d47a0fbc1d314bed71b4e6a4eb77fc0e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d47a0fbc1d314bed71b4e6a4eb77fc0e_JaffaCakes118
Size

4.9MB
MD5

d47a0fbc1d314bed71b4e6a4eb77fc0e
SHA1

7d1c3eaecc5a6a970c52a3e744335d140ec82ee4
SHA256

b82101980ca60c8363e914ab1860b19052baf3947a7ec7b65f599cc2ae158afb
SHA512

68a284539f155d024c9204ebd843177bc86d6a7fdf72acbee741fc49226921c0772fb555b4e72404c6fd628754c538be58ae70268332e06c3c4cbecb42781e0e
SSDEEP

98304:ummfqHCk4DIN22P1/e4Q5IGY8z3UmGqF/gAqoJQTPUFy6ZuhOL+tz/gGiLp9g/o2:jjh4cN22tWrY8LdGmI0J2PUFyWatrgjw

Score

3^/10

Malware Config

Signatures

Unsigned PE 13 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ETD.sys
unpack001/ETDApi.dll
unpack001/ETDApi32.dll
unpack001/ETDApix.dll
unpack001/ETDCmds.dll
unpack001/ETDFavorite.dll
unpack001/ETDInst.dll
unpack001/ETDMag.exe
unpack001/ETDMcpl.dll
unpack001/ETDUI.cpl
unpack001/ETDUninst.dll
unpack001/ETDUninst.exe
unpack001/Setup.exe

Files

d47a0fbc1d314bed71b4e6a4eb77fc0e_JaffaCakes118
.zip
2KSETUP.INI
ELANLogo.ico
ELANTP.bmp
ETD.inf
ETD.sys
.sys windows:6 windows x64 arch:x64

b3e356c467ac6d15f5c28c8e1de6d8a5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\etdsys_isr\objfre_win7_amd64\amd64\ETD.pdb

Imports

ntoskrnl.exe

IoDeleteDevice
KeInitializeDpc
IoDetachDevice
KeInitializeTimer
KeDelayExecutionThread
IofCompleteRequest
IoAttachDeviceToDeviceStack
IoCreateSymbolicLink
IoCreateDevice
IofCallDriver
KeClearEvent
IoDeleteSymbolicLink
KeSetEvent
KeInitializeEvent
RtlInitUnicodeString
KeWaitForSingleObject
PoStartNextPowerIrp
PoCallDriver
KeInsertQueueDpc
KeSetTimer
IoQueueWorkItem
KeCancelTimer
KeReleaseMutex
KeReadStateEvent
IoCreateNotificationEvent
IoFreeWorkItem
IoAllocateWorkItem
KeBugCheckEx
ZwClose
KeInitializeMutex

hal

KeStallExecutionProcessor

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 530B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ETDApi.dll
.dll windows:5 windows x64 arch:x64

3eb310183868548ad1fbcbbca9266458

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Workstation\ETD7_Driver\ETD7.0.5.2\ETDAPIv3_2\ETDApi\x64\Release\ETDApi.pdb

Imports

kernel32

HeapFree
RtlLookupFunctionEntry
RtlUnwindEx
Sleep
ExitProcess
RaiseException
RtlPcToFileHeader
HeapReAlloc
HeapSize
HeapQueryInformation
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
GetACP
IsValidCodePage
SetHandleCount
GetStdHandle
GetFileType
HeapAlloc
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetCommandLineA
FlsSetValue
GetOEMCP
GetCPInfo
CreateFileA
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
GlobalFindAtomA
lstrcmpW
GetVersionExA
GlobalGetAtomNameA
GetModuleHandleW
GlobalFlags
WritePrivateProfileStringA
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetModuleFileNameW
GetCurrentProcessId
GlobalAddAtomA
GetLastError
SetLastError
GlobalFree
GlobalUnlock
FormatMessageA
LocalFree
MultiByteToWideChar
lstrlenA
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
LoadLibraryA
CompareStringA
GlobalLock
lstrcmpA
GlobalAlloc
FreeLibrary
GetModuleHandleA
GetProcAddress
CloseHandle
SetEvent
OpenEventA
OpenMutexA
FindResourceA
LoadResource
LockResource
SizeofResource
GetStartupInfoA
WideCharToMultiByte

user32

DestroyMenu
ShowWindow
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
GetClassLongPtrA
SetPropA
GetPropA
RemovePropA
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetWindowLongPtrA
SetWindowLongPtrA
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
GetClientRect
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
LoadCursorA
GetSystemMetrics
GetSysColorBrush
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
GetWindowTextA
SetWindowTextA
GetSysColor
FindWindowA
PostMessageA
PostQuitMessage
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
UnregisterClassA
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
CheckMenuItem
EnableMenuItem
ModifyMenuA
SendMessageA
GetParent
GetFocus
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
GetCursorPos
PeekMessageA
GetKeyState
UnhookWindowsHookEx
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
SetForegroundWindow

gdi32

DeleteDC
GetStockObject
TextOutA
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
GetDeviceCaps
RectVisible
PtVisible
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
ExtTextOutA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegSetValueExA
RegQueryInfoKeyA
RegQueryValueExA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

SetETDConfig

Sections

.text
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ETDApi32.dll
.dll windows:5 windows x86 arch:x86

593b31ed0bf89369a8aed42e235bdcdd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Workstation\ETD7_Driver\ETD7.0.5.2\ETDAPIv3_2\ETDApi\Release\ETDApi.pdb

Imports

kernel32

GetCommandLineA
HeapAlloc
HeapFree
RtlUnwind
Sleep
ExitProcess
RaiseException
VirtualAlloc
HeapReAlloc
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
IsValidCodePage
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetOEMCP
GetCPInfo
CreateFileA
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
GlobalFindAtomA
lstrcmpW
GetVersionExA
GlobalGetAtomNameA
GetModuleHandleW
InterlockedIncrement
GlobalFlags
WritePrivateProfileStringA
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedDecrement
GetModuleFileNameW
GetCurrentProcessId
GlobalAddAtomA
GetLastError
SetLastError
GlobalFree
GlobalUnlock
FormatMessageA
LocalFree
MultiByteToWideChar
lstrlenA
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
LoadLibraryA
CompareStringA
InterlockedExchange
GlobalLock
lstrcmpA
GlobalAlloc
FreeLibrary
GetModuleHandleA
GetProcAddress
CloseHandle
SetEvent
OpenEventA
OpenMutexA
FindResourceA
LoadResource
LockResource
SizeofResource
GetEnvironmentStringsW
WideCharToMultiByte

user32

DestroyMenu
ShowWindow
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
LoadCursorA
GetSystemMetrics
GetSysColorBrush
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
GetWindowTextA
SetWindowTextA
GetSysColor
FindWindowA
PostMessageA
PostQuitMessage
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
UnregisterClassA
SetMenu
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
CheckMenuItem
EnableMenuItem
ModifyMenuA
SendMessageA
GetParent
GetFocus
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
GetCursorPos
PeekMessageA
GetKeyState
UnhookWindowsHookEx
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible

gdi32

DeleteDC
GetStockObject
ScaleWindowExtEx
TextOutA
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
GetDeviceCaps
RectVisible
PtVisible
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
ExtTextOutA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegSetValueExA
RegQueryInfoKeyA
RegQueryValueExA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

SetETDConfig

Sections

.text
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ETDApix.dll
.dll windows:5 windows x64 arch:x64

ea18702ef4e69b91e6e734781c52dfba

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Documents and Settings\97178\桌面\ETD7059\Apix\x64\Release\ETDApix.pdb

