b5cfe7728ddf3eb15793f4879fce2e86b9b0d13b83cd59f97e04cfe613c8bf4a

Sharing

Copy URL Twitter E-mail

General

Target

b5cfe7728ddf3eb15793f4879fce2e86b9b0d13b83cd59f97e04cfe613c8bf4a
Size

14.8MB
MD5

a13c07c97d4226c411f36a35574b5ce9
SHA1

586b76aa8008ce96480f9abd0ccd9f697e4babfb
SHA256

b5cfe7728ddf3eb15793f4879fce2e86b9b0d13b83cd59f97e04cfe613c8bf4a
SHA512

6657e335cc424843f1def5b41447db702035b1785ab054978c3d0a3b776d121f9b531e7f90f36aab2fb2c600718fcbbdb87babb76979510ecaa3d2f58f0838cc
SSDEEP

393216:5IjiLZ5f0pKjsvjv7EA9cFhodWPrEylxrEqfzNMB+hMjb/:5Imf0vJ2LPlpEgOBAmL

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack004/fsplugin04.dll	upx
static1/unpack004/fssl.db	upx

Unsigned PE 25 IoCs

Checks for missing Authenticode signature.

resource
unpack001/7z1900-x64.exe
unpack001/7z1900.exe
unpack001/FSCaptureSetup93 200415.exe
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/ShellExecAsUser.dll
unpack002/FSCapture.exe
unpack002/FSCrossHair.exe
unpack002/FSFocus.exe
unpack002/FSRecorder.exe
unpack002/uninst.exe
unpack003/$PLUGINSDIR/ShellExecAsUser.dll
unpack004/$PLUGINSDIR/InstallOptions.dll
unpack004/EmailZipEXE.bin
unpack004/FSIcons.db
unpack004/FSViewer.exe
unpack004/ZipDll.dll
unpack004/fsplugin01.dll
unpack004/fsplugin02.dll
unpack004/fsplugin03.dll
unpack004/fsplugin04.dll
unpack006/out.upx
unpack004/fsplugin05.dll
unpack004/fsplugin06.dll
unpack004/fsplugin07.dll
unpack004/fssl.db

NSIS installer 6 IoCs

installer

resource	yara_rule
static1/unpack001/FSCaptureSetup93 200415.exe	nsis_installer_1
static1/unpack001/FSCaptureSetup93 200415.exe	nsis_installer_2
static1/unpack002/uninst.exe	nsis_installer_1
static1/unpack002/uninst.exe	nsis_installer_2
static1/unpack001/FSViewerSetup75 200311.exe	nsis_installer_1
static1/unpack001/FSViewerSetup75 200311.exe	nsis_installer_2

Files

b5cfe7728ddf3eb15793f4879fce2e86b9b0d13b83cd59f97e04cfe613c8bf4a
.zip
7z1900-x64.exe
.exe windows:4 windows x86 arch:x86

d989d7adf6957f1a88bb1332e40317e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CoInitialize

user32

PeekMessageW
ExitWindowsEx
GetDlgItemTextW
SetWindowTextW
ShowWindow
MessageBoxW
CreateDialogParamW
LoadIconW
GetMessageW
EnableWindow
GetDlgItem
IsDialogMessageW
TranslateMessage
DispatchMessageW
SetDlgItemTextW
DestroyWindow
SendMessageW

advapi32

RegSetValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW

shell32

SHGetFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW

msvcrt

_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
memset
memcpy
memcmp
memmove
malloc
free
_exit

kernel32

CloseHandle
CreateFileW
FormatMessageW
LocalFree
ReadFile
CreateDirectoryW
GetSystemDirectoryW
LoadLibraryW
GetModuleFileNameW
lstrlenW
GetFileAttributesW
WriteFile
SetFilePointer
GetVersionExW
LoadLibraryExW
GetModuleHandleA
GetStartupInfoA
DeleteFileW
SetFileAttributesW
SetFileTime
MoveFileExW
GetLastError
GetCommandLineW
lstrcpynW
GetModuleHandleW
GetProcAddress
GetCurrentProcess
lstrcpyW
lstrcatW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
7z1900.exe
.exe windows:4 windows x86 arch:x86

f10abbe0b701da4438052398af672430

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CoInitialize

user32

PeekMessageW
ExitWindowsEx
MessageBoxW
GetDlgItemTextW
SetWindowTextW
ShowWindow
CreateDialogParamW
LoadIconW
GetMessageW
EnableWindow
GetDlgItem
IsDialogMessageW
TranslateMessage
DispatchMessageW
SetDlgItemTextW
DestroyWindow
SendMessageW

advapi32

RegSetValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW

shell32

SHGetFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW

msvcrt

_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
memset
memcpy
memcmp
memmove
malloc
free
_exit

kernel32

ReadFile
CloseHandle
CreateFileW
FormatMessageW
WriteFile
DeleteFileW
CreateDirectoryW
GetSystemDirectoryW
LoadLibraryW
GetProcAddress
GetModuleFileNameW
SetFilePointer
GetVersionExW
GetModuleHandleW
LoadLibraryExW
GetModuleHandleA
GetStartupInfoA
LocalFree
lstrlenW
GetFileAttributesW
SetFileAttributesW
SetFileTime
GetLastError
GetCurrentProcess
lstrcatW
GetCommandLineW
lstrcpynW
lstrcpyW
MoveFileExW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ChromeSetup Eng.exe
.exe windows:5 windows x86 arch:x86

1f7c03adda267bb2a26e5b9e7a1df3f6

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:f8:fd:d1:67:f9:24:02:b1:57:0b:5d:c4:95:c8:15
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

29/11/2016, 00:00

Not After

21/11/2019, 23:59

Subject

CN=Google Inc,O=Google Inc,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01
Certificate

