d9f53ba5a6312cb14543423114843e59_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d9f53ba5a6312cb14543423114843e59_JaffaCakes118
Size

1.7MB
MD5

d9f53ba5a6312cb14543423114843e59
SHA1

0c4bc75cabea9c01ffd11d6d85e97500b8063200
SHA256

17a467f8199a4d72a4b80ea30b7609ad267c4b6261e48682afb16fabba2f1275
SHA512

06c8893a4e5fa80fcdcf327c543fa65a1abb129ebdc65076e6aa365499279e4ddd87e01ae24c16c7f8e96f874bc74b596c452fc18aa01f7ce3452cd1b6fb288e
SSDEEP

49152:EHeOHTXDiXKtoqcOrq7zhOGJKheWwFXz7xH3PBl3:YeO3FtKOrqxOGJSejFD75PT3

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
d9f53ba5a6312cb14543423114843e59_JaffaCakes118
unpack001/$COMMONFILES/PPLiveNetwork/player/$OUTDIR/CoreAAC.ax
unpack001/$PLUGINSDIR/CoreAAC.ax
unpack001/$PLUGINSDIR/CoreAVC.ax
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/pnsis.dll
unpack001/$PLUGINSDIR/time.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

d9f53ba5a6312cb14543423114843e59_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ff8d8dbb96b7ab762c0ce51911e4d104

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
GetTempPathA
SetFileTime
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
LocalFree
WideCharToMultiByte
OutputDebugStringA
GetCommandLineW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryA
CreateProcessA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
RemoveDirectoryA
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
MulDiv
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetCommandLineA

user32

GetMessagePos
CallWindowProcA
IsWindowVisible
LoadBitmapA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuA
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
ScreenToClient
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
FindWindowExA
CheckDlgButton
LoadCursorA
SetCursor
GetWindowLongA
GetSysColor
CharNextA
DialogBoxParamA
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SendMessageTimeoutA

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

CommandLineToArgvW
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegEnumKeyA
RegOpenKeyExA
RegCloseKey
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumValueA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$COMMONFILES/PPLiveNetwork/$OUTDIR/MngModule.dll
.dll windows:5 windows x86 arch:x86

77e580ab607c48dfa294a5b7ae2f07dd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

19/11/2009, 00:00

Not After

18/11/2012, 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

53:21:a1:58:eb:7c:d7:04:35:10:18:60:01:b8:cc:ba:58:bf:b2:0b
Signer

Actual PE Digest

53:21:a1:58:eb:7c:d7:04:35:10:18:60:01:b8:cc:ba:58:bf:b2:0b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

i:\PPLive\PPTV\trunk\mngmodule\ReleaseU\mngmodule.pdb

Imports

kernel32

LocalFileTimeToFileTime
SetFileAttributesW
GetFileSizeEx
GetModuleHandleA
GetCurrentDirectoryW
GlobalFlags
GetVersionExA
LoadLibraryA
GlobalFindAtomW
FreeResource
HeapAlloc
HeapFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
GetSystemTimeAsFileTime
VirtualProtect
VirtualAlloc
GetSystemInfo
GetCommandLineA
HeapReAlloc
ExitProcess
ExitThread
HeapSize
SetStdHandle
GetFileType
FatalAppExitA
VirtualFree
HeapCreate
HeapDestroy
GetStdHandle
GetCPInfo
GetAtomNameW
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeZoneInformation
SetHandleCount
GetStartupInfoA
GetConsoleCP
GetConsoleMode
GetTimeFormatA
GetDateFormatA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetCurrentDirectoryA
SetCurrentDirectoryA
GetDriveTypeA
GetFullPathNameA
GetProcessHeap
SetEnvironmentVariableA
GlobalGetAtomNameW
CompareStringW
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GlobalAddAtomW
SuspendThread
SetThreadPriority
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
lstrcmpW
WaitForMultipleObjects
ReleaseMutex
ReleaseSemaphore
CreateSemaphoreW
FindNextFileW
GetShortPathNameW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetFileSize
SetEndOfFile
UnlockFile
LockFile
SetFilePointer
GetThreadLocale
GetStringTypeExW
MoveFileW
GlobalFree
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
MulDiv
SetLastError
VirtualQuery
ReadFile
GetTempPathW
GetTempFileNameW
FlushFileBuffers
SetFileTime
ResetEvent
CreateMutexW
DuplicateHandle
InterlockedDecrement
InterlockedIncrement
LocalAlloc
LocalFree
DeleteCriticalSection
InitializeCriticalSection
CreateEventW
WritePrivateProfileStringW
ResumeThread
LoadLibraryExW
SetEvent
GetFileAttributesW
lstrcmpiW
GetExitCodeThread
TerminateThread
CreateThread
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetCurrentProcess
GetCurrentThreadId
Sleep
LoadLibraryW
GetEnvironmentVariableW
CreateProcessW
WaitForSingleObject
TerminateProcess
GetEnvironmentVariableA
LoadLibraryExA
GetProcAddress
FreeLibrary
CreateFileW
WriteFile
CreateFileA
CloseHandle
GetModuleHandleW
GetModuleFileNameA
GetVersionExW
DeviceIoControl
GetModuleFileNameW
OutputDebugStringW
CopyFileW
GetPrivateProfileIntW
GetPrivateProfileStringW
SystemTimeToFileTime
GetCurrentProcessId
GetTickCount
GetCommandLineW
DeleteFileW
lstrlenW
lstrlenA
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetSystemTime
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError
WideCharToMultiByte
GetACP
MultiByteToWideChar

user32

TranslateAcceleratorW
GetDialogBaseUnits
InvalidateRect
SetRectEmpty
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
InflateRect
ScrollWindowEx
ShowWindow
MoveWindow
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemTextW
GetDlgItemInt
CheckRadioButton
CheckDlgButton
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetClassLongW
SetPropW
GetPropW
RemovePropW
SetFocus
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
UpdateWindow
GetClientRect
CreateWindowExW
BringWindowToTop
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
SetWindowPlacement
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
GetDlgCtrlID
GetWindowRect
WaitForInputIdle
GetMessageW
DispatchMessageW
IsWindow
GetClassNameW
PtInRect
SetWindowTextW
DeleteMenu
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
ScreenToClient
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
DestroyIcon
GetWindowTextLengthW
GetWindowTextW
LoadCursorW
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnregisterClassW
GetDesktopWindow
GetWindowThreadProcessId
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
CreatePopupMenu
InsertMenuItemW
LoadAcceleratorsW
MapVirtualKeyW
ReleaseCapture
GetMenuBarInfo
LoadMenuW
ReuseDDElParam
UnpackDDElParam
SetRect
WindowFromPoint
GetKeyNameTextW
SetCapture
LockWindowUpdate
GetDCEx
UnionRect
SetParent
GetSystemMenu
IsRectEmpty
GetClassInfoExW
CharNextW
SendMessageTimeoutW
PostThreadMessageW
wsprintfW
KillTimer
SetTimer
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuW
GetMenuItemID
AppendMenuW
GetMenuStringW
GetMenuState
GetSystemMetrics
CharUpperW
UnhookWindowsHookEx
MsgWaitForMultipleObjects
PostQuitMessage
PostMessageW
CheckMenuItem
EnableMenuItem
ModifyMenuW
SendMessageW
GetParent
GetFocus
MessageBoxW
ShowOwnedPopups
SetCursor
SetWindowsHookExW
CallNextHookEx
TranslateMessage
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetCapture

gdi32

CombineRgn
GetMapMode
PatBlt
DPtoLP
GetTextExtentPoint32W
SetRectRgn
CreateFontW
StretchDIBits
CreateCompatibleBitmap
GetTextMetricsW
GetBkColor
CreateFontIndirectW
CreateRectRgnIndirect
GetDCOrgEx
CreateHatchBrush
CreateSolidBrush
ExtCreatePen
CreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
SelectPalette
GetStockObject
CreateCompatibleDC
CreatePatternBrush
CreateDIBPatternBrushPt
DeleteDC
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
GetCharWidthW
GetDeviceCaps
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
StartDocW
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
GetObjectW
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
DeleteObject
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetTextColor
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateBitmap
CreateDCW
CopyMetaFileW
OffsetViewportOrgEx

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegQueryValueW
RegEnumKeyW
RegOpenKeyW
RegSetValueW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
GetSecurityInfo
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetSecurityInfo
RegQueryValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenProcessToken
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyW

shell32

CommandLineToArgvW
SHGetFolderPathA
SHGetFolderPathW
SHGetFileInfoW
ExtractIconW
DragFinish
DragQueryFileW
ord165

shlwapi

PathAppendW
PathFileExistsW
PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
PathAppendA
PathStripToRootW
PathIsUNCW
PathRemoveExtensionW
UrlUnescapeW
StrStrIW

ole32

CoDisconnectObject
CLSIDFromString
CoInitializeEx
CreateBindCtx
CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateInstance
CLSIDFromProgID
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
CoSuspendClassObjects
SetConvertStg
WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
ReleaseStgMedium
StringFromCLSID
CoTreatAsClass
OleDuplicateData

oleaut32

SystemTimeToVariantTime
SysFreeString
SysAllocString
VariantInit
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SysStringLen
VariantClear
SysAllocStringByteLen
SysStringByteLen
VarUI4FromStr
SysAllocStringLen
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
SafeArrayGetElemsize
SafeArrayCreate
SafeArrayRedim
VariantChangeType
VariantCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VarDateFromStr
SysReAllocStringLen
VarCyFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarBstrFromDate
VariantTimeToSystemTime

urlmon

RegisterBindStatusCallback
CreateURLMoniker
RevokeBindStatusCallback

wininet

InternetOpenUrlW
GopherOpenFileW
FtpFindFirstFileW
GopherCreateLocatorW
FtpCommandW
FtpOpenFileW
GopherGetAttributeW
HttpSendRequestExW
HttpEndRequestW
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
GopherFindFirstFileW
InternetFindNextFileW
HttpAddRequestHeadersW
InternetErrorDlg
FtpGetFileW
FtpPutFileW
FtpGetCurrentDirectoryW
FtpSetCurrentDirectoryW
FtpRemoveDirectoryW
FtpCreateDirectoryW
FtpRenameFileW
FtpDeleteFileW
InternetQueryDataAvailable
InternetGetCookieW
InternetSetCookieW
InternetSetOptionExW
InternetQueryOptionW
InternetCanonicalizeUrlW
InternetTimeToSystemTimeW
DeleteUrlCacheEntryW
InternetCloseHandle
InternetReadFile
HttpQueryInfoA
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetOpenW
InternetCrackUrlW

psapi

GetProcessMemoryInfo

Exports

Exports

DllCanUnloadNow
DllGetClassObject
ExecCommand
RD_XXXX
Upload

Sections

.text
Size: 580KB - Virtual size: 580KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$COMMONFILES/PPLiveNetwork/$OUTDIR/PPAP.exe
.exe windows:4 windows x86 arch:x86

8b09590074c9596dc529d255269e0815

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

19/11/2009, 00:00

Not After

18/11/2012, 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b1:8d:92:46:7c:9b:bc:d9:ea:1d:6e:30:86:d6:f5:5d:b3:25:0c:f5
Signer

