e1d3bf81916583947a373de7bd631d8b_JaffaCakes118

.cab

ace.txt

advisorlog.cfg

arabica.txt

avgadvisorx.dll

.dll windows:5 windows x86 arch:x86

e481c4858ced812a26285f3519c716ec

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

Extended Key Usages

ExtKeyUsageServerAuth

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

49:84:48:9d:ec:62:00:de:ce:ad:93:d4:73:2c:ab:ca
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2012, 00:00

Not After

05/01/2015, 23:59

Subject

CN=AVG Technologies CZ\, s.r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AVG Technologies CZ\, s.r.o.,L=Brno,ST=Jihomoravsky kraj,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

74:df:6f:9b:13:be:b1:35:ad:10:4a:93:ec:5f:51:80:de:b9:15:84
Signer

Actual PE Digest

74:df:6f:9b:13:be:b1:35:ad:10:4a:93:ec:5f:51:80:de:b9:15:84

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

d:\nightly\sandbox_avg_vc10_AVG2013_SP1_RR\source\build\avg_client_ru_dls_win32_vs100\bin\Release_Unicode_DLS_vs100\Win32\avgadvisorx.pdb

Imports

kernel32

InterlockedExchange

WaitForMultipleObjectsEx

WaitForMultipleObjects

CreateEventW

DecodePointer

SetEvent

GetProcAddress

GetLastError

LoadLibraryW

FreeLibrary

DisableThreadLibraryCalls

SetLastError

ResetEvent

Sleep

InterlockedCompareExchange

GetSystemTimeAsFileTime

GetCurrentProcessId

GetCurrentThreadId

GetTickCount

QueryPerformanceCounter

IsDebuggerPresent

SetUnhandledExceptionFilter

UnhandledExceptionFilter

GetCurrentProcess

TerminateProcess

EncodePointer

ntdll

RtlCreateUnicodeString

RtlFreeHeap

RtlReAllocateHeap

ZwQuerySystemInformation

ZwQueryInformationProcess

ZwQueryVirtualMemory

ZwReadVirtualMemory

ZwDeviceIoControlFile

ZwClose

RtlNtStatusToDosError

ZwSetEvent

ZwWaitForSingleObject

ZwCreateEvent

RtlAllocateHeap

ZwQueryObject

ZwFsControlFile

ZwReadFile

RtlInitUnicodeString

ZwSetInformationFile

RtlFreeUnicodeString

ZwOpenFile

ZwWriteFile

ZwCancelIoFile

ZwOpenProcess

ZwDuplicateObject

avgsysx

?Release@AvgBasCriticalSection@@QAGHXZ

?Acquire@AvgBasCriticalSection@@QAGHXZ

?Create@AvgBasCriticalSection@@QAGHXZ

??1AvgBasCriticalSection@@QAE@XZ

??0AvgBasCriticalSection@@QAE@XZ

?AvgUpperString@@YGHW4AvgCodePage@@PA_WIPB_WPAII@Z

?AvgFindSubStringFromRight@@YGPB_WPB_W0II@Z

?AvgLowerString@@YGHW4AvgCodePage@@PA_WIPB_WPAII@Z

?AvgGetSystemTime@@YGHAA_K@Z

?AvgConvertString2Number@@YGHAAGPB_WIHPAPB_W@Z

?GetMemoryStatus@AvgProcess@@YGHAAU_MemoryStatus@1@@Z

?GetMemoryUsageByProcessId@AvgProcess@@YGHKAA_J@Z

?AvgMemXor@@YGXPAEPBEI@Z

?AvgGenerateRandomBuffer@@YGXPAEI@Z

?CreateLuid@AvgGuidUtils@@YGHAAU_AvgGuid@@@Z

?Assign@AvgGuidUtils@@YGXAAU_AvgGuid@@ABU2@@Z

?AvgConvertMb2Utf16String@@YGHPA_WIPBDW4AvgCodePage@@PAII@Z

?AvgGetMb2Utf16StringSize@@YGHAAIPBDW4AvgCodePage@@I@Z

?AvgGetStringSizeInElements@@YGIPBD@Z

?AvgPrintV@@YGHPB_WPAD@Z

?AvgCompareString@@YGHPB_W0II@Z

?DirectoryExists@AvgBasFs@@YGHPB_W@Z

?Wait@AvgBasEvent@@QAGHH@Z

?AvgCreateErrorCodeFromWin32@@YGHW4_AvgErrorCodeSeverity@@K@Z

?DestroyEnvironment@AvgEnvironment@@YGXXZ

?InitializeEnvironment@AvgEnvironment@@YGHXZ

?AvgGetTimestamp@@YGKXZ

?AvgDestroySysMini@@YGXXZ

??0AvgSpinLockLocker@@QAE@PAUAvgSpinLock@@_N@Z

??1AvgSpinLockLocker@@QAE@XZ

?Assign@AvgGuidUtils@@YGXAAU_AvgGuid@@QBE@Z

?IsPathRooted@AvgBasPath@@YG_NPB_WI@Z

?GetDirectoryPathFromFilenamePath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?GetFullPath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?Sleep@AvgBasThread@@SGHH@Z

?GetSpecialFolder@AvgEnvironment@@YGHW4SpecialFolder@1@AAV?$IAvgString@_W$0A@@@@Z

?GetMaxPathLength@AvgEnvironment@@YGHAAIPB_W@Z

??0AvgBasSharedLibraryLoader@@QAE@PB_W@Z

??1AvgBasSharedLibraryLoader@@UAE@XZ

?Load@AvgBasSharedLibraryLoader@@QAGHPB_W@Z

?AvgInitializeSysMini@@YGHXZ

?GetSessionIdForProcess@AvgEnvironment@@YGHAAKK@Z

?Unload@AvgBasSharedLibraryLoader@@UAGXXZ

?AvgWinZwOpenFile@@YGHPB_WPAPAXKPAU_IO_STATUS_BLOCK@@KK@Z

?AvgGetStringSizeInElements@@YGIPB_W@Z

?CloseKey@AvgBasWinRegistryHandle@@QAGXXZ

?GetStringValue@AvgBasWinRegistryHandle@@QAGHAAV?$IAvgString@_W$0A@@@ABU?$AvgStringRefBase@_W$0A@@@@Z

?SetViewMode@AvgBasWinRegistryHandle@@QAGHV?$AvgFlags@W4AvgBasWinRegistryViewModeValues@@@@@Z

?AvgFormatStringV@@YGHW4AvgCodePage@@PA_WIPB_WPAIPAD@Z

?Destroy@AvgBasCriticalSection@@QAGHXZ

?IsInitialized@AvgBasCriticalSection@@QBG_NXZ

?IsWindowsXP@OsInfo@AvgEnvironment@@YG_NXZ

?IsWindowsXPOrHigher@OsInfo@AvgEnvironment@@YG_NXZ

?IsWindowsServer2k3@OsInfo@AvgEnvironment@@YG_NXZ

?IsWindowsVistaOrHigher@OsInfo@AvgEnvironment@@YG_NXZ

?GetOsInfoData@AvgEnvironment@@YGABUOsInfoData@1@XZ

?Destroy@AvgBasWaitable@@UAGHXZ

?IsStopRequested@AvgBasThread@@QAG_NXZ

?ClearStopRequest@AvgBasThread@@QAGHXZ

?SetStopRequest@AvgBasThread@@QAGHXZ

?StopThread@AvgBasThread@@QAGHH@Z

?StartThread@AvgBasThread@@QAGHW4AvgPriority@@PAVAvgSecurityCtx@@V?$AvgFlags@W4ThreadFlag@AvgBasThread@@@@PBD@Z

?Initialize@AvgBasThread@@QAGHPAVAvgBasEvent@@@Z

?Cleanup@AvgBasThread@@MAGXXZ

?AvgFindElement@@YGPA_WPA_W_WI@Z

?AvgConvertString2Number@@YGHAA_KPB_WIHPAPB_W@Z

?AvgCreateErrorCodeFromWin32@@YGHK@Z

?Reset@AvgBasEvent@@QAGHXZ

?Set@AvgBasEvent@@QAGHXZ

?Create@AvgBasEvent@@QAGHW4ResetType@1@_N@Z

?GetValue@AvgUtf16CharHeapBuffer@@QBGPB_WXZ

?GetSize@AvgUtf16CharHeapBuffer@@QBGIXZ

??1AvgUtf16CharHeapBuffer@@QAE@XZ

??0AvgUtf16CharHeapBuffer@@QAE@XZ

?AvgBasGetStackFrameModulePath@@YGHAAV?$IAvgString@_W$0A@@@ABUAvgBasStackFrameX86@@@Z

?ConvertNtPathToDosPath@AvgWinGlobalSymlinks@@QAGHAAVAvgUtf16CharHeapBuffer@@PB_WI@Z

?Initialize@AvgWinGlobalSymlinks@@QAGHW4SymlinksType@1@@Z

??1AvgWinGlobalSymlinks@@QAE@XZ

??0AvgWinGlobalSymlinks@@QAE@XZ

?GetThreadExitCode@AvgBasThread@@QAGHAAH@Z

?GetProcessPath@AvgProcess@@YGHKAAU_AVG_UTF16CHAR_STR@@PAI@Z

?AvgBufferXor@@YGXPAEPBEI1I_J@Z

?GetHandle@AvgBasWaitable@@IBGPAXXZ

?GetForward@AvgBasWaitable@@IBGPAV1@XZ

?GetResourceType@AvgBasWaitable@@IBG?AW4AvgBasWaitableResourceType@@XZ

?FreeResource@AvgBasWaitable@@IAGHXZ

?AttachTo@AvgBasSharedLibraryLoader@@QAGHPBDPCRAX@Z

??0AvgBasWinRegistryHandle@@QAE@W4AvgBasWinRegistryRootType@@@Z

??1AvgBasWinRegistryHandle@@QAE@XZ

?OpenKeyIfExists@AvgBasWinRegistryHandle@@QAGHABU?$AvgStringRefBase@_W$0A@@@@Z

?IsWow64ViewModeSupported@AvgBasWinRegistryHandle@@SG_NXZ

msvcr100

memset

memcpy

memcpy_s

_CxxThrowException

?_type_info_dtor_internal_method@type_info@@QAEXXZ

?terminate@@YAXXZ

__clean_type_info_names_internal

_except_handler4_common

_crt_debugger_hook

__CxxFrameHandler3

__CppXcptFilter

_amsg_exit

_initterm_e

_initterm

_encoded_null

free

_malloc_crt

_onexit

_lock

__dllonexit

_unlock

??2@YAPAXI@Z

??3@YAXPAX@Z

_purecall

??_V@YAXPAX@Z

memmove

ws2_32

WSACreateEvent

iphlpapi

GetUdpTable

GetTcpTable

snmpapi

SnmpUtilOidFree

SnmpUtilOidNCmp

SnmpUtilOidCpy

rpcrt4

UuidFromStringA

Exports

??0_Mutex@std@@QAE@W4_Uninitialized@1@@Z

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

GetAvgObject

GetLockCount

Sections

.text
Size: 239KB - Virtual size: 239KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

avgapix.dll

.dll windows:5 windows x86 arch:x86

bed94e6cf7eccda3663ba116bf3e61de

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

Extended Key Usages

ExtKeyUsageServerAuth

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

49:84:48:9d:ec:62:00:de:ce:ad:93:d4:73:2c:ab:ca
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2012, 00:00

Not After

05/01/2015, 23:59

Subject

CN=AVG Technologies CZ\, s.r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AVG Technologies CZ\, s.r.o.,L=Brno,ST=Jihomoravsky kraj,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

60:c9:0f:57:95:8e:7a:70:35:c7:81:a9:8a:15:68:19:fa:11:71:69
Signer

Actual PE Digest

60:c9:0f:57:95:8e:7a:70:35:c7:81:a9:8a:15:68:19:fa:11:71:69

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

d:\nightly\sandbox_avg_vc10_SmallUpdate2013-06\source\build\avg_client_ru_dls_win32_vs100\bin\Release_Unicode_DLS_vs100\Win32\avgapix.pdb

Imports

kernel32

FreeLibrary

LoadLibraryW

GetLastError

SetLastError

GetProcAddress

DisableThreadLibraryCalls

GetSystemTimeAsFileTime

GetCurrentProcessId

GetCurrentThreadId

GetTickCount

QueryPerformanceCounter

IsDebuggerPresent

SetUnhandledExceptionFilter

UnhandledExceptionFilter

GetCurrentProcess

TerminateProcess

InterlockedCompareExchange

Sleep

DecodePointer

EncodePointer

RaiseException

LoadLibraryA

InterlockedExchange

LocalAlloc

ntdll

ZwSetEvent

ZwWaitForSingleObject

ZwCreateEvent

RtlReAllocateHeap

ZwOpenKey

LdrLoadDll

RtlLeaveCriticalSection

RtlFreeAnsiString

RtlAllocateHeap

RtlAppendUnicodeStringToString

ZwClose

RtlNtStatusToDosError

ZwQueryValueKey

LdrGetDllHandle

RtlUnicodeStringToAnsiString

RtlAppendUnicodeToString

RtlInitUnicodeString

RtlFreeHeap

RtlEnterCriticalSection

msvcr100

memcpy

?_type_info_dtor_internal_method@type_info@@QAEXXZ

?terminate@@YAXXZ

__clean_type_info_names_internal

_except_handler4_common

_crt_debugger_hook

__CppXcptFilter

_amsg_exit

memmove

??_V@YAXPAX@Z

_purecall

??3@YAXPAX@Z

_unlock

__dllonexit

_lock

_onexit

??2@YAPAXI@Z

__CxxFrameHandler3

_malloc_crt

free

_encoded_null

_initterm

_initterm_e

_CxxThrowException

Exports

??0_Mutex@std@@QAE@W4_Uninitialized@1@@Z

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

AvgApi2GetInstance

_DllMain@12

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

avgceix.dll

.dll windows:5 windows x86 arch:x86

c2b55a6feff681dd8d31d3a3426166d9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

Extended Key Usages

ExtKeyUsageServerAuth

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

49:84:48:9d:ec:62:00:de:ce:ad:93:d4:73:2c:ab:ca
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2012, 00:00

Not After

05/01/2015, 23:59

Subject

CN=AVG Technologies CZ\, s.r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AVG Technologies CZ\, s.r.o.,L=Brno,ST=Jihomoravsky kraj,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

dc:28:8d:b0:b5:c9:ad:e4:3a:0a:d7:0a:8f:d5:74:3e:2c:e7:91:ca
Signer

Actual PE Digest

dc:28:8d:b0:b5:c9:ad:e4:3a:0a:d7:0a:8f:d5:74:3e:2c:e7:91:ca

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

d:\nightly\sandbox_avg_vc10_AVG2013_SP1_RR\source\build\avg_client_ru_sls_win32_vs100\bin\Release_Unicode_vs100\Win32\avgceix.pdb

Imports

kernel32

SetLastError

OutputDebugStringW

GetSystemTimeAsFileTime

GetCurrentProcessId

GetCurrentThreadId

GetTickCount

QueryPerformanceCounter

IsDebuggerPresent

SetUnhandledExceptionFilter

UnhandledExceptionFilter

GetCurrentProcess

TerminateProcess

InterlockedCompareExchange

Sleep

InterlockedExchange

DecodePointer

EncodePointer

GetProcAddress

LoadLibraryW

FreeLibrary

IsProcessorFeaturePresent

ntdll

ZwUnmapViewOfSection

ZwCreateSection

ZwWriteFile

RtlAnsiStringToUnicodeString

RtlUnicodeStringToAnsiString

RtlUnicodeStringToOemString

RtlxOemStringToUnicodeSize

RtlxAnsiStringToUnicodeSize

RtlOemStringToUnicodeString

RtlxUnicodeStringToAnsiSize

NlsMbOemCodePageTag

RtlxUnicodeStringToOemSize

LdrUnloadDll

RtlInitUnicodeString

RtlInitAnsiString

LdrGetProcedureAddress

LdrLoadDll

ZwCreateEvent

ZwSetEvent

RtlQueryEnvironmentVariable_U

ZwDelayExecution

RtlGetFullPathName_U

RtlExpandEnvironmentStrings_U

RtlCreateUnicodeString

RtlDosPathNameToNtPathName_U

ZwQuerySymbolicLinkObject

ZwOpenSymbolicLinkObject

ZwWaitForSingleObject

LdrGetDllHandle

RtlDeleteCriticalSection

RtlInitializeCriticalSection

RtlGetCurrentDirectory_U

RtlIsDosDeviceName_U

ZwQueryDirectoryFile

ZwFlushVirtualMemory

ZwMapViewOfSection

ZwReadFile

RtlUpcaseUnicodeString

ZwQuerySystemInformation

RtlLeaveCriticalSection

RtlEnterCriticalSection

ZwQueryVirtualMemory

ZwReadVirtualMemory

ZwQueryInformationProcess

ZwOpenProcess

ZwOpenKey

ZwQueryKey

ZwQueryInformationToken

ZwQueryValueKey

RtlTimeToTimeFields

RtlTimeFieldsToTime

ZwQueryInformationFile

ZwOpenFile

ZwCreateFile

RtlFreeUnicodeString

ZwSetInformationFile

RtlAllocateHeap

RtlReAllocateHeap

RtlFreeHeap

RtlOpenCurrentUser

ZwClose

NtClose

RtlNtStatusToDosError

ZwCreateKey

msvcr100

_CxxThrowException

memcpy

realloc

malloc

__clean_type_info_names_internal

?_type_info_dtor_internal_method@type_info@@QAEXXZ

_except_handler4_common

_crt_debugger_hook

?terminate@@YAXXZ

__CppXcptFilter

_amsg_exit

_initterm_e

_initterm

_encoded_null

free

_malloc_crt

__CxxFrameHandler3

_onexit

_lock

__dllonexit

_unlock

??2@YAPAXI@Z

modf

??3@YAXPAX@Z

_purecall

??_V@YAXPAX@Z

memmove

memset

Exports

??0_Mutex@std@@QAE@W4_Uninitialized@1@@Z

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

GetAvgAdminCEI

GetAvgCEI

GetInterface

IsLibraryLocked

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

avgcfgex.exe

.exe windows:5 windows x86 arch:x86

4e2813ffb176be2ef4612bf13d5f8c3e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

Extended Key Usages

ExtKeyUsageServerAuth

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

49:84:48:9d:ec:62:00:de:ce:ad:93:d4:73:2c:ab:ca
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2012, 00:00

Not After

05/01/2015, 23:59

Subject

CN=AVG Technologies CZ\, s.r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AVG Technologies CZ\, s.r.o.,L=Brno,ST=Jihomoravsky kraj,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

b8:1c:e8:e7:be:cd:1f:f9:ef:9d:77:c2:68:ea:af:bb:3e:c6:20:d6
Signer

Actual PE Digest

b8:1c:e8:e7:be:cd:1f:f9:ef:9d:77:c2:68:ea:af:bb:3e:c6:20:d6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\nightly\sandbox_avg_vc10_AVG2013_SP1_RR\source\build\avg_client_ru_dls_win32_vs100\bin\Release_Unicode_DLS_vs100\Win32\avgcfgex.pdb

Imports

ntdll

RtlReleasePebLock

RtlAcquirePebLock

ZwAllocateVirtualMemory

ZwFreeVirtualMemory

ZwTerminateProcess

ZwSetEvent

ZwCancelIoFile

ZwWriteFile

ZwOpenFile

ZwWaitForSingleObject

RtlFreeUnicodeString

ZwSetInformationFile

ZwReadFile

ZwFsControlFile

RtlCreateUnicodeString

RtlAllocateHeap

RtlReAllocateHeap

RtlFreeHeap

RtlNtStatusToDosError

ZwQueryVirtualMemory

RtlAddVectoredExceptionHandler

RtlRemoveVectoredExceptionHandler

ZwWaitForMultipleObjects

ZwDuplicateObject

ZwClose

RtlInitUnicodeString

ZwCreateEvent

RtlCreateUserProcess

ZwResumeThread

avgsysx

?Sleep@AvgBasThread@@SGHH@Z

?AvgKernel32ForceInitialize@@YGXXZ

?UnloadSharedLibraries@AvgBasObjectFactoryImpl@detail@@QAGX_N@Z

?GetAvgObject@AvgBasObjectFactoryImpl@detail@@QAGHABU_AvgGuid@@PAPAX@Z

?SetProgramPath@AvgBasObjectFactoryImpl@detail@@QAGHPB_W@Z

?Initialize@AvgBasObjectFactoryImpl@detail@@QAGHPBUAvgBasObjectFactoryMapping@@I@Z

??1AvgBasObjectFactoryImpl@detail@@QAE@XZ

??0AvgBasObjectFactoryImpl@detail@@QAE@XZ

?Wait@AvgBasEvent@@QAGHH@Z

?Create@AvgBasEvent@@QAGHW4ResetType@1@_N@Z

?AvgCreateErrorCodeFromWin32@@YGHW4_AvgErrorCodeSeverity@@K@Z

?GetHandle@AvgBasWaitable@@IBGPAXXZ

?AvgCopyString@@YGHPA_WIPB_WI@Z

?AvgBufferXor@@YGXPAEPBEI1I_J@Z

?GetFullPath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?GetTempDirPath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PAI@Z

?GetDirectoryPathFromFilenamePath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?IsPathRooted@AvgBasPath@@YG_NPB_WI@Z

??1AvgSpinLockLocker@@QAE@XZ

??0AvgSpinLockLocker@@QAE@PAUAvgSpinLock@@_N@Z

?AvgDestroySysMini@@YGXXZ

?AvgInitializeSysMini@@YGHXZ

?InitializeEnvironment@AvgEnvironment@@YGHXZ

?DestroyEnvironment@AvgEnvironment@@YGXXZ

?GetSpecialFolder@AvgEnvironment@@YGHW4SpecialFolder@1@AAV?$IAvgString@_W$0A@@@@Z

?AvgBasGetStackFrameModulePath@@YGHAAV?$IAvgString@_W$0A@@@ABUAvgBasStackFrameX86@@@Z

?AvgCompareStringNoCase@@YGHW4AvgCodePage@@PB_W1II@Z

?AvgConvertString2Number@@YGHAAHPB_WIHPAPB_W@Z

?AvgConvertLocalTimeToSystemTime@@YGHAAUAvgTimeStruct@@@Z

?Set@AvgBasEvent@@QAGHXZ

?AvgCreateErrorCodeFromWin32@@YGHK@Z

?GetForward@AvgBasWaitable@@IBGPAV1@XZ

?GetResourceType@AvgBasWaitable@@IBG?AW4AvgBasWaitableResourceType@@XZ

?Destroy@AvgBasWaitable@@UAGHXZ

?GetThreadExitCode@AvgBasThread@@QAGHAAH@Z

?StopThread@AvgBasThread@@QAGHH@Z

?StartThread@AvgBasThread@@QAGHW4AvgPriority@@PAVAvgSecurityCtx@@V?$AvgFlags@W4ThreadFlag@AvgBasThread@@@@PBD@Z

?Initialize@AvgBasThread@@QAGHPAVAvgBasEvent@@@Z

?Cleanup@AvgBasThread@@MAGXXZ

?Reset@AvgBasEvent@@QAGHXZ

?AvgWinZwOpenFile@@YGHPB_WPAPAXKPAU_IO_STATUS_BLOCK@@KK@Z

?Release@AvgBasCriticalSection@@QAGHXZ

?Acquire@AvgBasCriticalSection@@QAGHXZ

?Create@AvgBasCriticalSection@@QAGHXZ

??1AvgBasCriticalSection@@QAE@XZ

??0AvgBasCriticalSection@@QAE@XZ

?IsInitialized@AvgBasCriticalSection@@QBG_NXZ

?AvgGetTimestamp@@YGKXZ

?AvgKernel32IsFnLoaded_UnhandledExceptionFilter@@YG_NXZ

?AvgKernel32_SetUnhandledExceptionFilter@@YGP6GJPAU_EXCEPTION_POINTERS@@@ZP6GJ0@Z@Z

?AvgWinIsProcessBeingDebugged@@YG_NXZ

?AvgKernel32_UnhandledExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z

?FreeResource@AvgBasWaitable@@IAGHXZ

?GetCurrentModuleHandle@AvgProcess@@YGPAXXZ

?GetMaxPathLength@AvgEnvironment@@YGHAAIPB_W@Z

?AvgConvertString2Number@@YGHAAGPB_WIHPAPB_W@Z

??0AvgBasSharedLibraryLoader@@QAE@PB_W@Z

??1AvgBasSharedLibraryLoader@@UAE@XZ

?Load@AvgBasSharedLibraryLoader@@QAGHPB_W@Z

?Unload@AvgBasSharedLibraryLoader@@UAGXXZ

?AttachTo@AvgBasSharedLibraryLoader@@QAGHPBDPCRAX@Z

??0AvgBasWinRegistryHandle@@QAE@W4AvgBasWinRegistryRootType@@@Z

??1AvgBasWinRegistryHandle@@QAE@XZ

?OpenKeyIfExists@AvgBasWinRegistryHandle@@QAGHABU?$AvgStringRefBase@_W$0A@@@@Z

?IsWow64ViewModeSupported@AvgBasWinRegistryHandle@@SG_NXZ

?SetViewMode@AvgBasWinRegistryHandle@@QAGHV?$AvgFlags@W4AvgBasWinRegistryViewModeValues@@@@@Z

?GetStringValue@AvgBasWinRegistryHandle@@QAGHAAV?$IAvgString@_W$0A@@@ABU?$AvgStringRefBase@_W$0A@@@@Z

?CloseKey@AvgBasWinRegistryHandle@@QAGXXZ

?AvgGenerateRandomBuffer@@YGXPAEI@Z

?AvgCompareString@@YGHPB_W0II@Z

?AvgGetSystemTime@@YGHAA_K@Z

?AvgFormatStringV@@YGHW4AvgCodePage@@PA_WIPB_WPAIPAD@Z

?DirectoryExists@AvgBasFs@@YGHPB_W@Z

??0AvgTimeStruct@@QAE@XZ

?AvgMemXor@@YGXPAEPBEI@Z

?AvgGetStringSizeInElements@@YGIPB_W@Z

?AvgConvertAvgTimeToStruct@@YGHAAUAvgTimeStruct@@_K@Z

?GetModuleDirectory@AvgModule@@YGHPAXAAU_AVG_UTF16CHAR_STR@@PAI@Z

msvcr100

_configthreadlocale

__setusermatherr

_commode

_fmode

__set_app_type

?terminate@@YAXXZ

memset

memcpy

_CxxThrowException

_controlfp_s

?_type_info_dtor_internal_method@type_info@@QAEXXZ

_except_handler4_common

_initterm_e

_initterm

_wcmdln

exit

_XcptFilter

_exit

_cexit

__wgetmainargs

_amsg_exit

__CxxFrameHandler3

_onexit

_lock

__dllonexit

_unlock

swprintf_s

_set_invalid_parameter_handler

_invoke_watson

??2@YAPAXI@Z

??3@YAXPAX@Z

_purecall

??_V@YAXPAX@Z

memmove

kernel32

Sleep

CreateEventW

GetCurrentThreadId

CloseHandle

GetCurrentProcessId

CreateProcessW

WaitForMultipleObjects

CreateFileW

GetOverlappedResult

GetSystemTimeAsFileTime

GetTickCount

QueryPerformanceCounter

GetStartupInfoW

HeapSetInformation

InterlockedCompareExchange

SetUnhandledExceptionFilter

InterlockedExchange

DecodePointer

EncodePointer

WaitForMultipleObjectsEx

CancelIo

DeviceIoControl

GetLastError

Exports

??0_Mutex@std@@QAE@W4_Uninitialized@1@@Z

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

Sections

.text
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

avgcfgx.dll

.dll windows:5 windows x86 arch:x86

4209ec0535c55f02d6681352425aa0f7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

Extended Key Usages

ExtKeyUsageServerAuth

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

26:6d:33:3e:de:17:a8:b4:72:05:3e:4f:a3:93:45:72
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

22/10/2014, 00:00

Not After

20/01/2018, 23:59

Subject

CN=AVG Technologies CZ\, s.r.o.,O=AVG Technologies CZ\, s.r.o.,L=Brno,ST=Jihomoravsky kraj,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

88:89:b4:8d:0a:0e:76:f3:dd:da:6d:10:85:15:43:a5:89:6d:97:ff
Signer

Actual PE Digest

88:89:b4:8d:0a:0e:76:f3:dd:da:6d:10:85:15:43:a5:89:6d:97:ff

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

d:\nightly\sandbox_avg_vc10_HotFix2013-22\source\build\avg_client_ru_dls_win32_vs100\bin\Release_Unicode_DLS_vs100\Win32\avgcfgx.pdb

Imports

kernel32

GetLastError

GetOverlappedResult

DisableThreadLibraryCalls

SetLastError

GetSystemTimeAsFileTime

GetCurrentProcessId

GetCurrentThreadId

GetTickCount

QueryPerformanceCounter

IsDebuggerPresent

SetUnhandledExceptionFilter

UnhandledExceptionFilter

GetCurrentProcess

TerminateProcess

InterlockedCompareExchange

Sleep

InterlockedExchange

DecodePointer

EncodePointer

WaitForMultipleObjectsEx

CloseHandle

CancelIo

DeviceIoControl

CreateFileW

ntdll

ZwCreateNamedPipeFile

ZwSetInformationThread

ZwOpenFile

ZwCancelIoFile

ZwClose

ZwQueryInformationProcess

LdrUnloadDll

RtlInitUnicodeString

RtlInitAnsiString

LdrGetProcedureAddress

LdrLoadDll

ZwCreateEvent

ZwWaitForSingleObject

ZwSetEvent

RtlFreeUnicodeString

ZwCreateFile

ZwFsControlFile

ZwReadFile

ZwMapViewOfSection

ZwFlushVirtualMemory

ZwQuerySystemInformation

ZwSetInformationFile

ZwUnmapViewOfSection

ZwFlushBuffersFile

ZwCreateSection

ZwQueryInformationFile

ZwWriteFile

RtlNtStatusToDosError

RtlAllocateHeap

RtlReAllocateHeap

RtlFreeHeap

RtlCreateUnicodeString

avgntopensslx

RSA_size

CRYPTO_cleanup_all_ex_data

ERR_free_strings

EVP_MD_CTX_cleanup

ERR_remove_state

EVP_cleanup

EVP_PKEY_free

EVP_md2

OBJ_nid2sn

RSA_public_encrypt

X509_ALGOR_free

BIO_new_mem_buf

X509_PUBKEY_it

X509_PUBKEY_free

X509_PUBKEY_get

X509_NAME_print_ex

BIO_printf

BIO_new

BIO_s_mem

ASN1_INTEGER_get

X509_NAME_it

X509_NAME_free

OBJ_find_sigid_algs

EVP_DigestInit_ex

ASN1_BIT_STRING_free

ASN1_INTEGER_it

EVP_VerifyFinal

ASN1_INTEGER_free

ASN1_BIT_STRING_it

ASN1_item_d2i_bio

X509_ALGOR_it

OBJ_obj2nid

X509_get_issuer_name

sk_value

d2i_X509

sk_num

X509_free

X509_get_subject_name

CONF_modules_unload

EVP_add_digest

BIO_free

EVP_get_digestbyname

EVP_DigestInit

EVP_MD_CTX_init

EVP_PKEY_get1_RSA

EVP_DigestUpdate

EVP_DigestFinal

CRYPTO_set_mem_functions

OPENSSL_add_all_algorithms_noconf

avgsysx

??1AvgBasObjectFactoryImpl@detail@@QAE@XZ

??0AvgBasObjectFactoryImpl@detail@@QAE@XZ

?GetDetailsDefaultTranslation@AvgPeVersionInfo@@ABGHAAUCrossmoduleDetails@1@AAUTranslation@1@@Z

?LoadFromFile@AvgPeVersionInfo@@QAGHABU?$AvgStringzRefBase@_W$0A@@@@Z

?AvgConvertAvgTimeToTimeT@@YGHAA_J_K@Z

??0AvgTimeStruct@@QAE@XZ

?AvgConvertStructToAvgTime@@YGHAA_KABUAvgTimeStruct@@@Z

??1AvgMiniHashSha1@@QAE@XZ

??0AvgMiniHashSha1@@QAE@XZ

??1AvgMiniHashMd5@@QAE@XZ

??0AvgMiniHashMd5@@QAE@XZ

??1AvgMiniHashSha256@@QAE@XZ

??0AvgMiniHashSha256@@QAE@XZ

?Get@AvgMiniHashCrc32@@QAGKXZ

?Add@AvgMiniHashCrc32@@QAGXPBEI@Z

??1AvgMiniHashCrc32@@QAE@XZ

??0AvgMiniHashCrc32@@QAE@XZ

?Wait@AvgBasEvent@@QAGHH@Z

?Create@AvgBasEvent@@QAGHW4ResetType@1@_N@Z

?AvgCreateErrorCodeFromWin32@@YGHW4_AvgErrorCodeSeverity@@K@Z

?GetHandle@AvgBasWaitable@@IBGPAXXZ

?SetDWordValue@AvgBasWinRegistryHandle@@QAGHKABU?$AvgStringRefBase@_W$0A@@@_N@Z

?GetDWordValue@AvgBasWinRegistryHandle@@QAGHAAKABU?$AvgStringRefBase@_W$0A@@@@Z

?OpenOrCreateKey@AvgBasWinRegistryHandle@@QAGHABU?$AvgStringRefBase@_W$0A@@@@Z

?SetParent@AvgBasWinRegistryHandle@@QAGHW4AvgBasWinRegistryRootType@@@Z

?GetOsInfoData@AvgEnvironment@@YGABUOsInfoData@1@XZ

?AvgCopyString@@YGHPA_WIPB_WI@Z

?GetFullPath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?GetTempDirPath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PAI@Z

?GetDirectoryPathFromFilenamePath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?IsPathRooted@AvgBasPath@@YG_NPB_WI@Z

?GetFilename@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

??1AvgSpinLockLocker@@QAE@XZ

??0AvgSpinLockLocker@@QAE@PAUAvgSpinLock@@_N@Z

?AvgDestroySysMini@@YGXXZ

?AvgInitializeSysMini@@YGHXZ

?InitializeEnvironment@AvgEnvironment@@YGHXZ

?DestroyEnvironment@AvgEnvironment@@YGXXZ

?AvgBufferXor@@YGXPAEPBEI1I_J@Z

??1AvgUtf16CharHeapBuffer@@QAE@XZ

??0AvgUtf16CharHeapBuffer@@QAE@XZ

?AvgBasGetStackFrameModulePath@@YGHAAV?$IAvgString@_W$0A@@@ABUAvgBasStackFrameX86@@@Z

?GetModuleDirectory@AvgModule@@YGHPAXAAU_AVG_UTF16CHAR_STR@@PAI@Z

?Initialize@AvgBasObjectFactoryImpl@detail@@QAGHPBUAvgBasObjectFactoryMapping@@I@Z

?AvgGetUtf162MbStringSize@@YGHAAIPB_WW4AvgCodePage@@I@Z

?GetBuffer@AvgUtf16CharHeapBuffer@@QAGPA_WXZ

?IsEmpty@AvgUtf16CharHeapBuffer@@QBG_NXZ

?Clear@AvgUtf16CharHeapBuffer@@QAGXXZ

?AvgWinConstructDllSearchPath@@YGHAAVAvgUtf16CharHeapBuffer@@ABU?$AvgStringRefBase@_W$0A@@@@Z

?AvgConvertUtf162MbString@@YGHPADIPB_WW4AvgCodePage@@PAII@Z

?AvgConvertAvgTimeToStruct@@YGHAAUAvgTimeStruct@@_K@Z

?SetProgramPath@AvgBasObjectFactoryImpl@detail@@QAGHPB_W@Z

?Add@AvgMiniHashMd5@@QAGXPBEI@Z

?Initialize@AvgMiniHashMd5@@QAGXXZ

?Get@AvgMiniHashSha1@@QAG?AUHashType@1@XZ

?Add@AvgMiniHashSha1@@QAGHPBEI@Z

?Initialize@AvgMiniHashSha1@@QAGXXZ

?Get@AvgMiniHashSha256@@QAG?AUHashType@1@XZ

?Add@AvgMiniHashSha256@@QAGHPBEI@Z

?Initialize@AvgMiniHashSha256@@QAGXXZ

?Set@AvgBasEvent@@QAGHXZ

?AvgCreateErrorCodeFromWin32@@YGHK@Z

?GetForward@AvgBasWaitable@@IBGPAV1@XZ

?GetResourceType@AvgBasWaitable@@IBG?AW4AvgBasWaitableResourceType@@XZ

?Destroy@AvgBasWaitable@@UAGHXZ

?GetThreadExitCode@AvgBasThread@@QAGHAAH@Z

?StopThread@AvgBasThread@@QAGHH@Z

?StartThread@AvgBasThread@@QAGHW4AvgPriority@@PAVAvgSecurityCtx@@V?$AvgFlags@W4ThreadFlag@AvgBasThread@@@@PBD@Z

?Initialize@AvgBasThread@@QAGHPAVAvgBasEvent@@@Z

?Cleanup@AvgBasThread@@MAGXXZ

?AddDaclAce@AvgWinSecurityDescriptor@@QAGHW4WellKnownSidType@AvgWinSecurityIdentifier@@HW4Type@AvgWinAce@@V?$AvgFlags@W4FlagsValues@AvgWinAce@@@@@Z

?AvgGetTimestamp@@YGKXZ

?AvgNtdll_RtlDosPathNameToNtPathName_T_EliminateDosDevice@@YGHPB_WPAU_UNICODE_STRING@@@Z

?GetSecurityDescriptor@AvgWinSecurityDescriptor@@QAGHAAPAX@Z

?IsWindowsVistaOrHigher@OsInfo@AvgEnvironment@@YG_NXZ

?AvgWinZwOpenFile@@YGHPB_WPAPAXKPAU_IO_STATUS_BLOCK@@KK@Z

?ParseWinSecDes@AvgWinSecurityDescriptor@@KGHAAV1@PBXV?$AvgFlags@W4InformationValues@AvgWinSecurityDescriptor@@@@@Z

?ReleaseClonedObject@AvgWinSecurityDescriptor@@UAEXXZ

?ClearSecurityAttributes@AvgWinSecurityDescriptor@@QAGXXZ

?CloneImpl@AvgWinSecurityDescriptor@@MBEHAAPAVAvgSecurityCtx@@@Z

?GetInformationType@AvgWinSecurityDescriptor@@QBG?AV?$AvgFlags@W4InformationValues@AvgWinSecurityDescriptor@@@@XZ

?FreeResource@AvgBasWaitable@@IAGHXZ

?AvgFormatStringV@@YGHW4AvgCodePage@@PA_WIPB_WPAIPAD@Z

?AvgConvertNumber2String@@YGHPA_WI_JHPAI@Z

?AvgUpperString@@YGHW4AvgCodePage@@PA_WIPB_WPAII@Z

?AvgCompareStringNoCase@@YGHW4AvgCodePage@@PB_W1II@Z

?AvgConvertString2Number@@YGHAA_JPB_WIHPAPB_W@Z

?AvgConvertString2Number@@YGHAAGPB_WIHPAPB_W@Z

?AvgConvertString2Number@@YGHAAKPB_WIHPAPB_W@Z

?AvgConvertString2Number@@YGHAA_KPB_WIHPAPB_W@Z

?GetFileSize@AvgBasFs@@YGHPB_WAA_J@Z

?FileExists@AvgBasFs@@YGHPB_W@Z

?GetFileWriteTime@AvgBasFs@@YGHPB_WAA_K@Z

?AvgGetSystemTime@@YGHAA_K@Z

?IsSupported@AvgBasWinWow64FsRedirection@@QAG_NXZ

?Disable@AvgBasWinWow64FsRedirection@@QAGHXZ

??1AvgBasWinWow64FsRedirection@@QAE@XZ

??0AvgBasWinWow64FsRedirection@@QAE@XZ

?Release@AvgBasCriticalSection@@QAGHXZ

?Acquire@AvgBasCriticalSection@@QAGHXZ

?Create@AvgBasCriticalSection@@QAGHXZ

??1AvgBasCriticalSection@@QAE@XZ

??0AvgBasCriticalSection@@QAE@XZ

?IsWinInSafeMode@AvgEnvironment@@YG_NXZ

?AvgMemXor@@YGXPAEPBEI@Z

?AvgConvertNumber2String@@YGHPA_WIKHPAI@Z

?AvgGenerateRandomBuffer@@YGXPAEI@Z

?AvgToASCIIUpper@@YG_W_W@Z

?Reset@AvgMiniHashCrc32@@QAGXK@Z

?CreateDir@AvgBasFs@@YGHPB_WPAVAvgSecurityCtx@@@Z

?AvgLowerString@@YGHW4AvgCodePage@@PA_WIPB_WPAII@Z

?GetProcessExitCode@AvgBasWinProcess@@QAGHAAH@Z

?Create@AvgBasWinProcess@@QAGHPB_W0PAVAvgSecurityCtx@@1W4CreationFlags@1@0@Z

??0AvgBasWinProcess@@QAE@XZ

?SetStringValue@AvgBasWinRegistryHandle@@QAGHABU?$AvgStringRefBase@_W$0A@@@0_N@Z

?SetQWordValue@AvgBasWinRegistryHandle@@QAGH_KABU?$AvgStringRefBase@_W$0A@@@@Z

?GetQWordValue@AvgBasWinRegistryHandle@@QAGHAA_KABU?$AvgStringRefBase@_W$0A@@@@Z

?GetCurrentProcessId@AvgProcess@@YGKXZ

?IsWow64Process@AvgProcess@@YGHKAA_N@Z

?WaitForProcessToStop@AvgBasWinProcess@@QAGHH@Z

?Delete@AvgBasFs@@YGHPB_WV?$AvgFlags@W4FileDeleteFlagItems@AvgBasFs@@@@@Z

?IsInitialized@AvgBasWinLockFile@@QBG_NXZ

?Create@AvgBasWinLockFile@@QAGHPB_W_N@Z

??1AvgBasWinLockFile@@QAE@XZ

??0AvgBasWinLockFile@@QAE@XZ

?GetViewMode@AvgBasWinRegistryHandle@@QAG?AV?$AvgFlags@W4AvgBasWinRegistryViewModeValues@@@@XZ

?SetParent@AvgBasWinRegistryHandle@@QAGXPAV1@@Z

?IsWorkstationOs@OsInfo@AvgEnvironment@@YG_NXZ

?IsServerOs@OsInfo@AvgEnvironment@@YG_NXZ

?Release@AvgBasWinLockFileHolder@@QAGXXZ

?Lock@AvgBasWinLockFileHolder@@QAGHPAVAvgBasWinLockFile@@H@Z

??1AvgBasWinLockFileHolder@@QAE@XZ

??0AvgBasWinLockFileHolder@@QAE@PAVAvgBasWinLockFile@@H@Z

?AvgGetT2MbStringSize@@YGHAAIPB_WW4AvgCodePage@@I@Z

?AvgConvertT2MbString@@YGHPADIPB_WW4AvgCodePage@@PAII@Z

?GetBinaryValue@AvgBasWinRegistryHandle@@QAGHAAV?$IAvgBuffer@E@@ABU?$AvgStringRefBase@_W$0A@@@@Z

?SetValue@AvgBasWinRegistryHandle@@QAGHW4AvgBasWinRegistryValueType@@PBEIABU?$AvgStringRefBase@_W$0A@@@@Z

?Reset@AvgBasEvent@@QAGHXZ

?CreateLuid@AvgGuidUtils@@YGHAAU_AvgGuid@@@Z

?IsWindowsXP@OsInfo@AvgEnvironment@@YG_NXZ

?CheckUserAdminRights@AvgEnvironment@@YGHAA_N_N@Z

?IsWinUACEnabled@AvgEnvironment@@YGHAA_N@Z

?WaitForThreadToStop@AvgBasThread@@QAGHH@Z

?GetThreadState@AvgBasThread@@QAGHAAW4ThreadState@1@@Z

?IsWindows8OrHigher@OsInfo@AvgEnvironment@@YG_NXZ

?Assign@AvgGuidUtils@@YGXAAU_AvgGuid@@QBE@Z

?Parse@AvgGuidUtils@@YGHAAU_AvgGuid@@PB_W@Z

?AvgFindElement@@YGPB_WPB_W_WI@Z

?GetAvgObject@AvgBasObjectFactoryImpl@detail@@QAGHABU_AvgGuid@@PAPAX@Z

?UnloadSharedLibraries@AvgBasObjectFactoryImpl@detail@@QAGX_N@Z

??0AvgPeVersionInfo@@QAE@XZ

??1AvgPeVersionInfo@@QAE@XZ

?GetCurrentModuleHandle@AvgProcess@@YGPAXXZ

?AvgCompareString@@YGHPB_W0II@Z

?DirectoryExists@AvgBasFs@@YGHPB_W@Z

?Acquire@AvgBasMutex@@QAGHH@Z

?Release@AvgBasMutex@@QAGHXZ

?Sleep@AvgBasThread@@SGHH@Z

?GetSpecialFolder@AvgEnvironment@@YGHW4SpecialFolder@1@AAV?$IAvgString@_W$0A@@@@Z

?GetMaxPathLength@AvgEnvironment@@YGHAAIPB_W@Z

??0AvgBasSharedLibraryLoader@@QAE@PB_W@Z

??1AvgBasSharedLibraryLoader@@UAE@XZ

?Load@AvgBasSharedLibraryLoader@@QAGHPB_W@Z

?Unload@AvgBasSharedLibraryLoader@@UAGXXZ

?AttachTo@AvgBasSharedLibraryLoader@@QAGHPBDPCRAX@Z

??0AvgBasWinRegistryHandle@@QAE@W4AvgBasWinRegistryRootType@@@Z

??1AvgBasWinRegistryHandle@@QAE@XZ

?OpenKeyIfExists@AvgBasWinRegistryHandle@@QAGHABU?$AvgStringRefBase@_W$0A@@@@Z

?IsWow64ViewModeSupported@AvgBasWinRegistryHandle@@SG_NXZ

?SetViewMode@AvgBasWinRegistryHandle@@QAGHV?$AvgFlags@W4AvgBasWinRegistryViewModeValues@@@@@Z

?GetStringValue@AvgBasWinRegistryHandle@@QAGHAAV?$IAvgString@_W$0A@@@ABU?$AvgStringRefBase@_W$0A@@@@Z

?CloseKey@AvgBasWinRegistryHandle@@QAGXXZ

?AvgConvertMb2Utf16String@@YGHPA_WIPBDW4AvgCodePage@@PAII@Z

?AvgGetMb2Utf16StringSize@@YGHAAIPBDW4AvgCodePage@@I@Z

?Create@AvgBasMutex@@QAGH_N@Z

?AvgGetStringSizeInElements@@YGIPB_W@Z

?IsInitialized@AvgBasCriticalSection@@QBG_NXZ

?GetString@AvgGuidUtils@@YGHABU_AvgGuid@@AAU_AVG_UTF16CHAR_STR@@@Z

?IsStopRequested@AvgBasThread@@QAG_NXZ

?AddDaclAce@AvgWinSecurityDescriptor@@QAGHABVAvgWinAce@@@Z

?IsInitialized@AvgBasWaitable@@QBG_NXZ

?Initialize@AvgWinSecurityIdentifier@@QAGHW4WellKnownSidType@1@PBV1@@Z

?AttachHandle@AvgBasWaitable@@IAGXPAX@Z

?EnumValues@AvgBasWinRegistryHandle@@QAGHAAV?$IAvgBackInserter@V?$IAvgString@_W$0A@@@@@@Z

?AvgConvertNumber2String@@YGHPA_WIEHPAI@Z

?ValueExists@AvgBasWinRegistryHandle@@QAG_NABU?$AvgStringRefBase@_W$0A@@@@Z

?SetBinaryValue@AvgBasWinRegistryHandle@@QAGHPBEIABU?$AvgStringRefBase@_W$0A@@@@Z

?GetChildrenEnumeratorImpl@AvgBasWinRegistryHandle@@AAGHAAPAV?$IAvgEnumerator@U?$AvgStringzRefBase@_W$0A@@@@@@Z

?AvgGetStringSizeInElements@@YGIPBD@Z

?Get@AvgMiniHashMd5@@QAGXAAUHashType@1@@Z

?AvgFindSubStringFromRight@@YGPB_WPB_W0II@Z

msvcr100

memcpy

memset

__clean_type_info_names_internal

?_type_info_dtor_internal_method@type_info@@QAEXXZ

_except_handler4_common

_crt_debugger_hook

?terminate@@YAXXZ

__CppXcptFilter

_amsg_exit

_initterm_e

_initterm

_encoded_null

_malloc_crt

__CxxFrameHandler3

_onexit

_lock

__dllonexit

_unlock

strncpy

strchr

realloc

malloc

free

??2@YAPAXI@Z

??3@YAXPAX@Z

_purecall

??_V@YAXPAX@Z

memmove

_CxxThrowException

shell32

ShellExecuteExW

Exports

??0_Mutex@std@@QAE@W4_Uninitialized@1@@Z

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

GetAvgObject

GetAvgObject2

GetLockCount

Sections

.text
Size: 722KB - Virtual size: 722KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

avgcmgr.exe

.exe windows:5 windows x86 arch:x86

26279147b46b0916b072c778b3a229c4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

Extended Key Usages

ExtKeyUsageServerAuth

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

49:84:48:9d:ec:62:00:de:ce:ad:93:d4:73:2c:ab:ca
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2012, 00:00

Not After

05/01/2015, 23:59

Subject

CN=AVG Technologies CZ\, s.r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AVG Technologies CZ\, s.r.o.,L=Brno,ST=Jihomoravsky kraj,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

75:18:46:45:74:2a:0b:fe:7f:4a:97:ad:1b:ac:e9:f4:43:b5:44:ac
Signer

Actual PE Digest

75:18:46:45:74:2a:0b:fe:7f:4a:97:ad:1b:ac:e9:f4:43:b5:44:ac

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\nightly\sandbox_avg_vc10_AVG2013_SP1_RR\source\build\avg_client_ru_dls_win32_vs100\bin\Release_Unicode_DLS_vs100\Win32\avgcmgr.pdb

