$c19std@%char_traits$c%17std@%allocator$c%%
@std@$badd$qxbrx60std@%basic_string$b19std@%char_traits$b%17std@%allocator$b%%$60std@%basic_string$b19std@%char_traits$b%17std@%allocator$b%%
@std@$badd$qxcrx60std@%basic_string$c19std@%char_traits$c%17std@%allocator$c%%$60std@%basic_string$c19std@%char_traits$c%17std@%allocator$c%%
@std@$beql$qpxbrx60std@%basic_string$b19std@%char_traits$b%17std@%allocator$b%%$o
@std@$beql$qpxcrx60std@%basic_string$c19std@%char_traits$c%17std@%allocator$c%%$o
@std@$beql$qrx60std@%basic_string$b19std@%char_traits$b%17std@%allocator$b%%pxb$o
@std@$beql$qrx60std@%basic_string$b19std@%char_traits$b%17std@%allocator$b%%t1$o
@std@$beql$qrx60std@%basic_string$c19std@%char_traits$c%17std@%allocator$c%%pxc$o
@std@$beql$qrx60std@%basic_string$c19std@%char_traits$c%17std@%allocator$c%%t1$o
@std@$bgeq$qpxbrx60std@%basic_string$b19std@%char_traits$b%17std@%allocator$b%%$o
@std@$bgeq$qpxcrx60std@%basic_string$c19std@%char_traits$c%17std@%allocator$c%%$o
@std@$bgeq$qrx60std@%basic_string$b19std@%char_traits$b%17std@%allocator$b%%pxb$o
@std@$bgeq$qrx60std@%basic_string$b19std@%char_traits$b%17std@%allocator$b%%t1$o
@std@$bgeq$qrx60std@%basic_string$c19std@%char_traits$c%17std@%allocator$c%%pxc$o
@std@$bgeq$qrx60std@%basic_string$c19std@%char_traits$c%17std@%allocator$c%%t1$o
@std@$bgtr$qpxbrx60std@%basic_string$b19std@%char_traits$b%17std@%allocator$b%%$o
@std@$bgtr$qpxcrx60std@%basic_string$c19std@%char_traits$c%17std@%allocator$c%%$o
@std@$bgtr$qrx60std@%basic_string$b19std@%char_traits$b%17std@%allocator$b%%pxb$o
@std@$bgtr$qrx60std@%basic_string$b19std@%char_traits$b%17std@%allocator$b%%t1$o
@std@$bgtr$qrx60std@%basic_string$c19std@%char_traits$c%17std@%allocator$c%%pxc$o
@std@$bgtr$qrx60std@%basic_string$c19std@%char_traits$c%17std@%allocator$c%%t1$o
@std@$bleq$qpxbrx60std@%basic_string$b19std@%char_traits$b%17std@%allocator$b%%$o
@std@$bleq$qpxcrx60std@%basic_string$c19std@%char_traits$c%17std@%allocator$c%%$o
@std@$bleq$qrx60std@%basic_string$b19std@%char_traits$b%17std@%allocator$b%%pxb$o
@std@$bleq$qrx60std@%basic_string$b19std@%char_traits$b%17std@%allocator$b%%t1$o
@std@$bleq$qrx60std@%basic_string$c19std@%char_traits$c%17std@%allocator$c%%pxc$o
@std@$bleq$qrx60std@%basic_string$c19std@%char_traits$c%17std@%allocator$c%%t1$o
@std@$blsh$qr42std@%basic_ostream$b19std@%char_traits$b%%b$r42std@%basic_ostream$b19std@%char_traits$b%%
@std@$blsh$qr42std@%basic_ostream$b19std@%char_traits$b%%pxb$r42std@%basic_ostream$b19std@%char_traits$b%%
@std@$blsh$qr42std@%basic_ostream$b19std@%char_traits$b%%rx60std@%basic_string$b19std@%char_traits$b%17std@%allocator$b%%$r42std@%basic_ostream$b19std@%char_traits$b%%
@std@$blsh$qr42std@%basic_ostream$c19std@%char_traits$c%%c$r42std@%basic_ostream$c19std@%char_traits$c%%
@std@$blsh$qr42std@%basic_ostream$c19std@%char_traits$c%%pxc$r42std@%basic_ostream$c19std@%char_traits$c%%
@std@$blsh$qr42std@%basic_ostream$c19std@%char_traits$c%%pxuc$r42std@%basic_ostream$c19std@%char_traits$c%%
@std@$blsh$qr42std@%basic_ostream$c19std@%char_traits$c%%pxzc$r42std@%basic_ostream$c19std@%char_traits$c%%
@std@$blsh$qr42std@%basic_ostream$c19std@%char_traits$c%%rx60std@%basic_string$c19std@%char_traits$c%17std@%allocator$c%%$r42std@%basic_ostream$c19std@%char_traits$c%%
@std@$blsh$qr42std@%basic_ostream$c19std@%char_traits$c%%uc$r42std@%basic_ostream$c19std@%char_traits$c%%
@std@$blsh$qr42std@%basic_ostream$c19std@%char_traits$c%%zc$r42std@%basic_ostream$c19std@%char_traits$c%%
@std@$blss$qpxbrx60std@%basic_string$b19std@%char_traits$b%17std@%allocator$b%%$o
@std@$blss$qpxcrx60std@%basic_string$c19std@%char_traits$c%17std@%allocator$c%%$o
@std@$blss$qrx60std@%basic_string$b19std@%char_traits$b%17std@%allocator$b%%pxb$o
@std@$blss$qrx60std@%basic_string$b19std@%char_traits$b%17std@%allocator$b%%t1$o
@std@$blss$qrx60std@%basic_string$c19std@%char_traits$c%17std@%allocator$c%%pxc$o
@std@$blss$qrx60std@%basic_string$c19std@%char_traits$c%17std@%allocator$c%%t1$o
@std@$bneq$qpxbrx60std@%basic_string$b19std@%char_traits$b%17std@%allocator$b%%$o
@std@$bneq$qpxcrx60std@%basic_string$c19std@%char_traits$c%17std@%allocator$c%%$o
@std@$bneq$qrx60std@%basic_string$b19std@%char_traits$b%17std@%allocator$b%%pxb$o
@std@$bneq$qrx60std@%basic_string$b19std@%char_traits$b%17std@%allocator$b%%t1$o
@std@$bneq$qrx60std@%basic_string$c19std@%char_traits$c%17std@%allocator$c%%pxc$o
@std@$bneq$qrx60std@%basic_string$c19std@%char_traits$c%17std@%allocator$c%%t1$o
@std@$brsh$qr42std@%basic_istream$b19std@%char_traits$b%%pb$r42std@%basic_istream$b19std@%char_traits$b%%
@std@$brsh$qr42std@%basic_istream$b19std@%char_traits$b%%r60std@%basic_string$b19std@%char_traits$b%17std@%allocator$b%%$r42std@%basic_istream$b19std@%char_traits$b%%
@std@$brsh$qr42std@%basic_istream$b19std@%char_traits$b%%rb$r42std@%basic_istream$b19std@%char_traits$b%%
@std@$brsh$qr42std@%basic_istream$c19std@%char_traits$c%%pc$r42std@%basic_istream$c19std@%char_traits$c%%
@std@$brsh$qr42std@%basic_istream$c19std@%char_traits$c%%puc$r42std@%basic_istream$c19std@%char_traits$c%%
@std@$brsh$qr42std@%basic_istream$c19std@%char_traits$c%%pzc$r42std@%basic_istream$c19std@%char_traits$c%%
@std@$brsh$qr42std@%basic_istream$c19std@%char_traits$c%%r60std@%basic_string$c19std@%char_traits$c%17std@%allocator$c%%$r42std@%basic_istream$c19std@%char_traits$c%%
@std@$brsh$qr42std@%basic_istream$c19std@%char_traits$c%%rc$r42std@%basic_istream$c19std@%char_traits$c%%
@std@$brsh$qr42std@%basic_istream$c19std@%char_traits$c%%ruc$r42std@%basic_istream$c19std@%char_traits$c%%
@std@$brsh$qr42std@%basic_istream$c19std@%char_traits$c%%rzc$r42std@%basic_istream$c19std@%char_traits$c%%