Actual PE Digest

b1:8d:92:46:7c:9b:bc:d9:ea:1d:6e:30:86:d6:f5:5d:b3:25:0c:f5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetCurrentProcessId
GetLocalTime
GetTempPathA
Module32NextW
GetLongPathNameA
Module32FirstW
CreateToolhelp32Snapshot
GetLastError
lstrcatA
lstrcpyA
VirtualQuery
FindFirstFileA
GetCommandLineA
GetCurrentProcess
ReleaseMutex
CreateMutexW
OpenProcess
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
lstrlenW
WaitForSingleObject
GetVersionExW
CreateProcessW
LocalFree
LocalAlloc
GetModuleHandleW
GetStartupInfoW
CloseHandle
OutputDebugStringA
GetModuleFileNameA
GetModuleFileNameW
GetEnvironmentVariableA
GetPrivateProfileStringA
CreateProcessA
TerminateProcess
SetUnhandledExceptionFilter
FreeLibrary
LoadLibraryW
GetProcAddress
GetCommandLineW
GetCurrentThread
GetCurrentThreadId
CreateFileA
GetFileSize
CreateFileMappingW
MapViewOfFile
IsBadReadPtr
CreateEventW
lstrcmpiW

user32

GetDesktopWindow
wsprintfW
GetWindowThreadProcessId
GetShellWindow

advapi32

SetTokenInformation
ImpersonateSelf
LookupPrivilegeValueW
AdjustTokenPrivileges
DuplicateTokenEx
OpenProcessToken
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetLengthSid
ConvertStringSidToSidW
SetThreadToken

shell32

CommandLineToArgvW
SHGetFolderPathA

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CoCreateGuid
StringFromCLSID

msvcp60

_Getcvt
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
?_Id_cnt@id@locale@std@@0HA
??_7codecvt_base@std@@6B@
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?_Split@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@IIABV?$allocator@G@1@@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
??0_Locinfo@std@@QAE@PBD@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Xlen@std@@YAXXZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?do_length@?$codecvt@GDH@std@@MBEHAAHPBG1I@Z
?do_out@?$codecvt@GDH@std@@MBEHAAHPBG1AAPBGPAD3AAPAD@Z
?do_in@?$codecvt@GDH@std@@MBEHAAHPBD1AAPBDPAG3AAPAG@Z
?do_encoding@?$codecvt@GDH@std@@MBEHXZ
?do_max_length@?$codecvt@GDH@std@@MBEHXZ
?do_always_noconv@?$codecvt@GDH@std@@MBE_NXZ
??0bad_cast@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
??0locale@std@@QAE@XZ
??1locale@std@@QAE@XZ
?_Incref@facet@locale@std@@QAEXXZ
??0bad_cast@std@@QAE@PBD@Z
?out@?$codecvt@GDH@std@@QBEHAAHPBG1AAPBGPAD3AAPAD@Z
??0?$codecvt@GDH@std@@QAE@I@Z
?_Iscloc@locale@std@@QBE_NXZ
?_Getfacet@locale@std@@QBEPBVfacet@12@I_N@Z
??Bid@locale@std@@QAEIXZ
?id@?$codecvt@GDH@std@@2V0locale@2@A
??1_Lockit@std@@QAE@XZ
?_Global@_Locimp@locale@std@@0PAV123@A
??0_Lockit@std@@QAE@XZ
?_Init@locale@std@@CAPAV_Locimp@12@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??_7facet@locale@std@@6B@
??_7?$codecvt@GDH@std@@6B@
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
??_7bad_cast@std@@6B@
??1_Locinfo@std@@QAE@XZ
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z

msvcrt

_wcsicmp
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
wcslen
_snprintf
??2@YAPAXI@Z
fclose
fflush
sprintf
_except_handler3
vfprintf
??0exception@@QAE@ABV0@@Z
fopen
toupper
_CxxThrowException
strncpy
__p___wargv
__p___argc
??0exception@@QAE@ABQBD@Z
free
_wcsdup
_XcptFilter
wcscpy
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

shlwapi

PathRemoveFileSpecW
PathAppendA
PathRemoveFileSpecA
PathAppendW
PathFindFileNameA
PathStripPathW

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$COMMONFILES/PPLiveNetwork/$OUTDIR/uilib.dll
.dll regsvr32 windows:4 windows x86 arch:x86

9b21dc5aac1fb39dced130358580e621

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2c:50:0e:13:db:f1:f8:41:54:b8:a7:f6:26:f5:68:cb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

20/08/2008, 00:00

Not After

26/09/2009, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technical Support Dept.,O=Synacast Corp.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a4:61:7b:bd:a4:5d:6a:bb:f0:2c:3f:c0:21:0a:76:e2:9d:00:49:1d
Signer

Actual PE Digest

a4:61:7b:bd:a4:5d:6a:bb:f0:2c:3f:c0:21:0a:76:e2:9d:00:49:1d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord1132
ord6467
ord1131
ord1168
ord2725
ord5500
ord815
ord561
ord3738
ord4424
ord1116
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord825
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord540
ord535
ord800
ord537
ord941
ord823
ord1176
ord269

msvcrt

strtol
malloc
__CxxFrameHandler
free
strtok
strstr
wcslen
memmove
wcscmp
_mbsnbcpy
_strdup
_snprintf
_purecall
atoi
atof
fprintf
fread
fclose
ftell
fseek
fopen
fputc
memchr
sscanf
fputs
isalpha
isalnum
isspace
strncmp
strchr
tolower
atol
_mbstok
_ltoa
strncpy
floor
_ftol
_CxxThrowException
fwrite
fflush
getc
printf
isprint
realloc
_CIfmod
longjmp
_setjmp3
__CxxLongjmpUnwind
div
_wcsnicmp
_strcmpi
exit
_iob
getenv
abort
clearerr
_CIpow
strtod
_fdopen
_errno
_vsnprintf
strerror
calloc
_mbslen
sprintf
_except_handler3
?terminate@@YAXXZ
__dllonexit
_onexit
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
strspn

kernel32

GlobalSize
LocalFree
GlobalAlloc
GlobalLock
GlobalUnlock
SizeofResource
LoadResource
lstrcatA
MultiByteToWideChar
lstrlenA
GetACP
WideCharToMultiByte
lstrlenW
InterlockedDecrement
InterlockedIncrement
GetSystemTime
GetPrivateProfileStringA
GetLastError
GetModuleFileNameA
GetPrivateProfileIntA
WritePrivateProfileStringA
ReleaseMutex
GetLocalTime
WaitForSingleObject
CreateMutexA
LeaveCriticalSection
EnterCriticalSection
CloseHandle
CreateProcessA
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
FreeLibrary
GetProcAddress
LockResource
LoadLibraryA
GetShortPathNameA
GetModuleHandleA
LocalAlloc
lstrcpyA

user32

wsprintfA
CharNextA
RegisterWindowMessageA
PostMessageA
SetTimer
IsRectEmpty
InvalidateRect
DrawTextA
GetIconInfo
GetDC
ReleaseDC
SetRect
KillTimer

gdi32

GetStockObject
CreateFontIndirectA
SetBkMode
StretchDIBits
RectVisible
CreateCompatibleBitmap
CreateBitmap
SetBkColor
StretchBlt
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
SetStretchBltMode
SetDIBitsToDevice
BitBlt
GetObjectA
SelectObject
RealizePalette
GetDIBits
CreateCompatibleDC
CreateDIBSection
DeleteDC
CreateDIBitmap
ExtCreateRegion
CombineRgn
DeleteObject
SetTextColor

advapi32

RegCloseKey
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA

ole32

CLSIDFromString
StringFromGUID2
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemAlloc

oleaut32

SysFreeString
SysAllocStringLen
RegisterTypeLi
LoadTypeLi
SysAllocString

msvcp60

??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??_7?$basic_ofstream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_filebuf@DU?$char_traits@D@std@@@std@@6B@
??1locale@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??_8?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@7B@
??0ios_base@std@@IAE@XZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??_7?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
?_Mode@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEHH@Z
?_Init@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXPBDIH@Z
??_7?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?_Tidy@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??1ios_base@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Xran@std@@YAXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
?__Fiopen@std@@YAPAU_iobuf@@PBDH@Z
?_Init@?$basic_filebuf@DU?$char_traits@D@std@@@std@@IAEXPAU_iobuf@@W4_Initfl@12@@Z
?_Initcvt@?$basic_filebuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xlen@std@@YAXXZ
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

shlwapi

PathRemoveFileSpecA
PathAppendA

rpcrt4

UuidFromStringA

Exports

Exports

CreatePlayLink
DllCanUnloadNow
DllGetClassObject
DllGetInstance
DllGetInstanceEx
DllRegisterServer
DllUnregisterServer
adler32
compress
compress2
compressBound
crc32
deflate
deflateBound
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflatePrime
deflateReset
deflateSetDictionary
get_crc_table
gzclearerr
gzclose
gzdopen
gzeof
gzerror
gzflush
gzgetc
gzgets
gzopen
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzsetparams
gztell
gzungetc
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCopy
inflateEnd
inflateInit2_
inflateInit_
inflateReset
inflateSetDictionary
inflateSync
inflateSyncPoint
uncompress
zError

Sections

.text
Size: 304KB - Virtual size: 302KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$COMMONFILES/PPLiveNetwork/kernel/$OUTDIR/FWUpnp.dll
.dll windows:5 windows x86 arch:x86

0f59a417be517814d6255c7c7ab35c48

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

19/11/2009, 00:00

Not After

18/11/2012, 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

86:5b:4d:43:95:47:7d:ce:88:a1:25:24:03:5c:e1:33:65:f4:9f:f7
Signer

Actual PE Digest

86:5b:4d:43:95:47:7d:ce:88:a1:25:24:03:5c:e1:33:65:f4:9f:f7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\SVN Control Code\app_client\NewUpnp\FWUpnp\Release\FWUpnp.pdb

Imports

kernel32

LoadResource
FindResourceA
FindResourceExA
WideCharToMultiByte
IsBadWritePtr
MultiByteToWideChar
CreateThread
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateEventA
CloseHandle
SetEvent
ResetEvent
WaitForSingleObject
WaitForMultipleObjects
CreateFileA
WriteConsoleW
GetConsoleOutputCP
LockResource
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleA
SizeofResource
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
RtlUnwind
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetStringTypeA
GetStringTypeW
HeapCreate
VirtualFree
VirtualAlloc
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx
CoInitialize

oleaut32

SysStringLen
SysAllocString
SysFreeString

ws2_32

WSACleanup
WSAGetLastError
socket
connect
ioctlsocket
send
WSACreateEvent
WSAStartup
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
recv
WSACloseEvent
closesocket
htons
sendto
inet_addr
inet_ntoa
gethostbyname
gethostname
WSAEventSelect

iphlpapi

GetAdaptersInfo

Exports

Exports

FWAppAdd
FWAppIsEnable
FWExceptionSetAllowed
FWExcptionAllowed
FWFree
FWInit
FWOff
FWOn
FWPortAdd
FWison
GetExIP
GetMapPort
GetSessionState
GetUPnPVersion
SetCallBack
SetQuitFlag
SetSessionState
SetUPnPWaitTime
UPNPGetExIp
UPNPaddPort
UPNPdelPort
UPnPGetMapPort
addPortmap
delPortmap

Sections

.text
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$COMMONFILES/PPLiveNetwork/kernel/live/$OUTDIR/Live.dll
.dll windows:4 windows x86 arch:x86

97cd466186ada82f5db40728997a3c96

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

19/11/2009, 00:00

Not After

18/11/2012, 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

81:47:0e:4c:76:59:e3:cd:73:0e:c8:d7:a5:8f:59:9c:4b:31:fd:2c
Signer

Actual PE Digest

81:47:0e:4c:76:59:e3:cd:73:0e:c8:d7:a5:8f:59:9c:4b:31:fd:2c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord823
ord920
ord936
ord269
ord826
ord600
ord825
ord1578
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord1105
ord834

msvcrt

isspace
free
??8type_info@@QBEHABV0@@Z
fopen
atof
fprintf
tolower
_CxxThrowException
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
__CxxFrameHandler
_ftol
_vsnprintf
rand
wcslen
srand
_adjust_fdiv
malloc
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
strchr
strncmp
memchr
isalnum
isalpha
fputc
fseek
ftell
fread
fclose
_purecall
_snprintf
??0exception@@QAE@ABV0@@Z
atoi
sscanf
memmove

kernel32

LocalAlloc
UnmapViewOfFile
MapViewOfFile
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
lstrlenW
WaitForSingleObject
TerminateThread
GetExitCodeThread
GetCurrentProcess
DuplicateHandle
CloseHandle
GetLastError
GetCurrentProcessId
GetTickCount
OutputDebugStringA
GetSystemTime
GetSystemDirectoryA
VirtualQuery
GetModuleFileNameA
FreeLibrary
GetModuleHandleA
GetPrivateProfileIntA
LoadLibraryA
GetProcAddress
InterlockedDecrement
CreateFileMappingA
LocalFree
CreateProcessA
TerminateProcess

user32

KillTimer
WaitForInputIdle
SetTimer
PostThreadMessageA
GetMessageA
DispatchMessageA
TranslateMessage