Issuer

CN=Unknown issuer

Not Before

01/01/2013, 10:00

Not After

01/04/2013, 10:00

Subject

CN=Dummy certificate

Extended Key Usages

Key Usages

KeyUsageCertSign

2a:9c:21:ac:aa:a6:3a:3c:58:a7:b9:32:2b:ee:94:8d
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16/12/2015, 00:00

Not After

16/12/2018, 23:59

Subject

CN=Google Inc,O=Google Inc,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2a:00:e4:41:cb:6e:ec:6c:7a:9d:51:fe:bd:bd:55:b9:3e:e8:d4:df:9d:8d:9d:e9:b2:12:7c:4f:ae:bf:1d:8c
Signer

Actual PE Digest

2a:00:e4:41:cb:6e:ec:6c:7a:9d:51:fe:bd:bd:55:b9:3e:e8:d4:df:9d:8d:9d:e9:b2:12:7c:4f:ae:bf:1d:8c

Digest Algorithm

sha256

PE Digest Matches

true

1d:3c:19:8b:7a:06:4f:3b:8a:48:52:52:f0:c6:cc:82:71:d1:4c:44
Signer

Actual PE Digest

1d:3c:19:8b:7a:06:4f:3b:8a:48:52:52:f0:c6:cc:82:71:d1:4c:44

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mi_exe_stub.pdb

Imports

kernel32

QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
OutputDebugStringW
CloseHandle
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
SetStdHandle
GetFileType
GetStringTypeW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
DecodePointer
CreateFileW
RaiseException
GetExitCodeProcess
CreateProcessW
WaitForSingleObject
CreateDirectoryW
SizeofResource
RemoveDirectoryW
GetTempPathW
FormatMessageW
LockResource
DeleteFileW
FindResourceExW
LoadResource
FindResourceW
HeapDestroy
LocalFree
VerSetConditionMask
CopyFileW
VerifyVersionInfoW
GetTempFileNameW
lstrcmpiW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
VirtualQuery
ReadFile
SetFilePointer

shlwapi

PathQuoteSpacesW
PathAppendW

ole32

CoUninitialize
CoInitializeEx

shell32

SHGetFolderPathW
ord680

user32

MessageBoxW
CharLowerBuffW

Sections

.text
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 967KB - Virtual size: 966KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ChromeSetup.exe
.exe windows:5 windows x86 arch:x86

0ffb0c1b03081ee555711ca0c1201c9d

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:ae:a7:6b:ac:46:a9:e8:cf:e6:d2:9e:45:aa:f0:33
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

08/11/2019, 00:00

Not After

16/11/2022, 12:00

Subject

CN=Google LLC,O=Google LLC,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=Unknown issuer

Not Before

01/01/2013, 10:00

Not After

01/04/2013, 10:00

Subject

CN=Dummy certificate

Extended Key Usages

Key Usages

KeyUsageCertSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:44:18:e2:de:de:36:dd:29:74:c3:44:3a:fb:5c:e5
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

02/07/2021, 00:00

Not After

10/07/2024, 23:59

Subject

CN=Google LLC,O=Google LLC,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b8:fe:3e:fe:3a:b6:a5:68:f2:4b:d5:03:36:c9:d0:bc:ff:c1:56:02:38:0c:06:71:d0:ff:7b:4c:9e:dd:04:04
Signer

Actual PE Digest

b8:fe:3e:fe:3a:b6:a5:68:f2:4b:d5:03:36:c9:d0:bc:ff:c1:56:02:38:0c:06:71:d0:ff:7b:4c:9e:dd:04:04

Digest Algorithm

sha256

PE Digest Matches

true

ae:0e:a8:8a:89:85:32:2f:f1:59:07:54:8b:67:c9:6b:b7:e5:e3:68
Signer

Actual PE Digest

ae:0e:a8:8a:89:85:32:2f:f1:59:07:54:8b:67:c9:6b:b7:e5:e3:68

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

TEST_mi_exe_stub.pdb

Imports

kernel32

QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
OutputDebugStringW
CloseHandle
HeapAlloc
HeapFree
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
SetStdHandle
GetFileType
GetStringTypeW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
DecodePointer
CreateFileW
GetExitCodeProcess
CreateProcessW
WaitForSingleObject
SetFilePointer
CreateDirectoryW
SizeofResource
RemoveDirectoryW
GetTempPathW
FormatMessageW
LockResource
DeleteFileW
FindResourceExW
LoadResource
FindResourceW
HeapDestroy
LocalFree
VerSetConditionMask
CopyFileW
VerifyVersionInfoW
GetTempFileNameW
lstrcmpiW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
VirtualQuery
ReadFile

shlwapi

PathQuoteSpacesW
PathAppendW

ole32

CoUninitialize
CoInitializeEx

shell32

SHGetFolderPathW
ord680

user32

MessageBoxW
CharLowerBuffW

Sections

.text
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FSCapture.txt
FSCaptureSetup93 200415.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ShellExecAsUser.dll
.dll windows:4 windows x86 arch:x86

fb89301642ac2a39aefdd3cc2610ed81

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
CloseHandle
WaitForSingleObject
OutputDebugStringA
MultiByteToWideChar
lstrlenA
GetModuleHandleA
lstrcmpA
SetEvent
GlobalFree
lstrcpyA
GetProcAddress
CreateEventA
GetVersionExA

user32

CreateWindowExA
PostMessageA
GetMessageA
SetWindowLongA
RegisterClassExA
TranslateMessage
DispatchMessageA
DefWindowProcA
DestroyWindow
GetWindowLongA
PostQuitMessage
wsprintfA

advapi32

GetTokenInformation
OpenProcessToken

shell32

ShellExecuteA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
VariantClear
SysAllocStringLen
SysFreeString

shlwapi

ord176

msvcrt

malloc
_initterm
free
_beginthreadex
??2@YAPAXI@Z
??3@YAXPAX@Z
memset
_adjust_fdiv