@std@%basic_string$c19std@%char_traits$c%17std@%allocator$c%%@npos
@std@%codecvt$bci%@$bdtr$qv
@std@%codecvt$bci%@do_always_noconv$xqv
@std@%codecvt$bci%@do_encoding$xqv
@std@%codecvt$bci%@do_in$xqripxct2rpxcpbt5rpb
@std@%codecvt$bci%@do_length$xqrxipxct2ui
@std@%codecvt$bci%@do_max_length$xqv
@std@%codecvt$bci%@do_out$xqripxbt2rpxbpct5rpc
@std@%codecvt$bci%@do_unshift$xqripct2rpc
@std@%codecvt$bci%@id
@std@%codecvt$cci%@id
@std@%collate$b%@id
@std@%collate$c%@id
@std@%ctype$b%@$bdtr$qv
@std@%ctype$b%@do_is$xqpxbt1ps
@std@%ctype$b%@do_is$xqsb
@std@%ctype$b%@do_narrow$xqbc
@std@%ctype$b%@do_narrow$xqpxbt1cpc
@std@%ctype$b%@do_scan_is$xqspxbt2
@std@%ctype$b%@do_scan_not$xqspxbt2
@std@%ctype$b%@do_tolower$xqb
@std@%ctype$b%@do_tolower$xqpbpxb
@std@%ctype$b%@do_toupper$xqb
@std@%ctype$b%@do_toupper$xqpbpxb
@std@%ctype$b%@do_widen$xqc
@std@%ctype$b%@do_widen$xqpxct1pb
@std@%ctype$b%@id
@std@%ctype$c%@$bdtr$qv
@std@%ctype$c%@do_narrow$xqcc
@std@%ctype$c%@do_narrow$xqpxct1cpc
@std@%ctype$c%@do_tolower$xqc
@std@%ctype$c%@do_tolower$xqpcpxc
@std@%ctype$c%@do_toupper$xqc
@std@%ctype$c%@do_toupper$xqpcpxc
@std@%ctype$c%@do_widen$xqc
@std@%ctype$c%@do_widen$xqpxct1pc
@std@%ctype$c%@id
@std@%ctype$c%@table_size
@std@%getline$b19std@%char_traits$b%17std@%allocator$b%%$qr42std@%basic_istream$b19std@%char_traits$b%%r60std@%basic_string$b19std@%char_traits$b%17std@%allocator$b%%$r42std@%basic_istream$b19std@%char_traits$b%%
@std@%getline$b19std@%char_traits$b%17std@%allocator$b%%$qr42std@%basic_istream$b19std@%char_traits$b%%r60std@%basic_string$b19std@%char_traits$b%17std@%allocator$b%%xb$r42std@%basic_istream$b19std@%char_traits$b%%
@std@%getline$c19std@%char_traits$c%17std@%allocator$c%%$qr42std@%basic_istream$c19std@%char_traits$c%%r60std@%basic_string$c19std@%char_traits$c%17std@%allocator$c%%$r42std@%basic_istream$c19std@%char_traits$c%%
@std@%getline$c19std@%char_traits$c%17std@%allocator$c%%$qr42std@%basic_istream$c19std@%char_traits$c%%r60std@%basic_string$c19std@%char_traits$c%17std@%allocator$c%%xc$r42std@%basic_istream$c19std@%char_traits$c%%
@std@%messages$b%@id
@std@%messages$c%@id
@std@%money_get$b48std@%istreambuf_iterator$b19std@%char_traits$b%%%@id
@std@%money_get$c48std@%istreambuf_iterator$c19std@%char_traits$c%%%@id
@std@%money_put$b48std@%ostreambuf_iterator$b19std@%char_traits$b%%%@id
@std@%money_put$c48std@%ostreambuf_iterator$c19std@%char_traits$c%%%@id
@std@%moneypunct$bo$i0$%@$bdtr$qv
@std@%moneypunct$bo$i0$%@id
@std@%moneypunct$bo$i0$%@intl
@std@%moneypunct$bo$i1$%@$bdtr$qv
@std@%moneypunct$bo$i1$%@id
@std@%moneypunct$bo$i1$%@intl
@std@%moneypunct$co$i0$%@$bdtr$qv
@std@%moneypunct$co$i0$%@id
@std@%moneypunct$co$i0$%@intl
@std@%moneypunct$co$i1$%@$bdtr$qv
@std@%moneypunct$co$i1$%@id
@std@%moneypunct$co$i1$%@intl
@std@%num_get$b48std@%istreambuf_iterator$b19std@%char_traits$b%%%@id
@std@%num_get$c48std@%istreambuf_iterator$c19std@%char_traits$c%%%@id
@std@%num_put$b48std@%ostreambuf_iterator$b19std@%char_traits$b%%%@id
@std@%num_put$c48std@%ostreambuf_iterator$c19std@%char_traits$c%%%@id
@std@%numeric_limits$b%@digits
@std@%numeric_limits$b%@digits10
@std@%numeric_limits$b%@is_signed
@std@%numeric_limits$c%@digits
@std@%numeric_limits$c%@digits10
@std@%numeric_limits$c%@is_signed
@std@%numeric_limits$d%@digits
@std@%numeric_limits$d%@digits10
@std@%numeric_limits$d%@max_exponent
@std@%numeric_limits$d%@max_exponent10
@std@%numeric_limits$d%@min_exponent
@std@%numeric_limits$d%@min_exponent10
@std@%numeric_limits$f%@digits
@std@%numeric_limits$f%@digits10
@std@%numeric_limits$f%@max_exponent
@std@%numeric_limits$f%@max_exponent10
@std@%numeric_limits$f%@min_exponent
@std@%numeric_limits$f%@min_exponent10
@std@%numeric_limits$g%@digits
@std@%numeric_limits$g%@digits10
@std@%numeric_limits$g%@max_exponent
@std@%numeric_limits$g%@max_exponent10
@std@%numeric_limits$g%@min_exponent
@std@%numeric_limits$g%@min_exponent10
@std@%numeric_limits$i%@digits
@std@%numeric_limits$i%@digits10
@std@%numeric_limits$i%@is_signed
@std@%numeric_limits$j%@digits
@std@%numeric_limits$j%@digits10
@std@%numeric_limits$j%@is_signed
@std@%numeric_limits$l%@digits
@std@%numeric_limits$l%@digits10
@std@%numeric_limits$l%@is_signed
@std@%numeric_limits$o%@digits
@std@%numeric_limits$o%@digits10
@std@%numeric_limits$o%@is_modulo
@std@%numeric_limits$o%@is_signed
@std@%numeric_limits$s%@digits
@std@%numeric_limits$s%@digits10
@std@%numeric_limits$s%@is_signed
@std@%numeric_limits$uc%@digits
@std@%numeric_limits$uc%@digits10
@std@%numeric_limits$uc%@is_signed
@std@%numeric_limits$ui%@digits
@std@%numeric_limits$ui%@digits10
@std@%numeric_limits$ui%@is_signed
@std@%numeric_limits$uj%@digits
@std@%numeric_limits$uj%@digits10
@std@%numeric_limits$uj%@is_signed
@std@%numeric_limits$ul%@digits
@std@%numeric_limits$ul%@digits10
@std@%numeric_limits$ul%@is_signed
@std@%numeric_limits$us%@digits
@std@%numeric_limits$us%@digits10
@std@%numeric_limits$us%@is_signed
@std@%numeric_limits$zc%@digits
@std@%numeric_limits$zc%@digits10
@std@%numeric_limits$zc%@is_signed
@std@%numpunct$b%@id
@std@%numpunct$c%@id
@std@%time_get$b48std@%istreambuf_iterator$b19std@%char_traits$b%%%@id
@std@%time_get$c48std@%istreambuf_iterator$c19std@%char_traits$c%%%@id
@std@%time_put$c48std@%ostreambuf_iterator$c19std@%char_traits$c%%%@id
@std@_BADOFF
@std@_Debug_message$qpxct1
@std@_Fiopen$qpxb23std@%_Iosb$i%@_Openmodei
@std@_Fiopen$qpxc23std@%_Iosb$i%@_Openmodei
@std@_Fpz
@std@_Ios_init
@std@_Locinfo@$bctr$qipxc
@std@_Locinfo@$bctr$qpxc
@std@_Locinfo@$bctr$qrx60std@%basic_string$c19std@%char_traits$c%17std@%allocator$c%%
@std@_Locinfo@$bdtr$qv