Imports

kernel32

GetCommandLineA
HeapAlloc
HeapFree
HeapReAlloc
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
ExitProcess
HeapSize
HeapQueryInformation
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
GetACP
IsValidCodePage
SetHandleCount
GetStdHandle
GetFileType
FlsSetValue
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetOEMCP
GetCPInfo
CreateFileA
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
GlobalFindAtomA
lstrcmpW
GetVersionExA
GlobalFlags
WritePrivateProfileStringA
GetModuleHandleW
GlobalGetAtomNameA
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetModuleFileNameW
GetCurrentProcessId
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryA
CompareStringA
lstrcmpA
FreeLibrary
GetProcAddress
GetLastError
SetLastError
GlobalFree
GlobalUnlock
FormatMessageA
LocalFree
lstrlenW
lstrlenA
MultiByteToWideChar
GlobalLock
GlobalAlloc
GetModuleFileNameA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
CloseHandle
SetEvent
OpenEventA
lstrcpyA
GetCurrentThreadId
lstrcatA
Sleep
GetStartupInfoA
GetModuleHandleA

user32

DestroyMenu
ShowWindow
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
GetClassLongPtrA
SetPropA
GetPropA
RemovePropA
IsWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetWindowLongPtrA
SetWindowLongPtrA
GetMessageTime
GetMessagePos
MapWindowPoints
GetClientRect
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetDlgCtrlID
PtInRect
SetWindowTextA
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
LoadCursorA
GetDC
SetWindowsHookExA
UnhookWindowsHookEx
GetForegroundWindow
GetClassNameA
ReleaseDC
GetSysColor
GetSysColorBrush
UnregisterClassA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
SetCursor
GetMessageA
TranslateMessage
DispatchMessageA
SetMenu
GetWindowTextA
GetWindowLongA
PostMessageA
GetDesktopWindow
GetWindowRect
SendMessageA
FindWindowA
FindWindowExA
SetForegroundWindow
GetParent
GetSystemMetrics
GetScrollInfo
GetCursorPos
SetScrollInfo
GetWindow
GetWindowThreadProcessId
AttachThreadInput
GetFocus
CallNextHookEx
SendInput
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu

gdi32

GetStockObject
DeleteDC
ScaleWindowExtEx
SetViewportOrgEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
GetDeviceCaps
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
OffsetViewportOrgEx

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegQueryInfoKeyA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteExA
SHAppBarMessage

shlwapi

PathFindFileNameA
PathFindExtensionA

ole32

CoCreateInstance
CoUninitialize
CLSIDFromProgID
CoInitializeEx

oleaut32

VariantInit
GetActiveObject
SysFreeString
VariantClear
VariantChangeType
GetErrorInfo
CreateErrorInfo

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Exports

Exports

ProcessMessage
SetApixOSVersion
SetHookFlag
SetHwnd
SetKBHookEx
SetMouseHookEx
UnKBHookEx
UnMouseHookEx
UpdateApixData

Sections

.text
Size: 199KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.my_shar
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ETDCmds.dll
.dll windows:5 windows x64 arch:x64

a950ee7daf246fbb25c119fff7515059

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Documents and Settings\97178\桌面\7058\ETDCmds\x64\Release\ETDCmds.pdb

Imports

advapi32

RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegQueryInfoKeyA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA

kernel32

FlsSetValue
GetCommandLineA
HeapAlloc
HeapFree
HeapReAlloc
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
Sleep
ExitProcess
HeapSize
HeapQueryInformation
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
GetACP
IsValidCodePage
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetOEMCP
GetCPInfo
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
GlobalFindAtomA
lstrcmpW
GetVersionExA
GlobalFlags
WritePrivateProfileStringA
GetModuleHandleW
GlobalGetAtomNameA
SetErrorMode
TlsFree
WideCharToMultiByte
DeviceIoControl
CreateFileA
CloseHandle
GetSystemDefaultLangID
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetModuleFileNameW
GetCurrentProcessId
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
LoadLibraryA
CompareStringA
lstrcmpA
FreeLibrary
GetModuleHandleA
GetProcAddress
GetLastError
SetLastError
GlobalFree
SizeofResource
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
lstrlenA
MultiByteToWideChar
FindResourceA
LoadResource
GetFileType
LockResource

user32

ShowWindow
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
GetClassLongPtrA
SetPropA
GetPropA
RemovePropA
IsWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetWindowLongPtrA
SetWindowLongPtrA
GetMessageTime
GetMessagePos
SetMenu
SetForegroundWindow
GetClientRect
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetDlgCtrlID
GetWindowRect
PtInRect
SetWindowTextA
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnregisterClassA
UnhookWindowsHookEx
GetWindowThreadProcessId
DestroyMenu
MapWindowPoints
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
SendMessageA
ModifyMenuA
EnableMenuItem
CheckMenuItem
PostMessageA
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindow
GetForegroundWindow
GetWindowTextA
GetClassNameA

gdi32

SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
TextOutA
DeleteDC
GetStockObject
Escape
GetDeviceCaps
RectVisible
PtVisible
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
ExtTextOutA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantInit
VariantClear
VariantChangeType

Exports

Exports

ABS_ModeSetting
APGestureSelect
CreateETDGestureEventToKernel
CreateETDScrollEventToKernel
CreateETDSmartPadEventToKernel
DisableWhenType
DisableWhenUSBMouse
DispatchCreate
GetDebugData
GetETDGestureEventData
GetHIDMouseIgnore
GetKBCData
GetUIDisplay
LightSetting
NotifyEnable
SetOsVersion
SmartMotionSlowDown
SuspendEnableKernelData
SwapButton
UpdateRegistry
WriteMainRegistry

Sections

.text
Size: 187KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ETDCtrl.exe
.exe windows:5 windows x64 arch:x64

715b2a639a77dbe277b7876221ee827a

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3c:41:a3:b1:ac:d5:c5:99:6b:cb:92:4a:49:a3:f9:8e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

07/11/2008, 00:00

Not After

07/11/2009, 23:59

Subject

CN=ELAN Microelectronics Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=NB Input Devices Center,O=ELAN Microelectronics Corporation,L=Taipei Hsien,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Documents and Settings\97178\桌面\ETD7059\ETDCtrl\x64\Release\ETDCtrl.pdb

Imports

wtsapi32

WTSRegisterSessionNotification

advapi32

RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
GetNamedSecurityInfoA
SetEntriesInAclA
SetNamedSecurityInfoA
AllocateAndInitializeSid
FreeSid
RegEnumKeyA
RegOpenKeyA
RegQueryValueA
RegDeleteKeyA

kernel32

CreateFileA
FileTimeToSystemTime
GetModuleHandleW
SetErrorMode
GetTickCount
FileTimeToLocalFileTime
GetFileAttributesA
GetFileSizeEx
GetFileTime
GetCommandLineA
GetStartupInfoA
HeapAlloc
HeapFree
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
Sleep
ExitProcess
ExitThread
CreateThread
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapQueryInformation
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
GetACP
IsValidCodePage
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapSetInformation
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
OpenMutexA
CreateMutexA
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
WTSGetActiveConsoleSessionId
GetVersionExA
CreateEventA
SetThreadPriority
SetPriorityClass
SetEvent
LoadLibraryA
GetProcAddress
GetUserDefaultUILanguage
WaitForMultipleObjects
CloseHandle
SetCurrentDirectoryA
lstrcpyA
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceA
OpenEventA
DeleteCriticalSection
FreeLibrary
GetWindowsDirectoryA
LocalFree
FreeResource
GlobalFree
HeapCreate
GlobalUnlock
GlobalLock
lstrlenA
GetModuleHandleA
lstrcmpW
MultiByteToWideChar
SetLastError
GetLastError
CompareStringA
GlobalDeleteAtom
GlobalFindAtomA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
TlsFree
LocalReAlloc
TlsSetValue
GlobalAddAtomA
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
TlsGetValue
LocalAlloc
GlobalFlags
GetModuleFileNameW
FormatMessageA
MulDiv
GetCurrentProcessId
SuspendThread
WaitForSingleObject
ResumeThread
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
lstrcmpA
GlobalAlloc
GetCurrentThreadId
GlobalGetAtomNameA

