dbfdbc0ca5ce839c3130fc0a70bfca11_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

dbfdbc0ca5ce839c3130fc0a70bfca11_JaffaCakes118
Size

13.0MB
MD5

dbfdbc0ca5ce839c3130fc0a70bfca11
SHA1

d264557f821b3f57bb0b48bb1623a76794c7fe9a
SHA256

687245edbeb811c486a5845b4c5b707df7ddb55f543d11327860c9499b92b706
SHA512

8e8c066c47e3108ed78795711fee227074f8ecf917634c9a5f60b42e74eca58eb7c434c49b27920788365e0b6577df3627474c4c83bdedde7f087ae148f5ec75
SSDEEP

393216:6mP2/+kNjrg7Rb4vLrUyWmOaKXh+6EzKArKGEpFM:je/+srAZerUyW4B3ebM

Score

7^/10

qr link upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack002/LePai_EX.dll	acprotect

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/LePai_ChangeEquipment.exe	upx
static1/unpack002/LePai_ChangeSkin.exe	upx
static1/unpack002/LePai_EX.dll	upx
static1/unpack002/LePai_SupportUs.exe	upx
static1/unpack002/Plugins/LePai_InterFace_Automounter.exe	upx
static1/unpack002/Plugins/LePai_InterFace_Modifier.exe	upx
static1/unpack002/Update.exe	upx
static1/unpack002/乐派英雄联盟宝盒.exe	upx

One or more HTTP URLs in qr code identified
Detects presence of HTTP links in QR codes.
qr link

Unsigned PE 14 IoCs

Checks for missing Authenticode signature.

resource
unpack001/LePai_LOLBox_V1.8.3/LePai_LOLBox_V1.8.3.exe
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/nsDialogs.dll
unpack002/Game/dbghelp.dll
unpack002/Game/dinput8.dll
unpack002/LePai_ChangeEquipment.exe
unpack002/LePai_ChangeSkin.exe
unpack002/LePai_EX.dll
unpack002/LePai_SupportUs.exe
unpack002/Plugins/LePai_InterFace_Automounter.exe
unpack002/Plugins/LePai_InterFace_Modifier.exe
unpack002/Update.exe
unpack002/uninst.exe
unpack002/乐派英雄联盟宝盒.exe

Files

dbfdbc0ca5ce839c3130fc0a70bfca11_JaffaCakes118
.rar
LePai_LOLBox_V1.8.3/LePai_LOLBox_V1.8.3.exe
.exe windows:5 windows x86 arch:x86

be41bf7b8cc010b614bd36bbca606973

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/backTo.png
.png
$PLUGINSDIR/bg1.png
.png
$PLUGINSDIR/bg2.png
.png
$PLUGINSDIR/bg3.png
.png
- http://j.mp/1tPKZOl
- http://weixin.qq.com/r/-nXC2lHEMgxNrRW59yDs
$PLUGINSDIR/browse.png
.png
$PLUGINSDIR/checkbox.png
.png
$PLUGINSDIR/close.png
.png
$PLUGINSDIR/confirm.png
.png
$PLUGINSDIR/custom.png
.png
$PLUGINSDIR/dui.dll
.dll windows:5 windows x86 arch:x86

ace36cef6227a6a546a5c8edc80fafc4

Code Sign

01:00:20
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

11-06-2002 10:46

Not After

11-06-2027 10:46

Subject

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

04:7a:53
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

03-03-2009 12:53

Not After

03-03-2024 12:53

Subject

CN=Certum Level III CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08-08-2009 01:00

Not After

08-08-2024 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

17:91:4e:49:3b:d9:11:38:4d:d3:df:d2:42:05:95:b5
Certificate

Issuer

CN=Certum Level III CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

16-06-2014 07:40

Not After

16-06-2015 07:40

Subject

CN=Open Source Developer\, Yi KeMi,OU=Private,O=Yi KeMi,C=CN,1.2.840.113549.1.9.1=#0c1279696b656d69406f75746c6f6f6b2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01-03-2011 01:00

Not After

01-03-2016 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17-09-2006 19:46

Not After

17-09-2036 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

1e:c7:f8:96:f0:30:a9:74:ba:e4:47:eb:53:22:5d:23:0c:ea:bf:70
Signer

Actual PE Digest

1e:c7:f8:96:f0:30:a9:74:ba:e4:47:eb:53:22:5d:23:0c:ea:bf:70

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTickCount
WideCharToMultiByte
MultiByteToWideChar
lstrcpynW
CreateThread
GlobalFree
GlobalUnlock
GlobalLock
lstrlenA
GlobalAlloc
lstrcmpW
lstrlenW
lstrcmpiW
ExitProcess
GetModuleHandleW
HeapReAlloc
GetStringTypeW
HeapFree
GetProcessHeap
HeapAlloc
GetLastError
LoadLibraryW
GetProcAddress
FreeLibrary

user32

SetCapture
GetWindowLongW
SetWindowLongW
GetClientRect
SetWindowPos
DefWindowProcW
CreateWindowExW
SetPropW
IsWindow
GetWindow
EnableWindow
GetMessageW
SetFocus
IsIconic
DispatchMessageW
PostQuitMessage
GetParent
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
SendMessageW
LoadCursorW
RegisterClassW
GetClassInfoExW
RegisterClassExW
GetPropW
RemovePropW
PostMessageW
GetKeyState
SetRectEmpty
DestroyWindow
ReleaseDC
GetDC
GetUpdateRect
BeginPaint
EndPaint
IsRectEmpty
UpdateLayeredWindow
InvalidateRect
GetCursorPos
GetFocus
SetTimer
KillTimer
TranslateMessage
ReleaseCapture
PtInRect
CharNextW
IntersectRect
SetCursor
wvsprintfW
IsWindowVisible
GetWindowRect
OffsetRect
SetWindowRgn
ScreenToClient
GetDlgItem
ShowWindow
CallWindowProcW
FindWindowExW
MessageBoxW
OpenClipboard
EmptyClipboard
SetClipboardData
wsprintfW
FindWindowW
CloseClipboard

gdi32

SetWindowOrgEx
GetStockObject
CreateFontIndirectW
CreatePen
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
SaveDC
RestoreDC
BitBlt
Rectangle
GetBitmapBits
DeleteObject
CreateRoundRectRgn
RoundRect
LineTo
MoveToEx
CreatePenIndirect
ExtTextOutW
SetBkColor
SetStretchBltMode
StretchBlt
CreateDIBSection
CombineRgn
ExtSelectClipRgn
CreateRectRgnIndirect
GetClipBox
SelectClipRgn
GetTextMetricsW
GetObjectW

ole32

CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CoCreateInstance

gdiplus

GdipGetImageHeight
GdipBitmapUnlockBits
GdipBitmapLockBits
GdiplusStartup
GdiplusShutdown
GdipFree
GdipAlloc
GdipDisposeImage
GdipCloneImage
GdipGetImageWidth
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream

shlwapi

StrToIntW

Exports

Exports

function1
function10
function11
function12
function13
function14
function15
function16
function17
function18
function19
function2
function20
function21
function22
function23
function24
function25
function26
function27
function3
function30
function31
function5
function6
function7
function8
function9

Sections

.text
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/edit.png
.png
$PLUGINSDIR/empty_bg.png
.png
$PLUGINSDIR/finish.png
.png
$PLUGINSDIR/full_bg.png
.png
$PLUGINSDIR/gotoweb.png
.png
$PLUGINSDIR/installingbg1.png
.png
$PLUGINSDIR/nsDialogs.dll
.dll windows:5 windows x86 arch:x86

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
MulDiv
lstrlenW
HeapFree
GetProcessHeap
lstrcmpiW
HeapReAlloc
lstrcpynW
GetFileAttributesW
lstrcpyW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapAlloc
GlobalFree

user32

LoadCursorW
RemovePropW
DrawFocusRect
GetPropW
DrawTextW
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetCursor
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
GetClientRect
CharPrevW
CallWindowProcW
SetPropW
DestroyWindow
MapDialogRect
CharNextW
SendMessageW
GetWindowLongW

gdi32

SetTextColor

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/onekey.png
.png
$PLUGINSDIR/shadow_active.png
.png
$PLUGINSDIR/shadow_deactive.png
.png
$PLUGINSDIR/strongbtn.png
.png
$PLUGINSDIR/weakbtn.png
.png
Config/LePaiBox.cfg
Config/LePaiChampions.ini
Game/dbghelp.dll
.dll windows:5 windows x86 arch:x86

e2a44d0c2be3c9b022bf2ee5c336defb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GlobalUnlock
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetWindowLongA

gdi32

FillRgn

winmm

waveOutReset

winspool.drv

DocumentPropertiesA

advapi32

RegCloseKey

shell32

ShellExecuteA

ole32

CLSIDFromProgID

oleaut32

VariantCopy

comctl32

ord17

ws2_32

WSAAsyncSelect

comdlg32

ChooseColorA

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
DllMain_LP
EnumDirTree
EnumDirTreeW
EnumerateLoadedModules
EnumerateLoadedModules64
EnumerateLoadedModulesEx
EnumerateLoadedModulesExW
EnumerateLoadedModulesW64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindDebugInfoFileExW
FindExecutableImage
FindExecutableImageEx
FindExecutableImageExW
FindFileInPath
FindFileInSearchPath
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapDebugInformation
MiniDumpReadDumpStream
MiniDumpWriteDump
SearchTreeForFile
SearchTreeForFileW
StackWalk
StackWalk64
SymAddSourceStream
SymAddSourceStreamA
SymAddSourceStreamW
SymAddSymbol
SymAddSymbolW
SymCleanup
SymDeleteSymbol
SymDeleteSymbolW
SymEnumLines
SymEnumLinesW
SymEnumProcesses
SymEnumSourceFileTokens
SymEnumSourceFiles
SymEnumSourceFilesW
SymEnumSourceLines
SymEnumSourceLinesW
SymEnumSym
SymEnumSymbols
SymEnumSymbolsForAddr
SymEnumSymbolsForAddrW
SymEnumSymbolsW
SymEnumTypes
SymEnumTypesByName
SymEnumTypesByNameW
SymEnumTypesW
SymEnumerateModules
SymEnumerateModules64
SymEnumerateModulesW64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindDebugInfoFile
SymFindDebugInfoFileW
SymFindExecutableImage
SymFindExecutableImageW
SymFindFileInPath
SymFindFileInPathW
SymFromAddr
SymFromAddrW
SymFromIndex
SymFromIndexW
SymFromName
SymFromNameW
SymFromToken
SymFromTokenW
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymGetHomeDirectory
SymGetHomeDirectoryW
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromAddrW64
SymGetLineFromName
SymGetLineFromName64
SymGetLineFromNameW64
SymGetLineNext
SymGetLineNext64
SymGetLineNextW64
SymGetLinePrev
SymGetLinePrev64
SymGetLinePrevW64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOmapBlockBase
SymGetOmaps
SymGetOptions
SymGetScope
SymGetScopeW
SymGetSearchPath
SymGetSearchPathW
SymGetSourceFile
SymGetSourceFileFromToken
SymGetSourceFileFromTokenW
SymGetSourceFileToken
SymGetSourceFileTokenW
SymGetSourceFileW
SymGetSourceVarFromToken
SymGetSourceVarFromTokenW
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetSymbolFile
SymGetSymbolFileW
SymGetTypeFromName
SymGetTypeFromNameW
SymGetTypeInfo
SymGetTypeInfoEx
SymGetUnwindInfo
SymInitialize
SymInitializeW
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymLoadModuleExW
SymMatchFileName
SymMatchFileNameW
SymMatchString
SymMatchStringA
SymMatchStringW
SymNext
SymNextW
SymPrev
SymPrevW
SymRefreshModuleList
SymRegisterCallback
SymRegisterCallback64
SymRegisterCallbackW64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSearch
SymSearchW
SymSetContext
SymSetHomeDirectory
SymSetHomeDirectoryW
SymSetOptions
SymSetParentWindow
SymSetScopeFromAddr
SymSetScopeFromIndex
SymSetSearchPath
SymSetSearchPathW
SymSrvDeltaName
SymSrvDeltaNameW
SymSrvGetFileIndexInfo
SymSrvGetFileIndexInfoW
SymSrvGetFileIndexString
SymSrvGetFileIndexStringW
SymSrvGetFileIndexes
SymSrvGetFileIndexesW
SymSrvGetSupplement
SymSrvGetSupplementW
SymSrvIsStore
SymSrvIsStoreW
SymSrvStoreFile
SymSrvStoreFileW
SymSrvStoreSupplement
SymSrvStoreSupplementW
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnDecorateSymbolNameW
UnmapDebugInformation
WinDbgExtensionDllInit
block
chksym
dbghelp
dh
fptr
homedir
itoldyouso
lmi
lminfo
omap
srcfiles
stack_force_ebp
stackdbg
sym
symsrv
vc7fpo