Exports

Exports

ShellExecAsUser

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 426B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
FSCapture.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 35KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 48B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FSCaptureHelp.chm
.chm
FSCrossHair.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 355KB - Virtual size: 355KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FSFocus.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 339KB - Virtual size: 338KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FSLogo.png
.png
FSRecorder.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 35KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 48B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LicenseAgreement.txt
uninst.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ShellExecAsUser.dll
.dll windows:4 windows x86 arch:x86

fb89301642ac2a39aefdd3cc2610ed81

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
CloseHandle
WaitForSingleObject
OutputDebugStringA
MultiByteToWideChar
lstrlenA
GetModuleHandleA
lstrcmpA
SetEvent
GlobalFree
lstrcpyA
GetProcAddress
CreateEventA
GetVersionExA

user32

CreateWindowExA
PostMessageA
GetMessageA
SetWindowLongA
RegisterClassExA
TranslateMessage
DispatchMessageA
DefWindowProcA
DestroyWindow
GetWindowLongA
PostQuitMessage
wsprintfA

advapi32

GetTokenInformation
OpenProcessToken

shell32

ShellExecuteA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
VariantClear
SysAllocStringLen
SysFreeString

shlwapi

ord176

msvcrt

malloc
_initterm
free
_beginthreadex
??2@YAPAXI@Z
??3@YAXPAX@Z
memset
_adjust_fdiv

Exports

Exports

ShellExecAsUser

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 426B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FSViewerSetup75 200311.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

01:01:21:b2:85:ba:aa:6f:62:28:52:63:78:1f:b7:a7
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

28/01/2021, 00:00

Not After

01/02/2024, 23:59

Subject

SERIALNUMBER=2023017896,CN=FastStone Corporation,O=FastStone Corporation,L=Calgary,ST=Alberta,C=CA,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#1307416c6265727461,1.3.6.1.4.1.311.60.2.1.3=#13024341

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

67:b0:a6:f6:77:0b:93:b3:a7:30:10:d0:4c:4c:37:96:c2:93:47:29:d4:61:ff:05:86:bb:80:b2:63:b4:5b:3b
Signer