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

ole32

CoCreateInstance

oleaut32

SysAllocString
GetErrorInfo
SetErrorInfo
VariantChangeType
CreateErrorInfo
SysFreeString
VariantClear
VariantInit
SysAllocStringByteLen
SysStringByteLen

msvcp60

?id@?$ctype@D@std@@2V0locale@2@A
??1?$ctype@D@std@@UAE@XZ
??_7bad_cast@std@@6B@
??1_Locinfo@std@@QAE@XZ
?_Term@?$ctype@D@std@@KAXXZ
?_Cltab@?$ctype@D@std@@0PBFB
_Getctype
??0_Locinfo@std@@QAE@PBD@Z
??_7?$ctype@D@std@@6B@
??_7ctype_base@std@@6B@
??_7facet@locale@std@@6B@
?_Id_cnt@id@locale@std@@0HA
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??Bid@locale@std@@QAEIXZ
?_Getfacet@locale@std@@QBEPBVfacet@12@I_N@Z
?_Iscloc@locale@std@@QBE_NXZ
??0?$ctype@D@std@@QAE@PBF_NI@Z
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
?do_tolower@?$ctype@D@std@@MBEPBDPADPBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??1ctype_base@std@@UAE@XZ
?do_tolower@?$ctype@D@std@@MBEDD@Z
?do_toupper@?$ctype@D@std@@MBEPBDPADPBD@Z
?do_toupper@?$ctype@D@std@@MBEDD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??_7runtime_error@std@@6B@
??1runtime_error@std@@UAE@XZ
??0runtime_error@std@@QAE@ABV01@@Z
?what@runtime_error@std@@UBEPBDXZ
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Xlen@std@@YAXXZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1?$basic_filebuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ifstream@DU?$char_traits@D@std@@@std@@UAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?close@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?open@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@PBDH@Z
??_7?$basic_ifstream@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??_8?$basic_ifstream@DU?$char_traits@D@std@@@std@@7B@
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1ios_base@std@@UAE@XZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_ofstream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??_7?$basic_ofstream@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??_8?$basic_ofstream@DU?$char_traits@D@std@@@std@@7B@
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??1?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??_7?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??_8?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@7B@
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Tidy@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXXZ
?_Init@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXPBDIH@Z
?_Mode@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEHH@Z
??_7?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0ios_base@std@@IAE@XZ
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??1?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??1locale@std@@QAE@XZ
??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@
?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IAEXPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
?_Decref@facet@locale@std@@QAEPAV123@XZ
?_Incref@facet@locale@std@@QAEXXZ
?_Global@_Locimp@locale@std@@0PAV123@A
?_Init@locale@std@@CAPAV_Locimp@12@XZ
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Doraise@runtime_error@std@@MBEXXZ

ws2_32

inet_ntoa
WSACleanup
WSAStartup
gethostbyname
inet_addr

wininet

InternetTimeFromSystemTime
InternetTimeToSystemTimeA

shlwapi

PathAppendA

Exports

Exports

GetCoreParameter
GetCoreStatus
InitCore
RD_XXXX
ReleaseCore
SetCoreCallBack
SetCoreParameter
SetPlayerStatus
SetUPNP
StartChannel
StopChannel

Sections

.text
Size: 140KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$COMMONFILES/PPLiveNetwork/kernel/live/$OUTDIR/mir.dll
.dll windows:4 windows x86 arch:x86

1bb9ac75bcddcad19ef884bc3d73f3fc

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

19/11/2009, 00:00

Not After

18/11/2012, 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

44:ee:0e:45:aa:2d:7f:1e:16:5e:69:ac:7b:43:97:90:46:36:be:0a
Signer

Actual PE Digest

44:ee:0e:45:aa:2d:7f:1e:16:5e:69:ac:7b:43:97:90:46:36:be:0a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\svn\bin\Release\mir.pdb

Imports

kernel32

GetCurrentProcessId
InterlockedIncrement
InterlockedDecrement
CreateIoCompletionPort
CloseHandle
TlsFree
InterlockedCompareExchange
MapViewOfFile
CreateFileMappingA
GetQueuedCompletionStatus
InterlockedExchangeAdd
EnterCriticalSection
PostQueuedCompletionStatus
TlsAlloc
GetExitCodeThread
VirtualQuery
TlsGetValue
TlsSetValue
WaitForSingleObject
TerminateThread
GetModuleFileNameA
SetLastError
GetCurrentThreadId
InitializeCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetTickCount
OutputDebugStringA
UnmapViewOfFile
InterlockedExchange
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
CreateFileW
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
ReadFile
GetTimeZoneInformation
GetLocaleInfoW
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetCurrentDirectoryA
GetFullPathNameA
GetOEMCP
GetACP
GetProcAddress
FreeLibrary
GetLocalTime
LoadLibraryA
GetSystemDefaultLangID
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
Sleep
SetEvent
CreateEventA
GetModuleHandleA
lstrlenA
GetVersionExA
WideCharToMultiByte
MultiByteToWideChar
LocalFree
FormatMessageA
HeapAlloc
HeapFree
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
ExitThread
CreateThread
GetCommandLineA
GetProcessHeap
DeleteFileA
HeapReAlloc
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
GetCPInfo
ExitProcess
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
WriteFile
GetStdHandle
HeapSize
GetLastError

shell32

SHGetFolderPathA
SHCreateDirectoryExA

ole32

CoCreateGuid

ws2_32

getpeername
getservbyname
WSAStringToAddressA
select
getsockopt
connect
accept
__WSAFDIsSet
WSASendTo
WSARecv
shutdown
WSARecvFrom
inet_ntoa
send
socket
WSASend
listen
closesocket
WSACleanup
getsockname
setsockopt
bind
WSAGetLastError
WSAStartup
gethostname
htonl
ntohl
WSASetLastError
inet_addr
gethostbyname
recvfrom
WSASocketA
sendto
htons
ntohs
ioctlsocket

mswsock

AcceptEx
GetAcceptExSockaddrs

iphlpapi

GetIpAddrTable

user32

wsprintfA
PostMessageA

advapi32

CryptReleaseContext
CryptAcquireContextA
CryptHashData
CryptGetHashParam
CryptCreateHash
CryptDestroyHash

Exports

Exports

LiveCleanup
LiveGetChannelParameter
LiveGetChannelStatus
LiveSetChannelCallback
LiveSetChannelParameter
LiveSetChannelPlayerStatus
LiveSetChannelUPNP
LiveStartChannel
LiveStartup
LiveStopChannel

Sections

.text
Size: 840KB - Virtual size: 837KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$COMMONFILES/PPLiveNetwork/player/$OUTDIR/CoreAAC.ax
.dll regsvr32 windows:4 windows x86 arch:x86

603a5553c41f87f262cc1e933305d724

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_initterm
_onexit
qsort
memmove
??2@YAPAXI@Z
__dllonexit
_adjust_fdiv
malloc
_ftol
free
_purecall
__CxxFrameHandler
??3@YAXPAX@Z
_CIpow

winmm

timeSetEvent
timeGetTime

kernel32

GetCurrentProcess
lstrcmpiA
SetErrorMode
GetTickCount
GetModuleFileNameA
lstrlenA
MultiByteToWideChar
GetLastError
GetVersionExA
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InterlockedIncrement
InterlockedDecrement
CloseHandle
CreateEventA
ResetEvent
DuplicateHandle
GetCurrentThread
GetCurrentThreadId
SetEvent
WaitForMultipleObjects
WaitForSingleObject
CreateSemaphoreA
ReleaseSemaphore
GetSystemInfo
VirtualAlloc
VirtualFree
FreeLibrary
LoadLibraryA
InterlockedExchange
CreateThread
GetProcAddress
GetModuleHandleA
WideCharToMultiByte
GetACP
SetThreadPriority
GetThreadPriority

advapi32

RegDeleteKeyA
RegCreateKeyA
RegSetValueA
RegEnumKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

user32

ShowWindow
wsprintfA
SetDlgItemTextA
SetTimer
CheckDlgButton
KillTimer
IsDlgButtonChecked
GetWindowLongA
SetWindowLongA
CreateDialogParamA
MoveWindow
InvalidateRect
DestroyWindow
DefWindowProcA
PeekMessageA
MsgWaitForMultipleObjects
wvsprintfA
PostThreadMessageA
RegisterWindowMessageA
GetQueueStatus
DispatchMessageA
LoadStringA
LoadStringW
GetWindowRect
GetDesktopWindow

ole32

CoCreateInstance
CoUninitialize
StringFromGUID2
CoTaskMemAlloc
CoInitialize
CoFreeUnusedLibraries
CoTaskMemFree

oleaut32

SysFreeString
SysAllocString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 148KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/CoreAAC.ax
.dll regsvr32 windows:4 windows x86 arch:x86

603a5553c41f87f262cc1e933305d724

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_initterm
_onexit
qsort
memmove
??2@YAPAXI@Z
__dllonexit
_adjust_fdiv
malloc
_ftol
free
_purecall
__CxxFrameHandler
??3@YAXPAX@Z
_CIpow

winmm

timeSetEvent
timeGetTime

kernel32

GetCurrentProcess
lstrcmpiA
SetErrorMode
GetTickCount
GetModuleFileNameA
lstrlenA
MultiByteToWideChar
GetLastError
GetVersionExA
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InterlockedIncrement
InterlockedDecrement
CloseHandle
CreateEventA
ResetEvent
DuplicateHandle
GetCurrentThread
GetCurrentThreadId
SetEvent
WaitForMultipleObjects
WaitForSingleObject
CreateSemaphoreA
ReleaseSemaphore
GetSystemInfo
VirtualAlloc
VirtualFree
FreeLibrary
LoadLibraryA
InterlockedExchange
CreateThread
GetProcAddress
GetModuleHandleA
WideCharToMultiByte
GetACP
SetThreadPriority
GetThreadPriority

advapi32

RegDeleteKeyA
RegCreateKeyA
RegSetValueA
RegEnumKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

user32

ShowWindow
wsprintfA
SetDlgItemTextA
SetTimer
CheckDlgButton
KillTimer
IsDlgButtonChecked
GetWindowLongA
SetWindowLongA
CreateDialogParamA
MoveWindow
InvalidateRect
DestroyWindow
DefWindowProcA
PeekMessageA
MsgWaitForMultipleObjects
wvsprintfA
PostThreadMessageA
RegisterWindowMessageA
GetQueueStatus
DispatchMessageA
LoadStringA
LoadStringW
GetWindowRect
GetDesktopWindow

ole32

CoCreateInstance
CoUninitialize
StringFromGUID2
CoTaskMemAlloc
CoInitialize
CoFreeUnusedLibraries
CoTaskMemFree

oleaut32

SysFreeString
SysAllocString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 148KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/CoreAVC.ax
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.
Size: - Virtual size: 788KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/FWUpnp.dll
.dll windows:5 windows x86 arch:x86

0f59a417be517814d6255c7c7ab35c48

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

19/11/2009, 00:00

Not After

18/11/2012, 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

86:5b:4d:43:95:47:7d:ce:88:a1:25:24:03:5c:e1:33:65:f4:9f:f7
Signer

Actual PE Digest

86:5b:4d:43:95:47:7d:ce:88:a1:25:24:03:5c:e1:33:65:f4:9f:f7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\SVN Control Code\app_client\NewUpnp\FWUpnp\Release\FWUpnp.pdb

Imports

kernel32

LoadResource
FindResourceA
FindResourceExA
WideCharToMultiByte
IsBadWritePtr
MultiByteToWideChar
CreateThread
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateEventA
CloseHandle
SetEvent
ResetEvent
WaitForSingleObject
WaitForMultipleObjects
CreateFileA
WriteConsoleW
GetConsoleOutputCP
LockResource
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleA
SizeofResource
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
RtlUnwind
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetStringTypeA
GetStringTypeW
HeapCreate
VirtualFree
VirtualAlloc
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx
CoInitialize

oleaut32

SysStringLen
SysAllocString
SysFreeString

ws2_32

WSACleanup
WSAGetLastError
socket
connect
ioctlsocket
send
WSACreateEvent
WSAStartup
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
recv
WSACloseEvent
closesocket
htons
sendto
inet_addr
inet_ntoa
gethostbyname
gethostname
WSAEventSelect

iphlpapi

GetAdaptersInfo

Exports

Exports

FWAppAdd
FWAppIsEnable
FWExceptionSetAllowed
FWExcptionAllowed
FWFree
FWInit
FWOff
FWOn
FWPortAdd
FWison
GetExIP
GetMapPort
GetSessionState
GetUPnPVersion
SetCallBack
SetQuitFlag
SetSessionState
SetUPnPWaitTime
UPNPGetExIp
UPNPaddPort
UPNPdelPort
UPnPGetMapPort
addPortmap
delPortmap

Sections

.text
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Live.dll
.dll windows:4 windows x86 arch:x86

97cd466186ada82f5db40728997a3c96

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

19/11/2009, 00:00

Not After

18/11/2012, 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

81:47:0e:4c:76:59:e3:cd:73:0e:c8:d7:a5:8f:59:9c:4b:31:fd:2c
Signer

Actual PE Digest

81:47:0e:4c:76:59:e3:cd:73:0e:c8:d7:a5:8f:59:9c:4b:31:fd:2c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord823
ord920
ord936
ord269
ord826
ord600
ord825
ord1578
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord1105
ord834

msvcrt

isspace
free
??8type_info@@QBEHABV0@@Z
fopen
atof
fprintf
tolower
_CxxThrowException
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
__CxxFrameHandler
_ftol
_vsnprintf
rand
wcslen
srand
_adjust_fdiv
malloc
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
strchr
strncmp
memchr
isalnum
isalpha
fputc
fseek
ftell
fread
fclose
_purecall
_snprintf
??0exception@@QAE@ABV0@@Z
atoi
sscanf
memmove

kernel32

LocalAlloc
UnmapViewOfFile
MapViewOfFile
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
lstrlenW
WaitForSingleObject
TerminateThread
GetExitCodeThread
GetCurrentProcess
DuplicateHandle
CloseHandle
GetLastError
GetCurrentProcessId
GetTickCount
OutputDebugStringA
GetSystemTime
GetSystemDirectoryA
VirtualQuery
GetModuleFileNameA
FreeLibrary
GetModuleHandleA
GetPrivateProfileIntA
LoadLibraryA
GetProcAddress
InterlockedDecrement
CreateFileMappingA
LocalFree
CreateProcessA
TerminateProcess

user32

KillTimer
WaitForInputIdle
SetTimer
PostThreadMessageA
GetMessageA
DispatchMessageA
TranslateMessage