Sections

.text
Size: - Virtual size: 806KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tmd0
Size: - Virtual size: 489KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tmd1
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Game/dinput8.dll
.dll regsvr32 windows:5 windows x86 arch:x86

b5b867a77f9157dd8c9ca19cf9390c49

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

FindWindowA

psapi

GetModuleInformation

kernel32

CloseHandle
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Exports

Exports

DirectInput8Create
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tmd0
Size: - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tmd1
Size: 194KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 434B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LePai_ChangeEquipment.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
LePai_ChangeSkin.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 4.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
LePai_EX.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DestroyIndexWindow
ShowBoxGiftPage

Sections

UPX0
Size: - Virtual size: 2.8MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 586KB - Virtual size: 588KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
LePai_SupportUs.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 256KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 75KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 169KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Plugins/LePai_InterFace_Automounter.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 4.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 95KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Plugins/LePai_InterFace_Automounter.ini
Plugins/LePai_InterFace_Automounter.png
.png
Plugins/LePai_InterFace_Modifier.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 113KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Plugins/LePai_InterFace_Modifier.ini
Plugins/LePai_InterFace_Modifier.png
.png
TXSSO/SSOCommon.dll
.dll regsvr32 windows:4 windows x86 arch:x86

bdd106b816de06cf70da686a1c56b4ab

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17-01-2013 00:00

Not After

16-02-2016 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:21:5e:b4:52:25:5b:50:f2:f7:3b:86:51:81:94:18:56:a3:1b:c5
Signer

Actual PE Digest

2b:21:5e:b4:52:25:5b:50:f2:f7:3b:86:51:81:94:18:56:a3:1b:c5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Code\ssosmp_pr\trunk\SmpSSOProj\SSOPlatform\TXSSO\Output\Bin\SSOCommon.pdb

Imports

ws2_32

gethostbyname
inet_ntoa
getservbyname
gethostbyaddr
getservbyport
WSACleanup
inet_addr
gethostname
WSASetLastError
WSAGetLastError
WSAStartup
WSAAsyncGetHostByName
WSACancelAsyncRequest
accept
socket
bind
sendto
recvfrom
connect
listen
getsockopt
setsockopt
getsockname
getpeername
WSAAsyncSelect
send
ioctlsocket
recv
select
__WSAFDIsSet
closesocket

wininet

InternetErrorDlg
HttpQueryInfoW
InternetSetOptionW
HttpSendRequestW
InternetGetCookieW
InternetCloseHandle
InternetConnectW
InternetOpenW
InternetQueryOptionW
InternetCanonicalizeUrlW
HttpOpenRequestW
InternetSetCookieW
InternetCrackUrlW

winmm

timeGetTime

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

GetModuleFileNameExW

iphlpapi

GetIpForwardTable
GetIpAddrTable

kernel32

IsDebuggerPresent
RtlUnwind
GetVersionExA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
lstrcmpiW
GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
SetThreadLocale
GetThreadLocale
OutputDebugStringA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
CreateDirectoryW
GetFileAttributesW
GetFileType
RemoveDirectoryW
FindClose
FindNextFileW
DeleteFileW
SetFileAttributesW
FindFirstFileW
GetTempPathW
CloseHandle
SetFilePointer
ReadFile
CreateFileW
WriteFile
GetFileSize
GetCommandLineW
GetDiskFreeSpaceW
GetProcAddress
GetFullPathNameW
lstrcmpW
SetEndOfFile
GetFileSizeEx
CopyFileW
MoveFileExW
WideCharToMultiByte
IsBadReadPtr
GetACP
GetCPInfoExW
GetVersion
GetCurrentProcess
GetCurrentProcessId
LoadLibraryA
GetWindowsDirectoryA
HeapReAlloc
GetModuleFileNameA
LoadLibraryW
GetWindowsDirectoryW
GetSystemDirectoryW
GetVersionExW
HeapFree
HeapAlloc
GetProcessHeap
OpenProcess
lstrcpynW
SetProcessWorkingSetSize
MoveFileW
Sleep
GetSystemTimeAsFileTime
GetProcessTimes
GetModuleHandleA
GetPrivateProfileStringA
GetFileAttributesA
VirtualQuery
QueryPerformanceFrequency
SetProcessAffinityMask
GetProcessAffinityMask
GetLocaleInfoW
GetUserDefaultLCID
GetSystemDefaultLCID
IsValidLocale
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetSystemDefaultLangID
GetUserDefaultLangID
SetLocaleInfoW
GetDateFormatW
GetTimeFormatW
GetCalendarInfoW
GetCurrencyFormatW
GetNumberFormatW
GetTimeZoneInformation
FileTimeToSystemTime
FileTimeToLocalFileTime
HeapSize
CreateMutexW
WaitForSingleObject
ReleaseMutex
DeviceIoControl
GetVolumeInformationW
GetDriveTypeW
CreateProcessW
CreatePipe
DuplicateHandle
GetStdHandle
LockResource
lstrcmpiA
FindResourceExW
FormatMessageW
GlobalFree
SetLastError
LocalFree
SetEvent
SetThreadPriority
ResetEvent
TerminateThread
WaitForMultipleObjects
CreateEventW
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
HeapCompact
ExitThread
ResumeThread
CreateThread
ExitProcess
GetCommandLineA
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCPInfo
GetOEMCP
IsValidCodePage
EnumSystemLocalesA
GetStringTypeA
GetStringTypeW
SetHandleCount
InterlockedExchange
GetLocaleInfoA
GetStartupInfoA
LCMapStringA
LCMapStringW
CompareStringA
CompareStringW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
CreateFileA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetSystemDirectoryA
OpenMutexW

user32

CharNextA
CharUpperA
CharLowerA
CharUpperW
SetTimer
KillTimer
CharLowerW
GetClassInfoExW
ReleaseDC
RegisterClassExW
CreateWindowExW
DrawTextW
DefWindowProcW
GetDC
GetIconInfo
DestroyWindow
SetWindowLongW
PostMessageW
GetDesktopWindow
OpenInputDesktop
GetUserObjectInformationW
GetThreadDesktop
CloseDesktop
GetSystemMetrics
IsWindow
IsWindowVisible
GetClassNameW
UnregisterClassA
GetWindowLongW
GetParent
GetWindowRect
GetWindowTextW
SystemParametersInfoW
FindWindowW
GetWindowThreadProcessId
CharNextW
ShowWindow
GetGUIThreadInfo

gdi32

SelectObject
RealizePalette
CreateRectRgn
GetStockObject
ExtCreateRegion
StretchBlt
BitBlt
SetBkColor
CreateBitmap
CreateCompatibleBitmap
RectVisible
StretchDIBits
SetStretchBltMode
SetBkMode
SetTextColor
CreateFontIndirectW
ExtTextOutW
SetDIBitsToDevice
ExtSelectClipRgn
CreateRectRgnIndirect
GetClipBox
DeleteObject
CreateDIBitmap
DeleteDC
CreateDIBSection
GetDIBits
CreateCompatibleDC
GetObjectW

advapi32

RegQueryInfoKeyW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegOpenKeyW
RegEnumKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
OpenProcessToken
DuplicateTokenEx
RegQueryValueExW

shell32

SHGetPathFromIDListW
ShellExecuteW
ShellExecuteExW
SHGetMalloc
SHGetSpecialFolderPathW
SHGetFolderLocation

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoCreateInstance
CoCreateGuid
CoFreeLibrary
CLSIDFromString
CoLoadLibrary
CoGetMalloc

oleaut32

SysFreeString
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
SysAllocStringLen
LoadRegTypeLi
VariantClear
VariantTimeToSystemTime
SysStringLen
VarBstrCmp
VectorFromBstr
BstrFromVector
SysStringByteLen
SysAllocStringByteLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
VariantInit
SysReAllocStringLen
VariantChangeType
VarDateFromStr

shlwapi

StrCmpW

wintrust

WTHelperProvDataFromStateData
CryptCATAdminReleaseCatalogContext
CryptCATCatalogInfoFromContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminCalcHashFromFileHandle
WinVerifyTrust
WTHelperGetProvSignerFromChain
CryptCATAdminReleaseContext
CryptCATAdminAcquireContext
WTHelperGetProvCertFromChain