Actual PE Digest

67:b0:a6:f6:77:0b:93:b3:a7:30:10:d0:4c:4c:37:96:c2:93:47:29:d4:61:ff:05:86:bb:80:b2:63:b4:5b:3b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
Callout/FSCallout_01_16168059.png
.png
Callout/FSCallout_02_19168459.png
.png
Callout/FSCallout_03_13228562.png
.png
Callout/FSCallout_04_15228762.png
.png
Callout/FSCallout_05_16148476.png
.png
Callout/FSCallout_06_16148476.png
.png
Callout/FSCallout_07_16248486.png
.png
Callout/FSCallout_08_16248486.png
.png
Callout/FSCallout_09_16148470.png
.png
Callout/FSCallout_10_16148470.png
.png
Callout/FSCallout_11_16318487.png
.png
Callout/FSCallout_12_16318487.png
.png
Callout/FSCallout_13_16168477.png
.png
Callout/FSCallout_14_16168477.png
.png
Callout/FSCallout_15_16228485.png
.png
Callout/FSCallout_16_16228485.png
.png
Callout/FSCallout_17_16188482.png
.png
Callout/FSCallout_18_20228065.png
.png
Callout/FSCallout_19_25307573.png
.png
Callout/FSCallout_20_27307678.png
.png
Callout/FSCallout_21_05069573.png
.png
Callout/FSCallout_22_05069573.png
.png
Callout/FSCallout_23_05069573.png
.png
Callout/FSCallout_24_05069573.png
.png
Callout/FSCallout_25_05069573.png
.png
Callout/FSCallout_26_05289594.png
.png
Callout/FSCallout_27_05289594.png
.png
Callout/FSCallout_28_05289594.png
.png
Callout/FSCallout_29_05289594.png
.png
Callout/FSCallout_30_05289594.png
.png
Callout/FSCallout_31_05078093.png
.png
Callout/FSCallout_32_20079593.png
.png
Callout/FSCallout_33_05079593.png
.png
Callout/FSCallout_34_05079593.png
.png
Credits.txt
EmailZipEXE.bin
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 620B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FSIcons.db
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 702B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FSLogo.png
.png
FSMenuIcons0.db
FSMenuIcons1.db
FSMenuIcons2.db
FSMenuIcons3.db
FSMenuIcons4.db
FSMenuIcons5.db
FSViewer.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 64KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 48B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 241KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 888KB - Virtual size: 888KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FSViewerHelp.chm
.chm
Languages/FSViewerHelp_10.chm
.chm
Languages/FSViewerHelp_11.chm
.chm
Languages/FSViewerHelp_13.chm
.chm
Languages/FSViewerHelp_15.chm
.chm
Languages/FSViewerHelp_17.chm
.chm
Languages/FSViewerHelp_18.chm
.chm
Languages/FSViewerHelp_4.chm
.chm
Languages/FSViewerHelp_5.chm
.chm
Languages/FSViewerHelp_6.chm
.chm
Languages/FSViewerHelp_7.chm
.chm
Languages/FSViewerHelp_8.chm
.chm
Languages/FSViewerHelp_9.chm
.chm
Languages/Language_10.sib
Languages/Language_11.sib
Languages/Language_12.sib
Languages/Language_13.sib
Languages/Language_14.sib
Languages/Language_15.sib
Languages/Language_16.sib
Languages/Language_17.sib
Languages/Language_18.sib
Languages/Language_19.sib
Languages/Language_2.sib
Languages/Language_20.sib
Languages/Language_3.sib
Languages/Language_4.sib
Languages/Language_5.sib
Languages/Language_6.sib
Languages/Language_7.sib
Languages/Language_8.sib
Languages/Language_9.sib
LicenseAgreement.pdf
.pdf
Mask/Mask01.jpg
.jpg
Mask/Mask02.jpg
.jpg
Mask/Mask03.jpg
.jpg
Mask/Mask04.jpg
.jpg
Mask/Mask05.jpg
.jpg
Mask/Mask06.jpg
.jpg
Mask/Mask07.jpg
.jpg
Mask/Mask08.jpg
.jpg
Mask/Mask09.jpg
.jpg
Mask/Mask10.jpg
.jpg
Mask/Mask11.jpg
.jpg
Mask/Mask12.jpg
.jpg
Mask/Mask13.jpg
.jpg
Mask/Mask14.jpg
.jpg
Mask/Mask15.jpg
.jpg
Mask/Mask16.jpg
.jpg
Mask/Mask17.jpg
.jpg
Mask/Mask18.jpg
.jpg
Mask/Mask19.jpg
.jpg
Mask/Mask20.jpg
.jpg
Mask/Mask21.jpg
.jpg
Mask/Mask22.jpg
.jpg
Mask/Mask23.jpg
.jpg
Mask/Mask24.jpg
.jpg
Mask/Mask25.jpg
.jpg
Mask/Mask26.jpg
.jpg
Mask/Mask27.jpg
.jpg
Mask/Mask28.jpg
.jpg
Mask/Mask29.jpg
.jpg
Mask/Mask30.jpg
.jpg
Mask/Mask31.jpg
.jpg
Mask/Mask32.jpg
.jpg
Mask/Mask33.jpg
.jpg
Mask/Mask34.jpg
.jpg
Mask/Mask35.jpg
.jpg
Mask/Mask36.jpg
.jpg
Mask/Mask37.jpg
.jpg
Mask/Mask38.jpg
.jpg
Mask/Mask39.jpg
.jpg
Mask/Mask40.jpg
.jpg
Mask/Mask41.jpg
.jpg
Mask/Mask42.jpg
.jpg
Mask/Mask43.jpg
.jpg
Mask/Mask44.jpg
.jpg
Mask/Mask45.jpg
.jpg
Mask/Mask46.jpg
.jpg
Mask/Mask47.jpg
.jpg
Mask/Mask48.jpg
.jpg
Mask/Mask49.jpg
.jpg
Mask/Mask50.jpg
.jpg
Mask/Mask51.jpg
.jpg
Mask/Mask52.jpg
.jpg
Mask/Mask53.jpg
.jpg
Mask/Mask54.jpg
.jpg
Mask/Mask55.jpg
.jpg
Mask/Mask56.jpg
.jpg
Mask/Mask57.jpg
.jpg
Mask/Mask58.jpg
.jpg
Mask/Mask59.jpg
.jpg
Mask/Mask60.jpg
.jpg
Mask/Mask61.jpg
.jpg
Mask/Mask62.jpg
.jpg
Mask/Mask63.jpg
.jpg
Mask/Mask64.jpg
.jpg
Mask/Mask65.jpg
.jpg
Mask/Mask66.jpg
.jpg
Mask/Mask67.jpg
.jpg
Mask/Mask68.jpg
.jpg
Mask/Mask69.jpg
.jpg
Mask/Mask70.jpg
.jpg
Mask/Mask71.jpg
.jpg
Mask/Mask72.jpg
.jpg
Mask/Mask73.jpg
.jpg
Mask/Mask74.jpg
.jpg
Mask/Mask75.jpg
.jpg
Mask/Mask76.jpg
.jpg
Mask/Mask77.jpg
.jpg
Mask/Mask78.jpg
.jpg
Mask/Mask79.jpg
.jpg
Mask/Mask80.jpg
.jpg
Mask/Mask81.jpg
.jpg
Mask/Mask82.jpg
.jpg
Mask/Mask83.jpg
.jpg
Mask/Mask84.jpg
.jpg
Mask/Mask85.jpg
.jpg
Mask/Mask86.jpg
.jpg
Mask/Mask87.jpg
.jpg
Mask/Mask88.jpg
.jpg
Mask/Mask89.jpg
.jpg
Mask/Mask90.jpg
.jpg
Mask/Mask91.jpg
.jpg
Mask/Mask92.jpg
.jpg
Mask/Mask93.jpg
.jpg
Mask/Mask94.jpg
.jpg
Mask/Mask95.jpg
.jpg
ZipDll.dll
.dll windows:4 windows x86 arch:x86

8df7add524088e1365dd260c717232eb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateFileA
CreateFileW
DeleteCriticalSection
DeleteFileA
DosDateTimeToFileTime
EnterCriticalSection
ExitProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
FreeEnvironmentStringsA
GetACP
GetCPInfo
GetCurrentDirectoryA
GetCurrentProcessId
GetCurrentThreadId
GetDriveTypeA
GetEnvironmentStrings
GetFileAttributesA
GetFileAttributesW
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetShortPathNameA
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetTimeZoneInformation
GetUserDefaultLCID
GetVersion
GetVersionExA
GetVolumeInformationA
GlobalAlloc
GlobalFree
GlobalLock
GlobalMemoryStatus
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LocalFileTimeToFileTime
MoveFileA
MultiByteToWideChar
RaiseException
ReadFile
RemoveDirectoryA
RtlUnwind
SetConsoleCtrlHandler
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFileTime
SetHandleCount
SetLastError
SetThreadLocale
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WideCharToMultiByte
WriteFile
lstrcatA
lstrcpyA
lstrlenA

shell32

SHFileOperationA

user32

CharToOemBuffA
DialogBoxParamA
EndDialog
EnumThreadWindows
MessageBoxA
OemToCharBuffA
SendDlgItemMessageA
SendMessageA
wsprintfA
wvsprintfA

Exports

Exports

GetZipDllPrivVersion
GetZipDllVersion
ZipDllExec
___CPPdebugHook

Sections

.text
Size: 101KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
fsim.db
.jpg
fsplugin01.dll
.dll windows:4 windows x86 arch:x86