Imports

kernel32

ExpandEnvironmentStringsA

GetFileType

GetStdHandle

SetLastError

GetVersionExA

LoadLibraryA

SleepEx

FormatMessageA

GetSystemDirectoryA

GetTempPathW

PeekNamedPipe

InterlockedDecrement

LocalFree

lstrlenA

GetSystemTimeAsFileTime

GetTickCount

HeapSetInformation

InterlockedCompareExchange

InterlockedExchange

DecodePointer

EncodePointer

MultiByteToWideChar

WideCharToMultiByte

GetWindowsDirectoryW

GetFileAttributesW

GetVersion

QueryPerformanceFrequency

FileTimeToSystemTime

QueryPerformanceCounter

ExpandEnvironmentStringsW

CreateFileW

ReadFile

Sleep

WriteFile

SetEndOfFile

SetFilePointer

GetFileSize

GetProcAddress

GetVersionExW

LoadLibraryW

FreeLibrary

GetLastError

FindNextFileW

FindFirstFileW

GetDiskFreeSpaceExW

GetLocaleInfoW

WaitForMultipleObjects

CreateProcessW

GetCurrentProcessId

CloseHandle

GetCurrentThreadId

CreateEventW

SetUnhandledExceptionFilter

IsProcessorFeaturePresent

ole32

CoUninitialize

CoInitializeSecurity

CoInitializeEx

CoSetProxyBlanket

CoCreateInstance

oleaut32

SysAllocString

VariantClear

SysFreeString

ntdll

ZwWriteFile

ZwCreateSection

ZwUnmapViewOfSection

ZwQuerySystemInformation

ZwFlushVirtualMemory

ZwMapViewOfSection

ZwReadFile

ZwQueryInformationFile

ZwCreateFile

RtlFreeUnicodeString

ZwSetInformationFile

RtlReleasePebLock

RtlAcquirePebLock

ZwAllocateVirtualMemory

ZwFreeVirtualMemory

ZwTerminateProcess

RtlCreateUserProcess

ZwCreateEvent

RtlInitUnicodeString

ZwClose

ZwResumeThread

ZwDuplicateObject

ZwWaitForMultipleObjects

RtlRemoveVectoredExceptionHandler

RtlAddVectoredExceptionHandler

ZwWaitForSingleObject

RtlAllocateHeap

RtlReAllocateHeap

RtlFreeHeap

ZwQueryVirtualMemory

RtlNtStatusToDosError

ZwSetEvent

userenv

GetProfilesDirectoryW

avgsysx

?Cleanup@AvgBasThread@@MAGXXZ

?IsPathRooted@AvgBasPath@@YG_NPB_WI@Z

?GetFilename@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

??1AvgSpinLockLocker@@QAE@XZ

??0AvgSpinLockLocker@@QAE@PAUAvgSpinLock@@_N@Z

?AvgDestroySysMini@@YGXXZ

?AvgInitializeSysMini@@YGHXZ

?InitializeEnvironment@AvgEnvironment@@YGHXZ

?DestroyEnvironment@AvgEnvironment@@YGXXZ

?AvgCreateErrorCodeFromWin32@@YGHW4_AvgErrorCodeSeverity@@K@Z

?AvgBasGetStackFrameModulePath@@YGHAAV?$IAvgString@_W$0A@@@ABUAvgBasStackFrameX86@@@Z

?AvgGetStringSizeInElements@@YGIPBD@Z

?AvgGetStringSizeInElements@@YGIPB_W@Z

?DirectoryExists@AvgBasFs@@YGHPB_W@Z

?AvgGetMb2Utf16StringSize@@YGHAAIPBDW4AvgCodePage@@I@Z

?AvgConvertMb2Utf16String@@YGHPA_WIPBDW4AvgCodePage@@PAII@Z

?AvgFormatStringV@@YGHW4AvgCodePage@@PA_WIPB_WPAIPAD@Z

?AvgCompareString@@YGHPB_W0II@Z

?CloseKey@AvgBasWinRegistryHandle@@QAGXXZ

?GetStringValue@AvgBasWinRegistryHandle@@QAGHAAV?$IAvgString@_W$0A@@@ABU?$AvgStringRefBase@_W$0A@@@@Z

?SetViewMode@AvgBasWinRegistryHandle@@QAGHV?$AvgFlags@W4AvgBasWinRegistryViewModeValues@@@@@Z

?IsWow64ViewModeSupported@AvgBasWinRegistryHandle@@SG_NXZ

?OpenKeyIfExists@AvgBasWinRegistryHandle@@QAGHABU?$AvgStringRefBase@_W$0A@@@@Z

??1AvgBasWinRegistryHandle@@QAE@XZ

??0AvgBasWinRegistryHandle@@QAE@W4AvgBasWinRegistryRootType@@@Z

?AttachTo@AvgBasSharedLibraryLoader@@QAGHPBDPCRAX@Z

?Unload@AvgBasSharedLibraryLoader@@UAGXXZ

?Load@AvgBasSharedLibraryLoader@@QAGHPB_W@Z

??1AvgBasSharedLibraryLoader@@UAE@XZ

??0AvgBasSharedLibraryLoader@@QAE@PB_W@Z

?GetMaxPathLength@AvgEnvironment@@YGHAAIPB_W@Z

?GetSpecialFolder@AvgEnvironment@@YGHW4SpecialFolder@1@AAV?$IAvgString@_W$0A@@@@Z

?Sleep@AvgBasThread@@SGHH@Z

?AvgKernel32ForceInitialize@@YGXXZ

?GetFullPath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?GetTempDirPath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PAI@Z

?GetDirectoryPathFromFilenamePath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?AvgGetSystemTime@@YGHAAUAvgTimeStruct@@@Z

?AvgGetLocalTime@@YGHAAUAvgTimeStruct@@@Z

?AvgKernel32IsFnLoaded_UnhandledExceptionFilter@@YG_NXZ

?AvgKernel32_SetUnhandledExceptionFilter@@YGP6GJPAU_EXCEPTION_POINTERS@@@ZP6GJ0@Z@Z

?AvgWinIsProcessBeingDebugged@@YG_NXZ

?AvgKernel32_UnhandledExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z

?UnloadSharedLibraries@AvgBasObjectFactoryImpl@detail@@QAGX_N@Z

?GetAvgObject@AvgBasObjectFactoryImpl@detail@@QAGHABU_AvgGuid@@PAPAX@Z

?SetProgramPath@AvgBasObjectFactoryImpl@detail@@QAGHPB_W@Z

?Initialize@AvgBasObjectFactoryImpl@detail@@QAGHPBUAvgBasObjectFactoryMapping@@I@Z

??1AvgBasObjectFactoryImpl@detail@@QAE@XZ

??0AvgBasObjectFactoryImpl@detail@@QAE@XZ

?Release@AvgBasCriticalSection@@QAGHXZ

?Acquire@AvgBasCriticalSection@@QAGHXZ

?Create@AvgBasCriticalSection@@QAGHXZ

??1AvgBasCriticalSection@@QAE@XZ

??0AvgBasCriticalSection@@QAE@XZ

?GetCurrentModuleHandle@AvgProcess@@YGPAXXZ

?AvgGetUtf162MbStringSize@@YGHAAIPB_WW4AvgCodePage@@I@Z

?AvgFindSubStringFromRight@@YGPB_WPB_W0II@Z

?FileExists@AvgBasFs@@YGHPB_W@Z

?GetName@Item@AvgBasFs@@QBGPB_WXZ

??1Item@AvgBasFs@@QAE@XZ

?Destroy@AvgBasWaitable@@UAGHXZ

?AvgLowerString@@YGHW4AvgCodePage@@PA_WIPB_WPAII@Z

?AvgFindSubString@@YGPADPADPBDII@Z

?AvgCompareStringNoCase@@YGHW4AvgCodePage@@PB_W1II@Z

?GetChildrenEnumeratorImpl@AvgBasWinRegistryHandle@@AAGHAAPAV?$IAvgEnumerator@U?$AvgStringzRefBase@_W$0A@@@@@@Z

?EnablePrivilege@AvgBasWinRegistryHandle@@SGHW4AvgBasWinRegistryPrivilege@@_N@Z

?LoadKey@AvgBasWinRegistryHandle@@QAGHABU?$AvgStringRefBase@_W$0A@@@0@Z

?GetDWordValueWithDefault@AvgBasWinRegistryHandle@@QAGHAAKKABU?$AvgStringRefBase@_W$0A@@@@Z

?GetBinaryValue@AvgBasWinRegistryHandle@@QAGHAAV?$IAvgBuffer@E@@ABU?$AvgStringRefBase@_W$0A@@@@Z

?SetParent@AvgBasWinRegistryHandle@@QAGHW4AvgBasWinRegistryRootType@@@Z

??0AvgBasWinRegistryHandle@@QAE@PAV0@@Z

?GetWinUsernameSid@AvgEnvironment@@YGHAAV?$IAvgString@_W$0A@@@@Z

?AvgConvertUtf162MbString@@YGHPADIPB_WW4AvgCodePage@@PAII@Z

?WaitForThreadToStop@AvgBasThread@@QAGHH@Z

?StartThread@AvgBasThread@@QAGHW4AvgPriority@@PAVAvgSecurityCtx@@V?$AvgFlags@W4ThreadFlag@AvgBasThread@@@@PBD@Z

?AvgCopyString@@YGHPADIPBDI@Z

?AvgConvertString2Number@@YGHAAGPB_WIHPAPB_W@Z

?AvgCreateErrorCodeFromWin32@@YGHK@Z

?GetModuleDirectory@AvgModule@@YGHPAXAAU_AVG_UTF16CHAR_STR@@PAI@Z

?GetCurrentDirectoryPath@AvgProcess@@YGHAAU_AVG_UTF16CHAR_STR@@PAI@Z

?AvgNtdll_RtlDosPathNameToNtPathName_T_EliminateDosDevice@@YGHPB_WPAU_UNICODE_STRING@@@Z

??0Item@AvgBasFs@@QAE@XZ

?New@Impl@DirectoryEnumerator@AvgBasFs@@SGHAAPAU123@PB_W1V?$AvgFlags@W4DirectoryEnumerationFlagItems@AvgBasFs@@@@PAVAvgWinTransaction@@@Z

?Initialize@Item@AvgBasFs@@QAGHPBEIABU?$AvgStringRefBase@_W$0A@@@@Z

?FreeResource@AvgBasWaitable@@IAGHXZ

??0AvgTimeStruct@@QAE@XZ

?AvgConvertAvgTimeToStruct@@YGHAAUAvgTimeStruct@@_K@Z

?AvgConvertString2Number@@YGHAAHPB_WIHPAPB_W@Z

?AvgConvertString2Number@@YGHAACPB_WIHPAPB_W@Z

?AvgConvertNumber2String@@YGHPA_WI_JHPAI@Z

?AvgConvertNumber2String@@YGHPA_WIKHPAI@Z

??0AvgMiniHashSha1@@QAE@XZ

??1AvgMiniHashSha1@@QAE@XZ

?Initialize@AvgMiniHashSha1@@QAGXXZ

?Add@AvgMiniHashSha1@@QAGHPBEI@Z

?Get@AvgMiniHashSha1@@QAGXAAUHashType@1@@Z

?AvgConvertT2MbString@@YGHPADIPB_WW4AvgCodePage@@PAII@Z

?AvgGetT2MbStringSize@@YGHAAIPB_WW4AvgCodePage@@I@Z

?AvgGetSystemTime@@YGHAA_K@Z

?IsInitialized@AvgBasWaitable@@QBG_NXZ

?Create@AvgBasMutex@@QAGH_N@Z

?Acquire@AvgBasMutex@@QAGHH@Z

?Release@AvgBasMutex@@QAGHXZ

msvcp100

?_Xlength_error@std@@YAXPBD@Z

?_Xout_of_range@std@@YAXPBD@Z

msvcr100

_strnicmp

_open

_close

_read

_fileno

_strdup

_controlfp_s

?_type_info_dtor_internal_method@type_info@@QAEXXZ

_except_handler4_common

__set_app_type

_fmode

_commode

__setusermatherr

islower

isupper

isprint

isgraph

_stat64

_errno

isalpha

strncpy_s

strcat_s

strcpy_s

sprintf_s

__sys_nerr

strerror

getenv

memchr

isalnum

fflush

_stricmp

fputc

_fstat64

_lseeki64

isspace

fclose

fopen

fgets

fputs

_strtoi64

qsort

fseek

isxdigit

strtoul

strrchr

fwrite

fread

strncpy

tolower

strtol

strchr

__iob_func

strstr

sscanf

realloc

calloc

memset

_CxxThrowException

malloc

free

_configthreadlocale

_initterm_e

_initterm

memcpy

floor

isdigit

?what@exception@std@@UBEPBDXZ

??1exception@std@@UAE@XZ

??0exception@std@@QAE@ABQBD@Z

??0exception@std@@QAE@ABV01@@Z

memmove

_wtoi

??_V@YAXPAX@Z

_purecall

??3@YAXPAX@Z

wcstok_s

??2@YAPAXI@Z

_itow_s

_invoke_watson

_set_invalid_parameter_handler

swprintf_s

sprintf

strncmp

_wcslwr_s

wcsncmp

_mktime64

_gmtime64

wcsftime

_localtime64

_time64

?terminate@@YAXXZ

_unlock

__dllonexit

_lock

_onexit

__CxxFrameHandler3

_amsg_exit

__wgetmainargs

_cexit

_exit

_XcptFilter

exit

__winitenv

advapi32

RegOpenKeyExW

RegCreateKeyExW

RegQueryValueExW

RegSetValueExW

RegCloseKey

shell32

SHGetFolderPathW

ws2_32

ioctlsocket

listen

accept

select

__WSAFDIsSet

recvfrom

gethostbyname

send

getpeername

connect

gethostbyaddr

htons

ntohs

getsockname

setsockopt

recv

bind

socket

WSASetLastError

closesocket

getsockopt

WSAStartup

WSACleanup

getservbyname

getservbyport

htonl

inet_addr

inet_ntoa

WSAGetLastError

sendto

gethostname

wininet

DetectAutoProxyUrl

version

VerQueryValueW

GetFileVersionInfoW

GetFileVersionInfoSizeW

Exports

??0_Mutex@std@@QAE@W4_Uninitialized@1@@Z

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

Sections

.text
Size: 455KB - Virtual size: 455KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

avgcommx.dll

.dll windows:5 windows x86 arch:x86

4fdd347db40695f604e9819f60082e65

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

Extended Key Usages

ExtKeyUsageServerAuth

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

26:6d:33:3e:de:17:a8:b4:72:05:3e:4f:a3:93:45:72
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

22/10/2014, 00:00

Not After

20/01/2018, 23:59

Subject

CN=AVG Technologies CZ\, s.r.o.,O=AVG Technologies CZ\, s.r.o.,L=Brno,ST=Jihomoravsky kraj,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

e0:a0:9f:8d:76:77:8d:83:ef:46:47:35:20:21:57:e4:74:d6:bb:60
Signer

Actual PE Digest

e0:a0:9f:8d:76:77:8d:83:ef:46:47:35:20:21:57:e4:74:d6:bb:60

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

d:\nightly\sandbox_avg_vc10_HotFix2013-20\source\build\avg_client_ru_ntdll_dls_win32_vs100\bin\Release_Unicode_NTDLL_DLS_vs100\Win32\avgcommx.pdb

Imports

avgsysx

??1AvgSpinLockLocker@@QAE@XZ

??0AvgSpinLockLocker@@QAE@PAUAvgSpinLock@@_N@Z

?AvgWinZwOpenFile@@YGHPB_WPAPAXKPAU_IO_STATUS_BLOCK@@KK@Z

?GetSecurityDescriptor@AvgWinSecurityDescriptor@@QAGHAAPAX@Z

?AvgNtdll_RtlDosPathNameToNtPathName_T_EliminateDosDevice@@YGHPB_WPAU_UNICODE_STRING@@@Z

?Create@AvgBasMutex@@QAGH_N@Z

?Acquire@AvgBasMutex@@QAGHH@Z

?Release@AvgBasMutex@@QAGHXZ

?Assign@AvgWinSecurityDescriptor@@QAGHABVAvgSecurityCtx@@@Z

?AvgConvertAvgTimeToStruct@@YGHAAUAvgTimeStruct@@_K@Z

?AvgBufferXor@@YGXPAEPBEI1I_J@Z

?GetString@AvgGuidUtils@@YGHABU_AvgGuid@@AAU_AVG_UTF16CHAR_STR@@@Z

?GetThreadExitCode@AvgBasThread@@QAGHAAH@Z

??0AvgBasSharedLibraryLoader@@QAE@PB_W@Z

??1AvgBasSharedLibraryLoader@@UAE@XZ

?Initialize@AvgBasThread@@QAGHPAVAvgBasEvent@@@Z

?Sleep@AvgBasThread@@SGHH@Z

?AvgGetStringSizeInElements@@YGIPB_W@Z

?Acquire@AvgBasCriticalSection@@QAGHXZ

??1AvgBasCriticalSection@@QAE@XZ

?Destroy@AvgBasWaitable@@UAGHXZ

?Cleanup@AvgBasThread@@MAGXXZ

?Release@AvgBasCriticalSection@@QAGHXZ

??0AvgBasCriticalSection@@QAE@XZ

?StartThread@AvgBasThread@@QAGHW4AvgPriority@@PAVAvgSecurityCtx@@V?$AvgFlags@W4ThreadFlag@AvgBasThread@@@@PBD@Z

?Create@AvgBasCriticalSection@@QAGHXZ

?IsInitialized@AvgBasCriticalSection@@QBG_NXZ

?StopThread@AvgBasThread@@QAGHH@Z

?AvgGetSystemTime@@YGHAA_K@Z

?AvgFindSubStringFromRight@@YGPB_WPB_W0II@Z

?Create@AvgBasEvent@@QAGHW4ResetType@1@_N@Z

?GetCurrentThreadId@AvgBasThread@@SGKXZ

?Set@AvgBasEvent@@QAGHXZ

?WaitForThreadToStop@AvgBasThread@@QAGHH@Z

?Wait@AvgBasEvent@@QAGHH@Z

?Reset@AvgBasEvent@@QAGHXZ

?AvgCompareString@@YGHPB_W0II@Z

?CreateLuid@AvgGuidUtils@@YGHAAU_AvgGuid@@@Z

?AvgConvertStructToAvgTime@@YGHAA_KABUAvgTimeStruct@@@Z

?AvgFormatStringV@@YGHW4AvgCodePage@@PA_WIPB_WPAIPAD@Z

?AvgMemXor@@YGXPAEPBEI@Z

?AvgGenerateRandomBuffer@@YGXPAEI@Z

?Initialize@AvgWinMandatoryLabel@@QAGHW4Label@1@V?$AvgFlags@W4FlagsValues@AvgWinMandatoryLabel@@@@@Z

?AddDaclAce@AvgWinSecurityDescriptor@@QAGHABVAvgWinAce@@@Z

?Initialize@AvgWinSecurityIdentifier@@QAGHW4WellKnownSidType@1@PBV1@@Z

?AvgGenerateRandomDWord@@YGKXZ

?AvgCreateErrorCodeFromWin32@@YGHW4_AvgErrorCodeSeverity@@K@Z

?AvgDestroySysMini@@YGXXZ

?AvgInitializeSysMini@@YGHXZ

?AvgPrintV@@YGHPBDPAD@Z

?AvgConvertAvgTimeToTimeT@@YGHAA_J_K@Z

?AvgConvertTMToAvgTime@@YGHAA_KAAUtm@@@Z

?AvgGetTimestamp@@YGKXZ

?ParseWinSecDes@AvgWinSecurityDescriptor@@KGHAAV1@PBXV?$AvgFlags@W4InformationValues@AvgWinSecurityDescriptor@@@@@Z

?ClearSecurityAttributes@AvgWinSecurityDescriptor@@QAGXXZ

?CloneImpl@AvgWinSecurityDescriptor@@MBEHAAPAVAvgSecurityCtx@@@Z

?ReleaseClonedObject@AvgWinSecurityDescriptor@@UAEXXZ

?GetInformationType@AvgWinSecurityDescriptor@@QBG?AV?$AvgFlags@W4InformationValues@AvgWinSecurityDescriptor@@@@XZ

?FreeKey@AvgTls@@YGHAAUKeyBase@1@@Z

?SetValue@AvgTls@@YGHABUKeyBase@1@PAX@Z

?GetValue@AvgTls@@YGHABUKeyBase@1@AAPAX@Z

?AllocateKey@AvgTls@@YGHAAUKeyBase@1@@Z

?FreeResource@AvgBasWaitable@@IAGHXZ

?AvgWinIsProcessBeingDebugged@@YG_NXZ

?AvgKernel32IsFnLoaded_UnhandledExceptionFilter@@YG_NXZ

?AvgKernel32_UnhandledExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z

?GetHandle@AvgBasWaitable@@IBGPAXXZ

?InitializeEnvironment@AvgEnvironment@@YGHXZ

?DestroyEnvironment@AvgEnvironment@@YGXXZ

?IsInitialized@AvgBasWaitable@@QBG_NXZ

?GetResourceType@AvgBasWaitable@@IBG?AW4AvgBasWaitableResourceType@@XZ

?GetForward@AvgBasWaitable@@IBGPAV1@XZ

ntdll

ZwQueryVirtualMemory

RtlUnwind

ZwTerminateProcess

RtlDeleteCriticalSection

RtlInitializeCriticalSection

RtlEnterCriticalSection

RtlLeaveCriticalSection

_chkstk

RtlReAllocateHeap

RtlFreeHeap

RtlFreeUnicodeString

ZwFlushBuffersFile

ZwClose

ZwFsControlFile

ZwWaitForSingleObject

ZwSetInformationThread

ZwReadFile

ZwWriteFile

ZwCreateNamedPipeFile

ZwSetInformationFile

ZwOpenFile

RtlInitUnicodeString

RtlCreateUnicodeString

ZwCancelIoFile

RtlAllocateHeap

towupper

_strcmpi

_strnicmp

_stricmp

DbgPrint

RtlNtStatusToDosError

memmove

_aulldiv

_allmul

memset

memcpy

ZwWaitForMultipleObjects

Exports

GetAvgObject

GetAvgObject2

GetLockCount

Sections

.text
Size: 340KB - Virtual size: 340KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

avgcslx.dll

.dll windows:5 windows x86 arch:x86

48cf993c3bc185bcf8ed60bb925a747e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

Extended Key Usages

ExtKeyUsageServerAuth

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

49:84:48:9d:ec:62:00:de:ce:ad:93:d4:73:2c:ab:ca
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2012, 00:00

Not After

05/01/2015, 23:59

Subject

CN=AVG Technologies CZ\, s.r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AVG Technologies CZ\, s.r.o.,L=Brno,ST=Jihomoravsky kraj,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

cc:ca:11:0a:7c:f1:10:97:b6:65:24:5b:8c:db:16:de:f6:65:9b:e7
Signer

Actual PE Digest

cc:ca:11:0a:7c:f1:10:97:b6:65:24:5b:8c:db:16:de:f6:65:9b:e7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

d:\nightly\sandbox_avg_vc10_AVG2013_SP1_RR\source\build\avg_client_ru_dls_win32_vs100\bin\Release_Unicode_DLS_vs100\Win32\avgcslx.pdb

Imports

kernel32

QueryPerformanceCounter

GetLocaleInfoW

SetLastError

DisableThreadLibraryCalls

QueryPerformanceFrequency

GetDiskFreeSpaceExW

GetWindowsDirectoryW

GetSystemTimeAsFileTime

GetCurrentProcessId

GetCurrentThreadId

IsDebuggerPresent

SetUnhandledExceptionFilter

UnhandledExceptionFilter

GetCurrentProcess

TerminateProcess

InterlockedCompareExchange

DecodePointer

EncodePointer

RaiseException

InterlockedExchange

LocalAlloc

ExpandEnvironmentStringsW

GetTempPathW

LoadLibraryW

GetSystemDirectoryA

ExpandEnvironmentStringsA

GetTickCount

WaitForMultipleObjects

GetFileType

GetStdHandle

ReadFile

PeekNamedPipe

Sleep

GetVersionExA

LoadLibraryA

GetProcAddress

FreeLibrary

SleepEx

GetLastError

FormatMessageA

IsProcessorFeaturePresent

ws2_32

WSAStartup

gethostname

htonl

inet_ntoa

inet_addr

getservbyport

getservbyname

WSACleanup

gethostbyname

ioctlsocket

listen

accept

select

__WSAFDIsSet

recvfrom

sendto

send

getpeername

connect

WSAGetLastError

htons

ntohs

getsockname

setsockopt

recv

bind

socket

WSASetLastError

closesocket

getsockopt

gethostbyaddr

wininet

DetectAutoProxyUrl

ntdll

ZwWaitForSingleObject

ZwSetEvent

ZwReadFile

ZwMapViewOfSection

ZwFlushVirtualMemory

ZwQuerySystemInformation

ZwUnmapViewOfSection

ZwCreateSection

ZwWriteFile

RtlInitUnicodeString

RtlFreeHeap

RtlEnterCriticalSection

RtlAppendUnicodeToString

RtlUnicodeStringToAnsiString

LdrGetDllHandle

ZwQueryValueKey

RtlAppendUnicodeStringToString

RtlFreeAnsiString

RtlLeaveCriticalSection

LdrLoadDll

ZwOpenKey

ZwOpenSection

ZwCreateEvent

ZwQueryInformationFile

ZwClose

RtlNtStatusToDosError

ZwCreateFile

RtlFreeUnicodeString

ZwSetInformationFile

RtlAllocateHeap

RtlReAllocateHeap

avgopensslx

SSL_CIPHER_get_name

SSL_get_error

X509_LOOKUP_file

SSLv2_client_method

SSL_CTX_load_verify_locations

SSLv3_client_method

SSL_CTX_ctrl

SSL_get_verify_result

SSL_SESSION_free

SSL_new

SSL_get_certificate

TLSv1_client_method

SSL_CTX_use_certificate_chain_file

SSL_CTX_callback_ctrl

SSL_pending

SSL_CTX_set_default_passwd_cb

SSL_shutdown

SSL_get_current_cipher

SSL_CTX_use_PrivateKey_file

X509_load_crl_file

SSL_CTX_set_default_passwd_cb_userdata

SSL_CTX_use_certificate_file

RAND_file_name

SSL_CTX_new

SSL_write

SSL_free

SSL_CTX_free

SSL_read

SSL_get_privatekey

SSL_set_connect_state

SSL_library_init

SSLv23_client_method

SSL_get1_session

SSL_peek

SSL_CTX_set_cipher_list

RAND_load_file

SSL_set_fd

PEM_read_X509

SSL_CTX_check_private_key

SSL_ctrl

SSL_get_peer_cert_chain

SSL_set_session

SSL_connect

SSL_CTX_set_verify

SSL_get_peer_certificate

msvcr100

fseek

_CxxThrowException

floor

memset

memcpy

_open

_close

_read

_fileno

_stricmp

_strnicmp

_strdup

__clean_type_info_names_internal

?_type_info_dtor_internal_method@type_info@@QAEXXZ

?terminate@@YAXXZ

_except_handler4_common

_crt_debugger_hook

__CppXcptFilter

_amsg_exit

_initterm_e

_initterm

_encoded_null

_malloc_crt

__CxxFrameHandler3

_onexit

_lock

__dllonexit

_unlock

islower

isupper

isprint

isgraph

_errno

isalpha

_gmtime64

strncpy_s

strcat_s

strcpy_s

sprintf_s

getenv

isalnum

memchr

fflush

_fstat64

_lseeki64

isspace

isdigit

sprintf

fputc

fgets

fputs

_strtoi64

qsort

strncmp

free

_time64

fwrite

tolower

strtol

strchr

strstr

sscanf

isxdigit

strtoul

fclose

fread

fopen

__iob_func

_stat64

strrchr

__sys_nerr

strncpy

strerror

realloc

malloc

calloc

??2@YAPAXI@Z

??3@YAXPAX@Z

_purecall

memmove

??_V@YAXPAX@Z

version

GetFileVersionInfoW

GetFileVersionInfoSizeW

VerQueryValueW

Exports

??0_Mutex@std@@QAE@W4_Uninitialized@1@@Z

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

GetAvgObject

GetLockCount

Sections

.text
Size: 666KB - Virtual size: 666KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

avgdecider.dll

.dll windows:5 windows x86 arch:x86

b75bb2a60ddf0deaae9708038f1a7795

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

Extended Key Usages

ExtKeyUsageServerAuth

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

49:84:48:9d:ec:62:00:de:ce:ad:93:d4:73:2c:ab:ca
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2012, 00:00

Not After

05/01/2015, 23:59

Subject

CN=AVG Technologies CZ\, s.r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AVG Technologies CZ\, s.r.o.,L=Brno,ST=Jihomoravsky kraj,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

5b:97:46:b7:04:60:6f:ad:d8:40:84:71:15:14:74:a7:11:1a:b9:af
Signer

Actual PE Digest

5b:97:46:b7:04:60:6f:ad:d8:40:84:71:15:14:74:a7:11:1a:b9:af

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

d:\nightly\sandbox_avg_vc10_SmallUpdate2013-04_Beta\source\build\avg_client_ru_dls_win32_vs100\bin\Release_Unicode_DLS_vs100\Win32\avgdecider.pdb

Imports

kernel32

ExpandEnvironmentStringsW

InterlockedDecrement

GetDriveTypeW

SetErrorMode

FindNextVolumeW

GetLastError

InterlockedIncrement

DisableThreadLibraryCalls

SetLastError

GetProcessHeap

HeapSize

HeapReAlloc

HeapFree

HeapAlloc

HeapDestroy

GetSystemTimeAsFileTime

GetCurrentProcessId

GetCurrentThreadId

GetTickCount

QueryPerformanceCounter

IsDebuggerPresent

SetUnhandledExceptionFilter

UnhandledExceptionFilter

TerminateProcess

InterlockedCompareExchange

Sleep

InterlockedExchange

DecodePointer

EncodePointer

LocalFree

WideCharToMultiByte

lstrlenA

MultiByteToWideChar

GetLocaleInfoW

GetCurrentProcess

WaitForMultipleObjectsEx

GetVolumeInformationW

FindFirstVolumeW

FindVolumeClose

ole32

CoCreateInstance

CoInitialize

OleRun

oleaut32

SafeArrayPutElement

VariantClear

VariantInit

SafeArrayCreateVector

SafeArrayDestroy

SysAllocString

SysStringLen

GetErrorInfo

SysFreeString

VariantChangeType

SysAllocStringByteLen

ntdll

RtlFreeUnicodeString

ZwCreateFile

RtlNtStatusToDosError

ZwClose

LdrUnloadDll

RtlInitUnicodeString

RtlInitAnsiString

LdrGetProcedureAddress

LdrLoadDll

RtlFreeHeap

RtlReAllocateHeap

RtlAllocateHeap

ZwSetInformationFile

ZwFsControlFile

ZwQueryInformationFile

ZwCreateEvent

ZwWaitForSingleObject

NtClose

RtlOpenCurrentUser

ZwReadFile

ZwMapViewOfSection

ZwFlushVirtualMemory

ZwQuerySystemInformation

ZwUnmapViewOfSection

ZwFlushBuffersFile

ZwCreateSection

ZwWriteFile

ZwSetEvent

psapi

GetDeviceDriverFileNameW

EnumDeviceDrivers

GetDeviceDriverBaseNameW

avgsysx

?Release@AvgBasCriticalSection@@QAGHXZ

?Acquire@AvgBasCriticalSection@@QAGHXZ

?Create@AvgBasCriticalSection@@QAGHXZ

?IsInitialized@AvgBasCriticalSection@@QBG_NXZ

??1AvgBasCriticalSection@@QAE@XZ

??0AvgBasCriticalSection@@QAE@XZ

?AvgLowerString@@YGHW4AvgCodePage@@PA_WIPB_WPAII@Z

?Initialize@AvgWinSecurityDescriptor@@QAGHXZ

?AddDaclAce@AvgWinSecurityDescriptor@@QAGHW4WellKnownSidType@AvgWinSecurityIdentifier@@HW4Type@AvgWinAce@@V?$AvgFlags@W4FlagsValues@AvgWinAce@@@@@Z

?EnablePrivilege@AvgBasWinRegistryHandle@@SGHW4AvgBasWinRegistryPrivilege@@_N@Z

?UnLoadKey@AvgBasWinRegistryHandle@@QAGHABU?$AvgStringRefBase@_W$0A@@@@Z

?LoadKey@AvgBasWinRegistryHandle@@QAGHABU?$AvgStringRefBase@_W$0A@@@0@Z

?CreateLuid@AvgGuidUtils@@YGHAAU_AvgGuid@@@Z

?Get@AvgMiniHashMd5@@QAGAAUHashType@1@XZ

?Add@AvgMiniHashMd5@@QAGXPBEI@Z

?Initialize@AvgMiniHashMd5@@QAGXXZ

??1AvgMiniHashMd5@@QAE@XZ

??0AvgMiniHashMd5@@QAE@XZ

?StopThread@AvgBasThread@@QAGHH@Z

?StartThread@AvgBasThread@@QAGHW4AvgPriority@@PAVAvgSecurityCtx@@V?$AvgFlags@W4ThreadFlag@AvgBasThread@@@@PBD@Z

?Cleanup@AvgBasThread@@MAGXXZ

?AvgNtdll_RtlDosPathNameToNtPathName_T_EliminateDosDevice@@YGHPB_WPAU_UNICODE_STRING@@@Z

?GetNormalizedPath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?GetFullPath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?GetTempDirPath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PAI@Z

?GetDirectoryPathFromFilenamePath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?IsPathRooted@AvgBasPath@@YG_NPB_WI@Z

??1AvgSpinLockLocker@@QAE@XZ

??0AvgSpinLockLocker@@QAE@PAUAvgSpinLock@@_N@Z

?AvgDestroySysMini@@YGXXZ

?AvgInitializeSysMini@@YGHXZ

?InitializeEnvironment@AvgEnvironment@@YGHXZ

?DestroyEnvironment@AvgEnvironment@@YGXXZ

?AvgBasGetStackFrameModulePath@@YGHAAV?$IAvgString@_W$0A@@@ABUAvgBasStackFrameX86@@@Z

?GetBuffer@AvgUtf16CharHeapBuffer@@QAGPA_WXZ

?IsEmpty@AvgUtf16CharHeapBuffer@@QBG_NXZ

?Clear@AvgUtf16CharHeapBuffer@@QAGXXZ

?AvgWinConstructDllSearchPath@@YGHAAVAvgUtf16CharHeapBuffer@@ABU?$AvgStringRefBase@_W$0A@@@@Z

?AvgBufferXor@@YGXPAEPBEI1I_J@Z

?AvgWinZwOpenFile@@YGHPB_WPAPAXKPAU_IO_STATUS_BLOCK@@KK@Z

?GetHandle@AvgBasWaitable@@IBGPAXXZ

?AvgUpperString@@YGHW4AvgCodePage@@PA_WIPB_WPAII@Z

?AvgCreateErrorCodeFromWin32@@YGHK@Z

?GetForward@AvgBasWaitable@@IBGPAV1@XZ

?Sleep@AvgBasThread@@SGHH@Z

?GetThreadExitCode@AvgBasThread@@QAGHAAH@Z

?Initialize@AvgBasThread@@QAGHPAVAvgBasEvent@@@Z

?GetString@AvgGuidUtils@@YGHABU_AvgGuid@@AAU_AVG_UTF16CHAR_STR@@@Z

?CombinePaths@AvgBasPath@@YGHABU?$AvgMutableStringRefBase@_W$0A@@@ABU?$AvgStringRefBase@_W$0A@@@1@Z

??0AvgBasWinRegistryHandle@@QAE@PAV0@@Z

?WinExpandString@AvgEnvironment@@YGHAAV?$IAvgString@_W$0A@@@PB_WPAX@Z

?GetEnvironmentVar@AvgEnvironment@@YGHPB_WAAV?$IAvgString@_W$0A@@@@Z

?GetChildrenEnumeratorImpl@AvgBasWinRegistryHandle@@AAGHAAPAV?$IAvgEnumerator@U?$AvgStringzRefBase@_W$0A@@@@@@Z

?KeyExists@AvgBasWinRegistryHandle@@QAG_NABU?$AvgStringRefBase@_W$0A@@@@Z

?ParseWinSecDes@AvgWinSecurityDescriptor@@KGHAAV1@PBXV?$AvgFlags@W4InformationValues@AvgWinSecurityDescriptor@@@@@Z

?ReleaseClonedObject@AvgWinSecurityDescriptor@@UAEXXZ

?ClearSecurityAttributes@AvgWinSecurityDescriptor@@QAGXXZ

?CloneImpl@AvgWinSecurityDescriptor@@MBEHAAPAVAvgSecurityCtx@@@Z

?GetInformationType@AvgWinSecurityDescriptor@@QBG?AV?$AvgFlags@W4InformationValues@AvgWinSecurityDescriptor@@@@XZ

?FreeResource@AvgBasWaitable@@IAGHXZ

?AvgConvertNumber2String@@YGHPA_WIKHPAI@Z

?AvgConvertNumber2String@@YGHPA_WI_KHPAI@Z

?EnumKeys@AvgBasWinRegistryHandle@@QAGHAAV?$IAvgBackInserter@V?$IAvgString@_W$0A@@@@@@Z

?GetMemoryStatus@AvgProcess@@YGHAAU_MemoryStatus@1@@Z

?IsWindows7OrHigher@OsInfo@AvgEnvironment@@YG_NXZ

?GetOsInfoData@AvgEnvironment@@YGABUOsInfoData@1@XZ

?GetCurrentModuleHandle@AvgProcess@@YGPAXXZ

?GetSpecialFolder@AvgEnvironment@@YGHW4SpecialFolder@1@AAV?$IAvgString@_W$0A@@@@Z

?GetMaxPathLength@AvgEnvironment@@YGHAAIPB_W@Z

??0AvgBasSharedLibraryLoader@@QAE@PB_W@Z

??1AvgBasSharedLibraryLoader@@UAE@XZ

?Load@AvgBasSharedLibraryLoader@@QAGHPB_W@Z

?Unload@AvgBasSharedLibraryLoader@@UAGXXZ

?AttachTo@AvgBasSharedLibraryLoader@@QAGHPBDPCRAX@Z

??0AvgBasWinRegistryHandle@@QAE@W4AvgBasWinRegistryRootType@@@Z

??1AvgBasWinRegistryHandle@@QAE@XZ

?OpenKeyIfExists@AvgBasWinRegistryHandle@@QAGHABU?$AvgStringRefBase@_W$0A@@@@Z

?IsWow64ViewModeSupported@AvgBasWinRegistryHandle@@SG_NXZ

?SetViewMode@AvgBasWinRegistryHandle@@QAGHV?$AvgFlags@W4AvgBasWinRegistryViewModeValues@@@@@Z

?GetStringValue@AvgBasWinRegistryHandle@@QAGHAAV?$IAvgString@_W$0A@@@ABU?$AvgStringRefBase@_W$0A@@@@Z

?CloseKey@AvgBasWinRegistryHandle@@QAGXXZ

?AvgCompareStringNoCase@@YGHW4AvgCodePage@@PB_W1II@Z

?AvgCompareString@@YGHPB_W0II@Z

?AvgFormatStringV@@YGHW4AvgCodePage@@PA_WIPB_WPAIPAD@Z

?AvgConvertMb2Utf16String@@YGHPA_WIPBDW4AvgCodePage@@PAII@Z

?AvgGetMb2Utf16StringSize@@YGHAAIPBDW4AvgCodePage@@I@Z

?FileExists@AvgBasFs@@YGHPB_W@Z

?DirectoryExists@AvgBasFs@@YGHPB_W@Z

?AvgGetStringSizeInElements@@YGIPB_W@Z

?AvgGetStringSizeInElements@@YGIPBD@Z

?Destroy@AvgBasWaitable@@UAGHXZ

??0AvgBasWinWow64FsRedirection@@QAE@XZ

??1AvgBasWinWow64FsRedirection@@QAE@XZ

?IsSupported@AvgBasWinWow64FsRedirection@@QAG_NXZ

?CreateDir@AvgBasFs@@YGHPB_W_NPAVAvgSecurityCtx@@@Z

?AppendDescriptorToObject@AvgWinSecurity@@YGHAAVAvgWinSecurityDescriptor@@ABVAvgWinObject@@_N@Z

??0AvgUtf16CharHeapBuffer@@QAE@XZ

??1AvgUtf16CharHeapBuffer@@QAE@XZ

?Assign@AvgUtf16CharHeapBuffer@@QAGHPB_WI@Z

?AvgCreateErrorCodeFromWin32@@YGHW4_AvgErrorCodeSeverity@@K@Z

?Initialize@AvgWinMandatoryLabel@@QAGHW4Label@1@V?$AvgFlags@W4FlagsValues@AvgWinMandatoryLabel@@@@@Z

?Create@AvgBasEvent@@QAGHW4ResetType@1@_N@Z

?Wait@AvgBasEvent@@QAGHH@Z

?Set@AvgBasEvent@@QAGHXZ

?Reset@AvgBasEvent@@QAGHXZ

??0AvgBasObjectFactoryImpl@detail@@QAE@XZ

??1AvgBasObjectFactoryImpl@detail@@QAE@XZ

?Initialize@AvgBasObjectFactoryImpl@detail@@QAGHPBUAvgBasObjectFactoryMapping@@I@Z

?SetProgramPath@AvgBasObjectFactoryImpl@detail@@QAGHPB_W@Z

?GetModuleDirectory@AvgModule@@YGHPAXAAU_AVG_UTF16CHAR_STR@@PAI@Z

?GetAvgObject@AvgBasObjectFactoryImpl@detail@@QAGHABU_AvgGuid@@PAPAX@Z

?UnloadSharedLibraries@AvgBasObjectFactoryImpl@detail@@QAGX_N@Z

?AvgConvertT2MbString@@YGHPADIPB_WW4AvgCodePage@@PAII@Z

?AvgConvertMb2TString@@YGHPA_WIPBDW4AvgCodePage@@PAII@Z

?AvgGetMb2TStringSize@@YGHAAIPBDW4AvgCodePage@@I@Z

?AvgGetT2MbStringSize@@YGHAAIPB_WW4AvgCodePage@@I@Z

?CheckUserAdminRights@AvgEnvironment@@YGHAA_N_N@Z

?GetUsername@AvgEnvironment@@YGHAAV?$IAvgString@_W$0A@@@@Z

?AvgConvertString2Number@@YGHAAKPB_WIHPAPB_W@Z

?OpenRegistryRoot@AvgBasWinRegistryHandle@@QAGHW4AvgBasWinRegistryRootType@@@Z

?GetDWordValue@AvgBasWinRegistryHandle@@QAGHAAKABU?$AvgStringRefBase@_W$0A@@@@Z

?AvgFindSubStringFromRight@@YGPB_WPB_W0II@Z

?AvgConvertUtf162MbString@@YGHPADIPB_WW4AvgCodePage@@PAII@Z

?AvgGetSystemTime@@YGHAA_K@Z

??0AvgTimeStruct@@QAE@XZ

?AvgConvertAvgTimeToStruct@@YGHAAUAvgTimeStruct@@_K@Z

?AvgGetUtf162MbStringSize@@YGHAAIPB_WW4AvgCodePage@@I@Z

?GetResourceType@AvgBasWaitable@@IBG?AW4AvgBasWaitableResourceType@@XZ

msvcr100

__clean_type_info_names_internal

?_type_info_dtor_internal_method@type_info@@QAEXXZ

_crt_debugger_hook

_except_handler4_common

?terminate@@YAXXZ

__CppXcptFilter

_amsg_exit

_initterm_e

_initterm

_encoded_null

_malloc_crt

_onexit

_lock

__dllonexit

_unlock

memset

_CxxThrowException

__CxxFrameHandler3

malloc

free

memcpy_s

vswprintf_s

_vscwprintf

??2@YAPAXI@Z

??3@YAXPAX@Z

_purecall

??_V@YAXPAX@Z

memmove

memcpy

Exports

??0_Mutex@std@@QAE@W4_Uninitialized@1@@Z

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

GetAvgObject

GetLockCount

Sections

.text
Size: 262KB - Virtual size: 261KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

avgdiagex.exe

.exe windows:5 windows x86 arch:x86

bcc2fca673afce9e7b9ac65426c1bf75

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

Extended Key Usages

ExtKeyUsageServerAuth

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

49:84:48:9d:ec:62:00:de:ce:ad:93:d4:73:2c:ab:ca
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2012, 00:00

Not After

05/01/2015, 23:59

Subject

CN=AVG Technologies CZ\, s.r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AVG Technologies CZ\, s.r.o.,L=Brno,ST=Jihomoravsky kraj,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

86:61:aa:b5:a7:15:57:d3:71:55:5e:ab:3f:b2:9f:91:03:49:4d:be
Signer

Actual PE Digest

86:61:aa:b5:a7:15:57:d3:71:55:5e:ab:3f:b2:9f:91:03:49:4d:be

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\nightly\sandbox_avg_vc10_SmallUpdate2013-06\source\build\avg_client_ru_mt_sll_win32_vs100\bin\Release_Unicode_MT_SLL_vs100\Win32\avgdiagex.pdb

Imports

pdh

PdhCollectQueryData

PdhCloseQuery

PdhAddCounterW

PdhOpenQueryW

PdhGetFormattedCounterValue

netapi32

NetUserGetLocalGroups

NetApiBufferFree

NetUserGetGroups

NetUserEnum

userenv

ExpandEnvironmentStringsForUserW

secur32

GetUserNameExW

iphlpapi

GetIfTable

GetBestInterface

kernel32

GetDateFormatW

GetDriveTypeW

SetErrorMode

GetUserDefaultLCID

GetComputerNameW

GetLogicalDrives

GetSystemDefaultLCID

GlobalAlloc

WideCharToMultiByte

GetLocaleInfoW

GetTimeFormatW

MultiByteToWideChar

GlobalFree

DeviceIoControl

GetSystemTime

LoadLibraryW

FreeConsole

GetExitCodeProcess

AttachConsole

ProcessIdToSessionId

GetCurrentThreadId

lstrcmpW

DuplicateHandle

GetCurrentProcessId

GetModuleFileNameW

GetFileSize

SetFilePointer

UnmapViewOfFile

SystemTimeToFileTime

GetTickCount

FileTimeToSystemTime

ReadFile

GetLocalTime

GetFileInformationByHandle

ExpandEnvironmentStringsW

GetDiskFreeSpaceExW

FreeEnvironmentStringsW

LockResource

GetProcAddress

FlushFileBuffers

CreateFileW

MulDiv

SizeofResource

OpenProcess

WriteFile

GetCurrentThread

GetModuleHandleW

GetEnvironmentStringsW

GetCurrentProcess

LoadResource

SetEnvironmentVariableA

CompareStringW

WriteConsoleW

GetProcessHeap

SetEndOfFile

SetConsoleCtrlHandler

IsValidLocale

EnumSystemLocalesA

GetLocaleInfoA

SetStdHandle

GetConsoleMode

GetConsoleCP

GetShortPathNameW

GetLongPathNameW

FreeLibrary

FindResourceExW

GetLastError

WaitForSingleObject

GetFullPathNameW

CreateThread

SleepEx

SetLastError

FormatMessageA

CancelIo

GetOverlappedResult

CloseHandle

CreateEventW

FlushConsoleInputBuffer

ReadConsoleInputA

SetConsoleMode

SetEvent

GetCurrentDirectoryW

CreateFileA

LoadLibraryA

GetVersionExA

GetFullPathNameA

QueryPerformanceCounter

InitializeCriticalSectionAndSpinCount

SetHandleCount

IsValidCodePage

GetOEMCP

GetACP

TlsFree

TlsSetValue

TlsGetValue

TlsAlloc

HeapCreate

ExitProcess

HeapSize

IsProcessorFeaturePresent

IsDebuggerPresent

SetUnhandledExceptionFilter

UnhandledExceptionFilter

TerminateProcess

LCMapStringW

GetCPInfo

RtlUnwind

RaiseException

FindFirstFileExA

GetDriveTypeA

FileTimeToLocalFileTime

FindClose

GetStartupInfoW

HeapSetInformation

GetCommandLineW

GetTimeZoneInformation

HeapReAlloc

HeapAlloc

HeapFree

LeaveCriticalSection

EnterCriticalSection

DeleteCriticalSection

InitializeCriticalSection

DecodePointer

EncodePointer

GetStringTypeW

InterlockedExchange

InterlockedDecrement

InterlockedIncrement

OutputDebugStringA

OutputDebugStringW

WaitForMultipleObjectsEx

GetTempPathW

InterlockedCompareExchange

FindFirstVolumeW

CreatePipe

QueryDosDeviceW

GetVolumePathNamesForVolumeNameW

FindNextVolumeW

GetSystemTimeAsFileTime

CreateProcessW

FindVolumeClose

GetSystemDirectoryA

ExpandEnvironmentStringsA

WaitForMultipleObjects

GetFileType

GetStdHandle

PeekNamedPipe

Sleep

user32

GetUserObjectInformationW

GetSystemMetrics

UnhookWindowsHookEx

SetWindowsHookExW

GetWindowTextW

GetProcessWindowStation

CallNextHookEx

MessageBoxW

SendInput

EnableWindow

DestroyIcon

EndDialog

SetFocus

GetClientRect

DialogBoxParamW

GetWindowTextLengthW

GetDesktopWindow

ScreenToClient

GetWindowRect

PostMessageW

SendMessageW

GetDlgItem

SetWindowTextW

MoveWindow

ShowWindow

SendDlgItemMessageW

SendMessageTimeoutW

LoadImageW

comdlg32

GetOpenFileNameW

advapi32

ChangeServiceConfig2W

SetTokenInformation

CreateProcessAsUserW

LsaFreeMemory

AdjustTokenPrivileges

LsaNtStatusToWinError

LsaClose

LookupAccountSidW

LookupPrivilegeValueW

LookupAccountNameW

GetTokenInformation

LsaEnumerateAccountRights

QueryServiceLockStatusW

LsaOpenPolicy

CloseEventLog

BackupEventLogW

OpenEventLogW

DuplicateTokenEx

OpenProcessToken

CloseServiceHandle

OpenSCManagerW

OpenServiceW

StartServiceW

ControlService

CreateServiceW

QueryServiceStatus

shell32

ShellExecuteW

SHGetFolderPathW

SHGetSpecialFolderPathW

oleaut32

SysAllocStringLen

SysFreeString

VariantInit

VariantClear

ws2_32

WSAStartup

getsockopt

closesocket

WSASetLastError

socket

bind

recv

setsockopt

getsockname

ntohs

htons

connect

getpeername

WSACleanup

sendto

recvfrom

__WSAFDIsSet

getaddrinfo

accept

listen

ioctlsocket

gethostbyname

gethostbyaddr

getservbyname

getservbyport

htonl

inet_addr

gethostname

send

inet_ntoa

WSASendTo

WSAEventSelect

WSARecvFrom

WSAEnumNetworkEvents

WSASend

WSARecv

WSAAddressToStringA

WSAGetLastError

freeaddrinfo

select

WSASocketW

wininet

DetectAutoProxyUrl

ntdll

ZwQueryDirectoryFile

ZwFlushVirtualMemory

RtlDowncaseUnicodeString

RtlUpcaseUnicodeString

RtlxUnicodeStringToOemSize

NlsMbOemCodePageTag

RtlxUnicodeStringToAnsiSize

RtlOemStringToUnicodeString

LdrUnloadDll

ZwUnloadKey

RtlGetAce

RtlLeaveCriticalSection

RtlEnterCriticalSection

RtlOpenCurrentUser

NtClose

ZwQuerySystemInformation

LdrGetProcedureAddress

LdrLoadDll

LdrGetDllHandle

RtlxAnsiStringToUnicodeSize

RtlxOemStringToUnicodeSize

RtlUnicodeStringToOemString

RtlIsDosDeviceName_U

ZwSetInformationToken

ZwQueryInformationToken

ZwDuplicateToken

ZwWaitForSingleObject

RtlEqualSid

ZwResumeThread

RtlTimeToTimeFields

RtlTimeFieldsToTime

ZwOpenProcess

ZwQueryVirtualMemory

ZwReadVirtualMemory

RtlReAllocateHeap

ZwQueryInformationFile

ZwOpenFile

RtlAllocateHeap

ZwCreateFile

RtlFreeUnicodeString

ZwSetInformationFile

RtlFreeHeap

ZwQueryInformationProcess

RtlNtStatusToDosError

ZwOpenSection

ZwClose

ZwUnmapViewOfSection

RtlInitUnicodeString

ZwMapViewOfSection

ZwOpenSymbolicLinkObject

ZwQuerySymbolicLinkObject

RtlDosPathNameToNtPathName_U

RtlCreateUnicodeString

RtlExpandEnvironmentStrings_U

ZwSetSecurityObject

RtlCopySid

RtlAddAccessDeniedAceEx

RtlInitializeCriticalSection

RtlDeleteCriticalSection

RtlQueryEnvironmentVariable_U

RtlGetCurrentDirectory_U

ZwAllocateUuids

RtlLocalTimeToSystemTime

RtlSystemTimeToLocalTime

ZwReleaseMutant

RtlGetFullPathName_U

ZwResetEvent

ZwSetEvent

ZwDelayExecution

RtlCreateUserThread

ZwQueryInformationThread

ZwTerminateProcess

ZwDuplicateObject

ZwSetInformationThread

LdrShutdownThread

CsrClientCallServer

ZwTerminateThread

ZwAdjustPrivilegesToken

RtlUnicodeStringToAnsiString

RtlAnsiStringToUnicodeString

ZwFsControlFile

ZwCreateEvent

ZwWriteFile

ZwFlushBuffersFile

ZwReadFile

ZwCancelIoFile

RtlSetOwnerSecurityDescriptor

ZwOpenKey

ZwQueryKey

RtlCreateSecurityDescriptor

ZwEnumerateKey

ZwDeleteKey

RtlGetOwnerSecurityDescriptor

ZwLoadKey

RtlAddAccessAllowedAceEx

RtlGetDaclSecurityDescriptor

ZwEnumerateValueKey

ZwQueryValueKey

RtlSetSaclSecurityDescriptor

RtlGetGroupSecurityDescriptor

RtlSetGroupSecurityDescriptor

RtlGetSaclSecurityDescriptor

RtlInitAnsiString

ZwDeleteValueKey

ZwQuerySecurityObject

RtlSetDaclSecurityDescriptor

RtlValidSecurityDescriptor

RtlCreateAcl

NtUnlockFile

NtLockFile

ZwNotifyChangeDirectoryFile

ZwCreateSection

ZwCreateKey

ZwSetValueKey

version

GetFileVersionInfoW

GetFileVersionInfoSizeW

VerQueryValueW

psapi

EnumProcesses

EnumProcessModules

GetModuleFileNameExW

GetModuleBaseNameW

rasapi32

RasEnumEntriesW

RasEnumConnectionsW

rpcrt4

UuidFromStringW

UuidFromStringA

ole32

CoInitializeSecurity

CoInitializeEx

CoUninitialize

CoCreateInstance

Exports

??0AvgdEXE@@QAE@ABV0@@Z

??0AvgdEXE@@QAE@XZ

??4AvgdEXE@@QAEAAV0@ABV0@@Z

??_7AvgdEXE@@6B@

?AddExtraFile@AvgdEXE@@UAE_NPB_W@Z

?Cancel@AvgdEXE@@UAEXXZ

?CleanExtraFiles@AvgdEXE@@UAEXXZ

?Close@AvgdEXE@@UAEXPAX@Z

?GetObjectFactory@AvgdEXE@@UAEPAXXZ

?GetUImoduleName@AvgdEXE@@UAEPB_WXZ

?Init@AvgdEXE@@UAEXPAUIAvgdUI@@@Z

?RegisterInRS@AvgdEXE@@UAE_N_N@Z

?Run@AvgdEXE@@UAE_NXZ

?SetEmail@AvgdEXE@@UAEXPB_W@Z

?SetUIModuleName@AvgdEXE@@UAEXPB_W@Z

?SetUserText@AvgdEXE@@UAEXPB_W@Z

?ValidateEmail@AvgdEXE@@UAE_NPB_W@Z

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 401KB - Virtual size: 401KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

avgdiaglog.cfg

avgduix.dll

.dll windows:5 windows x86 arch:x86

4d078826437c83c15ad45e57a8d741f1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