user32

MessageBeep
CharUpperA
UnregisterClassA
RegisterClipboardFormatA
PostThreadMessageA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetWindowThreadProcessId
GetMessageA
TranslateMessage
ValidateRect
SetWindowContextHelpId
MapDialogRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
GetNextDlgGroupItem
SetPropA
GetPropA
RemovePropA
GetLastActivePopup
DispatchMessageA
GetTopWindow
GetWindowLongPtrA
SetWindowLongPtrA
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
TrackPopupMenu
GetKeyState
SetMenu
IsWindowVisible
UpdateWindow
GetMenuItemID
GetMenuItemCount
MessageBoxA
CreateWindowExA
GetClassInfoExA
RegisterClassA
GetSysColor
AdjustWindowRectEx
EqualRect
CopyRect
SetWindowPlacement
PtInRect
DefWindowProcA
CallWindowProcA
GetMenu
OffsetRect
IntersectRect
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetFocus
SetWindowPos
SetFocus
ShowWindow
MoveWindow
SetWindowLongA
GetDlgCtrlID
ReleaseCapture
SetCapture
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
GetSysColorBrush
DestroyMenu
GetClassLongPtrA
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
GetWindow
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
GetForegroundWindow
SystemParametersInfoA
SetForegroundWindow
GetSubMenu
LoadMenuA
PostMessageA
LoadCursorA
KillTimer
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
SetTimer
SendMessageA
PostQuitMessage
LoadIconA
RegisterWindowMessageA
EnableWindow
SetCursor
GetCursorPos
GetClassInfoA

gdi32

SaveDC
RestoreDC
SetMapMode
DeleteObject
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
CreateBitmap
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
GetStockObject
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
ScaleViewportExtEx
GetDeviceCaps
GetObjectA
SetBkColor
SetTextColor
GetClipBox
TextOutA

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

shell32

ShellExecuteExA
Shell_NotifyIconA

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
StrStrIA

oledlg

ord8

ole32

CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SysStringLen
VariantCopy
SysAllocString
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreateFontIndirect
SysAllocStringByteLen
VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
SysFreeString

Sections

.text
Size: 285KB - Virtual size: 285KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ETDFavorite.dll
.dll windows:5 windows x64 arch:x64

7737292f382e6dea12a4cfd34b9ca779

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Workstation\ETD7_Driver\ETD7.0.6.0\ETDFavorite\x64\Release\ETDFavorite.pdb

Imports

kernel32

RtlPcToFileHeader
Sleep
ExitProcess
HeapSize
HeapQueryInformation
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
RaiseException
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetCurrentDirectoryA
GetDriveTypeA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
RtlUnwindEx
RtlLookupFunctionEntry
HeapReAlloc
HeapFree
HeapAlloc
GetCommandLineA
FlsSetValue
GetFullPathNameW
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
GlobalFlags
WritePrivateProfileStringW
lstrlenA
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
FindFirstFileW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileW
FindClose
GetCurrentProcessId
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GetVersionExW
CompareStringW
LoadLibraryA
GetVersionExA
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesW
GetModuleFileNameW
lstrcmpA
GetLocaleInfoW
CompareStringA
lstrcmpW
FreeLibrary
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
lstrlenW
MulDiv
WideCharToMultiByte
CloseHandle
SetEvent
OpenEventW
GetWindowsDirectoryW
SetCurrentDirectoryW
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetLastError
SetLastError
LocalFree
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
GetEnvironmentStringsW
SizeofResource

user32

DestroyMenu
LoadCursorW
GetSysColorBrush
UnregisterClassW
EndPaint
BeginPaint
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
ShowWindow
SetWindowTextW
IsDialogMessageW
ReleaseDC
GetWindowThreadProcessId
SetCursor
GetMessageW
TranslateMessage
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetActiveWindow
CreateDialogIndirectParamW
IsWindowEnabled
GetNextDlgTabItem
EndDialog
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageA
WinHelpW
GetCapture
SetWindowsHookExW
GetClassNameW
GetClassLongPtrW
SetPropW
GetPropW
RemovePropW
GetFocus
IsWindow
SetFocus
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
GetDlgItem
GetTopWindow
DestroyWindow
GetWindowLongPtrW
SetWindowLongPtrW
UnhookWindowsHookEx
GetMessageTime
PeekMessageW
MapWindowPoints
GetKeyState
SetMenu
GetCursorPos
GetWindowRect
SetTimer
SendMessageW
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetClientRect
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
GetParent
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SendDlgItemMessageW
GetSystemMetrics
mouse_event
KillTimer
EnableWindow
GetDesktopWindow
GetDC
GetSysColor
CopyRect
SetRect
OffsetRect
DrawFocusRect
DrawStateW
DestroyIcon
GetMessagePos
ScreenToClient
InvalidateRect
GetSubMenu
GetMenuItemCount
GetMenuItemID
PtInRect
GetMenu
GetWindowLongW
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
PostMessageW
PostQuitMessage
GetMenuState
CallNextHookEx

gdi32

GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
GetDeviceCaps
DeleteObject
SetMapMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
GetObjectW
SetBkColor
SetTextColor
GetClipBox
PtVisible

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegCreateKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegQueryValueExW
RegCloseKey

shell32

ShellExecuteExW
SHGetFileInfoW

comctl32

ImageList_GetIconSize

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
PathFindExtensionW

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx
CoTaskMemFree

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

FavoriteSetting
FavoriteShow
SetFavoriteHWnd

Sections

.text
Size: 197KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ETDInst.dll
.dll windows:4 windows x64 arch:x64

a6da39ee38e7164ff60852000cfc8b5e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

setupapi

SetupDiGetINFClassA
SetupDiCreateDeviceInfoList
SetupDiCreateDeviceInfoA
SetupDiSetDeviceRegistryPropertyA
SetupDiCallClassInstaller
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList

newdev

UpdateDriverForPlugAndPlayDevicesA

kernel32

lstrlenW
GetModuleFileNameA
MultiByteToWideChar
DeleteCriticalSection
GetCurrentThreadId
RaiseException
InitializeCriticalSection
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
CloseHandle
GetCurrentProcess
RemoveDirectoryA
FindClose
FindNextFileA
DeleteFileA
lstrcmpA
lstrcatA
GetWindowsDirectoryA
Process32Next
TerminateProcess
GetExitCodeProcess
OpenProcess
Process32First
CreateToolhelp32Snapshot
EnterCriticalSection
FlushInstructionCache
LeaveCriticalSection
VirtualProtect
VirtualAlloc
GetProcAddress
GetModuleHandleA
GetSystemInfo
VirtualQuery
RtlPcToFileHeader
RtlUnwindEx
RtlLookupFunctionEntry
HeapAlloc
HeapFree
HeapReAlloc
FlsSetValue
GetCommandLineA
GetVersionExA
GetProcessHeap
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WideCharToMultiByte
RtlVirtualUnwind
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
TlsFree
FlsFree
TlsSetValue
FlsAlloc
ExitProcess
WriteFile
GetStdHandle
HeapSetInformation
HeapCreate
HeapDestroy
HeapSize
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
LoadLibraryA
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
GetThreadLocale
InterlockedPushEntrySList
VirtualFree
InterlockedPopEntrySList
FindFirstFileA
lstrcpyA
LocalAlloc
lstrlenA
GetLastError
FormatMessageA
LocalFree
SetLastError
IsDebuggerPresent

user32

SetFocus
IsChild
EndPaint
FillRect
BeginPaint
GetClientRect
IsWindow
RedrawWindow
SetWindowPos
GetClassNameA
GetParent
CreateAcceleratorTableA
MoveWindow
ClientToScreen
ScreenToClient
ReleaseCapture
SetCapture
InvalidateRect
InvalidateRgn
GetFocus
DestroyWindow
CallWindowProcA
CreateWindowExA
UnregisterClassA
CharNextA
MessageBoxA
GetSysColor
DestroyAcceleratorTable
wsprintfA
GetDesktopWindow
GetTopWindow
GetWindow
ExitWindowsEx
GetDC
ReleaseDC
SendMessageA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
SetWindowLongPtrA
GetWindowLongPtrA
GetWindowLongA
SetWindowLongA
DefWindowProcA
RegisterWindowMessageA
GetClassInfoExA
LoadCursorA
RegisterClassExA
GetDlgItem

advapi32

RegQueryValueExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegCloseKey

ole32

CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleInitialize
OleUninitialize
CoTaskMemAlloc
OleLockRunning
CreateStreamOnHGlobal
CoCreateInstance
StringFromGUID2

oleaut32

SysFreeString
LoadTypeLi
SysAllocString
SysStringLen
VariantInit
VariantClear
SysStringByteLen
SysAllocStringLen
OleCreateFontIndirect
LoadRegTypeLi

gdi32

DeleteDC
BitBlt
GetDeviceCaps
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
CreateSolidBrush
GetObjectA
GetStockObject