933368af2946af8f4bc77ab0457ed8f1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CompareStringA
CreateEventA
CreateFileA
CreateFileW
DeleteCriticalSection
EnterCriticalSection
EnumCalendarInfoA
ExitProcess
FindClose
FindFirstFileA
FormatMessageA
FreeEnvironmentStringsA
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCurrentDirectoryA
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceA
GetEnvironmentStrings
GetFileAttributesA
GetFileAttributesW
GetFileSize
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetLocaleInfoA
GetLogicalDrives
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeExA
GetStringTypeW
GetSystemDefaultLangID
GetThreadLocale
GetTimeZoneInformation
GetUserDefaultLCID
GetVersion
GetVersionExA
GlobalAlloc
GlobalFree
GlobalHandle
GlobalLock
GlobalMemoryStatus
GlobalReAlloc
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LocalAlloc
LocalFileTimeToFileTime
LocalFree
MultiByteToWideChar
RaiseException
ReadFile
ResetEvent
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetEnvironmentVariableA
SetEvent
SetFilePointer
SetFileTime
SetHandleCount
SetLastError
SetThreadLocale
Sleep
SystemTimeToFileTime
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcpynA
lstrlenA

wsock32

htonl
htons
ntohl
ntohs

user32

CharNextA
EnumThreadWindows
GetKeyboardType
GetSystemMetrics
LoadStringA
MessageBoxA
wsprintfA

oleaut32

SafeArrayCreate
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayRedim
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeType
VariantClear
VariantCopy
VariantCopyInd
VariantInit

Exports

Exports

@@Utils2@Finalize
@@Utils2@Initialize
@@Utils@Finalize
@@Utils@Initialize
IEX_AddParameter
IEX_ExecuteRead
IEX_ExecuteTry
IEX_ExecuteWrite
IEX_Finalize
IEX_GetInfo
IEX_Initialize
IEX_SetCallBacks
IEX_SetInfo
___CPPdebugHook

Sections

.text
Size: 329KB - Virtual size: 332KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 636KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
fsplugin02.dll
.dll windows:4 windows x86 arch:x86

af7730f5190b736356af1d0eda458dc3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetLastError
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
LeaveCriticalSection
TlsGetValue
VirtualProtect
VirtualQuery

msvcrt

_setmode
__dllonexit
__mb_cur_max
_errno
_iob
_isctype
_pctype
_setjmp
_wfopen
abort
calloc
exit
fclose
fflush
fprintf
fread
free
fwrite
getenv
longjmp
malloc
memcpy
sprintf
sscanf
strncpy
tolower
vfprintf

Exports

Exports

FreeMemData
JPEGFileTransform
JPEGMEMTransform
TransferMemData

Sections

.text
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 188B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 158B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fsplugin03.dll
.exe windows:5 windows x86 arch:x86

519725a05f6d3283592a2ef4bc96d347

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

htons
ntohl
htonl
ntohs

kernel32

TlsGetValue
GetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeA
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
HeapAlloc
GetCommandLineA
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WideCharToMultiByte
GetTimeZoneInformation
SetStdHandle
GetFileType
GetSystemTimeAsFileTime
SetHandleCount
GetStdHandle
GetStartupInfoA
DeleteCriticalSection
CloseHandle
CreateFileA
Sleep
GetModuleHandleW
ExitProcess
SetFilePointer
MultiByteToWideChar
ReadFile
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
SetEnvironmentVariableW
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
WriteFile
GetConsoleCP
GetConsoleMode
GetModuleFileNameA
GetCurrentProcessId
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
RaiseException
InitializeCriticalSectionAndSpinCount
SetEndOfFile
GetProcessHeap
LoadLibraryA
FlushFileBuffers
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
HeapSize
CompareStringA
CompareStringW
SetEnvironmentVariableA

Sections

.text
Size: 211KB - Virtual size: 211KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 580KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
fsplugin04.dll
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 390KB - Virtual size: 392KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
fsplugin05.dll
.dll windows:4 windows x86 arch:x86

1cba0e23b706e0bfbc0a4cb9b6bd80fb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
InterlockedCompareExchange
InterlockedExchange
LeaveCriticalSection
LoadLibraryA
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

msvcrt

__dllonexit
_amsg_exit
_initterm
_iob
_lock
_onexit
_unlock
abort
calloc
exit
ferror
fflush
fprintf
fread
free
fwrite
getenv
malloc
memcpy
memset
sprintf
sscanf
strlen
strncmp
vfprintf

Exports

Exports

jcopy_block_row
jcopy_sample_rows
jdiv_round_up
jinit_1pass_quantizer
jinit_2pass_quantizer
jinit_c_coef_controller
jinit_c_main_controller
jinit_c_master_control
jinit_c_prep_controller
jinit_color_converter
jinit_color_deconverter
jinit_compress_master
jinit_d_coef_controller
jinit_d_main_controller
jinit_d_post_controller
jinit_downsampler
jinit_forward_dct
jinit_huff_decoder
jinit_huff_encoder
jinit_input_controller
jinit_inverse_dct
jinit_marker_reader
jinit_marker_writer
jinit_master_decompress
jinit_memory_mgr
jinit_merged_upsampler
jinit_phuff_decoder
jinit_phuff_encoder
jinit_upsampler
jpeg_CreateCompress
jpeg_CreateDecompress
jpeg_abort
jpeg_abort_compress
jpeg_abort_decompress
jpeg_add_quant_table
jpeg_alloc_huff_table
jpeg_alloc_quant_table
jpeg_calc_output_dimensions
jpeg_consume_input
jpeg_copy_critical_parameters
jpeg_crop_scanline
jpeg_default_colorspace
jpeg_destroy
jpeg_destroy_compress
jpeg_destroy_decompress
jpeg_fdct_float
jpeg_fdct_ifast
jpeg_fdct_islow
jpeg_fill_bit_buffer
jpeg_finish_compress
jpeg_finish_decompress
jpeg_finish_output
jpeg_free_large
jpeg_free_small
jpeg_gen_optimal_table
jpeg_get_large
jpeg_get_small
jpeg_has_multiple_scans
jpeg_huff_decode
jpeg_idct_1x1
jpeg_idct_2x2
jpeg_idct_4x4
jpeg_idct_float
jpeg_idct_ifast
jpeg_idct_islow
jpeg_input_complete
jpeg_make_c_derived_tbl
jpeg_make_d_derived_tbl
jpeg_mem_available
jpeg_mem_dest
jpeg_mem_init
jpeg_mem_src
jpeg_mem_term
jpeg_new_colormap
jpeg_open_backing_store
jpeg_quality_scaling
jpeg_read_coefficients
jpeg_read_header
jpeg_read_raw_data
jpeg_read_scanlines
jpeg_resync_to_restart
jpeg_save_markers
jpeg_set_colorspace
jpeg_set_defaults
jpeg_set_linear_quality
jpeg_set_marker_processor
jpeg_set_quality
jpeg_simple_progression
jpeg_skip_scanlines
jpeg_start_compress
jpeg_start_decompress
jpeg_start_output
jpeg_std_error
jpeg_stdio_dest
jpeg_stdio_src
jpeg_suppress_tables
jpeg_write_coefficients
jpeg_write_m_byte
jpeg_write_m_header
jpeg_write_marker
jpeg_write_raw_data
jpeg_write_scanlines
jpeg_write_tables
jround_up
jzero_far