@std@_Locinfo@_Addcats$qipxc
@std@_Locinfo@_Getcoll$xqv
@std@_Locinfo@_Getctype$xqv
@std@_Locinfo@_Getcvt$xqv
@std@_Locinfo@_Gettnames$xqv
@std@_Lockit@$bdtr$qv
@std@_New_hand
@std@_Num_base@digits
@std@_Num_base@digits10
@std@_Num_base@has_denorm
@std@_Num_base@has_denorm_loss
@std@_Num_base@has_infinity
@std@_Num_base@has_quiet_NaN
@std@_Num_base@has_signaling_NaN
@std@_Num_base@is_bounded
@std@_Num_base@is_exact
@std@_Num_base@is_iec559
@std@_Num_base@is_integer
@std@_Num_base@is_modulo
@std@_Num_base@is_signed
@std@_Num_base@is_specialized
@std@_Num_base@max_exponent
@std@_Num_base@max_exponent10
@std@_Num_base@min_exponent
@std@_Num_base@min_exponent10
@std@_Num_base@radix
@std@_Num_base@round_style
@std@_Num_base@tinyness_before
@std@_Num_base@traps
@std@_Num_float_base@has_denorm
@std@_Num_float_base@has_denorm_loss
@std@_Num_float_base@has_infinity
@std@_Num_float_base@has_quiet_NaN
@std@_Num_float_base@has_signaling_NaN
@std@_Num_float_base@is_bounded
@std@_Num_float_base@is_exact
@std@_Num_float_base@is_iec559
@std@_Num_float_base@is_integer
@std@_Num_float_base@is_modulo
@std@_Num_float_base@is_signed
@std@_Num_float_base@is_specialized
@std@_Num_float_base@radix
@std@_Num_float_base@round_style
@std@_Num_float_base@tinyness_before
@std@_Num_float_base@traps
@std@_Num_int_base@is_bounded
@std@_Num_int_base@is_exact
@std@_Num_int_base@is_integer
@std@_Num_int_base@is_modulo
@std@_Num_int_base@is_specialized
@std@_Num_int_base@radix
@std@_Raise_handler
@std@_String_base@_Xlen$xqv
@std@_String_base@_Xran$xqv
@std@_Throw$qrx13std@exception
@std@_Winit@$bctr$qv
@std@_Winit@$bdtr$qv
@std@_Winit@_Init_cnt
@std@_Wios_init
@std@bad_exception@$bctr$qv
@std@bad_exception@$bdtr$qv
@std@cerr
@std@cin
@std@clog
@std@codecvt_base@$bdtr$qv
@std@codecvt_base@always_noconv$xqv
@std@codecvt_base@do_always_noconv$xqv
@std@codecvt_base@do_encoding$xqv
@std@codecvt_base@do_max_length$xqv
@std@cout
@std@ctype_base@$bdtr$qv
@std@exception@$bctr$qv
@std@exception@$bdtr$qv
@std@exception@_Set_raise_handler$qpqrx13std@exception$v
@std@exception@what$xqv
@std@ios_base@$bdtr$qv
@std@ios_base@Init@$bctr$qv
@std@ios_base@Init@$bdtr$qv
@std@ios_base@Init@_Init_cnt
@std@ios_base@_Addstd$qv
@std@ios_base@_Callfns$q18std@ios_base@event
@std@ios_base@_Findarr$qi
@std@ios_base@_Index
@std@ios_base@_Init$qv
@std@ios_base@_Sync
@std@ios_base@_Tidy$qv
@std@ios_base@clear$q22std@%_Iosb$i%@_Iostateo
@std@ios_base@copyfmt$qrx12std@ios_base
@std@ios_base@imbue$qrx10std@locale
@std@ios_base@register_callback$qpq18std@ios_base@eventr12std@ios_basei$vi
@std@istrstream@$bdtr$qv
@std@locale@$basg$qrx10std@locale
@std@locale@$bctr$qpxci
@std@locale@$bctr$qrx10std@locale
@std@locale@$bctr$qrx10std@localepxci
@std@locale@$bctr$qrx10std@localet1i
@std@locale@$bctr$qv
@std@locale@$bdtr$qv
@std@locale@$beql$xqrx10std@locale
@std@locale@_Addfac$qp16std@locale@facetuiui
@std@locale@_Getfacet$xqui
@std@locale@_Init$qv
@std@locale@_Locimp@$bctr$qo
@std@locale@_Locimp@$bctr$qrx18std@locale@_Locimp
@std@locale@_Locimp@$bdtr$qv
@std@locale@_Locimp@_Addfac$qp16std@locale@facetui
@std@locale@classic$qv
@std@locale@empty$qv
@std@locale@facet@$bdtr$qv
@std@locale@facet@_Register$qv
@std@locale@global$qrx10std@locale
@std@locale@id@_Id_cnt
@std@nothrow
@std@ostrstream@$bctr$qpci23std@%_Iosb$i%@_Openmode
@std@ostrstream@$bdtr$qv
@std@resetiosflags$q23std@%_Iosb$i%@_Fmtflags
@std@set_new_handler$qpqv$v
@std@set_terminate$qpqv$v
@std@set_unexpected$qpqv$v
@std@setbase$qi
@std@setiosflags$q23std@%_Iosb$i%@_Fmtflags
@std@setprecision$qi
@std@setw$qi
@std@strstream@$bctr$qpci23std@%_Iosb$i%@_Openmode
@std@strstream@$bdtr$qv
@std@strstreambuf@$bdtr$qv
@std@strstreambuf@_Init$qipct2i
@std@strstreambuf@_Tidy$qv
@std@strstreambuf@freeze$qo
@std@strstreambuf@overflow$qi
@std@strstreambuf@pbackfail$qi
@std@strstreambuf@seekoff$qj22std@%_Iosb$i%@_Seekdir23std@%_Iosb$i%@_Openmode
@std@strstreambuf@seekpos$q12std@%fpos$i%23std@%_Iosb$i%@_Openmode
@std@strstreambuf@underflow$qv
@std@swprintf$qpbuipxbe
@std@terminate$qv
@std@tr1@_MP_Add$qpujuj
@std@tr1@_MP_Get$qpuj
@std@tr1@_MP_Mul$qpujujuj
@std@tr1@_MP_Rem$qpujuj
@std@tr1@_Rng_abort$qpxc
@std@tr1@_XLgamma$qd
@std@tr1@_XLgamma$qf
@std@tr1@_XLgamma$qg
@std@tr1@_Xinvalid$qpxc
@std@type_info@$basg$qrx13std@type_info
@std@type_info@$bctr$qrx13std@type_info
@std@type_info@$bdtr$qv
@std@type_info@$beql$xqrx13std@type_info
@std@type_info@$bneq$xqrx13std@type_info
@std@type_info@_first_base$xqr24std@type_info@_base_info
@std@type_info@_first_vbase$xqr25std@type_info@_vbase_info
@std@type_info@_guid$xqv
@std@type_info@_internal_rtti_cast$xqpvpx13std@type_info
@std@type_info@_next_base$xqr24std@type_info@_base_info
@std@type_info@before$xqrx13std@type_info
@std@type_info@name$xqv
@std@unexpected$qv
@std@wcerr
@std@wcin
@std@wclog
@std@wcout
@xmsg@$basg$qrx4xmsg
@xmsg@$bctr$qrx4xmsg
@xmsg@$bctr$qrx60std@%basic_string$c19std@%char_traits$c%17std@%allocator$c%%
@xmsg@$bdtr$qv
@xmsg@raise$qv
@xmsg@what$xqv
__8087
__Atan
__Atexit
__Cosh
__CurrExcContext
__Denorm
__Dint
__Dnorm
__Dscale
__Dtest
__Dunscale
__Eps
__ErrorExit
__ErrorMessage
__Exp
__FAtan
__FCosh
__FDenorm
__FDint
__FDnorm
__FDscale
__FDtest
__FDunscale
__FEps
__FExp
__FInf
__FLog
__FNan
__FPow
__FRteps
__FSin
__FSinh
__FSnan
__FUnloadDelayLoadedDLL
__FXbig
__FZero
__Feraise
__Getctyptab
__Global_unwind
__Hugeval
__Inf
__InterlockedDecrement
__InterlockedIncrement
__LCosh
__LDenorm
__LDint
__LDnorm
__LDscale
__LDtest
__LDunscale
__LEps
__LExp
__LInf
__LNan
__LPoly
__LRteps
__LSin
__LSinh
__LSnan
__LXbig
__LZero
__Local_unwind
__Locksyslock
__Mtxdst
__Mtxinit
__Mtxlock
__Mtxunlock
__Nan
__Once