Exports

Exports

CheckTaskApl
CloseTaskApl
ETDInstall
InstallINF
KTech_DeleteFile
TerminateTaskApl

Sections

.text
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ETDMag.exe
.exe windows:5 windows x64 arch:x64

d38aa477f7e7186a4610c9e336911abb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

HeapFree
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InitializeCriticalSectionAndSpinCount
LoadLibraryA
EnterCriticalSection
HeapSize
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapCreate
HeapSetInformation
FlsAlloc
GetLocaleInfoA
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
HeapAlloc
HeapReAlloc
CreateMutexA
GetModuleFileNameA
ExitProcess
GetCurrentThreadId
SetLastError
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
Sleep
GetProcAddress
WriteFile
GetStdHandle
RtlUnwindEx
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree

user32

GetMessageA
TranslateMessage
DispatchMessageA
DestroyMenu
PostQuitMessage
TrackPopupMenu
LoadIconA
RegisterClassExA
CreateWindowExA
ShowWindow
UpdateWindow
SetForegroundWindow
KillTimer
SetTimer
LoadCursorA
SetCursor
DestroyWindow
DefWindowProcA
ShowCursor
LoadMenuA
GetSubMenu
SetMenuDefaultItem
EnableMenuItem
CheckMenuItem
wsprintfA
EnumWindows
GetClassNameA
BeginPaint
EndPaint
GetDC
MessageBoxA
SendMessageA
ReleaseDC
InvalidateRect
ValidateRect
GetSystemMetrics
LoadBitmapA
GetCursorPos

gdi32

GdiFlush
StretchBlt
CreatePen
MoveToEx
LineTo
CreateDCA
CreateCompatibleBitmap
BitBlt
DeleteDC
DeleteObject
CreateCompatibleDC
SelectObject
GetObjectA
GetStockObject

advapi32

RegCloseKey
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA

shell32

Shell_NotifyIconA

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ETDMcpl.dll
.dll regsvr32 windows:5 windows x64 arch:x64

ae47c2edc586c3b72a4405e219e203fd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineA
Sleep
ExitProcess
ExitThread
CreateThread
RtlPcToFileHeader
HeapReAlloc
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapQueryInformation
HeapSize
HeapSetInformation
HeapCreate
HeapDestroy
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetStdHandle
GetModuleFileNameA
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
FlsSetValue
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
RtlLookupFunctionEntry
HeapAlloc
RtlUnwindEx
HeapFree
GetShortPathNameW
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
WritePrivateProfileStringW
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
TlsGetValue
LocalAlloc
GlobalFlags
FreeResource
GlobalFindAtomW
LoadLibraryA
GetVersionExA
lstrlenA
CompareStringW
VirtualProtect
GlobalFree
GlobalUnlock
FormatMessageW
MulDiv
GetCurrentProcessId
GlobalAddAtomW
SuspendThread
WaitForSingleObject
ResumeThread
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
WideCharToMultiByte
GlobalLock
lstrcmpW
GlobalAlloc
GetUserDefaultUILanguage
LocalFree
OpenEventW
SetEvent
CreateEventW
SetThreadPriority
SetPriorityClass
WaitForMultipleObjects
CloseHandle
GetVersionExW
LockResource
SetLastError
GetWindowsDirectoryW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
lstrcmpiW
FreeLibrary
LoadLibraryW
GetModuleFileNameW
lstrlenW
GetModuleHandleW
GetProcAddress
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
SetHandleCount

user32

DestroyMenu
GetSysColorBrush
UnregisterClassW
GetDesktopWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
SendDlgItemMessageA
SendDlgItemMessageW
WinHelpW
GetClassNameW
GetClassLongPtrW
GetWindowTextW
GetForegroundWindow
GetTopWindow
DestroyWindow
GetWindowLongPtrW
GetMessageTime
MapWindowPoints
SetMenu
SetForegroundWindow
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
GetDlgCtrlID
DefWindowProcW
GetMenu
SystemParametersInfoA
GetWindowPlacement
GetWindow
EndPaint
BeginPaint
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetCapture
SetActiveWindow
SetWindowPos
ShowWindow
GetPropW
RemovePropW
GetDlgItem
UnhookWindowsHookEx
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowThreadProcessId
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
MessageBoxW
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
GetParent
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
PostMessageW
PostQuitMessage
SetWindowLongPtrW
CallWindowProcW
SetFocus
GetWindowRect
IsIconic
ReleaseDC
LoadBitmapW
GetMessagePos
DestroyIcon
GetDC
CopyRect
LoadCursorW
GetSysColor
IsWindow
EnableWindow
GetClientRect
SendMessageW
PtInRect
SetCursor
LoadIconW
GetSystemMetrics
CharNextW
SetPropW

gdi32

DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetStockObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
GetDeviceCaps
CreateBitmap
DeleteObject
GetObjectW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

GetNamedSecurityInfoW
RegOpenKeyExW
RegDeleteKeyW
RegSetValueW
RegOpenKeyW
RegEnumKeyW
AllocateAndInitializeSid
FreeSid
RegQueryValueExW
SetEntriesInAclW
SetNamedSecurityInfoW
RegQueryValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegCloseKey

shell32

ShellExecuteExW
ExtractIconW

comctl32

CreatePropertySheetPageW
DestroyPropertySheetPage

shlwapi

PathFindFileNameW
PathFindExtensionW

ole32

StringFromCLSID
CoRegisterClassObject
StringFromGUID2
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoRevokeClassObject
CoDisconnectObject

oleaut32

SysStringLen
SysFreeString
SysAllocString
LoadTypeLi
RegisterTypeLi
VarUI4FromStr
SysStringByteLen
SysAllocStringLen
VariantClear
VariantCopy
VariantChangeType
VariantInit

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 217KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ETDUI.cpl
.dll windows:5 windows x64 arch:x64

ce8e560973fd390615b61b8ccc20b449

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Documents and Settings\97178\桌面\ETD7059\ETDUnicode\x64\Release\ETDUI.pdb