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

ole32

CoCreateInstance

oleaut32

SysAllocString
GetErrorInfo
SetErrorInfo
VariantChangeType
CreateErrorInfo
SysFreeString
VariantClear
VariantInit
SysAllocStringByteLen
SysStringByteLen

msvcp60

?id@?$ctype@D@std@@2V0locale@2@A
??1?$ctype@D@std@@UAE@XZ
??_7bad_cast@std@@6B@
??1_Locinfo@std@@QAE@XZ
?_Term@?$ctype@D@std@@KAXXZ
?_Cltab@?$ctype@D@std@@0PBFB
_Getctype
??0_Locinfo@std@@QAE@PBD@Z
??_7?$ctype@D@std@@6B@
??_7ctype_base@std@@6B@
??_7facet@locale@std@@6B@
?_Id_cnt@id@locale@std@@0HA
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??Bid@locale@std@@QAEIXZ
?_Getfacet@locale@std@@QBEPBVfacet@12@I_N@Z
?_Iscloc@locale@std@@QBE_NXZ
??0?$ctype@D@std@@QAE@PBF_NI@Z
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
?do_tolower@?$ctype@D@std@@MBEPBDPADPBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??1ctype_base@std@@UAE@XZ
?do_tolower@?$ctype@D@std@@MBEDD@Z
?do_toupper@?$ctype@D@std@@MBEPBDPADPBD@Z
?do_toupper@?$ctype@D@std@@MBEDD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??_7runtime_error@std@@6B@
??1runtime_error@std@@UAE@XZ
??0runtime_error@std@@QAE@ABV01@@Z
?what@runtime_error@std@@UBEPBDXZ
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Xlen@std@@YAXXZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1?$basic_filebuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ifstream@DU?$char_traits@D@std@@@std@@UAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?close@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?open@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@PBDH@Z
??_7?$basic_ifstream@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??_8?$basic_ifstream@DU?$char_traits@D@std@@@std@@7B@
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1ios_base@std@@UAE@XZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_ofstream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??_7?$basic_ofstream@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??_8?$basic_ofstream@DU?$char_traits@D@std@@@std@@7B@
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??1?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??_7?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??_8?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@7B@
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Tidy@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXXZ
?_Init@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXPBDIH@Z
?_Mode@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEHH@Z
??_7?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0ios_base@std@@IAE@XZ
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??1?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??1locale@std@@QAE@XZ
??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@
?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IAEXPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
?_Decref@facet@locale@std@@QAEPAV123@XZ
?_Incref@facet@locale@std@@QAEXXZ
?_Global@_Locimp@locale@std@@0PAV123@A
?_Init@locale@std@@CAPAV_Locimp@12@XZ
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Doraise@runtime_error@std@@MBEXXZ

ws2_32

inet_ntoa
WSACleanup
WSAStartup
gethostbyname
inet_addr

wininet

InternetTimeFromSystemTime
InternetTimeToSystemTimeA

shlwapi

PathAppendA

Exports

Exports

GetCoreParameter
GetCoreStatus
InitCore
RD_XXXX
ReleaseCore
SetCoreCallBack
SetCoreParameter
SetPlayerStatus
SetUPNP
StartChannel
StopChannel

Sections

.text
Size: 140KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/MngModule.dll
.dll windows:5 windows x86 arch:x86

77e580ab607c48dfa294a5b7ae2f07dd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

19/11/2009, 00:00

Not After

18/11/2012, 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

53:21:a1:58:eb:7c:d7:04:35:10:18:60:01:b8:cc:ba:58:bf:b2:0b
Signer

Actual PE Digest

53:21:a1:58:eb:7c:d7:04:35:10:18:60:01:b8:cc:ba:58:bf:b2:0b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

i:\PPLive\PPTV\trunk\mngmodule\ReleaseU\mngmodule.pdb

Imports

kernel32

LocalFileTimeToFileTime
SetFileAttributesW
GetFileSizeEx
GetModuleHandleA
GetCurrentDirectoryW
GlobalFlags
GetVersionExA
LoadLibraryA
GlobalFindAtomW
FreeResource
HeapAlloc
HeapFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
GetSystemTimeAsFileTime
VirtualProtect
VirtualAlloc
GetSystemInfo
GetCommandLineA
HeapReAlloc
ExitProcess
ExitThread
HeapSize
SetStdHandle
GetFileType
FatalAppExitA
VirtualFree
HeapCreate
HeapDestroy
GetStdHandle
GetCPInfo
GetAtomNameW
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeZoneInformation
SetHandleCount
GetStartupInfoA
GetConsoleCP
GetConsoleMode
GetTimeFormatA
GetDateFormatA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetCurrentDirectoryA
SetCurrentDirectoryA
GetDriveTypeA
GetFullPathNameA
GetProcessHeap
SetEnvironmentVariableA
GlobalGetAtomNameW
CompareStringW
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GlobalAddAtomW
SuspendThread
SetThreadPriority
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
lstrcmpW
WaitForMultipleObjects
ReleaseMutex
ReleaseSemaphore
CreateSemaphoreW
FindNextFileW
GetShortPathNameW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetFileSize
SetEndOfFile
UnlockFile
LockFile
SetFilePointer
GetThreadLocale
GetStringTypeExW
MoveFileW
GlobalFree
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
MulDiv
SetLastError
VirtualQuery
ReadFile
GetTempPathW
GetTempFileNameW
FlushFileBuffers
SetFileTime
ResetEvent
CreateMutexW
DuplicateHandle
InterlockedDecrement
InterlockedIncrement
LocalAlloc
LocalFree
DeleteCriticalSection
InitializeCriticalSection
CreateEventW
WritePrivateProfileStringW
ResumeThread
LoadLibraryExW
SetEvent
GetFileAttributesW
lstrcmpiW
GetExitCodeThread
TerminateThread
CreateThread
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetCurrentProcess
GetCurrentThreadId
Sleep
LoadLibraryW
GetEnvironmentVariableW
CreateProcessW
WaitForSingleObject
TerminateProcess
GetEnvironmentVariableA
LoadLibraryExA
GetProcAddress
FreeLibrary
CreateFileW
WriteFile
CreateFileA
CloseHandle
GetModuleHandleW
GetModuleFileNameA
GetVersionExW
DeviceIoControl
GetModuleFileNameW
OutputDebugStringW
CopyFileW
GetPrivateProfileIntW
GetPrivateProfileStringW
SystemTimeToFileTime
GetCurrentProcessId
GetTickCount
GetCommandLineW
DeleteFileW
lstrlenW
lstrlenA
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetSystemTime
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError
WideCharToMultiByte
GetACP
MultiByteToWideChar

user32

TranslateAcceleratorW
GetDialogBaseUnits
InvalidateRect
SetRectEmpty
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
InflateRect
ScrollWindowEx
ShowWindow
MoveWindow
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemTextW
GetDlgItemInt
CheckRadioButton
CheckDlgButton
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetClassLongW
SetPropW
GetPropW
RemovePropW
SetFocus
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
UpdateWindow
GetClientRect
CreateWindowExW
BringWindowToTop
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
SetWindowPlacement
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
GetDlgCtrlID
GetWindowRect
WaitForInputIdle
GetMessageW
DispatchMessageW
IsWindow
GetClassNameW
PtInRect
SetWindowTextW
DeleteMenu
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
ScreenToClient
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
DestroyIcon
GetWindowTextLengthW
GetWindowTextW
LoadCursorW
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnregisterClassW
GetDesktopWindow
GetWindowThreadProcessId
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
CreatePopupMenu
InsertMenuItemW
LoadAcceleratorsW
MapVirtualKeyW
ReleaseCapture
GetMenuBarInfo
LoadMenuW
ReuseDDElParam
UnpackDDElParam
SetRect
WindowFromPoint
GetKeyNameTextW
SetCapture
LockWindowUpdate
GetDCEx
UnionRect
SetParent
GetSystemMenu
IsRectEmpty
GetClassInfoExW
CharNextW
SendMessageTimeoutW
PostThreadMessageW
wsprintfW
KillTimer
SetTimer
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuW
GetMenuItemID
AppendMenuW
GetMenuStringW
GetMenuState
GetSystemMetrics
CharUpperW
UnhookWindowsHookEx
MsgWaitForMultipleObjects
PostQuitMessage
PostMessageW
CheckMenuItem
EnableMenuItem
ModifyMenuW
SendMessageW
GetParent
GetFocus
MessageBoxW
ShowOwnedPopups
SetCursor
SetWindowsHookExW
CallNextHookEx
TranslateMessage
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetCapture

gdi32

CombineRgn
GetMapMode
PatBlt
DPtoLP
GetTextExtentPoint32W
SetRectRgn
CreateFontW
StretchDIBits
CreateCompatibleBitmap
GetTextMetricsW
GetBkColor
CreateFontIndirectW
CreateRectRgnIndirect
GetDCOrgEx
CreateHatchBrush
CreateSolidBrush
ExtCreatePen
CreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
SelectPalette
GetStockObject
CreateCompatibleDC
CreatePatternBrush
CreateDIBPatternBrushPt
DeleteDC
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
GetCharWidthW
GetDeviceCaps
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
StartDocW
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
GetObjectW
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
DeleteObject
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetTextColor
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateBitmap
CreateDCW
CopyMetaFileW
OffsetViewportOrgEx

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegQueryValueW
RegEnumKeyW
RegOpenKeyW
RegSetValueW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
GetSecurityInfo
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetSecurityInfo
RegQueryValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenProcessToken
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyW

shell32

CommandLineToArgvW
SHGetFolderPathA
SHGetFolderPathW
SHGetFileInfoW
ExtractIconW
DragFinish
DragQueryFileW
ord165

shlwapi

PathAppendW
PathFileExistsW
PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
PathAppendA
PathStripToRootW
PathIsUNCW
PathRemoveExtensionW
UrlUnescapeW
StrStrIW

ole32

CoDisconnectObject
CLSIDFromString
CoInitializeEx
CreateBindCtx
CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateInstance
CLSIDFromProgID
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
CoSuspendClassObjects
SetConvertStg
WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
ReleaseStgMedium
StringFromCLSID
CoTreatAsClass
OleDuplicateData

oleaut32

SystemTimeToVariantTime
SysFreeString
SysAllocString
VariantInit
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SysStringLen
VariantClear
SysAllocStringByteLen
SysStringByteLen
VarUI4FromStr
SysAllocStringLen
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
SafeArrayGetElemsize
SafeArrayCreate
SafeArrayRedim
VariantChangeType
VariantCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VarDateFromStr
SysReAllocStringLen
VarCyFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarBstrFromDate
VariantTimeToSystemTime

urlmon

RegisterBindStatusCallback
CreateURLMoniker
RevokeBindStatusCallback

wininet

InternetOpenUrlW
GopherOpenFileW
FtpFindFirstFileW
GopherCreateLocatorW
FtpCommandW
FtpOpenFileW
GopherGetAttributeW
HttpSendRequestExW
HttpEndRequestW
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
GopherFindFirstFileW
InternetFindNextFileW
HttpAddRequestHeadersW
InternetErrorDlg
FtpGetFileW
FtpPutFileW
FtpGetCurrentDirectoryW
FtpSetCurrentDirectoryW
FtpRemoveDirectoryW
FtpCreateDirectoryW
FtpRenameFileW
FtpDeleteFileW
InternetQueryDataAvailable
InternetGetCookieW
InternetSetCookieW
InternetSetOptionExW
InternetQueryOptionW
InternetCanonicalizeUrlW
InternetTimeToSystemTimeW
DeleteUrlCacheEntryW
InternetCloseHandle
InternetReadFile
HttpQueryInfoA
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetOpenW
InternetCrackUrlW

psapi

GetProcessMemoryInfo

Exports

Exports

DllCanUnloadNow
DllGetClassObject
ExecCommand
RD_XXXX
Upload

Sections

.text
Size: 580KB - Virtual size: 580KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/PPAP.exe
.exe windows:4 windows x86 arch:x86

8b09590074c9596dc529d255269e0815

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

19/11/2009, 00:00

Not After

18/11/2012, 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b1:8d:92:46:7c:9b:bc:d9:ea:1d:6e:30:86:d6:f5:5d:b3:25:0c:f5
Signer