crypt32

CertGetNameStringW

netapi32

Netbios

rasapi32

RasEnumConnectionsW
RasGetProjectionInfoW

Exports

Exports

??0CCmdCodecBase@@QAE@XZ
??0CExpatDataCompat@@QAE@XZ
??0CExpatFileReader@@QAE@XZ
??0CExpatMemReader@@QAE@XZ
??0CFmtString@@QAE@XZ
??0CMACReader@@QAE@XZ
??0CScopeToggler@@QAE@PA_N_N@Z
??0CTXBSTR@@QAE@ABU_GUID@@@Z
??0CTXBSTR@@QAE@ABV0@@Z
??0CTXBSTR@@QAE@ABVCTXStringW@@@Z
??0CTXBSTR@@QAE@H@Z
??0CTXBSTR@@QAE@HPB_W@Z
??0CTXBSTR@@QAE@PB_W@Z
??0CTXBSTR@@QAE@XZ
??0CTXCommPack@@QAE@ABV0@@Z
??0CTXCommPack@@QAE@XZ
??0CTXCriticalSection@@QAE@ABV0@@Z
??0CTXCriticalSection@@QAE@XZ
??0CTXHttpDownload@@QAE@XZ
??0CTXHttpDownloadSink@@IAE@XZ
??0CTXHttpDownloadSink@@QAE@ABV0@@Z
??0CTXHttpUpload@@QAE@XZ
??0CTXHttpUploadBuffer@@QAE@XZ
??0CTXHttpUploadStandard@@QAE@XZ
??0CTXStringA@@QAE@ABV0@@Z
??0CTXStringA@@QAE@DH@Z
??0CTXStringA@@QAE@PBD@Z
??0CTXStringA@@QAE@PBDH@Z
??0CTXStringA@@QAE@UtagEN@@PB_WH@Z
??0CTXStringA@@QAE@UtagGBK@@PB_WH@Z
??0CTXStringA@@QAE@UtagUTF8@@PB_WH@Z
??0CTXStringA@@QAE@XZ
??0CTXStringW@@QAE@ABU_GUID@@@Z
??0CTXStringW@@QAE@ABUtagVARIANT@@@Z
??0CTXStringW@@QAE@ABV0@@Z
??0CTXStringW@@QAE@ABVCTXBSTR@@@Z
??0CTXStringW@@QAE@H@Z
??0CTXStringW@@QAE@PA_W@Z
??0CTXStringW@@QAE@PB_W@Z
??0CTXStringW@@QAE@PB_WH@Z
??0CTXStringW@@QAE@UtagEN@@PBDH@Z
??0CTXStringW@@QAE@UtagGBK@@PBDH@Z
??0CTXStringW@@QAE@UtagUTF8@@PBDH@Z
??0CTXStringW@@QAE@XZ
??0CTXStringW@@QAE@_WH@Z
??0CTXTCPDataSender@@QAE@XZ
??0CTXTLVCodecBase@@QAE@XZ
??0CTXThreadModel@@IAE@XZ
??0CTXUDPDataSender@@QAE@XZ
??0CTXVariant@@QAE@ABVCTXBuffer@@@Z
??0CxExifInfo@CxImageJPG@@QAE@PAUtag_ExifInfo@1@@Z
??0CxFile@@QAE@ABV0@@Z
??0CxFile@@QAE@PB_WK@Z
??0CxFile@@QAE@XZ
??0CxImage@@QAE@ABV0@_N11@Z
??0CxImage@@QAE@K@Z
??0CxImage@@QAE@KKKK@Z
??0CxImage@@QAE@PAEKK@Z
??0CxImage@@QAE@PAU_iobuf@@K@Z
??0CxImage@@QAE@PAVCxFile@@K@Z
??0CxImage@@QAE@PB_WK@Z
??0CxImageGIF@@QAE@ABV0@@Z
??0CxImageGIF@@QAE@XZ
??0CxImageJPG@@QAE@ABV0@@Z
??0CxImageJPG@@QAE@XZ
??0CxMemFile@@QAE@ABV0@@Z
??0CxMemFile@@QAE@KPAE@Z
??0CxPoint2@@QAE@ABV0@@Z
??0CxPoint2@@QAE@MM@Z
??0CxPoint2@@QAE@XZ
??0CxRect2@@QAE@ABV0@@Z
??0CxRect2@@QAE@MMMM@Z
??0CxRect2@@QAE@XZ
??0TiXmlAttribute@@QAE@PBD0@Z
??0TiXmlAttribute@@QAE@XZ
??0TiXmlAttributeSet@@QAE@XZ
??0TiXmlComment@@QAE@ABV0@@Z
??0TiXmlComment@@QAE@PBD@Z
??0TiXmlComment@@QAE@XZ
??0TiXmlDeclaration@@QAE@ABV0@@Z
??0TiXmlDeclaration@@QAE@PBD00@Z
??0TiXmlDeclaration@@QAE@XZ
??0TiXmlDocument@@IAE@PBD@Z
??0TiXmlDocument@@QAE@ABV0@@Z
??0TiXmlDocument@@QAE@XZ
??0TiXmlElement@@QAE@ABV0@@Z
??0TiXmlElement@@QAE@PBD@Z
??0TiXmlNode@@IAE@W4NodeType@0@@Z
??0TiXmlText@@QAE@ABV0@@Z
??0TiXmlText@@QAE@PBD@Z
??0TiXmlUnknown@@QAE@ABV0@@Z
??0TiXmlUnknown@@QAE@XZ
??0VTXTCPDataSenderTimeOutCallback@@QAE@ABV0@@Z
??0VTXTCPDataSenderTimeOutCallback@@QAE@XZ
??0VTXUDPDataSenderTimeOutCallback@@QAE@ABV0@@Z
??0VTXUDPDataSenderTimeOutCallback@@QAE@XZ
??1CCmdCodecBase@@UAE@XZ
??1CExpatDataCompat@@QAE@XZ
??1CExpatFileReader@@UAE@XZ
??1CExpatMemReader@@UAE@XZ
??1CFmtString@@QAE@XZ
??1CMACReader@@QAE@XZ
??1CScopeToggler@@QAE@XZ
??1CTXBSTR@@QAE@XZ
??1CTXCommPack@@UAE@XZ
??1CTXCriticalSection@@UAE@XZ
??1CTXHttpDownload@@UAE@XZ
??1CTXHttpDownloadSink@@UAE@XZ
??1CTXHttpUpload@@UAE@XZ
??1CTXHttpUploadBuffer@@UAE@XZ
??1CTXHttpUploadStandard@@UAE@XZ
??1CTXStringA@@QAE@XZ
??1CTXStringW@@QAE@XZ
??1CTXTCPDataSender@@UAE@XZ
??1CTXTLVCodecBase@@UAE@XZ
??1CTXThreadModel@@MAE@XZ
??1CTXUDPDataSender@@UAE@XZ
??1CxExifInfo@CxImageJPG@@QAE@XZ
??1CxFile@@UAE@XZ
??1CxImage@@UAE@XZ
??1CxImageGIF@@UAE@XZ
??1CxImageJPG@@UAE@XZ
??1CxMemFile@@UAE@XZ
??1TiXmlAttribute@@UAE@XZ
??1TiXmlAttributeSet@@QAE@XZ
??1TiXmlComment@@UAE@XZ
??1TiXmlDeclaration@@UAE@XZ
??1TiXmlDocument@@UAE@XZ
??1TiXmlElement@@UAE@XZ
??1TiXmlNode@@UAE@XZ
??1TiXmlText@@UAE@XZ
??1TiXmlUnknown@@UAE@XZ
??4CScopeToggler@@QAEAAV0@ABV0@@Z
??4CTXBSTR@@QAEAAV0@ABV0@@Z
??4CTXBSTR@@QAEAAV0@ABVCTXStringW@@@Z
??4CTXBSTR@@QAEAAV0@PB_W@Z
??4CTXCriticalSection@@QAEAAV0@ABV0@@Z
??4CTXHttpDownloadSink@@QAEAAV0@ABV0@@Z
??4CTXStringA@@QAEAAV0@ABV0@@Z
??4CTXStringA@@QAEAAV0@D@Z
??4CTXStringA@@QAEAAV0@PBD@Z
??4CTXStringW@@QAEAAV0@ABUtagVARIANT@@@Z
??4CTXStringW@@QAEAAV0@ABV0@@Z
??4CTXStringW@@QAEAAV0@ABVCTXBSTR@@@Z
??4CTXStringW@@QAEAAV0@PA_W@Z
??4CTXStringW@@QAEAAV0@PB_W@Z
??4CTXStringW@@QAEAAV0@_W@Z
??4CxExifInfo@CxImageJPG@@QAEAAV01@ABV01@@Z
??4CxFile@@QAEAAV0@ABV0@@Z
??4CxImage@@QAEAAV0@ABV0@@Z
??4CxImageGIF@@QAEAAV0@ABV0@@Z
??4CxImageJPG@@QAEAAV0@ABV0@@Z
??4CxMemFile@@QAEAAV0@ABV0@@Z
??4CxPoint2@@QAEAAV0@ABV0@@Z
??4CxRect2@@QAEAAV0@ABV0@@Z
??4TiXmlComment@@QAEXABV0@@Z
??4TiXmlDeclaration@@QAEXABV0@@Z
??4TiXmlDocument@@QAEXABV0@@Z
??4TiXmlElement@@QAEXABV0@@Z
??4TiXmlText@@QAEXABV0@@Z
??4TiXmlUnknown@@QAEXABV0@@Z
??4VTXTCPDataSenderTimeOutCallback@@QAEAAV0@ABV0@@Z
??4VTXUDPDataSenderTimeOutCallback@@QAEAAV0@ABV0@@Z
??7CTXStringA@@QBE_NXZ
??7CTXStringW@@QBE_NXZ
??8@YA_NABVCTXStringA@@0@Z
??8@YA_NABVCTXStringA@@D@Z
??8@YA_NABVCTXStringA@@PBD@Z
??8@YA_NABVCTXStringW@@0@Z
??8@YA_NABVCTXStringW@@PB_W@Z
??8@YA_NABVCTXStringW@@_W@Z
??8@YA_NDABVCTXStringA@@@Z
??8@YA_NPA_WABVCTXBSTR@@@Z
??8@YA_NPA_WABVCTXStringW@@@Z
??8@YA_NPBDABVCTXStringA@@@Z
??8@YA_NPB_WABVCTXBSTR@@@Z
??8@YA_NPB_WABVCTXStringW@@@Z
??8@YA_N_WABVCTXStringW@@@Z
??8CTXBSTR@@QBE_NABV0@@Z
??8CTXBSTR@@QBE_NPA_W@Z
??8CTXBSTR@@QBE_NPB_W@Z
??8TiXmlAttribute@@QBE_NABV0@@Z
??9@YA_NABVCTXStringA@@0@Z
??9@YA_NABVCTXStringA@@D@Z
??9@YA_NABVCTXStringA@@PBD@Z
??9@YA_NABVCTXStringW@@0@Z
??9@YA_NABVCTXStringW@@PB_W@Z
??9@YA_NABVCTXStringW@@_W@Z
??9@YA_NDABVCTXStringA@@@Z
??9@YA_NPA_WABVCTXBSTR@@@Z
??9@YA_NPBDABVCTXStringA@@@Z
??9@YA_NPB_WABVCTXBSTR@@@Z
??9@YA_NPB_WABVCTXStringW@@@Z
??9@YA_N_WABVCTXStringW@@@Z
??9CTXBSTR@@QBE_NABV0@@Z
??9CTXBSTR@@QBE_NPA_W@Z
??9CTXBSTR@@QBE_NPB_W@Z
??ACTXStringA@@QBEDH@Z
??ACTXStringW@@QBE_WH@Z
??BCTXBSTR@@QBEPA_WXZ
??BCTXCriticalSection@@QAEPAU_RTL_CRITICAL_SECTION@@XZ
??BCTXStringA@@QBEPBDXZ
??BCTXStringW@@QBEPB_WXZ
??H@YA?AVCTXStringA@@ABV0@0@Z
??H@YA?AVCTXStringA@@ABV0@D@Z
??H@YA?AVCTXStringA@@ABV0@PBD@Z
??H@YA?AVCTXStringA@@DABV0@@Z
??H@YA?AVCTXStringA@@PBDABV0@@Z
??H@YA?AVCTXStringW@@ABV0@0@Z
??H@YA?AVCTXStringW@@ABV0@PB_W@Z
??H@YA?AVCTXStringW@@ABV0@_W@Z
??H@YA?AVCTXStringW@@PB_WABV0@@Z
??H@YA?AVCTXStringW@@_WABV0@@Z
??ICTXBSTR@@QAEPAPA_WXZ
??M@YA_NABVCTXStringA@@0@Z
??M@YA_NABVCTXStringA@@PBD@Z
??M@YA_NABVCTXStringW@@0@Z
??M@YA_NABVCTXStringW@@PB_W@Z
??M@YA_NPBDABVCTXStringA@@@Z
??M@YA_NPB_WABVCTXStringW@@@Z
??MCTXBSTR@@QBE_NABV0@@Z
??MCTXBSTR@@QBE_NPA_W@Z
??MCTXBSTR@@QBE_NPB_W@Z
??MTiXmlAttribute@@QBE_NABV0@@Z
??N@YA_NABVCTXStringA@@0@Z
??N@YA_NABVCTXStringA@@PBD@Z
??N@YA_NABVCTXStringW@@0@Z
??N@YA_NABVCTXStringW@@PB_W@Z
??N@YA_NPBDABVCTXStringA@@@Z
??N@YA_NPB_WABVCTXStringW@@@Z
??O@YA_NABVCTXStringA@@0@Z
??O@YA_NABVCTXStringA@@PBD@Z
??O@YA_NABVCTXStringW@@0@Z
??O@YA_NABVCTXStringW@@PB_W@Z
??O@YA_NPBDABVCTXStringA@@@Z
??O@YA_NPB_WABVCTXStringW@@@Z
??OCTXBSTR@@QBE_NABV0@@Z
??OCTXBSTR@@QBE_NPA_W@Z
??OCTXBSTR@@QBE_NPB_W@Z
??OTiXmlAttribute@@QBE_NABV0@@Z
??P@YA_NABVCTXStringA@@0@Z
??P@YA_NABVCTXStringA@@PBD@Z
??P@YA_NABVCTXStringW@@0@Z
??P@YA_NABVCTXStringW@@PB_W@Z
??P@YA_NPBDABVCTXStringA@@@Z
??P@YA_NPB_WABVCTXStringW@@@Z
??YCTXBSTR@@QAEAAV0@ABV0@@Z
??YCTXBSTR@@QAEAAV0@ABVCTXStringW@@@Z
??YCTXBSTR@@QAEAAV0@PB_W@Z
??YCTXStringA@@QAEAAV0@ABV0@@Z
??YCTXStringA@@QAEAAV0@D@Z
??YCTXStringA@@QAEAAV0@PBD@Z
??YCTXStringW@@QAEAAV0@ABUtagVARIANT@@@Z
??YCTXStringW@@QAEAAV0@ABV0@@Z
??YCTXStringW@@QAEAAV0@ABVCTXBSTR@@@Z
??YCTXStringW@@QAEAAV0@PB_W@Z
??YCTXStringW@@QAEAAV0@_W@Z
??_7CTXCommPack@@6B@
??_7CTXCriticalSection@@6B@
??_7CTXHttpDownload@@6BCHttpTCPConnectorSink@@@
??_7CTXHttpDownload@@6BCTXThreadModel@@@
??_7CTXHttpDownloadSink@@6B@
??_7CTXHttpUpload@@6BCHttpTCPConnectorSink@@@
??_7CTXHttpUpload@@6BCTXThreadModel@@@
??_7CTXHttpUploadBuffer@@6BCHttpTCPConnectorSink@@@
??_7CTXHttpUploadBuffer@@6BCTXThreadModel@@@
??_7CTXHttpUploadStandard@@6BCHttpTCPConnectorSink@@@
??_7CTXHttpUploadStandard@@6BCTXThreadModel@@@
??_7CTXTCPDataSender@@6B@
??_7CTXUDPDataSender@@6B@
??_7CxFile@@6B@
??_7CxImage@@6B@
??_7CxImageGIF@@6B@
??_7CxImageJPG@@6B@
??_7CxMemFile@@6B@
??_7TiXmlAttribute@@6B@
??_7TiXmlComment@@6B@
??_7TiXmlDeclaration@@6B@
??_7TiXmlDocument@@6B@
??_7TiXmlElement@@6B@
??_7TiXmlNode@@6B@
??_7TiXmlText@@6B@
??_7TiXmlUnknown@@6B@
??_7VTXTCPDataSenderTimeOutCallback@@6B@
??_7VTXUDPDataSenderTimeOutCallback@@6B@
??_FCxExifInfo@CxImageJPG@@QAEXXZ
??_FCxImage@@QAEXXZ
??_FCxMemFile@@QAEXXZ
??_OCxImage@@QAEXAAV0@@Z
?Accept@TiXmlComment@@UBE_NPAVTiXmlVisitor@@@Z
?Accept@TiXmlDeclaration@@UBE_NPAVTiXmlVisitor@@@Z
?Accept@TiXmlDocument@@UBE_NPAVTiXmlVisitor@@@Z
?Accept@TiXmlElement@@UBE_NPAVTiXmlVisitor@@@Z
?Accept@TiXmlText@@UBE_NPAVTiXmlVisitor@@@Z
?Accept@TiXmlUnknown@@UBE_NPAVTiXmlVisitor@@@Z