Sections

.text
Size: 904KB - Virtual size: 908KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 122KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 46KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Rebina/data/pua/extensions/VLSub.luac
Rebina/data/pua/http/css/main.css
Rebina/data/pua/http/css/mobile.css
Rebina/data/pua/http/css/ui-lightness/images/ui-bg_diagonals-thick_18_b81900_40x40.png
.png

Password: ez
Rebina/data/pua/http/css/ui-lightness/images/ui-bg_diagonals-thick_20_666666_40x40.png
.png

Password: ez
Rebina/data/pua/http/css/ui-lightness/images/ui-bg_flat_10_000000_40x100.png
.png

Password: ez
Rebina/data/pua/http/css/ui-lightness/images/ui-bg_glass_100_f6f6f6_1x400.png
.png

Password: ez
Rebina/data/pua/http/css/ui-lightness/images/ui-bg_glass_100_fdf5ce_1x400.png
.png
Rebina/data/pua/http/css/ui-lightness/images/ui-bg_glass_65_ffffff_1x400.png
.png
Rebina/data/pua/http/css/ui-lightness/images/ui-bg_gloss-wave_35_f6a828_500x100.png
.png
Rebina/data/pua/http/css/ui-lightness/images/ui-bg_highlight-soft_100_eeeeee_1x100.png
.png
Rebina/data/pua/http/css/ui-lightness/images/ui-bg_highlight-soft_75_ffe45c_1x100.png
.png
Rebina/data/pua/http/css/ui-lightness/images/ui-icons_222222_256x240.png
.png
Rebina/data/pua/http/css/ui-lightness/images/ui-icons_228ef1_256x240.png
.png
Rebina/data/pua/http/css/ui-lightness/images/ui-icons_ef8c08_256x240.png
.png
Rebina/data/pua/http/css/ui-lightness/images/ui-icons_ffd27a_256x240.png
.png
Rebina/data/pua/http/css/ui-lightness/images/ui-icons_ffffff_256x240.png
.png
Rebina/data/pua/http/css/ui-lightness/jquery-ui-1.8.13.custom.css
Rebina/data/pua/http/custom.lua
.js
Rebina/data/pua/http/dialogs/batch_window.html
.html .js polyglot
Rebina/data/pua/http/dialogs/browse_window.html
.html .js polyglot
Rebina/data/pua/http/dialogs/create_stream.html
.html .js polyglot
Rebina/data/pua/http/dialogs/equalizer_window.html
.html .js polyglot
Rebina/data/pua/http/dialogs/error_window.html
.html .js polyglot
Rebina/data/pua/http/dialogs/mosaic_window.html
.html .js polyglot
Rebina/data/pua/http/dialogs/offset_window.html
.html .js polyglot
Rebina/data/pua/http/dialogs/stream_config_window.html
.html .js polyglot
Rebina/data/pua/http/dialogs/stream_window.html
.html .js polyglot
Rebina/data/pua/http/favicon.ico
Rebina/data/pua/http/images/Audio-48.png
.png
Rebina/data/pua/http/images/Back-48.png
.png
Rebina/data/pua/http/images/Folder-48.png
.png
Rebina/data/pua/http/images/Other-48.png
.png
Rebina/data/pua/http/images/Video-48.png
.png
Rebina/data/pua/http/images/buttons.png
.png
Rebina/data/pua/http/images/speaker-32.png
.png
Rebina/data/pua/http/images/vlc-48.png
.png
Rebina/data/pua/http/images/vlc16x16.png
.png
Rebina/data/pua/http/index.html
.html .js polyglot
Rebina/data/pua/http/js/common.js
.js
Rebina/data/pua/http/js/controllers.js
.js
Rebina/data/pua/http/js/jquery.jstree.js
.js
Rebina/data/pua/http/js/ui.js
.js
Rebina/data/pua/http/mobile.html
.js
Rebina/data/pua/http/mobile_browse.html
.js
Rebina/data/pua/http/mobile_equalizer.html
.js
Rebina/data/pua/http/mobile_view.html
Rebina/data/pua/http/requests/README.txt
.vbs
Rebina/data/pua/http/requests/browse.json
Rebina/data/pua/http/requests/browse.xml
.xml
Rebina/data/pua/http/requests/playlist.json
Rebina/data/pua/http/requests/playlist.xml
.js .xml polyglot
Rebina/data/pua/http/requests/playlist_jstree.xml
.xml
Rebina/data/pua/http/requests/status.json
Rebina/data/pua/http/requests/status.xml
.xml
Rebina/data/pua/http/requests/vlm.xml
.xml
Rebina/data/pua/http/requests/vlm_cmd.xml
.xml
Rebina/data/pua/http/view.html
.js
Rebina/data/pua/http/vlm.html
.html
Rebina/data/pua/http/vlm_export.html
Rebina/data/pua/intf/cli.luac
Rebina/data/pua/intf/dummy.luac
Rebina/data/pua/intf/dumpmeta.luac
Rebina/data/pua/intf/http.luac
Rebina/data/pua/intf/luac.luac
Rebina/data/pua/intf/modules/host.luac
Rebina/data/pua/intf/modules/httprequests.luac
Rebina/data/pua/intf/telnet.luac
Rebina/data/pua/meta/art/00_musicbrainz.luac
Rebina/data/pua/meta/art/01_googleimage.luac
Rebina/data/pua/meta/art/02_frenchtv.luac
Rebina/data/pua/meta/art/03_lastfm.luac
Rebina/data/pua/meta/reader/filename.luac
Rebina/data/pua/modules/common.luac
Rebina/data/pua/modules/dkjson.luac
Rebina/data/pua/modules/sandbox.luac
Rebina/data/pua/modules/simplexml.luac
Rebina/data/pua/playlist/anevia_streams.luac
Rebina/data/pua/playlist/anevia_xml.luac
Rebina/data/pua/playlist/appletrailers.luac
Rebina/data/pua/playlist/bbc_co_uk.luac
Rebina/data/pua/playlist/cue.luac
Rebina/data/pua/playlist/dailymotion.luac
Rebina/data/pua/playlist/jamendo.luac
Rebina/data/pua/playlist/koreus.luac
Rebina/data/pua/playlist/liveleak.luac
Rebina/data/pua/playlist/newgrounds.luac
Rebina/data/pua/playlist/rockbox_fm_presets.luac
Rebina/data/pua/playlist/soundcloud.luac
Rebina/data/pua/playlist/twitch.luac
Rebina/data/pua/playlist/vimeo.luac
Rebina/data/pua/playlist/vocaroo.luac
Rebina/data/pua/playlist/youtube.luac
.js
Rebina/data/pua/sd/icecast.luac
Rebina/data/pua/sd/jamendo.luac
Rebina/dbghelp.dll
.dll windows:7 windows x86 arch:x86

f7cb4432172d116632abc77471a1a600

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:06:bf:fe:00:00:00:00:00:14
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/06/2007, 21:56

Not After

22/09/2008, 22:06

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:14:2c:a7:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/06/2007, 23:54

Not After

13/06/2012, 00:04

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:27F4-D440-54F3,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:14:2c:a7:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/06/2007, 23:54

Not After

13/06/2012, 00:04

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:27F4-D440-54F3,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:15:08:27:00:00:00:00:00:0c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

25/01/2006, 23:22

Not After

25/01/2017, 23:32

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

a1:03:2f:43:6a:f5:0c:26:23:9e:70:3c:b2:4f:25:d8:64:c5:09:6e
Signer

Actual PE Digest

a1:03:2f:43:6a:f5:0c:26:23:9e:70:3c:b2:4f:25:d8:64:c5:09:6e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dbghelp.pdb

Imports

msvcrt

_write
_lseeki64
_fileno
_read
__pioinfo
__badioinfo
ferror
wctomb
_snprintf
isleadbyte
mbtowc
isdigit
_onexit
_lock
__dllonexit
_unlock
_ismbblead
_amsg_exit
_initterm
_XcptFilter
memmove
_iob
__mb_cur_max
strchr
_vsnwprintf
iswprint
atol
??3@YAXPAX@Z
__unDName
_CxxThrowException
bsearch
fread
fseek
_wfsopen
_fsopen
wcstol
_fullpath
_wfullpath
_wgetenv
_get_osfhandle
_chsize
_close
_open_osfhandle
ftell
_memicmp
_mbscmp
??1type_info@@UAE@XZ
_errno
__CxxFrameHandler
iswspace
calloc
_itoa
_wcsdup
towlower
tolower
_wcslwr
time
_wctime
_ltoa
_wcsnicmp
_purecall
ctime
malloc
strncmp
isspace
_isatty
fclose
_stricmp
_strlwr
free
wcsrchr
strstr
memcpy
_wcsicmp
qsort
wcschr
wcsstr
wcsncmp
iswxdigit
memset
??2@YAPAXI@Z
_wsopen
_sopen

kernel32

ExpandEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
DeviceIoControl
DeleteFileA
CopyFileA
SetFileAttributesA
LCMapStringA
InterlockedIncrement
InterlockedDecrement
LocalFree
MapViewOfFileEx
FlushViewOfFile
GetFileType
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetTickCount
QueryPerformanceCounter
RtlUnwind
InterlockedCompareExchange
InterlockedExchange
GetThreadSelectorEntry
CreateThread
TerminateThread
VirtualQueryEx
GetPriorityClass
GetThreadPriority
GetThreadTimes
GetThreadContext
ResumeThread
SuspendThread
GetCurrentThreadId
GetSystemTimeAsFileTime
LoadLibraryA
Sleep
GetVersion
GetSystemInfo
ReadProcessMemory
GetProcessHeap
GetFileAttributesA
SetErrorMode
WriteFile
OutputDebugStringA
VirtualFree
OpenProcess
GetCurrentProcessId
CreateFileMappingA
MapViewOfFile
FindClose
LocalAlloc
SetLastError
LeaveCriticalSection
EnterCriticalSection
CloseHandle
ReadFile
GetFileSize
CreateFileA
GetLastError
TlsSetValue
TlsGetValue
TlsAlloc
TlsFree
DeleteCriticalSection
HeapDestroy
FreeLibrary
HeapCreate
InitializeCriticalSection
GetVersionExA
HeapReAlloc
HeapAlloc
HeapFree
IsDBCSLeadByte
SetFilePointer
GetCurrentProcess
UnmapViewOfFile
CreateDirectoryA
VirtualProtect
VirtualAlloc
DuplicateHandle
GetModuleHandleA

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

rpcrt4

UuidCreate

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
EnumDirTree
EnumDirTreeW
EnumerateLoadedModules
EnumerateLoadedModules64
EnumerateLoadedModulesEx
EnumerateLoadedModulesExW
EnumerateLoadedModulesW64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindDebugInfoFileExW
FindExecutableImage
FindExecutableImageEx
FindExecutableImageExW
FindFileInPath
FindFileInSearchPath
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapDebugInformation
MiniDumpReadDumpStream
MiniDumpWriteDump
SearchTreeForFile
SearchTreeForFileW
StackWalk
StackWalk64
SymAddSourceStream
SymAddSourceStreamA
SymAddSourceStreamW
SymAddSymbol
SymAddSymbolW
SymCleanup
SymDeleteSymbol
SymDeleteSymbolW
SymEnumLines
SymEnumLinesW
SymEnumProcesses
SymEnumSourceFileTokens
SymEnumSourceFiles
SymEnumSourceFilesW
SymEnumSourceLines
SymEnumSourceLinesW
SymEnumSym
SymEnumSymbols
SymEnumSymbolsForAddr
SymEnumSymbolsForAddrW
SymEnumSymbolsW
SymEnumTypes
SymEnumTypesByName
SymEnumTypesByNameW
SymEnumTypesW
SymEnumerateModules
SymEnumerateModules64
SymEnumerateModulesW64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindDebugInfoFile
SymFindDebugInfoFileW
SymFindExecutableImage
SymFindExecutableImageW
SymFindFileInPath
SymFindFileInPathW
SymFromAddr
SymFromAddrW
SymFromIndex
SymFromIndexW
SymFromName
SymFromNameW
SymFromToken
SymFromTokenW
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymGetHomeDirectory
SymGetHomeDirectoryW
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromAddrW64
SymGetLineFromName
SymGetLineFromName64
SymGetLineFromNameW64
SymGetLineNext
SymGetLineNext64
SymGetLineNextW64
SymGetLinePrev
SymGetLinePrev64
SymGetLinePrevW64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOmapBlockBase
SymGetOmaps
SymGetOptions
SymGetScope
SymGetScopeW
SymGetSearchPath
SymGetSearchPathW
SymGetSourceFile
SymGetSourceFileFromToken
SymGetSourceFileFromTokenW
SymGetSourceFileToken
SymGetSourceFileTokenW
SymGetSourceFileW
SymGetSourceVarFromToken
SymGetSourceVarFromTokenW
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetSymbolFile
SymGetSymbolFileW
SymGetTypeFromName
SymGetTypeFromNameW
SymGetTypeInfo
SymGetTypeInfoEx
SymGetUnwindInfo
SymInitialize
SymInitializeW
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymLoadModuleExW
SymMatchFileName
SymMatchFileNameW
SymMatchString
SymMatchStringA
SymMatchStringW
SymNext
SymNextW
SymPrev
SymPrevW
SymRefreshModuleList
SymRegisterCallback
SymRegisterCallback64
SymRegisterCallbackW64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSearch
SymSearchW
SymSetContext
SymSetHomeDirectory
SymSetHomeDirectoryW
SymSetOptions
SymSetParentWindow
SymSetScopeFromAddr
SymSetScopeFromIndex
SymSetSearchPath
SymSetSearchPathW
SymSrvDeltaName
SymSrvDeltaNameW
SymSrvGetFileIndexInfo
SymSrvGetFileIndexInfoW
SymSrvGetFileIndexString
SymSrvGetFileIndexStringW
SymSrvGetFileIndexes
SymSrvGetFileIndexesW
SymSrvGetSupplement
SymSrvGetSupplementW
SymSrvIsStore
SymSrvIsStoreW
SymSrvStoreFile
SymSrvStoreFileW
SymSrvStoreSupplement
SymSrvStoreSupplementW
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnDecorateSymbolNameW
UnmapDebugInformation
WinDbgExtensionDllInit
block
chksym
dbghelp
dh
fptr
homedir
itoldyouso
lmi
lminfo
omap
srcfiles
stack_force_ebp
stackdbg
sym
symsrv
vc7fpo