Sections

.text
Size: 275KB - Virtual size: 274KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 996B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/14
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 512B - Virtual size: 135B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 512B - Virtual size: 277B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fsplugin06.dll
.dll windows:5 windows x86 arch:x86

8e0a1f2284a5f7dab96c697a66241e4a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Documents and Settings\Andrew\Desktop\lcms\lcms2-2.9\bin\lcms2.pdb

Imports

kernel32

InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CreateMutexW
WaitForSingleObject
InterlockedCompareExchange
ReleaseMutex
CloseHandle
GetLastError
HeapFree
HeapAlloc
HeapReAlloc
DeleteFileA
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
RtlUnwind
MultiByteToWideChar
ReadFile
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
Sleep
ExitProcess
GetModuleFileNameA
SetFilePointer
RaiseException
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CreateFileA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
LoadLibraryA
GetModuleHandleA
GetTimeZoneInformation
SetEndOfFile
GetProcessHeap
HeapSize
CompareStringA
CompareStringW
SetEnvironmentVariableA

Exports

Exports

__cmsComputeInterpParams@24
__cmsFloat2Half@4
__cmsFreeInterpParams@4
__cmsGetFormatter@16
__cmsHalf2Float@4
__cmsQuantizeVal@12
__cmsReadDevicelinkLUT@8
__cmsReadInputLUT@8
__cmsReadOutputLUT@8
__cmsStageAllocIdentityCLut@8
__cmsStageAllocIdentityCurves@8
__cmsStageAllocLab2XYZ@4
__cmsStageAllocLabV2ToV4@4
__cmsStageAllocLabV4ToV2@4
__cmsStageAllocNamedColor@8
__cmsStageAllocXYZ2Lab@4
_cms15Fixed16toDouble
_cms8Fixed8toDouble
_cmsAdjustEndianess16
_cmsAdjustEndianess32
_cmsAdjustEndianess64
_cmsCalloc
_cmsCreateMutex
_cmsDecodeDateTimeNumber
_cmsDefaultICCintents
_cmsDestroyMutex
_cmsDoTransformLineStride@36
_cmsDoubleTo15Fixed16
_cmsDoubleTo8Fixed8
_cmsDupMem
_cmsEncodeDateTimeNumber
_cmsFree
_cmsGetTransformFormatters16
_cmsGetTransformFormattersFloat
_cmsGetTransformUserData
_cmsICCcolorSpace
_cmsIOPrintf
_cmsLCMScolorSpace
_cmsLockMutex
_cmsMAT3eval
_cmsMAT3identity
_cmsMAT3inverse
_cmsMAT3isIdentity
_cmsMAT3per
_cmsMAT3solve
_cmsMalloc
_cmsMallocZero
_cmsOpenProfileFromIOhandler2THR@12
_cmsPipelineSetOptimizationParameters
_cmsRead15Fixed16Number
_cmsReadAlignment
_cmsReadFloat32Number
_cmsReadTypeBase
_cmsReadUInt16Array
_cmsReadUInt16Number
_cmsReadUInt32Number
_cmsReadUInt64Number
_cmsReadUInt8Number
_cmsReadXYZNumber
_cmsRealloc
_cmsSetTransformUserData
_cmsStageAllocPlaceholder
_cmsUnlockMutex
_cmsVEC3cross
_cmsVEC3distance
_cmsVEC3dot
_cmsVEC3init
_cmsVEC3length
_cmsVEC3minus
_cmsWrite15Fixed16Number
_cmsWriteAlignment
_cmsWriteFloat32Number
_cmsWriteTypeBase
_cmsWriteUInt16Array
_cmsWriteUInt16Number
_cmsWriteUInt32Number
_cmsWriteUInt64Number
_cmsWriteUInt8Number
_cmsWriteXYZNumber
cmsAdaptToIlluminant
cmsAllocNamedColorList
cmsAllocProfileSequenceDescription
cmsAppendNamedColor
cmsBFDdeltaE
cmsBuildGamma
cmsBuildParametricToneCurve
cmsBuildSegmentedToneCurve
cmsBuildTabulatedToneCurve16
cmsBuildTabulatedToneCurveFloat
cmsCIE2000DeltaE
cmsCIE94DeltaE
cmsCIECAM02Done
cmsCIECAM02Forward
cmsCIECAM02Init
cmsCIECAM02Reverse
cmsCMCdeltaE
cmsChangeBuffersFormat
cmsChannelsOf
cmsCloseIOhandler
cmsCloseProfile
cmsCreateBCHSWabstractProfile
cmsCreateBCHSWabstractProfileTHR
cmsCreateContext
cmsCreateExtendedTransform
cmsCreateGrayProfile
cmsCreateGrayProfileTHR
cmsCreateInkLimitingDeviceLink
cmsCreateInkLimitingDeviceLinkTHR
cmsCreateLab2Profile
cmsCreateLab2ProfileTHR
cmsCreateLab4Profile
cmsCreateLab4ProfileTHR
cmsCreateLinearizationDeviceLink
cmsCreateLinearizationDeviceLinkTHR
cmsCreateMultiprofileTransform
cmsCreateMultiprofileTransformTHR
cmsCreateNULLProfile
cmsCreateNULLProfileTHR
cmsCreateProfilePlaceholder
cmsCreateProofingTransform
cmsCreateProofingTransformTHR
cmsCreateRGBProfile
cmsCreateRGBProfileTHR
cmsCreateTransform
cmsCreateTransformTHR
cmsCreateXYZProfile
cmsCreateXYZProfileTHR
cmsCreate_sRGBProfile
cmsCreate_sRGBProfileTHR
cmsD50_XYZ
cmsD50_xyY
cmsDeleteContext
cmsDeleteTransform
cmsDeltaE
cmsDesaturateLab
cmsDetectBlackPoint
cmsDetectDestinationBlackPoint
cmsDetectTAC
cmsDictAddEntry
cmsDictAlloc
cmsDictDup
cmsDictFree
cmsDictGetEntryList
cmsDictNextEntry