Extended Key Usages

ExtKeyUsageServerAuth

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

49:84:48:9d:ec:62:00:de:ce:ad:93:d4:73:2c:ab:ca
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2012, 00:00

Not After

05/01/2015, 23:59

Subject

CN=AVG Technologies CZ\, s.r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AVG Technologies CZ\, s.r.o.,L=Brno,ST=Jihomoravsky kraj,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

09:f2:d0:c2:44:b8:2b:a6:dc:b2:6c:8b:ad:c0:f0:cb:0e:73:1a:b8
Signer

Actual PE Digest

09:f2:d0:c2:44:b8:2b:a6:dc:b2:6c:8b:ad:c0:f0:cb:0e:73:1a:b8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

d:\nightly\sandbox_avg_vc10_AVG2013_SP1_RR\source\build\avg_client_ru_mt_sll_win32_vs100\bin\Release_Unicode_MT_SLL_vs100\Win32\avgduix.pdb

Imports

ntdll

ZwSetInformationThread

ZwWaitForSingleObject

LdrShutdownThread

CsrClientCallServer

ZwResumeThread

ZwTerminateThread

RtlGetCurrentDirectory_U

ZwTerminateProcess

RtlQueryEnvironmentVariable_U

RtlDosPathNameToNtPathName_U

RtlCreateUnicodeString

RtlExpandEnvironmentStrings_U

LdrLoadDll

LdrGetProcedureAddress

RtlInitAnsiString

RtlInitUnicodeString

LdrUnloadDll

RtlInitializeCriticalSection

RtlDeleteCriticalSection

RtlReAllocateHeap

RtlCreateUserThread

RtlNtStatusToDosError

ZwClose

ZwOpenProcess

ZwQueryInformationProcess

ZwQueryInformationToken

NtUnlockFile

NtLockFile

ZwNotifyChangeDirectoryFile

ZwCancelIoFile

RtlTimeToTimeFields

NtClose

RtlOpenCurrentUser

ZwReadVirtualMemory

ZwQueryVirtualMemory

RtlGetAce

ZwCreateKey

ZwDelayExecution

ZwQuerySymbolicLinkObject

ZwCreateSection

ZwUnmapViewOfSection

ZwFlushVirtualMemory

ZwMapViewOfSection

ZwFlushBuffersFile

ZwOpenSymbolicLinkObject

RtlCreateAcl

RtlValidSecurityDescriptor

RtlSetDaclSecurityDescriptor

RtlEqualSid

ZwQuerySecurityObject

ZwSetValueKey

RtlAddAccessDeniedAceEx

RtlCopySid

ZwSetSecurityObject

LdrGetDllHandle

ZwFsControlFile

ZwReadFile

ZwSetInformationFile

ZwCreateFile

ZwQueryInformationFile

ZwWriteFile

ZwCreateEvent

RtlFreeHeap

ZwSetEvent

ZwResetEvent

RtlIsDosDeviceName_U

ZwQueryDirectoryFile

RtlAllocateHeap

RtlGetSaclSecurityDescriptor

RtlSetGroupSecurityDescriptor

RtlGetGroupSecurityDescriptor

RtlSetSaclSecurityDescriptor

RtlFreeUnicodeString

ZwQueryValueKey

RtlLocalTimeToSystemTime

RtlTimeFieldsToTime

RtlGetFullPathName_U

ZwQuerySystemInformation

RtlxUnicodeStringToOemSize

NlsMbOemCodePageTag

RtlxUnicodeStringToAnsiSize

RtlOemStringToUnicodeString

RtlxAnsiStringToUnicodeSize

RtlxOemStringToUnicodeSize

RtlUnicodeStringToOemString

RtlUnicodeStringToAnsiString

RtlAnsiStringToUnicodeString

RtlDowncaseUnicodeString

RtlUpcaseUnicodeString

RtlLeaveCriticalSection

RtlEnterCriticalSection

RtlSetOwnerSecurityDescriptor

ZwOpenKey

ZwQueryKey

RtlCreateSecurityDescriptor

ZwEnumerateKey

ZwDeleteKey

RtlGetOwnerSecurityDescriptor

ZwOpenFile

RtlAddAccessAllowedAceEx

RtlGetDaclSecurityDescriptor

kernel32

LoadLibraryExW

GetLocaleInfoW

WideCharToMultiByte

GlobalFindAtomW

ConvertDefaultLocale

GetUserDefaultUILanguage

GetModuleFileNameW

lstrcmpA

GetPrivateProfileIntW

WritePrivateProfileStringW

GetPrivateProfileStringW

GetCurrentProcessId

SuspendThread

CreateActCtxW

ReleaseActCtx

InterlockedDecrement

LocalFree

FormatMessageW

GlobalSize

CopyFileW

InitializeCriticalSection

GlobalFlags

GetSystemDirectoryW

lstrcpyW

LocalAlloc

TlsGetValue

GlobalReAlloc

GlobalHandle

TlsAlloc

TlsSetValue

LocalReAlloc

TlsFree

InterlockedIncrement

lstrlenA

GlobalGetAtomNameW

SetErrorMode

GetCurrentDirectoryW

DeleteFileW

lstrcmpiW

CreateFileW

ReadFile

WriteFile

SetFilePointer

FlushFileBuffers

LockFile

UnlockFile

SetEndOfFile

GetFileSize

GetVolumeInformationW

GetFullPathNameW

FileTimeToSystemTime

GetTempFileNameW

GetTempPathW

GetWindowsDirectoryW

GetNumberFormatW

GetFileAttributesExW

FileTimeToLocalFileTime

GetFileAttributesW

GetFileSizeEx

GetFileTime

GetTickCount

GetProfileIntW

Sleep

SearchPathW

VirtualProtect

EncodePointer

DecodePointer

GetCommandLineA

RtlUnwind

RaiseException

ExitProcess

ExitThread

CreateThread

InterlockedExchange

HeapQueryInformation

HeapSize

GetSystemTimeAsFileTime

GetSystemInfo

VirtualQuery

SetStdHandle

GetFileType

TerminateProcess

UnhandledExceptionFilter

SetUnhandledExceptionFilter

IsDebuggerPresent

IsProcessorFeaturePresent

GetStdHandle

SetHandleCount

GetStartupInfoW

GetModuleFileNameA

FreeEnvironmentStringsW

GetEnvironmentStringsW

HeapCreate

HeapDestroy

QueryPerformanceCounter

GetTimeZoneInformation

GetCPInfo

GetACP

GetOEMCP

IsValidCodePage

GetStringTypeW

SetConsoleCtrlHandler

LCMapStringW

GetConsoleCP

GetConsoleMode

WriteConsoleW

SetEnvironmentVariableA

GlobalDeleteAtom

GetVersionExW

CompareStringW

LeaveCriticalSection

EnterCriticalSection

DeleteCriticalSection

InitializeCriticalSectionAndSpinCount

lstrcmpW

LoadLibraryA

ExpandEnvironmentStringsA

GlobalUnlock

GlobalLock

GlobalAlloc

FreeResource

MultiByteToWideChar

GetVersionExA

HeapAlloc

VirtualFree

VirtualAlloc

GlobalFree

GetProcessHeap

HeapFree

ActivateActCtx

GetModuleHandleW

DeactivateActCtx

SetLastError

MulDiv

CreateProcessW

SizeofResource

LockResource

LoadResource

FindResourceW

FindResourceExW

FreeLibrary

CreateFileA

GetProcAddress

LoadLibraryW

FindClose

FindFirstFileW

ResumeThread

DuplicateHandle

GetLastError

SetThreadPriority

GetCurrentThread

GetCurrentProcess

CloseHandle

CreateEventW

WaitForSingleObject

SetEvent

lstrlenW

GetCurrentThreadId

HeapReAlloc

GlobalAddAtomW

WaitForMultipleObjectsEx

OutputDebugStringW

FlushConsoleInputBuffer

ReadConsoleInputA

SetConsoleMode

GetSystemDefaultUILanguage

user32

CallNextHookEx

SetWindowsHookExW

GetCapture

IsChild

SendDlgItemMessageA

SendDlgItemMessageW

LoadIconW

CheckDlgButton

SetDlgItemTextW

IsDialogMessageW

PostQuitMessage

ShowOwnedPopups

GetWindowThreadProcessId

TranslateMessage

GetMessageW

GetKeyNameTextW

MapVirtualKeyW

InsertMenuW

AppendMenuW

GetMenuStringW

TabbedTextOutW

DrawTextExW

GrayStringW

GetWindowDC

LoadMenuW

WindowFromPoint

NotifyWinEvent

RealChildWindowFromPoint

GetSysColorBrush

EnumDisplayMonitors

SetLayeredWindowAttributes

DestroyMenu

CopyImage

UnregisterClassW

DeleteMenu

CharUpperW

SetWindowRgn

SetCapture

GetAsyncKeyState

IsZoomed

UnionRect

EnableScrollBar

UpdateLayeredWindow

MonitorFromPoint

CreatePopupMenu

SetMenuDefaultItem

GetMenuDefaultItem

DestroyAcceleratorTable

SetClassLongW

DrawEdge

DrawFrameControl

CopyAcceleratorTableW

ToUnicodeEx

GetKeyboardLayout

GetKeyboardState

LoadAcceleratorsW

CreateAcceleratorTableW

SetCursorPos

BringWindowToTop

LockWindowUpdate

InvertRect

HideCaret

GetIconInfo

GetNextDlgGroupItem

RegisterClipboardFormatW

FrameRect

TranslateAcceleratorW

ReuseDDElParam

UnpackDDElParam

CopyIcon

CharUpperBuffW

PostThreadMessageW

WaitMessage

DefFrameProcW

DefMDIChildProcW

DrawMenuBar

RegisterClassExW

GetClassLongW

CreateMenu

IsClipboardFormatAvailable

GetUpdateRect

GetDoubleClickTime

IsCharLowerW

MapVirtualKeyExW

SubtractRect

DestroyCursor

MapDialogRect

GetWindowRgn

SetCursor

CallWindowProcW

SetFocus

SetScrollInfo

GetScrollInfo

GetCursorPos

EndPaint

BeginPaint

SetWindowPos

GetWindowTextW

GetWindowTextLengthW

SetWindowLongW

GetWindowLongW

CreateWindowExW

LoadCursorW

IsRectEmpty

GetSysColor

SystemParametersInfoW

RemoveMenu

GetMenuItemID

GetMenuItemInfoW

IsMenu

GetMenuItemCount

InsertMenuItemW

DrawIconEx

FillRect

LoadImageW

GetDesktopWindow

GetDlgCtrlID

ReleaseCapture

PtInRect

ShowCaret

GetMessagePos

GetFocus

GetKeyState

IsWindowVisible

IsWindowEnabled

MapWindowPoints

RedrawWindow

KillTimer

SetTimer

DefWindowProcW

ReleaseDC

GetDC

InvalidateRect

IsWindow

GetParent

GetClientRect

DrawFocusRect

DrawTextW

SetRectEmpty

InflateRect

OffsetRect

GetSystemMetrics

ScreenToClient

GetWindowRect

PostMessageW

ShowWindow

SendMessageTimeoutW

SetWindowTextW

MoveWindow

RegisterWindowMessageW

GetDlgItem

SendMessageW

EnableWindow

DestroyIcon

DestroyWindow

GetScrollRange

SetPropW

GetPropW

RemovePropW

GetForegroundWindow

DispatchMessageW

BeginDeferWindowPos

EndDeferWindowPos

GetTopWindow

UnhookWindowsHookEx

GetMessageTime

PeekMessageW

MonitorFromWindow

ScrollWindow

TrackPopupMenu

SetMenu

SetScrollRange

SetForegroundWindow

ShowScrollBar

ValidateRect

GetClassInfoExW

GetSubMenu

GetClassInfoW

RegisterClassW

AdjustWindowRectEx

DeferWindowPos

SetWindowPlacement

GetMenu

SetActiveWindow

CreateDialogIndirectParamW

EndDialog

SetScrollPos

GetWindow

UpdateWindow

DrawStateW

SetMenuItemBitmaps

GetMenuCheckMarkDimensions

LoadBitmapW

ModifyMenuW

GetMenuState

CheckMenuItem

WinHelpW

MessageBoxW

CloseClipboard

SetClipboardData

EmptyClipboard

OpenClipboard

GetSystemMenu

EnableMenuItem

MessageBeep

GetLastActivePopup

GetActiveWindow

GetMonitorInfoW

MonitorFromRect

DrawIcon

GetClassNameW

SetParent

EqualRect

IntersectRect

SystemParametersInfoA

GetWindowPlacement

IsIconic

SetRect

GetNextDlgTabItem

ClientToScreen

TranslateMDISysAccel

GetScrollPos

EnumWindows

AttachThreadInput

FlashWindowEx

CopyRect

gdi32

LPtoDP

SetPaletteEntries

ExtFloodFill

EnumFontFamiliesExW

Rectangle

SetDIBColorTable

GetRgnBox

OffsetRgn

GetSystemPaletteEntries

RealizePalette

GetNearestPaletteIndex

GetPaletteEntries

CreatePalette

Polyline

CreateEllipticRgn

GetTextColor

GetBkColor

CreatePolygonRgn

CreateRoundRectRgn

GetTextCharsetInfo

EnumFontFamiliesW

GetWindowOrgEx

CombineRgn

SetRectRgn

CreateHatchBrush

GetObjectType

SelectPalette

CreatePatternBrush

ExtSelectClipRgn

GetViewportOrgEx

FillRgn

GetBoundsRect

DeleteDC

ScaleWindowExtEx

SetWindowExtEx

OffsetWindowOrgEx

SetWindowOrgEx

ScaleViewportExtEx

SetViewportExtEx

OffsetViewportOrgEx

SetViewportOrgEx

Escape

RectVisible

ExtTextOutW

SetBkColor

GetTextMetricsW

CreateCompatibleBitmap

CreateCompatibleDC

GetDeviceCaps

GetTextFaceW

CreateRectRgn

PtInRegion

GetTextExtentPoint32W

GetStockObject

CreateFontIndirectW

GetObjectW

FrameRgn

CreateSolidBrush

CreateDIBitmap

PtVisible

GetPixel

SetPixelV

DPtoLP

BitBlt

DeleteObject

SetTextJustification

SetBkMode

SetTextColor

CreatePen

MoveToEx

LineTo

TextOutW

GetDIBits

SetDIBits

GetClipRgn

SelectClipRgn

CreateDIBSection

SetPixel

Ellipse

Polygon

StretchBlt

SetDCPenColor

CreateFontW

GetClipBox

ExcludeClipRect

CreateBitmap

CreateRectRgnIndirect

PatBlt

CopyMetaFileW

CreateDCW

SaveDC

RestoreDC

SetPolyFillMode

SetROP2

SetMapMode

IntersectClipRect

SetTextAlign

GetLayout

SetLayout

GetViewportExtEx

GetWindowExtEx

SelectObject

msimg32

TransparentBlt

AlphaBlend

comdlg32

GetOpenFileNameW

GetFileTitleW

winspool.drv

ClosePrinter

OpenPrinterW

DocumentPropertiesW

advapi32

RegEnumKeyExW

RegCloseKey

RegQueryValueExA

RegOpenKeyExA

RegQueryValueExW

RegOpenKeyExW

RegCreateKeyExW

RegSetValueExW

RegDeleteValueW

RegDeleteKeyW

RegEnumKeyW

RegQueryValueW

RegEnumValueW

shell32

DragQueryFileW

SHGetFileInfoW

SHGetDesktopFolder

SHBrowseForFolderW

ShellExecuteW

DragFinish

SHAppBarMessage

SHGetSpecialFolderLocation

SHGetPathFromIDListW

comctl32

_TrackMouseEvent

InitCommonControlsEx

ImageList_GetIconSize

shlwapi

PathFindFileNameW

PathStripToRootW

PathIsUNCW

PathFindExtensionW

PathRemoveFileSpecW

ole32

CoCreateGuid

CoTaskMemFree

RevokeDragDrop

CoLockObjectExternal

RegisterDragDrop

OleGetClipboard

OleLockRunning

IsAccelerator

OleTranslateAccelerator

OleDestroyMenuDescriptor

OleCreateMenuDescriptor

DoDragDrop

CreateStreamOnHGlobal

CoInitializeEx

CoUninitialize

CoInitialize

CoCreateInstance

OleDuplicateData

CoTaskMemAlloc

ReleaseStgMedium

oleaut32

VarBstrFromDate

SystemTimeToVariantTime

VariantTimeToSystemTime

SysStringLen

SysAllocString

VariantInit

VariantChangeType

VariantClear

SysAllocStringLen

SysFreeString

gdiplus

GdipCreateFromHDC

GdiplusShutdown

GdiplusStartup

GdipSetInterpolationMode

GdipDrawImageRectI

GdipCloneImage

GdipGetImageWidth

GdipCreateBitmapFromHBITMAP

GdipGetImagePixelFormat

GdipGetImagePaletteSize

GdipGetImagePalette

GdipCreateBitmapFromStream

GdipCreateBitmapFromScan0

GdipBitmapLockBits

GdipBitmapUnlockBits

GdipGetImageGraphicsContext

GdipDrawImageI

GdipDeleteGraphics

GdipDisposeImage

GdipGetImageHeight

GdipFree

GdipAlloc

oleacc

CreateStdAccessibleObject

AccessibleObjectFromWindow

LresultFromObject

imm32

ImmGetOpenStatus

ImmReleaseContext

ImmGetContext

winmm

PlaySoundW

uxtheme

SetWindowTheme

Exports

??0AvgdUI@@QAE@ABV0@@Z

??0AvgdUI@@QAE@XZ

??1AvgdUI@@QAE@XZ

??4AvgdUI@@QAEAAV0@ABV0@@Z

??_7AvgdUI@@6B@

?Cleanup@AvgdUI@@UAEXXZ

?CloseDlg@AvgdUI@@UAE_NXZ

?CreateDlg@AvgdUI@@UAE_NXZ

?DiagFinished@AvgdUI@@UAE_NIPB_W@Z

?HideProgress@AvgdUI@@UAE_NXZ

?Init@AvgdUI@@UAEXPAUIAvgdEXE@@@Z

?SetProgress@AvgdUI@@UAE_NI@Z

?SetProgressText@AvgdUI@@UAE_NPB_W@Z

?ShowMessageBox@AvgdUI@@UAEHPB_W0I@Z

?ShowProgress@AvgdUI@@UAE_NXZ

GetAvgdUI

GetInterfaceVersion

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 502KB - Virtual size: 501KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 238KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

avgdumpx.exe

.exe windows:5 windows x86 arch:x86

724ee7c234cd79aba63bac74cea15f77

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

Extended Key Usages

ExtKeyUsageServerAuth

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

49:84:48:9d:ec:62:00:de:ce:ad:93:d4:73:2c:ab:ca
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2012, 00:00

Not After

05/01/2015, 23:59

Subject

CN=AVG Technologies CZ\, s.r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AVG Technologies CZ\, s.r.o.,L=Brno,ST=Jihomoravsky kraj,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

ef:eb:90:d2:b3:9a:eb:93:da:fc:a5:b1:e6:bd:ce:85:20:46:16:b4
Signer

Actual PE Digest

ef:eb:90:d2:b3:9a:eb:93:da:fc:a5:b1:e6:bd:ce:85:20:46:16:b4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\nightly\sandbox_avg_vc10_SmallUpdate2013-06\source\build\avg_client_ru_sls_win32_vs100\bin\Release_Unicode_vs100\Win32\avgdumpx.pdb

Imports

kernel32

DebugActiveProcess

DebugActiveProcessStop

DebugSetProcessKillOnExit

ContinueDebugEvent

WaitForDebugEvent

GetUserDefaultLCID

GetSystemDefaultLCID

GetLocaleInfoW

GetSystemTimeAsFileTime

GetCurrentProcessId

GetCurrentThreadId

GetTickCount

QueryPerformanceCounter

IsDebuggerPresent

SetUnhandledExceptionFilter

UnhandledExceptionFilter

GetCurrentProcess

TerminateProcess

GetStartupInfoW

HeapSetInformation

InterlockedCompareExchange

Sleep

InterlockedExchange

DecodePointer

EncodePointer

OutputDebugStringA

OutputDebugStringW

WaitForMultipleObjectsEx

CloseHandle

CancelIo

DeviceIoControl

GetLastError

GetOverlappedResult

CreateFileW

IsProcessorFeaturePresent

ntdll

RtlOemStringToUnicodeString

RtlxUnicodeStringToAnsiSize

NlsMbOemCodePageTag

RtlxUnicodeStringToOemSize

RtlUpcaseUnicodeString

ZwFsControlFile

ZwReadFile

ZwWriteFile

RtlLocalTimeToSystemTime

LdrUnloadDll

RtlInitAnsiString

LdrGetProcedureAddress

LdrLoadDll

ZwCreateEvent

RtlGetCurrentDirectory_U

RtlQueryEnvironmentVariable_U

ZwTerminateThread

CsrClientCallServer

LdrShutdownThread

RtlFreeHeap

RtlCreateUserThread

ZwDelayExecution

RtlGetFullPathName_U

RtlAddAccessDeniedAceEx

RtlCopySid

ZwSetSecurityObject

RtlExpandEnvironmentStrings_U

RtlCreateUnicodeString

RtlDosPathNameToNtPathName_U

RtlDeleteCriticalSection

RtlInitializeCriticalSection

ZwResetEvent

LdrGetDllHandle

RtlxAnsiStringToUnicodeSize

ZwOpenSymbolicLinkObject

RtlIsDosDeviceName_U

ZwQueryDirectoryFile

ZwMapViewOfSection

ZwFlushVirtualMemory

ZwUnmapViewOfSection

ZwCreateSection

ZwAllocateUuids

RtlxOemStringToUnicodeSize

RtlUnicodeStringToOemString

RtlUnicodeStringToAnsiString

RtlAnsiStringToUnicodeString

RtlLeaveCriticalSection

RtlEnterCriticalSection

RtlSetOwnerSecurityDescriptor

ZwQueryKey

RtlCreateSecurityDescriptor

ZwDeleteKey

RtlGetOwnerSecurityDescriptor

RtlAddAccessAllowedAceEx

RtlGetDaclSecurityDescriptor

RtlSetSaclSecurityDescriptor

RtlGetGroupSecurityDescriptor

RtlSetGroupSecurityDescriptor

RtlGetSaclSecurityDescriptor

ZwSetValueKey

ZwQuerySecurityObject

RtlSetDaclSecurityDescriptor

RtlValidSecurityDescriptor

RtlCreateAcl

ZwCreateKey

RtlGetAce

RtlTimeToTimeFields

RtlTimeFieldsToTime

RtlReAllocateHeap

RtlOpenCurrentUser

NtClose

ZwAdjustPrivilegesToken

ZwSetInformationToken

ZwDuplicateToken

RtlEqualSid

ZwQueryInformationFile

ZwOpenFile

ZwQueryVolumeInformationFile

RtlAllocateHeap

ZwCreateFile

RtlFreeUnicodeString

ZwOpenKey

RtlLengthSid

ZwEnumerateKey

ZwQueryInformationThread

ZwQueryInformationToken

ZwQueryInformationProcess

RtlCompareUnicodeString

ZwDuplicateObject

ZwEnumerateValueKey

ZwQueryValueKey

ZwQueryVirtualMemory

ZwQuerySystemInformation

ZwQueryObject

RtlInitUnicodeString

ZwQueryDefaultLocale

ZwSuspendThread

ZwOpenThread

ZwGetContextThread

ZwResumeThread

ZwReadVirtualMemory

ZwTerminateProcess

ZwOpenProcess

ZwClose

RtlNtStatusToDosError

ZwSetEvent

ZwWaitForSingleObject

ZwOpenSection

ZwCancelIoFile

ZwSetInformationFile

ZwQuerySymbolicLinkObject

msvcr100

_CxxThrowException

memset

_controlfp_s

_invoke_watson

?_type_info_dtor_internal_method@type_info@@QAEXXZ

?terminate@@YAXXZ

_except_handler4_common

_crt_debugger_hook

__set_app_type

_fmode

_commode

__setusermatherr

_configthreadlocale

_initterm_e

_initterm

_wcmdln

exit

_XcptFilter

_exit

_cexit

__wgetmainargs

_amsg_exit

__CxxFrameHandler3

_onexit

_lock

__dllonexit

_unlock

??2@YAPAXI@Z

?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z

modf

??3@YAXPAX@Z

_purecall

??_V@YAXPAX@Z

memmove

memcpy

Exports

??0_Mutex@std@@QAE@W4_Uninitialized@1@@Z

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

Sections

.text
Size: 480KB - Virtual size: 480KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

avgidsh.cat

avgidsh.inf

avgidsha.sys

.dll windows:6 windows x64 arch:x64

7aa577420eb32e7283e5b5a219514da2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

Extended Key Usages

ExtKeyUsageServerAuth

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

26:6d:33:3e:de:17:a8:b4:72:05:3e:4f:a3:93:45:72
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

22/10/2014, 00:00

Not After

20/01/2018, 23:59

Subject

CN=AVG Technologies CZ\, s.r.o.,O=AVG Technologies CZ\, s.r.o.,L=Brno,ST=Jihomoravsky kraj,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

Extended Key Usages

ExtKeyUsageServerAuth

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

20:c1:e2:57:ed:16:f4:e6:48:7a:79:ee:52:af:cb:58
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

22/10/2014, 00:00

Not After

20/01/2018, 23:59

Subject

CN=AVG Technologies CZ\, s.r.o.,O=AVG Technologies CZ\, s.r.o.,L=Brno,ST=Jihomoravsky kraj,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

5e:8d:2d:ac:a4:46:65:54:6b:b5:87:97:81:91:a8:bf
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

31/10/2007, 00:00

Not After

30/10/2017, 23:59

Subject

CN=GeoTrust Timestamping Signer 1,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

b2:7a:90:46:5b:62:4b:a3:b6:d9:67:ff:4f:e0:77:d0:98:f7:c5:bb:ba:5d:f9:89:92:ad:0a:2f:6f:60:90:76
Signer

Actual PE Digest

b2:7a:90:46:5b:62:4b:a3:b6:d9:67:ff:4f:e0:77:d0:98:f7:c5:bb:ba:5d:f9:89:92:ad:0a:2f:6f:60:90:76

Digest Algorithm

sha256

PE Digest Matches

true

43:f8:b7:df:31:d7:a5:66:fc:0b:bc:76:6d:7b:5a:db:4d:7f:3b:c5
Signer

Actual PE Digest

43:f8:b7:df:31:d7:a5:66:fc:0b:bc:76:6d:7b:5a:db:4d:7f:3b:c5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

d:\nightly\sandbox_avg_vc10_HotFix2013-19\source\build\avg_drivers_vs100\bin\Release_Unicode_DRIVER_wlh_vs100\x64\avgidsha.pdb

Imports

ntoskrnl.exe

KeInitializeMutex

KeReleaseMutex

KeWaitForSingleObject

IoBuildDeviceIoControlRequest

RtlInitUnicodeString

KeInitializeEvent

KeReleaseSpinLock

IoGetDeviceObjectPointer

_purecall

RtlCompareUnicodeString

ObfDereferenceObject

IofCallDriver

KeAcquireSpinLockRaiseToDpc

KeReadStateEvent

KeSetEvent

wcsncmp

towupper

strncpy

PsGetCurrentThreadId

PsGetCurrentProcessId

KeClearEvent

IoDeleteSymbolicLink

ZwFsControlFile

PsSetLoadImageNotifyRoutine

IoDeleteDevice

RtlAppendUnicodeToString

ZwSetValueKey

PsSetCreateProcessNotifyRoutine

ZwQueryValueKey

IoGetCurrentProcess

InitSafeBootMode

ZwClose

IofCompleteRequest

PsRemoveLoadImageNotifyRoutine

IoCreateSymbolicLink

RtlCopyUnicodeString

ExFreePoolWithTag

ZwOpenFile

ZwOpenKey

ZwReadFile

ZwSetInformationFile

ZwCreateFile

RtlPrefixUnicodeString

ZwDeleteFile

ZwQueryInformationFile

ZwWriteFile

KeDelayExecutionThread

_strnicmp

PsLookupProcessByProcessId

MmGetSystemRoutineAddress

ZwTerminateProcess

ZwQuerySystemInformation

ObReferenceObjectByHandle

ZwOpenProcess

ExAcquireResourceExclusiveLite

ZwCreateKey

KeLeaveCriticalRegion

ZwQuerySymbolicLinkObject

IoFreeWorkItem

ZwDeleteValueKey

ZwOpenSymbolicLinkObject

KeEnterCriticalRegion

IoAllocateWorkItem

ExReleaseResourceLite

RtlAppendUnicodeStringToString

PsGetVersion

ExDeleteResourceLite

IoQueueWorkItem

ExInitializeResourceLite

ZwDeleteKey

IoCreateDevice

ExAllocatePoolWithTag

ZwOpenProcessToken

ZwEnumerateValueKey

RtlNtStatusToDosErrorNoTeb

ZwEnumerateKey

ZwQueryKey

RtlUpcaseUnicodeString

KeQueryTimeIncrement

RtlGetAce

RtlCreateAcl

RtlValidSecurityDescriptor

RtlSetDaclSecurityDescriptor

RtlEqualSid

RtlCopySid

ZwQuerySecurityObject

RtlGetSaclSecurityDescriptor

RtlSetGroupSecurityDescriptor

RtlGetGroupSecurityDescriptor

RtlSetSaclSecurityDescriptor

ZwSetSecurityObject

RtlGetDaclSecurityDescriptor

RtlAddAccessAllowedAceEx

ZwQueryInformationToken

RtlGetOwnerSecurityDescriptor

RtlCreateSecurityDescriptor

RtlSetOwnerSecurityDescriptor

RtlValidSid

RtlCompareMemory

RtlLengthSid

__C_specific_handler

hal

KeQueryPerformanceCounter

Sections

.text
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

PAGE
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

avgidshx.sys

.dll windows:6 windows x86 arch:x86

6e03fe4fe9ff4989cbefd7ed4f65496d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

Extended Key Usages

ExtKeyUsageServerAuth

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

26:6d:33:3e:de:17:a8:b4:72:05:3e:4f:a3:93:45:72
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

22/10/2014, 00:00

Not After

20/01/2018, 23:59

Subject

CN=AVG Technologies CZ\, s.r.o.,O=AVG Technologies CZ\, s.r.o.,L=Brno,ST=Jihomoravsky kraj,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

Extended Key Usages

ExtKeyUsageServerAuth

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

20:c1:e2:57:ed:16:f4:e6:48:7a:79:ee:52:af:cb:58
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

22/10/2014, 00:00

Not After

20/01/2018, 23:59

Subject

CN=AVG Technologies CZ\, s.r.o.,O=AVG Technologies CZ\, s.r.o.,L=Brno,ST=Jihomoravsky kraj,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

5e:8d:2d:ac:a4:46:65:54:6b:b5:87:97:81:91:a8:bf
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

31/10/2007, 00:00

Not After

30/10/2017, 23:59

Subject

CN=GeoTrust Timestamping Signer 1,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

1a:7a:17:1a:66:9f:d2:02:06:b3:a3:5b:d0:0a:8a:d9:92:a2:0f:16:37:20:ed:f0:2e:65:0e:39:60:37:66:7a
Signer

Actual PE Digest

1a:7a:17:1a:66:9f:d2:02:06:b3:a3:5b:d0:0a:8a:d9:92:a2:0f:16:37:20:ed:f0:2e:65:0e:39:60:37:66:7a

Digest Algorithm

sha256

PE Digest Matches

true

65:05:98:fa:87:61:d4:45:ca:3c:be:60:42:8a:2f:12:d2:48:7f:99
Signer

Actual PE Digest

65:05:98:fa:87:61:d4:45:ca:3c:be:60:42:8a:2f:12:d2:48:7f:99

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

d:\nightly\sandbox_avg_vc10_HotFix2013-19\source\build\avg_drivers_vs100\bin\Release_Unicode_DRIVER_wxp_vs100\Win32\avgidshx.pdb

Imports

ntoskrnl.exe

IoBuildDeviceIoControlRequest

RtlInitUnicodeString

KeInitializeEvent

IoGetDeviceObjectPointer

_purecall

RtlCompareUnicodeString

ObfDereferenceObject

IofCallDriver

KeReadStateEvent

KeSetEvent

KeQuerySystemTime

wcsncmp

towupper

strncpy

PsGetCurrentThreadId

PsGetCurrentProcessId

KeClearEvent

IoDeleteSymbolicLink

memmove

ZwFsControlFile

PsSetLoadImageNotifyRoutine

IoDeleteDevice

RtlAppendUnicodeToString

ZwSetValueKey

PsSetCreateProcessNotifyRoutine

ZwQueryValueKey

IoGetCurrentProcess

InitSafeBootMode

ZwClose

IofCompleteRequest

PsRemoveLoadImageNotifyRoutine

IoCreateSymbolicLink

RtlCopyUnicodeString

IoCreateDevice

ZwOpenFile

KeWaitForSingleObject

ZwReadFile

ZwSetInformationFile

ZwCreateFile

RtlPrefixUnicodeString

ZwDeleteFile

ZwQueryInformationFile

ZwWriteFile

KeDelayExecutionThread

_strnicmp

PsLookupProcessByProcessId

MmGetSystemRoutineAddress

KeServiceDescriptorTable

ZwTerminateProcess

ZwQuerySystemInformation

ObReferenceObjectByHandle

ZwOpenProcess

ExAcquireResourceExclusiveLite

ZwCreateKey

KeLeaveCriticalRegion

ZwQuerySymbolicLinkObject

IoFreeWorkItem

ZwDeleteValueKey

ZwOpenSymbolicLinkObject

KeEnterCriticalRegion

IoAllocateWorkItem

ExReleaseResourceLite

RtlAppendUnicodeStringToString

PsGetVersion

ExDeleteResourceLite

IoQueueWorkItem

ExInitializeResourceLite

ZwDeleteKey

KeReleaseMutex

KeInitializeMutex

ExFreePoolWithTag

ZwOpenKey

ExAllocatePoolWithTag

ZwOpenProcessToken

ZwEnumerateValueKey

ZwEnumerateKey

ZwQueryKey

RtlUpcaseUnicodeString

KeQueryTimeIncrement

KeTickCount

RtlGetAce

RtlCreateAcl

RtlValidSecurityDescriptor

RtlSetDaclSecurityDescriptor

RtlEqualSid

RtlCopySid

ZwQuerySecurityObject

RtlGetSaclSecurityDescriptor

RtlSetGroupSecurityDescriptor

RtlGetGroupSecurityDescriptor

RtlSetSaclSecurityDescriptor

ZwSetSecurityObject

RtlGetDaclSecurityDescriptor

ZwQueryInformationToken

RtlGetOwnerSecurityDescriptor

RtlCreateSecurityDescriptor

RtlSetOwnerSecurityDescriptor

RtlValidSid

RtlCompareMemory

RtlLengthSid

_allmul

memcpy

_alldiv

_except_handler3

memset

_aullshr

hal

KeGetCurrentIrql

KfReleaseSpinLock

KfAcquireSpinLock

KeQueryPerformanceCounter

Sections

.text
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

PAGE
Size: 512B - Virtual size: 269B

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

avgkrnlapix.dll

.dll windows:5 windows x86 arch:x86

5e1e09fb0a6150ea2145cffc88769458

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

Extended Key Usages

ExtKeyUsageServerAuth

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

26:6d:33:3e:de:17:a8:b4:72:05:3e:4f:a3:93:45:72
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

22/10/2014, 00:00

Not After

20/01/2018, 23:59

Subject

CN=AVG Technologies CZ\, s.r.o.,O=AVG Technologies CZ\, s.r.o.,L=Brno,ST=Jihomoravsky kraj,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

b2:81:db:d1:d5:38:aa:36:b2:dc:78:06:23:5e:22:c0:c2:87:5f:65
Signer

Actual PE Digest

b2:81:db:d1:d5:38:aa:36:b2:dc:78:06:23:5e:22:c0:c2:87:5f:65

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

d:\nightly\sandbox_avg_vc10_HotFix2013-22\source\build\avg_client_ru_dls_win32_vs100\bin\Release_Unicode_DLS_vs100\Win32\avgkrnlapix.pdb

Imports

avgsysx

?AvgToASCIILower@@YG_W_W@Z

?GetCurrentThreadId@AvgBasThread@@SGKXZ

?Assign@AvgGuidUtils@@YGXAAU_AvgGuid@@ABU2@@Z

?GetCurrentModuleHandle@AvgProcess@@YGPAXXZ

?CreateDir@AvgBasFs@@YGHPB_WPAVAvgSecurityCtx@@@Z

?IsInitialized@AvgBasWinLockFile@@QBG_NXZ

?Create@AvgBasWinLockFile@@QAGHPB_W_N@Z

?GetUsername@AvgEnvironment@@YGHAAV?$IAvgString@_W$0A@@@@Z

?GetUserDomainName@AvgEnvironment@@YGHAAV?$IAvgString@_W$0A@@@@Z

?GetComputername@AvgEnvironment@@YGHAAV?$IAvgString@_W$0A@@@@Z

?Lock@AvgBasWinLockFileHolder@@QAGHPAVAvgBasWinLockFile@@H@Z

?GetCapacity@AvgUtf16CharHeapBuffer@@QBGIXZ

??0AvgBasWinLockFileHolder@@QAE@PAVAvgBasWinLockFile@@H@Z

?AvgParseTimeStructure@@YGHAAUAvgTimeStruct@@W4AvgTimeFormatType@@ABU?$AvgStringRefBase@_W$0A@@@@Z

?Sleep@AvgBasThread@@SGHH@Z

?GetSpecialFolder@AvgEnvironment@@YGHW4SpecialFolder@1@AAV?$IAvgString@_W$0A@@@@Z

?GetMaxPathLength@AvgEnvironment@@YGHAAIPB_W@Z

??0AvgBasSharedLibraryLoader@@QAE@PB_W@Z

??1AvgBasSharedLibraryLoader@@UAE@XZ

?Load@AvgBasSharedLibraryLoader@@QAGHPB_W@Z

?Unload@AvgBasSharedLibraryLoader@@UAGXXZ

?AttachTo@AvgBasSharedLibraryLoader@@QAGHPBDPCRAX@Z

??0AvgBasWinRegistryHandle@@QAE@W4AvgBasWinRegistryRootType@@@Z

??1AvgBasWinRegistryHandle@@QAE@XZ

?OpenKeyIfExists@AvgBasWinRegistryHandle@@QAGHABU?$AvgStringRefBase@_W$0A@@@@Z

?Assign@AvgUtf16CharHeapBuffer@@QAGH_W@Z

?Append@AvgUtf16CharHeapBuffer@@QAGHPB_WI@Z

?AddDaclAce@AvgWinSecurityDescriptor@@QAGHW4WellKnownSidType@AvgWinSecurityIdentifier@@HW4Type@AvgWinAce@@V?$AvgFlags@W4FlagsValues@AvgWinAce@@@@@Z

??1AvgBasWinLockFileHolder@@QAE@XZ

?IsWow64ViewModeSupported@AvgBasWinRegistryHandle@@SG_NXZ

?SetViewMode@AvgBasWinRegistryHandle@@QAGHV?$AvgFlags@W4AvgBasWinRegistryViewModeValues@@@@@Z

?FileExists@AvgBasFs@@YGHPB_W@Z

?Destroy@AvgBasCriticalSection@@QAGHXZ

?IsInitialized@AvgBasCriticalSection@@QBG_NXZ

?AvgGetUtf162MbStringSize@@YGHAAIPB_WW4AvgCodePage@@I@Z

?AvgGetStringSizeInElements@@YGIPBD@Z

?AvgConvertUtf162MbString@@YGHPADIPB_WW4AvgCodePage@@PAII@Z

?AvgLowerString@@YGHW4AvgCodePage@@PA_WIPB_WPAII@Z

?UnloadSharedLibraries@AvgBasObjectFactoryImpl@detail@@QAGX_N@Z

?GetAvgObject@AvgBasObjectFactoryImpl@detail@@QAGHABU_AvgGuid@@PAPAX@Z

?SetProgramPath@AvgBasObjectFactoryImpl@detail@@QAGHPB_W@Z

?Initialize@AvgBasObjectFactoryImpl@detail@@QAGHPBUAvgBasObjectFactoryMapping@@I@Z

??1AvgBasObjectFactoryImpl@detail@@QAE@XZ

??0AvgBasObjectFactoryImpl@detail@@QAE@XZ

?Wait@AvgBasEvent@@QAGHH@Z

?Create@AvgBasEvent@@QAGHW4ResetType@1@_N@Z

?AvgCreateErrorCodeFromWin32@@YGHW4_AvgErrorCodeSeverity@@K@Z

?GetHandle@AvgBasWaitable@@IBGPAXXZ

?OpenOrCreateKey@AvgBasWinRegistryHandle@@QAGHABU?$AvgStringRefBase@_W$0A@@@@Z

?GetOsInfoData@AvgEnvironment@@YGABUOsInfoData@1@XZ

?AvgCopyString@@YGHPA_WIPB_WI@Z

?GetNormalizedPath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?GetFullPath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?GetTempDirPath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PAI@Z

?GetDirectoryPathFromFilenamePath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?GetRandomName@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PAI@Z

?GetRandomNameSize@AvgBasPath@@YGIXZ

?GetVolumeFromPath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?IsPathRooted@AvgBasPath@@YG_NPB_WI@Z

?GetFilename@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?AvgDestroySysMini@@YGXXZ

?AvgInitializeSysMini@@YGHXZ

?InitializeEnvironment@AvgEnvironment@@YGHXZ

?DestroyEnvironment@AvgEnvironment@@YGXXZ

?Get@AvgMiniHashMd5@@QAGXAAUHashType@1@@Z

?Add@AvgMiniHashMd5@@QAGXPBEI@Z

?Initialize@AvgMiniHashMd5@@QAGXXZ

??1AvgMiniHashMd5@@QAE@XZ

?GetStringValue@AvgBasWinRegistryHandle@@QAGHAAV?$IAvgString@_W$0A@@@ABU?$AvgStringRefBase@_W$0A@@@@Z

?Set@AvgBasEvent@@QAGHXZ

?AvgCreateErrorCodeFromWin32@@YGHK@Z

?GetForward@AvgBasWaitable@@IBGPAV1@XZ

?GetResourceType@AvgBasWaitable@@IBG?AW4AvgBasWaitableResourceType@@XZ

?Destroy@AvgBasWaitable@@UAGHXZ

?GetThreadExitCode@AvgBasThread@@QAGHAAH@Z

?StopThread@AvgBasThread@@QAGHH@Z

?StartThread@AvgBasThread@@QAGHW4AvgPriority@@PAVAvgSecurityCtx@@V?$AvgFlags@W4ThreadFlag@AvgBasThread@@@@PBD@Z

?Initialize@AvgBasThread@@QAGHPAVAvgBasEvent@@@Z

?Cleanup@AvgBasThread@@MAGXXZ

?AvgConvertAvgTimeToStruct@@YGHAAUAvgTimeStruct@@_K@Z

?AvgConvertStructToAvgTime@@YGHAA_KABUAvgTimeStruct@@@Z

?AvgGetSystemTime@@YGHAA_K@Z

?Reset@AvgBasEvent@@QAGHXZ

?Initialize@AvgWinSecurityIdentifier@@QAGHW4WellKnownSidType@1@PBV1@@Z

?Assign@AvgWinSecurityDescriptor@@QAGHABVAvgSecurityCtx@@@Z

?AddDaclAce@AvgWinSecurityDescriptor@@QAGHABVAvgWinAce@@@Z

?Release@AvgBasMutex@@QAGHXZ

?Acquire@AvgBasMutex@@QAGHH@Z

?Create@AvgBasMutex@@QAGH_N@Z

?IsInitialized@AvgBasWaitable@@QBG_NXZ

?WaitForThreadToStop@AvgBasThread@@QAGHH@Z

?AvgGetTimestamp@@YGKXZ

?AvgWinZwOpenFile@@YGHPB_WPAPAXKPAU_IO_STATUS_BLOCK@@KK@Z

?GetValue@AvgUtf16CharHeapBuffer@@QBGPB_WXZ

?ReserveElements@AvgUtf16CharHeapBuffer@@QAGHI@Z

?Resize@AvgUtf16CharHeapBuffer@@QAGHI@Z

??1AvgUtf16CharHeapBuffer@@QAE@XZ

??0AvgUtf16CharHeapBuffer@@QAE@XZ

?AvgNtdll_RtlDosPathNameToNtPathName_T_EliminateDosDevice@@YGHPB_WPAU_UNICODE_STRING@@@Z

?GetSecurityDescriptor@AvgWinSecurityDescriptor@@QAGHAAPAX@Z

?IsWindowsVistaOrHigher@OsInfo@AvgEnvironment@@YG_NXZ

?FreeResource@AvgBasWaitable@@IAGHXZ

?ParseWinSecDes@AvgWinSecurityDescriptor@@KGHAAV1@PBXV?$AvgFlags@W4InformationValues@AvgWinSecurityDescriptor@@@@@Z

?ReleaseClonedObject@AvgWinSecurityDescriptor@@UAEXXZ

?ClearSecurityAttributes@AvgWinSecurityDescriptor@@QAGXXZ

?CloneImpl@AvgWinSecurityDescriptor@@MBEHAAPAVAvgSecurityCtx@@@Z

?GetInformationType@AvgWinSecurityDescriptor@@QBG?AV?$AvgFlags@W4InformationValues@AvgWinSecurityDescriptor@@@@XZ

?GetBuffer@AvgUtf16CharHeapBuffer@@QAGPA_WXZ

?AvgGetMb2Utf16StringSize@@YGHAAIPBDW4AvgCodePage@@I@Z

?AvgConvertMb2Utf16String@@YGHPA_WIPBDW4AvgCodePage@@PAII@Z

?GetCurrentSessionId@AvgEnvironment@@YGHAAK@Z

?GetProcessorCount@AvgEnvironment@@YGIXZ

?Parse@AvgGuidUtils@@YGHAAU_AvgGuid@@PB_W@Z

?AvgFormatStringV@@YGHW4AvgCodePage@@PA_WIPB_WPAIPAD@Z

?AvgToASCIIUpper@@YG_W_W@Z

?AvgConvertString2Number@@YGHAAFPB_WIHPAPB_W@Z

?AvgConvertString2Number@@YGHAAKPB_WIHPAPB_W@Z

?AvgUpperString@@YGHW4AvgCodePage@@PA_WIPB_WPAII@Z

?AvgFindSubStringFromRight@@YGPB_WPB_W0II@Z

?DirectoryExists@AvgBasFs@@YGHPB_W@Z

?GetFullName@Item@AvgBasFs@@QBGHABU?$AvgMutableStringRefBase@_W$0A@@@@Z

??1Item@AvgBasFs@@QAE@XZ

?AvgCompareStringNoCase@@YGHW4AvgCodePage@@PB_W1II@Z

?GetThreadState@AvgBasThread@@QAGHAAW4ThreadState@1@@Z

?IsInitialized@AvgBasThread@@QBG_NXZ

?GetCurrentProcessId@AvgProcess@@YGKXZ

?Get@AvgMiniHashCrc32@@QAGKXZ

?Add@AvgMiniHashCrc32@@QAGXPBEI@Z

??1AvgMiniHashCrc32@@QAE@XZ

??0AvgMiniHashCrc32@@QAE@XZ

??1AvgBasWinLockFile@@QAE@XZ

??0AvgBasWinLockFile@@QAE@XZ

?AvgConvertSYSTEMTIMEToAvgTime@@YGHAA_KABU_SYSTEMTIME@@@Z

?Reset@AvgMiniHashCrc32@@QAGXK@Z

?Initialize@AvgMiniHashCrc32@@QAGXXZ

?AvgCompareSubString@@YGHPB_W0III@Z

?Hash@AvgMiniSuperFastHash@@SGKPBE0K@Z

?Assign@AvgGuidUtils@@YGXAAU_AvgGuid@@QBE@Z

?CreateGuid@AvgGuidUtils@@YGHAAU_AvgGuid@@@Z

?AvgMemXor@@YGXPAEPBEI@Z

?AvgGenerateRandomBuffer@@YGXPAEI@Z

?IsWindows8OrHigher@OsInfo@AvgEnvironment@@YG_NXZ

?AvgConvertString2Size@@YGHAAIPB_WIHPAPB_W@Z

?GetCurrentKeyPath@AvgBasWinRegistryHandle@@QAGHAAV?$IAvgString@_W$0A@@@@Z

?AvgCompareString@@YGHPB_W0II@Z

?AvgPrintV@@YGHPB_WPAD@Z

?CreateLuid@AvgGuidUtils@@YGHAAU_AvgGuid@@@Z

?AvgConvertString2Number@@YGHAAGPB_WIHPAPB_W@Z

?InitiateWindowsShutdown@AvgBasWinShutdownManager@@SGHPB_WHW4Reason@1@V?$AvgFlags@W4Option@AvgBasWinShutdownManager@@@@@Z