?Add@TiXmlAttributeSet@@QAEXPAVTiXmlAttribute@@@Z
?AddAveragingCont@CxImage@@IAEXABUtagRGBQUAD@@MAAM111@Z
?AddBuf@CTXCommPack@@QAEHABVCTXBuffer@@@Z
?AddBuf@CTXCommPack@@QAEHPBEI@Z
?AddBufLenByte@CTXCommPack@@QAEHABVCTXBuffer@@@Z
?AddBufLenDWord@CTXCommPack@@QAEHABVCTXBuffer@@H@Z
?AddBufLenWord@CTXCommPack@@QAEHABVCTXBuffer@@H@Z
?AddBundleFile@TXStringBundle@@YAXPB_W0@Z
?AddByte@CTXCommPack@@QAEHE@Z
?AddConfigData@ModuleConfig@@YAJPB_W0@Z
?AddDWord@CTXCommPack@@QAEHKH@Z
?AddErrorSink@FS@@YAHPAUITXFileSystemErrorSink@@@Z
?AddEvent@CTXThreadModel@@IAEXPAX@Z
?AddFileSystem@FS@@YAJW4FILESYSTEM_TYPE@@PB_W1HHH@Z
?AddFmtString@TXStringBundle@@YAXABVCFmtString@@@Z
?AddFormData@CTXHttpDownload@@QAEXABVCTXStringW@@0@Z
?AddIdleCallback@Window@Util@@YAJPAVVTXMsgLoopIdleCallback@@@Z
?AddInfo@CTXHttpDownload@@QAEHABVCTXStringW@@0@Z
?AddInfo@CTXHttpDownload@@QAEHABVCTXStringW@@@Z
?AddInfo@CTXHttpDownload@@QAEHABVCTXStringW@@K@Z
?AddInfo@CTXHttpDownload@@QAEHABVCTXStringW@@PBEK@Z
?AddPack@CTXCommPack@@QAEHABV1@@Z
?AddPlugin@CoreCenter@Util@@YAHPA_WPAUITXData@@@Z
?AddRef@CCmdCodecBase@@MAGKXZ
?AddRelativeFileSystem@FS@@YAJPB_W00HH@Z
?AddStrA@CTXCommPack@@QAEHABVCTXStringA@@@Z
?AddStrAEndChar@CTXCommPack@@QAEHABVCTXStringA@@E@Z
?AddStrALenByte@CTXCommPack@@QAEHABVCTXStringA@@@Z
?AddStrALenDWord@CTXCommPack@@QAEHABVCTXStringA@@H@Z
?AddStrALenWord@CTXCommPack@@QAEHABVCTXStringA@@H@Z
?AddStrW@CTXCommPack@@QAEHABVCTXStringW@@@Z
?AddStrWEndChar@CTXCommPack@@QAEHABVCTXStringW@@E@Z
?AddStrWLenByte@CTXCommPack@@QAEHABVCTXStringW@@@Z
?AddStrWLenDWord@CTXCommPack@@QAEHABVCTXStringW@@H@Z
?AddStrWLenWord@CTXCommPack@@QAEHABVCTXStringW@@H@Z
?AddTLV@CTXCommPack@@QAEHEABVCTXBuffer@@W4TXCommPackDataType@@@Z
?AddTLV@CTXCommPack@@QAEHGABVCTXBuffer@@W4TXCommPackDataType@@@Z
?AddTLV@CTXCommPack@@QAEHKABVCTXBuffer@@W4TXCommPackDataType@@@Z
?AddToDeadQueue@Misc@Util@@YAXHP6AXXZ@Z
?AddUInt64@CTXCommPack@@QAEH_KH@Z
?AddVBuf@CTXCommPack@@IAEHABVCTXBuffer@@W4TXCommPackDataType@@@Z
?AddWord@CTXCommPack@@QAEHGH@Z
?Alloc@CxMemFile@@IAEXK@Z
?AllocSysString@CTXStringW@@QBEPA_WXZ
?AlphaClear@CxImage@@QAEXXZ
?AlphaCopy@CxImage@@QAE_NAAV1@@Z
?AlphaCreate@CxImage@@QAEXXZ
?AlphaDelete@CxImage@@QAEXXZ
?AlphaFlip@CxImage@@QAE_NXZ
?AlphaGet@CxImage@@QAEEJJ@Z
?AlphaGetMax@CxImage@@QBEEXZ
?AlphaGetPointer@CxImage@@QAEPAEJJ@Z
?AlphaInvert@CxImage@@QAEXXZ
?AlphaIsValid@CxImage@@QAE_NXZ
?AlphaMirror@CxImage@@QAE_NXZ
?AlphaPaletteClear@CxImage@@QAEXXZ
?AlphaPaletteEnable@CxImage@@QAEX_N@Z
?AlphaPaletteIsEnabled@CxImage@@QAE_NXZ
?AlphaPaletteIsValid@CxImage@@QAE_NXZ
?AlphaPaletteSplit@CxImage@@QAE_NPAV1@@Z
?AlphaSet@CxImage@@QAEXE@Z
?AlphaSet@CxImage@@QAEXJJE@Z
?AlphaSet@CxImage@@QAE_NAAV1@@Z
?AlphaSetMax@CxImage@@QAEXE@Z
?AlphaSplit@CxImage@@QAE_NPAV1@@Z
?AlphaStrip@CxImage@@QAEXXZ
?AnalyseResponseData@CTXHttpDownload@@AAEHAAH@Z
?AnalyseResponseHead@CTXHttpDownload@@AAEHXZ
?AnsiToUnicode@Convert@Util@@YA_NAAVCTXStringW@@PBDH@Z
?Append@CTXBSTR@@QAEJABV1@@Z
?Append@CTXBSTR@@QAEJD@Z
?Append@CTXBSTR@@QAEJPB_W@Z
?Append@CTXBSTR@@QAEJPB_WH@Z
?Append@CTXBSTR@@QAEJ_W@Z
?Append@CTXStringA@@QAEXABV1@@Z
?Append@CTXStringA@@QAEXPBD@Z
?Append@CTXStringA@@QAEXPBDH@Z
?Append@CTXStringW@@QAEXABV1@@Z
?Append@CTXStringW@@QAEXPB_W@Z
?Append@CTXStringW@@QAEXPB_WH@Z
?AppendBSTR@CTXBSTR@@QAEJPA_W@Z
?AppendBSTR@CTXStringW@@QAEXPA_W@Z
?AppendBytes@CTXBSTR@@QAEJPBDH@Z
?AppendChar@CTXStringA@@QAEXD@Z
?AppendChar@CTXStringW@@QAEX_W@Z
?AppendFormat@CTXStringW@@QAAXPB_WZZ
?ApplyProxyInfoToHttp@Network@Util@@YAXXZ
?ApplySettings@CTXTCPDataSender@@IAEXPAUITXData@@PAUtagTXTCPPacket@@@Z
?ApplySettings@CTXUDPDataSender@@IAEXPAUITXData@@PAUtagTXUDPPacket@@@Z
?ApproachMem@TXLog@@YAXK@Z
?ArrayToBSTR@CTXBSTR@@QAEJPBUtagSAFEARRAY@@@Z
?AssignBSTR@CTXBSTR@@QAEJQA_W@Z
?Attach@CTXBSTR@@QAEXPA_W@Z
?Attribute@TiXmlElement@@QBEPBDPBD@Z
?Attribute@TiXmlElement@@QBEPBDPBDPAH@Z
?Attribute@TiXmlElement@@QBEPBDPBDPAN@Z
?BIG5ToUnicode@Convert@Util@@YA_NAAVCTXStringW@@PBDH@Z
?BSTRToArray@CTXBSTR@@QAEJPAPAUtagSAFEARRAY@@@Z
?Base64Encode@Encode@Util@@YA?AVCTXStringW@@ABVCTXBuffer@@H@Z
?Bitfield2RGB@CxImage@@IAEXPAEGGGE@Z
?Blank@TiXmlText@@IBE_NXZ
?BlendPalette@CxImage@@QAEXKJ@Z
?BlendPixelColor@CxImage@@QAEXJJUtagRGBQUAD@@M_N@Z
?BlindAlphaGet@CxImage@@IAEEJJ@Z
?BlindGetPixelColor@CxImage@@IAE?AUtagRGBQUAD@@JJ@Z
?BlindGetPixelIndex@CxImage@@IAEEJJ@Z
?BlindGetPixelPointer@CxImage@@IAEPAXJJ@Z
?BrokenCodec@CCmdCodecBase@@IAEXPB_W@Z
?BuildRqHead@CTXHttpDownload@@AAEHAAVCTXStringA@@@Z
?ByteLength@CTXBSTR@@QBEIXZ
?CDATA@TiXmlText@@QBE_NXZ
?CPConvert@Encoding@XmlText@@YAHHPBD@Z
?CRC32@Encode@Util@@YAKKPBEH@Z
?CancelDownload@CTXHttpDownload@@QAEXXZ
?CancelResolve@HostResolve@Util@@YAJK@Z
?CancelUpload@CTXHttpUpload@@QAEXXZ
?CancelUpload@CTXHttpUploadBuffer@@QAEXXZ
?CancelUpload@CTXHttpUploadStandard@@QAEXXZ
?Center@CxRect2@@QBE?AVCxPoint2@@XZ
?ChangeConfig@CCmdCodecBase@@IAEXHH@Z
?ChangeConfig@CTXTLVCodecBase@@IAEX_N@Z
?CheckBufEndChar@CTXCommPack@@QAEHE@Z
?CheckBuffer@CTXCommPack@@IAEHI@Z
?CheckModuleChange@TXLog@@YAXXZ
?CheckOutOverflow@CTXCommPack@@IAEHI@Z
?CheckRunMode@CTXCommPack@@IAEHW4RunMode@1@@Z
?CheckUinValid@Extend@Util@@YAHPA_W@Z
?CheckVistaAndStartSelfMediumLevel@Sys@Util@@YAHXZ
?CircleTransform@CxImage@@QAE_NHJM@Z
?Clear@CxImage@@QAEXE@Z
?Clear@CxImageGIF@@IAEXEAAUtag_image@1@@Z
?Clear@TiXmlNode@@QAEXXZ
?ClearError@TiXmlDocument@@QAEXXZ
?ClearRequestHeader@CTXHttpDownload@@QAEXXZ
?ClearThis@TiXmlElement@@IAEXXZ
?Clone@TiXmlComment@@UBEPAVTiXmlNode@@XZ
?Clone@TiXmlDeclaration@@UBEPAVTiXmlNode@@XZ
?Clone@TiXmlDocument@@MBEPAVTiXmlNode@@XZ
?Clone@TiXmlElement@@UBEPAVTiXmlNode@@XZ
?Clone@TiXmlText@@MBEPAVTiXmlNode@@XZ
?Clone@TiXmlUnknown@@UBEPAVTiXmlNode@@XZ
?Close@CxMemFile@@UAE_NXZ
?CloseReuseTCP@CTXHttpDownload@@QAEXXZ
?ClrBit@BitManip@Util@@YAXKAAKH@Z
?ClrBit@BitManip@Util@@YAXKAAVCTXBuffer@@H@Z
?ClrBit@BitManip@Util@@YAXKAA_JH@Z
?CodeAddBuffer@CTXTLVCodecBase@@IAEXEPAUITXBuffer@@@Z
?CodeArrayBuffer@CCmdCodecBase@@IAEXXZ
?CodeArrayBufferLenHead@CCmdCodecBase@@IAEXW4CMDFIELDTYPE@@@Z
?CodeArrayLenHead@CCmdCodecBase@@IAEXPB_WW4CMDFIELDTYPE@@H@Z
?CodeArrayNumber@CCmdCodecBase@@IAEXW4TX_DATA_TYPE@@@Z
?CodeArrayString@CCmdCodecBase@@IAEXI@Z
?CodeArrayStringEndChar@CCmdCodecBase@@IAEXD@Z
?CodeArrayStringLenHead@CCmdCodecBase@@IAEXW4CMDFIELDTYPE@@@Z
?CodeArrayTXDataBuffer@CCmdCodecBase@@IAEXPB_W@Z
?CodeArrayTXDataBufferLenHead@CCmdCodecBase@@IAEXPB_WW4CMDFIELDTYPE@@@Z
?CodeArrayTXDataNumber@CCmdCodecBase@@IAEXPB_WW4TX_DATA_TYPE@@@Z
?CodeArrayTXDataString@CCmdCodecBase@@IAEXPB_WI@Z
?CodeArrayTXDataStringEndChar@CCmdCodecBase@@IAEXPB_WD@Z
?CodeArrayTXDataStringLenHead@CCmdCodecBase@@IAEXPB_WW4CMDFIELDTYPE@@@Z
?CodeArrayToEnd@CCmdCodecBase@@IAEXPB_WH@Z
?CodeBuffer@CCmdCodecBase@@IAEXPB_W@Z
?CodeBuffer@CTXTLVCodecBase@@IAEXEPB_WK@Z
?CodeBufferEndChar@CCmdCodecBase@@IAEXPB_WD@Z
?CodeBufferLenHead@CCmdCodecBase@@IAEXPB_WW4CMDFIELDTYPE@@@Z
?CodeByte@CTXTLVCodecBase@@IAEXEPB_W@Z
?CodeByteEx@CTXTLVCodecBase@@IAEXEPB_WE_N1@Z
?CodeChar@CTXTLVCodecBase@@IAEXEPB_W@Z
?CodeCharEx@CTXTLVCodecBase@@IAEXEPB_WD_N1@Z
?CodeDWord@CTXTLVCodecBase@@IAEXEPB_W@Z
?CodeDWordEx@CTXTLVCodecBase@@IAEXEPB_WK_N1@Z
?CodeEndArray@CCmdCodecBase@@IAEXXZ
?CodeInt@CTXTLVCodecBase@@IAEXEPB_W@Z
?CodeIntEx@CTXTLVCodecBase@@IAEXEPB_WH_N1@Z
?CodeNumber@CCmdCodecBase@@IAEXPB_WW4TX_DATA_TYPE@@@Z
?CodeShort@CTXTLVCodecBase@@IAEXEPB_W@Z
?CodeShortEx@CTXTLVCodecBase@@IAEXEPB_WF_N1@Z
?CodeString@CCmdCodecBase@@IAEXPB_WI@Z
?CodeStringEndChar@CCmdCodecBase@@IAEXPB_WD@Z
?CodeStringLenHead@CCmdCodecBase@@IAEXPB_WW4CMDFIELDTYPE@@@Z
?CodeTXData@CCmdCodecBase@@UAGJPAUITXData@@PAPAUITXBuffer@@@Z
?CodeWord@CTXTLVCodecBase@@IAEXEPB_W@Z
?CodeWordEx@CTXTLVCodecBase@@IAEXEPB_WG_N1@Z
?CodecTLV@CTXTLVCodecBase@@UAGJKPAUITXData@@PAPAUITXBuffer@@@Z
?Collate@CTXStringW@@QBEHPB_W@Z
?CollateNoCase@CTXStringW@@QBEHPB_W@Z
?Colorize@CxImage@@QAE_NEEM@Z
?Colorize@CxImage@@QAE_NNNN@Z
?Combine@CxImage@@QAE_NPAV1@000J@Z
?CombinePath@FS@Util@@YA?AVCTXStringW@@ABV3@0@Z
?CombineQNC@FS@@YA?AVCTXStringW@@PB_W0@Z
?CommitChange@FS@@YAHPB_W@Z
?Compare@CTXStringA@@QBEHPBD@Z
?Compare@CTXStringW@@QBEHPB_W@Z
?CompareColors@CxImage@@KAHPBX0@Z
?CompareNoCase@CTXStringA@@QBEHPBD@Z
?CompareNoCase@CTXStringW@@QBEHPB_W@Z
?ConnectToServer@CTXHttpDownload@@AAEHXZ
?Contour@CxImage@@QAE_NXZ
?ConventAnsiBufferToBSTR@SSOConvert@Util@@YAHAAVCTXBuffer@@AAVCTXBSTR@@H@Z
?ConvertAnyFormat@CxExifInfo@CxImageJPG@@IAENPAXH@Z
?ConvertTXArraySpecialLabel@Convert@Util@@YAHPAUITXArray@@PA_W@Z
?ConvertTXArrayStringBundle@Convert@Util@@YAHPAUITXArray@@@Z
?ConvertTXBufferToTXSSOBuffer@SSOConvert@Util@@YAJPAUITXBuffer@@PAPAUITXSSOBuffer@@@Z
?ConvertTXDataSpecialLabel@Convert@Util@@YAHPAUITXData@@PA_W@Z