Sections

.text
Size: 936KB - Virtual size: 935KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rebina/iconengines/qsvgicon.dll
.dll windows:6 windows x86 arch:x86

d80f8733bbbe0d549bd8643260d81557

Code Sign

e4:12:82:66:79:32:d8:54:6f:96:d4:d4:62:32:c0:6f
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/09/2019, 00:00

Not After

08/09/2024, 23:59

Subject

CN=Artem Shevchenko,O=Artem Shevchenko,POSTALCODE=04050,STREET=Melnikova st. 15\, 5 apt.,L=Kiev,ST=Kiev,C=UA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27/04/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

92:16:86:28:c8:7b:78:6b:8d:f5:5e:29:f8:30:7a:79:9a:ee:9c:ca
Signer

Actual PE Digest

92:16:86:28:c8:7b:78:6b:8d:f5:5e:29:f8:30:7a:79:9a:ee:9c:ca

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

qt5svg

?render@QSvgRenderer@@QAEXPAVQPainter@@@Z
?load@QSvgRenderer@@QAE_NABVQByteArray@@@Z
?load@QSvgRenderer@@QAE_NABVQString@@@Z
?defaultSize@QSvgRenderer@@QBE?AVQSize@@XZ
?isValid@QSvgRenderer@@QBE_NXZ
??1QSvgRenderer@@UAE@XZ
??0QSvgRenderer@@QAE@ABVQString@@PAVQObject@@@Z
??0QSvgRenderer@@QAE@PAVQObject@@@Z

qt5gui

?self@QGuiApplicationPrivate@@0PAV1@A
?staticMetaObject@QGuiApplication@@2UQMetaObject@@B
?virtual_hook@QIconEngine@@UAEXHPAX@Z
?iconName@QIconEngine@@UBE?AVQString@@XZ
?availableSizes@QIconEngine@@UBE?AV?$QList@VQSize@@@@W4Mode@QIcon@@W4State@4@@Z
?insert@QPixmapCache@@SA_NABVQString@@ABVQPixmap@@@Z
?find@QPixmapCache@@SA_NABVQString@@AAVQPixmap@@@Z
?drawPixmap@QPainter@@QAEXABVQRectF@@ABVQPixmap@@0@Z
?end@QPainter@@QAE_NXZ
?device@QPainter@@QBEPAVQPaintDevice@@XZ
??1QPainter@@QAE@XZ
??0QPainter@@QAE@PAVQPaintDevice@@@Z
??1QIconEngine@@UAE@XZ
??0QIconEngine@@QAE@XZ
??6@YAAAVQDataStream@@AAV0@ABVQPixmap@@@Z
??5@YAAAVQDataStream@@AAV0@AAVQPixmap@@@Z
?fromImage@QPixmap@@SA?AV1@ABVQImage@@V?$QFlags@W4ImageConversionFlag@Qt@@@@@Z
?size@QPixmap@@QBE?AVQSize@@XZ
?isNull@QPixmap@@QBE_NXZ
??4QPixmap@@QAEAAV0@$$QAV0@@Z
??4QPixmap@@QAEAAV0@ABV0@@Z
??1QPixmap@@UAE@XZ
??0QPixmap@@QAE@ABV0@@Z
??0QPixmap@@QAE@ABVQString@@PBDV?$QFlags@W4ImageConversionFlag@Qt@@@@@Z
??0QPixmap@@QAE@XZ
?fill@QImage@@QAEXI@Z
??1QImage@@UAE@XZ
??0QImage@@QAE@ABVQSize@@W4Format@0@@Z
?devicePixelRatio@QPaintDevice@@QBEHXZ
?staticMetaObject@QIconEnginePlugin@@2UQMetaObject@@B
??1QIconEnginePlugin@@UAE@XZ
??0QIconEnginePlugin@@QAE@PAVQObject@@@Z
?qt_metacall@QIconEnginePlugin@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?qt_metacast@QIconEnginePlugin@@UAEPAXPBD@Z

qt5core

?self@QCoreApplication@@0PAV1@A
?shared_null@QHashData@@2U1@B
??0QString@@QAE@VQLatin1String@@@Z
??0QString@@QAE@ABV0@@Z
??1QString@@QAE@XZ
?isNull@QString@@QBE_NXZ
?detach@QListData@@QAEPAUData@1@H@Z
?detach_grow@QListData@@QAEPAUData@1@PAHH@Z
?dispose@QListData@@SAXPAUData@1@@Z
?append@QListData@@QAEPAPAXXZ
?dynamicMetaObject@QObjectData@@QBEPAUQMetaObject@@XZ
?getAndRef@ExternalRefCountData@QtSharedPointer@@SAPAU12@PBVQObject@@@Z
?childEvent@QObject@@MAEXPAVQChildEvent@@@Z
?connectNotify@QObject@@MAEXABVQMetaMethod@@@Z
?customEvent@QObject@@MAEXPAVQEvent@@@Z
?disconnectNotify@QObject@@MAEXABVQMetaMethod@@@Z
?event@QObject@@UAE_NPAVQEvent@@@Z
?eventFilter@QObject@@UAE_NPAV1@PAVQEvent@@@Z
?timerEvent@QObject@@MAEXPAVQTimerEvent@@@Z
?shared_null@QListData@@2UData@1@B
??0QChar@@QAE@UQLatin1Char@@@Z
?realloc@QListData@@QAEXH@Z
??0QByteArray@@QAE@XZ
??0QByteArray@@QAE@ABV0@@Z
??1QByteArray@@QAE@XZ
??4QByteArray@@QAEAAV0@ABV0@@Z
??4QByteArray@@QAEAAV0@$$QAV0@@Z
?constData@QByteArray@@QBEPBDXZ
?qUncompress@@YA?AVQByteArray@@PBEH@Z
??6@YAAAVQDataStream@@AAV0@ABVQByteArray@@@Z
??5@YAAAVQDataStream@@AAV0@AAVQByteArray@@@Z
?qCompress@@YA?AVQByteArray@@PBEHH@Z
??0QString@@QAE@XZ
??4QString@@QAEAAV0@ABV0@@Z
??4QString@@QAEAAV0@$$QAV0@@Z
?at@QString@@QBE?BVQChar@@H@Z
?endsWith@QString@@QBE_NVQLatin1String@@W4CaseSensitivity@Qt@@@Z
?append@QString@@QAEAAV1@VQChar@@@Z
?append@QString@@QAEAAV1@ABV1@@Z
?number@QString@@SA?AV1@HH@Z
??6@YAAAVQDataStream@@AAV0@ABVQString@@@Z
??5@YAAAVQDataStream@@AAV0@AAVQString@@@Z
?scaled@QSize@@QBE?AV1@ABV1@W4AspectRatioMode@Qt@@@Z
??XQSize@@QAEAAV0@N@Z
?cast@QMetaObject@@QBEPAVQObject@@PAV2@@Z
??0QRectF@@QAE@ABVQRect@@@Z
?allocateNode@QHashData@@QAEPAXH@Z
?detach_helper@QHashData@@QAEPAU1@P6AXPAUNode@1@PAX@ZP6AX0@ZHH@Z
?rehash@QHashData@@QAEXH@Z
?free_helper@QHashData@@QAEXP6AXPAUNode@1@@Z@Z
?nextNode@QHashData@@SAPAUNode@1@PAU21@@Z
?previousNode@QHashData@@SAPAUNode@1@PAU21@@Z
??0QSharedData@@QAE@XZ
??0QSharedData@@QAE@ABV0@@Z
?readAll@QIODevice@@QAE?AVQByteArray@@XZ
?atEnd@QDataStream@@QBE_NXZ
?status@QDataStream@@QBE?AW4Status@1@XZ
?setStatus@QDataStream@@QAEXW4Status@1@@Z
?resetStatus@QDataStream@@QAEXXZ
??5QDataStream@@QAEAAV0@AAH@Z
??6QDataStream@@QAEAAV0@H@Z
??0QFile@@QAE@ABVQString@@@Z
??1QFile@@UAE@XZ
?open@QFile@@UAE_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z
??0QFileInfo@@QAE@ABVQString@@@Z
??1QFileInfo@@QAE@XZ
?absoluteFilePath@QFileInfo@@QBE?AVQString@@XZ

msvcp120

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z
?_Xbad_alloc@std@@YAXXZ

msvcr120

_initterm_e
_initterm
_malloc_crt
_except_handler4_common
_amsg_exit
__CppXcptFilter
??1type_info@@UAE@XZ
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
memcpy
memmove
??3@YAXPAX@Z
??2@YAPAXI@Z
_purecall
?terminate@@YAXXZ
__clean_type_info_names_internal
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
free

kernel32

IsProcessorFeaturePresent
IsDebuggerPresent
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
DecodePointer
EncodePointer