?Create@AvgBasResource@@QAGHXZ

??1AvgBasResource@@UAE@XZ

??0AvgBasResource@@QAE@XZ

??1AvgBasResourceHolder@@QAE@XZ

??0AvgBasResourceHolder@@QAE@PAVAvgBasResource@@W4LockType@0@H@Z

?IsWinUACEnabled@AvgEnvironment@@YGHAA_N@Z

??0AvgTimeStruct@@QAE@XZ

?AvgConvertNumber2String@@YGHPA_WIHHPAI@Z

?Assign@AvgGuidUtils@@YGXAAU_AvgGuid@@KGGEEEEEEEE@Z

?AvgGenerateRandomByte@@YGEXZ

?AvgGetLocalTime@@YGHAA_K@Z

?AvgConvertNumber2String@@YGHPA_WIKHPAI@Z

?IsWindowsXP@OsInfo@AvgEnvironment@@YG_NXZ

?IsWindowsVista@OsInfo@AvgEnvironment@@YG_NXZ

?IsWindowsServer2k8@OsInfo@AvgEnvironment@@YG_NXZ

?IsWebEditionOs@OsInfo@AvgEnvironment@@YG_NXZ

?IsWindows7@OsInfo@AvgEnvironment@@YG_NXZ

?IsEnterpriseEditionOs@OsInfo@AvgEnvironment@@YG_NXZ

?IsDataCenterEditionOs@OsInfo@AvgEnvironment@@YG_NXZ

?IsWindowsServer2k3@OsInfo@AvgEnvironment@@YG_NXZ

?IsWindowsServer2k8R2@OsInfo@AvgEnvironment@@YG_NXZ

?IsHomeEditionOs@OsInfo@AvgEnvironment@@YG_NXZ

?IsStorageServerEditionOs@OsInfo@AvgEnvironment@@YG_NXZ

?GetDnsDomain@AvgEnvironment@@YGHAAV?$IAvgString@_W$0A@@@@Z

?Create@AvgBasWinProcess@@QAGHPB_W0PAVAvgSecurityCtx@@1W4CreationFlags@1@0@Z

??0AvgBasWinProcess@@QAE@XZ

?GetProcessExitCode@AvgBasWinProcess@@QAGHAAH@Z

?Destroy@AvgBasResource@@QAGXXZ

?ConvertExclusiveToShared@AvgBasResource@@QAGHXZ

?Release@AvgBasResource@@QAGHXZ

?AcquireShared@AvgBasResource@@QAGHH@Z

?AcquireExclusive@AvgBasResource@@QAGHH@Z

?IsWinInSafeMode@AvgEnvironment@@YG_NXZ

?SetStringValue@AvgBasWinRegistryHandle@@QAGHABU?$AvgStringRefBase@_W$0A@@@0_N@Z

?GetUserByProcessId@AvgEnvironment@@YGHAAV?$IAvgString@_W$0A@@@K@Z

?InternalWait@AvgBasWaitable@@IAGHH@Z

?IsStopRequested@AvgBasThread@@QAG_NXZ

?SetStopRequest@AvgBasThread@@QAGHXZ

?GetThreadStopRequestEvent@AvgBasThread@@QAGAAVAvgBasEvent@@XZ

?AvgConvertNumber2String@@YGHPA_WI_KHPAI@Z

?ClearStopRequest@AvgBasThread@@QAGHXZ

?Initialize@AvgTimeStruct@@QAGXGW4AvgMonth@@GW4AvgDayOfWeek@@GGGGGG@Z

?AvgConvertString2Number@@YGHAAHPB_WIHPAPB_W@Z

?AvgConvertLocalTimeToSystemTime@@YGHAA_K@Z

?AvgConvertString2Number@@YGHAA_KPB_WIHPAPB_W@Z

?AvgFindElement@@YGPB_WPB_W_WI@Z

?Assign@AvgUtf16CharHeapBuffer@@QAGHPB_WI@Z

?Initialize@Item@AvgBasFs@@QAGHPBEIABU?$AvgStringRefBase@_W$0A@@@@Z

?New@Impl@DirectoryEnumerator@AvgBasFs@@SGHAAPAU123@PB_W1V?$AvgFlags@W4DirectoryEnumerationFlagItems@AvgBasFs@@@@PAVAvgWinTransaction@@@Z

?GetString@AvgGuidUtils@@YGHABU_AvgGuid@@AAU_AVG_UTF16CHAR_STR@@@Z

?AvgConvertLocalTimeToSystemTime@@YGHAAUAvgTimeStruct@@@Z

?GetProcessPath@AvgProcess@@YGHKAAU_AVG_UTF16CHAR_STR@@PAI@Z

?GetModuleDirectory@AvgModule@@YGHPAXAAU_AVG_UTF16CHAR_STR@@PAI@Z

?CloseKey@AvgBasWinRegistryHandle@@QAGXXZ

??0AvgBasCriticalSection@@QAE@XZ

??1AvgBasCriticalSection@@QAE@XZ

?Create@AvgBasCriticalSection@@QAGHXZ

?Acquire@AvgBasCriticalSection@@QAGHXZ

?Release@AvgBasCriticalSection@@QAGHXZ

?AvgNtdllForceInitialize@@YGHXZ

?AvgNtdllIsTableInitialized@@YG_NXZ

?AvgGetStringSizeInElements@@YGIPB_W@Z

??0AvgSpinLockLocker@@QAE@PAUAvgSpinLock@@_N@Z

??0AvgMiniHashMd5@@QAE@XZ

?GetChildrenEnumeratorImpl@AvgBasWinRegistryHandle@@AAGHAAPAV?$IAvgEnumerator@U?$AvgStringzRefBase@_W$0A@@@@@@Z

?GetDetailsDefaultTranslation@AvgPeVersionInfo@@ABGHAAUCrossmoduleDetails@1@AAUTranslation@1@@Z

?LoadFromFile@AvgPeVersionInfo@@QAGHABU?$AvgStringzRefBase@_W$0A@@@@Z

??1AvgPeVersionInfo@@QAE@XZ

??0AvgPeVersionInfo@@QAE@XZ

?AttachHandle@AvgBasWaitable@@IAGXPAX@Z

??0Item@AvgBasFs@@QAE@XZ

?AvgBufferXor@@YGXPAEPBEI1I_J@Z

?GetSize@AvgUtf16CharHeapBuffer@@QBGIXZ

?AvgBasGetStackFrameModulePath@@YGHAAV?$IAvgString@_W$0A@@@ABUAvgBasStackFrameX86@@@Z

??1AvgSpinLockLocker@@QAE@XZ

ntdll

ZwOpenSymbolicLinkObject

ZwQuerySymbolicLinkObject

ZwCancelIoFile

ZwOpenFile

ZwSetInformationThread

ZwCreateNamedPipeFile

RtlCreateUnicodeString

ZwQueryInformationProcess

RtlInitUnicodeString

ZwCreateFile

RtlFreeUnicodeString

ZwWriteFile

ZwQueryInformationFile

ZwCreateSection

ZwFlushBuffersFile

ZwUnmapViewOfSection

ZwSetInformationFile

ZwQuerySystemInformation

ZwFlushVirtualMemory

ZwMapViewOfSection

ZwReadFile

ZwFsControlFile

ZwClose

RtlNtStatusToDosError

ZwSetEvent

ZwWaitForSingleObject

ZwCreateEvent

RtlAllocateHeap

RtlReAllocateHeap

RtlFreeHeap

RtlGetFullPathName_U

msvcr100

malloc

realloc

memcpy

memset

_CxxThrowException

_amsg_exit

_initterm_e

_initterm

?_type_info_dtor_internal_method@type_info@@QAEXXZ

__clean_type_info_names_internal

_except_handler4_common

_crt_debugger_hook

?terminate@@YAXXZ

memmove

??_V@YAXPAX@Z

_purecall

??3@YAXPAX@Z

??2@YAPAXI@Z

_unlock

__dllonexit

_lock

_onexit

__CxxFrameHandler3

_malloc_crt

free

_encoded_null

__CppXcptFilter

kernel32

IsProcessorFeaturePresent

CreateFileW

GetOverlappedResult

GetLastError

DeviceIoControl

CancelIo

CloseHandle

WaitForMultipleObjectsEx

GetSystemTimeAsFileTime

GetCurrentProcessId

GetCurrentThreadId

QueryPerformanceCounter

IsDebuggerPresent

SetUnhandledExceptionFilter

UnhandledExceptionFilter

GetCurrentProcess

TerminateProcess

InterlockedCompareExchange

InterlockedExchange

InterlockedIncrement

InterlockedDecrement

FreeLibrary

LoadLibraryW

GetProcAddress

DecodePointer

EncodePointer

GetLocaleInfoW

Sleep

GetTickCount

user32

PostMessageW

EnumWindows

GetWindowLongW

IsWindowVisible

GetWindowThreadProcessId

GetLastInputInfo

shell32

ShellExecuteW

ShellExecuteExW

Exports

??0_Mutex@std@@QAE@W4_Uninitialized@1@@Z

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

AvgModuleFinish

AvgModuleInit

GetAvgObject

GetLockCount

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 372KB - Virtual size: 371KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

avglngx.dll

.dll windows:5 windows x86 arch:x86

b81e97784228cc9efa609f6adba0add8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

Extended Key Usages

ExtKeyUsageServerAuth

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

49:84:48:9d:ec:62:00:de:ce:ad:93:d4:73:2c:ab:ca
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2012, 00:00

Not After

05/01/2015, 23:59

Subject

CN=AVG Technologies CZ\, s.r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AVG Technologies CZ\, s.r.o.,L=Brno,ST=Jihomoravsky kraj,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

f2:e6:73:20:55:9d:b1:bd:84:1f:47:e4:ab:4e:3f:77:c6:62:9d:fe
Signer

Actual PE Digest

f2:e6:73:20:55:9d:b1:bd:84:1f:47:e4:ab:4e:3f:77:c6:62:9d:fe

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

d:\nightly\sandbox_avg_vc10_AVG2013_SP1_RR\source\build\avg_client_ru_ntdll_dls_win32_vs100\bin\Release_Unicode_NTDLL_DLS_vs100\Win32\avglngx.pdb

Imports

ntdll

ZwCreateFile

ZwSetInformationFile

ZwQueryInformationFile

ZwCreateEvent

ZwWaitForSingleObject

ZwSetEvent

ZwReadFile

ZwWriteFile

ZwFlushVirtualMemory

ZwQuerySystemInformation

ZwUnmapViewOfSection

ZwMapViewOfSection

ZwCreateSection

RtlFreeUnicodeString

_allrem

RtlUnwind

ZwTerminateProcess

RtlDeleteCriticalSection

RtlInitializeCriticalSection

RtlEnterCriticalSection

RtlLeaveCriticalSection

NtRaiseException

towupper

_strcmpi

_strnicmp

_stricmp

DbgPrint

ZwClose

ZwQueryVirtualMemory

RtlNtStatusToDosError

RtlFreeHeap

RtlReAllocateHeap

RtlAllocateHeap

RtlInitUnicodeString

LdrLoadDll

LdrUnloadDll

memset

memmove

memcpy

avgsysx

?AvgPrintV@@YGHPBDPAD@Z

?AvgNtdll_RtlSetCurrentTransaction@@YGEPAX@Z

?GetInformationType@AvgWinSecurityDescriptor@@QBG?AV?$AvgFlags@W4InformationValues@AvgWinSecurityDescriptor@@@@XZ

?ReleaseClonedObject@AvgWinSecurityDescriptor@@UAEXXZ

?CloneImpl@AvgWinSecurityDescriptor@@MBEHAAPAVAvgSecurityCtx@@@Z

?ClearSecurityAttributes@AvgWinSecurityDescriptor@@QAGXXZ

?ParseWinSecDes@AvgWinSecurityDescriptor@@KGHAAV1@PBXV?$AvgFlags@W4InformationValues@AvgWinSecurityDescriptor@@@@@Z

?GetSecurityDescriptor@AvgWinSecurityDescriptor@@QAGHAAPAX@Z

?CreateDir@AvgBasFs@@YGHPB_W_NPAVAvgSecurityCtx@@@Z

?Initialize@AvgWinSecurityDescriptor@@QAGHXZ

?Initialize@AvgWinMandatoryLabel@@QAGHW4Label@1@V?$AvgFlags@W4FlagsValues@AvgWinMandatoryLabel@@@@@Z

?AddDaclAce@AvgWinSecurityDescriptor@@QAGHW4WellKnownSidType@AvgWinSecurityIdentifier@@HW4Type@AvgWinAce@@V?$AvgFlags@W4FlagsValues@AvgWinAce@@@@@Z

?AppendDescriptorToObject@AvgWinSecurity@@YGHAAVAvgWinSecurityDescriptor@@ABVAvgWinObject@@_N@Z

?Assign@AvgUtf16CharHeapBuffer@@QAGHPB_WI@Z

?Initialize@Item@AvgBasFs@@QAGHPBEIABU?$AvgStringRefBase@_W$0A@@@@Z

?New@Impl@DirectoryEnumerator@AvgBasFs@@SGHAAPAU123@PB_W1V?$AvgFlags@W4DirectoryEnumerationFlagItems@AvgBasFs@@@@PAVAvgWinTransaction@@@Z

??0Item@AvgBasFs@@QAE@XZ

?AvgNtdll_RtlDosPathNameToNtPathName_T_EliminateDosDevice@@YGHPB_WPAU_UNICODE_STRING@@@Z

?GetOsInfoData@AvgEnvironment@@YGABUOsInfoData@1@XZ

?Acquire@AvgBasCriticalSection@@QAGHXZ

?AvgKernel32_FindResourceExW@@YGPAXPAXPB_W1G@Z

?AttachTo@AvgBasSharedLibraryLoader@@QAGHPBDPCRAX@Z

?Load@AvgBasSharedLibraryLoader@@QAGHPB_W@Z

?AvgKernel32IsTableInitialized@@YG_NXZ

?Release@AvgBasCriticalSection@@QAGHXZ

?AvgKernel32_GetACP@@YGIXZ

?AvgGetStringSizeInElements@@YGIPB_W@Z

?GetDWordValue@AvgBasWinRegistryHandle@@QAGHAAKABU?$AvgStringRefBase@_W$0A@@@@Z

??1AvgBasWinRegistryHandle@@QAE@XZ

?CloseKey@AvgBasWinRegistryHandle@@QAGXXZ

?OpenKeyIfExists@AvgBasWinRegistryHandle@@QAGHABU?$AvgStringRefBase@_W$0A@@@@Z

?SetViewMode@AvgBasWinRegistryHandle@@QAGHV?$AvgFlags@W4AvgBasWinRegistryViewModeValues@@@@@Z

?IsWow64ViewModeSupported@AvgBasWinRegistryHandle@@SG_NXZ

??0AvgBasWinRegistryHandle@@QAE@W4AvgBasWinRegistryRootType@@@Z

?AvgCompareStringNoCase@@YGHW4AvgCodePage@@PB_W1II@Z

?GetStringValue@AvgBasWinRegistryHandle@@QAGHAAV?$IAvgString@_W$0A@@@ABU?$AvgStringRefBase@_W$0A@@@@Z

?GetSpecialFolder@AvgEnvironment@@YGHW4SpecialFolder@1@AAV?$IAvgString@_W$0A@@@@Z

?AvgConvertMb2Utf16String@@YGHPA_WIPBDW4AvgCodePage@@PAII@Z

?AvgGetMb2Utf16StringSize@@YGHAAIPBDW4AvgCodePage@@I@Z

?AvgGetStringSizeInElements@@YGIPBD@Z

?AvgFormatStringV@@YGHW4AvgCodePage@@PA_WIPB_WPAIPAD@Z

??1AvgBasSharedLibraryLoader@@UAE@XZ

??0AvgBasSharedLibraryLoader@@QAE@PB_W@Z

?GetMaxPathLength@AvgEnvironment@@YGHAAIPB_W@Z

?GetCurrentModuleHandle@AvgProcess@@YGPAXXZ

?IsPathRooted@AvgBasPath@@YG_NPB_WI@Z

?GetFullPath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?GetTempDirPath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PAI@Z

?GetDirectoryPathFromFilenamePath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?GetFilenameExtension@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?GetFilenameWithoutExtension@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?GetModuleDirectory@AvgModule@@YGHPAXAAU_AVG_UTF16CHAR_STR@@PAI@Z

??1AvgSpinLockLocker@@QAE@XZ

?InitializeEnvironment@AvgEnvironment@@YGHXZ

??0AvgSpinLockLocker@@QAE@PAUAvgSpinLock@@_N@Z

?AvgInitializeSysMini@@YGHXZ

?AvgDestroySysMini@@YGXXZ

?DestroyEnvironment@AvgEnvironment@@YGXXZ

?AvgCreateErrorCodeFromWin32@@YGHW4_AvgErrorCodeSeverity@@K@Z

?AvgBasGetStackFrameModulePath@@YGHAAV?$IAvgString@_W$0A@@@ABUAvgBasStackFrameX86@@@Z

??1AvgUtf16CharHeapBuffer@@QAE@XZ

??0AvgUtf16CharHeapBuffer@@QAE@XZ

?AvgNtdll_RtlGetCurrentTransaction@@YGPAXXZ

?AvgConvertAvgTimeToTimeT@@YGHAA_J_K@Z

?AvgConvertTMToAvgTime@@YGHAA_KAAUtm@@@Z

?AvgGenerateRandomDWord@@YGKXZ

?FreeKey@AvgTls@@YGHAAUKeyBase@1@@Z

?SetValue@AvgTls@@YGHABUKeyBase@1@PAX@Z

?GetValue@AvgTls@@YGHABUKeyBase@1@AAPAX@Z

?AllocateKey@AvgTls@@YGHAAUKeyBase@1@@Z

?AvgWinIsProcessBeingDebugged@@YG_NXZ

?AvgKernel32IsFnLoaded_UnhandledExceptionFilter@@YG_NXZ

?AvgKernel32_UnhandledExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z

??1AvgBasCriticalSection@@QAE@XZ

?Create@AvgBasCriticalSection@@QAGHXZ

??0AvgBasCriticalSection@@QAE@XZ

?Sleep@AvgBasThread@@SGHH@Z

?AvgFindElement@@YGPB_WPB_W_WI@Z

?GetAttributes@AvgBasFs@@YGHAAVAttributes@1@PB_W@Z

??1Item@AvgBasFs@@QAE@XZ

?SetParent@AvgBasWinRegistryHandle@@QAGHW4AvgBasWinRegistryRootType@@@Z

?Unload@AvgBasSharedLibraryLoader@@UAGXXZ

?DirectoryExists@AvgBasFs@@YGHPB_W@Z

?GetAttributes@Item@AvgBasFs@@QBGABVAttributes@2@XZ

?GetName@Item@AvgBasFs@@QBGPB_WXZ

?AvgConvertString2Number@@YGHAAKPB_WIHPAPB_W@Z

?AvgFindSubString@@YGPB_WPB_W0II@Z

?AvgCompareString@@YGHPB_W0II@Z

?AvgGetStringSizeInElements@@YGIPBDI@Z

?AvgConvertUtf162MbString@@YGHPADIPB_WW4AvgCodePage@@PAII@Z

?AvgGetUtf162MbStringSize@@YGHAAIPB_WW4AvgCodePage@@I@Z

??1AvgMiniHashCrc32@@QAE@XZ

?Get@AvgMiniHashCrc32@@QAGKXZ

?Add@AvgMiniHashCrc32@@QAGXPBEI@Z

?Initialize@AvgMiniHashCrc32@@QAGXXZ

??0AvgMiniHashCrc32@@QAE@XZ

Exports

GetAvgObject

GetLockCount

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

avglog.cat

avglog.inf

avgloga.sys

.dll windows:6 windows x64 arch:x64

170ad55d724b2bfe3e621fdcdf905a20

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

Extended Key Usages

ExtKeyUsageServerAuth

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

26:6d:33:3e:de:17:a8:b4:72:05:3e:4f:a3:93:45:72
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

22/10/2014, 00:00

Not After

20/01/2018, 23:59

Subject

CN=AVG Technologies CZ\, s.r.o.,O=AVG Technologies CZ\, s.r.o.,L=Brno,ST=Jihomoravsky kraj,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

Extended Key Usages

ExtKeyUsageServerAuth

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

20:c1:e2:57:ed:16:f4:e6:48:7a:79:ee:52:af:cb:58
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

22/10/2014, 00:00

Not After

20/01/2018, 23:59

Subject

CN=AVG Technologies CZ\, s.r.o.,O=AVG Technologies CZ\, s.r.o.,L=Brno,ST=Jihomoravsky kraj,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

5e:8d:2d:ac:a4:46:65:54:6b:b5:87:97:81:91:a8:bf
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

31/10/2007, 00:00

Not After

30/10/2017, 23:59

Subject

CN=GeoTrust Timestamping Signer 1,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

0d:be:99:51:3a:d7:cc:e8:78:dd:aa:96:19:a9:81:12:8c:20:0a:31:63:2b:65:3f:bd:4f:4b:eb:27:3c:4e:24
Signer

Actual PE Digest

0d:be:99:51:3a:d7:cc:e8:78:dd:aa:96:19:a9:81:12:8c:20:0a:31:63:2b:65:3f:bd:4f:4b:eb:27:3c:4e:24

Digest Algorithm

sha256

PE Digest Matches

true

4f:a8:56:5e:bb:fb:b7:2c:d0:ab:1d:36:55:4f:d8:6e:45:21:2c:53
Signer

Actual PE Digest

4f:a8:56:5e:bb:fb:b7:2c:d0:ab:1d:36:55:4f:d8:6e:45:21:2c:53

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

d:\nightly\sandbox_avg_vc10_HotFix2013-19\source\build\avg_drivers_vs100\bin\Release_Unicode_DRIVER_wnet_vs100\x64\avgloga.pdb

Imports

ntoskrnl.exe

_purecall

ObReferenceObjectByHandle

RtlNtStatusToDosErrorNoTeb

ObfDereferenceObject

KeWaitForMultipleObjects

ExAllocatePoolWithTag

IoBuildDeviceIoControlRequest

IoDeleteSymbolicLink

ExFreePoolWithTag

KeResetEvent

IoRegisterShutdownNotification

KeInitializeMutex

IoRegisterDriverReinitialization

RtlInitUnicodeString

IoDeleteDevice

KeSetEvent

KeInitializeEvent

ZwQuerySystemInformation

KeReleaseSpinLock

KeReleaseMutex

ZwWaitForSingleObject

PsCreateSystemThread

IoGetDeviceObjectPointer

ZwQueryValueKey

IoUnregisterShutdownNotification

ZwClose

IofCompleteRequest

KeWaitForSingleObject

IoCreateSymbolicLink

PsGetCurrentProcessId

IoCreateDevice

IofCallDriver

ZwOpenKey

KeAcquireSpinLockRaiseToDpc

ZwReadFile

CcFlushCache

ZwSetInformationFile

IoFileObjectType

ZwQueryInformationFile

ZwWriteFile

ZwCreateEvent

ZwFsControlFile

ZwOpenFile

RtlTimeFieldsToTime

RtlTimeToTimeFields

ZwOpenProcessToken

ZwQueryInformationToken

ZwCreateFile

ZwCreateKey

ZwSetValueKey

ZwEnumerateValueKey

ZwDeleteKey

ZwEnumerateKey

ZwQueryKey

ZwCancelIoFile

NtLockFile

NtUnlockFile

RtlUpcaseUnicodeString

RtlCompareUnicodeString

KeQueryTimeIncrement

KeDelayExecutionThread

PsTerminateSystemThread

PsGetCurrentThreadId

NtBuildNumber

MmGetSystemRoutineAddress

RtlAnsiStringToUnicodeString

RtlUnicodeStringToAnsiString

RtlxOemStringToUnicodeSize

RtlxAnsiStringToUnicodeSize

RtlOemStringToUnicodeString

RtlxUnicodeStringToAnsiSize

NlsMbOemCodePageTag

RtlGetAce

RtlCreateAcl

RtlValidSecurityDescriptor

RtlSetDaclSecurityDescriptor

RtlEqualSid

RtlCopySid

ZwQuerySecurityObject

RtlGetSaclSecurityDescriptor

RtlSetGroupSecurityDescriptor

RtlGetGroupSecurityDescriptor

RtlSetSaclSecurityDescriptor

ZwSetSecurityObject

RtlGetDaclSecurityDescriptor

RtlAddAccessAllowedAceEx

RtlGetOwnerSecurityDescriptor

RtlCreateSecurityDescriptor

RtlSetOwnerSecurityDescriptor

ZwMapViewOfSection

ZwFlushVirtualMemory

ZwUnmapViewOfSection

ZwCreateSection

ZwSetEvent

ZwResetEvent

PsGetVersion

ZwQueryDirectoryFile

RtlValidSid

RtlCompareMemory

RtlLengthSid

__C_specific_handler

Sections

.text
Size: 279KB - Virtual size: 278KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

PAGE
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

avglogx.dll

.dll windows:5 windows x86 arch:x86

f0bc330311895be9818cbef095ae6dd4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

Extended Key Usages

ExtKeyUsageServerAuth

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

26:6d:33:3e:de:17:a8:b4:72:05:3e:4f:a3:93:45:72
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

22/10/2014, 00:00

Not After

20/01/2018, 23:59

Subject

CN=AVG Technologies CZ\, s.r.o.,O=AVG Technologies CZ\, s.r.o.,L=Brno,ST=Jihomoravsky kraj,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

8f:82:3b:10:25:1d:31:70:c4:a4:e7:5c:c9:c5:4f:d6:0a:ed:89:a7
Signer

Actual PE Digest

8f:82:3b:10:25:1d:31:70:c4:a4:e7:5c:c9:c5:4f:d6:0a:ed:89:a7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

d:\nightly\sandbox_avg_vc10_HotFix2013-19\source\build\avg_client_ru_ntdll_dls_win32_vs100\bin\Release_Unicode_NTDLL_DLS_vs100\Win32\avglogx.pdb

Imports

ntdll

ZwCreateSection

ZwMapViewOfSection

ZwUnmapViewOfSection

ZwQuerySystemInformation

ZwFlushVirtualMemory

ZwCreateFile

ZwWaitForMultipleObjects

ZwSetInformationFile

ZwFlushBuffersFile

ZwWriteFile

ZwReadFile

ZwQueryInformationFile

_aulldvrm

_allmul

ZwOpenFile

ZwFsControlFile

RtlFreeUnicodeString

ZwQueryVirtualMemory

RtlUnwind

ZwTerminateProcess

RtlDeleteCriticalSection

RtlInitializeCriticalSection

RtlEnterCriticalSection

RtlLeaveCriticalSection

memset

ZwSetEvent

ZwWaitForSingleObject

ZwCreateEvent

ZwClose

towupper

_strcmpi

_strnicmp

_stricmp

DbgPrint

RtlNtStatusToDosError

RtlFreeHeap

RtlReAllocateHeap

RtlAllocateHeap

ZwTerminateThread

memmove

memcpy

avgsysx

?AvgConvertLocalTimeToSystemTime@@YGHAAUAvgTimeStruct@@@Z

?New@Impl@AvgBasFsWatcher@@SGPAU12@XZ

?Initialize@Impl@AvgBasFsWatcher@@QAGHABU?$AvgStringRefBase@_W$0A@@@_N0V?$AvgFlags@W4ChangeEvent@AvgBasFsWatcher@@@@IAAPAVAvgBasWaitable@@@Z

?AttachForward@AvgBasWaitable@@IAGXPAV1@@Z

?DiscardChanges@Impl@AvgBasFsWatcher@@QAGHXZ

?DetachResource@AvgBasWaitable@@IAGXXZ

?Delete@Impl@AvgBasFsWatcher@@SGXPAU12@@Z

?GetHandle@AvgBasWaitable@@IBGPAXXZ

?GetForward@AvgBasWaitable@@IBGPAV1@XZ

?Sleep@AvgBasThread@@SGHH@Z

??1AvgBasSharedLibraryLoader@@UAE@XZ

?Unload@AvgBasSharedLibraryLoader@@UAGXXZ

?AttachTo@AvgBasSharedLibraryLoader@@QAGHPBDPCRAX@Z

?AvgGetStringSizeInElements@@YGIPB_W@Z

?GetStringValue@AvgBasWinRegistryHandle@@QAGHAAV?$IAvgString@_W$0A@@@ABU?$AvgStringRefBase@_W$0A@@@@Z

?GetSpecialFolder@AvgEnvironment@@YGHW4SpecialFolder@1@AAV?$IAvgString@_W$0A@@@@Z

??1AvgBasWinRegistryHandle@@QAE@XZ

?CloseKey@AvgBasWinRegistryHandle@@QAGXXZ

?OpenKeyIfExists@AvgBasWinRegistryHandle@@QAGHABU?$AvgStringRefBase@_W$0A@@@@Z

?SetViewMode@AvgBasWinRegistryHandle@@QAGHV?$AvgFlags@W4AvgBasWinRegistryViewModeValues@@@@@Z

?IsWow64ViewModeSupported@AvgBasWinRegistryHandle@@SG_NXZ

??0AvgBasWinRegistryHandle@@QAE@W4AvgBasWinRegistryRootType@@@Z

?Load@AvgBasSharedLibraryLoader@@QAGHPB_W@Z

??0AvgBasSharedLibraryLoader@@QAE@PB_W@Z

?GetMaxPathLength@AvgEnvironment@@YGHAAIPB_W@Z

?Acquire@AvgBasCriticalSection@@QAGHXZ

?IsInitialized@AvgBasCriticalSection@@QBG_NXZ

??1AvgBasCriticalSection@@QAE@XZ

?Release@AvgBasCriticalSection@@QAGHXZ

?Create@AvgBasCriticalSection@@QAGHXZ

??0AvgBasCriticalSection@@QAE@XZ

??1AvgSpinLockLocker@@QAE@XZ

?InitializeEnvironment@AvgEnvironment@@YGHXZ

??0AvgSpinLockLocker@@QAE@PAUAvgSpinLock@@_N@Z

?AvgInitializeSysMini@@YGHXZ

?AvgDestroySysMini@@YGXXZ

?DestroyEnvironment@AvgEnvironment@@YGXXZ

?IsPathRooted@AvgBasPath@@YG_NPB_WI@Z

?GetFullPath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?GetRandomTempFileName@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PAI@Z

?GetRandomTempFileNameSize@AvgBasPath@@YGIXZ

?GetDirectoryPathFromFilenamePath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?GetFilename@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?GetFilenameExtension@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?GetFilenameWithoutExtension@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?ChangeExtension@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_W1IIPAI@Z

?AvgCreateErrorCodeFromWin32@@YGHW4_AvgErrorCodeSeverity@@K@Z

?AvgGenerateRandomDWord@@YGKXZ

?AvgPrintV@@YGHPBDPAD@Z

?AvgConvertAvgTimeToTimeT@@YGHAA_J_K@Z

?AvgConvertTMToAvgTime@@YGHAA_KAAUtm@@@Z

?FreeKey@AvgTls@@YGHAAUKeyBase@1@@Z

?SetValue@AvgTls@@YGHABUKeyBase@1@PAX@Z

?GetValue@AvgTls@@YGHABUKeyBase@1@AAPAX@Z

?AllocateKey@AvgTls@@YGHAAUKeyBase@1@@Z

?AvgWinIsProcessBeingDebugged@@YG_NXZ

?AvgKernel32IsFnLoaded_UnhandledExceptionFilter@@YG_NXZ

?AvgKernel32_UnhandledExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z

?GetComputername@AvgEnvironment@@YGHAAV?$IAvgString@_W$0A@@@@Z

?GetCurrentProcessId@AvgProcess@@YGKXZ

?AvgGetSystemTime@@YGHAA_K@Z

?GetFileWriteTime@AvgBasFs@@YGHPB_WAA_K@Z

?DeleteFiles@AvgBasFs@@YGHPB_W0PAI@Z

??1AvgUtf16CharHeapBuffer@@QAE@XZ

??0AvgUtf16CharHeapBuffer@@QAE@XZ

?Assign@AvgUtf16CharHeapBuffer@@QAGHPB_WI@Z

?AppendDescriptorToObject@AvgWinSecurity@@YGHAAVAvgWinSecurityDescriptor@@ABVAvgWinObject@@_N@Z

?AddDaclAce@AvgWinSecurityDescriptor@@QAGHW4WellKnownSidType@AvgWinSecurityIdentifier@@HW4Type@AvgWinAce@@V?$AvgFlags@W4FlagsValues@AvgWinAce@@@@@Z

?Initialize@AvgWinMandatoryLabel@@QAGHW4Label@1@V?$AvgFlags@W4FlagsValues@AvgWinMandatoryLabel@@@@@Z

?Initialize@AvgWinSecurityDescriptor@@QAGHXZ

??0AvgWinSecurityDescriptor@@QAE@XZ

?CreateDir@AvgBasFs@@YGHPB_W_NPAVAvgSecurityCtx@@@Z

?DirectoryExists@AvgBasFs@@YGHPB_W@Z

??1Item@AvgBasFs@@QAE@XZ

?AvgNtdll_RtlDosPathNameToNtPathName_T_EliminateDosDevice@@YGHPB_WPAU_UNICODE_STRING@@@Z

?AvgCompareStringNoCase@@YGHW4AvgCodePage@@PB_W1II@Z

?AvgGenerateRandomBuffer@@YGXPAEI@Z

?AvgFormatStringV@@YGHW4AvgCodePage@@PA_WIPB_WPAIPAD@Z

?GetAttributes@AvgBasFs@@YGHAAVAttributes@1@PB_W@Z

?FileExists@AvgBasFs@@YGHPB_W@Z

?GetFullName@Item@AvgBasFs@@QBGHABU?$AvgMutableStringRefBase@_W$0A@@@@Z

?AvgFindElementFromRight@@YGPB_WPB_W_WI@Z

?Close@AvgBasWinLockFileResource@@QAGHXZ

?IsInitialized@AvgBasWinLockFileResource@@QBG_NXZ

?Delete@AvgBasFs@@YGHPB_WV?$AvgFlags@W4FileDeleteFlagItems@AvgBasFs@@@@@Z

?Move@AvgBasFs@@YGHPB_W0W4FileOverwriteParamters@1@@Z

??1AvgBasWinLockFileResource@@UAE@XZ

??0AvgBasWinLockFileResource@@QAE@XZ

?AvgConvertNumber2String@@YGHPA_WI_KHPAI@Z

?AvgConvertFileSize2String@@YGHPA_WI_JHPAI@Z

?AvgNtdll_RtlGetCurrentTransaction@@YGPAXXZ

?AvgConvertSize2String@@YGHPA_WIIHPAI@Z

?AvgConvertString2Size@@YGHAAIPB_WIHPAPB_W@Z

?AvgConvertString2FileSize@@YGHAA_JPB_WIHPAPB_W@Z

?Release@AvgBasWinLockFileResource@@QAGHXZ

?AcquireExclusive@AvgBasWinLockFileResource@@QAGHH@Z

?Less@AvgTimeStruct@@QBG_NABU1@W4ComparisonResolution@1@@Z

?AvgConvertAvgTimeToStruct@@YGHAAUAvgTimeStruct@@_K@Z

??0AvgTimeStruct@@QAE@XZ

?GetCreationTime@Item@AvgBasFs@@QBG_KXZ

?GetFileCreationTime@AvgBasFs@@YGHPB_WAA_K@Z

?AvgGetStringSizeInElements@@YGIPBD@Z

?AvgWinZwCreateFile@@YGHPB_WPAPAXKPAU_IO_STATUS_BLOCK@@PAT_LARGE_INTEGER@@KKKKPAXK4@Z

?GetSecurityDescriptor@AvgWinSecurityDescriptor@@QAGHAAPAX@Z

?AvgConvertUtf162MbString@@YGHPADIPB_WW4AvgCodePage@@PAII@Z

?AvgGetUtf162MbStringSize@@YGHAAIPB_WW4AvgCodePage@@I@Z

?AvgFindElement@@YGPB_WPB_W_WI@Z

?AvgCompareSubStringNoCase@@YGHW4AvgCodePage@@PB_W1III@Z

?Destroy@AvgBasWaitable@@UAGHXZ

?Cleanup@AvgBasThread@@MAGXXZ

?Set@AvgBasEvent@@QAGHXZ

?Create@AvgBasEvent@@QAGHW4ResetType@1@_N@Z

?WaitForThreadToStop@AvgBasThread@@QAGHH@Z

?SetStopRequest@AvgBasThread@@QAGHXZ

?Initialize@AvgBasThread@@QAGHPAVAvgBasEvent@@@Z

?Wait@AvgBasEvent@@QAGHH@Z

?StartThread@AvgBasThread@@QAGHW4AvgPriority@@PAVAvgSecurityCtx@@V?$AvgFlags@W4ThreadFlag@AvgBasThread@@@@PBD@Z

?Reset@AvgBasEvent@@QAGHXZ

?GetThreadStopRequestEvent@AvgBasThread@@QAGAAVAvgBasEvent@@XZ

?AvgConvertDouble2String@@YGHPA_WINHPAI@Z

?GetCurrentThreadId@AvgBasThread@@SGKXZ

?AvgGenerateRandomByte@@YGEXZ

?AvgMemXor@@YGXPAEIPBEI_J@Z

?Release@AvgSpinLockLocker@@QAGXXZ

?GetResourceType@AvgBasWaitable@@IBG?AW4AvgBasWaitableResourceType@@XZ

?AvgOutput@@YGHPB_WI_NW4AvgCodePage@@@Z

?AvgErrorOutput@@YGHPB_WI_NW4AvgCodePage@@@Z

?Initialize@Item@AvgBasFs@@QAGHPBEIABU?$AvgStringRefBase@_W$0A@@@@Z

?New@Impl@DirectoryEnumerator@AvgBasFs@@SGHAAPAU123@PB_W1V?$AvgFlags@W4DirectoryEnumerationFlagItems@AvgBasFs@@@@PAVAvgWinTransaction@@@Z

??0Item@AvgBasFs@@QAE@XZ

?GetProcessName@AvgProcess@@YGHKAAU_AVG_UTF16CHAR_STR@@PAI@Z

?Initialize@AvgWinSecurityIdentifier@@QAGHW4WellKnownSidType@1@PBV1@@Z

?AddDaclAce@AvgWinSecurityDescriptor@@QAGHABVAvgWinAce@@@Z

?AvgGetMb2Utf16StringSize@@YGHAAIPBDW4AvgCodePage@@I@Z

?AvgConvertMb2Utf16String@@YGHPA_WIPBDW4AvgCodePage@@PAII@Z

?FreeResource@AvgBasWaitable@@IAGHXZ

?AvgNtdll_RtlSetCurrentTransaction@@YGEPAX@Z

?AvgConvertNumber2String@@YGHPA_WIKHPAI@Z

?OpenOrCreate@AvgBasWinLockFileResource@@QAGHPB_WPAVAvgSecurityCtx@@_N@Z

avgntopensslx

RSA_free

RSA_new

BN_set_word

BN_bin2bn

BN_new

RSA_public_encrypt

RSA_size

Exports

AvgGetLogObject

AvgLogLibraryReconfigure

AvgLogLibraryReloadConfig

AvgLogLibraryRemoteReconfigure

AvgLogLibraryRemoteReloadConfig

AvgReleaseLogObject

Sections

.text
Size: 222KB - Virtual size: 221KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

avglogx.sys

.dll windows:6 windows x86 arch:x86

b26dba092886a2b71dc7dd9de0e8c86c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

Extended Key Usages

ExtKeyUsageServerAuth

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

26:6d:33:3e:de:17:a8:b4:72:05:3e:4f:a3:93:45:72
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

22/10/2014, 00:00

Not After

20/01/2018, 23:59

Subject

CN=AVG Technologies CZ\, s.r.o.,O=AVG Technologies CZ\, s.r.o.,L=Brno,ST=Jihomoravsky kraj,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

Extended Key Usages

ExtKeyUsageServerAuth

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

20:c1:e2:57:ed:16:f4:e6:48:7a:79:ee:52:af:cb:58
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

22/10/2014, 00:00

Not After

20/01/2018, 23:59

Subject

CN=AVG Technologies CZ\, s.r.o.,O=AVG Technologies CZ\, s.r.o.,L=Brno,ST=Jihomoravsky kraj,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

5e:8d:2d:ac:a4:46:65:54:6b:b5:87:97:81:91:a8:bf
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

31/10/2007, 00:00

Not After

30/10/2017, 23:59

Subject

CN=GeoTrust Timestamping Signer 1,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

62:02:ed:f6:c1:41:dc:18:25:34:cd:2c:a8:4b:09:f2:bc:2e:1e:bf:d9:7a:81:a6:da:27:46:ff:c6:0d:3c:ea
Signer

Actual PE Digest

62:02:ed:f6:c1:41:dc:18:25:34:cd:2c:a8:4b:09:f2:bc:2e:1e:bf:d9:7a:81:a6:da:27:46:ff:c6:0d:3c:ea

Digest Algorithm

sha256

PE Digest Matches

true

4e:26:e4:34:b7:b8:31:c9:19:35:42:ef:12:6b:70:2e:2c:b8:61:ae
Signer

Actual PE Digest

4e:26:e4:34:b7:b8:31:c9:19:35:42:ef:12:6b:70:2e:2c:b8:61:ae

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

d:\nightly\sandbox_avg_vc10_HotFix2013-19\source\build\avg_drivers_vs100\bin\Release_Unicode_DRIVER_wxp_vs100\Win32\avglogx.pdb

Imports

ntoskrnl.exe

memmove

ExAllocatePoolWithTag

IoBuildDeviceIoControlRequest

IoDeleteSymbolicLink

ExFreePoolWithTag

KeResetEvent

IoRegisterShutdownNotification

KeInitializeMutex

IoRegisterDriverReinitialization

RtlInitUnicodeString

IoDeleteDevice

KeSetEvent

KeInitializeEvent

ZwQuerySystemInformation

KeReleaseMutex

ZwWaitForSingleObject

PsCreateSystemThread

IoGetDeviceObjectPointer

KeWaitForMultipleObjects

IoUnregisterShutdownNotification

ZwClose

IofCompleteRequest

KeWaitForSingleObject

IoCreateSymbolicLink

PsGetCurrentProcessId

IoCreateDevice

IofCallDriver

ZwOpenKey

ZwReadFile

CcFlushCache

ZwSetInformationFile

IoFileObjectType

ZwQueryInformationFile

ZwWriteFile

ZwCreateEvent

ZwFsControlFile

ZwOpenFile

ObfDereferenceObject

ObReferenceObjectByHandle

ZwQueryValueKey

_purecall

RtlTimeFieldsToTime

RtlTimeToTimeFields

ZwOpenProcessToken

ZwQueryInformationToken

ZwCreateFile

ZwCreateKey

ZwSetValueKey

ZwEnumerateValueKey

ZwDeleteKey

ZwEnumerateKey

ZwQueryKey

ZwCancelIoFile

NtLockFile

NtUnlockFile

RtlUpcaseUnicodeString

RtlCompareUnicodeString

KeQueryTimeIncrement

KeTickCount

MmGetSystemRoutineAddress

KeDelayExecutionThread

PsTerminateSystemThread

PsGetCurrentThreadId

NtBuildNumber

KeGetCurrentThread

RtlAnsiStringToUnicodeString

RtlUnicodeStringToAnsiString

RtlxOemStringToUnicodeSize

RtlxAnsiStringToUnicodeSize

RtlOemStringToUnicodeString

RtlxUnicodeStringToAnsiSize

NlsMbOemCodePageTag

RtlxUnicodeStringToOemSize

RtlGetAce

RtlCreateAcl

RtlValidSecurityDescriptor

RtlSetDaclSecurityDescriptor

RtlEqualSid

RtlCopySid

ZwQuerySecurityObject

RtlGetSaclSecurityDescriptor

RtlSetGroupSecurityDescriptor

RtlGetGroupSecurityDescriptor

RtlSetSaclSecurityDescriptor

ZwSetSecurityObject

RtlGetDaclSecurityDescriptor

RtlGetOwnerSecurityDescriptor

RtlCreateSecurityDescriptor

RtlSetOwnerSecurityDescriptor

ZwMapViewOfSection

ZwFlushVirtualMemory

ZwUnmapViewOfSection

ZwCreateSection

ZwSetEvent

ZwResetEvent

PsGetVersion

ZwQueryDirectoryFile

RtlValidSid

RtlCompareMemory

RtlLengthSid

_allmul

memcpy

_alldiv

_except_handler3

memset

_aullshr

_allrem

_aulldvrm

_aullrem

_aulldiv

hal

KfReleaseSpinLock

KfAcquireSpinLock

KeGetCurrentIrql

Sections

.text
Size: 223KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

PAGE
Size: 512B - Virtual size: 269B

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

avgntdumpx.exe

.sys windows:5 windows x86 arch:x86

401fa6d69f129750bc91946c8ad1c6e3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

Extended Key Usages

ExtKeyUsageServerAuth

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

49:84:48:9d:ec:62:00:de:ce:ad:93:d4:73:2c:ab:ca
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2012, 00:00

Not After

05/01/2015, 23:59

Subject

CN=AVG Technologies CZ\, s.r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AVG Technologies CZ\, s.r.o.,L=Brno,ST=Jihomoravsky kraj,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

ff:c7:2f:2b:29:a8:c7:5f:a5:27:32:d5:8f:17:9d:96:ed:1d:06:c0
Signer

Actual PE Digest

ff:c7:2f:2b:29:a8:c7:5f:a5:27:32:d5:8f:17:9d:96:ed:1d:06:c0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\nightly\sandbox_avg_vc10_SmallUpdate2013-06\source\build\avg_client_ru_ntdll_sls_win32_vs100\bin\Release_Unicode_NTDLL_vs100\Win32\avgntdumpx.pdb

Imports

ntdll

memcpy

ZwQueryDefaultLocale

memmove

RtlNtStatusToDosError

ZwClose

ZwReadVirtualMemory

_aulldiv

ZwQueryObject

memset

ZwQuerySystemInformation

ZwQueryInformationProcess

_allmul

ZwQueryInformationThread

ZwQueryVirtualMemory

ZwOpenKey

RtlCompareUnicodeString

ZwEnumerateKey

ZwEnumerateValueKey

ZwQueryValueKey

RtlInitUnicodeString

RtlLengthSid

ZwQueryInformationToken

ZwDuplicateObject

ZwSuspendThread

ZwResumeThread

ZwGetContextThread

ZwOpenThread

ZwSetEvent

ZwOpenProcess

_alldiv

ZwWaitForSingleObject

ZwTerminateProcess

ZwCancelIoFile

ZwCreateFile

ZwDeviceIoControlFile

_aulldvrm

RtlAllocateHeap

RtlReAllocateHeap

RtlFreeHeap

ZwAdjustPrivilegesToken

NtClose

RtlOpenCurrentUser

RtlTimeToTimeFields

_aullrem

RtlTimeFieldsToTime

_chkstk

RtlFreeUnicodeString

ZwSetInformationFile

ZwQueryInformationFile

ZwOpenFile

ZwQueryVolumeInformationFile

ZwWaitForMultipleObjects

ZwCreateKey

RtlCreateSecurityDescriptor

RtlGetDaclSecurityDescriptor

RtlGetGroupSecurityDescriptor

RtlGetOwnerSecurityDescriptor

RtlGetSaclSecurityDescriptor

RtlValidSecurityDescriptor

RtlSetDaclSecurityDescriptor

RtlSetGroupSecurityDescriptor

RtlSetOwnerSecurityDescriptor

RtlSetSaclSecurityDescriptor

RtlCreateAcl

RtlAddAccessAllowedAceEx

RtlEqualSid

RtlGetAce

ZwQuerySecurityObject

ZwSetValueKey

ZwQueryKey

ZwDeleteKey

RtlLeaveCriticalSection

RtlEnterCriticalSection

RtlUpcaseUnicodeString

RtlQueryEnvironmentVariable_U

DbgPrint

_stricmp

_strnicmp

_ftol

_strcmpi

towupper

RtlInitializeCriticalSection

RtlDeleteCriticalSection

ZwSetInformationThread

ZwDelayExecution

ZwTerminateThread

RtlRaiseException

LdrShutdownThread

CsrClientCallServer

RtlCreateUserThread

LdrUnloadDll

LdrGetProcedureAddress

RtlInitAnsiString

LdrLoadDll

ZwCreateEvent

RtlxAnsiStringToUnicodeSize

RtlxOemStringToUnicodeSize

NlsMbOemCodePageTag

RtlAnsiStringToUnicodeString

RtlOemStringToUnicodeString

RtlxUnicodeStringToAnsiSize

RtlxUnicodeStringToOemSize

RtlUnicodeStringToAnsiString

RtlUnicodeStringToOemString

_aullshr

NtRaiseException

RtlDosPathNameToNtPathName_U

RtlExpandEnvironmentStrings_U

RtlGetFullPathName_U

RtlCreateUnicodeString

RtlLocalTimeToSystemTime

RtlGetCurrentDirectory_U

ZwDisplayString

ZwWriteFile

ZwFsControlFile

ZwReadFile

_allrem

RtlCopySid

RtlAddAccessDeniedAceEx

ZwSetSecurityObject

ZwResetEvent

ZwQuerySymbolicLinkObject

ZwOpenSymbolicLinkObject

LdrGetDllHandle

RtlReleasePebLock

RtlAcquirePebLock

ZwQueryDirectoryFile

RtlIsDosDeviceName_U

RtlUnwind

_allshl

RtlClearBits

RtlFindClearBitsAndSet

RtlAreBitsSet

ZwFlushVirtualMemory

ZwUnmapViewOfSection

ZwMapViewOfSection

ZwCreateSection

ZwAllocateUuids

ZwOpenSection

Sections

.text
Size: 459KB - Virtual size: 458KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

avgntopensslx.dll

.dll windows:5 windows x86 arch:x86

bd83dac85589f7a84aace148c3abc2b6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

Extended Key Usages

ExtKeyUsageServerAuth

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

49:84:48:9d:ec:62:00:de:ce:ad:93:d4:73:2c:ab:ca
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2012, 00:00

Not After

05/01/2015, 23:59

Subject

CN=AVG Technologies CZ\, s.r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AVG Technologies CZ\, s.r.o.,L=Brno,ST=Jihomoravsky kraj,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

3b:1d:d9:8d:e2:d3:57:3e:65:47:e6:37:0e:55:48:2f:52:c1:1e:6f
Signer

Actual PE Digest

3b:1d:d9:8d:e2:d3:57:3e:65:47:e6:37:0e:55:48:2f:52:c1:1e:6f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

d:\nightly\sandbox_avg_vc10_HotFix2013-16\source\build\avg_client_ru_ntdll_dls_win32_vs100\bin\Release_Unicode_NTDLL_DLS_vs100\Win32\avgntopensslx.pdb