Sections

.text
Size: 952KB - Virtual size: 949KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 420KB - Virtual size: 417KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TXSSO/SSOLUIControl.dll
.dll regsvr32 windows:4 windows x86 arch:x86

0e880a85ae4dad9b2b74a3dfa55a3dfb

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17-01-2013 00:00

Not After

16-02-2016 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8f:03:f6:30:5d:1e:69:0e:0f:b5:e7:5c:24:19:d2:26:5f:b2:68:e7
Signer

Actual PE Digest

8f:03:f6:30:5d:1e:69:0e:0f:b5:e7:5c:24:19:d2:26:5f:b2:68:e7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Code\ssosmp_pr\trunk\SmpSSOProj\SSOPlatform\TXSSO\Output\bin\SSOLUIControl.pdb

Imports

ssocommon

?Mid@CTXStringW@@QBE?AV1@H@Z
?StringToIntW@Convert@Util@@YA_NPB_WAAH@Z
?Mid@CTXStringW@@QBE?AV1@HH@Z
?Empty@CTXStringW@@QAEXXZ
?OpenUrlWithDefault@UrlBase@Util@@YAXABVCTXStringW@@@Z
??0CTXBSTR@@QAE@ABVCTXStringW@@@Z
?IsEmpty@CTXStringW@@QBE_NXZ
?Delete@CTXStringW@@QAEHHH@Z
?Utf8ToWS@Convert@Util@@YA?AVCTXStringW@@PBDH@Z
??4CTXBSTR@@QAEAAV0@ABVCTXStringW@@@Z
?AddBufLenByte@CTXCommPack@@QAEHABVCTXBuffer@@@Z
??YCTXStringW@@QAEAAV0@ABV0@@Z
?AddBufLenWord@CTXCommPack@@QAEHABVCTXBuffer@@H@Z
?SetAsyncCallback@TXTimer@@YAHPAUITXAsyncCallback@@I@Z
?EraseAsyncCallback@TXTimer@@YAHPAUITXAsyncCallback@@I@Z
??0CTXStringW@@QAE@ABVCTXBSTR@@@Z
?SetInterval@TXTimer@@YAHIPAUITXTimerCallback@@I@Z
?Format@CTXStringW@@QAAXPB_WZZ
??H@YA?AVCTXStringW@@ABV0@0@Z
?RecordTransEnd@Perf@Util@@YAJ_JPB_WHH11H@Z
?RecordTransBegin@Perf@Util@@YA_JPB_WHH00@Z
??H@YA?AVCTXStringW@@PB_WABV0@@Z
??H@YA?AVCTXStringW@@ABV0@PB_W@Z
?SBCToDBC@Convert@Util@@YA_NAAVCTXStringW@@@Z
??0CTXStringA@@QAE@UtagUTF8@@PB_WH@Z
?AddStrALenByte@CTXCommPack@@QAEHABVCTXStringA@@@Z
??1CTXStringA@@QAE@XZ
?GetBufferOut@CTXCommPack@@QAEHAAVCTXBuffer@@@Z
?Find@CTXStringW@@QBEH_WH@Z
??8@YA_NABVCTXStringW@@PB_W@Z
??8CTXBSTR@@QBE_NPB_W@Z
?Length@CTXBSTR@@QBEIXZ
?Right@CTXStringW@@QBE?AV1@H@Z
?EraseTimerCallback@TXTimer@@YAHPAUITXTimerCallback@@I@Z
?Detach@CTXBSTR@@QAEPA_WXZ
?GetBuffer@CTXStringW@@QAEPA_WH@Z
?ReleaseBuffer@CTXStringW@@QAEXH@Z
?GetLCID@TXI18N@@YAKXZ
??0CTXStringW@@QAE@PA_W@Z
??0CTXStringW@@QAE@ABV0@@Z
?Find@CTXStringW@@QBEHPB_WH@Z
??ACTXStringW@@QBE_WH@Z
?Left@CTXStringW@@QBE?AV1@H@Z
??4CTXStringW@@QAEAAV0@ABV0@@Z
?ReverseFind@CTXStringW@@QBEH_W@Z
??0CTXBSTR@@QAE@ABV0@@Z
??4CTXBSTR@@QAEAAV0@PB_W@Z
??4CTXStringW@@QAEAAV0@PB_W@Z
??4CTXStringW@@QAEAAV0@ABVCTXBSTR@@@Z
?GetBSTRPtr@CTXStringW@@QAEPAPA_WXZ
?SetBufferIn@CTXCommPack@@QAEXPBEIH@Z
?ConvertTXSSOBufferToTXBuffer@SSOConvert@Util@@YAJPAUITXSSOBuffer@@PAPAUITXBuffer@@@Z
?ConvertTXSSODataToTXData@SSOConvert@Util@@YAJPAUITXSSOData@@PAPAUITXData@@@Z
?StringToDWordW@Convert@Util@@YA_NPB_WAAK@Z
??0CTXBSTR@@QAE@XZ
?IsEmpty@CTXBSTR@@QAEHXZ
?CreateTXData@Data@Util@@YAHPAPAUITXData@@@Z
??ICTXBSTR@@QAEPAPA_WXZ
?GetBuf@CTXCommPack@@QAEHPAEHH@Z
?GetWord@CTXCommPack@@QAEHAAGHH@Z
??0CTXStringW@@QAE@XZ
?GetString@CTXCommPack@@QAEHAAVCTXStringW@@HHH@Z
?GetDWord@CTXCommPack@@QAEHAAKHH@Z
?GetByte@CTXCommPack@@QAEHAAEH@Z
??1CTXBSTR@@QAE@XZ
?TXLog_DoTXLogVW@@YAXPAUtagLogObj@@PB_W1PAD@Z
??0CTXBSTR@@QAE@PB_W@Z
?GetBSTR@CTXStringW@@QBEPA_WXZ
??BCTXBSTR@@QBEPA_WXZ
??1CTXCommPack@@UAE@XZ
??0CTXCommPack@@QAE@XZ
??0CTXStringW@@QAE@PB_W@Z
??YCTXStringW@@QAEAAV0@PB_W@Z
??BCTXStringW@@QBEPB_WXZ
?LoadStringW@TXStringBundle@@YAPB_WPB_W@Z
??1CTXStringW@@QAE@XZ
?CreateTXBuffer@Data@Util@@YAHPAPAUITXBuffer@@@Z
??0CxImage@@QAE@K@Z
??1CxImage@@UAE@XZ
?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@PAK_N@Z
??0CxMemFile@@QAE@KPAE@Z
?LoadGif@CxImageHelper@@YAPAVCxImage@@PAVCxFile@@AAH@Z
?GetWidth@CxImage@@QBEKXZ
?Load@CxImage@@QAE_NPAVCxFile@@K@Z
?GetHeight@CxImage@@QBEKXZ
??1CxMemFile@@UAE@XZ
??M@YA_NABVCTXStringW@@0@Z
?LoadXmlByName@FS@Util@@YAHPB_WPAPAUIXMLDOMDocument@@@Z
?GetLocalePath@TXI18N@@YA?AVCTXStringW@@PB_W@Z
?GetAt@CTXStringW@@QBE_WH@Z
?Replace@CTXStringW@@QAEHPB_W0@Z
?MakeUpper@CTXStringW@@QAEAAV1@XZ
?Trim@CTXStringW@@QAEAAV1@XZ
?GetLength@CTXStringW@@QBEHXZ