Exports

Exports

qt_plugin_instance
qt_plugin_query_metadata

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rebina/ini/Custom.ini
Rebina/ini/DefaultScript.ini
Rebina/ini/FunctionDefine.ini
Rebina/ini/Inform.ini
Rebina/ini/Internet.ini
Rebina/ini/Main.ini
Rebina/ocx/MSWINSCK.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

fcc40667ac22e0c598518006de958259

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/12/2000, 08:00

Not After

12/11/2005, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:0e:7d:a7:00:00:00:00:00:48
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/10/2003, 05:59

Not After

25/01/2005, 06:09

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5b:3d:e6:b4:56:d1:a3:cc:c3:77:ec:dd:05:31:a7:25:62:28:b5:bc
Signer

Actual PE Digest

5b:3d:e6:b4:56:d1:a3:cc:c3:77:ec:dd:05:31:a7:25:62:28:b5:bc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

wsock32

accept
listen
inet_ntoa
recv
WSAGetLastError
WSASetLastError
select
__WSAFDIsSet
shutdown
ntohs
sendto
recvfrom
connect
getsockopt
setsockopt
getsockname
getpeername
closesocket
WSACancelAsyncRequest
gethostbyaddr
bind
WSAAsyncSelect
socket
WSAStartup
WSACleanup
inet_addr
WSAAsyncGetHostByName
WSAAsyncGetHostByAddr
gethostbyname
htons
gethostname
ioctlsocket
send

kernel32

WideCharToMultiByte
GetVersion
GetProcAddress
GetModuleFileNameA
InitializeCriticalSection
HeapFree
HeapAlloc
GetProcessHeap
lstrcpynA
lstrcpyA
lstrlenA
lstrcatA
IsBadWritePtr
DisableThreadLibraryCalls
lstrlenW
LeaveCriticalSection
GetCurrentThreadId
EnterCriticalSection
LocalFree
FormatMessageA
GetTickCount
MultiByteToWideChar
SetLastError
GetLocaleInfoA
DeleteCriticalSection
FreeLibrary
lstrcmpA
InterlockedDecrement
GetFileAttributesA
GetWindowsDirectoryA
LoadLibraryA
GetLastError
InterlockedIncrement
lstrcmpiA
FindResourceA
LockResource
LoadResource
HeapReAlloc

user32

EndDialog
DrawEdge
DialogBoxParamA
LoadCursorA
MessageBoxA
GetActiveWindow
GetDC
CharNextA
ReleaseDC
SetParent
GetWindowRect
ShowWindow
WinHelpA
IsDialogMessageA
GetWindow
GetNextDlgTabItem
IsWindowEnabled
GetDlgItem
IsChild
GetKeyState
SetWindowPos
LoadBitmapA
IsWindowVisible
EndPaint
GetClientRect
BeginPaint
GetSystemMetrics
GetDlgItemTextA
ClientToScreen
OffsetRect
EqualRect
IntersectRect
SetWindowRgn
PtInRect
MessageBeep
LoadStringA
IsWindow
CreateDialogIndirectParamA
GetParent
SetDlgItemTextA
SendMessageA
DefWindowProcA
GetWindowLongA
DestroyWindow
SetWindowLongA
KillTimer
SetTimer
UnregisterClassA
RegisterClassA
PeekMessageA
PostMessageA
SendDlgItemMessageA
GetDlgItemInt
SetDlgItemInt
SetFocus
MoveWindow
CreateWindowExA
wsprintfA

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CreateOleAdviseHolder

advapi32

RegDeleteValueA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegEnumKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

VariantChangeType
SysAllocStringLen
SysAllocString
SafeArrayRedim
SysStringLen
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi
LoadTypeLibEx
OleCreatePropertyFrame
LoadRegTypeLi
SetErrorInfo
SysFreeString
CreateErrorInfo
GetErrorInfo
SafeArrayUnaccessData
SafeArrayDestroy
VariantClear
SysAllocStringByteLen
SafeArrayCreate
SysStringByteLen
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
VariantInit
SafeArrayAccessData
SafeArrayGetDim

gdi32

GetDeviceCaps
CreateCompatibleDC
CreateRectRgnIndirect
GetWindowExtEx
GetViewportExtEx
DeleteDC
DeleteObject
GetObjectA
LPtoDP
SetMapMode
SetViewportExtEx
SetWindowExtEx
SetViewportOrgEx
SetWindowOrgEx
CreateDCA
BitBlt
SelectObject

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rebina/ocx/RICHTX32.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

aaca01ab2cd35af160b8025e9dcfad9f

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/12/2000, 08:00

Not After

12/11/2005, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:0e:7d:a7:00:00:00:00:00:48
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/10/2003, 05:59

Not After

25/01/2005, 06:09

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c6:be:da:cb:6f:7c:07:ce:80:06:10:c2:9a:0c:17:6f:0c:b4:42:44
Signer

Actual PE Digest

c6:be:da:cb:6f:7c:07:ce:80:06:10:c2:9a:0c:17:6f:0c:b4:42:44

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

shell32

DragAcceptFiles
DragQueryFileA
DragFinish

oledlg

ord1

kernel32

GlobalUnlock
GetVersionExA
GlobalSize
GlobalLock
FindResourceA
GlobalAlloc
GlobalFree
GetLocaleInfoA
LoadResource
LockResource
GetModuleFileNameA
GetWindowsDirectoryA
HeapReAlloc
GetFileAttributesA
lstrcatA
lstrcpynA
DisableThreadLibraryCalls
GetProcAddress
GetVersion
GetAtomNameA
FindAtomA
AddAtomA
IsBadWritePtr
DeleteAtom
InterlockedIncrement
FreeLibrary
LoadLibraryA
InterlockedDecrement
GetProcessHeap
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
WriteFile
GetLastError
ReadFile
LeaveCriticalSection
CreateFileA
lstrcmpA
lstrcpyA
HeapAlloc
lstrlenA
HeapFree
WideCharToMultiByte
lstrlenW
SetFilePointer
MultiByteToWideChar
IsDBCSLeadByte
CloseHandle
lstrcmpiA

user32

SetCursorPos
ScreenToClient
GetClipboardFormatNameA
PeekMessageW
PostMessageW
PeekMessageA
RegisterWindowMessageA
IsDlgButtonChecked
SetDlgItemInt
SetDlgItemTextA
CheckDlgButton
ReleaseCapture
DefWindowProcA
LoadCursorA
SetCursor
CreateDialogIndirectParamA
MapWindowPoints
FillRect
GetDlgItemTextA
GetClientRect
InvalidateRect
ValidateRect
SetRect
GetSysColor
InflateRect
GetClassInfoA
TrackPopupMenu
GetWindow
GetWindowTextA
CharNextA
MessageBoxA
SendDlgItemMessageA
GetDlgItem
PostMessageA
IsChild
TranslateMessage
DispatchMessageA
IsWindowEnabled
GetNextDlgTabItem
IsDialogMessageA
WinHelpA
BeginPaint
MoveWindow
SetFocus
IsWindowVisible
EndPaint
SetParent
ShowWindow
EnableMenuItem
DeleteMenu
EqualRect
SetWindowRgn
IntersectRect
GetWindowRect
OffsetRect
GetDlgItemInt
GetActiveWindow
SetWindowLongA
SetWindowPos
LoadMenuA
UnregisterClassA
DestroyWindow
DestroyMenu
GetSubMenu
RemoveMenu
GetParent
GetMenuItemCount
GetFocus
IsWindow
WindowFromDC
RegisterClassA
LoadStringA
RegisterClipboardFormatA
GetCapture
GetCursorPos
EnableWindow
EndDialog
wsprintfA
GetKeyState
MessageBeep
CallWindowProcA
GetDC
GetSystemMetrics
ReleaseDC
UpdateWindow
SendMessageA
DialogBoxParamA
GetWindowLongA
CreateWindowExA
ClientToScreen
PtInRect

ole32

DoDragDrop
RegisterDragDrop
CreateOleAdviseHolder
OleCreateFromFile
CLSIDFromProgID
OleCreate
OleSetContainedObject
StringFromCLSID
OleGetIconOfClass
CoGetMalloc
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleSaveToStream
OleLoadFromStream
RevokeDragDrop
CoTaskMemRealloc
ReleaseStgMedium
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree

advapi32

RegEnumKeyExA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegQueryValueA
RegDeleteKeyA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA

oleaut32

SafeArrayGetElement
SafeArrayDestroy
SafeArrayRedim
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayGetLBound
VariantCopyInd
VariantCopy
SafeArrayUnaccessData
SetErrorInfo
OleCreatePropertyFrame
CreateErrorInfo
UnRegisterTypeLi
LoadTypeLi
LoadTypeLibEx
SafeArrayCreate
SafeArrayPutElement
RegisterTypeLi
OleCreatePictureIndirect
LoadRegTypeLi
GetErrorInfo
OleCreateFontIndirect
SysAllocStringLen
OleLoadPicture
OleTranslateColor
SysStringLen
SysFreeString
VariantChangeType
VariantClear
SysAllocString
VariantInit
SafeArrayCopy

comdlg32

GetOpenFileNameA
CommDlgExtendedError

gdi32

GetNearestColor
CreateSolidBrush
DeleteObject
EnumFontFamiliesExA
CreatePalette
GetBitmapBits
StretchBlt
GetObjectA
SelectPalette
CreateDIBitmap
GetDIBits
GetPaletteEntries
RealizePalette
CreateBitmap
CopyEnhMetaFileA
GetStockObject
CreateDCA
LPtoDP
CopyMetaFileA
GetViewportExtEx
CreateRectRgnIndirect
GetWindowExtEx
GetClipBox
SetWindowExtEx
SetBkColor
SelectObject
CreateCompatibleBitmap
SetViewportExtEx
DeleteDC
EndDoc
PatBlt
StartPage
StartDocA
EndPage
SetWindowOrgEx
SetViewportOrgEx
DPtoLP
CreateCompatibleDC
GetMapMode
CreateICA
GetObjectType
SetMapMode
GetDeviceCaps