Imports

wtsapi32

WTSRegisterSessionNotification

kernel32

RtlLookupFunctionEntry
RtlUnwindEx
Sleep
ExitProcess
RaiseException
RtlPcToFileHeader
HeapReAlloc
ExitThread
CreateThread
HeapQueryInformation
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
HeapFree
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetCurrentDirectoryA
GetDriveTypeA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
HeapAlloc
GetCommandLineA
FlsSetValue
GetFullPathNameW
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
lstrlenA
WritePrivateProfileStringW
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
FindFirstFileW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileW
FindClose
GlobalFindAtomW
CompareStringW
LoadLibraryA
GetVersionExA
GetCurrentProcessId
GlobalAddAtomW
SuspendThread
WaitForSingleObject
ResumeThread
FreeResource
GlobalFree
GlobalUnlock
FormatMessageW
MulDiv
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesW
GetModuleFileNameW
lstrcmpA
GetLocaleInfoW
WideCharToMultiByte
CompareStringA
GlobalLock
lstrcmpW
GlobalAlloc
LocalFree
GetUserDefaultUILanguage
OpenEventW
GetVersionExW
SetEvent
CloseHandle
WaitForMultipleObjects
SetPriorityClass
SetThreadPriority
CreateEventW
MultiByteToWideChar
GetProcAddress
GetModuleHandleW
GetLastError
SetLastError
WinExec
lstrlenW
lstrcatW
lstrcpyW
FreeLibrary
GetWindowsDirectoryW
LoadLibraryW
FindResourceW
LoadResource
LockResource
SizeofResource
GetEnvironmentStrings

user32

UnregisterClassW
WindowFromPoint
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
SendDlgItemMessageA
SendDlgItemMessageW
WinHelpW
GetCapture
GetClassNameW
GetClassLongPtrW
SetPropW
GetPropW
RemovePropW
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetTopWindow
GetWindowLongPtrW
UnhookWindowsHookEx
GetMessageTime
MapWindowPoints
SetMenu
SetForegroundWindow
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
GetDlgCtrlID
DefWindowProcW
GetMenu
SetWindowPos
SystemParametersInfoA
GetWindow
GetWindowThreadProcessId
GetLastActivePopup
MessageBoxW
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetWindowLongW
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
PostMessageW
PostQuitMessage
SetWindowLongPtrW
CallWindowProcW
SetFocus
IsZoomed
DrawFrameControl
InflateRect
DrawCaption
DestroyMenu
GetSysColorBrush
IsIconic
GetWindowRect
SetTimer
KillTimer
LoadBitmapW
GetSystemMetrics
ReleaseDC
ScreenToClient
GetMessagePos
DestroyIcon
DrawStateW
DrawFocusRect
OffsetRect
SetRect
CopyRect
GetDC
CopyIcon
LoadCursorW
InvalidateRect
IsWindow
SetWindowLongW
SetCursor
SetCapture
RedrawWindow
ReleaseCapture
PtInRect
GetClientRect
MessageBeep
SendMessageW
GetSysColor
EnableWindow
LoadStringW
LoadIconW
GetWindowPlacement

gdi32

DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetObjectW
GetStockObject
SetMapMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetDeviceCaps
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
CombineRgn
CreateRectRgnIndirect
RectInRegion
GetTextExtentPoint32W
CreateFontIndirectW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

SetNamedSecurityInfoW
RegOpenKeyW
RegEnumKeyW
FreeSid
AllocateAndInitializeSid
RegOpenKeyExW
SetEntriesInAclW
GetNamedSecurityInfoW
RegQueryInfoKeyW
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
RegSetValueExW
RegCloseKey
RegQueryValueW

shell32

SHGetFileInfoW
ShellExecuteW

comctl32

ImageList_GetIconSize

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
PathFindExtensionW

ole32

CoUninitialize
CoTaskMemFree
CoCreateInstance
CoInitializeEx

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

CPlApplet

Sections

.text
Size: 350KB - Virtual size: 350KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ETDUninst.dll
.dll windows:5 windows x64 arch:x64

323ab95bc4e208505f98980c23a8339f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Documents and Settings\97178\桌面\ETD7059\ETDUninst_Dll\x64\Release\ETDUninst.pdb

Imports

setupapi

SetupCopyOEMInfA

kernel32

FlsSetValue
GetCommandLineA
HeapAlloc
HeapFree
RtlLookupFunctionEntry
RtlUnwindEx
Sleep
ExitProcess
HeapReAlloc
RaiseException
RtlPcToFileHeader
HeapSize
HeapQueryInformation
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
GetACP
IsValidCodePage
LCMapStringA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetOEMCP
GetCPInfo
CreateFileA
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
GlobalFindAtomA
lstrcmpW
GetModuleHandleW
GlobalGetAtomNameA
GlobalFlags
WritePrivateProfileStringA
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetModuleFileNameW
GetCurrentProcessId
GlobalAddAtomA
CloseHandle
GetLastError
SetLastError
GlobalFree
GlobalUnlock
FormatMessageA
LocalFree
lstrlenA
MultiByteToWideChar
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
LoadLibraryA
CompareStringA
GlobalLock
lstrcmpA
GlobalAlloc
FreeLibrary
GetModuleHandleA
GetProcAddress
GetVersionExA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
RemoveDirectoryA
FindClose
FindNextFileA
DeleteFileA
FindFirstFileA
GetWindowsDirectoryA
LCMapStringW

user32

DestroyMenu
ShowWindow
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
GetClassLongPtrA
SetPropA
GetPropA
RemovePropA
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetWindowLongPtrA
SetWindowLongPtrA
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
LoadCursorA
GetSystemMetrics
GetSysColorBrush
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
GetWindowTextA
SetWindowTextA
PostQuitMessage
PostMessageA
GetSubMenu
GetSysColor
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetMenuItemCount
GetMenuItemID
GetMenuState
CheckMenuItem
EnableMenuItem
ModifyMenuA
SendMessageA
GetParent
GetFocus
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
GetCursorPos
PeekMessageA
GetKeyState
IsWindowVisible
UnregisterClassA
UnhookWindowsHookEx
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow

gdi32

DeleteDC
GetStockObject
ExtTextOutA
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
GetDeviceCaps
TextOutA
RectVisible
PtVisible
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
Escape

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegQueryInfoKeyA
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteExA

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

ETD_DeleteFile

Sections

.text
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ETDUninst.exe
.exe windows:5 windows x64 arch:x64

d0aaa730c55923f3edde2e638a467981

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Documents and Settings\97178\桌面\ETD7059\ETDUninst_Exe_Unicode\x64\Release\ETDUninst.pdb

Imports

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW

newdev

UpdateDriverForPlugAndPlayDevicesW

kernel32

GetStartupInfoW
HeapAlloc
HeapFree
RtlLookupFunctionEntry
RtlUnwindEx
Sleep
ExitProcess
HeapReAlloc
RaiseException
RtlPcToFileHeader
HeapQueryInformation
HeapSize
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
HeapSetInformation
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
GetCurrentDirectoryA
GetDriveTypeA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
SetErrorMode
lstrlenA
GetFullPathNameW
FlushFileBuffers
SetFilePointer
WriteFile
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileW
FindClose
GlobalFindAtomW
GetVersionExW
CompareStringW
LoadLibraryA
GetVersionExA
MulDiv
GetCurrentProcessId
GlobalAddAtomW
GlobalUnlock
GlobalFree
FreeResource
WritePrivateProfileStringW
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesW
GetModuleFileNameW
lstrcmpA
GetLocaleInfoW
LoadLibraryW
WideCharToMultiByte
CompareStringA
GlobalLock
GlobalAlloc
FreeLibrary
GetModuleHandleW
GetProcAddress
MultiByteToWideChar
SetLastError
LocalFree
FormatMessageW
GetLastError
FindFirstFileW
lstrcmpW
CloseHandle
GetCurrentProcess
lstrlenW
CopyFileW
GetTempPathW
lstrcatW
lstrcpyW
GetWindowsDirectoryW
FindResourceW
LoadResource
LockResource
SizeofResource
GetCommandLineW
CreateMutexW
OpenMutexW
HeapCreate

user32

GetSysColorBrush
LoadCursorW
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SendDlgItemMessageA
WinHelpW
GetCapture
GetClassNameW
GetClassLongPtrW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetTopWindow
GetWindowLongPtrW
SetWindowLongPtrW
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
SetWindowPlacement
DefWindowProcW
CallWindowProcW
CopyRect
PtInRect
GetMenu
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetWindowTextW
SetWindowPos
SetFocus
ShowWindow
SetWindowLongW
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SendDlgItemMessageW
GetWindow
RegisterWindowMessageW
LoadIconW
PostQuitMessage
SendMessageW
UnhookWindowsHookEx
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowThreadProcessId
GetLastActivePopup
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
DestroyMenu
SetForegroundWindow
UnregisterClassW
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
wsprintfW
ExitWindowsEx
PostMessageW
MessageBoxW
EnableWindow
EndDialog
GetNextDlgTabItem
GetParent
IsWindowEnabled
GetDlgItem
GetWindowLongW
IsWindow
DestroyWindow
CreateDialogIndirectParamW
SetActiveWindow
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
GetDesktopWindow

gdi32

DeleteDC
GetStockObject
Escape
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetClipBox
GetDeviceCaps
CreateBitmap
ExtTextOutW
TextOutW
RectVisible
PtVisible
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetObjectW
SetBkColor
SetTextColor
SelectObject