kernel32

SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
GetStringTypeW
GetStringTypeA
WriteConsoleA
WriteConsoleW
GetConsoleOutputCP
GetVersionExA
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedExchange
GetACP
GetLocaleInfoA
HeapDestroy
HeapReAlloc
HeapSize
RtlUnwind
GetSystemTimeAsFileTime
VirtualProtect
GetModuleHandleA
GetSystemInfo
VirtualQuery
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
CloseHandle
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FlushFileBuffers
TlsGetValue
TlsAlloc
LockResource
LoadResource
SizeofResource
FindResourceW
lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
lstrcmpiW
GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
FreeLibrary
MultiByteToWideChar
LoadLibraryExW
GetModuleHandleW
SetThreadLocale
GetThreadLocale
GetWindowsDirectoryW
GetSystemDirectoryW
GetProcAddress
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
FlushInstructionCache
GetCurrentProcess
lstrlenA
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
WideCharToMultiByte
SetLastError
lstrcpynW
SetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetCPInfo
GetTimeZoneInformation
Sleep
GetModuleFileNameA
ExitProcess
HeapCreate
TlsFree
TlsSetValue

user32

EnableWindow
IsDialogMessageW
GetDesktopWindow
DialogBoxParamW
DrawTextW
GetWindow
MapWindowPoints
EndDialog
GetSystemMetrics
GetCapture
ReleaseCapture
SystemParametersInfoW
SetCursor
GetSysColor
InflateRect
SetScrollInfo
GetScrollInfo
ShowScrollBar
GetScrollPos
SetCapture
IsWindowVisible
PostMessageW
ScreenToClient
SendMessageW
GetWindowRect
MoveWindow
CreateDialogParamW
FillRect
GetSysColorBrush
GetDlgItem
SetWindowTextW
GetWindowTextLengthW
GetWindowTextW
CreateWindowExW
RegisterClassExW
IsWindow
GetParent
GetFocus
IsChild
SetFocus
GetDC
ReleaseDC
LoadCursorW
GetClassInfoExW
ShowWindow
UnionRect
PtInRect
GetClientRect
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
SetWindowPos
DestroyWindow
CharNextW
CallWindowProcW
GetWindowLongW
SetWindowLongW
DefWindowProcW
KillTimer
SetTimer
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
GetKeyState
UnregisterClassA

gdi32

CloseMetaFile
RestoreDC
SetWindowExtEx
DeleteMetaFile
SaveDC
CreateMetaFileW
CreateDCW
GetDeviceCaps
GetClipRgn
CreateRectRgn
SelectClipRgn
Rectangle
SetTextAlign
TextOutW
SetWindowOrgEx
DPtoLP
GetTextExtentExPointW
GetObjectW
CreateRectRgnIndirect
CreateFontIndirectW
CreateSolidBrush
SetBkColor
GetStockObject
SetTextColor
SetBkMode
SelectObject
DeleteObject
LPtoDP
SetMapMode
SetViewportOrgEx
DeleteDC

advapi32

RegDeleteKeyW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW

ole32

ReadClassStm
OleSaveToStream
WriteClassStm
CreateDataAdviseHolder
OleRegGetMiscStatus
OleRegGetUserType
CreateOleAdviseHolder
CoLoadLibrary
CoCreateInstance
StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
OleRegEnumVerbs

oleaut32

VariantClear
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen
VariantInit
SysAllocStringByteLen
SysStringByteLen
VariantChangeType
OleCreatePropertyFrame
LoadRegTypeLi

wininet

InternetCrackUrlA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 236KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TXSSO/SSOPlatform.dll
.dll regsvr32 windows:4 windows x86 arch:x86

cc9c9c5af85a4ba0d7df387fc3459771

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17-01-2013 00:00

Not After

16-02-2016 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

df:75:ef:ef:83:e0:09:31:e5:41:04:ec:c8:e7:53:a1:6b:d9:ea:be
Signer

Actual PE Digest

df:75:ef:ef:83:e0:09:31:e5:41:04:ec:c8:e7:53:a1:6b:d9:ea:be

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Code\ssosmp_pr\trunk\SmpSSOProj\SSOPlatform\TXSSO\Output\Bin\SSOPlatform.pdb