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
VBFrameworkMapClassObject

Sections

.text
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rebina/ocx/TABCTL32.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

aa8b0ec5b7d56e08d6614ae243221096

Code Sign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetStringTypeW
GetStringTypeA
VirtualAlloc
LCMapStringW
LCMapStringA
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCurrentProcess
TerminateProcess
ExitProcess
RaiseException
GetOEMCP
GetACP
GetCPInfo
GetModuleHandleA
GetCommandLineA
lstrcpynA
GetFileAttributesA
GetVersion
DisableThreadLibraryCalls
FindResourceA
LoadResource
LockResource
GetLastError
InterlockedDecrement
InterlockedIncrement
GetProcAddress
GetLocaleInfoA
LoadLibraryA
GetWindowsDirectoryA
GetModuleFileNameA
MultiByteToWideChar
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
lstrcmpiA
lstrlenA
GlobalSize
IsDBCSLeadByte
LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
HeapAlloc
lstrcpyA
EnterCriticalSection
HeapReAlloc
lstrcmpA
GetProcessHeap
InitializeCriticalSection
lstrcatA

user32

SetFocus
MoveWindow
GetWindow
ShowWindow
IsWindowEnabled
PtInRect
IsWindowVisible
GetParent
SetWindowRgn
GetSysColor
CopyRect
DrawFocusRect
DestroyWindow
GetWindowDC
GetWindowRect
CreateWindowExA
SetWindowLongA
CallWindowProcA
GetWindowLongA
SetRectEmpty
SetWindowPos
OffsetRect
WinHelpA
GetNextDlgTabItem
CharNextA
GetClipboardFormatNameA
ScreenToClient
MapWindowPoints
SetCursorPos
RegisterClipboardFormatA
UnregisterClassA
InvalidateRect
ReleaseCapture
CreateDialogIndirectParamA
IsChild
SetParent
EndPaint
IsDialogMessageA
FillRect
InflateRect
EndDialog
GetActiveWindow
DialogBoxParamA
GetCursorPos
LockWindowUpdate
EqualRect
IsWindow
MessageBeep
MessageBoxA
GetDlgItemInt
GetDlgItemTextA
IsDlgButtonChecked
SendDlgItemMessageA
SetDlgItemTextA
SetDlgItemInt
CheckDlgButton
GetDlgItem
wsprintfA
GetKeyState
DefWindowProcA
SetCursor
PeekMessageA
SendMessageA
GetFocus
GetDC
ReleaseDC
SetRect
IsCharAlphaNumericA
VkKeyScanA
CreateAcceleratorTableA
EnableWindow
LoadCursorA
RegisterClassA
DestroyAcceleratorTable
LoadStringA
GetSystemMetrics
ClientToScreen
GetClientRect
BeginPaint
IntersectRect

ole32

ReleaseStgMedium
DoDragDrop
RegisterDragDrop
RevokeDragDrop
CreateOleAdviseHolder
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
OleSaveToStream
OleLoadFromStream

advapi32

RegEnumKeyExA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

SysAllocStringLen
OleCreatePropertyFrame
LoadTypeLi
SafeArrayCopy
SafeArrayRedim
SafeArrayPutElement
SafeArrayGetElement
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantCopyInd
VariantCopy
LoadTypeLibEx
UnRegisterTypeLi
RegisterTypeLi
CreateErrorInfo
SetErrorInfo
VariantChangeType
VariantInit
SysStringLen
OleTranslateColor
GetErrorInfo
OleLoadPicture
SysAllocStringByteLen
SysStringByteLen
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
OleCreatePictureIndirect
SysAllocString
SysFreeString

gdi32

LPtoDP
GetViewportExtEx
CreateRectRgnIndirect
GetWindowExtEx
SetMapMode
GetNearestColor
CreatePalette
GetBitmapBits
CreateDIBitmap
GetDIBits
CopyEnhMetaFileA
CopyMetaFileA
CreateDCA
SetWindowOrgEx
SetViewportOrgEx
SetWindowExtEx
SetViewportExtEx
GetDeviceCaps
DeleteDC
DeleteObject
StretchBlt
SelectObject
CreateBitmap
CreateCompatibleDC
RealizePalette
SelectPalette
GetOutlineTextMetricsA
BitBlt
CreateCompatibleBitmap
SetTextColor
SetBkColor
CreateRectRgn
CreateFontIndirectA
GetObjectA
SelectClipRgn
CombineRgn
CreatePolygonRgn
SetBkMode
CreatePen
TextOutA
GetTextColor
LineTo
MoveToEx
GetTextExtentPoint32A
GetCharWidthA
GetCurrentPositionEx
SetTextAlign
GetStockObject
CreateSolidBrush
OffsetRgn
SetBrushOrgEx
UnrealizeObject
CreateICA
GetPaletteEntries

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rebina/ocx/TabS.oca
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rebina/ocx/TabS.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: - Virtual size: 148KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 45KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Rebina/ocx/aero.skn
Rebina/ocx/mscomctl.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

ce21923007044b1701a0b2dc4ac9396b

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7e
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

23/05/2002, 08:00

Not After

25/09/2011, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:05:87:58:00:03:00:00:00:5a
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/01/2005, 23:20

Not After

05/04/2006, 23:30

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

d3:33:87:9d:a3:7d:db:aa:b4:12:4a:ae:67:2b:01:a6:0b:07:8a:fd
Signer

Actual PE Digest

d3:33:87:9d:a3:7d:db:aa:b4:12:4a:ae:67:2b:01:a6:0b:07:8a:fd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
LocalReAlloc
GetProfileIntA
RtlMoveMemory
LocalSize
FreeResource
GetCurrentProcessId
MulDiv
GetTickCount
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GlobalReAlloc
IsBadReadPtr
Sleep
WaitForSingleObject
GlobalHandle
GetThreadLocale
LocalFree
LocalAlloc
GlobalAddAtomA
SetFilePointer
SetStdHandle
FlushFileBuffers
VirtualAlloc
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentProcess
TerminateProcess
ExitProcess
RtlUnwind
GetCommandLineA
CompareStringW
GlobalSize
CreateFileA
GetFileSize
GlobalUnlock
GlobalLock
ReadFile
CloseHandle
IsDBCSLeadByte
GetModuleHandleA
FindResourceA
LoadResource
LockResource
GetLastError
GetFileAttributesA
GetVersion
DisableThreadLibraryCalls
GetProcAddress
GetLocaleInfoA
LoadLibraryA
GetWindowsDirectoryA
lstrcatA
GetModuleFileNameA
IsBadWritePtr
lstrcmpiA
GetLocalTime
GetTimeFormatA
GetDateFormatA
lstrcmpA
GlobalAlloc
GlobalFree
GetVersionExA
GetCurrentThreadId
MultiByteToWideChar
CompareStringA
lstrcpyA
InterlockedExchange
lstrlenA
GetSystemDefaultLCID
lstrcpynA
HeapAlloc
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
InterlockedIncrement
InterlockedDecrement
HeapReAlloc