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegQueryValueW
RegOpenKeyW
RegEnumKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW

shlwapi

PathFindFileNameW
PathFindExtensionW

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Eula0401ARA.tx_
Eula0404CHT.tx_
Eula0405CZE.tx_
Eula0406DAN.tx_
Eula0407GER.tx_
Eula0408GRE.tx_
Eula0409ENU.tx_
Eula040BFIN.tx_
Eula040CFRA.tx_
Eula040DHEB.tx_
Eula040EHUN.tx_
Eula0410ITA.tx_
Eula0411JPN.tx_
Eula0412KOR.tx_
Eula0413HOL.tx_
Eula0414NOR.tx_
Eula0415POL.tx_
Eula0416BRA.tx_
Eula0418ROM.tx_
Eula0419RUS.tx_
Eula041ACRO.tx_
Eula041BSLK.tx_
Eula041DSWE.tx_
Eula041ETHA.tx_
Eula041FTUR.tx_
Eula0424SLO.tx_
Eula0804PRC.tx_
Eula0816POR.tx_
Eula0C04HK.tx_
Eula0C0ASPN.tx_
PNPINST64.exe
.exe windows:4 windows x64 arch:x64

99e7e3f84a732c7069ce99515c34c1c9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

37:ed:90:92:bd:d1:dc:cf:58:d2:af:a4:7f:96:14:48
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

22/07/2008, 00:00

Not After

31/07/2009, 23:59

Subject

CN=ASUSTeK Computer Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Quality Testing Department,O=ASUSTeK Computer Inc.,L=Taipei / Peitou,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

57:6d:2b:f7:d7:82:51:06:cc:ad:00:c1:27:c7:31:a1:a1:10:9e:35
Signer

Actual PE Digest

57:6d:2b:f7:d7:82:51:06:cc:ad:00:c1:27:c7:31:a1:a1:10:9e:35

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\working\[project][tranfer]\2ksetup\2ksetup\w64\070704_01\x64\release\PNPINST64.pdb

Imports

kernel32

HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
HeapReAlloc
HeapSize
ExitProcess
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
HeapSetInformation
HeapCreate
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
Sleep
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
SetFilePointer
GetModuleHandleA
GlobalFlags
GetThreadLocale
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
LoadLibraryA
lstrcmpW
GetVersionExA
GetVersion
MultiByteToWideChar
GetCurrentThreadId
FormatMessageW
GetModuleHandleW
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalFree
LocalAlloc
lstrlenW
GetCurrentProcessId
SizeofResource
SetLastError
WinExec
WideCharToMultiByte
GetPrivateProfileStringW
SetCurrentDirectoryW
GetModuleFileNameW
CloseHandle
WriteFile
CreateFileW
GetLastError
SetPriorityClass
FreeLibrary
GlobalLock
GlobalAlloc
GlobalFree
GlobalUnlock
LockResource
FindResourceW
LoadResource
GetSystemDefaultLangID
GetProcAddress
LoadLibraryW
GetCurrentProcess
QueryPerformanceCounter
GetVersionExW

user32

PostQuitMessage
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
DestroyMenu
ClientToScreen
SetWindowTextW
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassNameW
GetClassLongPtrW
SetPropW
GetPropW
RemovePropW
IsWindow
GetWindowTextW
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
SetWindowLongPtrW
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
PostMessageW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
LoadCursorW
GetSystemMetrics
GetDC
ReleaseDC
GetWindowLongPtrW
GetSysColor
GetSysColorBrush
SetWindowsHookExW
CallNextHookEx
DispatchMessageW
GetKeyState
PeekMessageW
ValidateRect
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
UnhookWindowsHookEx
GetWindowThreadProcessId
SendMessageW
GetWindowLongW
GetParent
GetLastActivePopup
IsWindowEnabled
EnableWindow
wsprintfW
MessageBoxW
ExitWindowsEx
UnregisterClassA

gdi32

DeleteDC
GetStockObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutW
RectVisible
PtVisible
GetDeviceCaps
SetMapMode
RestoreDC
SaveDC
ExtTextOutW
DeleteObject
SetBkColor
SetTextColor
GetClipBox
CreateBitmap

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Setup.exe
.exe windows:5 windows x64 arch:x64

bf0d433f86d12cdebe5d2e31802c103e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Documents and Settings\97178\桌面\ETD7059\Setup_DPInst\x64\Release\Setup.pdb

Imports

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA

newdev

UpdateDriverForPlugAndPlayDevicesA

kernel32

GetConsoleCP
GetConsoleMode
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
LCMapStringW
LCMapStringA
GetCommandLineA
GetCurrentDirectoryA
lstrcpyA
lstrcatA
GetVersionExA
lstrcmpA
FindFirstFileA
FindResourceA
LoadResource
WideCharToMultiByte
GetTimeZoneInformation
SizeofResource
LockResource
GetProcAddress
GetModuleHandleA
FreeLibrary
GlobalAlloc
GlobalLock
CompareStringA
LoadLibraryA
GetLocaleInfoA
GetModuleFileNameA
EnumResourceLanguagesA
ConvertDefaultLocale
CompareStringW
GetCurrentThread
GlobalDeleteAtom
GlobalFree
FreeResource
GetPrivateProfileIntA
WritePrivateProfileStringA
lstrlenA
GlobalUnlock
CloseHandle
SetThreadPriority
ResumeThread
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
HeapCreate
HeapSetInformation
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
GetStringTypeW
GetStringTypeA
IsValidCodePage
GetACP
FlsAlloc
FlsFree
FlsSetValue
FlsGetValue
DecodePointer
EncodePointer
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObject
GetCurrentThreadId
GetDriveTypeA
TerminateProcess
GetFileType
GlobalAddAtomA
SetLastError
SetStdHandle
GetSystemTimeAsFileTime
HeapSize
HeapQueryInformation
VirtualQuery
GetSystemInfo
VirtualAlloc
RtlPcToFileHeader
RaiseException
HeapReAlloc
CreateThread
ExitThread
ExitProcess
RtlUnwindEx
RtlLookupFunctionEntry
HeapFree
HeapAlloc
GetStartupInfoA
FindResourceExA
VirtualProtect
GetFileTime
GetFileSizeEx
Sleep
GetProfileIntA
GetTickCount
SearchPathA
GetTempPathA
GetTempFileNameA
SetErrorMode
GetOEMCP
GetCPInfo
GetModuleHandleW
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
CreateFileA
GetFileSize
GetFileAttributesA
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
FindClose
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
CopyFileA
GlobalSize
FormatMessageA
LocalFree
lstrlenW
MulDiv
MultiByteToWideChar
GetModuleFileNameW
GetCurrentProcessId
GetLastError