Actual PE Digest

b1:8d:92:46:7c:9b:bc:d9:ea:1d:6e:30:86:d6:f5:5d:b3:25:0c:f5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetCurrentProcessId
GetLocalTime
GetTempPathA
Module32NextW
GetLongPathNameA
Module32FirstW
CreateToolhelp32Snapshot
GetLastError
lstrcatA
lstrcpyA
VirtualQuery
FindFirstFileA
GetCommandLineA
GetCurrentProcess
ReleaseMutex
CreateMutexW
OpenProcess
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
lstrlenW
WaitForSingleObject
GetVersionExW
CreateProcessW
LocalFree
LocalAlloc
GetModuleHandleW
GetStartupInfoW
CloseHandle
OutputDebugStringA
GetModuleFileNameA
GetModuleFileNameW
GetEnvironmentVariableA
GetPrivateProfileStringA
CreateProcessA
TerminateProcess
SetUnhandledExceptionFilter
FreeLibrary
LoadLibraryW
GetProcAddress
GetCommandLineW
GetCurrentThread
GetCurrentThreadId
CreateFileA
GetFileSize
CreateFileMappingW
MapViewOfFile
IsBadReadPtr
CreateEventW
lstrcmpiW

user32

GetDesktopWindow
wsprintfW
GetWindowThreadProcessId
GetShellWindow

advapi32

SetTokenInformation
ImpersonateSelf
LookupPrivilegeValueW
AdjustTokenPrivileges
DuplicateTokenEx
OpenProcessToken
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetLengthSid
ConvertStringSidToSidW
SetThreadToken

shell32

CommandLineToArgvW
SHGetFolderPathA

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CoCreateGuid
StringFromCLSID

msvcp60

_Getcvt
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
?_Id_cnt@id@locale@std@@0HA
??_7codecvt_base@std@@6B@
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?_Split@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@IIABV?$allocator@G@1@@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
??0_Locinfo@std@@QAE@PBD@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Xlen@std@@YAXXZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?do_length@?$codecvt@GDH@std@@MBEHAAHPBG1I@Z
?do_out@?$codecvt@GDH@std@@MBEHAAHPBG1AAPBGPAD3AAPAD@Z
?do_in@?$codecvt@GDH@std@@MBEHAAHPBD1AAPBDPAG3AAPAG@Z
?do_encoding@?$codecvt@GDH@std@@MBEHXZ
?do_max_length@?$codecvt@GDH@std@@MBEHXZ
?do_always_noconv@?$codecvt@GDH@std@@MBE_NXZ
??0bad_cast@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
??0locale@std@@QAE@XZ
??1locale@std@@QAE@XZ
?_Incref@facet@locale@std@@QAEXXZ
??0bad_cast@std@@QAE@PBD@Z
?out@?$codecvt@GDH@std@@QBEHAAHPBG1AAPBGPAD3AAPAD@Z
??0?$codecvt@GDH@std@@QAE@I@Z
?_Iscloc@locale@std@@QBE_NXZ
?_Getfacet@locale@std@@QBEPBVfacet@12@I_N@Z
??Bid@locale@std@@QAEIXZ
?id@?$codecvt@GDH@std@@2V0locale@2@A
??1_Lockit@std@@QAE@XZ
?_Global@_Locimp@locale@std@@0PAV123@A
??0_Lockit@std@@QAE@XZ
?_Init@locale@std@@CAPAV_Locimp@12@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??_7facet@locale@std@@6B@
??_7?$codecvt@GDH@std@@6B@
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
??_7bad_cast@std@@6B@
??1_Locinfo@std@@QAE@XZ
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z

msvcrt

_wcsicmp
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
wcslen
_snprintf
??2@YAPAXI@Z
fclose
fflush
sprintf
_except_handler3
vfprintf
??0exception@@QAE@ABV0@@Z
fopen
toupper
_CxxThrowException
strncpy
__p___wargv
__p___argc
??0exception@@QAE@ABQBD@Z
free
_wcsdup
_XcptFilter
wcscpy
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

shlwapi

PathRemoveFileSpecW
PathAppendA
PathRemoveFileSpecA
PathAppendW
PathFindFileNameA
PathStripPathW

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/PPInstallLog.dll
.dll windows:4 windows x86 arch:x86

256af4ebe940c94257ae641d926c73e1

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

19/11/2009, 00:00

Not After

18/11/2012, 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ff:d5:b8:6e:c3:34:ec:95:13:1b:45:d8:63:a7:b1:e1:c9:08:e0:10
Signer

Actual PE Digest

ff:d5:b8:6e:c3:34:ec:95:13:1b:45:d8:63:a7:b1:e1:c9:08:e0:10

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord2554
ord561
ord815
ord354
ord665
ord825
ord823
ord1979
ord858
ord5442
ord3318
ord5186
ord6385
ord537
ord6467
ord6663
ord668
ord3178
ord3181
ord4058
ord2781
ord2770
ord356
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord4486
ord6375
ord4274
ord2614
ord2818
ord939
ord535
ord800
ord3738
ord540
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord1116

msvcrt

__CxxFrameHandler
__dllonexit
_onexit
??1type_info@@UAE@XZ
free
_initterm
malloc
_adjust_fdiv

kernel32

LocalFree
GlobalAlloc
lstrcpynA
lstrcpyA
GlobalFree
GetModuleHandleA
GetModuleFileNameA
LoadLibraryA
LocalAlloc

user32

wsprintfA

shlwapi

PathFileExistsA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

CloseLog
FileLog
FolderLog
OpenLog
StringLog

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ikan-p.ico
$PLUGINSDIR/mframe.dll
.dll regsvr32 windows:4 windows x86 arch:x86

b1a4cd97a03147d1e3e766f3602fd630

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

19/11/2009, 00:00

Not After

18/11/2012, 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

45:a9:e0:de:d8:30:19:44:73:27:f9:41:61:79:9b:82:79:7c:b3:32
Signer

Actual PE Digest

45:a9:e0:de:d8:30:19:44:73:27:f9:41:61:79:9b:82:79:7c:b3:32

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42u

ord2810
ord956
ord3688
ord1634
ord3614
ord2371
ord861
ord2362
ord858
ord2634
ord2966
ord5755
ord6188
ord5752
ord6182
ord4324
ord6185
ord6017
ord5869
ord5790
ord5674
ord5732
ord5575
ord5567
ord6057
ord5860
ord3591
ord535
ord925
ord4124
ord6354
ord2756
ord4197
ord2859
ord6190
ord922
ord940
ord5706
ord3566
ord5781
ord6195
ord5795
ord1173
ord2862
ord4269
ord6371
ord4480
ord2546
ord2504
ord5783
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord4074
ord4692
ord5303
ord5285
ord5710
ord4616
ord3733
ord561
ord815
ord3948
ord2717
ord1165
ord2606
ord6193
ord6107
ord6238
ord2105
ord2559
ord2444
ord927
ord3711
ord790
ord5977
ord3541
ord4118
ord1143
ord2822
ord3016
ord1115
ord1568
ord1570
ord1179
ord342
ord1240
ord1194
ord1563
ord1248
ord1250
ord1571
ord600
ord826
ord269
ord5784
ord6871
ord6168
ord5785
ord537
ord2114
ord1088
ord860
ord2910
ord5568
ord942
ord556
ord809
ord3716
ord2078
ord4294
ord538
ord2294
ord795
ord4470
ord4704
ord6330
ord3087
ord4229
ord2356
ord2287
ord2350
ord2293
ord641
ord324
ord3592
ord4419
ord5276
ord4401
ord1767
ord6048
ord2506
ord4992
ord4847
ord4370
ord5261
ord6211
ord6466
ord567
ord3397
ord2573
ord4214
ord1633
ord3658
ord825
ord2406
ord3621
ord3568
ord470
ord755
ord2854
ord2746
ord283
ord5871
ord540
ord3798
ord323
ord2397
ord640
ord800
ord6451
ord5047
ord4270
ord692
ord3634
ord4418
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5286
ord4347
ord6370
ord5157
ord2377
ord5237
ord4395
ord1768
ord4073
ord6051
ord2016
ord2405
ord6362
ord1764
ord823
ord5727

msvcrt

wcscmp
abs
swprintf
_ftol
atoi
_purecall
_wcsicmp
memset
malloc
free
_wcsnicmp
fflush
vfprintf
fopen
_snprintf
strncpy
fclose
memcmp
realloc
wcslen
iswdigit
_wtoi
_wcsdup
_getdrives
strlen
isspace
wcscpy
srand
rand
_except_handler3
memcpy
__CxxFrameHandler
isalnum
?terminate@@YAXXZ
__dllonexit
_onexit
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
strcpy

kernel32

OutputDebugStringW
DeleteCriticalSection
LoadLibraryExW
InterlockedIncrement
GetPrivateProfileStringW
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
GetLongPathNameW
GetCurrentProcess
FlushInstructionCache
WideCharToMultiByte
LoadLibraryA
lstrcpynW
GetWindowsDirectoryW
FreeLibrary
GetTickCount
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
LoadLibraryW
OutputDebugStringA
GetLastError
SetLastError
lstrlenW
InterlockedDecrement
InitializeCriticalSection
lstrcmpW
SetUnhandledExceptionFilter
GetLocalTime
lstrcatA
lstrcpyA
GetModuleFileNameA
GetLongPathNameA
Module32FirstW
CreateToolhelp32Snapshot
CloseHandle
Module32NextW
FindClose
FindFirstFileA
GetCurrentThread
VirtualQuery
DebugBreak
lstrlenA
GetPrivateProfileIntW
WritePrivateProfileStringW
GetEnvironmentVariableW
MultiByteToWideChar
LocalFree
LocalAlloc
lstrcpyW
GetCurrentThreadId

user32

EnableWindow
RedrawWindow
DrawTextW
FillRect
InflateRect
CopyRect
GetSysColor
DestroyWindow
CreateWindowExW
UnhookWindowsHookEx
GetWindowRect
GetWindowLongW
SystemParametersInfoW
GetClientRect
MapWindowPoints
SetWindowPos
GetDlgItem
GetParent
SetDlgItemTextW
SendMessageW
SetWindowsHookExW
CallNextHookEx
GetKeyState
GetMenuItemInfoW
SetMenuItemInfoW
SetMenuDefaultItem
CreateDialogParamW
GetDoubleClickTime
EndDeferWindowPos
DeferWindowPos
ScreenToClient
ShowWindow
BeginDeferWindowPos
IsWindow
PostMessageW
MessageBoxA
LoadStringW
SetRect
wsprintfW
CharNextW
GetFocus
GetDC
IsRectEmpty
MoveWindow
SetWindowTextW
LoadImageW
IsChild
SetFocus
DestroyMenu
TrackPopupMenu
GetSubMenu
LoadMenuW
DialogBoxParamW
SetRectEmpty
GetAncestor
MonitorFromWindow
GetMonitorInfoW
SetParent
SetForegroundWindow
EndDialog
GetClassNameW
WindowFromPoint
SetActiveWindow
GetCursorPos
BringWindowToTop
IsWindowVisible
RegisterWindowMessageW
GrayStringW
TabbedTextOutW
EndPaint
BeginPaint
GetMenu
AdjustWindowRectEx
GetDlgCtrlID
SetCapture
IsWindowEnabled
KillTimer
SetTimer
UpdateWindow
ClientToScreen
DefWindowProcW
SetWindowLongW
DrawEdge
DrawFocusRect
CallWindowProcW
ReleaseDC
PtInRect
GetCapture
SetCursor
CopyIcon
LoadCursorW
wvsprintfW
GetSystemMetrics
InvalidateRect
ReleaseCapture
LoadBitmapW
GetWindowTextW
GetWindow
SetClassLongW

gdi32

SetTextColor
GetBkColor
GetViewportExtEx
SetBkMode
LPtoDP
FloodFill
GetStockObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
DPtoLP
CreateBitmap
CreateCompatibleBitmap
GetMapMode
SetMapMode
SetBkColor
GetObjectW
Rectangle
CreateFontIndirectW
CreatePen
GetTextExtentPoint32W
CreateSolidBrush
CreateDIBSection
CreateCompatibleDC
SelectObject
StretchBlt
DeleteDC
BitBlt
DeleteObject
GetWindowExtEx

advapi32

RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCloseKey

shell32

ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFolderPathW
SHGetMalloc

ole32

CoTaskMemFree
CreateBindCtx

oleaut32

SysStringLen
LoadRegTypeLi
DispCallFunc
LoadTypeLi
SysAllocStringLen
SysAllocString
VariantClear
SysFreeString

urlmon

RegisterBindStatusCallback
CreateURLMoniker

atl

ord11
ord43
ord15
ord44
ord32
ord10
ord45
ord42
ord30
ord53
ord21
ord58
ord18
ord57
ord16

msimg32

GradientFill

msvcp60

?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??1_Lockit@std@@QAE@XZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

pplugin2

?GetCurrentVersionW@@YGHIPAGK@Z

shlwapi

PathFindFileNameA
PathFileExistsW
PathStripPathW
PathAppendA
PathRemoveFileSpecA
PathAppendW
PathRemoveFileSpecW

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 264KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 272KB - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/mir.dll
.dll windows:4 windows x86 arch:x86

1bb9ac75bcddcad19ef884bc3d73f3fc

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

19/11/2009, 00:00

Not After

18/11/2012, 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

44:ee:0e:45:aa:2d:7f:1e:16:5e:69:ac:7b:43:97:90:46:36:be:0a
Signer

Actual PE Digest

44:ee:0e:45:aa:2d:7f:1e:16:5e:69:ac:7b:43:97:90:46:36:be:0a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\svn\bin\Release\mir.pdb