user32

DrawFocusRect
AdjustWindowRect
DrawFrameControl
TrackPopupMenu
GetMessageA
AdjustWindowRectEx
CopyRect
GetKeyNameTextA
ShowCaret
SetCaretPos
GrayStringA
HideCaret
DestroyCaret
CreateCaret
SetWindowTextA
SetScrollInfo
DrawTextExA
InvertRect
SetRectEmpty
GetShellWindow
SetKeyboardState
GetKeyboardState
GetScrollInfo
GetKeyboardLayout
DestroyCursor
GetUpdateRgn
GetUpdateRect
GetWindowRgn
ValidateRect
CallMsgFilterA
LockWindowUpdate
IsZoomed
GetDesktopWindow
GetIconInfo
GetCursor
GetForegroundWindow
InvalidateRgn
EndDeferWindowPos
EnumChildWindows
GetDoubleClickTime
FindWindowA
GetMessageTime
GetWindowThreadProcessId
RemovePropA
SendNotifyMessageA
SetScrollPos
SetScrollRange
GetWindowTextLengthA
EnableScrollBar
ChildWindowFromPoint
EndDialog
GetWindow
GetPropA
GetCursorPos
WindowFromPoint
GetClassNameA
GetDlgCtrlID
IsWindow
SetPropA
SetTimer
KillTimer
SendDlgItemMessageA
IsWindowVisible
UnregisterClassA
CharNextA
SetActiveWindow
CheckRadioButton
SetFocus
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
CheckDlgButton
GetDlgItem
IsWindowEnabled
GetDCEx
DrawIconEx
CreateIconIndirect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetClipboardFormatNameA
SetCursorPos
RegisterClipboardFormatA
MessageBeep
RegisterWindowMessageA
PeekMessageA
PostMessageW
PeekMessageW
VkKeyScanA
SetParent
CharUpperA
GetDlgItemInt
SetCursor
CreateDialogIndirectParamA
GetNextDlgTabItem
IsDialogMessageA
ScrollWindowEx
GetDlgItemTextA
SetWindowRgn
IntersectRect
EqualRect
MoveWindow
BeginPaint
EndPaint
DeferWindowPos
BeginDeferWindowPos
CharNextExA
DrawIcon
DestroyIcon
MapWindowPoints
CreatePopupMenu
AppendMenuA
TrackPopupMenuEx
DestroyMenu
GetActiveWindow
MessageBoxA
WinHelpA
PtInRect
DefWindowProcA
GetWindowDC
SetRect
LoadCursorA
IsRectEmpty
ClientToScreen
GetWindowRect
MapVirtualKeyA
DestroyWindow
CreateWindowExA
GetSysColorBrush
GetAsyncKeyState
EnableWindow
PostMessageA
TranslateMessage
DispatchMessageA
wsprintfA
DialogBoxParamA
UpdateWindow
GetWindowLongA
SetWindowLongA
GetDC
ReleaseDC
GetParent
OffsetRect
UnionRect
GetFocus
IsChild
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetMessagePos
ScreenToClient
SetWindowPos
SetCapture
GetWindowTextA
WindowFromDC
GetClientRect
CallWindowProcA
DrawEdge
GetSysColor
FrameRect
InflateRect
FillRect
DrawTextA
GetKeyState
GetCapture
ReleaseCapture
GetClassInfoA
RegisterClassA
InvalidateRect
LoadIconA
GetSystemMetrics
CopyImage
SendMessageA
LoadStringA
RedrawWindow
ShowWindow
CreateAcceleratorTableA

ole32

ReleaseStgMedium
DoDragDrop
RegisterDragDrop
RevokeDragDrop
CreateStreamOnHGlobal
OleLoadFromStream
OleSaveToStream
CreateOleAdviseHolder
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

advapi32

RegDeleteKeyA
RegOpenKeyA
RegQueryValueA
RegQueryValueExA
RegEnumKeyExA
RegCreateKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegDeleteValueA

oleaut32

SafeArrayRedim
SafeArrayPutElement
SafeArrayGetElement
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
GetErrorInfo
OleCreateFontIndirect
OleCreatePropertyFrame
LoadTypeLibEx
UnRegisterTypeLi
RegisterTypeLi
CreateErrorInfo
SetErrorInfo
LoadRegTypeLi
LoadTypeLi
VariantChangeTypeEx
SysStringByteLen
SysAllocStringByteLen
OleLoadPicture
SysAllocStringLen
VariantCopy
OleTranslateColor
VariantChangeType
OleCreatePictureIndirect
VariantCopyInd
SysStringLen
SysFreeString
VariantInit
VariantClear
SysAllocString
SafeArrayCopy

comdlg32

GetOpenFileNameA

gdi32

Arc
GetTextExtentPointA
GetCharWidthA
OffsetWindowOrgEx
ExtTextOutW
GetTextExtentPointW
Polyline
GetTextAlign
SetTextAlign
OffsetRgn
GetTextColor
CombineRgn
GetTextMetricsA
MoveToEx
LineTo
Ellipse
DeleteObject
SelectObject
CreateSolidBrush
SetViewportOrgEx
SetWindowOrgEx
SetViewportExtEx
SetWindowExtEx
SetMapMode
GetDeviceCaps
CreateFontIndirectA
GetObjectA
SelectClipRgn
ExcludeClipRect
RectVisible
GetClipBox
IntersectClipRect
GetClipRgn
CreateRectRgnIndirect
RealizePalette
SelectPalette
PatBlt
CreateCompatibleBitmap
CreateBitmap
CreateCompatibleDC
GetTextExtentPoint32A
TextOutA
SetBkColor
SetTextColor
SetBkMode
Rectangle
CreatePen
GetStockObject
GetViewportExtEx
GetWindowExtEx
LPtoDP
DeleteDC
CreateDCA
CreateRectRgn
StretchBlt
CreateICA
CopyMetaFileA
CopyEnhMetaFileA
GetPaletteEntries
GetDIBits
CreateDIBitmap
GetBitmapBits
CreatePalette
GetNearestColor
CreatePatternBrush
CreateDIBSection
CreateHalftonePalette
BitBlt
SetDIBColorTable
GetDIBColorTable
GetPixel
StretchDIBits
SetBrushOrgEx
GetBkColor
ExtTextOutA
RestoreDC
SaveDC
CreateFontA

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 690KB - Virtual size: 690KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 279KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rebina/translations/qt_ca.qm
Rebina/translations/qt_cs.qm
Rebina/translations/qt_de.qm
Rebina/translations/qt_fi.qm
Rebina/translations/qt_fr.qm
Rebina/translations/qt_he.qm
Rebina/translations/qt_hu.qm
Rebina/translations/qt_it.qm
Rebina/translations/qt_ja.qm
Rebina/translations/qt_ko.qm
Rebina/translations/qt_lv.qm
Rebina/translations/qt_ru.qm
Rebina/translations/qt_sk.qm
Rebina/translations/qt_uk.qm

Sharing

General

Malware Config

Signatures

Files

Password: ez

Password: ez

d439aad54e7fd85f5adafe6dba0c5d42

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

advapi32

ntdll

bcrypt

ole32

oleaut32

pdh

powrprof

psapi

shell32

api-ms-win-core-synch-l1-2-0

bcryptprimitives

Sections

.text Size: 369KB - Virtual size: 369KB

.data Size: 512B - Virtual size: 480B

.rdata Size: 29.4MB - Virtual size: 29.4MB

.pdata Size: 6KB - Virtual size: 5KB

.xdata Size: 8KB - Virtual size: 7KB

.bss Size: - Virtual size: 576B

.idata Size: 8KB - Virtual size: 7KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 384B

Password: ez

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

5c:ca:a8:23:69:a2:6a:ee:30:d0:17:61:6b:1c:eb:69Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

3d:57:24:d0:90:e9:62:0d:6f:f0:b1:84:72:79:a6:8dCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

af:1e:53:11:51:9a:1d:2a:62:94:47:31:95:f4:4d:ac:4e:0a:0b:fe:ed:00:ee:5c:de:0c:12:47:7c:14:70:04Signer

e5:9a:3e:85:46:f2:8f:98:fa:49:1a:14:95:2a:bd:69:4b:db:95:acSigner

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rsrc Size: 27KB - Virtual size: 27KB

.reloc Size: 512B - Virtual size: 12B

Password: ez

.text
Size: 369KB - Virtual size: 369KB

.data
Size: 512B - Virtual size: 480B

.rdata
Size: 29.4MB - Virtual size: 29.4MB

.pdata
Size: 6KB - Virtual size: 5KB

.xdata
Size: 8KB - Virtual size: 7KB

.bss
Size: - Virtual size: 576B

.idata
Size: 8KB - Virtual size: 7KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 384B

5c:ca:a8:23:69:a2:6a:ee:30:d0:17:61:6b:1c:eb:69
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

3d:57:24:d0:90:e9:62:0d:6f:f0:b1:84:72:79:a6:8d
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

af:1e:53:11:51:9a:1d:2a:62:94:47:31:95:f4:4d:ac:4e:0a:0b:fe:ed:00:ee:5c:de:0c:12:47:7c:14:70:04
Signer

e5:9a:3e:85:46:f2:8f:98:fa:49:1a:14:95:2a:bd:69:4b:db:95:ac
Signer

.text
Size: 1.9MB - Virtual size: 1.9MB

.rsrc
Size: 27KB - Virtual size: 27KB

.reloc
Size: 512B - Virtual size: 12B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

42:17:85:f6:b6:bc:98:c1:4a:5f:0b:89:76:96:f8:a8
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

89:b5:c2:26:95:c0:90:93:d5:fb:3e:bd:56:2c:a5:a9:e2:78:f9:54
Signer

.text
Size: 26KB - Virtual size: 26KB

.itext
Size: 512B - Virtual size: 260B

.data
Size: 4KB - Virtual size: 3KB

.bss
Size: - Virtual size: 19KB

.idata
Size: 1KB - Virtual size: 1KB

.edata
Size: 1024B - Virtual size: 553B

.rdata
Size: 512B - Virtual size: 69B

.reloc
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 2KB

.text
Size: 904KB - Virtual size: 908KB

.data
Size: 122KB - Virtual size: 164KB

.tls
Size: 9KB - Virtual size: 12KB

.idata
Size: 5KB - Virtual size: 8KB

.edata
Size: 46KB - Virtual size: 48KB

.rsrc
Size: 1KB - Virtual size: 4KB

.reloc
Size: 24KB - Virtual size: 28KB

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

61:06:bf:fe:00:00:00:00:00:14
Certificate

61:14:2c:a7:00:00:00:00:00:06
Certificate

61:14:2c:a7:00:00:00:00:00:06
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:15:08:27:00:00:00:00:00:0c
Certificate