user32

IsClipboardFormatAvailable
MapVirtualKeyExA
GetKeyNameTextA
IsCharLowerA
UnpackDDElParam
ReuseDDElParam
InsertMenuItemA
TranslateAcceleratorA
GetMenuDefaultItem
SetMenuDefaultItem
UpdateLayeredWindow
EnableScrollBar
UnionRect
SetCursorPos
DrawIconEx
DrawFocusRect
DrawFrameControl
DrawEdge
GetMenuItemInfoA
UnregisterClassA
GetNextDlgGroupItem
InvalidateRgn
SetRect
CharNextA
EmptyClipboard
CloseClipboard
SetClipboardData
LoadImageA
DestroyIcon
CopyImage
OpenClipboard
DrawStateA
RegisterClipboardFormatA
EnumChildWindows
LockWindowUpdate
BringWindowToTop
IsRectEmpty
KillTimer
SetTimer
InvalidateRect
InflateRect
ReleaseCapture
IsMenu
SetCapture
GetSystemMenu
SetClassLongPtrA
WindowFromPoint
SetParent
CreatePopupMenu
NotifyWinEvent
SetWindowRgn
CreateAcceleratorTableA
LoadAcceleratorsA
DestroyAcceleratorTable
GetAsyncKeyState
CharUpperA
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyA
ToAsciiEx
CopyAcceleratorTableA
DestroyMenu
WaitMessage
PostThreadMessageA
LoadMenuA
GetSysColorBrush
LoadCursorA
SetRectEmpty
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetWindowLongPtrA
SetWindowLongPtrA
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
SetWindowPlacement
PtInRect
DefWindowProcA
CallWindowProcA
GetMenu
IntersectRect
GetWindowPlacement
GetWindowRect
GetWindowTextLengthA
GetWindowTextA
SetFocus
ShowWindow
MoveWindow
SetWindowLongA
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
CheckDlgButton
GetMenuStringA
AppendMenuA
InsertMenuA
GetMenuItemID
GetMenuItemCount
GetSubMenu
RemoveMenu
UnhookWindowsHookEx
GetWindowThreadProcessId
GetLastActivePopup
MessageBoxA
ShowOwnedPopups
SetCursor
DefFrameProcA
DefMDIChildProcA
DrawMenuBar
TranslateMDISysAccel
FrameRect
DestroyCursor
GetWindowRgn
CreateMenu
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetDoubleClickTime
GetIconInfo
SubtractRect
CopyIcon
CharUpperBuffA
GetClassLongPtrA
GetUpdateRect
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetWindow
SetWindowContextHelpId
GetParent
MapDialogRect
SetWindowPos
WinHelpA
SystemParametersInfoA
OffsetRect
MessageBeep
RedrawWindow
IsZoomed
EnableWindow
PostMessageA
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
PostQuitMessage
SendMessageA
LoadIconA
RegisterWindowMessageA
DeleteMenu

gdi32

CreateRectRgn
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
CreateCompatibleDC
GetStockObject
SelectPalette
GetObjectType
CreatePen
CreateSolidBrush
CreateHatchBrush
CreateRectRgnIndirect
OffsetRgn
GetRgnBox
GetDCOrgEx
CreateDIBitmap
CreateFontIndirectA
CreateCompatibleBitmap
GetTextMetricsA
EnumFontFamiliesA
GetTextCharsetInfo
CreateRoundRectRgn
GetTextColor
SelectClipRgn
SetDIBColorTable
PatBlt
GetDIBits
RealizePalette
CombineRgn
StretchBlt
SetPixel
CreateDIBSection
GetBkColor
SetRectRgn
GetMapMode
DPtoLP
CreateEllipticRgn
CreatePolygonRgn
Polyline
Ellipse
Polygon
Rectangle
RoundRect
CreatePalette
GetPaletteEntries
GetWindowOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetViewportOrgEx
LPtoDP
ExtFloodFill
SetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
EnumFontFamiliesExA
GetTextFaceA
SetPixelV
DeleteObject
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
GetObjectA
SetBkColor
SetTextColor
CopyMetaFileA
GetDeviceCaps
GetTextExtentPoint32A
CreateBitmap
GetClipBox

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegCloseKey
RegQueryInfoKeyA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyA
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueA

shell32

DragFinish
SHAppBarMessage
SHGetPathFromIDListA
ShellExecuteA
DragQueryFileA
ShellExecuteExA
SHGetFileInfoA
SHBrowseForFolderA

comctl32

InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathRemoveFileSpecW

oledlg

ord8

ole32

OleInitialize
CoFreeUnusedLibraries
OleUninitialize
OleGetClipboard
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
OleLockRunning
CoCreateInstance
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CreateStreamOnHGlobal
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CoRegisterMessageFilter
CoRevokeClassObject
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoInitializeEx
CoUninitialize

oleaut32

VariantCopy
SysAllocString
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreateFontIndirect
VariantInit
VariantChangeType
VariantClear
SysAllocStringByteLen
SysStringLen
SysAllocStringLen
SysFreeString

gdiplus

GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipDrawImageI
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipCloneImage
GdipGetImageGraphicsContext

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundA

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 530KB - Virtual size: 529KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dpinst.exe
.exe windows:6 windows x64 arch:x64

3eacb9638877275335da4b58e52824f8

Code Sign

61:04:b3:f5:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:13

Not After

25/07/2011, 19:23

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:9E78-864B-039D,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:01:c6:c1:00:00:00:00:00:07
Certificate

Issuer

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/10/2008, 20:39

Not After

22/01/2010, 20:49

Subject

CN=Microsoft Windows,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:07:02:dc:00:00:00:00:00:0b
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

15/09/2005, 21:55

Not After

15/03/2016, 22:05

Subject

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

bf:2c:50:54:a4:3a:a3:54:81:e2:9a:d4:b6:4d:5c:bc:8e:cd:ae:c6
Signer

Actual PE Digest

bf:2c:50:54:a4:3a:a3:54:81:e2:9a:d4:b6:4d:5c:bc:8e:cd:ae:c6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

DpInst.pdb

Imports

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
IsTextUnicode
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetEntriesInAclW
DeleteService
CloseServiceHandle
ControlService
StartServiceW
OpenServiceW
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenSCManagerW
QueryServiceStatus
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
CheckTokenMembership

kernel32

CreateMutexW
ReleaseMutex
SetFilePointer
HeapAlloc
GetProcessHeap
HeapFree
LoadLibraryW
GetProcAddress
GetStdHandle
GetConsoleMode
SetConsoleMode
ReadConsoleOutputW
FillConsoleOutputCharacterW
SetConsoleCursorPosition
FreeConsole
FreeLibrary
WriteConsoleOutputW
WriteConsoleW
IsValidLocale
VirtualProtect
Sleep
GetFileAttributesW
DeleteFileW
FormatMessageW
RaiseException
CopyFileW
SetFileAttributesW
GetTempFileNameW
FindClose
FindNextFileW
CompareStringW
lstrcmpW
FindFirstFileW
lstrlenW
UnmapViewOfFile
GetConsoleScreenBufferInfo
CreateFileMappingW
LCMapStringW
WaitForMultipleObjectsEx
WaitForSingleObjectEx
SetEndOfFile
CreateEventW
SetEvent
LocalReAlloc
DeviceIoControl
VerifyVersionInfoW
VerSetConditionMask
GetSystemDirectoryW
GetCurrentDirectoryW
GetSystemWindowsDirectoryW
GetShortPathNameW
RemoveDirectoryW
MoveFileExW
CreateDirectoryW
GetFullPathNameW
SetLastError
GetLocaleInfoW
LoadLibraryExW
GetSystemDefaultUILanguage
SearchPathW
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
OutputDebugStringA
GetStartupInfoW
GetEnvironmentVariableW
lstrcmpiW
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapSize
HeapReAlloc
HeapDestroy
GetFileSize
CreateThread
SetThreadLocale
GetThreadLocale
WriteFile
CreateFileW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
GetCurrentProcess
GetVersionExW
GetLocalTime
GetWindowsDirectoryW
SetCurrentDirectoryW
GetUserDefaultUILanguage
EnumResourceLanguagesW
GetModuleFileNameW
GetExitCodeProcess
WaitForSingleObject
LocalFree
GlobalFree
LocalAlloc
GetLastError
GetCommandLineW
CloseHandle
MapViewOfFile