Imports

ntdll

_ftol

RtlAllocateHeap

RtlFreeHeap

RtlReAllocateHeap

RtlLeaveCriticalSection

RtlNtStatusToDosError

RtlInitializeCriticalSection

RtlDeleteCriticalSection

ZwTerminateProcess

DbgPrint

RtlUnwind

ZwQueryVirtualMemory

ZwQuerySystemInformation

sscanf

_stricmp

_aullshr

isalnum

strcmp

strncpy

strtol

atoi

strrchr

_aullrem

isxdigit

_aulldiv

_allmul

memmove

isdigit

_aulldvrm

_chkstk

isupper

tolower

isspace

_strnicmp

strncmp

strtoul

qsort

strchr

memset

RtlEnterCriticalSection

memcpy

avgsysx

?AvgKernel32IsFnLoaded_UnhandledExceptionFilter@@YG_NXZ

?AvgWinIsProcessBeingDebugged@@YG_NXZ

?AllocateKey@AvgTls@@YGHAAUKeyBase@1@@Z

?GetValue@AvgTls@@YGHABUKeyBase@1@AAPAX@Z

?SetValue@AvgTls@@YGHABUKeyBase@1@PAX@Z

?FreeKey@AvgTls@@YGHAAUKeyBase@1@@Z

?AvgGenerateRandomDWord@@YGKXZ

?AvgCreateErrorCodeFromWin32@@YGHW4_AvgErrorCodeSeverity@@K@Z

?DestroyEnvironment@AvgEnvironment@@YGXXZ

?AvgDestroySysMini@@YGXXZ

?AvgInitializeSysMini@@YGHXZ

??0AvgSpinLockLocker@@QAE@PAUAvgSpinLock@@_N@Z

?InitializeEnvironment@AvgEnvironment@@YGHXZ

??1AvgSpinLockLocker@@QAE@XZ

?AvgGetTimestamp@@YGKXZ

?AvgReverseBits@@YGKK@Z

?GetCurrentThreadId@AvgBasThread@@SGKXZ

?AvgGetSystemTime@@YGHAA_K@Z

?AvgConvertAvgTimeToTimeT@@YGHAA_J_K@Z

?AvgConvertTimeTToAvgTime@@YGHAA_K_J@Z

??0AvgTimeStruct@@QAE@XZ

?AvgConvertAvgTimeToStruct@@YGHAAUAvgTimeStruct@@_K@Z

??0AvgBasCriticalSection@@QAE@XZ

?Create@AvgBasCriticalSection@@QAGHXZ

??1AvgBasCriticalSection@@QAE@XZ

?Acquire@AvgBasCriticalSection@@QAGHXZ

?Release@AvgBasCriticalSection@@QAGHXZ

?AvgKernel32_UnhandledExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z

Exports

ACCESS_DESCRIPTION_free

ACCESS_DESCRIPTION_it

ACCESS_DESCRIPTION_new

AES_cbc_encrypt

AES_cfb128_encrypt

AES_cfb1_encrypt

AES_cfb8_encrypt

AES_decrypt

AES_ecb_encrypt

AES_encrypt

AES_ofb128_encrypt

AES_set_decrypt_key

AES_set_encrypt_key

AES_unwrap_key

AES_wrap_key

ASN1_ANY_it

ASN1_BIT_STRING_check

ASN1_BIT_STRING_free

ASN1_BIT_STRING_get_bit

ASN1_BIT_STRING_it

ASN1_BIT_STRING_new

ASN1_BIT_STRING_set

ASN1_BIT_STRING_set_bit

ASN1_BMPSTRING_free

ASN1_BMPSTRING_it

ASN1_BMPSTRING_new

ASN1_BOOLEAN_it

ASN1_ENUMERATED_free

ASN1_ENUMERATED_get

ASN1_ENUMERATED_it

ASN1_ENUMERATED_new

ASN1_ENUMERATED_set

ASN1_ENUMERATED_to_BN

ASN1_FBOOLEAN_it

ASN1_GENERALIZEDTIME_adj

ASN1_GENERALIZEDTIME_check

ASN1_GENERALIZEDTIME_free

ASN1_GENERALIZEDTIME_it

ASN1_GENERALIZEDTIME_new

ASN1_GENERALIZEDTIME_print

ASN1_GENERALIZEDTIME_set

ASN1_GENERALIZEDTIME_set_string

ASN1_GENERALSTRING_free

ASN1_GENERALSTRING_it

ASN1_GENERALSTRING_new

ASN1_IA5STRING_free

ASN1_IA5STRING_it

ASN1_IA5STRING_new

ASN1_INTEGER_cmp

ASN1_INTEGER_dup

ASN1_INTEGER_free

ASN1_INTEGER_get

ASN1_INTEGER_it

ASN1_INTEGER_new

ASN1_INTEGER_set

ASN1_INTEGER_to_BN

ASN1_NULL_free

ASN1_NULL_it

ASN1_NULL_new

ASN1_OBJECT_create

ASN1_OBJECT_free

ASN1_OBJECT_it

ASN1_OBJECT_new

ASN1_OCTET_STRING_NDEF_it

ASN1_OCTET_STRING_cmp

ASN1_OCTET_STRING_dup

ASN1_OCTET_STRING_free

ASN1_OCTET_STRING_it

ASN1_OCTET_STRING_new

ASN1_OCTET_STRING_set

ASN1_PCTX_free

ASN1_PCTX_get_cert_flags

ASN1_PCTX_get_flags

ASN1_PCTX_get_nm_flags

ASN1_PCTX_get_oid_flags

ASN1_PCTX_get_str_flags

ASN1_PCTX_new

ASN1_PCTX_set_cert_flags

ASN1_PCTX_set_flags

ASN1_PCTX_set_nm_flags

ASN1_PCTX_set_oid_flags

ASN1_PCTX_set_str_flags

ASN1_PRINTABLESTRING_free

ASN1_PRINTABLESTRING_it

ASN1_PRINTABLESTRING_new

ASN1_PRINTABLE_free

ASN1_PRINTABLE_it

ASN1_PRINTABLE_new

ASN1_PRINTABLE_type

ASN1_SEQUENCE_ANY_it

ASN1_SEQUENCE_it

ASN1_SET_ANY_it

ASN1_STRING_TABLE_add

ASN1_STRING_TABLE_cleanup

ASN1_STRING_TABLE_get

ASN1_STRING_cmp

ASN1_STRING_copy

ASN1_STRING_data

ASN1_STRING_dup

ASN1_STRING_free

ASN1_STRING_get_default_mask

ASN1_STRING_length

ASN1_STRING_length_set

ASN1_STRING_new

ASN1_STRING_print

ASN1_STRING_print_ex

ASN1_STRING_set

ASN1_STRING_set0

ASN1_STRING_set_by_NID

ASN1_STRING_set_default_mask

ASN1_STRING_set_default_mask_asc

ASN1_STRING_to_UTF8

ASN1_STRING_type

ASN1_STRING_type_new

ASN1_T61STRING_free

ASN1_T61STRING_it

ASN1_T61STRING_new

ASN1_TBOOLEAN_it

ASN1_TIME_adj

ASN1_TIME_check

ASN1_TIME_free

ASN1_TIME_it

ASN1_TIME_new

ASN1_TIME_print

ASN1_TIME_set

ASN1_TIME_set_string

ASN1_TIME_to_generalizedtime

ASN1_TYPE_cmp

ASN1_TYPE_free

ASN1_TYPE_get

ASN1_TYPE_get_int_octetstring

ASN1_TYPE_get_octetstring

ASN1_TYPE_new

ASN1_TYPE_set

ASN1_TYPE_set1

ASN1_TYPE_set_int_octetstring

ASN1_TYPE_set_octetstring

ASN1_UNIVERSALSTRING_free

ASN1_UNIVERSALSTRING_it

ASN1_UNIVERSALSTRING_new

ASN1_UNIVERSALSTRING_to_string

ASN1_UTCTIME_adj

ASN1_UTCTIME_check

ASN1_UTCTIME_cmp_time_t

ASN1_UTCTIME_free

ASN1_UTCTIME_it

ASN1_UTCTIME_new

ASN1_UTCTIME_print

ASN1_UTCTIME_set

ASN1_UTCTIME_set_string

ASN1_UTF8STRING_free

ASN1_UTF8STRING_it

ASN1_UTF8STRING_new

ASN1_VISIBLESTRING_free

ASN1_VISIBLESTRING_it

ASN1_VISIBLESTRING_new

ASN1_bn_print

ASN1_check_infinite_end

ASN1_const_check_infinite_end

ASN1_d2i_bio

ASN1_digest

ASN1_dup

ASN1_generate_nconf

ASN1_generate_v3

ASN1_get_object

ASN1_i2d_bio

ASN1_item_d2i

ASN1_item_d2i_bio

ASN1_item_digest

ASN1_item_dup

ASN1_item_ex_d2i

ASN1_item_ex_free

ASN1_item_ex_i2d

ASN1_item_ex_new

ASN1_item_free

ASN1_item_i2d

ASN1_item_i2d_bio

ASN1_item_ndef_i2d

ASN1_item_new

ASN1_item_pack

ASN1_item_print

ASN1_item_sign

ASN1_item_unpack

ASN1_item_verify

ASN1_mbstring_copy

ASN1_mbstring_ncopy

ASN1_object_size

ASN1_pack_string

ASN1_parse

ASN1_parse_dump

ASN1_primitive_free

ASN1_primitive_new

ASN1_put_eoc

ASN1_put_object

ASN1_seq_pack

ASN1_seq_unpack

ASN1_sign

ASN1_tag2bit

ASN1_tag2str

ASN1_template_d2i

ASN1_template_free

ASN1_template_i2d

ASN1_template_new

ASN1_unpack_string

ASN1_verify

ASN1_version

AUTHORITY_INFO_ACCESS_free

AUTHORITY_INFO_ACCESS_it

AUTHORITY_INFO_ACCESS_new

AUTHORITY_KEYID_free

AUTHORITY_KEYID_it

AUTHORITY_KEYID_new

AvgAddSslCiphers

BASIC_CONSTRAINTS_free

BASIC_CONSTRAINTS_it

BASIC_CONSTRAINTS_new

BF_cbc_encrypt

BF_cfb64_encrypt

BF_decrypt

BF_ecb_encrypt

BF_encrypt

BF_ofb64_encrypt

BF_options

BF_set_key

BF_version

BIGNUM_it

BIO_asn1_get_prefix

BIO_asn1_get_suffix

BIO_asn1_set_prefix

BIO_asn1_set_suffix

BIO_callback_ctrl

BIO_clear_flags

BIO_copy_next_retry

BIO_ctrl

BIO_ctrl_pending

BIO_ctrl_wpending

BIO_dump

BIO_dump_cb

BIO_dump_indent

BIO_dump_indent_cb

BIO_dup_chain

BIO_f_asn1

BIO_f_base64

BIO_f_buffer

BIO_f_cipher

BIO_f_md

BIO_find_type

BIO_free

BIO_free_all

BIO_get_callback

BIO_get_callback_arg

BIO_get_ex_data

BIO_get_ex_new_index

BIO_get_retry_BIO

BIO_get_retry_reason

BIO_gets

BIO_indent

BIO_int_ctrl

BIO_method_name

BIO_method_type

BIO_new

BIO_new_CMS

BIO_new_NDEF

BIO_new_mem_buf

BIO_next

BIO_number_read

BIO_number_written

BIO_pop

BIO_printf

BIO_ptr_ctrl

BIO_push

BIO_puts

BIO_read

BIO_s_mem

BIO_s_null

BIO_set

BIO_set_callback

BIO_set_callback_arg

BIO_set_cipher

BIO_set_ex_data

BIO_set_flags

BIO_snprintf

BIO_test_flags

BIO_vfree

BIO_vprintf

BIO_vsnprintf

BIO_write

BN_BLINDING_convert

BN_BLINDING_convert_ex

BN_BLINDING_create_param

BN_BLINDING_free

BN_BLINDING_get_flags

BN_BLINDING_get_thread_id

BN_BLINDING_invert

BN_BLINDING_invert_ex

BN_BLINDING_new

BN_BLINDING_set_flags

BN_BLINDING_set_thread_id

BN_BLINDING_thread_id

BN_BLINDING_update

BN_CTX_end

BN_CTX_free

BN_CTX_get

BN_CTX_init

BN_CTX_new

BN_CTX_start

BN_GENCB_call

BN_GF2m_add

BN_GF2m_arr2poly

BN_GF2m_mod

BN_GF2m_mod_arr

BN_GF2m_mod_div

BN_GF2m_mod_div_arr

BN_GF2m_mod_exp

BN_GF2m_mod_exp_arr

BN_GF2m_mod_inv

BN_GF2m_mod_inv_arr

BN_GF2m_mod_mul

BN_GF2m_mod_mul_arr

BN_GF2m_mod_solve_quad

BN_GF2m_mod_solve_quad_arr

BN_GF2m_mod_sqr

BN_GF2m_mod_sqr_arr

BN_GF2m_mod_sqrt

BN_GF2m_mod_sqrt_arr

BN_GF2m_poly2arr

BN_MONT_CTX_copy

BN_MONT_CTX_free

BN_MONT_CTX_init

BN_MONT_CTX_new

BN_MONT_CTX_set

BN_MONT_CTX_set_locked

BN_RECP_CTX_free

BN_RECP_CTX_init

BN_RECP_CTX_new

BN_RECP_CTX_set

BN_add

BN_add_word

BN_asc2bn

BN_bin2bn

BN_bn2bin

BN_bn2dec

BN_bn2hex

BN_bntest_rand

BN_clear

BN_clear_bit

BN_clear_free

BN_cmp

BN_copy

BN_dec2bn

BN_div

BN_div_recp

BN_div_word

BN_dup

BN_exp

BN_free

BN_from_montgomery

BN_gcd

BN_generate_prime_ex

BN_get0_nist_prime_192

BN_get0_nist_prime_224

BN_get0_nist_prime_256

BN_get0_nist_prime_384

BN_get0_nist_prime_521

BN_get_params

BN_get_word

BN_hex2bn

BN_init

BN_is_bit_set

BN_is_prime_ex

BN_is_prime_fasttest_ex

BN_kronecker

BN_lshift

BN_lshift1

BN_mask_bits

BN_mod_add

BN_mod_add_quick

BN_mod_exp

BN_mod_exp2_mont

BN_mod_exp_mont

BN_mod_exp_mont_consttime

BN_mod_exp_mont_word

BN_mod_exp_recp

BN_mod_exp_simple

BN_mod_inverse

BN_mod_lshift

BN_mod_lshift1

BN_mod_lshift1_quick

BN_mod_lshift_quick

BN_mod_mul

BN_mod_mul_montgomery

BN_mod_mul_reciprocal

BN_mod_sqr

BN_mod_sqrt

BN_mod_sub

BN_mod_sub_quick

BN_mod_word

BN_mul

BN_mul_word

BN_new

BN_nist_mod_192

BN_nist_mod_224

BN_nist_mod_256

BN_nist_mod_384

BN_nist_mod_521

BN_nnmod

BN_num_bits

BN_num_bits_word

BN_options

BN_print

BN_pseudo_rand

BN_pseudo_rand_range

BN_rand

BN_rand_range

BN_reciprocal

BN_rshift

BN_rshift1

BN_set_bit

BN_set_negative

BN_set_params

BN_set_word

BN_sqr

BN_sub

BN_sub_word

BN_swap

BN_to_ASN1_ENUMERATED

BN_to_ASN1_INTEGER

BN_uadd

BN_ucmp

BN_usub

BN_value_one

BN_version

BUF_MEM_free

BUF_MEM_grow

BUF_MEM_grow_clean

BUF_MEM_new

BUF_memdup

BUF_reverse

BUF_strdup

BUF_strlcat

BUF_strlcpy

BUF_strndup

CAMELLIA_version

CAST_S_table0

CAST_S_table1

CAST_S_table2

CAST_S_table3

CAST_S_table4

CAST_S_table5

CAST_S_table6

CAST_S_table7

CAST_cbc_encrypt

CAST_cfb64_encrypt

CAST_decrypt

CAST_ecb_encrypt

CAST_encrypt

CAST_ofb64_encrypt

CAST_set_key

CAST_version

CBIGNUM_it

CERTIFICATEPOLICIES_free

CERTIFICATEPOLICIES_it

CERTIFICATEPOLICIES_new

CMS_Attributes_Sign_it

CMS_Attributes_Verify_it

CMS_AuthenticatedData_it

CMS_CertificateChoices_it

CMS_CompressedData_it

CMS_ContentInfo_free

CMS_ContentInfo_it

CMS_ContentInfo_new

CMS_ContentInfo_print_ctx

CMS_DigestedData_it

CMS_EncapsulatedContentInfo_it

CMS_EncryptedContentInfo_it

CMS_EncryptedData_it

CMS_EncryptedData_set1_key

CMS_EnvelopedData_create

CMS_EnvelopedData_it

CMS_IssuerAndSerialNumber_it

CMS_KEKIdentifier_it

CMS_KEKRecipientInfo_it

CMS_KeyAgreeRecipientIdentifier_it

CMS_KeyAgreeRecipientInfo_it

CMS_KeyTransRecipientInfo_it

CMS_OriginatorIdentifierOrKey_it

CMS_OriginatorInfo_it

CMS_OriginatorPublicKey_it

CMS_OtherCertificateFormat_it

CMS_OtherKeyAttribute_it

CMS_OtherRecipientInfo_it

CMS_OtherRevocationInfoFormat_it

CMS_PasswordRecipientInfo_it

CMS_ReceiptRequest_it

CMS_Receipt_it

CMS_ReceiptsFrom_it

CMS_RecipientEncryptedKey_it

CMS_RecipientInfo_decrypt

CMS_RecipientInfo_it

CMS_RecipientInfo_kekri_get0_id

Sections

.text
Size: 579KB - Virtual size: 579KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 253KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

avgntsqlitex.dll

.dll windows:5 windows x86 arch:x86

a96d5b65fdde27b129cdd9e4a03b638f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

Extended Key Usages

ExtKeyUsageServerAuth

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

49:84:48:9d:ec:62:00:de:ce:ad:93:d4:73:2c:ab:ca
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2012, 00:00

Not After

05/01/2015, 23:59

Subject

CN=AVG Technologies CZ\, s.r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AVG Technologies CZ\, s.r.o.,L=Brno,ST=Jihomoravsky kraj,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0f:57:c7:ca:15:2a:08:e7:9d:44:57:9d:3f:6a:75:59:04:c6:f8:61
Signer

Actual PE Digest

0f:57:c7:ca:15:2a:08:e7:9d:44:57:9d:3f:6a:75:59:04:c6:f8:61

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

d:\nightly\sandbox_avg_vc10_AVG2013_SP1_RR\source\build\avg_client_ru_ntdll_dls_win32_vs100\bin\Release_Unicode_NTDLL_DLS_vs100\Win32\avgntsqlitex.pdb

Imports

avgsysx

?Acquire@AvgBasCriticalSection@@QAGHXZ

??1AvgBasCriticalSection@@QAE@XZ

??0AvgBasCriticalSection@@QAE@XZ

?Destroy@AvgBasCriticalSection@@QAGHXZ

?Create@AvgBasCriticalSection@@QAGHXZ

?IsInitialized@AvgBasCriticalSection@@QBG_NXZ

?Release@AvgBasCriticalSection@@QAGHXZ

?AvgGenerateRandomDWord@@YGKXZ

?GetForward@AvgBasWaitable@@IBGPAV1@XZ

?AvgGenerateRandomBuffer@@YGXPAEI@Z

?Sleep@AvgBasThread@@SGHH@Z

?AvgCopyString@@YGHPADIPBDI@Z

?AvgGetSystemTime@@YGHAA_K@Z

?Wait@AvgBasEvent@@QAGHH@Z

?Reset@AvgBasEvent@@QAGHXZ

?Set@AvgBasEvent@@QAGHXZ

?Destroy@AvgBasWaitable@@UAGHXZ

?DetachResource@AvgBasWaitable@@IAGXXZ

?IsInitialized@AvgBasWaitable@@QBG_NXZ

?AvgGetStringSizeInElements@@YGIPBD@Z

?AvgBufferXor@@YGXPAEPBEI1I_J@Z

??1AvgBasSharedLibraryLoader@@UAE@XZ

??0AvgBasSharedLibraryLoader@@QAE@PB_W@Z

?Unload@AvgBasSharedLibraryLoader@@UAGXXZ

?AttachTo@AvgBasSharedLibraryLoader@@QAGHPBDPCRAX@Z

?AvgGetStringSizeInElements@@YGIPB_W@Z

?GetStringValue@AvgBasWinRegistryHandle@@QAGHAAV?$IAvgString@_W$0A@@@ABU?$AvgStringRefBase@_W$0A@@@@Z

?GetSpecialFolder@AvgEnvironment@@YGHW4SpecialFolder@1@AAV?$IAvgString@_W$0A@@@@Z

??1AvgBasWinRegistryHandle@@QAE@XZ

?CloseKey@AvgBasWinRegistryHandle@@QAGXXZ

?OpenKeyIfExists@AvgBasWinRegistryHandle@@QAGHABU?$AvgStringRefBase@_W$0A@@@@Z

?SetViewMode@AvgBasWinRegistryHandle@@QAGHV?$AvgFlags@W4AvgBasWinRegistryViewModeValues@@@@@Z

?IsWow64ViewModeSupported@AvgBasWinRegistryHandle@@SG_NXZ

??0AvgBasWinRegistryHandle@@QAE@W4AvgBasWinRegistryRootType@@@Z

?Load@AvgBasSharedLibraryLoader@@QAGHPB_W@Z

?AvgConvertMb2Utf16String@@YGHPA_WIPBDW4AvgCodePage@@PAII@Z

?AvgGetMb2Utf16StringSize@@YGHAAIPBDW4AvgCodePage@@I@Z

?Delete@AvgBasFs@@YGHPB_WV?$AvgFlags@W4FileDeleteFlagItems@AvgBasFs@@@@@Z

?FileExists@AvgBasFs@@YGHPB_W@Z

?AvgConvertUtf162MbString@@YGHPADIPB_WW4AvgCodePage@@PAII@Z

?AvgGetUtf162MbStringSize@@YGHAAIPB_WW4AvgCodePage@@I@Z

?GetMaxPathLength@AvgEnvironment@@YGHAAIPB_W@Z

?Create@AvgBasEvent@@QAGHW4ResetType@1@_N@Z

?AvgKernel32IsFnLoaded_UnhandledExceptionFilter@@YG_NXZ

?AvgWinIsProcessBeingDebugged@@YG_NXZ

?AvgNtdll_RtlGetCurrentTransaction@@YGPAXXZ

?AvgNtdll_RtlSetCurrentTransaction@@YGEPAX@Z

?AllocateKey@AvgTls@@YGHAAUKeyBase@1@@Z

?GetValue@AvgTls@@YGHABUKeyBase@1@AAPAX@Z

?SetValue@AvgTls@@YGHABUKeyBase@1@PAX@Z

?FreeKey@AvgTls@@YGHAAUKeyBase@1@@Z

?GetSecurityDescriptor@AvgWinSecurityDescriptor@@QAGHAAPAX@Z

?AvgConvertTMToAvgTime@@YGHAA_KAAUtm@@@Z

?AvgConvertAvgTimeToTimeT@@YGHAA_J_K@Z

?AvgPrintV@@YGHPBDPAD@Z

?FreeResource@AvgBasWaitable@@IAGHXZ

?AvgNtdll_RtlDosPathNameToNtPathName_T_EliminateDosDevice@@YGHPB_WPAU_UNICODE_STRING@@@Z

?AvgKernel32_UnhandledExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z

?GetRandomTempFileNameSize@AvgBasPath@@YGIXZ

?GetRandomTempFileName@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PAI@Z

?GetTempDirPath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PAI@Z

?GetFullPath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?IsPathRooted@AvgBasPath@@YG_NPB_WI@Z

??1AvgSpinLockLocker@@QAE@XZ

?InitializeEnvironment@AvgEnvironment@@YGHXZ

??0AvgSpinLockLocker@@QAE@PAUAvgSpinLock@@_N@Z

?AvgInitializeSysMini@@YGHXZ

?AvgDestroySysMini@@YGXXZ

?DestroyEnvironment@AvgEnvironment@@YGXXZ

?GetHandle@AvgBasWaitable@@IBGPAXXZ

?AvgCreateErrorCodeFromWin32@@YGHW4_AvgErrorCodeSeverity@@K@Z

?AttachHandle@AvgBasWaitable@@IAGXPAX@Z

?InternalWait@AvgBasWaitable@@IAGHH@Z

?AttachForward@AvgBasWaitable@@IAGXPAV1@@Z

?GetResourceType@AvgBasWaitable@@IBG?AW4AvgBasWaitableResourceType@@XZ

ntdll

ZwQueryVirtualMemory

RtlUnwind

ZwTerminateProcess

RtlDeleteCriticalSection

RtlInitializeCriticalSection

RtlEnterCriticalSection

RtlLeaveCriticalSection

ZwSetEvent

ZwCreateSection

ZwMapViewOfSection

ZwUnmapViewOfSection

ZwQuerySystemInformation

ZwFlushVirtualMemory

ZwFlushBuffersFile

ZwWriteFile

ZwReadFile

towupper

_strcmpi

_strnicmp

_stricmp

DbgPrint

_ftol

ZwSetInformationFile

ZwCreateFile

RtlFreeUnicodeString

RtlFreeHeap

RtlReAllocateHeap

RtlAllocateHeap

ZwWaitForMultipleObjects

ZwQueryInformationFile

NtUnlockFile

NtLockFile

ZwWaitForSingleObject

ZwCancelIoFile

ZwCreateEvent

ZwClose

RtlNtStatusToDosError

_aullshr

memmove

_allshl

_aulldiv

_aullrem

_aulldvrm

strncmp

_alldiv

_allmul

_alldvrm

_allrem

memset

memcpy

Exports

AvgGetSqlite3ApiRoutines

AvgSqliteCancelAllIo

AvgSqliteEncryptedVfsClear

AvgSqliteEncryptedVfsRegisterXor

AvgSqliteGetBusyTimeout

AvgSqliteGetLastError

AvgSqliteSetBusyTimeout

sqlite3_aggregate_context

sqlite3_backup_finish

sqlite3_backup_init

sqlite3_backup_pagecount

sqlite3_backup_remaining

sqlite3_backup_step

sqlite3_bind_blob

sqlite3_bind_double

sqlite3_bind_int

sqlite3_bind_int64

sqlite3_bind_null

sqlite3_bind_parameter_count

sqlite3_bind_parameter_index

sqlite3_bind_parameter_name

sqlite3_bind_text

sqlite3_bind_text16

sqlite3_bind_value

sqlite3_bind_zeroblob

sqlite3_blob_bytes

sqlite3_blob_close

sqlite3_blob_open

sqlite3_blob_read

sqlite3_blob_write

sqlite3_busy_handler

sqlite3_busy_timeout

sqlite3_changes

sqlite3_clear_bindings

sqlite3_close

sqlite3_collation_needed

sqlite3_collation_needed16

sqlite3_column_blob

sqlite3_column_bytes

sqlite3_column_bytes16

sqlite3_column_count

sqlite3_column_database_name

sqlite3_column_database_name16

sqlite3_column_decltype

sqlite3_column_decltype16

sqlite3_column_double

sqlite3_column_int

sqlite3_column_int64

sqlite3_column_name

sqlite3_column_name16

sqlite3_column_origin_name

sqlite3_column_origin_name16

sqlite3_column_table_name

sqlite3_column_table_name16

sqlite3_column_text

sqlite3_column_text16

sqlite3_column_type

sqlite3_column_value

sqlite3_commit_hook

sqlite3_compileoption_get

sqlite3_compileoption_used

sqlite3_complete

sqlite3_complete16

sqlite3_context_db_handle

sqlite3_create_collation

sqlite3_create_collation16

sqlite3_create_collation_v2

sqlite3_create_function

sqlite3_create_function16

sqlite3_create_function_v2

sqlite3_create_module

sqlite3_create_module_v2

sqlite3_data_count

sqlite3_db_config

sqlite3_db_handle

sqlite3_db_mutex

sqlite3_db_status

sqlite3_declare_vtab

sqlite3_enable_shared_cache

sqlite3_errcode

sqlite3_errmsg

sqlite3_errmsg16

sqlite3_exec

sqlite3_extended_errcode

sqlite3_extended_result_codes

sqlite3_file_control

sqlite3_finalize

sqlite3_free

sqlite3_free_table

sqlite3_get_autocommit

sqlite3_get_auxdata

sqlite3_get_table

sqlite3_interrupt

sqlite3_last_insert_rowid

sqlite3_libversion

sqlite3_libversion_number

sqlite3_limit

sqlite3_log

sqlite3_malloc

sqlite3_memory_highwater

sqlite3_memory_used

sqlite3_mprintf

sqlite3_mutex_alloc

sqlite3_mutex_enter

sqlite3_mutex_free

sqlite3_mutex_leave

sqlite3_mutex_try

sqlite3_next_stmt

sqlite3_open

sqlite3_open16

sqlite3_open_v2

sqlite3_overload_function

sqlite3_prepare

sqlite3_prepare16

sqlite3_prepare16_v2

sqlite3_prepare_v2

sqlite3_profile

sqlite3_progress_handler

sqlite3_randomness

sqlite3_realloc

sqlite3_release_memory

sqlite3_reset

sqlite3_result_blob

sqlite3_result_double

sqlite3_result_error

sqlite3_result_error16

sqlite3_result_error_code

sqlite3_result_error_nomem

sqlite3_result_error_toobig

sqlite3_result_int

sqlite3_result_int64

sqlite3_result_null

sqlite3_result_text

sqlite3_result_text16

sqlite3_result_text16be

sqlite3_result_text16le

sqlite3_result_value

sqlite3_result_zeroblob

sqlite3_rollback_hook

sqlite3_set_authorizer

sqlite3_set_auxdata

sqlite3_sleep

sqlite3_snprintf

sqlite3_soft_heap_limit

sqlite3_soft_heap_limit64

sqlite3_sourceid

sqlite3_sql

sqlite3_status

sqlite3_step

sqlite3_stmt_readonly

sqlite3_stmt_status

sqlite3_strnicmp

sqlite3_table_column_metadata

sqlite3_test_control

sqlite3_thread_cleanup

sqlite3_threadsafe

sqlite3_total_changes

sqlite3_trace

sqlite3_update_hook

sqlite3_user_data

sqlite3_value_blob

sqlite3_value_bytes

sqlite3_value_bytes16

sqlite3_value_double

sqlite3_value_int

sqlite3_value_int64

sqlite3_value_numeric_type

sqlite3_value_text

sqlite3_value_text16

sqlite3_value_text16be

sqlite3_value_text16le

sqlite3_value_type

sqlite3_vfs_find

sqlite3_vfs_register

sqlite3_vfs_unregister

sqlite3_vmprintf

sqlite3_wal_autocheckpoint

sqlite3_wal_checkpoint

sqlite3_wal_hook

Sections

.text
Size: 360KB - Virtual size: 359KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

avgopensslx.dll

.dll windows:5 windows x86 arch:x86

bfaeda3857e0790810f7cee46b525e9b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

Extended Key Usages

ExtKeyUsageServerAuth

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

49:84:48:9d:ec:62:00:de:ce:ad:93:d4:73:2c:ab:ca
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2012, 00:00

Not After

05/01/2015, 23:59

Subject

CN=AVG Technologies CZ\, s.r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AVG Technologies CZ\, s.r.o.,L=Brno,ST=Jihomoravsky kraj,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

8f:1b:ea:85:15:b6:32:95:03:32:28:6d:71:5f:95:21:a3:fc:05:53
Signer

Actual PE Digest

8f:1b:ea:85:15:b6:32:95:03:32:28:6d:71:5f:95:21:a3:fc:05:53

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

d:\nightly\sandbox_avg_vc10_HotFix2013-16\source\build\avg_client_ru_dls_win32_vs100\bin\Release_Unicode_DLS_vs100\Win32\avgopensslx.pdb

Imports

ws2_32

shutdown

recv

WSASetLastError

closesocket

WSAGetLastError

send

kernel32

GetSystemTimeAsFileTime

DecodePointer

InterlockedExchange

Sleep

InterlockedCompareExchange

TerminateProcess

GetCurrentProcess

MultiByteToWideChar

GetLastError

FlushConsoleInputBuffer

GetStdHandle

SetLastError

UnhandledExceptionFilter

EncodePointer

GetCurrentProcessId

GetCurrentThreadId

GetTickCount

QueryPerformanceCounter

IsDebuggerPresent

SetUnhandledExceptionFilter

avgntopensslx

BN_CTX_new

BN_nnmod

BN_CTX_free

BN_clear_free

BN_bin2bn

sk_free

sk_pop_free

BUF_strdup

BIO_free_all

sk_value

sk_new_null

sk_num

sk_find

sk_push

lh_retrieve

lh_insert

lh_new

lh_free

CRYPTO_new_ex_data

BIO_snprintf

ERR_print_errors_cb

CRYPTO_free_ex_data

CRYPTO_lock

X509_get_default_cert_dir

X509_get_default_cert_dir_env

sk_new

X509_NAME_hash

d2i_X509_CRL_bio

X509_get_default_cert_file_env

ERR_peek_last_error

d2i_X509_bio

X509_CRL_free

X509_INFO_free

PEM_X509_INFO_read_bio

X509_get_default_cert_file

X509_STORE_add_crl

PEM_read_bio_X509_CRL

ERR_clear_error

X509_STORE_add_cert

X509_free

PEM_read_bio_X509_AUX

X509_LOOKUP_ctrl

X509_STORE_add_lookup

X509_verify_cert

X509_STORE_CTX_init

X509_STORE_CTX_cleanup

EVP_CIPHER_block_size

EVP_MD_size

EVP_CIPHER_flags

EVP_MD_CTX_md

EVP_MD_CTX_destroy

EVP_Cipher

EVP_CIPHER_CTX_cipher

EVP_CIPHER_CTX_flags

CRYPTO_memcmp

ssl23_write_bytes

ssl23_read_bytes

EVP_CIPHER_iv_length

EVP_CIPHER_key_length

ssl_verify_cert_chain

ssl_sess_cert_new

ssl_set_peer_cert_type

EVP_SignFinal

X509_get_pubkey

CRYPTO_add_lock

ssl_sess_cert_free

EVP_PKEY_free

sk_set_cmp_func

RSA_public_encrypt

EVP_MD_CTX_copy

EVP_CIPHER_CTX_key_length

BIO_read

EVP_CIPHER_CTX_block_size

SHA384_Init

MD5_Transform

EVP_DigestFinal

SHA512_Init

MD5_Init

SHA256_Init

SHA256_Transform

SHA1_Init

SHA224_Init

EVP_MD_type

SHA1_Transform

SHA512_Transform

DH_generate_key

EC_KEY_get0_public_key

EVP_PKEY_CTX_ctrl

DHparams_dup

EC_KEY_set_public_key

DH_free

BIO_push

EC_KEY_set_group

EVP_PKEY_size

EVP_get_digestbyname

RSA_free

EVP_PKEY_sign

EVP_DigestInit

ENGINE_load_ssl_client_cert

X509_NAME_free

X509_NAME_cmp

EVP_PKEY_encrypt

DH_compute_key

EVP_PKEY_sign_init

ECDH_compute_key

EC_KEY_generate_key

EC_KEY_new

ECDSA_sign

EVP_MD_CTX_set_flags

EC_GROUP_get_degree

EVP_PKEY_CTX_new

BUF_memdup

EVP_sha256

RSA_size

EC_KEY_free

EC_POINT_oct2point

X509_certificate_type

EVP_MD_CTX_create

EC_POINT_free

EVP_Digest

BN_bn2bin

DH_size

d2i_X509_NAME

EC_POINT_new

EC_POINT_point2oct

EC_GROUP_new_by_curve_name

EVP_PKEY_encrypt_init

EVP_PKEY_missing_parameters

EVP_VerifyFinal

RSA_new

DH_new

DSA_sign

EC_KEY_get0_group

SSL_get_client_CA_list

RSA_sign

EVP_PKEY_CTX_free

EC_GROUP_free

EVP_PKEY_derive_set_peer

COMP_CTX_new

EVP_CipherInit_ex

COMP_CTX_free

BIO_s_mem

EVP_MD_CTX_copy_ex

RSAPrivateKey_dup

ssl_cert_inst

EC_KEY_dup

EC_KEY_up_ref

EVP_CIPHER_CTX_iv_length

COMP_compress_block

COMP_expand_block

EVP_sha512

EVP_sha224

EVP_sha384

CRYPTO_mem_ctrl

sk_dup

EVP_PKEY_asn1_get0_info

COMP_zlib

EVP_enc_null

sk_sort

BIO_test_flags

ssl_cert_free

sk_zero

X509_VERIFY_PARAM_inherit

OBJ_obj2nid

ssl_cert_new

X509_EXTENSION_free

EVP_PKEY_bits

BIO_f_buffer

OBJ_find_sigid_algs

X509_STORE_free

OBJ_bsearch_

X509_VERIFY_PARAM_free

ssl_cert_dup

X509_STORE_new

BIO_pop

SSL_get_ex_data_X509_STORE_CTX_idx

BIO_get_retry_reason

X509_VERIFY_PARAM_new

OCSP_RESPID_free

X509_check_private_key

X509_check_purpose

lh_num_items

PEM_read_bio_PrivateKey

RSA_flags

EVP_PKEY_copy_parameters

d2i_PrivateKey_bio

lh_delete

lh_doall_arg

EVP_DigestSignFinal

EVP_CIPHER_CTX_new

EVP_DigestSignInit

EVP_CIPHER_CTX_ctrl

EVP_PKEY_new_mac_key

i2d_OCSP_RESPID

i2d_X509_EXTENSIONS

ssl_add_clienthello_renegotiate_ext

ssl_parse_serverhello_renegotiate_ext

BN_dup

AvgAddSslCiphers

BN_new

BN_mod_mul

BN_mod_add

BN_mod_sub

BN_cmp

BN_mod_exp

BN_num_bits

EVP_sha1

BN_free

RAND_bytes

OPENSSL_issetugid

d2i_X509

i2d_X509

OBJ_nid2sn

EVP_md5

ENGINE_finish

RAND_pseudo_bytes

EVP_EncryptInit_ex

CRYPTO_malloc

BUF_MEM_new

EVP_CIPHER_CTX_init

BUF_strlcat

EVP_PKEY_asn1_find_str

EVP_get_cipherbyname

EVP_DecryptInit_ex

CRYPTO_free

EVP_CIPHER_CTX_cleanup

BIO_write

ERR_peek_error

BUF_MEM_grow_clean

PEM_ASN1_read_bio

BIO_free

BUF_MEM_grow

BUF_MEM_free

RAND_add

EVP_DigestFinal_ex

OPENSSL_cleanse

EVP_MD_CTX_cleanup

EVP_DigestInit_ex

OpenSSLDie

EVP_DigestUpdate

EVP_MD_CTX_init

BIO_int_ctrl

BIO_clear_flags

BIO_ctrl

BIO_new

ERR_add_error_data

ERR_put_error

BIO_set_flags

BUF_strlcpy

RSA_verify

msvcr100

fread

fopen

fgets

_errno

_wfopen

fflush

memset

memcpy

_except_handler4_common

_onexit

_lock

__dllonexit

_unlock

__clean_type_info_names_internal

_crt_debugger_hook

__CppXcptFilter

_amsg_exit

_initterm_e

_initterm

_encoded_null

free

_malloc_crt

_time64

memmove

_getch

signal

fputs

strchr

_stat64i32

getenv

fprintf

__iob_func

strncmp

strncpy

fclose

fseek

ftell

_setmode

fwrite

ferror

_fileno

feof

Exports

BIO_new_file

EVP_read_pw_string_min

PEM_ASN1_read

PEM_read_X509

RAND_file_name

RAND_load_file

SSL_CIPHER_get_name

SSL_CTX_add_session

SSL_CTX_callback_ctrl

SSL_CTX_check_private_key

SSL_CTX_ctrl

SSL_CTX_flush_sessions

SSL_CTX_free

SSL_CTX_get_cert_store

SSL_CTX_load_verify_locations

SSL_CTX_new

SSL_CTX_set_cert_verify_callback

SSL_CTX_set_cipher_list

SSL_CTX_set_default_passwd_cb

SSL_CTX_set_default_passwd_cb_userdata

SSL_CTX_set_verify

SSL_CTX_use_PrivateKey

SSL_CTX_use_PrivateKey_file

SSL_CTX_use_certificate

SSL_CTX_use_certificate_chain_file

SSL_CTX_use_certificate_file

SSL_SESSION_free

SSL_SESSION_new

SSL_clear

SSL_connect

SSL_ctrl

SSL_free

SSL_get1_session

SSL_get_certificate

SSL_get_ciphers

SSL_get_current_cipher

SSL_get_error

SSL_get_peer_cert_chain

SSL_get_peer_certificate

SSL_get_privatekey

SSL_get_verify_result

SSL_library_init

SSL_new

SSL_peek

SSL_pending

SSL_read

SSL_set_bio

SSL_set_connect_state

SSL_set_fd

SSL_set_session

SSL_set_ssl_method

SSL_shutdown

SSL_use_PrivateKey

SSL_use_certificate

SSL_write

SSLv23_client_method

SSLv2_client_method

SSLv3_client_method

SSLv3_enc_data

TLSv1_client_method

TLSv1_enc_data

UI_free

UI_new_method

UI_process

UI_set_result

X509_LOOKUP_file

X509_STORE_load_locations

X509_load_cert_crl_file

X509_load_cert_file

X509_load_crl_file

n_ssl3_mac

ssl23_connect

ssl23_default_timeout

ssl23_get_cipher

ssl23_get_cipher_by_char

ssl23_num_ciphers

ssl23_peek

ssl23_put_cipher_by_char

ssl23_read

ssl23_write

ssl2_callback_ctrl

ssl2_ciphers

ssl2_clear

ssl2_connect

ssl2_ctrl

ssl2_ctx_callback_ctrl

ssl2_ctx_ctrl

ssl2_default_timeout

ssl2_do_write

ssl2_enc_init

ssl2_free

ssl2_generate_key_material

ssl2_get_cipher

ssl2_get_cipher_by_char

ssl2_mac

ssl2_new

ssl2_num_ciphers

ssl2_part_read

ssl2_peek

ssl2_pending

ssl2_put_cipher_by_char

ssl2_read

ssl2_set_certificate

ssl2_shutdown

ssl2_version_str

ssl2_write

ssl2_write_error

ssl3_alert_code

ssl3_callback_ctrl

ssl3_cert_verify_mac

ssl3_change_cipher_state

ssl3_check_cert_and_algorithm

ssl3_check_finished

ssl3_ciphers

ssl3_cleanup_key_block

ssl3_clear

ssl3_client_hello

ssl3_connect

ssl3_ctrl

ssl3_ctx_callback_ctrl

ssl3_ctx_ctrl

ssl3_default_timeout

ssl3_digest_cached_records

ssl3_dispatch_alert

ssl3_do_change_cipher_spec

ssl3_do_compress

ssl3_do_uncompress

ssl3_do_write

ssl3_enc

ssl3_final_finish_mac

ssl3_finish_mac

ssl3_free

ssl3_free_digest_list

ssl3_generate_master_secret

ssl3_get_cert_status

ssl3_get_certificate_request

ssl3_get_cipher

ssl3_get_cipher_by_char

ssl3_get_finished

ssl3_get_key_exchange

ssl3_get_message

ssl3_get_new_session_ticket

ssl3_get_server_certificate

ssl3_get_server_done

ssl3_get_server_hello

ssl3_init_finished_mac

ssl3_new

ssl3_num_ciphers

ssl3_output_cert_chain

ssl3_peek

ssl3_pending

ssl3_put_cipher_by_char

ssl3_read

ssl3_read_bytes

ssl3_read_n

ssl3_release_read_buffer

ssl3_release_write_buffer

ssl3_renegotiate

ssl3_renegotiate_check

ssl3_send_alert

ssl3_send_client_certificate

ssl3_send_client_key_exchange

ssl3_send_client_verify

ssl3_send_finished

ssl3_setup_key_block

ssl3_setup_read_buffer

ssl3_setup_write_buffer

ssl3_shutdown

ssl3_undef_enc_method

ssl3_version_str

ssl3_write

ssl3_write_bytes

ssl3_write_pending

ssl_add_clienthello_tlsext

ssl_bytes_to_cipher_list

ssl_cert_type

ssl_check_serverhello_tlsext

ssl_check_srvr_ecc_cert_and_alg

ssl_cipher_get_evp

ssl_cipher_list_to_bytes

ssl_cipher_ptr_id_cmp

ssl_clear_bad_session

ssl_clear_cipher_ctx

ssl_clear_hash_ctx

ssl_create_cipher_list

ssl_free_wbio_buffer

ssl_get_new_session

ssl_init_wbio_buffer

ssl_load_ciphers

ssl_ok

ssl_parse_serverhello_tlsext

ssl_prepare_clienthello_tlsext

ssl_undefined_const_function

ssl_undefined_function

ssl_undefined_void_function

ssl_update_cache

ssl_verify_alarm_type

tls1_alert_code

tls1_cert_verify_mac

tls1_change_cipher_state

tls1_clear

tls1_default_timeout

tls1_enc

tls1_final_finish_mac

tls1_free

tls1_generate_master_secret

tls1_mac

tls1_new

tls1_setup_key_block

tls1_version_str

x509_dir_lookup

x509_file_lookup

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

avgsched.dll

.dll windows:5 windows x86 arch:x86

fbea52830b2a254c2115c801cfadcc4e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

Extended Key Usages

ExtKeyUsageServerAuth

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

49:84:48:9d:ec:62:00:de:ce:ad:93:d4:73:2c:ab:ca
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2012, 00:00

Not After

05/01/2015, 23:59

Subject

CN=AVG Technologies CZ\, s.r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AVG Technologies CZ\, s.r.o.,L=Brno,ST=Jihomoravsky kraj,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

3c:28:a8:26:ea:db:88:b4:75:fb:f0:d7:e0:43:d7:69:44:c1:b4:48
Signer

Actual PE Digest

3c:28:a8:26:ea:db:88:b4:75:fb:f0:d7:e0:43:d7:69:44:c1:b4:48

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

d:\nightly\sandbox_avg_vc10_AVG2013_SP1_RR\source\build\avg_client_ru_dls_win32_vs100\bin\Release_Unicode_DLS_vs100\Win32\avgsched.pdb

Imports

kernel32

SetLastError

DisableThreadLibraryCalls

GetLastError

WaitForMultipleObjectsEx

GetSystemTimeAsFileTime

GetCurrentThreadId

GetTickCount

QueryPerformanceCounter

IsDebuggerPresent

SetUnhandledExceptionFilter

UnhandledExceptionFilter

GetCurrentProcess

TerminateProcess

InterlockedCompareExchange

Sleep

InterlockedExchange

DecodePointer

EncodePointer

GetCurrentProcessId

ntdll

ZwSetInformationFile

RtlFreeUnicodeString

ZwSetInformationThread

ZwFlushBuffersFile

ZwOpenFile

ZwWriteFile

ZwCancelIoFile

ZwMapViewOfSection

ZwFlushVirtualMemory

ZwUnmapViewOfSection

ZwCreateSection

ZwQueryInformationFile

ZwCreateFile

ZwCreateNamedPipeFile

RtlInitUnicodeString

ZwReadFile

ZwFsControlFile

RtlCreateUnicodeString

RtlFreeHeap

RtlReAllocateHeap

ZwQuerySystemInformation

ZwQueryInformationProcess

ZwOpenProcess

ZwQueryVirtualMemory

ZwReadVirtualMemory

RtlAllocateHeap

ZwCreateEvent

ZwWaitForSingleObject

RtlNtStatusToDosError

ZwClose

ZwSetEvent

avgsysx

?InitializeEnvironment@AvgEnvironment@@YGHXZ

?DestroyEnvironment@AvgEnvironment@@YGXXZ

?AvgCreateErrorCodeFromWin32@@YGHW4_AvgErrorCodeSeverity@@K@Z

?Reset@AvgBasEvent@@QAGHXZ

?Set@AvgBasEvent@@QAGHXZ

?Wait@AvgBasEvent@@QAGHH@Z

?Create@AvgBasEvent@@QAGHW4ResetType@1@_N@Z

?AvgConvertAvgTimeToStruct@@YGHAAUAvgTimeStruct@@_K@Z

?AvgMemXor@@YGXPAEPBEI@Z

??0AvgTimeStruct@@QAE@XZ

?DirectoryExists@AvgBasFs@@YGHPB_W@Z

?AvgFormatStringV@@YGHW4AvgCodePage@@PA_WIPB_WPAIPAD@Z

?AvgGetLocalTime@@YGHAA_K@Z

?AvgGetLocalTime@@YGHAAUAvgTimeStruct@@@Z

?Release@AvgBasCriticalSection@@QAGHXZ

?Acquire@AvgBasCriticalSection@@QAGHXZ

?Create@AvgBasCriticalSection@@QAGHXZ

??1AvgBasCriticalSection@@QAE@XZ

??0AvgBasCriticalSection@@QAE@XZ

?AvgGetSystemTime@@YGHAA_K@Z

?AvgCompareString@@YGHPB_W0II@Z

?AvgPrintV@@YGHPB_WPAD@Z

?GetProcessExitCode@AvgBasWinProcess@@QAGHAAH@Z

?Create@AvgBasWinProcess@@QAGHPB_W0PAVAvgSecurityCtx@@1W4CreationFlags@1@0@Z

??0AvgBasWinProcess@@QAE@XZ

?AvgGenerateRandomBuffer@@YGXPAEI@Z

?AvgCompareStringNoCase@@YGHW4AvgCodePage@@PB_W1II@Z

?GetCurrentProcessId@AvgProcess@@YGKXZ

?GetSystemUpTime@AvgEnvironment@@YGHAA_K@Z

?StopThread@AvgBasThread@@QAGHH@Z

?StartThread@AvgBasThread@@QAGHW4AvgPriority@@PAVAvgSecurityCtx@@V?$AvgFlags@W4ThreadFlag@AvgBasThread@@@@PBD@Z

?Initialize@AvgBasThread@@QAGHPAVAvgBasEvent@@@Z

?WaitForProcessToStop@AvgBasWinProcess@@QAGHH@Z

?Assign@AvgGuidUtils@@YGXAAU_AvgGuid@@QBE@Z

?Parse@AvgGuidUtils@@YGHAAU_AvgGuid@@PB_W@Z

?GetOsInfoData@AvgEnvironment@@YGABUOsInfoData@1@XZ

?AvgGenerateRandomDWord@@YGKXZ

?AvgConvertStructToAvgTime@@YGHAA_KABUAvgTimeStruct@@@Z

?AvgFindSubStringFromRight@@YGPB_WPB_W0II@Z

?GetUserByProcessId@AvgEnvironment@@YGHAAV?$IAvgString@_W$0A@@@K@Z

?Destroy@AvgBasWaitable@@UAGHXZ

?IsStopRequested@AvgBasThread@@QAG_NXZ

?GetThreadStopRequestEvent@AvgBasThread@@QAGAAVAvgBasEvent@@XZ

?Cleanup@AvgBasThread@@MAGXXZ

?AvgDestroySysMini@@YGXXZ

??0AvgSpinLockLocker@@QAE@PAUAvgSpinLock@@_N@Z

??1AvgSpinLockLocker@@QAE@XZ

?IsPathRooted@AvgBasPath@@YG_NPB_WI@Z

?GetRandomNameSize@AvgBasPath@@YGIXZ

?GetRandomName@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PAI@Z

?GetDirectoryPathFromFilenamePath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?GetTempDirPath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PAI@Z