Imports

ws2_32

inet_addr

ssocommon

?GetGuid3ForAllMacs@CComputerIDGenerator@@SAHPAPAUITXArray@@@Z
?GetMacGuid@CComputerIDGenerator@@SAHPAEAAVCTXStringW@@@Z
?GenerateEx@CComputerIDGenerator@@QAEHPAE@Z
?Insert@CTXStringW@@QAEHHPB_W@Z
?Tokenize@CTXStringW@@QBE?AV1@PB_WAAH@Z
?LoadXmlByContent@FS@Util@@YAHPA_WPAPAUIXMLDOMDocument@@@Z
?FirstChild@TiXmlNode@@QAEPAV1@PBD@Z
?NextSibling@TiXmlNode@@QAEPAV1@PBD@Z
?AppendChar@CTXStringW@@QAEX_W@Z
??8@YA_NABVCTXStringW@@PB_W@Z
?GetText@TiXmlElement@@QBEPBDXZ
?Append@CTXStringW@@QAEXABV1@@Z
?Trim@CTXStringW@@QAEAAV1@PB_W@Z
?CompareNoCase@CTXStringW@@QBEHPB_W@Z
??0TiXmlDocument@@QAE@XZ
??8@YA_NPA_WABVCTXBSTR@@@Z
?GetDiskInfo@CComputerIDGenerator@@SAHAAVCTXStringW@@@Z
??1TiXmlDocument@@UAE@XZ
?Parse@TiXmlDocument@@UAEPBDPBDPAVTiXmlParsingData@@W4TiXmlEncoding@@@Z
?GetCPUBrand@CComputerIDGenerator@@SA?AVCTXStringA@@XZ
?GetBindIPFromTargetIP@Network@Util@@YAKKPAK@Z
?ErrorDesc@TiXmlDocument@@QBEPBDXZ
?FirstChildElement@TiXmlNode@@QAEPAVTiXmlElement@@PBD@Z
?Attribute@TiXmlElement@@QBEPBDPBD@Z
??BCTXBSTR@@QBEPA_WXZ
??0CTXBSTR@@QAE@ABU_GUID@@@Z
??1CTXBSTR@@QAE@XZ
?Utf8ToWS@Convert@Util@@YA?AVCTXStringW@@PBDH@Z
?GetString@CTXStringA@@QBEPBDXZ
?GetLength@CTXStringA@@QBEHXZ
??0CTXStringA@@QAE@UtagGBK@@PB_WH@Z
??0CTXBSTR@@QAE@HPB_W@Z
??ACTXStringW@@QBE_WH@Z
?TrimRight@CTXStringW@@QAEAAV1@XZ
?Preallocate@CTXStringW@@QAEXH@Z
??YCTXStringW@@QAEAAV0@_W@Z
?GetAt@CTXStringW@@QBE_WH@Z
?Detach@CTXBSTR@@QAEPA_WXZ
?Attach@CTXBSTR@@QAEXPA_W@Z
?IsFileExist@FS@@YAHPB_W@Z
?GetBinDir@Dir@Util@@YA?AVCTXStringW@@XZ
?GetParentDir@FS@Util@@YA?AVCTXStringW@@V3@@Z
?LoadXmlByName@FS@Util@@YAHPB_WPAPAUIXMLDOMDocument@@@Z
?CreateTXArray@Data@Util@@YAHPAPAUITXArray@@@Z
?CancelResolve@HostResolve@Util@@YAJK@Z
?Resolve@HostResolve@Util@@YAJPA_WPAUITXHostResolverSink@@PAK@Z
?GetHostByName@HostResolve@Util@@YAJPA_WPAPA_W@Z
?Run@CTXHttpDownload@@EAEIXZ
?Decode16@Encode@Util@@YAHABVCTXStringW@@AAVCTXBuffer@@@Z
?QueryInfo@CTXHttpDownload@@QAEHABVCTXStringW@@AAV2@H@Z
?GetDownloadedBuffer@CTXHttpDownload@@QAEHPAPAEPAK@Z
?OnConnecting@CTXHttpDownloadSink@@UAEXPAVCTXHttpDownload@@PB_W@Z
??1CTXHttpDownload@@UAE@XZ
?OnConnected@CTXHttpDownloadSink@@UAEXPAVCTXHttpDownload@@@Z
?OnDownloadStart@CTXHttpDownloadSink@@UAEXPAVCTXHttpDownload@@KK@Z
?DownloadToBuffer@CTXHttpDownload@@QAEHPB_WPAU_SYSTEMTIME@@@Z
?SetUIInterface@CTXHttpDownload@@QAEXPAVCTXHttpDownloadSink@@@Z
?OnProgress@CTXHttpDownloadSink@@UAEXPAVCTXHttpDownload@@KK@Z
?OnRedirected@CTXHttpDownloadSink@@UAEXPAVCTXHttpDownload@@PB_W@Z
??0CTXHttpDownload@@QAE@XZ
?GetBSTRPtr@CTXStringW@@QAEPAPA_WXZ
?OnError@CTXHttpDownloadSink@@UAEXPAVCTXHttpDownload@@K@Z
?GetTXDataBuf@Data@Util@@YAHPAUITXDataRead@@PB_WAAVCTXBuffer@@@Z
??0CTXStringW@@QAE@PB_WH@Z
?CancelDownload@CTXHttpDownload@@QAEXXZ
??1CTXHttpDownloadSink@@UAE@XZ
?TrimLeft@CTXStringW@@QAEAAV1@XZ
?EraseAsyncCallback@TXTimer@@YAHPAUITXAsyncCallback@@I@Z
?CreateFileW@FS@@YAHPB_WKPAPAUITXFile@@@Z
?Replace@CTXStringW@@QAEHPB_W0@Z
??YCTXStringW@@QAEAAV0@ABV0@@Z
wcslcat
?GenerateG1@CComputerIDGenerator@@QAEKPAE@Z
?Mid@CTXStringW@@QBE?AV1@H@Z
?Find@CTXStringW@@QBEH_WH@Z
??BCTXStringA@@QBEPBDXZ
??0CTXStringW@@QAE@UtagUTF8@@PBDH@Z
??0CTXStringA@@QAE@PBDH@Z
?GetBSTR@CTXStringW@@QBEPA_WXZ
?GetDecodeNumberSigned@CCmdCodecBase@@IAEHPB_W@Z
?SetTimeout@TXTimer@@YAHIPAUITXTimerCallback@@I@Z
?StringToIP@Network@Util@@YAKPB_W@Z
?AddUInt64@CTXCommPack@@QAEH_KH@Z
?AddPack@CTXCommPack@@QAEHABV1@@Z
?Generate@CComputerIDGenerator@@QAEKPAE@Z
?Random@Sys@Util@@YAHXZ
??1CTXStringA@@QAE@XZ
?GetByte@CTXCommPack@@QAEHAAEH@Z
?IPToString@Network@Util@@YA?AVCTXStringW@@K@Z
?Encode16@Encode@Util@@YA?AVCTXStringW@@ABVCTXBuffer@@@Z
??4CTXStringW@@QAEAAV0@PB_W@Z
??1CCmdCodecBase@@UAE@XZ
?AddBuf@CTXCommPack@@QAEHPBEI@Z
??0CCmdCodecBase@@QAE@XZ
?DecodeBuffer@CCmdCodecBase@@UAGJPAUITXBuffer@@PAPAUITXData@@PAU3@@Z
?GetDWord@CTXCommPack@@QAEHAAKHH@Z
?CodeTXData@CCmdCodecBase@@UAGJPAUITXData@@PAPAUITXBuffer@@@Z
?AddByte@CTXCommPack@@QAEHE@Z
?AddDWord@CTXCommPack@@QAEHKH@Z
?GetIEProxySetting@Network@Util@@YAHPAUITXData@@AAE@Z
?GetLCID@TXI18N@@YAKXZ
??4CTXStringW@@QAEAAV0@PA_W@Z
??0CTXStringW@@QAE@XZ
??1CTXStringW@@QAE@XZ
?Find@CTXStringW@@QBEHPB_WH@Z
?GetLength@CTXStringW@@QBEHXZ
??4CTXStringW@@QAEAAV0@ABV0@@Z
??0CTXStringW@@QAE@PA_W@Z
?GetProcessName@SystemHelp@Util@@YA?AVCTXStringW@@K@Z
?CreateTXData@SSOData@Util@@YAHPAPAUITXSSOData@@@Z
?TXLog_DoTXLogVW@@YAXPAUtagLogObj@@PB_W1PAD@Z
??0CTXBSTR@@QAE@PB_W@Z
??BCTXStringW@@QBEPB_WXZ
?Release@CCmdCodecBase@@MAGKXZ
?GetWord@CTXCommPack@@QAEHAAGHH@Z
?AddRef@CCmdCodecBase@@MAGKXZ
?GetTimeOffsetUTC@NLS@@YAJXZ
?JumpBuf@CTXCommPack@@QAEHH@Z
?QueryInterface@CCmdCodecBase@@MAGJABU_GUID@@PAPAX@Z
?GetLCID@NLS@@YAKXZ
?GetBufferOut@CTXCommPack@@QAEHAAVCTXBuffer@@@Z
?GetBufferByteLeft@CTXCommPack@@QBEHXZ
?AddBufLenWord@CTXCommPack@@QAEHABVCTXBuffer@@H@Z
?AddWord@CTXCommPack@@QAEHGH@Z
??1CTXCommPack@@UAE@XZ
?GetBuf@CTXCommPack@@QAEHPAPBEHH@Z
??0CTXCommPack@@QAE@XZ
?Left@CTXStringW@@QBE?AV1@H@Z
?AddStrALenWord@CTXCommPack@@QAEHABVCTXStringA@@H@Z
?ReleaseBuffer@CTXStringW@@QAEXH@Z
?CRC32@Encode@Util@@YAKKPBEH@Z
??0CTXStringA@@QAE@UtagUTF8@@PB_WH@Z
?GetBuffer@CTXStringW@@QAEPA_WH@Z
??0CTXHttpDownloadSink@@IAE@XZ
?GetIEProxyUserName@Network@Util@@YAHAAVCTXStringW@@0@Z
?Format@CTXStringW@@QAAXPB_WZZ
??0CTXBSTR@@QAE@ABV0@@Z
??0CTXStringW@@QAE@ABV0@@Z
?CreateTXBuffer@SSOData@Util@@YAHPAPAUITXSSOBuffer@@@Z
?CreateTXArray@SSOData@Util@@YAHPAPAUITXSSOArray@@@Z
??ICTXBSTR@@QAEPAPA_WXZ
?GetString@CTXStringW@@QBEPB_WXZ
?AppendFormat@CTXStringW@@QAAXPB_WZZ
??0CTXStringW@@QAE@ABVCTXBSTR@@@Z
??0CTXBSTR@@QAE@XZ
?StringToDWordW@Convert@Util@@YA_NPB_WAAK@Z
?Right@CTXStringW@@QBE?AV1@H@Z
?GetPlatformCore@Core@Util@@YAHPAPAUITXCore@@@Z
?CreateChannel@Connection@Util@@YAJHPAPAUITXChannel@@@Z
?Encode16@Encode@Util@@YA?AVCTXStringW@@PBXI@Z
?IsCSSubSendData@Misc@Util@@YAHPAUITXData@@@Z
?GetClientType@ClientType@ProductConfig@Util@@YAJPAK@Z
?GetUInt64@CTXCommPack@@QAEHAA_KHH@Z
?GetHttpAuthType@NetworkEnv@Util@@YAJPAJ@Z
??H@YA?AVCTXStringW@@PB_WABV0@@Z
?GetBuffer@CTXStringA@@QAEPADH@Z
?CopyTXDataField@SSOData@Util@@YAHPAUITXSSODataRead@@PAUITXSSOData@@PB_W2@Z
?EraseTimerCallback@TXTimer@@YAHPAUITXTimerCallback@@I@Z
??8CTXBSTR@@QBE_NPA_W@Z
??0CTXBSTR@@QAE@ABVCTXStringW@@@Z
?Length@CTXBSTR@@QBEIXZ
?SetInterval@TXTimer@@YAHIPAUITXTimerCallback@@I@Z
?GetRootDir@Dir@Util@@YA?AVCTXStringW@@XZ
??4CTXStringW@@QAEAAV0@ABVCTXBSTR@@@Z
?SetConfigFile@TXI18N@@YAHPB_W0@Z
??0CTXStringW@@QAE@PB_W@Z
?OnExitCoreCenter@Misc@Util@@YAXXZ
?AddBuf@CTXCommPack@@QAEHABVCTXBuffer@@@Z
?CodeStringLenHead@CCmdCodecBase@@IAEXPB_WW4CMDFIELDTYPE@@@Z
?BrokenCodec@CCmdCodecBase@@IAEXPB_W@Z
?SetBufferIn@CTXCommPack@@QAEXAAVCTXBuffer@@H@Z
?DecodeString@CCmdCodecBase@@IAEXPB_WI@Z
?DecodeStringLenHead@CCmdCodecBase@@IAEXPB_WW4CMDFIELDTYPE@@@Z
?GetDecodeNumberUnsigned@CCmdCodecBase@@IAEKPB_W@Z
?DecodeBufferLenHead@CCmdCodecBase@@IAEXPB_WW4CMDFIELDTYPE@@@Z
?DecodeBuffer@CCmdCodecBase@@IAEXPB_WI@Z
?DecodeNumber@CCmdCodecBase@@IAEXPB_WW4TX_DATA_TYPE@@@Z
?EnableUnicodeString@CCmdCodecBase@@IAEXH@Z
?CodeBufferLenHead@CCmdCodecBase@@IAEXPB_WW4CMDFIELDTYPE@@@Z
?CodeBuffer@CCmdCodecBase@@IAEXPB_W@Z
?CodeNumber@CCmdCodecBase@@IAEXPB_WW4TX_DATA_TYPE@@@Z
?CreateTXData@Data@Util@@YAHPAPAUITXData@@@Z
?SetAsyncCallback@TXTimer@@YAHPAUITXAsyncCallback@@I@Z
??M@YA_NABVCTXStringW@@0@Z
??4CTXBSTR@@QAEAAV0@ABVCTXStringW@@@Z
?Trim@CTXStringW@@QAEAAV1@XZ
??4CTXBSTR@@QAEAAV0@PB_W@Z
??8CTXBSTR@@QBE_NABV0@@Z
?LoadStringW@TXStringBundle@@YAPB_WPB_W@Z
??YCTXStringW@@QAEAAV0@PB_W@Z
?Empty@CTXBSTR@@QAEXXZ
?IsEmpty@CTXStringW@@QBE_NXZ
?ConvertTXSSOBufferToTXBuffer@SSOConvert@Util@@YAJPAUITXSSOBuffer@@PAPAUITXBuffer@@@Z
?DoFormat@CFmtString@@QAEPB_WPB_W@Z
?CopyTXDataField@Data@Util@@YAHPAUITXDataRead@@PAUITXData@@PB_W2@Z
?PropertyStr@CFmtString@@QAEHPB_W0@Z
?ConvertTXSSODataToTXData@SSOConvert@Util@@YAJPAUITXSSOData@@PAPAUITXData@@@Z
??4CTXBSTR@@QAEAAV0@ABV0@@Z
??1CFmtString@@QAE@XZ
?CreateTXBuffer@Data@Util@@YAHPAPAUITXBuffer@@@Z
??0CFmtString@@QAE@XZ
?Empty@CTXStringW@@QAEXXZ
??H@YA?AVCTXStringW@@ABV0@PB_W@Z
?IsEmpty@CTXBSTR@@QAEHXZ
?SetUserLCID@TXI18N@@YAXK@Z
?NotifyIdle@TXTimer@@YAXXZ
?GetUserDefaultLCID@NLS@@YAKXZ
?SetLCID@NLS@@YAHK@Z
?ConvertTXDataToTXSSOData@SSOConvert@Util@@YAJPAUITXData@@PAPAUITXSSOData@@@Z
?InitNetwork@Network@Util@@YAHXZ
?InitDownloadTempDirectory@CTXHttpDownload@@SAXPB_W@Z
?GetSSOTempDir@Dir@Util@@YA?AVCTXStringW@@XZ
??H@YA?AVCTXStringW@@ABV0@0@Z
?FlushLog@TXLog@@YAXXZ
?OnExitWinMain@Misc@Util@@YAXXZ
?OnUninitCom@Misc@Util@@YAXXZ