gdi32

CreateBitmap
CreateCompatibleBitmap
GetObjectW
DeleteDC
SetLayout
CreateCompatibleDC
EndPage
StartPage
EndDoc
StartDocW
GetTextMetricsW
CreateFontIndirectW
GetDeviceCaps
DeleteObject
SelectObject

user32

DestroyIcon
CreateIconIndirect
DrawIconEx
GetIconInfo
LoadIconW
LoadBitmapW
CharLowerW
UnregisterClassA
PostQuitMessage
DefWindowProcW
RegisterClassExW
CreateWindowExW
ShowWindow
AllowSetForegroundWindow
DialogBoxParamW
SetDlgItemTextW
EndDialog
MessageBoxW
GetDlgItem
SendMessageW
GetProcessWindowStation
GetUserObjectInformationW
LoadImageW
SetWindowTextW
PostMessageW
GetParent
IsDlgButtonChecked
CheckDlgButton
SetFocus
CallWindowProcW
GetWindowLongPtrW
SetWindowLongPtrW
SendDlgItemMessageW
InvalidateRect
GetSystemMetrics
GetSysColor
DestroyWindow
SetWindowLongW
SystemParametersInfoW
GetDC
ReleaseDC
DrawTextExW

msvcrt

_wcmdln
exit
_cexit
_exit
_XcptFilter
__wgetmainargs
_resetstkoflw
__C_specific_handler
memset
_wcsupr
_wcslwr
_errno
__CxxFrameHandler
fread
_initterm
fclose
fwprintf
_wfopen
realloc
??2@YAPEAX_K@Z
wcsstr
_wcsicmp
_wtol
_vscwprintf
free
malloc
??_V@YAXPEAX@Z
??3@YAXPEAX@Z
_amsg_exit
__setusermatherr
_commode
_fmode
__set_app_type
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
??1type_info@@UEAA@XZ
memcpy
memmove
_CxxThrowException
mbtowc
__mb_cur_max
isleadbyte
_iob
_snprintf
_itoa
ferror
__badioinfo
__pioinfo
_fileno
_lseeki64
_write
_isatty
_wcsnicmp
_vsnwprintf
wcsncmp
bsearch
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
iswalpha
??_U@YAPEAX_K@Z
wcschr
wcspbrk
wcsrchr
iswdigit
feof
memcmp

ntdll

NtQueryInformationToken
RtlNtStatusToDosError
NtClose
NtOpenThreadToken
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtOpenProcessToken

shell32

ord59
CommandLineToArgvW
SHGetFolderPathW
ShellExecuteExW

setupapi

SetupDiSetDeviceRegistryPropertyW
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status
SetupDiOpenDevRegKey
SetupDiEnumDeviceInfo
pSetupSetGlobalFlags
SetupDefaultQueueCallbackW
pSetupGetGlobalFlags
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupGetFieldCount
SetupGetIntField
SetupGetStringFieldW
SetupFindNextMatchLineW
SetupFindNextLine
SetupInstallServicesFromInfSectionW
SetupInstallFromInfSectionW
SetupPromptReboot
SetupDiGetDeviceInstanceIdW
SetupFindFirstLineW
SetupOpenAppendInfFileW
SetupGetLineCountW
SetupDiGetActualSectionToInstallW
SetupCloseInfFile
SetupOpenInfFileW
SetupDiGetSelectedDriverW
SetupCommitFileQueueW
SetupTermDefaultQueueCallback
SetupInitDefaultQueueCallbackEx
SetupQueueCopyW
CMP_WaitNoPendingInstallEvents
SetupCloseFileQueue
SetupOpenFileQueue
SetupDiGetDriverInfoDetailW
SetupDiSetClassInstallParamsW
SetupDiOpenDeviceInfoW
SetupDiSetSelectedDevice
SetupDiCreateDeviceInfoList
SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceInstallParamsW
SetupDiBuildDriverInfoList
SetupInstallFilesFromInfSectionW
SetupDiCallClassInstaller
SetupDiClassNameFromGuidW
SetupDiOpenClassRegKey
CM_Enumerate_Classes
CM_Get_Device_ID_ListW
CM_Get_Device_ID_List_SizeW
CM_Locate_DevNodeW
CM_Query_And_Remove_SubTreeW
CM_Setup_DevNode
CM_Get_Device_IDW
SetupCopyOEMInfW
SetupGetTargetPathW

wintrust

CryptCATAdminCalcHashFromFileHandle
WinVerifyTrust

ole32

CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance
StringFromCLSID

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString
VariantChangeType

comctl32

PropertySheetW
CreatePropertySheetPageW
ImageList_Create
ImageList_ReplaceIcon
ImageList_SetBkColor

comdlg32

PrintDlgExW
GetSaveFileNameW

crypt32

CertFreeCTLContext
CertFreeCertificateContext
CertGetCTLContextProperty
CryptQueryObject

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 510KB - Virtual size: 510KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 470KB - Virtual size: 472KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dpinst.xml
etd.cat

Sharing

General

Malware Config

Signatures

Files

b3e356c467ac6d15f5c28c8e1de6d8a5

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 94KB - Virtual size: 94KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 1KB - Virtual size: 1KB

.pdata Size: 1KB - Virtual size: 1KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 904B

.reloc Size: 1024B - Virtual size: 530B

3eb310183868548ad1fbcbbca9266458

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shlwapi

oleaut32

Exports

Exports

Sections

.text Size: 149KB - Virtual size: 148KB

.rdata Size: 51KB - Virtual size: 50KB

.data Size: 10KB - Virtual size: 33KB

.pdata Size: 10KB - Virtual size: 10KB

.rsrc Size: 15KB - Virtual size: 14KB

.reloc Size: 9KB - Virtual size: 9KB

593b31ed0bf89369a8aed42e235bdcdd

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shlwapi

oleaut32

Exports

Exports

Sections

.text Size: 126KB - Virtual size: 126KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 8KB - Virtual size: 22KB

.rsrc Size: 15KB - Virtual size: 14KB

.reloc Size: 27KB - Virtual size: 27KB

ea18702ef4e69b91e6e734781c52dfba

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

version

Exports

Exports

Sections

.text Size: 199KB - Virtual size: 199KB

.text
Size: 94KB - Virtual size: 94KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 1KB - Virtual size: 1KB

.pdata
Size: 1KB - Virtual size: 1KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 904B

.reloc
Size: 1024B - Virtual size: 530B

.text
Size: 149KB - Virtual size: 148KB

.rdata
Size: 51KB - Virtual size: 50KB

.data
Size: 10KB - Virtual size: 33KB

.pdata
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 15KB - Virtual size: 14KB

.reloc
Size: 9KB - Virtual size: 9KB

.text
Size: 126KB - Virtual size: 126KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 8KB - Virtual size: 22KB

.rsrc
Size: 15KB - Virtual size: 14KB

.reloc
Size: 27KB - Virtual size: 27KB

.text
Size: 199KB - Virtual size: 199KB

.rdata
Size: 57KB - Virtual size: 57KB

.data
Size: 10KB - Virtual size: 34KB

.pdata
Size: 12KB - Virtual size: 11KB

.my_shar
Size: 512B - Virtual size: 48B

.rsrc
Size: 15KB - Virtual size: 14KB

.reloc
Size: 9KB - Virtual size: 9KB

.text
Size: 187KB - Virtual size: 186KB

.rdata
Size: 61KB - Virtual size: 60KB

.data
Size: 10KB - Virtual size: 35KB

.pdata
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 15KB - Virtual size: 14KB

.reloc
Size: 9KB - Virtual size: 9KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

3c:41:a3:b1:ac:d5:c5:99:6b:cb:92:4a:49:a3:f9:8e
Certificate

.text
Size: 285KB - Virtual size: 285KB

.rdata
Size: 103KB - Virtual size: 102KB

.data
Size: 13KB - Virtual size: 40KB

.pdata
Size: 20KB - Virtual size: 20KB

.rsrc
Size: 177KB - Virtual size: 177KB