?GetFullPath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?Sleep@AvgBasThread@@SGHH@Z

?GetSpecialFolder@AvgEnvironment@@YGHW4SpecialFolder@1@AAV?$IAvgString@_W$0A@@@@Z

??0AvgBasWinRegistryHandle@@QAE@W4AvgBasWinRegistryRootType@@@Z

??1AvgBasWinRegistryHandle@@QAE@XZ

?OpenKeyIfExists@AvgBasWinRegistryHandle@@QAGHABU?$AvgStringRefBase@_W$0A@@@@Z

?IsWow64ViewModeSupported@AvgBasWinRegistryHandle@@SG_NXZ

?SetViewMode@AvgBasWinRegistryHandle@@QAGHV?$AvgFlags@W4AvgBasWinRegistryViewModeValues@@@@@Z

?GetStringValue@AvgBasWinRegistryHandle@@QAGHAAV?$IAvgString@_W$0A@@@ABU?$AvgStringRefBase@_W$0A@@@@Z

?CloseKey@AvgBasWinRegistryHandle@@QAGXXZ

?AvgGetStringSizeInElements@@YGIPB_W@Z

?GetMaxPathLength@AvgEnvironment@@YGHAAIPB_W@Z

??0AvgBasSharedLibraryLoader@@QAE@PB_W@Z

?AttachTo@AvgBasSharedLibraryLoader@@QAGHPBDPCRAX@Z

?AvgBufferXor@@YGXPAEPBEI1I_J@Z

?GetValue@AvgUtf16CharHeapBuffer@@QBGPB_WXZ

?GetSize@AvgUtf16CharHeapBuffer@@QBGIXZ

??1AvgUtf16CharHeapBuffer@@QAE@XZ

??0AvgUtf16CharHeapBuffer@@QAE@XZ

?AvgBasGetStackFrameModulePath@@YGHAAV?$IAvgString@_W$0A@@@ABUAvgBasStackFrameX86@@@Z

?ConvertNtPathToDosPath@AvgWinGlobalSymlinks@@QAGHAAVAvgUtf16CharHeapBuffer@@PB_WI@Z

?Initialize@AvgWinGlobalSymlinks@@QAGHW4SymlinksType@1@@Z

??1AvgWinGlobalSymlinks@@QAE@XZ

??0AvgWinGlobalSymlinks@@QAE@XZ

?IsWindowsXPOrHigher@OsInfo@AvgEnvironment@@YG_NXZ

?AvgCreateErrorCodeFromWin32@@YGHK@Z

?GetHandle@AvgBasWaitable@@IBGPAXXZ

?GetForward@AvgBasWaitable@@IBGPAV1@XZ

?GetResourceType@AvgBasWaitable@@IBG?AW4AvgBasWaitableResourceType@@XZ

?GetThreadExitCode@AvgBasThread@@QAGHAAH@Z

?AvgConvertLocalTimeToSystemTime@@YGHAAUAvgTimeStruct@@@Z

?Initialize@AvgWinSecurityIdentifier@@QAGHW4WellKnownSidType@1@PBV1@@Z

?Assign@AvgWinSecurityDescriptor@@QAGHABVAvgSecurityCtx@@@Z

?AddDaclAce@AvgWinSecurityDescriptor@@QAGHABVAvgWinAce@@@Z

?IsInitialized@AvgBasCriticalSection@@QBG_NXZ

?Release@AvgBasMutex@@QAGHXZ

?Acquire@AvgBasMutex@@QAGHH@Z

?Create@AvgBasMutex@@QAGH_N@Z

?IsInitialized@AvgBasWaitable@@QBG_NXZ

?WaitForThreadToStop@AvgBasThread@@QAGHH@Z

?AddDaclAce@AvgWinSecurityDescriptor@@QAGHW4WellKnownSidType@AvgWinSecurityIdentifier@@HW4Type@AvgWinAce@@V?$AvgFlags@W4FlagsValues@AvgWinAce@@@@@Z

?AvgGetTimestamp@@YGKXZ

?FreeResource@AvgBasWaitable@@IAGHXZ

?ParseWinSecDes@AvgWinSecurityDescriptor@@KGHAAV1@PBXV?$AvgFlags@W4InformationValues@AvgWinSecurityDescriptor@@@@@Z

?ReleaseClonedObject@AvgWinSecurityDescriptor@@UAEXXZ

?ClearSecurityAttributes@AvgWinSecurityDescriptor@@QAGXXZ

?CloneImpl@AvgWinSecurityDescriptor@@MBEHAAPAVAvgSecurityCtx@@@Z

?GetInformationType@AvgWinSecurityDescriptor@@QBG?AV?$AvgFlags@W4InformationValues@AvgWinSecurityDescriptor@@@@XZ

?InternalWait@AvgBasWaitable@@IAGHH@Z

?Destroy@AvgBasCriticalSection@@QAGHXZ

?GetCurrentSessionId@AvgEnvironment@@YGHAAK@Z

?GetCurrentThreadId@AvgBasThread@@SGKXZ

?CreateLuid@AvgGuidUtils@@YGHAAU_AvgGuid@@@Z

?Assign@AvgGuidUtils@@YGXAAU_AvgGuid@@ABU2@@Z

?GetCurrentModuleHandle@AvgProcess@@YGPAXXZ

?SetAttributes@AvgBasFs@@YGHABVAttributes@1@PB_W@Z

??1AvgBasSharedLibraryLoader@@UAE@XZ

?Load@AvgBasSharedLibraryLoader@@QAGHPB_W@Z

?Unload@AvgBasSharedLibraryLoader@@UAGXXZ

?AvgInitializeSysMini@@YGHXZ

?GetModuleDirectory@AvgModule@@YGHPAXAAU_AVG_UTF16CHAR_STR@@PAI@Z

?GetString@AvgGuidUtils@@YGHABU_AvgGuid@@AAU_AVG_UTF16CHAR_STR@@@Z

?GetSecurityDescriptor@AvgWinSecurityDescriptor@@QAGHAAPAX@Z

?AvgWinZwOpenFile@@YGHPB_WPAPAXKPAU_IO_STATUS_BLOCK@@KK@Z

?AvgNtdll_RtlDosPathNameToNtPathName_T_EliminateDosDevice@@YGHPB_WPAU_UNICODE_STRING@@@Z

msvcr100

_CxxThrowException

memset

memcpy

?_type_info_dtor_internal_method@type_info@@QAEXXZ

?terminate@@YAXXZ

__clean_type_info_names_internal

_except_handler4_common

_crt_debugger_hook

__CxxFrameHandler3

__CppXcptFilter

_amsg_exit

_initterm_e

_initterm

_encoded_null

free

_malloc_crt

_onexit

_lock

__dllonexit

_unlock

??2@YAPAXI@Z

??3@YAXPAX@Z

_purecall

??_V@YAXPAX@Z

memmove

Exports

??0_Mutex@std@@QAE@W4_Uninitialized@1@@Z

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

GetAvgObject

GetLockCount

Sections

.text
Size: 360KB - Virtual size: 359KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

avgsecapix.dll

.dll windows:5 windows x86 arch:x86

5f994b6ad8fb39e59035af630f3941e9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

Extended Key Usages

ExtKeyUsageServerAuth

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

49:84:48:9d:ec:62:00:de:ce:ad:93:d4:73:2c:ab:ca
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2012, 00:00

Not After

05/01/2015, 23:59

Subject

CN=AVG Technologies CZ\, s.r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AVG Technologies CZ\, s.r.o.,L=Brno,ST=Jihomoravsky kraj,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7f:33:27:dd:a7:82:ac:66:27:68:f0:22:46:d2:e0:f3:79:7d:f4:84
Signer

Actual PE Digest

7f:33:27:dd:a7:82:ac:66:27:68:f0:22:46:d2:e0:f3:79:7d:f4:84

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

d:\nightly\sandbox_avg_vc10_SmallUpdate2013-04_Release\source\build\avg_client_ru_dls_win32_vs100\bin\Release_Unicode_DLS_vs100\Win32\avgsecapix.pdb

Imports

avgsysx

??0AvgBasSharedLibraryLoader@@QAE@PB_W@Z

??1AvgBasSharedLibraryLoader@@UAE@XZ

?Load@AvgBasSharedLibraryLoader@@QAGHPB_W@Z

?Unload@AvgBasSharedLibraryLoader@@UAGXXZ

?AttachTo@AvgBasSharedLibraryLoader@@QAGHPBDPCRAX@Z

?Assign@AvgGuidUtils@@YGXAAU_AvgGuid@@ABU2@@Z

??0AvgBasWinRegistryHandle@@QAE@W4AvgBasWinRegistryRootType@@@Z

??1AvgBasWinRegistryHandle@@QAE@XZ

?OpenKeyIfExists@AvgBasWinRegistryHandle@@QAGHABU?$AvgStringRefBase@_W$0A@@@@Z

?IsDisabled@AvgBasWinWow64FsRedirection@@QAGHAA_N@Z

?IsWinInSafeMode@AvgEnvironment@@YG_NXZ

?SetParent@AvgBasWinRegistryHandle@@QAGXPAV1@@Z

?FileExists@AvgBasFs@@YGHPB_W@Z

?AvgLowerString@@YGHW4AvgCodePage@@PA_WIPB_WPAII@Z

?UnloadSharedLibraries@AvgBasObjectFactoryImpl@detail@@QAGX_N@Z

?GetAvgObject@AvgBasObjectFactoryImpl@detail@@QAGHABU_AvgGuid@@PAPAX@Z

?SetProgramPath@AvgBasObjectFactoryImpl@detail@@QAGHPB_W@Z

?Initialize@AvgBasObjectFactoryImpl@detail@@QAGHPBUAvgBasObjectFactoryMapping@@I@Z

??1AvgBasObjectFactoryImpl@detail@@QAE@XZ

??0AvgBasObjectFactoryImpl@detail@@QAE@XZ

?Wait@AvgBasEvent@@QAGHH@Z

?Create@AvgBasEvent@@QAGHW4ResetType@1@_N@Z

?AvgCreateErrorCodeFromWin32@@YGHW4_AvgErrorCodeSeverity@@K@Z

?GetHandle@AvgBasWaitable@@IBGPAXXZ

?GetDWordValue@AvgBasWinRegistryHandle@@QAGHAAKABU?$AvgStringRefBase@_W$0A@@@@Z

?OpenOrCreateKey@AvgBasWinRegistryHandle@@QAGHABU?$AvgStringRefBase@_W$0A@@@@Z

?SetParent@AvgBasWinRegistryHandle@@QAGHW4AvgBasWinRegistryRootType@@@Z

?GetOsInfoData@AvgEnvironment@@YGABUOsInfoData@1@XZ

?AvgCopyString@@YGHPA_WIPB_WI@Z

?GetRandomTempFileNameSize@AvgBasPath@@YGIXZ

?GetRandomTempFileName@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PAI@Z

?GetFullPath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?GetFilenameWithoutExtension@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?GetTempDirPath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PAI@Z

?GetDirectoryPathFromFilenamePath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?GetPathRoot@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WPAI@Z

?GetVolumeFromPath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?IsPathRooted@AvgBasPath@@YG_NPB_WI@Z

?GetFilename@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?GetString@AvgGuidUtils@@YGHABU_AvgGuid@@AAU_AVG_UTF16CHAR_STR@@@Z

?GetValue@AvgUtf16CharHeapBuffer@@QBGPB_WXZ

?GetSize@AvgUtf16CharHeapBuffer@@QBGIXZ

??1AvgUtf16CharHeapBuffer@@QAE@XZ

??0AvgUtf16CharHeapBuffer@@QAE@XZ

?AvgBasGetStackFrameModulePath@@YGHAAV?$IAvgString@_W$0A@@@ABUAvgBasStackFrameX86@@@Z

?Initialize@AvgWinGlobalSymlinks@@QAGHW4SymlinksType@1@@Z

??1AvgWinGlobalSymlinks@@QAE@XZ

??0AvgWinGlobalSymlinks@@QAE@XZ

?IsWow64ViewModeSupported@AvgBasWinRegistryHandle@@SG_NXZ

?AvgInitializeSysMini@@YGHXZ

?InitializeEnvironment@AvgEnvironment@@YGHXZ

?DestroyEnvironment@AvgEnvironment@@YGXXZ

?GetProcessExitCode@AvgBasWinProcess@@QAGHAAH@Z

?AvgCreateErrorCodeFromWin32@@YGHK@Z

?GetForward@AvgBasWaitable@@IBGPAV1@XZ

?GetResourceType@AvgBasWaitable@@IBG?AW4AvgBasWaitableResourceType@@XZ

?Destroy@AvgBasWaitable@@UAGHXZ

?GetMaxPathLength@AvgEnvironment@@YGHAAIPB_W@Z

?StopThread@AvgBasThread@@QAGHH@Z

?StartThread@AvgBasThread@@QAGHW4AvgPriority@@PAVAvgSecurityCtx@@V?$AvgFlags@W4ThreadFlag@AvgBasThread@@@@PBD@Z

?Initialize@AvgBasThread@@QAGHPAVAvgBasEvent@@@Z

?Cleanup@AvgBasThread@@MAGXXZ

?Initialize@AvgWinSecurityIdentifier@@QAGHW4WellKnownSidType@1@PBV1@@Z

?Assign@AvgWinSecurityDescriptor@@QAGHABVAvgSecurityCtx@@@Z

?AddDaclAce@AvgWinSecurityDescriptor@@QAGHABVAvgWinAce@@@Z

?Reset@AvgBasEvent@@QAGHXZ

?AvgGetSystemTime@@YGHAA_K@Z

?Release@AvgBasMutex@@QAGHXZ

?Acquire@AvgBasMutex@@QAGHH@Z

?Create@AvgBasMutex@@QAGH_N@Z

?IsInitialized@AvgBasWaitable@@QBG_NXZ

?Initialize@AvgWinMandatoryLabel@@QAGHW4Label@1@V?$AvgFlags@W4FlagsValues@AvgWinMandatoryLabel@@@@@Z

?Assign@AvgUtf16CharHeapBuffer@@QAGHPB_WI@Z

?AppendDescriptorToObject@AvgWinSecurity@@YGHAAVAvgWinSecurityDescriptor@@ABVAvgWinObject@@_N@Z

?CreateDir@AvgBasFs@@YGHPB_W_NPAVAvgSecurityCtx@@@Z

?Initialize@AvgWinSecurityDescriptor@@QAGHXZ

?AddDaclAce@AvgWinSecurityDescriptor@@QAGHW4WellKnownSidType@AvgWinSecurityIdentifier@@HW4Type@AvgWinAce@@V?$AvgFlags@W4FlagsValues@AvgWinAce@@@@@Z

?AvgGetTimestamp@@YGKXZ

?Swap@AvgUtf16CharHeapBuffer@@QAGXAAV1@@Z

?GetBuffer@AvgUtf16CharHeapBuffer@@QAGPA_WXZ

?Resize@AvgUtf16CharHeapBuffer@@QAGHI@Z

?AvgWinZwOpenFile@@YGHPB_WPAPAXKPAU_IO_STATUS_BLOCK@@KK@Z

?GetInternal@AvgUtf16CharHeapBuffer@@QAGAAU_AVG_UTF16CHAR_STR@@XZ

?ReserveElements@AvgUtf16CharHeapBuffer@@QAGHI@Z

?AvgNtdll_RtlDosPathNameToNtPathName_T_EliminateDosDevice@@YGHPB_WPAU_UNICODE_STRING@@@Z

?GetSecurityDescriptor@AvgWinSecurityDescriptor@@QAGHAAPAX@Z

?IsWindowsVistaOrHigher@OsInfo@AvgEnvironment@@YG_NXZ

?ParseWinSecDes@AvgWinSecurityDescriptor@@KGHAAV1@PBXV?$AvgFlags@W4InformationValues@AvgWinSecurityDescriptor@@@@@Z

?ReleaseClonedObject@AvgWinSecurityDescriptor@@UAEXXZ

?ClearSecurityAttributes@AvgWinSecurityDescriptor@@QAGXXZ

?CloneImpl@AvgWinSecurityDescriptor@@MBEHAAPAVAvgSecurityCtx@@@Z

?GetInformationType@AvgWinSecurityDescriptor@@QBG?AV?$AvgFlags@W4InformationValues@AvgWinSecurityDescriptor@@@@XZ

?FreeResource@AvgBasWaitable@@IAGHXZ

?CreateGuid@AvgGuidUtils@@YGHAAU_AvgGuid@@@Z

?GetUserByProcessId@AvgEnvironment@@YGHAAV?$IAvgString@_W$0A@@@K@Z

?IsNtfsVolume@AvgBasFs@@YGHPB_WAA_N_N@Z

?AvgFormatStringV@@YGHW4AvgCodePage@@PA_WIPB_WPAIPAD@Z

?AvgPrintV@@YGHPB_WPAD@Z

?SetStopRequest@AvgBasThread@@QAGHXZ

?GetThreadStopRequestEvent@AvgBasThread@@QAGAAVAvgBasEvent@@XZ

?GetThreadState@AvgBasThread@@QAGHAAW4ThreadState@1@@Z

?IsInitialized@AvgBasThread@@QBG_NXZ

?AvgMemXor@@YGXPAEPBEI@Z

?GetAttributes@AvgBasFs@@YGHAAVAttributes@1@PB_W@Z

?SetAttributes@AvgBasFs@@YGHABVAttributes@1@PB_W@Z

?AvgGenerateRandomBuffer@@YGXPAEI@Z

?Get@AvgMiniSuperFastHash@@QBGKXZ

?Add@AvgMiniSuperFastHash@@QAGXPBEI@Z

?Initialize@AvgMiniSuperFastHash@@QAGXXZ

??1AvgMiniSuperFastHash@@QAE@XZ

??0AvgMiniSuperFastHash@@QAE@XZ

?CreateLuid@AvgGuidUtils@@YGHAAU_AvgGuid@@@Z

?IsStopRequested@AvgBasThread@@QAG_NXZ

?AvgNtdll_ZwOpenProcessToken@@YGJPAXKPAPAX@Z

?Init@AvgThreadImpersonationGuard@@QAGHPAX@Z

?Clear@AvgThreadImpersonationGuard@@QAGXXZ

??1AvgThreadImpersonationGuard@@QAE@XZ

??0AvgThreadImpersonationGuard@@QAE@XZ

?GetSDDLFormStringFromSid@AvgWinSecurityIdentifier@@SGHPBXAAU_AVG_UTF16CHAR_STR@@PAI@Z

?CreateDir@AvgBasFs@@YGHPB_WPAVAvgSecurityCtx@@@Z

?Hash@AvgMiniSuperFastHash@@SGKPBE0K@Z

?SplitRegistryPath@AvgBasWinRegistryHandle@@SGHAAW4AvgBasWinRegistryRootType@@AAV?$IAvgString@_W$0A@@@AA_N1ABU?$AvgStringRefBase@_W$0A@@@@Z

?ValueExists@AvgBasWinRegistryHandle@@QAG_NABU?$AvgStringRefBase@_W$0A@@@@Z

?OpenRegistryRoot@AvgBasWinRegistryHandle@@QAGHW4AvgBasWinRegistryRootType@@@Z

?IsWindows8OrHigher@OsInfo@AvgEnvironment@@YG_NXZ

?GetWinUsernameSid@AvgEnvironment@@YGHAAV?$IAvgString@_W$0A@@@@Z

?GetSpecialFolderForUser@AvgEnvironment@@YGHW4SpecialFolder@1@AAV?$IAvgString@_W$0A@@@ABU?$AvgStringRefBase@_W$0A@@@@Z

?GetCurrentThreadId@AvgBasThread@@SGKXZ

?GetSpecialFolder@AvgEnvironment@@YGHW4SpecialFolder@1@AAV?$IAvgString@_W$0A@@@@Z

?WaitForThreadToStop@AvgBasThread@@QAGHH@Z

?Sleep@AvgBasThread@@SGHH@Z

?AvgCompareStringNoCase@@YGHW4AvgCodePage@@PB_W1II@Z

?AvgGetUtf162MbStringSize@@YGHAAIPB_WW4AvgCodePage@@I@Z

?AvgCompareString@@YGHPB_W0II@Z

?Parse@AvgGuidUtils@@YGHAAU_AvgGuid@@PB_W@Z

?AvgConvertUtf162MbString@@YGHPADIPB_WW4AvgCodePage@@PAII@Z

?DirectoryExists@AvgBasFs@@YGHPB_W@Z

?AvgNtdll_RtlDosPathNameToNtPathName_T_EliminateDosDevice@@YGHPB_WAAVAvgUtf16CharHeapBuffer@@@Z

?GetBinaryValue@AvgBasWinRegistryHandle@@QAGHAAV?$IAvgBuffer@E@@ABU?$AvgStringRefBase@_W$0A@@@@Z

?SetBinaryValue@AvgBasWinRegistryHandle@@QAGHPBEIABU?$AvgStringRefBase@_W$0A@@@@Z

?AvgConvertT2MbString@@YGHPADIPB_WW4AvgCodePage@@PAII@Z

?Get@AvgMiniHashCrc32@@QAGKXZ

?AvgGetT2MbStringSize@@YGHAAIPB_WW4AvgCodePage@@I@Z

?AvgNtdllIsTableInitialized@@YG_NXZ

??0AvgSpinLockLocker@@QAE@PAUAvgSpinLock@@_N@Z

??1AvgSpinLockLocker@@QAE@XZ

?Create@AvgBasCriticalSection@@QAGHXZ

?Acquire@AvgBasCriticalSection@@QAGHXZ

?Release@AvgBasCriticalSection@@QAGHXZ

?SaveKey@AvgBasWinRegistryHandle@@QAGHABU?$AvgStringRefBase@_W$0A@@@@Z

?EnablePrivilege@AvgBasWinRegistryHandle@@SGHW4AvgBasWinRegistryPrivilege@@_N@Z

?QueryValue@AvgBasWinRegistryHandle@@QAGHAAW4AvgBasWinRegistryValueType@@AAV?$IAvgBuffer@E@@ABU?$AvgStringRefBase@_W$0A@@@@Z

?GetThreadExitCode@AvgBasThread@@QAGHAAH@Z

?Enable@AvgBasWinWow64FsRedirection@@QAGHXZ

?KeyExists@AvgBasWinRegistryHandle@@QAG_NABU?$AvgStringRefBase@_W$0A@@@@Z

?CreateKey@AvgBasWinRegistryHandle@@QAGHABU?$AvgStringRefBase@_W$0A@@@@Z

?DeleteKey@AvgBasWinRegistryHandle@@QAGHABU?$AvgStringRefBase@_W$0A@@@_N@Z

?SetValue@AvgBasWinRegistryHandle@@QAGHW4AvgBasWinRegistryValueType@@PBEIABU?$AvgStringRefBase@_W$0A@@@@Z

?DeleteValue@AvgBasWinRegistryHandle@@QAGHABU?$AvgStringRefBase@_W$0A@@@@Z

??0AvgBasWinWow64FsRedirection@@QAE@XZ

??1AvgBasWinWow64FsRedirection@@QAE@XZ

?Disable@AvgBasWinWow64FsRedirection@@QAGHXZ

?IsSupported@AvgBasWinWow64FsRedirection@@QAG_NXZ

?AvgCopyString@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?Move@AvgBasFs@@YGHPB_W0W4FileOverwriteParamters@1@@Z

?CombinePaths@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_W1IIPAI@Z

?GetTempDirPath@AvgBasPath@@YGHAAVAvgUtf16CharHeapBuffer@@@Z

?Release@AvgSpinLockLocker@@QAGXXZ

?Create@AvgBasWinProcess@@QAGHPB_W0PAVAvgSecurityCtx@@1W4CreationFlags@1@0@Z

??0AvgBasWinProcess@@QAE@XZ

?WaitForProcessToStop@AvgBasWinProcess@@QAGHH@Z

?IsInitialized@AvgBasCriticalSection@@QBG_NXZ

?Destroy@AvgBasCriticalSection@@QAGHXZ

?Set@AvgBasEvent@@QAGHXZ

?AvgNtdllForceInitialize@@YGHXZ

?SetViewMode@AvgBasWinRegistryHandle@@QAGHV?$AvgFlags@W4AvgBasWinRegistryViewModeValues@@@@@Z

?GetStringValue@AvgBasWinRegistryHandle@@QAGHAAV?$IAvgString@_W$0A@@@ABU?$AvgStringRefBase@_W$0A@@@@Z

?CloseKey@AvgBasWinRegistryHandle@@QAGXXZ

??0AvgBasCriticalSection@@QAE@XZ

??1AvgBasCriticalSection@@QAE@XZ

?AvgConvertMb2Utf16String@@YGHPA_WIPBDW4AvgCodePage@@PAII@Z

?AvgGetMb2Utf16StringSize@@YGHAAIPBDW4AvgCodePage@@I@Z

?AvgGetStringSizeInElements@@YGIPB_W@Z

?AvgDestroySysMini@@YGXXZ

?AvgUpperString@@YGHW4AvgCodePage@@PA_WIPB_WPAII@Z

?AvgConvertNumber2String@@YGHPA_WIKHPAI@Z

?GetCurrentModuleHandle@AvgProcess@@YGPAXXZ

?Add@AvgMiniHashCrc32@@QAGXPBEI@Z

??1AvgMiniHashCrc32@@QAE@XZ

??0AvgMiniHashCrc32@@QAE@XZ

?Delete@AvgBasFs@@YGHPB_WV?$AvgFlags@W4FileDeleteFlagItems@AvgBasFs@@@@@Z

?ConvertSymlinkToValue@AvgWinGlobalSymlinks@@QAGHAAVAvgUtf16CharHeapBuffer@@W4SymlinksType@1@PB_WI@Z

?ConvertDosLetterToSymlink@AvgWinGlobalSymlinks@@QAGHAAVAvgUtf16CharHeapBuffer@@_W@Z

?GetSDDLFormString@AvgWinSecurityIdentifier@@QBGHAAU_AVG_UTF16CHAR_STR@@PAI@Z

?Initialize@AvgWinSecurityIdentifier@@QAGHPAX@Z

?AvgBufferXor@@YGXPAEPBEI1I_J@Z

?IsEmpty@AvgUtf16CharHeapBuffer@@QBG_NXZ

?Clear@AvgUtf16CharHeapBuffer@@QAGXXZ

?AvgWinConstructDllSearchPath@@YGHAAVAvgUtf16CharHeapBuffer@@ABU?$AvgStringRefBase@_W$0A@@@@Z

?GetModuleDirectory@AvgModule@@YGHPAXAAU_AVG_UTF16CHAR_STR@@PAI@Z

?AvgGetStringSizeInElements@@YGIPBD@Z

ntdll

ZwDuplicateObject

ZwCancelIoFile

ZwDeviceIoControlFile

LdrLoadDll

LdrGetProcedureAddress

RtlInitAnsiString

LdrUnloadDll

ZwOpenThreadToken

ZwOpenFile

ZwSetInformationThread

ZwCreateNamedPipeFile

RtlCreateUnicodeString

ZwQueryInformationToken

ZwDuplicateToken

RtlFreeHeap

RtlReAllocateHeap

RtlAllocateHeap

RtlInitUnicodeString

ZwCreateFile

RtlFreeUnicodeString

ZwWriteFile

ZwQueryInformationFile

ZwCreateSection

ZwFlushBuffersFile

ZwUnmapViewOfSection

ZwSetInformationFile

ZwQuerySystemInformation

ZwFlushVirtualMemory

ZwMapViewOfSection

ZwReadFile

ZwFsControlFile

ZwSetEvent

ZwWaitForSingleObject

ZwCreateEvent

ZwOpenProcess

ZwClose

RtlNtStatusToDosError

msvcr100

_CxxThrowException

__clean_type_info_names_internal

?_type_info_dtor_internal_method@type_info@@QAEXXZ

?terminate@@YAXXZ

_except_handler4_common

_crt_debugger_hook

_amsg_exit

_initterm_e

_initterm

_encoded_null

_malloc_crt

__CxxFrameHandler3

_onexit

_lock

__dllonexit

_unlock

memset

memcpy

free

??2@YAPAXI@Z

__CppXcptFilter

memmove

??_V@YAXPAX@Z

_purecall

??3@YAXPAX@Z

kernel32

FreeLibrary

GetDiskFreeSpaceExW

QueryDosDeviceW

GetLogicalDrives

GetDriveTypeW

LoadLibraryW

GetSystemTimeAsFileTime

GetCurrentProcessId

GetCurrentThreadId

GetTickCount

QueryPerformanceCounter

IsDebuggerPresent

SetUnhandledExceptionFilter

UnhandledExceptionFilter

TerminateProcess

InterlockedCompareExchange

Sleep

InterlockedExchange

DecodePointer

EncodePointer

WaitForMultipleObjectsEx

CloseHandle

CancelIo

DeviceIoControl

GetLastError

GetOverlappedResult

CreateFileW

GetProcAddress

GetCurrentProcess

IsProcessorFeaturePresent

ole32

CoInitialize

CoUninitialize

Exports

??0_Mutex@std@@QAE@W4_Uninitialized@1@@Z

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

AvgModuleFinish

AvgModuleInit

GetAvgObject

Sections

.text
Size: 757KB - Virtual size: 757KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

avgsrmax.exe

.exe windows:5 windows x86 arch:x86

0967a89bea984ee41591e3eb6c58b78e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

Extended Key Usages

ExtKeyUsageServerAuth

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

49:84:48:9d:ec:62:00:de:ce:ad:93:d4:73:2c:ab:ca
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2012, 00:00

Not After

05/01/2015, 23:59

Subject

CN=AVG Technologies CZ\, s.r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AVG Technologies CZ\, s.r.o.,L=Brno,ST=Jihomoravsky kraj,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

8a:11:bf:06:64:8e:45:07:17:b0:e2:0d:f7:48:3f:21:14:64:90:04
Signer

Actual PE Digest

8a:11:bf:06:64:8e:45:07:17:b0:e2:0d:f7:48:3f:21:14:64:90:04

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\build\user\sandbox_2013_0514_095407_SmallUpdate2013-04_Release_AvgVC10\source\build\avg_client_ru_dls_win32_vs100\bin\Release_Unicode_DLS_vs100\Win32\avgsrmax.pdb

Imports

kernel32

FileTimeToDosDateTime

CreateFileA

FreeLibrary

LoadLibraryW

GetFileAttributesA

GetLastError

GetProcAddress

CloseHandle

FileTimeToLocalFileTime

GetFileInformationByHandle

GetTempPathA

CreateEventW

GetCurrentThreadId

GetCurrentProcessId

CreateProcessW

WaitForMultipleObjects

CreateFileW

GetSystemTimeAsFileTime

GetTickCount

QueryPerformanceCounter

GetStartupInfoW

HeapSetInformation

InterlockedCompareExchange

Sleep

InterlockedExchange

DecodePointer

EncodePointer

WaitForMultipleObjectsEx

GetModuleHandleW

GetCurrentProcess

CancelIo

DeviceIoControl

GetOverlappedResult

SetUnhandledExceptionFilter

ntdll

ZwFlushVirtualMemory

ZwMapViewOfSection

ZwFsControlFile

ZwAllocateVirtualMemory

ZwFreeVirtualMemory

ZwSetEvent

ZwWriteFile

ZwWaitForSingleObject

ZwReadFile

RtlOpenCurrentUser

NtClose

ZwQueryInformationFile

ZwOpenFile

ZwCreateFile

RtlFreeUnicodeString

ZwSetInformationFile

RtlAllocateHeap

RtlReAllocateHeap

RtlFreeHeap

RtlNtStatusToDosError

ZwQueryVirtualMemory

RtlAddVectoredExceptionHandler

RtlRemoveVectoredExceptionHandler

ZwWaitForMultipleObjects

ZwUnmapViewOfSection

ZwCreateSection

RtlCreateUnicodeString

ZwCancelIoFile

ZwTerminateProcess

RtlAcquirePebLock

RtlReleasePebLock

ZwDuplicateObject

ZwClose

RtlInitUnicodeString

ZwCreateEvent

RtlCreateUserProcess

ZwResumeThread

ZwQuerySystemInformation

avgsysx

?Delete@AvgBasFs@@YGHPB_WV?$AvgFlags@W4FileDeleteFlagItems@AvgBasFs@@@@@Z

?GetFullName@Item@AvgBasFs@@QBGHABU?$AvgMutableStringRefBase@_W$0A@@@@Z

??1Item@AvgBasFs@@QAE@XZ

?AvgFormatStringV@@YGHW4AvgCodePage@@PA_WIPB_WPAIPAD@Z

?AvgGetSystemTime@@YGHAA_K@Z

?AvgPrintV@@YGHPB_WPAD@Z

?Initialize@AvgWinSecurityDescriptor@@QAGHXZ

?AddDaclAce@AvgWinSecurityDescriptor@@QAGHW4WellKnownSidType@AvgWinSecurityIdentifier@@HW4Type@AvgWinAce@@V?$AvgFlags@W4FlagsValues@AvgWinAce@@@@@Z

?AvgConvertStructToAvgTime@@YGHAA_KABUAvgTimeStruct@@@Z

?AvgConvertString2Number@@YGHAAGPB_WIHPAPB_W@Z

?AvgConvertString2Number@@YGHAAKPB_WIHPAPB_W@Z

?AvgGetUtf162MbStringSize@@YGHAAIPB_WW4AvgCodePage@@I@Z

?AvgMemXor@@YGXPAEPBEI@Z

?FileExists@AvgBasFs@@YGHPB_W@Z

?GetName@Item@AvgBasFs@@QBGPB_WXZ

?IsSupported@AvgBasWinWow64FsRedirection@@QAG_NXZ

??1AvgBasWinWow64FsRedirection@@QAE@XZ

??0AvgBasWinWow64FsRedirection@@QAE@XZ

?AvgGenerateRandomBuffer@@YGXPAEI@Z

?EnablePrivilege@AvgBasWinRegistryHandle@@SGHW4AvgBasWinRegistryPrivilege@@_N@Z

?UnLoadKey@AvgBasWinRegistryHandle@@QAGHABU?$AvgStringRefBase@_W$0A@@@@Z

?LoadKey@AvgBasWinRegistryHandle@@QAGHABU?$AvgStringRefBase@_W$0A@@@0@Z

?GetWinUsernameSid@AvgEnvironment@@YGHAAV?$IAvgString@_W$0A@@@@Z

?GetSpecialFolderForUser@AvgEnvironment@@YGHW4SpecialFolder@1@AAV?$IAvgString@_W$0A@@@ABU?$AvgStringRefBase@_W$0A@@@@Z

?AvgConvertUtf162MbString@@YGHPADIPB_WW4AvgCodePage@@PAII@Z

?AvgKernel32ForceInitialize@@YGXXZ

?UnloadSharedLibraries@AvgBasObjectFactoryImpl@detail@@QAGX_N@Z

?GetAvgObject@AvgBasObjectFactoryImpl@detail@@QAGHABU_AvgGuid@@PAPAX@Z

?SetProgramPath@AvgBasObjectFactoryImpl@detail@@QAGHPB_W@Z

?Initialize@AvgBasObjectFactoryImpl@detail@@QAGHPBUAvgBasObjectFactoryMapping@@I@Z

??1AvgBasObjectFactoryImpl@detail@@QAE@XZ

??0AvgBasObjectFactoryImpl@detail@@QAE@XZ

?Wait@AvgBasEvent@@QAGHH@Z

?Create@AvgBasEvent@@QAGHW4ResetType@1@_N@Z

?AvgCreateErrorCodeFromWin32@@YGHW4_AvgErrorCodeSeverity@@K@Z

?GetHandle@AvgBasWaitable@@IBGPAXXZ

?AvgCopyString@@YGHPA_WIPB_WI@Z

?GetNormalizedPath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?GetRandomTempFileNameSize@AvgBasPath@@YGIXZ

?GetRandomTempFileName@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PAI@Z

?GetFullPath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?GetFilenameWithoutExtension@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?GetTempDirPath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PAI@Z

?GetDirectoryPathFromFilenamePath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?IsPathRooted@AvgBasPath@@YG_NPB_WI@Z

??1AvgSpinLockLocker@@QAE@XZ

??0AvgSpinLockLocker@@QAE@PAUAvgSpinLock@@_N@Z

?AvgDestroySysMini@@YGXXZ

?AvgInitializeSysMini@@YGHXZ

?InitializeEnvironment@AvgEnvironment@@YGHXZ

?DestroyEnvironment@AvgEnvironment@@YGXXZ

?AvgBasGetStackFrameModulePath@@YGHAAV?$IAvgString@_W$0A@@@ABUAvgBasStackFrameX86@@@Z

?AvgCompareStringNoCase@@YGHW4AvgCodePage@@PB_W1II@Z

?AvgConvertString2Number@@YGHAAHPB_WIHPAPB_W@Z

?New@Impl@DirectoryEnumerator@AvgBasFs@@SGHAAPAU123@PB_W1V?$AvgFlags@W4DirectoryEnumerationFlagItems@AvgBasFs@@@@PAVAvgWinTransaction@@@Z

?Initialize@Item@AvgBasFs@@QAGHPBEIABU?$AvgStringRefBase@_W$0A@@@@Z

??0Item@AvgBasFs@@QAE@XZ

?AvgBufferXor@@YGXPAEPBEI1I_J@Z

?AvgNtdll_RtlDosPathNameToNtPathName_T_EliminateDosDevice@@YGHPB_WPAU_UNICODE_STRING@@@Z

?AppendDescriptorToObject@AvgWinSecurity@@YGHAAVAvgWinSecurityDescriptor@@ABVAvgWinObject@@_N@Z

?AvgUpperString@@YGHW4AvgCodePage@@PA_WIPB_WPAII@Z

?CombinePaths@AvgBasPath@@YGHABU?$AvgMutableStringRefBase@_W$0A@@@ABU?$AvgStringRefBase@_W$0A@@@1@Z

?OpenRegistryRoot@AvgBasWinRegistryHandle@@QAGHW4AvgBasWinRegistryRootType@@@Z

??0AvgBasWinRegistryHandle@@QAE@PAV0@@Z

?WinExpandString@AvgEnvironment@@YGHAAV?$IAvgString@_W$0A@@@PB_WPAX@Z

?GetEnvironmentVar@AvgEnvironment@@YGHPB_WAAV?$IAvgString@_W$0A@@@@Z

?GetChildrenEnumeratorImpl@AvgBasWinRegistryHandle@@AAGHAAPAV?$IAvgEnumerator@U?$AvgStringzRefBase@_W$0A@@@@@@Z

?Set@AvgBasEvent@@QAGHXZ

?AvgCreateErrorCodeFromWin32@@YGHK@Z

?GetForward@AvgBasWaitable@@IBGPAV1@XZ

?GetResourceType@AvgBasWaitable@@IBG?AW4AvgBasWaitableResourceType@@XZ

?Destroy@AvgBasWaitable@@UAGHXZ

?GetThreadExitCode@AvgBasThread@@QAGHAAH@Z

?CreateDir@AvgBasFs@@YGHPB_W_NPAVAvgSecurityCtx@@@Z

?StartThread@AvgBasThread@@QAGHW4AvgPriority@@PAVAvgSecurityCtx@@V?$AvgFlags@W4ThreadFlag@AvgBasThread@@@@PBD@Z

?Initialize@AvgBasThread@@QAGHPAVAvgBasEvent@@@Z

?Cleanup@AvgBasThread@@MAGXXZ

?KeyExists@AvgBasWinRegistryHandle@@QAG_NABU?$AvgStringRefBase@_W$0A@@@@Z

?Reset@AvgBasEvent@@QAGHXZ

?Release@AvgBasCriticalSection@@QAGHXZ

?Acquire@AvgBasCriticalSection@@QAGHXZ

?Create@AvgBasCriticalSection@@QAGHXZ

??1AvgBasCriticalSection@@QAE@XZ

??0AvgBasCriticalSection@@QAE@XZ

?IsInitialized@AvgBasCriticalSection@@QBG_NXZ

?Release@AvgBasMutex@@QAGHXZ

?Acquire@AvgBasMutex@@QAGHH@Z

?Create@AvgBasMutex@@QAGH_N@Z

?IsInitialized@AvgBasWaitable@@QBG_NXZ

?Move@AvgBasFs@@YGHPB_W0W4FileOverwriteParamters@1@@Z

?ParseWinSecDes@AvgWinSecurityDescriptor@@KGHAAV1@PBXV?$AvgFlags@W4InformationValues@AvgWinSecurityDescriptor@@@@@Z

?ReleaseClonedObject@AvgWinSecurityDescriptor@@UAEXXZ

?ClearSecurityAttributes@AvgWinSecurityDescriptor@@QAGXXZ

?CloneImpl@AvgWinSecurityDescriptor@@MBEHAAPAVAvgSecurityCtx@@@Z

?GetInformationType@AvgWinSecurityDescriptor@@QBG?AV?$AvgFlags@W4InformationValues@AvgWinSecurityDescriptor@@@@XZ

?AvgWinZwOpenFile@@YGHPB_WPAPAXKPAU_IO_STATUS_BLOCK@@KK@Z

?AvgGetTimestamp@@YGKXZ

?AvgKernel32IsFnLoaded_UnhandledExceptionFilter@@YG_NXZ

?AvgKernel32_SetUnhandledExceptionFilter@@YGP6GJPAU_EXCEPTION_POINTERS@@@ZP6GJ0@Z@Z

?AvgWinIsProcessBeingDebugged@@YG_NXZ

?AvgKernel32_UnhandledExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z

?FreeResource@AvgBasWaitable@@IAGHXZ

?CreateLuid@AvgGuidUtils@@YGHAAU_AvgGuid@@@Z

?Assign@AvgGuidUtils@@YGXAAU_AvgGuid@@ABU2@@Z

?GetCurrentModuleHandle@AvgProcess@@YGPAXXZ

??0AvgUtf16CharHeapBuffer@@QAE@XZ

??1AvgUtf16CharHeapBuffer@@QAE@XZ

?Assign@AvgUtf16CharHeapBuffer@@QAGHPB_WI@Z

?Initialize@AvgWinMandatoryLabel@@QAGHW4Label@1@V?$AvgFlags@W4FlagsValues@AvgWinMandatoryLabel@@@@@Z

?Sleep@AvgBasThread@@SGHH@Z

?GetSpecialFolder@AvgEnvironment@@YGHW4SpecialFolder@1@AAV?$IAvgString@_W$0A@@@@Z

?GetMaxPathLength@AvgEnvironment@@YGHAAIPB_W@Z

??0AvgBasSharedLibraryLoader@@QAE@PB_W@Z

??1AvgBasSharedLibraryLoader@@UAE@XZ

?Load@AvgBasSharedLibraryLoader@@QAGHPB_W@Z

?Unload@AvgBasSharedLibraryLoader@@UAGXXZ

?AttachTo@AvgBasSharedLibraryLoader@@QAGHPBDPCRAX@Z

?Parse@AvgGuidUtils@@YGHAAU_AvgGuid@@PB_W@Z

??0AvgBasWinRegistryHandle@@QAE@W4AvgBasWinRegistryRootType@@@Z

??1AvgBasWinRegistryHandle@@QAE@XZ

?OpenKeyIfExists@AvgBasWinRegistryHandle@@QAGHABU?$AvgStringRefBase@_W$0A@@@@Z

?IsWow64ViewModeSupported@AvgBasWinRegistryHandle@@SG_NXZ

?SetViewMode@AvgBasWinRegistryHandle@@QAGHV?$AvgFlags@W4AvgBasWinRegistryViewModeValues@@@@@Z

?GetStringValue@AvgBasWinRegistryHandle@@QAGHAAV?$IAvgString@_W$0A@@@ABU?$AvgStringRefBase@_W$0A@@@@Z

?CloseKey@AvgBasWinRegistryHandle@@QAGXXZ

?AvgCompareString@@YGHPB_W0II@Z

?AvgConvertMb2Utf16String@@YGHPA_WIPBDW4AvgCodePage@@PAII@Z

?AvgGetMb2Utf16StringSize@@YGHAAIPBDW4AvgCodePage@@I@Z

?DirectoryExists@AvgBasFs@@YGHPB_W@Z

?AvgGetStringSizeInElements@@YGIPB_W@Z

?AvgGetStringSizeInElements@@YGIPBD@Z

?GetModuleDirectory@AvgModule@@YGHPAXAAU_AVG_UTF16CHAR_STR@@PAI@Z

?StopThread@AvgBasThread@@QAGHH@Z

??0AvgTimeStruct@@QAE@XZ

msvcr100

memcpy

memset

_controlfp_s

?_type_info_dtor_internal_method@type_info@@QAEXXZ

_except_handler4_common

?terminate@@YAXXZ

__set_app_type

_fmode

_commode

__setusermatherr

_configthreadlocale

_initterm_e

_initterm

_acmdln

exit

_ismbblead

_XcptFilter

_exit

_cexit

__getmainargs

_amsg_exit

__CxxFrameHandler3

_onexit

_lock

__dllonexit

_unlock

strncpy

swprintf_s

_set_invalid_parameter_handler

_invoke_watson

??2@YAPAXI@Z

_close

_write

_lseek

_sopen_s

strcpy_s

_read

remove

_errno

sprintf_s

_stricmp

??3@YAXPAX@Z

_purecall

??_V@YAXPAX@Z

memmove

_CxxThrowException

Exports

??0_Mutex@std@@QAE@W4_Uninitialized@1@@Z

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

Sections

.text
Size: 237KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

avgsysx.dll

.dll windows:5 windows x86 arch:x86

f9c661a2d860e9dc4aa32871a818e1fb

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

Extended Key Usages

ExtKeyUsageServerAuth

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

26:6d:33:3e:de:17:a8:b4:72:05:3e:4f:a3:93:45:72
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

22/10/2014, 00:00

Not After

20/01/2018, 23:59

Subject

CN=AVG Technologies CZ\, s.r.o.,O=AVG Technologies CZ\, s.r.o.,L=Brno,ST=Jihomoravsky kraj,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

d0:f5:0a:56:31:a1:d3:0c:58:c1:bf:b6:dd:c3:0e:a5:72:00:54:fd
Signer

Actual PE Digest

d0:f5:0a:56:31:a1:d3:0c:58:c1:bf:b6:dd:c3:0e:a5:72:00:54:fd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

d:\nightly\sandbox_avg_vc10_HotFix2013-21\source\build\avg_client_ru_ntdll_dls_win32_vs100\bin\Release_Unicode_NTDLL_DLS_vs100\Win32\avgsysx.pdb