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

iphlpapi

GetIpForwardTable
GetIpAddrTable
GetAdaptersAddresses

psapi

GetModuleBaseNameW

kernel32

GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetTimeZoneInformation
WideCharToMultiByte
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetCPInfo
GetStdHandle
WriteFile
HeapCreate
HeapDestroy
ExitProcess
HeapSize
Sleep
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
RtlUnwind
GetProcessHeap
GetCommandLineA
ExitThread
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapFree
HeapAlloc
HeapReAlloc
GetVersionExA
GetLocaleInfoA
GetACP
InterlockedExchange
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetConsoleCtrlHandler
LCMapStringA
LCMapStringW
GetLocaleInfoW
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetVersion
GlobalMemoryStatus
FlushConsoleInputBuffer
ReadConsoleInputA
GetModuleFileNameA
LocalAlloc
LoadLibraryA
GetSystemDirectoryA
GetWindowsDirectoryA
ReadFile
OpenProcess
CreateThread
GetDiskFreeSpaceExW
GetVolumeInformationW
GetSystemDirectoryW
CreateDirectoryW
GetCurrentProcess
GetCommandLineW
TerminateThread
GetProcAddress
LoadLibraryW
GlobalFree
GetComputerNameW
GlobalAlloc
GetFileAttributesW
ReleaseMutex
WaitForSingleObject
MapViewOfFile
OpenMutexW
CreateFileMappingW
CreateMutexW
GetVersionExW
VirtualProtect
VirtualFree
VirtualAlloc
GetSystemInfo
LocalFree
VirtualQuery
UnmapViewOfFile
GetTickCount
GetCurrentThreadId
QueryPerformanceCounter
GetCurrentProcessId
CloseHandle
CreateFileW
InterlockedDecrement
LeaveCriticalSection
InterlockedIncrement
LoadLibraryExW
FindResourceW
RaiseException
OutputDebugStringA
LoadResource
SizeofResource
DeleteCriticalSection
SetThreadLocale
GetThreadLocale
GetModuleHandleW
MultiByteToWideChar
GetModuleFileNameW
GetLastError
InitializeCriticalSection
lstrlenW
FreeLibrary
EnterCriticalSection
SetEndOfFile
SetConsoleMode
lstrcmpiW

user32

GetProcessWindowStation
GetClassInfoExW
RegisterClassExW
CreateWindowExW
ShowWindow
DefWindowProcW
GetWindowLongW
SetWindowLongW
DestroyWindow
MessageBoxA
GetUserObjectInformationW
UnregisterClassA
GetDesktopWindow
SendMessageW
CharNextW
IsWindow
GetWindowThreadProcessId
PostMessageW
SendMessageTimeoutW

gdi32

GetStockObject

advapi32

RegQueryValueExW
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegCloseKey
RegEnumKeyExW
RegDeleteKeyW

shell32

SHGetSpecialFolderPathW

ole32

CoTaskMemAlloc
StringFromGUID2
CoTaskMemRealloc
CoTaskMemFree
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoCreateGuid
CoCreateInstance

oleaut32

VariantInit
LoadRegTypeLi
UnRegisterTypeLi
SysStringLen
SysFreeString
RegisterTypeLi
VarUI4FromStr
LoadTypeLi
SysAllocString
VariantClear

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 972KB - Virtual size: 971KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 456KB - Virtual size: 454KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TXSSO/TXSSOSetup.exe
.exe windows:5 windows x86 arch:x86

32f3282581436269b3a75b6675fe3e08

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01-05-2012 00:00

Not After

31-12-2012 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26-01-2010 00:00

Not After

25-01-2013 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

79:70:a5:87:1e:24:e2:5c:34:5f:8d:4b:28:1d:58:be:3f:ae:d2:3c
Signer

Actual PE Digest

79:70:a5:87:1e:24:e2:5c:34:5f:8d:4b:28:1d:58:be:3f:ae:d2:3c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 516KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TXSSO/npSSOAxCtrlForPTLogin.dll
.dll regsvr32 windows:4 windows x86 arch:x86

eb3cbc6b7282f3e217a1b9217b745080

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17-01-2013 00:00

Not After

16-02-2016 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f1:ce:9b:4a:11:e8:82:87:c8:c1:8b:d1:82:18:97:09:61:78:56:d6
Signer

Actual PE Digest

f1:ce:9b:4a:11:e8:82:87:c8:c1:8b:d1:82:18:97:09:61:78:56:d6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Code\ssosmp_pr\trunk\SmpSSOProj\SSOPlatform\TXSSO\Output\bin\npSSOAxCtrlForPTLogin.pdb

Imports

gdiplus

GdipCloneBrush
GdipFillEllipseI
GdiplusShutdown
GdipDrawRectangleI
GdipSetSmoothingMode
GdipCreateFromHDC
GdipCreateSolidFill
GdipDeleteGraphics
GdipDeletePen
GdipCreatePen1
GdipDeleteBrush
GdipAlloc
GdipFree
GdiplusStartup
GdipFillRectangleI

kernel32

LeaveCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
FreeLibrary
FlushInstructionCache
GetCurrentProcess
SetLastError
LoadLibraryW
InitializeCriticalSection
DeleteCriticalSection
lstrcmpiW
InterlockedIncrement
InterlockedDecrement
LoadLibraryExW
SetThreadLocale
GetThreadLocale
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
WaitForSingleObject
ReleaseMutex
CreateMutexW
UnmapViewOfFile
CloseHandle
MapViewOfFile
OpenFileMappingW
GetStartupInfoA
GetFileType
SetHandleCount
GetStdHandle
WriteFile
IsValidCodePage
GetOEMCP
GetCPInfo
HeapCreate
EnterCriticalSection
Sleep
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCommandLineA
VirtualQuery
GetSystemInfo
GetModuleHandleA
VirtualProtect
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
RtlUnwind
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetVersionExA
GetLocaleInfoA
GetACP
InterlockedExchange
GetProcessHeap
HeapSize
HeapReAlloc
RaiseException
lstrcmpiA
lstrlenA
MultiByteToWideChar
GetLastError
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
GetModuleFileNameW
GetSystemDirectoryW
GetWindowsDirectoryW
lstrlenW
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
WideCharToMultiByte
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
SetFilePointer
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
HeapFree
HeapAlloc
HeapDestroy
CreateFileA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
ExitProcess
SetStdHandle

user32

CreateWindowExW
SetWindowLongW
GetWindowLongW
BeginPaint
EndPaint
InvalidateRect
GetClassInfoExW
LoadCursorW
DestroyWindow
CloseWindow
GetKeyState
IsWindow
UnionRect
PtInRect
GetClientRect
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
GetDC
ReleaseDC
GetParent
GetFocus
IsChild
IsWindowVisible
SetWindowPos
CharNextW
RegisterClassExW
CreateCaret
ShowCaret
SetFocus
SetCaretPos
UnregisterClassA
GetWindowRect
SetCursor
MoveWindow
DefWindowProcW
CallWindowProcW
HideCaret
ShowWindow

gdi32

CreateDCW
LPtoDP
SetMapMode
SetViewportOrgEx
DeleteObject
CreateMetaFileW
SaveDC
SetWindowOrgEx
SetWindowExtEx
RestoreDC
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteDC

advapi32

RegDeleteKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegDeleteValueW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExA

shell32

SHGetFolderLocation
SHGetPathFromIDListW

ole32

CreateDataAdviseHolder
OleRegGetMiscStatus
OleRegGetUserType
CreateOleAdviseHolder
CoCreateInstance
StringFromGUID2
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoLoadLibrary
CoUninitialize
CoInitialize
OleRegEnumVerbs

oleaut32

SysAllocString
SysStringLen
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
VariantInit
VariantClear
VariantChangeType
LoadRegTypeLi
OleCreatePropertyFrame
SetErrorInfo
CreateErrorInfo
SysFreeString

shlwapi

PathFileExistsW
SHDeleteKeyW

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA

imm32

ImmAssociateContext

wininet

InternetCrackUrlA

ssocommon

?CreateTXBuffer@Data@Util@@YAHPAPAUITXBuffer@@@Z
??YCTXStringW@@QAEAAV0@PB_W@Z
?CreateTXData@Data@Util@@YAHPAPAUITXData@@@Z
??0CTXStringW@@QAE@PA_W@Z
??0CTXStringW@@QAE@ABV0@@Z
?GetLength@CTXStringW@@QBEHXZ
?TXLog_DoTXLogVW@@YAXPAUtagLogObj@@PB_W1PAD@Z
?FlushLog@TXLog@@YAXXZ
??1CTXStringA@@QAE@XZ
?GetString@CTXStringA@@QBEPBDXZ
?Utf8FromWS@Convert@Util@@YA?AVCTXStringA@@PB_WH@Z
??1CTXStringW@@QAE@XZ
?Encode16@Encode@Util@@YA?AVCTXStringW@@PBXI@Z
?GetString@CTXStringW@@QBEPB_WXZ
??0CTXStringW@@QAE@UtagUTF8@@PBDH@Z
??BCTXStringW@@QBEPB_WXZ
?Format@CTXStringW@@QAAXPB_WZZ
??0CTXStringW@@QAE@XZ
??BCTXBSTR@@QBEPA_WXZ
??1CTXBSTR@@QAE@XZ
??ICTXBSTR@@QAEPAPA_WXZ
??0CTXBSTR@@QAE@XZ
??0CTXStringW@@QAE@ABVCTXBSTR@@@Z
??0CTXBSTR@@QAE@PB_W@Z
??4CTXStringA@@QAEAAV0@PBD@Z
?Empty@CTXStringA@@QAEXXZ
??0CTXStringA@@QAE@UtagUTF8@@PB_WH@Z
?IsEmpty@CTXStringW@@QBE_NXZ
??4CTXStringW@@QAEAAV0@ABV0@@Z
?Trim@CTXStringW@@QAEAAV1@PB_W@Z
??BCTXStringA@@QBEPBDXZ
??0CTXStringA@@QAE@XZ
?Detach@CTXBSTR@@QAEPA_WXZ
??0CTXBSTR@@QAE@ABVCTXStringW@@@Z
?CreateTXBuffer@SSOData@Util@@YAHPAPAUITXSSOBuffer@@@Z
??0CTXStringW@@QAE@PB_W@Z
?ReverseFind@CTXStringW@@QBEH_W@Z
?Left@CTXStringW@@QBE?AV1@H@Z
??ACTXStringW@@QBE_WH@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Update.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 2.9MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 699KB - Virtual size: 700KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
uninst.exe
.exe windows:5 windows x86 arch:x86

be41bf7b8cc010b614bd36bbca606973

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
乐派英雄联盟宝盒.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 7.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
LePai_LOLBox_V1.8.3/绿软基地.url
.url

Sharing

General

Malware Config

Signatures

Files

be41bf7b8cc010b614bd36bbca606973

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 27KB - Virtual size: 27KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 415KB

.ndata Size: - Virtual size: 1.0MB

.rsrc Size: 112KB - Virtual size: 112KB

.reloc Size: 4KB - Virtual size: 3KB

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 963B

.data Size: 512B - Virtual size: 64B

.reloc Size: 1024B - Virtual size: 588B

ace36cef6227a6a546a5c8edc80fafc4

Code Sign

01:00:20Certificate

04:7a:53Certificate

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

17:91:4e:49:3b:d9:11:38:4d:d3:df:d2:42:05:95:b5Certificate

Extended Key Usages

Key Usages

3dCertificate

Key Usages

01Certificate

Key Usages

1e:c7:f8:96:f0:30:a9:74:ba:e4:47:eb:53:22:5d:23:0c:ea:bf:70Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

ole32

gdiplus

shlwapi

Exports

Exports

Sections

.text Size: 78KB - Virtual size: 78KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 712B

.reloc Size: 4KB - Virtual size: 4KB

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

.text
Size: 27KB - Virtual size: 27KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 415KB

.ndata
Size: - Virtual size: 1.0MB

.rsrc
Size: 112KB - Virtual size: 112KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 963B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 588B

01:00:20
Certificate

04:7a:53
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

17:91:4e:49:3b:d9:11:38:4d:d3:df:d2:42:05:95:b5
Certificate

3d
Certificate

01
Certificate

1e:c7:f8:96:f0:30:a9:74:ba:e4:47:eb:53:22:5d:23:0c:ea:bf:70
Signer

.text
Size: 78KB - Virtual size: 78KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 712B

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: - Virtual size: 48B

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 590B

.text
Size: - Virtual size: 806KB

.rdata
Size: - Virtual size: 147KB

.data
Size: - Virtual size: 140KB

.tmd0
Size: - Virtual size: 489KB

.tmd1
Size: 1.0MB - Virtual size: 1.0MB

.reloc
Size: 512B - Virtual size: 188B

.rsrc
Size: 6KB - Virtual size: 20KB

.text
Size: - Virtual size: 85KB

.rdata
Size: - Virtual size: 19KB

.data
Size: - Virtual size: 13KB

.tmd0
Size: - Virtual size: 85KB

.tmd1
Size: 194KB - Virtual size: 194KB

.reloc
Size: 512B - Virtual size: 68B

.rsrc
Size: 512B - Virtual size: 434B

UPX0
Size: - Virtual size: 3.7MB

UPX1
Size: 1.2MB - Virtual size: 1.2MB

.rsrc
Size: 5KB - Virtual size: 8KB

UPX0
Size: - Virtual size: 4.0MB

UPX1
Size: 1.4MB - Virtual size: 1.4MB

.rsrc
Size: 9KB - Virtual size: 12KB