cmsDoTransform
cmsDoTransformStride
cmsDupContext
cmsDupNamedColorList
cmsDupProfileSequenceDescription
cmsDupToneCurve
cmsEstimateGamma
cmsEvalToneCurve16
cmsEvalToneCurveFloat
cmsFloat2LabEncoded
cmsFloat2LabEncodedV2
cmsFloat2XYZEncoded
cmsFormatterForColorspaceOfProfile
cmsFormatterForPCSOfProfile
cmsFreeNamedColorList
cmsFreeProfileSequenceDescription
cmsFreeToneCurve
cmsFreeToneCurveTriple
cmsGBDAlloc
cmsGBDFree
cmsGDBAddPoint
cmsGDBCheckPoint
cmsGDBCompute
cmsGetAlarmCodes
cmsGetAlarmCodesTHR
cmsGetColorSpace
cmsGetContextUserData
cmsGetDeviceClass
cmsGetEncodedCMMversion
cmsGetEncodedICCversion
cmsGetHeaderAttributes
cmsGetHeaderCreationDateTime
cmsGetHeaderCreator
cmsGetHeaderFlags
cmsGetHeaderManufacturer
cmsGetHeaderModel
cmsGetHeaderProfileID
cmsGetHeaderRenderingIntent
cmsGetNamedColorList
cmsGetPCS
cmsGetPipelineContextID
cmsGetPostScriptCRD
cmsGetPostScriptCSA
cmsGetPostScriptColorResource
cmsGetProfileContextID
cmsGetProfileIOhandler
cmsGetProfileInfo
cmsGetProfileInfoASCII
cmsGetProfileVersion
cmsGetSupportedIntents
cmsGetSupportedIntentsTHR
cmsGetTagCount
cmsGetTagSignature
cmsGetToneCurveEstimatedTable
cmsGetToneCurveEstimatedTableEntries
cmsGetToneCurveParametricType
cmsGetTransformContextID
cmsGetTransformInputFormat
cmsGetTransformOutputFormat
cmsIT8Alloc
cmsIT8DefineDblFormat
cmsIT8EnumDataFormat
cmsIT8EnumProperties
cmsIT8EnumPropertyMulti
cmsIT8FindDataFormat
cmsIT8Free
cmsIT8GetData
cmsIT8GetDataDbl
cmsIT8GetDataRowCol
cmsIT8GetDataRowColDbl
cmsIT8GetPatchByName
cmsIT8GetPatchName
cmsIT8GetProperty
cmsIT8GetPropertyDbl
cmsIT8GetPropertyMulti
cmsIT8GetSheetType
cmsIT8LoadFromFile
cmsIT8LoadFromMem
cmsIT8SaveToFile
cmsIT8SaveToMem
cmsIT8SetComment
cmsIT8SetData
cmsIT8SetDataDbl
cmsIT8SetDataFormat
cmsIT8SetDataRowCol
cmsIT8SetDataRowColDbl
cmsIT8SetIndexColumn
cmsIT8SetPropertyDbl
cmsIT8SetPropertyHex
cmsIT8SetPropertyMulti
cmsIT8SetPropertyStr
cmsIT8SetPropertyUncooked
cmsIT8SetSheetType
cmsIT8SetTable
cmsIT8SetTableByLabel
cmsIT8TableCount
cmsIsCLUT
cmsIsIntentSupported
cmsIsMatrixShaper
cmsIsTag
cmsIsToneCurveDescending
cmsIsToneCurveLinear
cmsIsToneCurveMonotonic
cmsIsToneCurveMultisegment
cmsJoinToneCurve
cmsLCh2Lab
cmsLab2LCh
cmsLab2XYZ
cmsLabEncoded2Float
cmsLabEncoded2FloatV2
cmsLinkTag
cmsMD5computeID
cmsMLUalloc
cmsMLUdup
cmsMLUfree
cmsMLUgetASCII
cmsMLUgetTranslation
cmsMLUgetWide
cmsMLUsetASCII
cmsMLUsetWide
cmsMLUtranslationsCodes
cmsMLUtranslationsCount
cmsNamedColorCount
cmsNamedColorIndex
cmsNamedColorInfo
cmsOpenIOhandlerFromFile
cmsOpenIOhandlerFromMem
cmsOpenIOhandlerFromNULL
cmsOpenIOhandlerFromStream
cmsOpenProfileFromFile
cmsOpenProfileFromFileTHR
cmsOpenProfileFromIOhandlerTHR
cmsOpenProfileFromMem
cmsOpenProfileFromMemTHR
cmsOpenProfileFromStream
cmsOpenProfileFromStreamTHR
cmsPipelineAlloc
cmsPipelineCat
cmsPipelineCheckAndRetreiveStages
cmsPipelineDup
cmsPipelineEval16
cmsPipelineEvalFloat
cmsPipelineEvalReverseFloat
cmsPipelineFree
cmsPipelineGetPtrToFirstStage
cmsPipelineGetPtrToLastStage
cmsPipelineInputChannels
cmsPipelineInsertStage
cmsPipelineOutputChannels
cmsPipelineSetSaveAs8bitsFlag
cmsPipelineStageCount
cmsPipelineUnlinkStage
cmsPlugin
cmsPluginTHR
cmsReadRawTag
cmsReadTag
cmsReverseToneCurve
cmsReverseToneCurveEx
cmsSaveProfileToFile
cmsSaveProfileToIOhandler
cmsSaveProfileToMem
cmsSaveProfileToStream
cmsSetAdaptationState
cmsSetAdaptationStateTHR
cmsSetAlarmCodes
cmsSetAlarmCodesTHR
cmsSetColorSpace
cmsSetDeviceClass
cmsSetEncodedICCversion
cmsSetHeaderAttributes
cmsSetHeaderFlags
cmsSetHeaderManufacturer
cmsSetHeaderModel
cmsSetHeaderProfileID
cmsSetHeaderRenderingIntent
cmsSetLogErrorHandler
cmsSetLogErrorHandlerTHR
cmsSetPCS
cmsSetProfileVersion
cmsSignalError
cmsSliceSpace16
cmsSliceSpaceFloat
cmsSmoothToneCurve
cmsStageAllocCLut16bit
cmsStageAllocCLut16bitGranular
cmsStageAllocCLutFloat
cmsStageAllocCLutFloatGranular
cmsStageAllocIdentity
cmsStageAllocMatrix
cmsStageAllocToneCurves
cmsStageData
cmsStageDup
cmsStageFree
cmsStageInputChannels
cmsStageNext
cmsStageOutputChannels
cmsStageSampleCLut16bit
cmsStageSampleCLutFloat
cmsStageType
cmsTagLinkedTo
cmsTempFromWhitePoint
cmsTransform2DeviceLink
cmsUnregisterPlugins
cmsUnregisterPluginsTHR
cmsWhitePointFromTemp
cmsWriteRawTag
cmsWriteTag
cmsXYZ2Lab
cmsXYZ2xyY
cmsXYZEncoded2Float
cmsfilelength
cmsstrcasecmp
cmsxyY2XYZ