Imports

kernel32

GetCurrentProcessId
InterlockedIncrement
InterlockedDecrement
CreateIoCompletionPort
CloseHandle
TlsFree
InterlockedCompareExchange
MapViewOfFile
CreateFileMappingA
GetQueuedCompletionStatus
InterlockedExchangeAdd
EnterCriticalSection
PostQueuedCompletionStatus
TlsAlloc
GetExitCodeThread
VirtualQuery
TlsGetValue
TlsSetValue
WaitForSingleObject
TerminateThread
GetModuleFileNameA
SetLastError
GetCurrentThreadId
InitializeCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetTickCount
OutputDebugStringA
UnmapViewOfFile
InterlockedExchange
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
CreateFileW
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
ReadFile
GetTimeZoneInformation
GetLocaleInfoW
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetCurrentDirectoryA
GetFullPathNameA
GetOEMCP
GetACP
GetProcAddress
FreeLibrary
GetLocalTime
LoadLibraryA
GetSystemDefaultLangID
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
Sleep
SetEvent
CreateEventA
GetModuleHandleA
lstrlenA
GetVersionExA
WideCharToMultiByte
MultiByteToWideChar
LocalFree
FormatMessageA
HeapAlloc
HeapFree
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
ExitThread
CreateThread
GetCommandLineA
GetProcessHeap
DeleteFileA
HeapReAlloc
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
GetCPInfo
ExitProcess
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
WriteFile
GetStdHandle
HeapSize
GetLastError

shell32

SHGetFolderPathA
SHCreateDirectoryExA

ole32

CoCreateGuid

ws2_32

getpeername
getservbyname
WSAStringToAddressA
select
getsockopt
connect
accept
__WSAFDIsSet
WSASendTo
WSARecv
shutdown
WSARecvFrom
inet_ntoa
send
socket
WSASend
listen
closesocket
WSACleanup
getsockname
setsockopt
bind
WSAGetLastError
WSAStartup
gethostname
htonl
ntohl
WSASetLastError
inet_addr
gethostbyname
recvfrom
WSASocketA
sendto
htons
ntohs
ioctlsocket

mswsock

AcceptEx
GetAcceptExSockaddrs

iphlpapi

GetIpAddrTable

user32

wsprintfA
PostMessageA

advapi32

CryptReleaseContext
CryptAcquireContextA
CryptHashData
CryptGetHashParam
CryptCreateHash
CryptDestroyHash

Exports

Exports

LiveCleanup
LiveGetChannelParameter
LiveGetChannelStatus
LiveSetChannelCallback
LiveSetChannelParameter
LiveSetChannelPlayerStatus
LiveSetChannelUPNP
LiveStartChannel
LiveStartup
LiveStopChannel

Sections

.text
Size: 840KB - Virtual size: 837KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/pnsis.dll
.dll windows:4 windows x86 arch:x86

31c6ac2144003ec772b515931addb3ad

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
GetCurrentProcessId
GetLongPathNameA
FreeLibrary
GlobalFree
lstrcpyA
GetVersionExA
CloseHandle
OpenProcess
TerminateProcess
DisableThreadLibraryCalls
LocalFree
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
FatalAppExitA
GetCPInfo
GetACP
GetOEMCP
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
GetCurrentThread
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
HeapAlloc
GetStringTypeA
GetStringTypeW
RtlUnwind
Sleep
InterlockedDecrement
InterlockedIncrement
UnhandledExceptionFilter
VirtualAlloc
HeapReAlloc
IsBadWritePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetTimeZoneInformation
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA

advapi32

BuildExplicitAccessWithNameA
SetEntriesInAclA
SetNamedSecurityInfoA
GetNamedSecurityInfoA

Exports

Exports

AddEveryoneToAcl
KillLinger

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/pplugin2.dll
.dll regsvr32 windows:4 windows x86 arch:x86

2a8bfb8a1144751d8d12e443415e4f1c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

19/11/2009, 00:00

Not After

18/11/2012, 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

40:44:b9:54:2d:81:22:d2:a0:63:ea:0e:91:4c:b4:33:e4:b4:22:46
Signer

Actual PE Digest

40:44:b9:54:2d:81:22:d2:a0:63:ea:0e:91:4c:b4:33:e4:b4:22:46

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GetCurrentThreadId
MulDiv
FlushInstructionCache
CreateFileW
SetEndOfFile
GlobalLock
WriteFile
LocalFree
GetVersionExW
LoadLibraryA
GlobalUnlock
InitializeCriticalSection
lstrcatW
DeleteCriticalSection
HeapDestroy
DisableThreadLibraryCalls
lstrcpynW
lstrcmpiW
FindResourceW
LoadResource
SizeofResource
GetShortPathNameW
MultiByteToWideChar
CreateEventW
FindClose
FindNextFileW
lstrcpyW
WaitForSingleObject
FindFirstFileW
SetLastError
WideCharToMultiByte
GetPrivateProfileIntW
GetPrivateProfileStringW
LoadLibraryExW
GetModuleFileNameW
GetEnvironmentVariableW
TerminateProcess
EnterCriticalSection
LeaveCriticalSection
LoadLibraryW
FreeLibrary
OpenMutexW
lstrlenA
OutputDebugStringW
DebugBreak
lstrlenW
InterlockedDecrement
InterlockedIncrement
CreateDirectoryW
GetLastError
CopyFileW
CreateProcessW
CloseHandle
GetCurrentProcess
GetModuleHandleW
GetProcAddress
ReadFile

user32

RegisterWindowMessageW
PostMessageW
DrawTextW
MapWindowPoints
IsWindow
SendMessageW
CreateWindowExW
DestroyWindow
GetWindowLongW
SetWindowTextW
GetWindowRect
CallWindowProcW
ScreenToClient
SetTimer
KillTimer
SetDlgItemTextW
GetDlgItem
SetWindowPos
SetWindowLongW
BeginPaint
EndPaint
wvsprintfW
CharNextW
LoadStringW
MoveWindow
IsChild
WaitForInputIdle
ShowWindow
GetKeyState
PtInRect
UnionRect
GetFocus
SetWindowRgn
OffsetRect
EqualRect
IntersectRect
ReleaseDC
GetDC
InvalidateRect
RegisterClassExW
wsprintfW
LoadCursorW
GetClassInfoExW
DefWindowProcW
SetFocus
GetParent
CreateDialogParamW
RedrawWindow
GetClientRect

gdi32

CreateDCW
LPtoDP
SetMapMode
SetViewportOrgEx
GetDeviceCaps
CreateMetaFileW
SaveDC
SetWindowOrgEx
SetWindowExtEx
RestoreDC
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
DeleteDC
GetObjectW
CreateFontIndirectW
DeleteObject
SetBkColor
ExtTextOutW
SetTextColor
SetBkMode
SelectObject
GetStockObject

advapi32

RegDeleteKeyW
GetTokenInformation
OpenProcessToken
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteValueW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

ShellExecuteW
ShellExecuteA
ShellExecuteExW
SHGetFolderPathW

ole32

CreateDataAdviseHolder
CreateOleAdviseHolder
OleLoadFromStream
WriteClassStm
OleSaveToStream
CoTaskMemFree
CreateBindCtx
OleRegGetUserType
OleRegEnumVerbs
OleRegGetMiscStatus
CoTaskMemRealloc
CoTaskMemAlloc
CLSIDFromString
CoCreateInstance

oleaut32

VariantClear
VariantCopy
VariantInit
SysAllocString
LoadTypeLi
RegisterTypeLi
SysStringLen
LoadRegTypeLi
OleCreatePropertyFrame
SysAllocStringByteLen
VariantChangeType
SysStringByteLen
SysAllocStringLen
SysFreeString
VarUI4FromStr

urlmon

RegisterBindStatusCallback
CreateURLMoniker

msvcp60

??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??Mstd@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?empty@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE_NXZ
??0Init@ios_base@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z

msvcrt

__CxxFrameHandler
wcsncpy
memset
wcscpy
realloc
free
wcscmp
memcpy
??2@YAPAXI@Z
wcslen
iswdigit
_wtoi
malloc
wcscat
_wcsicmp
swprintf
strlen
_wfullpath
_CxxThrowException
wcsrchr
memcmp
_purecall
_wcsdup
??1type_info@@UAE@XZ
wcstoul
_adjust_fdiv
_initterm
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
rand
_snwprintf

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

shlwapi

PathFileExistsW
PathRemoveFileSpecW
PathAppendW

Exports

Exports

?GetCurrentVersionW@@YGHIPAGK@Z
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 160KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ppp.dll
.dll regsvr32 windows:4 windows x86 arch:x86

46929088280429ac3354990b94720261

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

19/11/2009, 00:00

Not After

18/11/2012, 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

cc:90:4b:17:da:27:76:65:f2:2a:ab:dd:f4:84:b2:36:09:c6:ba:ee
Signer

Actual PE Digest

cc:90:4b:17:da:27:76:65:f2:2a:ab:dd:f4:84:b2:36:09:c6:ba:ee

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42u

ord5852
ord3658
ord1115
ord1173
ord1568
ord1165
ord1570
ord1179
ord1863
ord1240
ord1194
ord1563
ord1248
ord1250
ord1571
ord600
ord826
ord269
ord1560
ord268
ord4199
ord4272
ord2756
ord2859
ord470
ord2746
ord755
ord942
ord5679
ord5706
ord4124
ord6770
ord2822
ord2910
ord5568
ord6139
ord940
ord925
ord6466
ord1128
ord2717
ord3948
ord815
ord561
ord3733
ord4418
ord4616
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5710
ord5285
ord800
ord5303
ord4692
ord4074
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord4269
ord927
ord5929
ord834
ord860
ord823
ord920
ord3050
ord3420
ord6874
ord5857
ord538
ord537
ord541
ord922
ord801
ord6868
ord1594
ord535
ord858
ord2606
ord2810
ord861
ord825
ord540
ord342

msvcrt

_findfirst
rand
srand
fclose
fgetws
_wfopen
wcsncpy
swprintf
strcat
_findclose
tolower
islower
toupper
isalnum
isspace
wcslen
realloc
memcpy
_wcsicmp
_purecall
_itow
memcmp
wcscmp
strrchr
_i64tow
atol
strncpy
sscanf
memset
_ftol
wcscpy
sprintf
strcpy
wcstoul
_wtoi
malloc
free
strlen
atoi
__CxxFrameHandler
_CxxThrowException
_wcsdup
_snprintf
strcmp
fprintf
fputs
isalpha
strncmp
strchr
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
_findnext

kernel32

WideCharToMultiByte
MultiByteToWideChar
lstrlenW
GetACP
lstrlenA
WritePrivateProfileStringW
CopyFileW
LocalFree
GetLastError
DeviceIoControl
GetPrivateProfileStringW
GetVersionExA
GetModuleFileNameA
GetModuleHandleA
CreateMutexW
MapViewOfFile
OpenFileMappingW
ReleaseMutex
FlushViewOfFile
UnmapViewOfFile
GetEnvironmentVariableW
GetProcAddress
LoadLibraryW
FreeLibrary
GetTickCount
DeleteFileW
GetTempPathW
CreateDirectoryW
LeaveCriticalSection
EnterCriticalSection
FlushInstructionCache
GetCurrentProcess
InterlockedDecrement
TerminateProcess
CloseHandle
CreateProcessW
WaitForSingleObject
GetModuleFileNameW
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
OutputDebugStringW
LoadLibraryExW
GetSystemInfo
GetModuleHandleW
GetVersionExW
GetPrivateProfileIntW
VirtualQuery
Sleep
CreateFileA
LocalAlloc
GetSystemTime

user32

KillTimer
SetWindowLongW
DefWindowProcW
RegisterWindowMessageW
GetWindowLongW
CallWindowProcW
GetClientRect
IsWindow
DestroyWindow
FindWindowW
SendMessageW
SetWindowTextW
ShowWindow
BringWindowToTop
MoveWindow
GetWindowRect
wsprintfW
GetWindowThreadProcessId
CreateWindowExW
SetTimer
GetAncestor
SetWindowPos
PostMessageW
WaitForInputIdle

advapi32

RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
OpenProcessToken
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW

shell32

SHGetFolderPathW

ole32

CoCreateGuid
CoCreateInstance

oleaut32

SysAllocStringLen
LoadTypeLi
VariantChangeType
SysStringByteLen
SysAllocStringByteLen
VariantInit
SysAllocString
SysStringLen
LoadRegTypeLi
VariantClear
DispCallFunc
SysFreeString

atl

ord21
ord42
ord18
ord10
ord58
ord30
ord57
ord23
ord15
ord53
ord16
ord32
ord44
ord43
ord45
ord48
ord11
ord47

msvcp60

??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
?resize@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
?is_open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IPBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?empty@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE_NXZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?good@ios_base@std@@QBE_NXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAGI@Z

rpcrt4

UuidToStringW
UuidFromStringA

ws2_32

gethostname
gethostbyname
inet_addr
inet_ntoa

shlwapi

PathRemoveExtensionW
PathFindExtensionW
PathRemoveFileSpecW
PathFileExistsW
PathAppendW
StrStrIW
StrStrIA
PathStripPathW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
NSGetModule