Imports

ntdll

_aulldiv

memcpy

memmove

RtlNtStatusToDosError

ZwWaitForMultipleObjects

memset

ZwClose

ZwWaitForSingleObject

ZwAllocateUuids

RtlDowncaseUnicodeString

RtlUpcaseUnicodeString

iswdigit

iswxdigit

islower

iswspace

RtlUpcaseUnicodeChar

RtlxAnsiStringToUnicodeSize

RtlxOemStringToUnicodeSize

NlsMbOemCodePageTag

RtlAnsiStringToUnicodeString

RtlOemStringToUnicodeString

RtlxUnicodeStringToAnsiSize

RtlxUnicodeStringToOemSize

RtlUnicodeStringToAnsiString

RtlUnicodeStringToOemString

_aullshr

_aulldvrm

_allshl

_allmul

ZwQueryVirtualMemory

LdrGetProcedureAddress

LdrGetDllHandle

RtlInitUnicodeString

LdrUnloadDll

RtlDosPathNameToNtPathName_U

LdrLoadDll

RtlExpandEnvironmentStrings_U

RtlGetFullPathName_U

RtlCreateUnicodeString

RtlFreeUnicodeString

RtlAllocateHeap

RtlFreeHeap

ZwQuerySymbolicLinkObject

ZwOpenSymbolicLinkObject

ZwDeviceIoControlFile

ZwCreateFile

ZwQueryInformationProcess

ZwOpenFile

ZwQueryObject

ZwDuplicateToken

ZwQueryVolumeInformationFile

ZwFsControlFile

ZwCreateEvent

RtlReleasePebLock

RtlAcquirePebLock

_allrem

ZwFreeVirtualMemory

RtlDestroyEnvironment

RtlSetEnvironmentVariable

RtlQueryEnvironmentVariable_U

RtlEqualSid

ZwQueryInformationToken

RtlCreateEnvironment

ZwReadVirtualMemory

DbgPrint

ZwDisplayString

ZwWriteFile

RtlInitAnsiString

ZwOpenProcess

ZwSetInformationProcess

ZwTerminateProcess

RtlGetCurrentDirectory_U

RtlSetCurrentDirectory_U

RtlSubAuthoritySid

ZwAdjustPrivilegesToken

RtlLeaveCriticalSection

RtlEnterCriticalSection

ZwQuerySystemInformation

ZwDuplicateObject

ZwSetEvent

RtlTimeFieldsToTime

RtlSystemTimeToLocalTime

RtlLocalTimeToSystemTime

ZwResumeThread

ZwOpenThread

ZwFilterToken

ZwSetInformationThread

RtlAdjustPrivilege

RtlImpersonateSelf

ZwQuerySecurityObject

ZwOpenThreadToken

ZwTerminateThread

RtlDestroyProcessParameters

RtlCreateUserProcess

RtlSetSaclSecurityDescriptor

RtlCreateAcl

RtlSetDaclSecurityDescriptor

RtlCreateSecurityDescriptor

RtlCreateProcessParameters

RtlInitializeCriticalSection

RtlDeleteCriticalSection

ZwResetEvent

ZwReleaseMutant

ZwCreateSemaphore

ZwReleaseSemaphore

ZwQueryInformationThread

ZwDelayExecution

ZwSuspendThread

RtlRaiseException

LdrShutdownThread

CsrClientCallServer

RtlCreateUserThread

RtlClearBits

RtlFindClearBitsAndSet

RtlAreBitsSet

ZwQueryInformationFile

ZwQueryDirectoryFile

RtlIsDosDeviceName_U

ZwSetInformationFile

ZwReadFile

RtlCopySid

RtlAddAccessDeniedAceEx

RtlAddAccessAllowedAceEx

RtlValidSecurityDescriptor

RtlSetGroupSecurityDescriptor

RtlSetOwnerSecurityDescriptor

ZwOpenKey

RtlGetSaclSecurityDescriptor

RtlGetDaclSecurityDescriptor

ZwSetSecurityObject

RtlGetAce

RtlGetGroupSecurityDescriptor

RtlGetOwnerSecurityDescriptor

ZwFlushVirtualMemory

ZwUnmapViewOfSection

ZwMapViewOfSection

ZwCreateSection

_chkstk

RtlReAllocateHeap

_stricmp

_strnicmp

_ftol

_strcmpi

towupper

RtlUnwind

NtRaiseException

strncmp

isspace

isdigit

RtlTimeToTimeFields

_aullrem

ZwSetInformationToken

ZwCancelIoFile

ZwNotifyChangeDirectoryFile

ZwOpenSection

ZwQueryEvent

ZwOpenEvent

ZwOpenMutant

ZwOpenSemaphore

NtLockFile

NtUnlockFile

NtClose

RtlOpenCurrentUser

ZwCreateKey

ZwRestoreKey

ZwNotifyChangeKey

ZwDeleteValueKey

ZwQueryValueKey

ZwSetValueKey

ZwLoadKey

ZwEnumerateKey

ZwEnumerateValueKey

ZwQueryKey

ZwSaveKey

ZwDeleteKey

ZwUnloadKey

ZwShutdownSystem

Exports

??0AvgBZ2Context@detail@@QAE@XZ

??0AvgBackgroundProcessGuard@@QAE@XZ

??0AvgBackgroundThreadGuard@@QAE@XZ

??0AvgBasCriticalSection@@QAE@XZ

??0AvgBasCriticalSectionHolder@@QAE@PAVAvgBasCriticalSection@@@Z

??0AvgBasObjectFactoryImpl@detail@@QAE@XZ

??0AvgBasResource@@QAE@XZ

??0AvgBasResourceHolder@@QAE@PAVAvgBasResource@@W4LockType@0@H@Z

??0AvgBasSharedLibraryLoader@@QAE@PB_W@Z

??0AvgBasSparseLockManager@@QAE@XZ

??0AvgBasSparseNonrecursiveLock@@QAE@XZ

??0AvgBasSyncNamed@@QAE@KW4AvgBasSyncObjectNameSpace@@@Z

??0AvgBasWinHandleWaitable@@QAE@PAX_N@Z

??0AvgBasWinLockFile@@QAE@XZ

??0AvgBasWinLockFileHolder@@QAE@PAVAvgBasWinLockFile@@H@Z

??0AvgBasWinLockFileResource@@QAE@XZ

??0AvgBasWinProcess@@QAE@XZ

??0AvgBasWinRegistryHandle@@QAE@PAV0@@Z

??0AvgBasWinRegistryHandle@@QAE@W4AvgBasWinRegistryRootType@@@Z

??0AvgBasWinWow64FsRedirection@@QAE@XZ

??0AvgDeflateContext@detail@@QAE@XZ

??0AvgMbCharHeapBuffer@@QAE@XZ

??0AvgMiniHashCrc32@@QAE@XZ

??0AvgMiniHashMd4@@QAE@XZ

??0AvgMiniHashMd5@@QAE@XZ

??0AvgMiniHashSha1@@QAE@XZ

??0AvgMiniHashSha256@@QAE@XZ

??0AvgMiniSuperFastHash@@QAE@XZ

??0AvgPeVersionInfo@@QAE@XZ

??0AvgSharedMemoryBase@@QAE@XZ

??0AvgSharedMemoryClient@@QAE@XZ

??0AvgSharedMemoryServer@@QAE@XZ

??0AvgSharedMemoryView@@QAE@XZ

??0AvgSpinLockLocker@@QAE@PAUAvgSpinLock@@_N@Z

??0AvgThreadImpersonationGuard@@QAE@XZ

??0AvgTimeDifferenceStruct@@QAE@GGGGGGG@Z

??0AvgTimeDifferenceStruct@@QAE@XZ

??0AvgTimeStruct@@QAE@GW4AvgMonth@@GW4AvgDayOfWeek@@GGGGGG@Z

??0AvgTimeStruct@@QAE@XZ

??0AvgUtf16CharHeapBuffer@@QAE@XZ

??0AvgWin32Environment@detail@@QAE@XZ

??0AvgWinGlobalSymlinks@@QAE@XZ

??0AvgWinSecurityDescriptor@@QAE@XZ

??0AvgWinTransaction@@QAE@XZ

??0Item@AvgBasFs@@QAE@XZ

??1AvgBZ2Context@detail@@QAE@XZ

??1AvgBackgroundProcessGuard@@QAE@XZ

??1AvgBackgroundThreadGuard@@QAE@XZ

??1AvgBasCriticalSection@@QAE@XZ

??1AvgBasCriticalSectionHolder@@QAE@XZ

??1AvgBasObjectFactoryImpl@detail@@QAE@XZ

??1AvgBasResource@@UAE@XZ

??1AvgBasResourceHolder@@QAE@XZ

??1AvgBasSharedLibraryLoader@@UAE@XZ

??1AvgBasSparseLockManager@@QAE@XZ

??1AvgBasSparseNonrecursiveLock@@QAE@XZ

??1AvgBasWinLockFile@@QAE@XZ

??1AvgBasWinLockFileHolder@@QAE@XZ

??1AvgBasWinLockFileResource@@UAE@XZ

??1AvgBasWinRegistryHandle@@QAE@XZ

??1AvgBasWinWow64FsRedirection@@QAE@XZ

??1AvgDeflateContext@detail@@QAE@XZ

??1AvgMbCharHeapBuffer@@QAE@XZ

??1AvgMiniHashCrc32@@QAE@XZ

??1AvgMiniHashMd4@@QAE@XZ

??1AvgMiniHashMd5@@QAE@XZ

??1AvgMiniHashSha1@@QAE@XZ

??1AvgMiniHashSha256@@QAE@XZ

??1AvgMiniSuperFastHash@@QAE@XZ

??1AvgPeVersionInfo@@QAE@XZ

??1AvgSharedMemoryBase@@UAE@XZ

??1AvgSharedMemoryClient@@UAE@XZ

??1AvgSharedMemoryServer@@UAE@XZ

??1AvgSharedMemoryView@@UAE@XZ

??1AvgSpinLockLocker@@QAE@XZ

??1AvgThreadImpersonationGuard@@QAE@XZ

??1AvgUtf16CharHeapBuffer@@QAE@XZ

??1AvgWin32Environment@detail@@QAE@XZ

??1AvgWinGlobalSymlinks@@QAE@XZ

??1AvgWinTransaction@@QAE@XZ

??1Item@AvgBasFs@@QAE@XZ

??8AvgWinSecurityIdentifier@@QAG_NABV0@@Z

??8AvgWinSecurityIdentifier@@QBG_NABV0@@Z

??AAvgMbCharHeapBuffer@@QAGAADI@Z

??AAvgMbCharHeapBuffer@@QBGABDI@Z

??AAvgUtf16CharHeapBuffer@@QAGAA_WI@Z

??AAvgUtf16CharHeapBuffer@@QBGAB_WI@Z

??_FAvgBasCriticalSectionHolder@@QAEXXZ

??_FAvgBasSharedLibraryLoader@@QAEXXZ

??_FAvgBasSyncNamed@@QAEXXZ

??_FAvgBasWinLockFileHolder@@QAEXXZ

??_FAvgBasWinRegistryHandle@@QAEXXZ

?AbortWindowsShutdown@AvgBasWinShutdownManager@@SGHXZ

?Acquire@AvgBasCriticalSection@@QAGHXZ

?Acquire@AvgBasMutex@@QAGHH@Z

?Acquire@AvgBasSparseNonrecursiveLock@@QAGHPAVAvgBasSparseLockManager@@@Z

?Acquire@AvgBasWinLockFile@@QAGHH@Z

?AcquireExclusive@AvgBasResource@@QAGHH@Z

?AcquireExclusive@AvgBasWinLockFileResource@@QAGHH@Z

?AcquireShared@AvgBasResource@@QAGHH@Z

?AcquireShared@AvgBasWinLockFileResource@@QAGHH@Z

?AcquireSharedStarveExclusive@AvgBasResource@@QAGHH@Z

?AcquireSharedWaitForExclusive@AvgBasResource@@QAGHH@Z

?Add@AvgMiniHashCrc32@@QAGXPBEI@Z

?Add@AvgMiniHashMd4@@QAGXPBEI@Z

?Add@AvgMiniHashMd5@@QAGXPBEI@Z

?Add@AvgMiniHashSha1@@QAGHPBEI@Z

?Add@AvgMiniHashSha256@@QAGHPBEI@Z

?Add@AvgMiniSuperFastHash@@QAGXPBEI@Z

?AddDaclAce@AvgWinSecurityDescriptor@@QAGHABVAvgWinAce@@@Z

?AddDaclAce@AvgWinSecurityDescriptor@@QAGHW4WellKnownSidType@AvgWinSecurityIdentifier@@HW4Type@AvgWinAce@@V?$AvgFlags@W4FlagsValues@AvgWinAce@@@@@Z

?AddEveryoneLowIntegrity@AvgWinSecurityDescriptor@@SGHAAV1@@Z

?AddSaclAce@AvgWinSecurityDescriptor@@QAGHABVAvgWinAce@@@Z

?AllocateKey@AvgTls@@YGHAAUKeyBase@1@@Z

?Append@AvgMbCharHeapBuffer@@QAGHABU_AVG_MBCHAR_STR@@@Z

?Append@AvgMbCharHeapBuffer@@QAGHABV1@@Z

?Append@AvgMbCharHeapBuffer@@QAGHD@Z

?Append@AvgMbCharHeapBuffer@@QAGHPBDI@Z

?Append@AvgUtf16CharHeapBuffer@@QAGHABU_AVG_UTF16CHAR_STR@@@Z

?Append@AvgUtf16CharHeapBuffer@@QAGHABV1@@Z

?Append@AvgUtf16CharHeapBuffer@@QAGHPB_WI@Z

?Append@AvgUtf16CharHeapBuffer@@QAGH_W@Z

?Append@Impl@AvgBasXmlWriter@@QAGHPB_W0@Z

?AppendDescriptorToObject@AvgWinSecurity@@YGHAAVAvgWinSecurityDescriptor@@ABVAvgWinObject@@_N@Z

?AppendPath@AvgBasPath@@YGHAAVAvgUtf16CharHeapBuffer@@ABU?$AvgStringRefBase@_W$0A@@@@Z

?Assign@AvgFileIdUtils@@YGXAAUAvgFileId@@ABU2@@Z

?Assign@AvgFileIdUtils@@YGXAAUAvgFileId@@ABU_AvgGuid@@1@Z

?Assign@AvgGuidUtils@@YGXAAU_AvgGuid@@ABU2@@Z

?Assign@AvgGuidUtils@@YGXAAU_AvgGuid@@KGGEEEEEEEE@Z

?Assign@AvgGuidUtils@@YGXAAU_AvgGuid@@QBE@Z

?Assign@AvgMbCharHeapBuffer@@QAGHABU_AVG_MBCHAR_STR@@@Z

?Assign@AvgMbCharHeapBuffer@@QAGHABV1@@Z

?Assign@AvgMbCharHeapBuffer@@QAGHD@Z

?Assign@AvgMbCharHeapBuffer@@QAGHPBDI@Z

?Assign@AvgUtf16CharHeapBuffer@@QAGHABU_AVG_UTF16CHAR_STR@@@Z

?Assign@AvgUtf16CharHeapBuffer@@QAGHABV1@@Z

?Assign@AvgUtf16CharHeapBuffer@@QAGHPB_WI@Z

?Assign@AvgUtf16CharHeapBuffer@@QAGH_W@Z

?Assign@AvgWinSecurityDescriptor@@QAGHABVAvgSecurityCtx@@@Z

?AssignStartupNotificationEvent@AvgBasWinNativeProcess@@QAGHPAVAvgStartupNotificationEvent@@@Z

?AssignStartupNotificationEvent@AvgBasWinProcess@@QAGHPAVAvgStartupNotificationEvent@@@Z

?Attach@AvgSharedMemoryView@@QAGHAAVAvgSharedMemoryBase@@_JI@Z

?Attach@AvgSharedMemoryView@@QAGHAAVAvgSharedMemoryBase@@_JI_N@Z

?AttachForward@AvgBasWaitable@@IAGXPAV1@@Z

?AttachHandle@AvgBasWaitable@@IAGXPAX@Z

?AttachTo@AvgBasSharedLibraryLoader@@QAGHPBDPCRAX@Z

?AttachToSection@AvgSharedMemoryClient@@QAGXPAX@Z

?AvgACL2WinACL@AvgWinSecurityDescriptor@@IAGHPAXAAVAvgWinGenericAcl@@@Z

?AvgAppendFormatStringV@@YGHW4AvgCodePage@@AAVAvgUtf16CharHeapBuffer@@PB_WPAD@Z

?AvgAppendString@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?AvgAppendString@@YGHPADIPBDPAII@Z

?AvgAppendString@@YGHPA_WIPB_WPAII@Z

?AvgBasAppendFormatV@@YGHAAU?$AvgBasAppendable@D@@PBDPAD@Z

?AvgBasAppendFormatV@@YGHAAU?$AvgBasAppendable@_W@@PB_WPAD@Z

?AvgBasGetStackFrameModuleBase@@YGHAAIABUAvgBasStackFrameX86@@@Z

?AvgBasGetStackFrameModuleName@@YGHAAV?$IAvgString@_W$0A@@@ABUAvgBasStackFrameX86@@@Z

?AvgBasGetStackFrameModulePath@@YGHAAV?$IAvgString@_W$0A@@@ABUAvgBasStackFrameX86@@@Z

?AvgBasMatchWildcards@@YGHAA_NABU?$AvgStringRefBase@_W$0A@@@1@Z

?AvgBasMatchWildcardsNoCase@@YGHAA_NABU?$AvgStringRefBase@_W$0A@@@1@Z

?AvgBasSetThreadToken@@YGHABVAvgBasThread@@PAX@Z

?AvgBasSetThreadToken@@YGHPAX0@Z

?AvgBasSetThreadToken@@YGHPAX@Z

?AvgBasXmlSaxParse@@YGHAAVIAvgStream@@AAUAvgBasXmlSaxHandlerBase@@@Z

?AvgBase64Decode@@YGHPAEIPB_WIPAIW4AvgBase64Ignored@@@Z

?AvgBase64DecodeNecessaryBufferCapacity@@YGII@Z

?AvgBase64Encode@@YGHAAU_AVG_UTF16CHAR_STR@@PBEI@Z

?AvgBase64EncodeAppend@@YGHAAU_AVG_UTF16CHAR_STR@@PBEI@Z

?AvgBase64EncodeNecessaryBufferCapacity@@YGII@Z

?AvgBufferXor@@YGXPAEPBEI1I_J@Z

?AvgChooseRandomEvent@@YGKIPBN@Z

?AvgCompareString@@YGHPBD0II@Z

?AvgCompareString@@YGHPB_W0II@Z

?AvgCompareStringNoCase@@YGHW4AvgCodePage@@PB_W1II@Z

?AvgCompareSubString@@YGHPBD0III@Z

?AvgCompareSubString@@YGHPB_W0III@Z

?AvgCompareSubStringNoCase@@YGHW4AvgCodePage@@PB_W1III@Z

?AvgConvertAvgTimeDifferenceToStruct@@YGHAAUAvgTimeDifferenceStruct@@_J@Z

?AvgConvertAvgTimeDifferenceToStruct@@YGHAAUAvgTimeDifferenceStruct@@_K1@Z

?AvgConvertAvgTimeStructToSYSTEMTIME@@YGHAAU_SYSTEMTIME@@ABUAvgTimeStruct@@@Z

?AvgConvertAvgTimeToDosDateTime@@YGHAAG0_K@Z

?AvgConvertAvgTimeToSYSTEMTIME@@YGHAAU_SYSTEMTIME@@AB_K@Z

?AvgConvertAvgTimeToStruct@@YGHAAUAvgTimeStruct@@_K@Z

?AvgConvertAvgTimeToTM@@YGHAAUtm@@_K@Z

?AvgConvertAvgTimeToTimeT@@YGHAA_J_K@Z

?AvgConvertAvgTimeToTimeval@@YGHAAUtimeval@@_K@Z

?AvgConvertAvgTimeToVariantTime@@YGHAAN_K@Z

?AvgConvertAvgTimeToWin32FileTime@@YGHAAK0_K@Z

?AvgConvertDosDateTimeToAvgTime@@YGHAA_KGG@Z

?AvgConvertDouble2String@@YGHPADINHPAI@Z

?AvgConvertDouble2String@@YGHPA_WINHPAI@Z

?AvgConvertFileSize2String@@YGHPADI_JHPAI@Z

?AvgConvertFileSize2String@@YGHPA_WI_JHPAI@Z

?AvgConvertLocalTimeToSystemTime@@YGHAAUAvgTimeStruct@@@Z

?AvgConvertLocalTimeToSystemTime@@YGHAA_K@Z

?AvgConvertMb2MbString@@YGHPADIPBDW4AvgCodePage@@2PAII@Z

?AvgConvertMb2TString@@YGHAAU_AVG_UTF16CHAR_STR@@PBDW4AvgCodePage@@IPAI@Z

?AvgConvertMb2TString@@YGHPA_WIPBDW4AvgCodePage@@PAII@Z

?AvgConvertMb2Utf16String@@YGHPA_WIPBDW4AvgCodePage@@PAII@Z

?AvgConvertNumber2String@@YGHPADICHPAI@Z

?AvgConvertNumber2String@@YGHPADIEHPAI@Z

?AvgConvertNumber2String@@YGHPADIFHPAI@Z

?AvgConvertNumber2String@@YGHPADIGHPAI@Z

?AvgConvertNumber2String@@YGHPADIHHPAI@Z

?AvgConvertNumber2String@@YGHPADIKHPAI@Z

?AvgConvertNumber2String@@YGHPADI_JHPAI@Z

?AvgConvertNumber2String@@YGHPADI_KHPAI@Z

?AvgConvertNumber2String@@YGHPA_WICHPAI@Z

?AvgConvertNumber2String@@YGHPA_WIEHPAI@Z

?AvgConvertNumber2String@@YGHPA_WIFHPAI@Z

?AvgConvertNumber2String@@YGHPA_WIGHPAI@Z

?AvgConvertNumber2String@@YGHPA_WIHHPAI@Z

?AvgConvertNumber2String@@YGHPA_WIKHPAI@Z

?AvgConvertNumber2String@@YGHPA_WI_JHPAI@Z

?AvgConvertNumber2String@@YGHPA_WI_KHPAI@Z

?AvgConvertSYSTEMTIMEToAvgTime@@YGHAA_KABU_SYSTEMTIME@@@Z

?AvgConvertSYSTEMTIMEToAvgTimeStruct@@YGHAAUAvgTimeStruct@@ABU_SYSTEMTIME@@@Z

?AvgConvertSize2String@@YGHPADIIHPAI@Z

?AvgConvertSize2String@@YGHPA_WIIHPAI@Z

?AvgConvertString2Double@@YGHAANPBDIPAPBDW4AvgString2DoubleMode@@@Z

?AvgConvertString2Double@@YGHAANPB_WIPAPB_WW4AvgString2DoubleMode@@@Z

?AvgConvertString2FileSize@@YGHAA_JPBDIHPAPBD@Z

?AvgConvertString2FileSize@@YGHAA_JPB_WIHPAPB_W@Z

?AvgConvertString2Number@@YGHAACPBDIHPAPBD@Z

?AvgConvertString2Number@@YGHAACPB_WIHPAPB_W@Z

?AvgConvertString2Number@@YGHAAEPBDIHPAPBD@Z

?AvgConvertString2Number@@YGHAAEPB_WIHPAPB_W@Z

?AvgConvertString2Number@@YGHAAFPBDIHPAPBD@Z

?AvgConvertString2Number@@YGHAAFPB_WIHPAPB_W@Z

?AvgConvertString2Number@@YGHAAGPBDIHPAPBD@Z

?AvgConvertString2Number@@YGHAAGPB_WIHPAPB_W@Z

?AvgConvertString2Number@@YGHAAHPBDIHPAPBD@Z

?AvgConvertString2Number@@YGHAAHPB_WIHPAPB_W@Z

?AvgConvertString2Number@@YGHAAKPBDIHPAPBD@Z

?AvgConvertString2Number@@YGHAAKPB_WIHPAPB_W@Z

?AvgConvertString2Number@@YGHAA_JPBDIHPAPBD@Z

?AvgConvertString2Number@@YGHAA_JPB_WIHPAPB_W@Z

?AvgConvertString2Number@@YGHAA_KPBDIHPAPBD@Z

?AvgConvertString2Number@@YGHAA_KPB_WIHPAPB_W@Z

?AvgConvertString2Size@@YGHAAIPBDIHPAPBD@Z

?AvgConvertString2Size@@YGHAAIPB_WIHPAPB_W@Z

?AvgConvertStructToAvgTime@@YGHAA_KABUAvgTimeStruct@@@Z

?AvgConvertStructToAvgTimeDifference@@YGHAA_JABUAvgTimeDifferenceStruct@@@Z

?AvgConvertSystemTimeToLocalTime@@YGHAAUAvgTimeStruct@@@Z

?AvgConvertSystemTimeToLocalTime@@YGHAA_K@Z

?AvgConvertT2MbString@@YGHPADIPB_WW4AvgCodePage@@PAII@Z

?AvgConvertT2Utf16String@@YGHPA_WIPB_WPAII@Z

?AvgConvertTMToAvgTime@@YGHAA_KAAUtm@@@Z

?AvgConvertTimeTToAvgTime@@YGHAA_K_J@Z

?AvgConvertTimevalToAvgTime@@YGHAA_KABUtimeval@@@Z

?AvgConvertUtf162MbString@@YGHPADIPB_WW4AvgCodePage@@PAII@Z

?AvgConvertUtf162TString@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?AvgConvertUtf162TString@@YGHPA_WIPB_WPAII@Z

?AvgConvertVariantTimeToAvgTime@@YGHAA_KN@Z

?AvgConvertWin32FileTimeToAvgTime@@YGHAA_KKK@Z

?AvgCopyString@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?AvgCopyString@@YGHPADIPBDI@Z

?AvgCopyString@@YGHPA_WIPB_WI@Z

?AvgCopySubString@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIIIPAI@Z

?AvgCopySubString@@YGHPADIPBDIII@Z

?AvgCopySubString@@YGHPA_WIPB_WIII@Z

?AvgCreateErrorCodeFromErrno@@YGHW4_AvgErrorCodeSeverity@@@Z

?AvgCreateErrorCodeFromErrno@@YGHW4_AvgErrorCodeSeverity@@H@Z

?AvgCreateErrorCodeFromErrno@@YGHXZ

?AvgCreateErrorCodeFromWin32@@YGHK@Z

?AvgCreateErrorCodeFromWin32@@YGHW4_AvgErrorCodeSeverity@@K@Z

?AvgCreateWin32CodeFromErrorCode@@YG_NAAKH@Z

?AvgDestroySysMini@@YGXXZ

?AvgErrorOutput@@YGHPBDI_NW4AvgCodePage@@@Z

?AvgErrorOutput@@YGHPB_WI_NW4AvgCodePage@@@Z

?AvgErrorOutputSysCP@@YGHPBDI_N@Z

?AvgErrorOutputSysCP@@YGHPB_WI_N@Z

?AvgFindElement@@YGPADPADDI@Z

?AvgFindElement@@YGPA_WPA_W_WI@Z

?AvgFindElement@@YGPBDPBDDI@Z

?AvgFindElement@@YGPB_WPB_W_WI@Z

?AvgFindElementFromRight@@YGPADPADDI@Z

?AvgFindElementFromRight@@YGPA_WPA_W_WI@Z

?AvgFindElementFromRight@@YGPBDPBDDI@Z

?AvgFindElementFromRight@@YGPB_WPB_W_WI@Z

?AvgFindSubString@@YGPADPADPBDII@Z

?AvgFindSubString@@YGPA_WPA_WPB_WII@Z

?AvgFindSubString@@YGPBDPBD0II@Z

?AvgFindSubString@@YGPB_WPB_W0II@Z

?AvgFindSubStringFromRight@@YGPADPADPBDII@Z

?AvgFindSubStringFromRight@@YGPA_WPA_WPB_WII@Z

?AvgFindSubStringFromRight@@YGPBDPBD0II@Z

?AvgFindSubStringFromRight@@YGPB_WPB_W0II@Z

?AvgFormatStringV@@YGHW4AvgCodePage@@AAU_AVG_UTF16CHAR_STR@@PB_WPAD@Z

?AvgFormatStringV@@YGHW4AvgCodePage@@AAVAvgUtf16CharHeapBuffer@@PB_WPAD@Z

?AvgFormatStringV@@YGHW4AvgCodePage@@PADIPBDPAI1@Z

?AvgFormatStringV@@YGHW4AvgCodePage@@PA_WIPB_WPAIPAD@Z

?AvgGenerateRandomBool@@YG_NXZ

?AvgGenerateRandomBuffer@@YGXPAEI@Z

?AvgGenerateRandomByte@@YGEXZ

?AvgGenerateRandomDWord@@YGKXZ

?AvgGenerateRandomWord@@YGGXZ

?AvgGetDayOfWeek@@YGHAAW4AvgDayOfWeek@@ABUAvgTimeStruct@@@Z

?AvgGetDayOfWeek@@YGHAAW4AvgDayOfWeek@@GW4AvgMonth@@G@Z

?AvgGetDayOfWeek@@YGHAAW4AvgDayOfWeek@@_K@Z

?AvgGetErrnoFromErrorCode@@YG_NAAHH@Z

?AvgGetLocalTime@@YGHAAUAvgTimeStruct@@@Z

?AvgGetLocalTime@@YGHAA_K@Z

?AvgGetMb2MbStringSize@@YGHAAIPBDW4AvgCodePage@@2I@Z

?AvgGetMb2TStringSize@@YGHAAIPBDW4AvgCodePage@@I@Z

?AvgGetMb2Utf16StringSize@@YGHAAIPBDW4AvgCodePage@@I@Z

?AvgGetNtdllModuleHandle@@YGPAXXZ

?AvgGetStringSizeInElements@@YGIPBD@Z

?AvgGetStringSizeInElements@@YGIPBDI@Z

?AvgGetStringSizeInElements@@YGIPB_W@Z

?AvgGetStringSizeInElements@@YGIPB_WI@Z

?AvgGetSystemTime@@YGHAAUAvgTimeStruct@@@Z

?AvgGetSystemTime@@YGHAA_K@Z

?AvgGetT2MbStringSize@@YGHAAIPB_WW4AvgCodePage@@I@Z

?AvgGetT2Utf16StringSize@@YGHAAIPB_WI@Z

?AvgGetTimestamp64@@YG_KXZ

?AvgGetTimestamp@@YGKXZ

?AvgGetUtf162MbStringSize@@YGHAAIPB_WW4AvgCodePage@@I@Z

?AvgGetUtf162TStringSize@@YGHAAIPB_WI@Z

?AvgInitializeSysMini@@YGHXZ

?AvgIsASCIIDigit@@YG_N_W@Z

?AvgIsASCIIWhiteSpace@@YG_ND@Z

?AvgIsASCIIWhiteSpace@@YG_N_W@Z

?AvgIsControl@@YG_N_W@Z

?AvgIsDigit@@YG_N_W@Z

?AvgIsLetter@@YG_N_W@Z

?AvgIsLetterOrDigit@@YG_N_W@Z

?AvgIsLower@@YG_N_W@Z

?AvgIsPunctuation@@YG_N_W@Z

?AvgIsSymbol@@YG_N_W@Z

?AvgIsUpper@@YG_N_W@Z

?AvgIsWOW64Process@@YG_NXZ

?AvgIsWhiteSpace@@YG_N_W@Z

?AvgIsXDigit@@YG_N_W@Z

?AvgKernel32ForceInitialize@@YGXXZ

?AvgKernel32IsFnLoaded_CopyFileA@@YG_NXZ

?AvgKernel32IsFnLoaded_CopyFileW@@YG_NXZ

?AvgKernel32IsFnLoaded_CreateProcessA@@YG_NXZ

?AvgKernel32IsFnLoaded_CreateProcessW@@YG_NXZ

?AvgKernel32IsFnLoaded_DefineDosDeviceA@@YG_NXZ

?AvgKernel32IsFnLoaded_DefineDosDeviceW@@YG_NXZ

?AvgKernel32IsFnLoaded_FindResourceExA@@YG_NXZ

?AvgKernel32IsFnLoaded_FindResourceExW@@YG_NXZ

?AvgKernel32IsFnLoaded_FreeEnvironmentStringsA@@YG_NXZ

?AvgKernel32IsFnLoaded_FreeEnvironmentStringsW@@YG_NXZ

?AvgKernel32IsFnLoaded_GetACP@@YG_NXZ

?AvgKernel32IsFnLoaded_GetEnvironmentStringsA@@YG_NXZ

?AvgKernel32IsFnLoaded_GetEnvironmentStringsW@@YG_NXZ

?AvgKernel32IsFnLoaded_GlobalMemoryStatusEx@@YG_NXZ

?AvgKernel32IsFnLoaded_SetUnhandledExceptionFilter@@YG_NXZ

?AvgKernel32IsFnLoaded_UnhandledExceptionFilter@@YG_NXZ

?AvgKernel32IsFnLoaded_WriteFile@@YG_NXZ

?AvgKernel32IsTableInitialized@@YG_NXZ

?AvgKernel32TableInitializeIfLoaded@@YGHXZ

?AvgKernel32_CopyFileA@@YGHPBD0_N@Z

?AvgKernel32_CopyFileW@@YGHPB_W0_N@Z

?AvgKernel32_CreateProcessA@@YGHPBDPADPAU_SECURITY_ATTRIBUTES@@2HKPAX0PAU_K32_STARTUPINFOA@@PAU_K32_PROCESS_INFORMATION@@@Z

?AvgKernel32_CreateProcessW@@YGHPB_WPA_WPAU_SECURITY_ATTRIBUTES@@2HKPAX0PAU_K32_STARTUPINFOW@@PAU_K32_PROCESS_INFORMATION@@@Z

?AvgKernel32_DefineDosDeviceA@@YGHKPBD0@Z

?AvgKernel32_DefineDosDeviceW@@YGHKPB_W0@Z

?AvgKernel32_FindResourceExA@@YGPAXPAXPBD1G@Z

?AvgKernel32_FindResourceExW@@YGPAXPAXPB_W1G@Z

?AvgKernel32_FreeEnvironmentStringsA@@YGHPAD@Z

?AvgKernel32_FreeEnvironmentStringsW@@YGHPA_W@Z

?AvgKernel32_GetACP@@YGIXZ

?AvgKernel32_GetEnvironmentStringsA@@YGPADXZ

?AvgKernel32_GetEnvironmentStringsW@@YGPA_WXZ

?AvgKernel32_GlobalMemoryStatusEx@@YGHPAX@Z

?AvgKernel32_SetUnhandledExceptionFilter@@YGP6GJPAU_EXCEPTION_POINTERS@@@ZP6GJ0@Z@Z

?AvgKernel32_UnhandledExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z

?AvgKernel32_WriteFile@@YGHPAXQAXKPAK0@Z

?AvgLowerASCIIString@@YGXPADI@Z

?AvgLowerASCIIString@@YGXPA_WI@Z

?AvgLowerString@@YGHW4AvgCodePage@@AAU_AVG_UTF16CHAR_STR@@PB_WI@Z

?AvgLowerString@@YGHW4AvgCodePage@@PA_WIPB_WPAII@Z

?AvgMemXor@@YGXPAEIPBEI_J@Z

?AvgMemXor@@YGXPAEPBEI@Z

?AvgModf@@YGNNAAN@Z

?AvgNtDllConvertTMToAvgTime@@YGHAA_KAAUtm@@@Z

?AvgNtdllForceInitialize@@YGHXZ

?AvgNtdllIsFnLoaded_CsrGetProcessId@@YG_NXZ

?AvgNtdllIsFnLoaded_EtwEventRegister@@YG_NXZ

?AvgNtdllIsFnLoaded_EtwEventUnregister@@YG_NXZ

?AvgNtdllIsFnLoaded_EtwEventWrite@@YG_NXZ

?AvgNtdllIsFnLoaded_EtwEventWriteEx@@YG_NXZ

?AvgNtdllIsFnLoaded_NtGetTickCount@@YG_NXZ

?AvgNtdllIsFnLoaded_RtlAddMandatoryAce@@YG_NXZ

?AvgNtdllIsFnLoaded_RtlExitUserThread@@YG_NXZ

?AvgNtdllIsFnLoaded_RtlGetNativeSystemInformation@@YG_NXZ

?AvgNtdllIsFnLoaded_RtlGetProductInfo@@YG_NXZ

?AvgNtdllIsFnLoaded_RtlGetUnloadEventTrace@@YG_NXZ

?AvgNtdllIsFnLoaded_RtlGetUnloadEventTraceEx@@YG_NXZ

?AvgNtdllIsFnLoaded_RtlWow64EnableFsRedirectionEx@@YG_NXZ

?AvgNtdllIsTableInitialized@@YG_NXZ

?AvgNtdllTableDestroy@@YGXXZ

?AvgNtdllTableInitialize@@YGHXZ

?AvgNtdll_CsrGetProcessId@@YGJXZ

?AvgNtdll_EtwEventRegister@@YGJPBU_GUID@@P6GX0KE_K1PAU_EVENT_FILTER_DESCRIPTOR@@PAX@Z3PA_K@Z

?AvgNtdll_EtwEventUnregister@@YGJ_K@Z

?AvgNtdll_EtwEventWrite@@YGJ_KPBU_EVENT_DESCRIPTOR@@KPAU_EVENT_DATA_DESCRIPTOR@@@Z

?AvgNtdll_EtwEventWriteEx@@YGJ_KPBU_EVENT_DESCRIPTOR@@0KPBU_GUID@@2KPAU_EVENT_DATA_DESCRIPTOR@@@Z

?AvgNtdll_FunctionExists@@YG_NPAD@Z

?AvgNtdll_NtGetTickCount@@YGKXZ

?AvgNtdll_RtlAddMandatoryAce@@YGJPAU_ACL@@KKPAXKK@Z

?AvgNtdll_RtlDosPathNameToNtPathName_T@@YGEPB_WPAU_UNICODE_STRING@@@Z

?AvgNtdll_RtlDosPathNameToNtPathName_T_EliminateDosDevice@@YGHPB_WAAVAvgUtf16CharHeapBuffer@@@Z

?AvgNtdll_RtlDosPathNameToNtPathName_T_EliminateDosDevice@@YGHPB_WPAU_UNICODE_STRING@@@Z

?AvgNtdll_RtlDosPathNameToNtPathName_U_EliminateDosDevice@@YGHPB_WPAU_UNICODE_STRING@@@Z

?AvgNtdll_RtlDowncaseUnicodeChar@@YG_W_W@Z

?AvgNtdll_RtlExitUserThread@@YGJJ@Z

?AvgNtdll_RtlExpandEnvironmentStrings_T@@YGHPAXPB_WAAU_AVG_UTF16CHAR_STR@@PAI@Z

?AvgNtdll_RtlGetCurrentTransaction@@YGPAXXZ

?AvgNtdll_RtlGetNativeSystemInformation@@YGJW4_SYSTEM_INFORMATION_CLASS@@PAXKPAK@Z

?AvgNtdll_RtlGetProductInfo@@YGEKKKKPAK@Z

?AvgNtdll_RtlGetUnloadEventTrace@@YGPAU_RTL_UNLOAD_EVENT_TRACE@@XZ

?AvgNtdll_RtlGetUnloadEventTraceEx@@YGXPAPAK0PAPAX@Z

?AvgNtdll_RtlGetVersion@@YGJPAU_OSVERSIONINFOW@@@Z

?AvgNtdll_RtlSetCurrentTransaction@@YGEPAX@Z

?AvgNtdll_RtlWow64EnableFsRedirectionEx@@YGJKPAK@Z

?AvgNtdll_ZwCommitTransaction@@YGJPAXE@Z

?AvgNtdll_ZwCreateKeyTransacted@@YGJPAPAXKPAU_OBJECT_ATTRIBUTES@@KPAU_UNICODE_STRING@@KPAXPAK@Z

?AvgNtdll_ZwCreateMutant@@YGJPAPAXKPAU_OBJECT_ATTRIBUTES@@E@Z

?AvgNtdll_ZwCreateTransaction@@YGJPAPAXKPAU_OBJECT_ATTRIBUTES@@PAU_GUID@@PAXKKKPAT_LARGE_INTEGER@@PAU_UNICODE_STRING@@@Z

?AvgNtdll_ZwOpenKeyTransacted@@YGJPAPAXKPAU_OBJECT_ATTRIBUTES@@PAX@Z

?AvgNtdll_ZwOpenProcessToken@@YGJPAXKPAPAX@Z

?AvgNtdll_ZwQueryDirectoryObject@@YGJPAX0KEEPAK1@Z

?AvgNtdll_ZwRollbackTransaction@@YGJPAXE@Z

?AvgOutput@@YGHPBDI_NW4AvgCodePage@@@Z

?AvgOutput@@YGHPB_WI_NW4AvgCodePage@@@Z

?AvgOutputSysCP@@YGHPBDI_N@Z

?AvgOutputSysCP@@YGHPB_WI_N@Z

?AvgParseTimeStructure@@YGHAAUAvgTimeStruct@@W4AvgTimeFormatType@@ABU?$AvgStringRefBase@_W$0A@@@@Z

?AvgParseTimeStructureIso8601@@YGHAAUAvgTimeStruct@@ABU?$AvgStringRefBase@D$0A@@@AAH2@Z

?AvgPrintSysCPV@@YGHPBDPAD@Z

?AvgPrintSysCPV@@YGHPB_WPAD@Z

?AvgPrintV@@YGHPBDPAD@Z

?AvgPrintV@@YGHPB_WPAD@Z

?AvgReverseBits@@YGKK@Z

?AvgTimeStructApplyDifference@@YGHAAUAvgTimeStruct@@_J@Z

?AvgToASCIILower@@YGDD@Z

?AvgToASCIILower@@YG_W_W@Z

?AvgToASCIIUpper@@YGDD@Z

?AvgToASCIIUpper@@YG_W_W@Z

?AvgToLower@@YG_W_W@Z

?AvgToUpper@@YG_W_W@Z

?AvgTrimString@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WI@Z

?AvgTrimString@@YGHPADIPBDPAII@Z

?AvgTrimString@@YGHPA_WIPB_WPAII@Z

?AvgTrimStringLeft@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WI@Z

?AvgTrimStringLeft@@YGHPADIPBDPAII@Z

?AvgTrimStringLeft@@YGHPA_WIPB_WPAII@Z

?AvgTrimStringRight@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WI@Z

?AvgTrimStringRight@@YGHPADIPBDPAII@Z

?AvgTrimStringRight@@YGHPA_WIPB_WPAII@Z

?AvgUpperASCIIString@@YGXPADI@Z

?AvgUpperASCIIString@@YGXPA_WI@Z

?AvgUpperString@@YGHW4AvgCodePage@@AAU_AVG_UTF16CHAR_STR@@PB_WI@Z

?AvgUpperString@@YGHW4AvgCodePage@@PA_WIPB_WPAII@Z

?AvgWinConstructDllSearchPath@@YGHAAVAvgUtf16CharHeapBuffer@@@Z

?AvgWinConstructDllSearchPath@@YGHAAVAvgUtf16CharHeapBuffer@@ABU?$AvgStringRefBase@_W$0A@@@@Z

?AvgWinConstructDllSearchPath@@YGHAAVAvgUtf16CharHeapBuffer@@PB_W1@Z

?AvgWinCopyFileImpl@AvgBasFs@@YGHPB_W0W4FileOverwriteParamters@1@_N@Z

?AvgWinCreateImpersonationToken@@YGHAAPAXPAXKW4_SECURITY_IMPERSONATION_LEVEL@@_N3@Z

?AvgWinFindClose@@YGHPAX@Z

?AvgWinFindFirstFile@@YGHPAPAXPB_WPAXI@Z

?AvgWinFindNextFile@@YGHPAXPAU_AvgWinFindDataW@@@Z

?AvgWinGetConsoleOutputHandle@@YGHPAPAXW4AvgWinConsoleOutput@@@Z

?AvgWinGetLastError@@YGKXZ

?AvgWinGetTickCount64@@YG_KXZ

?AvgWinGetVolumeSupport@@YGHPAXKAA_N@Z

?AvgWinIsHandleValid@@YG_NPAX@Z

?AvgWinIsNtFilePath@@YG_NPB_WI@Z

?AvgWinIsProcessBeingDebugged@@YG_NXZ

?AvgWinNtUnicodeString2TString@@YGHABU_UNICODE_STRING@@AAVAvgUtf16CharHeapBuffer@@@Z

?AvgWinSetFileCompression@@YGHPAX_N@Z

?AvgWinSetFileCompression@@YGHPB_W_N@Z

?AvgWinSetLastError@@YGXK@Z

?AvgWinZwCreateFile@@YGHPB_WPAPAXKPAU_IO_STATUS_BLOCK@@PAT_LARGE_INTEGER@@KKKKPAXK4@Z

?AvgWinZwOpenFile@@YGHPB_WPAPAXKPAU_IO_STATUS_BLOCK@@KK@Z

?ChangeExtension@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_W1IIPAI@Z

?CheckUserAdminRights@AvgEnvironment@@YGHAA_N_N@Z

?CheckUserAdminRights@AvgEnvironment@@YGHKAA_N_N@Z

?CheckUserAdminRights@detail@@YGHPAXAA_N_N@Z

?Cleanup@AvgBasThread@@MAGXXZ

?CleanupTlsDataForThread@detail@@YGXXZ

?Clear@AvgBackgroundProcessGuard@@QAGXXZ

?Clear@AvgBackgroundThreadGuard@@QAGXXZ

?Clear@AvgMbCharHeapBuffer@@QAGXXZ

?Clear@AvgPeVersionInfo@@QAGXXZ

?Clear@AvgThreadImpersonationGuard@@QAGXXZ

?Clear@AvgUtf16CharHeapBuffer@@QAGXXZ

?Clear@AvgWinSecurityDescriptor@@QAGXXZ

?ClearDacl@AvgWinSecurityDescriptor@@QAGXXZ

?ClearGroup@AvgWinSecurityDescriptor@@QAGXXZ

?ClearMandatoryLabel@AvgWinSecurityDescriptor@@QAGXXZ

?ClearOwner@AvgWinSecurityDescriptor@@QAGXXZ

?ClearSacl@AvgWinSecurityDescriptor@@QAGXXZ

?ClearSecurityAttributes@AvgWinSecurityDescriptor@@QAGXXZ

?ClearStopRequest@AvgBasThread@@QAGHXZ

?CloneImpl@AvgWinSecurityDescriptor@@MBEHAAPAVAvgSecurityCtx@@@Z

?Close@AvgBasWinLockFile@@QAGHXZ

Sections

.text
Size: 635KB - Virtual size: 634KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

avgtranx.dll

.dll windows:5 windows x86 arch:x86

1e6978ba7902644a29f3f66dfff56ead

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

Extended Key Usages

ExtKeyUsageServerAuth

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

49:84:48:9d:ec:62:00:de:ce:ad:93:d4:73:2c:ab:ca
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2012, 00:00

Not After

05/01/2015, 23:59

Subject

CN=AVG Technologies CZ\, s.r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AVG Technologies CZ\, s.r.o.,L=Brno,ST=Jihomoravsky kraj,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

f7:c4:17:b3:97:c0:c1:70:99:b9:16:3d:3f:8c:c2:81:6c:8f:9f:83
Signer

Actual PE Digest

f7:c4:17:b3:97:c0:c1:70:99:b9:16:3d:3f:8c:c2:81:6c:8f:9f:83

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

d:\nightly\sandbox_avg_vc10_SmallUpdate2013-04_Beta\source\build\avg_client_ru_dls_win32_vs100\bin\Release_Unicode_DLS_vs100\Win32\avgtranx.pdb

Imports

kernel32

SetLastError

DecodePointer

InterlockedExchange

GetSystemTimeAsFileTime

GetCurrentProcessId

GetCurrentThreadId

GetTickCount

QueryPerformanceCounter

IsDebuggerPresent

SetUnhandledExceptionFilter

UnhandledExceptionFilter

GetCurrentProcess

TerminateProcess

InterlockedCompareExchange

Sleep

EncodePointer

ntdll

ZwSetEvent

ZwWaitForSingleObject

ZwCreateEvent

ZwClose

RtlNtStatusToDosError

RtlAllocateHeap

RtlReAllocateHeap

RtlFreeHeap

avgsysx

?GetMaxPathLength@AvgEnvironment@@YGHAAIPB_W@Z

?GetSpecialFolder@AvgEnvironment@@YGHW4SpecialFolder@1@AAV?$IAvgString@_W$0A@@@@Z

?Sleep@AvgBasThread@@SGHH@Z

?GetFileSize@Item@AvgBasFs@@QBG_JXZ

??1Item@AvgBasFs@@QAE@XZ

?AvgConvertString2Number@@YGHAAKPB_WIHPAPB_W@Z

?AvgConvertString2Number@@YGHAAGPB_WIHPAPB_W@Z

?AvgConvertNumber2String@@YGHPA_WIKHPAI@Z

?AvgConvertNumber2String@@YGHPA_WI_KHPAI@Z

?AvgConvertString2Number@@YGHAA_KPB_WIHPAPB_W@Z

?AvgFindSubStringFromRight@@YGPB_WPB_W0II@Z

?AvgCompareString@@YGHPB_W0II@Z

?AvgCompareStringNoCase@@YGHW4AvgCodePage@@PB_W1II@Z

?AvgConvertString2Number@@YGHAAHPB_WIHPAPB_W@Z

?GetFullPath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?GetDirectoryPathFromFilenamePath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?IsPathRooted@AvgBasPath@@YG_NPB_WI@Z

?GetFilename@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?AvgCreateErrorCodeFromWin32@@YGHW4_AvgErrorCodeSeverity@@K@Z

??0Item@AvgBasFs@@QAE@XZ

??1AvgSpinLockLocker@@QAE@XZ

??0AvgBasSharedLibraryLoader@@QAE@PB_W@Z

?AvgDestroySysMini@@YGXXZ

?AvgInitializeSysMini@@YGHXZ

?InitializeEnvironment@AvgEnvironment@@YGHXZ

?DestroyEnvironment@AvgEnvironment@@YGXXZ

?New@Impl@DirectoryEnumerator@AvgBasFs@@SGHAAPAU123@PB_W1V?$AvgFlags@W4DirectoryEnumerationFlagItems@AvgBasFs@@@@PAVAvgWinTransaction@@@Z

?Initialize@Item@AvgBasFs@@QAGHPBEIABU?$AvgStringRefBase@_W$0A@@@@Z

?Append@Impl@AvgBasXmlWriter@@QAGHPB_W0@Z

?WriteAttribute@Impl@AvgBasXmlWriter@@QAGHABU?$AvgStringRefBase@_W$0A@@@0@Z

?WriteEndAttribute@Impl@AvgBasXmlWriter@@QAGHXZ

?WriteStartAttribute@Impl@AvgBasXmlWriter@@QAGHABU?$AvgStringRefBase@_W$0A@@@@Z

?WriteEndElement@Impl@AvgBasXmlWriter@@QAGHXZ

?WriteStartElement@Impl@AvgBasXmlWriter@@QAGHABU?$AvgStringRefBase@_W$0A@@@@Z

?WriteXmlDecl@Impl@AvgBasXmlWriter@@QAGHABU?$AvgStringRefBase@_W$0A@@@@Z

?Flush@Impl@AvgBasXmlWriter@@QAGHXZ

?SetIndent@Impl@AvgBasXmlWriter@@QAGHABU?$AvgStringRefBase@_W$0A@@@@Z

?Delete@Impl@AvgBasXmlWriter@@SGXPAU12@@Z

?New@Impl@AvgBasXmlWriter@@SGPAU12@AAVIAvgStream@@@Z

?AvgBasXmlSaxParse@@YGHAAVIAvgStream@@AAUAvgBasXmlSaxHandlerBase@@@Z

??1AvgBasSharedLibraryLoader@@UAE@XZ

?Load@AvgBasSharedLibraryLoader@@QAGHPB_W@Z

?Unload@AvgBasSharedLibraryLoader@@UAGXXZ

?AttachTo@AvgBasSharedLibraryLoader@@QAGHPBDPCRAX@Z

??0AvgBasWinRegistryHandle@@QAE@W4AvgBasWinRegistryRootType@@@Z

??1AvgBasWinRegistryHandle@@QAE@XZ

?OpenKeyIfExists@AvgBasWinRegistryHandle@@QAGHABU?$AvgStringRefBase@_W$0A@@@@Z

?IsWow64ViewModeSupported@AvgBasWinRegistryHandle@@SG_NXZ

?SetViewMode@AvgBasWinRegistryHandle@@QAGHV?$AvgFlags@W4AvgBasWinRegistryViewModeValues@@@@@Z

?GetStringValue@AvgBasWinRegistryHandle@@QAGHAAV?$IAvgString@_W$0A@@@ABU?$AvgStringRefBase@_W$0A@@@@Z

?CloseKey@AvgBasWinRegistryHandle@@QAGXXZ

?AvgConvertMb2Utf16String@@YGHPA_WIPBDW4AvgCodePage@@PAII@Z

?AvgGetMb2Utf16StringSize@@YGHAAIPBDW4AvgCodePage@@I@Z

?AvgGetStringSizeInElements@@YGIPB_W@Z

?AvgGetStringSizeInElements@@YGIPBD@Z

??0AvgSpinLockLocker@@QAE@PAUAvgSpinLock@@_N@Z

msvcr100

memcpy

__clean_type_info_names_internal

_except_handler4_common

_crt_debugger_hook

__CppXcptFilter

_amsg_exit

_initterm_e

_initterm

_encoded_null

free

_malloc_crt

__CxxFrameHandler3

??2@YAPAXI@Z

_onexit

_lock

__dllonexit

_unlock

??3@YAXPAX@Z

_purecall

??_V@YAXPAX@Z

memmove

Exports

??0_Mutex@std@@QAE@W4_Uninitialized@1@@Z

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

GetAvgTran

IsLibraryLocked

Sections

.text
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

avgvvx.dll

.dll windows:5 windows x86 arch:x86

32cf23ea7cecee1722d1484d283eaac8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

Extended Key Usages

ExtKeyUsageServerAuth

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

49:84:48:9d:ec:62:00:de:ce:ad:93:d4:73:2c:ab:ca
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2012, 00:00

Not After

05/01/2015, 23:59

Subject

CN=AVG Technologies CZ\, s.r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AVG Technologies CZ\, s.r.o.,L=Brno,ST=Jihomoravsky kraj,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

df:ba:8a:7e:04:b0:db:63:75:c6:3a:18:7d:5a:f0:af:56:40:15:18
Signer

Actual PE Digest

df:ba:8a:7e:04:b0:db:63:75:c6:3a:18:7d:5a:f0:af:56:40:15:18

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

d:\nightly\sandbox_avg_vc10_AVG2013_SP1_Release\source\build\avg_client_ru_dls_win32_vs100\bin\Release_Unicode_DLS_vs100\Win32\avgvvx.pdb

Imports

kernel32

SetLastError

DisableThreadLibraryCalls

GetOverlappedResult

GetLastError

GetSystemTimeAsFileTime

GetCurrentProcessId

GetCurrentThreadId

GetTickCount

QueryPerformanceCounter

IsDebuggerPresent

SetUnhandledExceptionFilter

UnhandledExceptionFilter

GetCurrentProcess

TerminateProcess

InterlockedCompareExchange

Sleep

InterlockedExchange

DecodePointer

EncodePointer

WaitForMultipleObjectsEx

GetDiskFreeSpaceExW

QueryDosDeviceW

GetLogicalDrives

GetDriveTypeW

CloseHandle

CancelIo

DeviceIoControl

CreateFileW

ntdll

ZwOpenFile

ZwCreateFile

RtlFreeUnicodeString

ZwSetInformationFile

ZwOpenProcess

ZwClose

RtlNtStatusToDosError

ZwQueryInformationFile

RtlFreeHeap

RtlReAllocateHeap

RtlAllocateHeap

ZwOpenThreadToken

ZwQueryInformationToken

RtlCreateUnicodeString

ZwFsControlFile

ZwReadFile

RtlInitUnicodeString

ZwWaitForSingleObject

ZwDuplicateObject

ZwSetEvent

ZwCreateEvent

ZwCreateSection

ZwUnmapViewOfSection

ZwQuerySystemInformation

ZwFlushVirtualMemory

ZwMapViewOfSection

ZwCancelIoFile

ZwWriteFile

ZwFlushBuffersFile

avgsysx

?Create@AvgBasWinLockFile@@QAGHPB_W_N@Z

?AvgGetSystemTime@@YGHAA_K@Z

?AvgCompareString@@YGHPB_W0II@Z

?AvgCompareStringNoCase@@YGHW4AvgCodePage@@PB_W1II@Z

?CloseKey@AvgBasWinRegistryHandle@@QAGXXZ

?GetStringValue@AvgBasWinRegistryHandle@@QAGHAAV?$IAvgString@_W$0A@@@ABU?$AvgStringRefBase@_W$0A@@@@Z