Sections

.text
Size: 262KB - Virtual size: 261KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fsplugin07.dll
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 390KB - Virtual size: 389KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 11KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
fssl.db
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 528KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
uninst.exe.nsis

Sharing

General

Malware Config

Signatures

Files

d989d7adf6957f1a88bb1332e40317e6

Headers

DLL Characteristics

File Characteristics

Imports

ole32

user32

advapi32

shell32

msvcrt

kernel32

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 9KB

.rsrc Size: 4KB - Virtual size: 3KB

f10abbe0b701da4438052398af672430

Headers

DLL Characteristics

File Characteristics

Imports

ole32

user32

advapi32

shell32

msvcrt

kernel32

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 9KB

.rsrc Size: 4KB - Virtual size: 3KB

1f7c03adda267bb2a26e5b9e7a1df3f6

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

14:f8:fd:d1:67:f9:24:02:b1:57:0b:5d:c4:95:c8:15Certificate

Extended Key Usages

Key Usages

01Certificate

Extended Key Usages

Key Usages

2a:9c:21:ac:aa:a6:3a:3c:58:a7:b9:32:2b:ee:94:8dCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

2a:00:e4:41:cb:6e:ec:6c:7a:9d:51:fe:bd:bd:55:b9:3e:e8:d4:df:9d:8d:9d:e9:b2:12:7c:4f:ae:bf:1d:8cSigner

1d:3c:19:8b:7a:06:4f:3b:8a:48:52:52:f0:c6:cc:82:71:d1:4c:44Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shlwapi

ole32

shell32

user32

Sections

.text Size: 82KB - Virtual size: 82KB

.rdata Size: 27KB - Virtual size: 27KB

.data Size: 2KB - Virtual size: 4KB

.gfids Size: 512B - Virtual size: 220B

.rsrc Size: 967KB - Virtual size: 966KB

.reloc Size: 4KB - Virtual size: 4KB

0ffb0c1b03081ee555711ca0c1201c9d

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 3KB

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

14:f8:fd:d1:67:f9:24:02:b1:57:0b:5d:c4:95:c8:15
Certificate

01
Certificate

2a:9c:21:ac:aa:a6:3a:3c:58:a7:b9:32:2b:ee:94:8d
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

2a:00:e4:41:cb:6e:ec:6c:7a:9d:51:fe:bd:bd:55:b9:3e:e8:d4:df:9d:8d:9d:e9:b2:12:7c:4f:ae:bf:1d:8c
Signer

1d:3c:19:8b:7a:06:4f:3b:8a:48:52:52:f0:c6:cc:82:71:d1:4c:44
Signer

.text
Size: 82KB - Virtual size: 82KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 2KB - Virtual size: 4KB

.gfids
Size: 512B - Virtual size: 220B

.rsrc
Size: 967KB - Virtual size: 966KB

.reloc
Size: 4KB - Virtual size: 4KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

06:ae:a7:6b:ac:46:a9:e8:cf:e6:d2:9e:45:aa:f0:33
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

01
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0e:44:18:e2:de:de:36:dd:29:74:c3:44:3a:fb:5c:e5
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

b8:fe:3e:fe:3a:b6:a5:68:f2:4b:d5:03:36:c9:d0:bc:ff:c1:56:02:38:0c:06:71:d0:ff:7b:4c:9e:dd:04:04
Signer

ae:0e:a8:8a:89:85:32:2f:f1:59:07:54:8b:67:c9:6b:b7:e5:e3:68
Signer

.text
Size: 81KB - Virtual size: 81KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 5KB - Virtual size: 4KB