Sections

.text
Size: 204KB - Virtual size: 202KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/time.dll
.dll windows:4 windows x86 arch:x86

2e3a4d1f132aea64d421c1e936bcc407

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FileTimeToSystemTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
lstrcmpiA
lstrcpynA
GlobalFree
lstrcpyA
GlobalAlloc
GetSystemTime
GetLocalTime
SetSystemTime
SetLocalTime
FindClose
FindFirstFileA
CloseHandle
SetFileTime
CreateFileA
lstrcatA

user32

SendMessageA
wsprintfA

Exports

Exports

_GetFileTime
_GetFileTimeUTC
_GetLocalTime
_GetLocalTimeUTC
_MathTime
_SetFileTime
_SetFileTimeUTC
_SetLocalTime
_SetLocalTimeUTC
_TimeString
_Unload

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/uilib.dll
.dll regsvr32 windows:4 windows x86 arch:x86

9b21dc5aac1fb39dced130358580e621

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2c:50:0e:13:db:f1:f8:41:54:b8:a7:f6:26:f5:68:cb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

20/08/2008, 00:00

Not After

26/09/2009, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technical Support Dept.,O=Synacast Corp.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a4:61:7b:bd:a4:5d:6a:bb:f0:2c:3f:c0:21:0a:76:e2:9d:00:49:1d
Signer

Actual PE Digest

a4:61:7b:bd:a4:5d:6a:bb:f0:2c:3f:c0:21:0a:76:e2:9d:00:49:1d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord1132
ord6467
ord1131
ord1168
ord2725
ord5500
ord815
ord561
ord3738
ord4424
ord1116
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord825
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord540
ord535
ord800
ord537
ord941
ord823
ord1176
ord269

msvcrt

strtol
malloc
__CxxFrameHandler
free
strtok
strstr
wcslen
memmove
wcscmp
_mbsnbcpy
_strdup
_snprintf
_purecall
atoi
atof
fprintf
fread
fclose
ftell
fseek
fopen
fputc
memchr
sscanf
fputs
isalpha
isalnum
isspace
strncmp
strchr
tolower
atol
_mbstok
_ltoa
strncpy
floor
_ftol
_CxxThrowException
fwrite
fflush
getc
printf
isprint
realloc
_CIfmod
longjmp
_setjmp3
__CxxLongjmpUnwind
div
_wcsnicmp
_strcmpi
exit
_iob
getenv
abort
clearerr
_CIpow
strtod
_fdopen
_errno
_vsnprintf
strerror
calloc
_mbslen
sprintf
_except_handler3
?terminate@@YAXXZ
__dllonexit
_onexit
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
strspn

kernel32

GlobalSize
LocalFree
GlobalAlloc
GlobalLock
GlobalUnlock
SizeofResource
LoadResource
lstrcatA
MultiByteToWideChar
lstrlenA
GetACP
WideCharToMultiByte
lstrlenW
InterlockedDecrement
InterlockedIncrement
GetSystemTime
GetPrivateProfileStringA
GetLastError
GetModuleFileNameA
GetPrivateProfileIntA
WritePrivateProfileStringA
ReleaseMutex
GetLocalTime
WaitForSingleObject
CreateMutexA
LeaveCriticalSection
EnterCriticalSection
CloseHandle
CreateProcessA
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
FreeLibrary
GetProcAddress
LockResource
LoadLibraryA
GetShortPathNameA
GetModuleHandleA
LocalAlloc
lstrcpyA

user32

wsprintfA
CharNextA
RegisterWindowMessageA
PostMessageA
SetTimer
IsRectEmpty
InvalidateRect
DrawTextA
GetIconInfo
GetDC
ReleaseDC
SetRect
KillTimer

gdi32

GetStockObject
CreateFontIndirectA
SetBkMode
StretchDIBits
RectVisible
CreateCompatibleBitmap
CreateBitmap
SetBkColor
StretchBlt
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
SetStretchBltMode
SetDIBitsToDevice
BitBlt
GetObjectA
SelectObject
RealizePalette
GetDIBits
CreateCompatibleDC
CreateDIBSection
DeleteDC
CreateDIBitmap
ExtCreateRegion
CombineRgn
DeleteObject
SetTextColor

advapi32

RegCloseKey
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA

ole32

CLSIDFromString
StringFromGUID2
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemAlloc

oleaut32

SysFreeString
SysAllocStringLen
RegisterTypeLi
LoadTypeLi
SysAllocString

msvcp60

??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??_7?$basic_ofstream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_filebuf@DU?$char_traits@D@std@@@std@@6B@
??1locale@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??_8?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@7B@
??0ios_base@std@@IAE@XZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??_7?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
?_Mode@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEHH@Z
?_Init@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXPBDIH@Z
??_7?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?_Tidy@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??1ios_base@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Xran@std@@YAXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
?__Fiopen@std@@YAPAU_iobuf@@PBDH@Z
?_Init@?$basic_filebuf@DU?$char_traits@D@std@@@std@@IAEXPAU_iobuf@@W4_Initfl@12@@Z
?_Initcvt@?$basic_filebuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xlen@std@@YAXXZ
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

shlwapi

PathRemoveFileSpecA
PathAppendA

rpcrt4

UuidFromStringA

Exports

Exports

CreatePlayLink
DllCanUnloadNow
DllGetClassObject
DllGetInstance
DllGetInstanceEx
DllRegisterServer
DllUnregisterServer
adler32
compress
compress2
compressBound
crc32
deflate
deflateBound
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflatePrime
deflateReset
deflateSetDictionary
get_crc_table
gzclearerr
gzclose
gzdopen
gzeof
gzerror
gzflush
gzgetc
gzgets
gzopen
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzsetparams
gztell
gzungetc
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCopy
inflateEnd
inflateInit2_
inflateInit_
inflateReset
inflateSetDictionary
inflateSync
inflateSyncPoint
uncompress
zError

Sections

.text
Size: 304KB - Virtual size: 302KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/Internet Explorer/PPLite/plugin/$OUTDIR/pplugin2.dll
.dll regsvr32 windows:4 windows x86 arch:x86

2a8bfb8a1144751d8d12e443415e4f1c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

19/11/2009, 00:00

Not After

18/11/2012, 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

40:44:b9:54:2d:81:22:d2:a0:63:ea:0e:91:4c:b4:33:e4:b4:22:46
Signer

Actual PE Digest

40:44:b9:54:2d:81:22:d2:a0:63:ea:0e:91:4c:b4:33:e4:b4:22:46

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GetCurrentThreadId
MulDiv
FlushInstructionCache
CreateFileW
SetEndOfFile
GlobalLock
WriteFile
LocalFree
GetVersionExW
LoadLibraryA
GlobalUnlock
InitializeCriticalSection
lstrcatW
DeleteCriticalSection
HeapDestroy
DisableThreadLibraryCalls
lstrcpynW
lstrcmpiW
FindResourceW
LoadResource
SizeofResource
GetShortPathNameW
MultiByteToWideChar
CreateEventW
FindClose
FindNextFileW
lstrcpyW
WaitForSingleObject
FindFirstFileW
SetLastError
WideCharToMultiByte
GetPrivateProfileIntW
GetPrivateProfileStringW
LoadLibraryExW
GetModuleFileNameW
GetEnvironmentVariableW
TerminateProcess
EnterCriticalSection
LeaveCriticalSection
LoadLibraryW
FreeLibrary
OpenMutexW
lstrlenA
OutputDebugStringW
DebugBreak
lstrlenW
InterlockedDecrement
InterlockedIncrement
CreateDirectoryW
GetLastError
CopyFileW
CreateProcessW
CloseHandle
GetCurrentProcess
GetModuleHandleW
GetProcAddress
ReadFile

user32

RegisterWindowMessageW
PostMessageW
DrawTextW
MapWindowPoints
IsWindow
SendMessageW
CreateWindowExW
DestroyWindow
GetWindowLongW
SetWindowTextW
GetWindowRect
CallWindowProcW
ScreenToClient
SetTimer
KillTimer
SetDlgItemTextW
GetDlgItem
SetWindowPos
SetWindowLongW
BeginPaint
EndPaint
wvsprintfW
CharNextW
LoadStringW
MoveWindow
IsChild
WaitForInputIdle
ShowWindow
GetKeyState
PtInRect
UnionRect
GetFocus
SetWindowRgn
OffsetRect
EqualRect
IntersectRect
ReleaseDC
GetDC
InvalidateRect
RegisterClassExW
wsprintfW
LoadCursorW
GetClassInfoExW
DefWindowProcW
SetFocus
GetParent
CreateDialogParamW
RedrawWindow
GetClientRect

gdi32

CreateDCW
LPtoDP
SetMapMode
SetViewportOrgEx
GetDeviceCaps
CreateMetaFileW
SaveDC
SetWindowOrgEx
SetWindowExtEx
RestoreDC
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
DeleteDC
GetObjectW
CreateFontIndirectW
DeleteObject
SetBkColor
ExtTextOutW
SetTextColor
SetBkMode
SelectObject
GetStockObject

advapi32

RegDeleteKeyW
GetTokenInformation
OpenProcessToken
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteValueW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

ShellExecuteW
ShellExecuteA
ShellExecuteExW
SHGetFolderPathW

ole32

CreateDataAdviseHolder
CreateOleAdviseHolder
OleLoadFromStream
WriteClassStm
OleSaveToStream
CoTaskMemFree
CreateBindCtx
OleRegGetUserType
OleRegEnumVerbs
OleRegGetMiscStatus
CoTaskMemRealloc
CoTaskMemAlloc
CLSIDFromString
CoCreateInstance

oleaut32

VariantClear
VariantCopy
VariantInit
SysAllocString
LoadTypeLi
RegisterTypeLi
SysStringLen
LoadRegTypeLi
OleCreatePropertyFrame
SysAllocStringByteLen
VariantChangeType
SysStringByteLen
SysAllocStringLen
SysFreeString
VarUI4FromStr

urlmon

RegisterBindStatusCallback
CreateURLMoniker

msvcp60

??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??Mstd@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?empty@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE_NXZ
??0Init@ios_base@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z

msvcrt

__CxxFrameHandler
wcsncpy
memset
wcscpy
realloc
free
wcscmp
memcpy
??2@YAPAXI@Z
wcslen
iswdigit
_wtoi
malloc
wcscat
_wcsicmp
swprintf
strlen
_wfullpath
_CxxThrowException
wcsrchr
memcmp
_purecall
_wcsdup
??1type_info@@UAE@XZ
wcstoul
_adjust_fdiv
_initterm
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
rand
_snwprintf

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

shlwapi

PathFileExistsW
PathRemoveFileSpecW
PathAppendW

Exports

Exports

?GetCurrentVersionW@@YGHIPAGK@Z
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 160KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/Internet Explorer/PPLite/plugin/1.0.0.13/$OUTDIR/mframe.dll
.dll regsvr32 windows:4 windows x86 arch:x86

b1a4cd97a03147d1e3e766f3602fd630

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

19/11/2009, 00:00

Not After

18/11/2012, 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

45:a9:e0:de:d8:30:19:44:73:27:f9:41:61:79:9b:82:79:7c:b3:32
Signer

Actual PE Digest

45:a9:e0:de:d8:30:19:44:73:27:f9:41:61:79:9b:82:79:7c:b3:32

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42u

ord2810
ord956
ord3688
ord1634
ord3614
ord2371
ord861
ord2362
ord858
ord2634
ord2966
ord5755
ord6188
ord5752
ord6182
ord4324
ord6185
ord6017
ord5869
ord5790
ord5674
ord5732
ord5575
ord5567
ord6057
ord5860
ord3591
ord535
ord925
ord4124
ord6354
ord2756
ord4197
ord2859
ord6190
ord922
ord940
ord5706
ord3566
ord5781
ord6195
ord5795
ord1173
ord2862
ord4269
ord6371
ord4480
ord2546
ord2504
ord5783
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord4074
ord4692
ord5303
ord5285
ord5710
ord4616
ord3733
ord561
ord815
ord3948
ord2717
ord1165
ord2606
ord6193
ord6107
ord6238
ord2105
ord2559
ord2444
ord927
ord3711
ord790
ord5977
ord3541
ord4118
ord1143
ord2822
ord3016
ord1115
ord1568
ord1570
ord1179
ord342
ord1240
ord1194
ord1563
ord1248
ord1250
ord1571
ord600
ord826
ord269
ord5784
ord6871
ord6168
ord5785
ord537
ord2114
ord1088
ord860
ord2910
ord5568
ord942
ord556
ord809
ord3716
ord2078
ord4294
ord538
ord2294
ord795
ord4470
ord4704
ord6330
ord3087
ord4229
ord2356
ord2287
ord2350
ord2293
ord641
ord324
ord3592
ord4419
ord5276
ord4401
ord1767
ord6048
ord2506
ord4992
ord4847
ord4370
ord5261
ord6211
ord6466
ord567
ord3397
ord2573
ord4214
ord1633
ord3658
ord825
ord2406
ord3621
ord3568
ord470
ord755
ord2854
ord2746
ord283
ord5871
ord540
ord3798
ord323
ord2397
ord640
ord800
ord6451
ord5047
ord4270
ord692
ord3634
ord4418
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5286
ord4347
ord6370
ord5157
ord2377
ord5237
ord4395
ord1768
ord4073
ord6051
ord2016
ord2405
ord6362
ord1764
ord823
ord5727

msvcrt

wcscmp
abs
swprintf
_ftol
atoi
_purecall
_wcsicmp
memset
malloc
free
_wcsnicmp
fflush
vfprintf
fopen
_snprintf
strncpy
fclose
memcmp
realloc
wcslen
iswdigit
_wtoi
_wcsdup
_getdrives
strlen
isspace
wcscpy
srand
rand
_except_handler3
memcpy
__CxxFrameHandler
isalnum
?terminate@@YAXXZ
__dllonexit
_onexit
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
strcpy

kernel32

OutputDebugStringW
DeleteCriticalSection
LoadLibraryExW
InterlockedIncrement
GetPrivateProfileStringW
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
GetLongPathNameW
GetCurrentProcess
FlushInstructionCache
WideCharToMultiByte
LoadLibraryA
lstrcpynW
GetWindowsDirectoryW
FreeLibrary
GetTickCount
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
LoadLibraryW
OutputDebugStringA
GetLastError
SetLastError
lstrlenW
InterlockedDecrement
InitializeCriticalSection
lstrcmpW
SetUnhandledExceptionFilter
GetLocalTime
lstrcatA
lstrcpyA
GetModuleFileNameA
GetLongPathNameA
Module32FirstW
CreateToolhelp32Snapshot
CloseHandle
Module32NextW
FindClose
FindFirstFileA
GetCurrentThread
VirtualQuery
DebugBreak
lstrlenA
GetPrivateProfileIntW
WritePrivateProfileStringW
GetEnvironmentVariableW
MultiByteToWideChar
LocalFree
LocalAlloc
lstrcpyW
GetCurrentThreadId

user32

EnableWindow
RedrawWindow
DrawTextW
FillRect
InflateRect
CopyRect
GetSysColor
DestroyWindow
CreateWindowExW
UnhookWindowsHookEx
GetWindowRect
GetWindowLongW
SystemParametersInfoW
GetClientRect
MapWindowPoints
SetWindowPos
GetDlgItem
GetParent
SetDlgItemTextW
SendMessageW
SetWindowsHookExW
CallNextHookEx
GetKeyState
GetMenuItemInfoW
SetMenuItemInfoW
SetMenuDefaultItem
CreateDialogParamW
GetDoubleClickTime
EndDeferWindowPos
DeferWindowPos
ScreenToClient
ShowWindow
BeginDeferWindowPos
IsWindow
PostMessageW
MessageBoxA
LoadStringW
SetRect
wsprintfW
CharNextW
GetFocus
GetDC
IsRectEmpty
MoveWindow
SetWindowTextW
LoadImageW
IsChild
SetFocus
DestroyMenu
TrackPopupMenu
GetSubMenu
LoadMenuW
DialogBoxParamW
SetRectEmpty
GetAncestor
MonitorFromWindow
GetMonitorInfoW
SetParent
SetForegroundWindow
EndDialog
GetClassNameW
WindowFromPoint
SetActiveWindow
GetCursorPos
BringWindowToTop
IsWindowVisible
RegisterWindowMessageW
GrayStringW
TabbedTextOutW
EndPaint
BeginPaint
GetMenu
AdjustWindowRectEx
GetDlgCtrlID
SetCapture
IsWindowEnabled
KillTimer
SetTimer
UpdateWindow
ClientToScreen
DefWindowProcW
SetWindowLongW
DrawEdge
DrawFocusRect
CallWindowProcW
ReleaseDC
PtInRect
GetCapture
SetCursor
CopyIcon
LoadCursorW
wvsprintfW
GetSystemMetrics
InvalidateRect
ReleaseCapture
LoadBitmapW
GetWindowTextW
GetWindow
SetClassLongW

gdi32

SetTextColor
GetBkColor
GetViewportExtEx
SetBkMode
LPtoDP
FloodFill
GetStockObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
DPtoLP
CreateBitmap
CreateCompatibleBitmap
GetMapMode
SetMapMode
SetBkColor
GetObjectW
Rectangle
CreateFontIndirectW
CreatePen
GetTextExtentPoint32W
CreateSolidBrush
CreateDIBSection
CreateCompatibleDC
SelectObject
StretchBlt
DeleteDC
BitBlt
DeleteObject
GetWindowExtEx

advapi32

RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCloseKey

shell32

ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFolderPathW
SHGetMalloc

ole32

CoTaskMemFree
CreateBindCtx

oleaut32

SysStringLen
LoadRegTypeLi
DispCallFunc
LoadTypeLi
SysAllocStringLen
SysAllocString
VariantClear
SysFreeString

urlmon

RegisterBindStatusCallback
CreateURLMoniker

atl

ord11
ord43
ord15
ord44
ord32
ord10
ord45
ord42
ord30
ord53
ord21
ord58
ord18
ord57
ord16

msimg32

GradientFill

msvcp60

?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??1_Lockit@std@@QAE@XZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

pplugin2

?GetCurrentVersionW@@YGHIPAGK@Z

shlwapi

PathFindFileNameA
PathFileExistsW
PathStripPathW
PathAppendA
PathRemoveFileSpecA
PathAppendW
PathRemoveFileSpecW

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 264KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 272KB - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/Internet Explorer/PPLite/plugin/1.0.0.13/$OUTDIR/ppp.dll
.dll regsvr32 windows:4 windows x86 arch:x86

46929088280429ac3354990b94720261

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

19/11/2009, 00:00

Not After

18/11/2012, 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

cc:90:4b:17:da:27:76:65:f2:2a:ab:dd:f4:84:b2:36:09:c6:ba:ee
Signer

Actual PE Digest

cc:90:4b:17:da:27:76:65:f2:2a:ab:dd:f4:84:b2:36:09:c6:ba:ee

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42u

ord5852
ord3658
ord1115
ord1173
ord1568
ord1165
ord1570
ord1179
ord1863
ord1240
ord1194
ord1563
ord1248
ord1250
ord1571
ord600
ord826
ord269
ord1560
ord268
ord4199
ord4272
ord2756
ord2859
ord470
ord2746
ord755
ord942
ord5679
ord5706
ord4124
ord6770
ord2822
ord2910
ord5568
ord6139
ord940
ord925
ord6466
ord1128
ord2717
ord3948
ord815
ord561
ord3733
ord4418
ord4616
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5710
ord5285
ord800
ord5303
ord4692
ord4074
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord4269
ord927
ord5929
ord834
ord860
ord823
ord920
ord3050
ord3420
ord6874
ord5857
ord538
ord537
ord541
ord922
ord801
ord6868
ord1594
ord535
ord858
ord2606
ord2810
ord861
ord825
ord540
ord342

msvcrt

_findfirst
rand
srand
fclose
fgetws
_wfopen
wcsncpy
swprintf
strcat
_findclose
tolower
islower
toupper
isalnum
isspace
wcslen
realloc
memcpy
_wcsicmp
_purecall
_itow
memcmp
wcscmp
strrchr
_i64tow
atol
strncpy
sscanf
memset
_ftol
wcscpy
sprintf
strcpy
wcstoul
_wtoi
malloc
free
strlen
atoi
__CxxFrameHandler
_CxxThrowException
_wcsdup
_snprintf
strcmp
fprintf
fputs
isalpha
strncmp
strchr
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
_findnext

kernel32

WideCharToMultiByte
MultiByteToWideChar
lstrlenW
GetACP
lstrlenA
WritePrivateProfileStringW
CopyFileW
LocalFree
GetLastError
DeviceIoControl
GetPrivateProfileStringW
GetVersionExA
GetModuleFileNameA
GetModuleHandleA
CreateMutexW
MapViewOfFile
OpenFileMappingW
ReleaseMutex
FlushViewOfFile
UnmapViewOfFile
GetEnvironmentVariableW
GetProcAddress
LoadLibraryW
FreeLibrary
GetTickCount
DeleteFileW
GetTempPathW
CreateDirectoryW
LeaveCriticalSection
EnterCriticalSection
FlushInstructionCache
GetCurrentProcess
InterlockedDecrement
TerminateProcess
CloseHandle
CreateProcessW
WaitForSingleObject
GetModuleFileNameW
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
OutputDebugStringW
LoadLibraryExW
GetSystemInfo
GetModuleHandleW
GetVersionExW
GetPrivateProfileIntW
VirtualQuery
Sleep
CreateFileA
LocalAlloc
GetSystemTime

user32

KillTimer
SetWindowLongW
DefWindowProcW
RegisterWindowMessageW
GetWindowLongW
CallWindowProcW
GetClientRect
IsWindow
DestroyWindow
FindWindowW
SendMessageW
SetWindowTextW
ShowWindow
BringWindowToTop
MoveWindow
GetWindowRect
wsprintfW
GetWindowThreadProcessId
CreateWindowExW
SetTimer
GetAncestor
SetWindowPos
PostMessageW
WaitForInputIdle

advapi32

RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
OpenProcessToken
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW

shell32

SHGetFolderPathW

ole32

CoCreateGuid
CoCreateInstance

oleaut32

SysAllocStringLen
LoadTypeLi
VariantChangeType
SysStringByteLen
SysAllocStringByteLen
VariantInit
SysAllocString
SysStringLen
LoadRegTypeLi
VariantClear
DispCallFunc
SysFreeString

atl

ord21
ord42
ord18
ord10
ord58
ord30
ord57
ord23
ord15
ord53
ord16
ord32
ord44
ord43
ord45
ord48
ord11
ord47

msvcp60

??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
?resize@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
?is_open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IPBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?empty@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE_NXZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?good@ios_base@std@@QBE_NXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAGI@Z

rpcrt4

UuidToStringW
UuidFromStringA

ws2_32

gethostname
gethostbyname
inet_addr
inet_ntoa

shlwapi

PathRemoveExtensionW
PathFindExtensionW
PathRemoveFileSpecW
PathFileExistsW
PathAppendW
StrStrIW
StrStrIA
PathStripPathW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
NSGetModule

Sections

.text
Size: 204KB - Virtual size: 202KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff8d8dbb96b7ab762c0ce51911e4d104

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 107KB

.ndata Size: - Virtual size: 52KB

.rsrc Size: 177KB - Virtual size: 176KB

77e580ab607c48dfa294a5b7ae2f07dd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65Certificate

Extended Key Usages

Key Usages

53:21:a1:58:eb:7c:d7:04:35:10:18:60:01:b8:cc:ba:58:bf:b2:0bSigner

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

urlmon

wininet

psapi

Exports

Exports

Sections

.text Size: 580KB - Virtual size: 580KB

.rdata Size: 149KB - Virtual size: 149KB

.data Size: 15KB - Virtual size: 33KB

.rsrc Size: 24KB - Virtual size: 23KB

.reloc Size: 39KB - Virtual size: 38KB

8b09590074c9596dc529d255269e0815

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65Certificate

Extended Key Usages

Key Usages

b1:8d:92:46:7c:9b:bc:d9:ea:1d:6e:30:86:d6:f5:5d:b3:25:0c:f5Signer

Headers

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 107KB

.ndata
Size: - Virtual size: 52KB

.rsrc
Size: 177KB - Virtual size: 176KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

53:21:a1:58:eb:7c:d7:04:35:10:18:60:01:b8:cc:ba:58:bf:b2:0b
Signer

.text
Size: 580KB - Virtual size: 580KB

.rdata
Size: 149KB - Virtual size: 149KB

.data
Size: 15KB - Virtual size: 33KB

.rsrc
Size: 24KB - Virtual size: 23KB

.reloc
Size: 39KB - Virtual size: 38KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

b1:8d:92:46:7c:9b:bc:d9:ea:1d:6e:30:86:d6:f5:5d:b3:25:0c:f5
Signer

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 132KB - Virtual size: 128KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

2c:50:0e:13:db:f1:f8:41:54:b8:a7:f6:26:f5:68:cb
Certificate

a4:61:7b:bd:a4:5d:6a:bb:f0:2c:3f:c0:21:0a:76:e2:9d:00:49:1d
Signer

.text
Size: 304KB - Virtual size: 302KB

.rdata
Size: 48KB - Virtual size: 45KB

.data
Size: 20KB - Virtual size: 21KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 16KB - Virtual size: 12KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

86:5b:4d:43:95:47:7d:ce:88:a1:25:24:03:5c:e1:33:65:f4:9f:f7
Signer