?SetViewMode@AvgBasWinRegistryHandle@@QAGHV?$AvgFlags@W4AvgBasWinRegistryViewModeValues@@@@@Z

?IsWow64ViewModeSupported@AvgBasWinRegistryHandle@@SG_NXZ

?OpenKeyIfExists@AvgBasWinRegistryHandle@@QAGHABU?$AvgStringRefBase@_W$0A@@@@Z

??1AvgBasWinRegistryHandle@@QAE@XZ

??0AvgBasWinRegistryHandle@@QAE@W4AvgBasWinRegistryRootType@@@Z

?CreateLuid@AvgGuidUtils@@YGHAAU_AvgGuid@@@Z

?AttachTo@AvgBasSharedLibraryLoader@@QAGHPBDPCRAX@Z

?Unload@AvgBasSharedLibraryLoader@@UAGXXZ

?Load@AvgBasSharedLibraryLoader@@QAGHPB_W@Z

??1AvgBasSharedLibraryLoader@@UAE@XZ

??0AvgBasSharedLibraryLoader@@QAE@PB_W@Z

?GetMaxPathLength@AvgEnvironment@@YGHAAIPB_W@Z

?GetSpecialFolder@AvgEnvironment@@YGHW4SpecialFolder@1@AAV?$IAvgString@_W$0A@@@@Z

?Sleep@AvgBasThread@@SGHH@Z

?Assign@AvgUtf16CharHeapBuffer@@QAGHPB_WI@Z

??1AvgUtf16CharHeapBuffer@@QAE@XZ

??0AvgUtf16CharHeapBuffer@@QAE@XZ

?AvgFindSubStringFromRight@@YGPB_WPB_W0II@Z

?CreateDir@AvgBasFs@@YGHPB_WPAVAvgSecurityCtx@@@Z

?GetAttributes@AvgBasFs@@YGHAAVAttributes@1@PB_W@Z

?SetAttributes@AvgBasFs@@YGHABVAttributes@1@PB_W@Z

?IsSupported@AvgBasWinWow64FsRedirection@@QAG_NXZ

?Disable@AvgBasWinWow64FsRedirection@@QAGHXZ

??1AvgBasWinWow64FsRedirection@@QAE@XZ

??0AvgBasWinWow64FsRedirection@@QAE@XZ

??1AvgBasWinLockFile@@QAE@XZ

??0AvgBasWinLockFile@@QAE@XZ

?GetDescriptorFromObject@AvgWinSecurityDescriptor@@SGHAAV1@ABVAvgWinObject@@V?$AvgFlags@W4InformationValues@AvgWinSecurityDescriptor@@@@@Z

?Initialize@AvgWinSecurityDescriptor@@QAGHXZ

?GetInformationType@AvgWinSecurityDescriptor@@QBG?AV?$AvgFlags@W4InformationValues@AvgWinSecurityDescriptor@@@@XZ

?SplitRegistryPath@AvgBasWinRegistryHandle@@SGHAAW4AvgBasWinRegistryRootType@@AAV?$IAvgString@_W$0A@@@AA_N1ABU?$AvgStringRefBase@_W$0A@@@@Z

?EnablePrivilege@AvgBasWinRegistryHandle@@SGHW4AvgBasWinRegistryPrivilege@@_N@Z

?RestoreKey@AvgBasWinRegistryHandle@@QAGHABU?$AvgStringRefBase@_W$0A@@@PAV?$IAvgString@_W$0A@@@@Z

?ValueExists@AvgBasWinRegistryHandle@@QAG_NABU?$AvgStringRefBase@_W$0A@@@@Z

?SetValue@AvgBasWinRegistryHandle@@QAGHW4AvgBasWinRegistryValueType@@PBEIABU?$AvgStringRefBase@_W$0A@@@@Z

?KeyExists@AvgBasWinRegistryHandle@@QAG_NABU?$AvgStringRefBase@_W$0A@@@@Z

?OpenRegistryRoot@AvgBasWinRegistryHandle@@QAGHW4AvgBasWinRegistryRootType@@@Z

?SetParent@AvgBasWinRegistryHandle@@QAGXPAV1@@Z

?AvgPrintV@@YGHPB_WPAD@Z

?AddDaclAce@AvgWinSecurityDescriptor@@QAGHW4WellKnownSidType@AvgWinSecurityIdentifier@@HW4Type@AvgWinAce@@V?$AvgFlags@W4FlagsValues@AvgWinAce@@@@@Z

?AvgMemXor@@YGXPAEPBEI@Z

?Release@AvgBasCriticalSection@@QAGHXZ

?Acquire@AvgBasCriticalSection@@QAGHXZ

?Destroy@AvgBasCriticalSection@@QAGHXZ

?Create@AvgBasCriticalSection@@QAGHXZ

??1AvgBasCriticalSection@@QAE@XZ

??0AvgBasCriticalSection@@QAE@XZ

?AvgGenerateRandomBuffer@@YGXPAEI@Z

?GetCurrentProcessId@AvgProcess@@YGKXZ

?GetCurrentModuleHandle@AvgProcess@@YGPAXXZ

?IsWindowsVistaOrHigher@OsInfo@AvgEnvironment@@YG_NXZ

?Wait@AvgBasEvent@@QAGHH@Z

?Create@AvgBasEvent@@QAGHW4ResetType@1@_N@Z

?AvgCreateErrorCodeFromWin32@@YGHW4_AvgErrorCodeSeverity@@K@Z

?GetHandle@AvgBasWaitable@@IBGPAXXZ

?AvgCopyString@@YGHPA_WIPB_WI@Z

?AppendDescriptorToObject@AvgWinSecurity@@YGHAAVAvgWinSecurityDescriptor@@ABVAvgWinObject@@_N@Z

?GetDescriptorFromObject@AvgWinSecurity@@YGHAAVAvgWinSecurityDescriptor@@ABVAvgWinObject@@V?$AvgFlags@W4InformationValues@AvgWinSecurityDescriptor@@@@@Z

?GetAccessRights@AvgWinSecurityDescriptor@@QBGHW4WellKnownSidType@AvgWinSecurityIdentifier@@@Z

?AvgCreateErrorCodeFromWin32@@YGHK@Z

?GetValue@AvgUtf16CharHeapBuffer@@QBGPB_WXZ

?GetSize@AvgUtf16CharHeapBuffer@@QBGIXZ

?ConvertDosLetterToSymlink@AvgWinGlobalSymlinks@@QAGHAAVAvgUtf16CharHeapBuffer@@_W@Z

?Initialize@AvgWinGlobalSymlinks@@QAGHW4SymlinksType@1@@Z

?Acquire@AvgBasWinLockFile@@QAGHH@Z

??0AvgWinGlobalSymlinks@@QAE@XZ

?GetRandomTempFileNameSize@AvgBasPath@@YGIXZ

?GetRandomTempFileName@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PAI@Z

?GetFullPath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?Release@AvgBasWinLockFile@@QAGHXZ

?GetDirectoryPathFromFilenamePath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?GetPathRoot@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WPAI@Z

?IsPathRooted@AvgBasPath@@YG_NPB_WI@Z

?GetFilename@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?AvgBufferXor@@YGXPAEPBEI1I_J@Z

?AvgBasGetStackFrameModulePath@@YGHAAV?$IAvgString@_W$0A@@@ABUAvgBasStackFrameX86@@@Z

?AvgNtdll_RtlDosPathNameToNtPathName_T_EliminateDosDevice@@YGHPB_WPAU_UNICODE_STRING@@@Z

??0Item@AvgBasFs@@QAE@XZ

?GetString@AvgGuidUtils@@YGHABU_AvgGuid@@AAU_AVG_UTF16CHAR_STR@@@Z

??1AvgWinGlobalSymlinks@@QAE@XZ

?Add@AvgMiniHashMd5@@QAGXPBEI@Z

?Initialize@AvgMiniHashMd5@@QAGXXZ

??1AvgMiniHashMd5@@QAE@XZ

??0AvgMiniHashMd5@@QAE@XZ

??1AvgSpinLockLocker@@QAE@XZ

??0AvgSpinLockLocker@@QAE@PAUAvgSpinLock@@_N@Z

?AvgDestroySysMini@@YGXXZ

?AvgInitializeSysMini@@YGHXZ

?InitializeEnvironment@AvgEnvironment@@YGHXZ

?DestroyEnvironment@AvgEnvironment@@YGXXZ

?AvgNtdll_ZwOpenProcessToken@@YGJPAXKPAPAX@Z

?GetSDDLFormString@AvgWinSecurityIdentifier@@QBGHAAU_AVG_UTF16CHAR_STR@@PAI@Z

?Initialize@AvgWinSecurityIdentifier@@QAGHPAX@Z

?GetModuleDirectory@AvgModule@@YGHPAXAAU_AVG_UTF16CHAR_STR@@PAI@Z

?Reset@AvgBasEvent@@QAGHXZ

?Set@AvgBasEvent@@QAGHXZ

?AvgWinZwOpenFile@@YGHPB_WPAPAXKPAU_IO_STATUS_BLOCK@@KK@Z

?Destroy@AvgBasWaitable@@UAGHXZ

?GetSecurityDescriptor@AvgWinSecurityDescriptor@@QAGHAAPAX@Z

?GetForward@AvgBasWaitable@@IBGPAV1@XZ

?GetResourceType@AvgBasWaitable@@IBG?AW4AvgBasWaitableResourceType@@XZ

?New@Impl@DirectoryEnumerator@AvgBasFs@@SGHAAPAU123@PB_W1V?$AvgFlags@W4DirectoryEnumerationFlagItems@AvgBasFs@@@@PAVAvgWinTransaction@@@Z

?Initialize@Item@AvgBasFs@@QAGHPBEIABU?$AvgStringRefBase@_W$0A@@@@Z

?GetInternal@AvgUtf16CharHeapBuffer@@QAGAAU_AVG_UTF16CHAR_STR@@XZ

?ReserveElements@AvgUtf16CharHeapBuffer@@QAGHI@Z

?Resize@AvgUtf16CharHeapBuffer@@QAGHI@Z

?AvgGetTimestamp@@YGKXZ

?Release@AvgSpinLockLocker@@QAGXXZ

?GetTempDirPath@AvgBasPath@@YGHAAVAvgUtf16CharHeapBuffer@@@Z

?CombinePaths@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_W1IIPAI@Z

?Swap@AvgUtf16CharHeapBuffer@@QAGXAAV1@@Z

?AvgCopyString@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?ParseWinSecDes@AvgWinSecurityDescriptor@@KGHAAV1@PBXV?$AvgFlags@W4InformationValues@AvgWinSecurityDescriptor@@@@@Z

?ReleaseClonedObject@AvgWinSecurityDescriptor@@UAEXXZ

?ClearSecurityAttributes@AvgWinSecurityDescriptor@@QAGXXZ

?CloneImpl@AvgWinSecurityDescriptor@@MBEHAAPAVAvgSecurityCtx@@@Z

?GetBuffer@AvgUtf16CharHeapBuffer@@QAGPA_WXZ

?FreeResource@AvgBasWaitable@@IAGHXZ

?Get@AvgMiniHashCrc32@@QAGXAAK@Z

?Add@AvgMiniHashCrc32@@QAGXPBEI@Z

??1AvgMiniHashCrc32@@QAE@XZ

??0AvgMiniHashCrc32@@QAE@XZ

?Get@AvgMiniHashMd5@@QAGAAUHashType@1@XZ

?IsInitialized@AvgBasWinLockFile@@QBG_NXZ

?AvgFormatStringV@@YGHW4AvgCodePage@@PA_WIPB_WPAIPAD@Z

??1Item@AvgBasFs@@QAE@XZ

?GetFullName@Item@AvgBasFs@@QBGHABU?$AvgMutableStringRefBase@_W$0A@@@@Z

?Delete@AvgBasFs@@YGHPB_WV?$AvgFlags@W4FileDeleteFlagItems@AvgBasFs@@@@@Z

?FileExists@AvgBasFs@@YGHPB_W@Z

?DirectoryExists@AvgBasFs@@YGHPB_W@Z

?GetFileSize@AvgBasFs@@YGHPB_WAA_J@Z

?Move@AvgBasFs@@YGHPB_W0W4FileOverwriteParamters@1@@Z

?AvgGetStringSizeInElements@@YGIPB_W@Z

?AvgGetStringSizeInElements@@YGIPBD@Z

?GetTempDirPath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PAI@Z

?Get@AvgMiniHashMd5@@QAGXAAUHashType@1@@Z

msvcr100

memcpy

memset

__clean_type_info_names_internal

?_type_info_dtor_internal_method@type_info@@QAEXXZ

_except_handler4_common

_crt_debugger_hook

?terminate@@YAXXZ

__CppXcptFilter

_amsg_exit

_initterm_e

_initterm

_encoded_null

_malloc_crt

__CxxFrameHandler3

_onexit

_lock

__dllonexit

_unlock

free

??2@YAPAXI@Z

??3@YAXPAX@Z

_purecall

??_V@YAXPAX@Z

memmove

_CxxThrowException

Exports

??0_Mutex@std@@QAE@W4_Uninitialized@1@@Z

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

GetAvgObject

GetLockCount

Sections

.text
Size: 269KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

avgwd.dll

.dll windows:5 windows x86 arch:x86

bb6492af6a7bb68f140c048275af9172

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

Extended Key Usages

ExtKeyUsageServerAuth

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

26:6d:33:3e:de:17:a8:b4:72:05:3e:4f:a3:93:45:72
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

22/10/2014, 00:00

Not After

20/01/2018, 23:59

Subject

CN=AVG Technologies CZ\, s.r.o.,O=AVG Technologies CZ\, s.r.o.,L=Brno,ST=Jihomoravsky kraj,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

9e:62:31:aa:da:95:1e:7f:d5:eb:a2:04:21:2c:f0:f9:76:02:61:11
Signer

Actual PE Digest

9e:62:31:aa:da:95:1e:7f:d5:eb:a2:04:21:2c:f0:f9:76:02:61:11

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

d:\nightly\sandbox_avg_vc10_HotFix2013-21\source\build\avg_client_ru_dls_win32_vs100\bin\Release_Unicode_DLS_vs100\Win32\avgwd.pdb

Imports

avgsysx

?Set@AvgBasEvent@@QAGHXZ

?Wait@AvgBasEvent@@QAGHH@Z

?Create@AvgBasEvent@@QAGHW4ResetType@1@_N@Z

?AvgGetStringSizeInElements@@YGIPBD@Z

?AvgGetStringSizeInElements@@YGIPB_W@Z

?AvgGetTimestamp@@YGKXZ

?AvgMemXor@@YGXPAEPBEI@Z

?AvgCreateErrorCodeFromWin32@@YGHK@Z

??0AvgTimeStruct@@QAE@XZ

?InitiateWindowsShutdown@AvgBasWinShutdownManager@@SGHPB_WHW4Reason@1@V?$AvgFlags@W4Option@AvgBasWinShutdownManager@@@@@Z

?DirectoryExists@AvgBasFs@@YGHPB_W@Z

?AvgGetMb2Utf16StringSize@@YGHAAIPBDW4AvgCodePage@@I@Z

?AvgConvertMb2Utf16String@@YGHPA_WIPBDW4AvgCodePage@@PAII@Z

?AvgFormatStringV@@YGHW4AvgCodePage@@PA_WIPB_WPAIPAD@Z

?Destroy@AvgBasWaitable@@UAGHXZ

?AvgGetLocalTime@@YGHAAUAvgTimeStruct@@@Z

??1AvgBasWinLockFile@@QAE@XZ

??0AvgBasWinLockFile@@QAE@XZ

?Release@AvgBasCriticalSection@@QAGHXZ

?Acquire@AvgBasCriticalSection@@QAGHXZ

?Destroy@AvgBasCriticalSection@@QAGHXZ

?Create@AvgBasCriticalSection@@QAGHXZ

??1AvgBasCriticalSection@@QAE@XZ

??0AvgBasCriticalSection@@QAE@XZ

?AvgGetSystemTime@@YGHAA_K@Z

?AvgCompareString@@YGHPB_W0II@Z

?AvgPrintV@@YGHPB_WPAD@Z

?Open@AvgBasWinProcess@@QAGHKK@Z

??0AvgBasWinProcess@@QAE@XZ

?AvgGenerateRandomBuffer@@YGXPAEI@Z

?AddEveryoneLowIntegrity@AvgWinSecurityDescriptor@@SGHAAV1@@Z

?AddDaclAce@AvgWinSecurityDescriptor@@QAGHW4WellKnownSidType@AvgWinSecurityIdentifier@@HW4Type@AvgWinAce@@V?$AvgFlags@W4FlagsValues@AvgWinAce@@@@@Z

??0AvgWinSecurityDescriptor@@QAE@XZ

?AvgFindSubString@@YGPB_WPB_W0II@Z

?CloseKey@AvgBasWinRegistryHandle@@QAGXXZ

?DeleteValue@AvgBasWinRegistryHandle@@QAGHABU?$AvgStringRefBase@_W$0A@@@@Z

?GetStringValue@AvgBasWinRegistryHandle@@QAGHAAV?$IAvgString@_W$0A@@@ABU?$AvgStringRefBase@_W$0A@@@@Z

?SetViewMode@AvgBasWinRegistryHandle@@QAGHV?$AvgFlags@W4AvgBasWinRegistryViewModeValues@@@@@Z

?IsWow64ViewModeSupported@AvgBasWinRegistryHandle@@SG_NXZ

?OpenKeyIfExists@AvgBasWinRegistryHandle@@QAGHABU?$AvgStringRefBase@_W$0A@@@@Z

??1AvgBasWinRegistryHandle@@QAE@XZ

??0AvgBasWinRegistryHandle@@QAE@W4AvgBasWinRegistryRootType@@@Z

?Parse@AvgGuidUtils@@YGHAAU_AvgGuid@@PB_W@Z

?AttachTo@AvgBasSharedLibraryLoader@@QAGHPBDPCRAX@Z

?Unload@AvgBasSharedLibraryLoader@@UAGXXZ

?Load@AvgBasSharedLibraryLoader@@QAGHPB_W@Z

??1AvgBasSharedLibraryLoader@@UAE@XZ

??0AvgBasSharedLibraryLoader@@QAE@PB_W@Z

?GetMaxPathLength@AvgEnvironment@@YGHAAIPB_W@Z

?GetOsInfoData@AvgEnvironment@@YGABUOsInfoData@1@XZ

?GetSpecialFolder@AvgEnvironment@@YGHW4SpecialFolder@1@AAV?$IAvgString@_W$0A@@@@Z

?WaitForThreadToStop@AvgBasThread@@QAGHH@Z

?IsStopRequested@AvgBasThread@@QAG_NXZ

?ClearStopRequest@AvgBasThread@@QAGHXZ

?SetStopRequest@AvgBasThread@@QAGHXZ

?AvgConvertNumber2String@@YGHPA_WIHHPAI@Z

?GetUserByProcessId@AvgEnvironment@@YGHAAV?$IAvgString@_W$0A@@@K@Z

?CreateLuid@AvgGuidUtils@@YGHAAU_AvgGuid@@@Z

?IsInitialized@AvgBasCriticalSection@@QBG_NXZ

?AvgParseTimeStructure@@YGHAAUAvgTimeStruct@@W4AvgTimeFormatType@@ABU?$AvgStringRefBase@_W$0A@@@@Z

??0AvgBasWinLockFileHolder@@QAE@PAVAvgBasWinLockFile@@H@Z

??1AvgBasWinLockFileHolder@@QAE@XZ

?Lock@AvgBasWinLockFileHolder@@QAGHPAVAvgBasWinLockFile@@H@Z

?GetComputername@AvgEnvironment@@YGHAAV?$IAvgString@_W$0A@@@@Z

?GetUserDomainName@AvgEnvironment@@YGHAAV?$IAvgString@_W$0A@@@@Z

?GetUsername@AvgEnvironment@@YGHAAV?$IAvgString@_W$0A@@@@Z

?Create@AvgBasWinLockFile@@QAGHPB_W_N@Z

?IsInitialized@AvgBasWinLockFile@@QBG_NXZ

?GetCurrentModuleHandle@AvgProcess@@YGPAXXZ

?CreateGuid@AvgGuidUtils@@YGHAAU_AvgGuid@@@Z

?Assign@AvgGuidUtils@@YGXAAU_AvgGuid@@ABU2@@Z

?Assign@AvgGuidUtils@@YGXAAU_AvgGuid@@KGGEEEEEEEE@Z

?DeleteFiles@AvgBasFs@@YGHPB_W0PAI@Z

?Reset@AvgMiniHashCrc32@@QAGXK@Z

?AvgConvertAvgTimeToStruct@@YGHAAUAvgTimeStruct@@_K@Z

?AvgCompareSubStringNoCase@@YGHW4AvgCodePage@@PB_W1III@Z

?AvgGetMb2MbStringSize@@YGHAAIPBDW4AvgCodePage@@2I@Z

?SetParent@AvgBasWinRegistryHandle@@QAGHW4AvgBasWinRegistryRootType@@@Z

?SetValue@AvgBasWinRegistryHandle@@QAGHW4AvgBasWinRegistryValueType@@PBEIABU?$AvgStringRefBase@_W$0A@@@@Z

?QueryValue@AvgBasWinRegistryHandle@@QAGHAAW4AvgBasWinRegistryValueType@@AAV?$IAvgBuffer@E@@ABU?$AvgStringRefBase@_W$0A@@@@Z

?ValueExists@AvgBasWinRegistryHandle@@QAG_NABU?$AvgStringRefBase@_W$0A@@@@Z

?AvgConvertT2MbString@@YGHPADIPB_WW4AvgCodePage@@PAII@Z

?AvgConvertMb2MbString@@YGHPADIPBDW4AvgCodePage@@2PAII@Z

?AvgConvertMb2TString@@YGHPA_WIPBDW4AvgCodePage@@PAII@Z

?GetThreadExitCode@AvgBasThread@@QAGHAAH@Z

?AvgCreateErrorCodeFromWin32@@YGHW4_AvgErrorCodeSeverity@@K@Z

?Hash@AvgMiniSuperFastHash@@SGKPBE0K@Z

??1Item@AvgBasFs@@QAE@XZ

?GetName@Item@AvgBasFs@@QBGPB_WXZ

?GetFullName@Item@AvgBasFs@@QBGHABU?$AvgMutableStringRefBase@_W$0A@@@@Z

?Open@AvgBasWinEvent@@QAGHPB_WW4AvgBasWinSyncObjectNameSpace@@W4AvgWinEventRights@@@Z

?AttachForward@AvgBasWaitable@@IAGXPAV1@@Z

?Copy@AvgBasFs@@YGHPB_W0W4FileOverwriteParamters@1@@Z

?DeleteDir@AvgBasFs@@YGHPB_W_N@Z

?CreateDir@AvgBasFs@@YGHPB_W_NPAVAvgSecurityCtx@@@Z

?GetSessionIdForProcess@AvgEnvironment@@YGHAAKK@Z

?AvgFindSubStringFromRight@@YGPB_WPB_W0II@Z

?AvgConvertNumber2String@@YGHPA_WIKHPAI@Z

?IsWindows8OrHigher@OsInfo@AvgEnvironment@@YG_NXZ

?AvgGetLocalTime@@YGHAA_K@Z

?EnumValues@AvgBasWinRegistryHandle@@QAGHAAV?$IAvgBackInserter@V?$IAvgString@_W$0A@@@@@@Z

?GetDWordValue@AvgBasWinRegistryHandle@@QAGHAAKABU?$AvgStringRefBase@_W$0A@@@@Z

?GetQWordValue@AvgBasWinRegistryHandle@@QAGHAA_KABU?$AvgStringRefBase@_W$0A@@@@Z

?Assign@AvgGuidUtils@@YGXAAU_AvgGuid@@QBE@Z

?IsInitialized@AvgBasWaitable@@QBG_NXZ

?GetFileWriteTime@AvgBasFs@@YGHPB_WAA_K@Z

?IsWindowsVista@OsInfo@AvgEnvironment@@YG_NXZ

?AvgConvertUtf162MbString@@YGHPADIPB_WW4AvgCodePage@@PAII@Z

?AvgConvertString2Number@@YGHAAKPB_WIHPAPB_W@Z

?AvgConvertStructToAvgTime@@YGHAA_KABUAvgTimeStruct@@@Z

?AvgGetSystemTime@@YGHAAUAvgTimeStruct@@@Z

?AvgGetUtf162MbStringSize@@YGHAAIPB_WW4AvgCodePage@@I@Z

?AddDaclAce@AvgWinSecurityDescriptor@@QAGHABVAvgWinAce@@@Z

?Initialize@AvgWinSecurityIdentifier@@QAGHW4WellKnownSidType@1@PBV1@@Z

?GetCurrentProcessId@AvgProcess@@YGKXZ

??0AvgTimeStruct@@QAE@GW4AvgMonth@@GW4AvgDayOfWeek@@GGGGGG@Z

?AvgConvertString2Number@@YGHAAGPB_WIHPAPB_W@Z

?GetFileVersion@AvgPeVersionInfo@@SGHABU?$AvgStringzRefBase@_W$0A@@@AA_K@Z

?UnloadSharedLibraries@AvgBasObjectFactoryImpl@detail@@QAGX_N@Z

?GetAvgObject@AvgBasObjectFactoryImpl@detail@@QAGHABU_AvgGuid@@PAPAX@Z

?SetProgramPath@AvgBasObjectFactoryImpl@detail@@QAGHPB_W@Z

?Initialize@AvgBasObjectFactoryImpl@detail@@QAGHPBUAvgBasObjectFactoryMapping@@I@Z

??1AvgBasObjectFactoryImpl@detail@@QAE@XZ

??0AvgBasObjectFactoryImpl@detail@@QAE@XZ

?AvgConvertAvgTimeToTimeT@@YGHAA_J_K@Z

??1AvgMiniHashSha1@@QAE@XZ

??0AvgMiniHashSha1@@QAE@XZ

??1AvgMiniHashMd5@@QAE@XZ

??0AvgMiniHashMd5@@QAE@XZ

??1AvgMiniHashSha256@@QAE@XZ

??0AvgMiniHashSha256@@QAE@XZ

?AvgNtdll_RtlDosPathNameToNtPathName_T_EliminateDosDevice@@YGHPB_WPAU_UNICODE_STRING@@@Z

?IsNtfsVolume@AvgBasFs@@YGHPB_WAA_N_N@Z

?AvgWinGetLastError@@YGKXZ

?Get@AvgMiniHashSha256@@QAGXAAUHashType@1@@Z

?Add@AvgMiniHashSha256@@QAGHPBEI@Z

?Initialize@AvgMiniHashSha256@@QAGXXZ

?Initialize@AvgWinMandatoryLabel@@QAGHW4Label@1@V?$AvgFlags@W4FlagsValues@AvgWinMandatoryLabel@@@@@Z

?Assign@AvgUtf16CharHeapBuffer@@QAGHPB_WI@Z

??1AvgUtf16CharHeapBuffer@@QAE@XZ

??0AvgUtf16CharHeapBuffer@@QAE@XZ

?AppendDescriptorToObject@AvgWinSecurity@@YGHAAVAvgWinSecurityDescriptor@@ABVAvgWinObject@@_N@Z

?GetFileCreationTime@AvgBasFs@@YGHPB_WAA_K@Z

?GetAttributes@Item@AvgBasFs@@QBGABVAttributes@2@XZ

?GetFileSize@Item@AvgBasFs@@QBG_JXZ

?AvgConvertT2Utf16String@@YGHPA_WIPB_WPAII@Z

?GetId@AvgFileIdUtils@@YGHAAUAvgFileId@@PB_W@Z

?AvgLowerString@@YGHW4AvgCodePage@@PA_WIPB_WPAII@Z

?Initialize@AvgWinSecurityDescriptor@@QAGHXZ

?EnablePrivilege@AvgBasWinRegistryHandle@@SGHW4AvgBasWinRegistryPrivilege@@_N@Z

?UnLoadKey@AvgBasWinRegistryHandle@@QAGHABU?$AvgStringRefBase@_W$0A@@@@Z

?LoadKey@AvgBasWinRegistryHandle@@QAGHABU?$AvgStringRefBase@_W$0A@@@0@Z

?Get@AvgMiniHashMd5@@QAGAAUHashType@1@XZ

?Add@AvgMiniHashMd5@@QAGXPBEI@Z

?Initialize@AvgMiniHashMd5@@QAGXXZ

?GetHandle@AvgBasWaitable@@IBGPAXXZ

?OpenOrCreateKey@AvgBasWinRegistryHandle@@QAGHABU?$AvgStringRefBase@_W$0A@@@@Z

?AvgCopyString@@YGHPA_WIPB_WI@Z

?AttachHandle@AvgBasWaitable@@IAGXPAX@Z

?GetValue@AvgUtf16CharHeapBuffer@@QBGPB_WXZ

?GetSize@AvgUtf16CharHeapBuffer@@QBGIXZ

?ConvertDosLetterToSymlink@AvgWinGlobalSymlinks@@QAGHAAVAvgUtf16CharHeapBuffer@@_W@Z

?Initialize@AvgWinGlobalSymlinks@@QAGHW4SymlinksType@1@@Z

??1AvgWinGlobalSymlinks@@QAE@XZ

??0AvgWinGlobalSymlinks@@QAE@XZ

?AvgBufferXor@@YGXPAEPBEI1I_J@Z

?GetNormalizedPath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?GetRandomTempFileNameSize@AvgBasPath@@YGIXZ

?GetRandomTempFileName@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PAI@Z

?GetFullPath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?GetTempDirPath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PAI@Z

?GetDirectoryPathFromFilenamePath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?GetRandomName@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PAI@Z

?GetRandomNameSize@AvgBasPath@@YGIXZ

?IsPathRooted@AvgBasPath@@YG_NPB_WI@Z

?GetFilename@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?Reset@AvgBasEvent@@QAGHXZ

??1AvgSpinLockLocker@@QAE@XZ

??0AvgSpinLockLocker@@QAE@PAUAvgSpinLock@@_N@Z

?AvgDestroySysMini@@YGXXZ

?AvgInitializeSysMini@@YGHXZ

?InitializeEnvironment@AvgEnvironment@@YGHXZ

?DestroyEnvironment@AvgEnvironment@@YGXXZ

?AvgBasGetStackFrameModulePath@@YGHAAV?$IAvgString@_W$0A@@@ABUAvgBasStackFrameX86@@@Z

?ConvertNtPathToDosPath@AvgWinGlobalSymlinks@@QAGHAAVAvgUtf16CharHeapBuffer@@PB_WI@Z

?IsWindowsXPOrHigher@OsInfo@AvgEnvironment@@YG_NXZ

?GetForward@AvgBasWaitable@@IBGPAV1@XZ

?GetResourceType@AvgBasWaitable@@IBG?AW4AvgBasWaitableResourceType@@XZ

?AvgWinZwOpenFile@@YGHPB_WPAPAXKPAU_IO_STATUS_BLOCK@@KK@Z

?Release@AvgBasMutex@@QAGHXZ

?Acquire@AvgBasMutex@@QAGHH@Z

?Create@AvgBasMutex@@QAGH_N@Z

?GetSecurityDescriptor@AvgWinSecurityDescriptor@@QAGHAAPAX@Z

?GetChanges@Impl@AvgBasFsWatcher@@QAGHAAV?$IAvgBackInserter@UAvgBasFsWatcher_CrossChangeItem@@@@@Z

?Initialize@Impl@AvgBasFsWatcher@@QAGHABU?$AvgStringRefBase@_W$0A@@@_N0V?$AvgFlags@W4ChangeEvent@AvgBasFsWatcher@@@@IAAPAVAvgBasWaitable@@@Z

?Delete@Impl@AvgBasFsWatcher@@SGXPAU12@@Z

?New@Impl@AvgBasFsWatcher@@SGPAU12@XZ

?DetachResource@AvgBasWaitable@@IAGXXZ

?GetModuleDirectory@AvgModule@@YGHPAXAAU_AVG_UTF16CHAR_STR@@PAI@Z

?GetProcessName@AvgProcess@@YGHKAAU_AVG_UTF16CHAR_STR@@PAI@Z

?GetString@AvgGuidUtils@@YGHABU_AvgGuid@@AAU_AVG_UTF16CHAR_STR@@@Z

??0Item@AvgBasFs@@QAE@XZ

?GetInternal@AvgUtf16CharHeapBuffer@@QAGAAU_AVG_UTF16CHAR_STR@@XZ

?GetBuffer@AvgUtf16CharHeapBuffer@@QAGPA_WXZ

?IsEmpty@AvgUtf16CharHeapBuffer@@QBG_NXZ

?Clear@AvgUtf16CharHeapBuffer@@QAGXXZ

?ReserveElements@AvgUtf16CharHeapBuffer@@QAGHI@Z

?AvgWinConstructDllSearchPath@@YGHAAVAvgUtf16CharHeapBuffer@@ABU?$AvgStringRefBase@_W$0A@@@@Z

?GetChildrenEnumeratorImpl@AvgBasWinRegistryHandle@@AAGHAAPAV?$IAvgEnumerator@U?$AvgStringzRefBase@_W$0A@@@@@@Z

?KeyExists@AvgBasWinRegistryHandle@@QAG_NABU?$AvgStringRefBase@_W$0A@@@@Z

?AvgConvertLocalTimeToSystemTime@@YGHAAUAvgTimeStruct@@@Z

?Get@AvgMiniHashMd5@@QAGXAAUHashType@1@@Z

?Get@AvgMiniHashSha1@@QAG?AUHashType@1@XZ

?Add@AvgMiniHashSha1@@QAGHPBEI@Z

?Initialize@AvgMiniHashSha1@@QAGXXZ

?Get@AvgMiniHashSha256@@QAG?AUHashType@1@XZ

?InternalWait@AvgBasWaitable@@IAGHH@Z

?AvgUpperString@@YGHW4AvgCodePage@@PA_WIPB_WPAII@Z

?OpenRegistryRoot@AvgBasWinRegistryHandle@@QAGHW4AvgBasWinRegistryRootType@@@Z

??0AvgBasWinRegistryHandle@@QAE@PAV0@@Z

?WinExpandString@AvgEnvironment@@YGHAAV?$IAvgString@_W$0A@@@PB_WPAX@Z

?GetEnvironmentVar@AvgEnvironment@@YGHPB_WAAV?$IAvgString@_W$0A@@@@Z

?New@Impl@DirectoryEnumerator@AvgBasFs@@SGHAAPAU123@PB_W1V?$AvgFlags@W4DirectoryEnumerationFlagItems@AvgBasFs@@@@PAVAvgWinTransaction@@@Z

?Initialize@Item@AvgBasFs@@QAGHPBEIABU?$AvgStringRefBase@_W$0A@@@@Z

?Assign@AvgWinSecurityDescriptor@@QAGHABVAvgSecurityCtx@@@Z

?FreeResource@AvgBasWaitable@@IAGHXZ

?Swap@AvgUtf16CharHeapBuffer@@QAGXAAV1@@Z

?Resize@AvgUtf16CharHeapBuffer@@QAGHI@Z

?Release@AvgSpinLockLocker@@QAGXXZ

?GetTempDirPath@AvgBasPath@@YGHAAVAvgUtf16CharHeapBuffer@@@Z

?CombinePaths@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_W1IIPAI@Z

?AvgCopyString@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?GetCurrentSessionId@AvgEnvironment@@YGHAAK@Z

?GetCurrentThreadId@AvgBasThread@@SGKXZ

?StartSingleWatchingKeyChange@AvgBasWinRegistryHandle@@QAGHAAVAvgBasEvent@@_N@Z

?IsWindowsVistaOrHigher@OsInfo@AvgEnvironment@@YG_NXZ

?IsWindowsServer2k3@OsInfo@AvgEnvironment@@YG_NXZ

?IsWindowsXP@OsInfo@AvgEnvironment@@YG_NXZ

?StopThread@AvgBasThread@@QAGHH@Z

?GetThreadStopRequestEvent@AvgBasThread@@QAGAAVAvgBasEvent@@XZ

?IsWindows8_1@OsInfo@AvgEnvironment@@YG_NXZ

?IsWindows7@OsInfo@AvgEnvironment@@YG_NXZ

?IsWindows8@OsInfo@AvgEnvironment@@YG_NXZ

?CombinePaths@AvgBasPath@@YGHABU?$AvgMutableStringRefBase@_W$0A@@@ABU?$AvgStringRefBase@_W$0A@@@1@Z

?WaitForProcessToStop@AvgBasWinNativeProcess@@QAGHH@Z

?Create@AvgBasWinNativeProcess@@QAGHPB_W0_NPAVAvgSecurityCtx@@PAX10@Z

?GetProcessExitCode@AvgBasWinNativeProcess@@QAGHAAH@Z

?AssignStartupNotificationEvent@AvgBasWinNativeProcess@@QAGHPAVAvgStartupNotificationEvent@@@Z

?SetDWordValue@AvgBasWinRegistryHandle@@QAGHKABU?$AvgStringRefBase@_W$0A@@@_N@Z

?AvgCompareStringNoCase@@YGHW4AvgCodePage@@PB_W1II@Z

?GetProcessExitCode@AvgBasWinProcess@@QAGHAAH@Z

?AssignStartupNotificationEvent@AvgBasWinProcess@@QAGHPAVAvgStartupNotificationEvent@@@Z

?Wait@AvgStartupNotificationEvent@@QAGHH@Z

?AvgConvertString2Size@@YGHAAIPB_WIHPAPB_W@Z

??0AvgBasWinWow64FsRedirection@@QAE@XZ

??1AvgBasWinWow64FsRedirection@@QAE@XZ

?Disable@AvgBasWinWow64FsRedirection@@QAGHXZ

?IsSupported@AvgBasWinWow64FsRedirection@@QAG_NXZ

?Delete@AvgBasFs@@YGHPB_WV?$AvgFlags@W4FileDeleteFlagItems@AvgBasFs@@@@@Z

?FileExists@AvgBasFs@@YGHPB_W@Z

?Move@AvgBasFs@@YGHPB_W0W4FileOverwriteParamters@1@@Z

?CreateDir@AvgBasFs@@YGHPB_WPAVAvgSecurityCtx@@@Z

??0AvgMiniHashCrc32@@QAE@XZ

??1AvgMiniHashCrc32@@QAE@XZ

?Initialize@AvgMiniHashCrc32@@QAGXXZ

?Add@AvgMiniHashCrc32@@QAGXPBEI@Z

?Get@AvgMiniHashCrc32@@QAGKXZ

?Create@AvgBasWinProcess@@QAGHPB_W0PAVAvgSecurityCtx@@1W4CreationFlags@1@0@Z

?Cleanup@AvgBasThread@@MAGXXZ

?WaitForProcessToStop@AvgBasWinProcess@@QAGHH@Z

?Sleep@AvgBasThread@@SGHH@Z

?Initialize@AvgBasThread@@QAGHPAVAvgBasEvent@@@Z

?IsInitialized@AvgBasThread@@QBG_NXZ

?StartThread@AvgBasThread@@QAGHW4AvgPriority@@PAVAvgSecurityCtx@@V?$AvgFlags@W4ThreadFlag@AvgBasThread@@@@PBD@Z

?GetThreadState@AvgBasThread@@QAGHAAW4ThreadState@1@@Z

msvcr100

_close

_write

_lseek

strrchr

_sopen_s

strcpy_s

_read

remove

?what@exception@std@@UBEPBDXZ

sprintf_s

_stricmp

_vsnwprintf

realloc

malloc

??1exception@std@@UAE@XZ

??0exception@std@@QAE@ABQBD@Z

_errno

strncat_s

strchr

strcat_s

strncpy_s

_CxxThrowException

memset

??0exception@std@@QAE@ABV01@@Z

memcpy

?_type_info_dtor_internal_method@type_info@@QAEXXZ

_crt_debugger_hook

_except_handler4_common

__clean_type_info_names_internal

?terminate@@YAXXZ

__CxxFrameHandler3

_onexit

_lock

__dllonexit

_unlock

__CppXcptFilter

_amsg_exit

_initterm_e

_initterm

_encoded_null

free

_malloc_crt

??2@YAPAXI@Z

_purecall

??_V@YAXPAX@Z

memmove

??3@YAXPAX@Z

kernel32

UnhandledExceptionFilter

SetUnhandledExceptionFilter

IsDebuggerPresent

GetLastError

DisableThreadLibraryCalls

GetCurrentProcess

TerminateProcess

GetSystemTimeAsFileTime

GetCurrentThreadId

LocalFree

GetModuleHandleW

LocalFileTimeToFileTime

LoadLibraryA

SetFileAttributesA

CreateDirectoryA

SetFileTime

DosDateTimeToFileTime

GetTempPathA

GetFileInformationByHandle

FileTimeToLocalFileTime

GetProcAddress

GetFileAttributesA

LoadLibraryW

FreeLibrary

CreateFileA

FileTimeToDosDateTime

WaitForMultipleObjectsEx

GetDiskFreeSpaceExW

QueryDosDeviceW

GetLogicalDrives

OpenProcess

InterlockedDecrement

CancelIo

GetOverlappedResult

GetVolumeInformationW

FindFirstVolumeW

CloseHandle

DeviceIoControl

CreateFileW

ReadFile

FindNextVolumeW

SetErrorMode

GetDriveTypeW

FindVolumeClose

GetTickCount

QueryPerformanceCounter

InterlockedCompareExchange

Sleep

GetCurrentProcessId

EncodePointer

DecodePointer

InterlockedExchange

SetLastError

advapi32

QueryServiceStatusEx

StartServiceW

OpenServiceW

OpenSCManagerW

CloseServiceHandle

QueryServiceStatus

ControlService

QueryServiceLockStatusW

DuplicateTokenEx

CreateProcessAsUserW

OpenProcessToken

ole32

StringFromGUID2

CoInitializeEx

CoCreateInstance

CoInitialize

CoUninitialize

CoGetObject

ntdll

RtlInitUnicodeString

ZwWaitForSingleObject

ZwCreateFile

RtlNtStatusToDosError

ZwClose

ZwDeviceIoControlFile

ZwFsControlFile

RtlFreeUnicodeString

ZwQueryInformationProcess

ZwReadVirtualMemory

ZwQueryVirtualMemory

ZwOpenProcess

RtlFreeHeap

RtlReAllocateHeap

RtlAllocateHeap

RtlCreateUnicodeString

ZwReadFile

ZwCreateNamedPipeFile

ZwSetInformationFile

ZwSetInformationThread

ZwFlushBuffersFile

ZwOpenFile

ZwWriteFile

ZwQuerySystemInformation

ZwCreateSection

ZwUnmapViewOfSection

ZwFlushVirtualMemory

ZwMapViewOfSection

ZwSetEvent

ZwCancelIoFile

ZwQueryInformationFile

LdrUnloadDll

RtlInitAnsiString

LdrGetProcedureAddress

ZwCreateEvent

RtlOpenCurrentUser

NtClose

LdrLoadDll

avgntopensslx

ERR_free_strings

CRYPTO_cleanup_all_ex_data

RSA_size

BIO_new_mem_buf

ASN1_item_d2i_bio

OPENSSL_add_all_algorithms_noconf

X509_ALGOR_it

X509_PUBKEY_it

X509_PUBKEY_free

X509_PUBKEY_get

X509_NAME_print_ex

BIO_printf

BIO_new

BIO_s_mem

ASN1_INTEGER_get

X509_NAME_it

X509_NAME_free

EVP_DigestInit_ex

ASN1_BIT_STRING_free

ASN1_INTEGER_it

EVP_VerifyFinal

ASN1_INTEGER_free

ASN1_BIT_STRING_it

EVP_MD_CTX_cleanup

ERR_remove_state

EVP_cleanup

EVP_PKEY_free

EVP_md2

OBJ_nid2sn

RSA_public_encrypt

X509_ALGOR_free

OBJ_find_sigid_algs

CRYPTO_set_mem_functions

EVP_DigestFinal

EVP_DigestUpdate

EVP_PKEY_get1_RSA

EVP_MD_CTX_init

EVP_DigestInit

EVP_get_digestbyname

BIO_free

EVP_add_digest

CONF_modules_unload

X509_get_subject_name

X509_free

sk_num

d2i_X509

sk_value

X509_get_issuer_name

OBJ_obj2nid

msvcp100

?_Xlength_error@std@@YAXPBD@Z

?_Xout_of_range@std@@YAXPBD@Z

version

VerQueryValueW

GetFileVersionInfoW

GetFileVersionInfoSizeW

user32

GetDesktopWindow

oleaut32

VariantInit

VariantClear

SysFreeString

SysAllocString

Exports

GetAvgObject

GetLockCount

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 334KB - Virtual size: 334KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

avgwdsvc.exe

.exe windows:5 windows x86 arch:x86

39c446a9e4357da49f2491565c7b7041

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

Extended Key Usages

ExtKeyUsageServerAuth

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

49:84:48:9d:ec:62:00:de:ce:ad:93:d4:73:2c:ab:ca
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2012, 00:00

Not After

05/01/2015, 23:59

Subject

CN=AVG Technologies CZ\, s.r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AVG Technologies CZ\, s.r.o.,L=Brno,ST=Jihomoravsky kraj,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

8d:9b:50:e2:05:14:a7:6d:d1:27:1d:b4:74:3c:6e:f2:2a:86:4e:4a
Signer

Actual PE Digest

8d:9b:50:e2:05:14:a7:6d:d1:27:1d:b4:74:3c:6e:f2:2a:86:4e:4a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\nightly\sandbox_avg_vc10_SmallUpdate2013-06\source\build\avg_client_ru_dls_win32_vs100\bin\Release_Unicode_DLS_vs100\Win32\avgwdsvc.pdb

Imports

kernel32

GetLogicalDrives

QueryDosDeviceW

GetCurrentThreadId

CreateEventW

SetCurrentDirectoryW

GetLastError

GetModuleFileNameW

GetDiskFreeSpaceExW

GetSystemPowerStatus

GetSystemTimeAsFileTime

QueryPerformanceCounter

HeapSetInformation

InterlockedCompareExchange

Sleep

InterlockedExchange

DecodePointer

EncodePointer

GetVolumeInformationW

FindFirstVolumeW

FindNextVolumeW

GetDriveTypeW

FindVolumeClose

SetLastError

GetTickCount

CancelIo

DeviceIoControl

GetOverlappedResult

CreateFileW

WaitForMultipleObjects

CreateProcessW

GetCurrentProcessId

CloseHandle

SetUnhandledExceptionFilter

advapi32

StartServiceCtrlDispatcherW

SetServiceStatus

CloseServiceHandle

OpenSCManagerW

OpenServiceW

ChangeServiceConfig2W

RegisterServiceCtrlHandlerExW

ntdll

ZwWaitForSingleObject

RtlReAllocateHeap

RtlFreeHeap

RtlNtStatusToDosError

ZwQueryVirtualMemory

RtlAddVectoredExceptionHandler

RtlRemoveVectoredExceptionHandler

ZwWaitForMultipleObjects

ZwDuplicateObject

ZwSetEvent

ZwTerminateProcess

ZwFreeVirtualMemory

ZwAllocateVirtualMemory

RtlAcquirePebLock

RtlReleasePebLock

ZwClose

RtlInitUnicodeString

ZwCreateEvent

RtlCreateUserProcess

ZwResumeThread

RtlAllocateHeap

avgsysx

?GetDirectoryPathFromFilenamePath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?IsPathRooted@AvgBasPath@@YG_NPB_WI@Z

?GetValue@AvgUtf16CharHeapBuffer@@QBGPB_WXZ

?GetSize@AvgUtf16CharHeapBuffer@@QBGIXZ

??1AvgUtf16CharHeapBuffer@@QAE@XZ

??0AvgUtf16CharHeapBuffer@@QAE@XZ

?AvgBasGetStackFrameModulePath@@YGHAAV?$IAvgString@_W$0A@@@ABUAvgBasStackFrameX86@@@Z

?Initialize@AvgWinGlobalSymlinks@@QAGHW4SymlinksType@1@@Z

??1AvgWinGlobalSymlinks@@QAE@XZ

??0AvgWinGlobalSymlinks@@QAE@XZ

?AvgCompareStringNoCase@@YGHW4AvgCodePage@@PB_W1II@Z

?AvgConvertString2Number@@YGHAAHPB_WIHPAPB_W@Z

??1AvgSpinLockLocker@@QAE@XZ

??0AvgSpinLockLocker@@QAE@PAUAvgSpinLock@@_N@Z

?AvgDestroySysMini@@YGXXZ

?AvgInitializeSysMini@@YGHXZ

?InitializeEnvironment@AvgEnvironment@@YGHXZ

?DestroyEnvironment@AvgEnvironment@@YGXXZ

?Destroy@AvgBasWaitable@@UAGHXZ

?AvgKernel32IsFnLoaded_UnhandledExceptionFilter@@YG_NXZ

?AvgKernel32_SetUnhandledExceptionFilter@@YGP6GJPAU_EXCEPTION_POINTERS@@@ZP6GJ0@Z@Z

?AvgWinIsProcessBeingDebugged@@YG_NXZ

?AvgKernel32_UnhandledExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z

?FreeResource@AvgBasWaitable@@IAGHXZ

?Release@AvgBasCriticalSection@@QAGHXZ

?Acquire@AvgBasCriticalSection@@QAGHXZ

?Create@AvgBasCriticalSection@@QAGHXZ

??1AvgBasCriticalSection@@QAE@XZ

??0AvgBasCriticalSection@@QAE@XZ

?GetCurrentModuleHandle@AvgProcess@@YGPAXXZ

?Destroy@AvgBasCriticalSection@@QAGHXZ

?Assign@AvgGuidUtils@@YGXAAU_AvgGuid@@QBE@Z

?IsWow64Process@AvgProcess@@YGHKAA_N@Z

?IsWindowsVista@OsInfo@AvgEnvironment@@YG_NXZ

?Append@AvgUtf16CharHeapBuffer@@QAGH_W@Z

??AAvgUtf16CharHeapBuffer@@QAGAA_WI@Z

?IsEmpty@AvgUtf16CharHeapBuffer@@QBG_NXZ

?ConvertValueToSymlink@AvgWinGlobalSymlinks@@SGHAAVAvgUtf16CharHeapBuffer@@PB_W@Z

?ConvertSymlinkToValue@AvgWinGlobalSymlinks@@QAGHAAVAvgUtf16CharHeapBuffer@@W4SymlinksType@1@PB_WI@Z

?ConvertDosLetterToSymlink@AvgWinGlobalSymlinks@@QAGHAAVAvgUtf16CharHeapBuffer@@_W@Z

?Set@AvgBasEvent@@QAGHXZ

?AvgCopyString@@YGHPA_WIPB_WI@Z

?GetOsInfoData@AvgEnvironment@@YGABUOsInfoData@1@XZ

?GetHandle@AvgBasWaitable@@IBGPAXXZ

?AvgCreateErrorCodeFromWin32@@YGHW4_AvgErrorCodeSeverity@@K@Z

?Create@AvgBasEvent@@QAGHW4ResetType@1@_N@Z

?Wait@AvgBasEvent@@QAGHH@Z

??0AvgBasObjectFactoryImpl@detail@@QAE@XZ

??1AvgBasObjectFactoryImpl@detail@@QAE@XZ

?Initialize@AvgBasObjectFactoryImpl@detail@@QAGHPBUAvgBasObjectFactoryMapping@@I@Z

?SetProgramPath@AvgBasObjectFactoryImpl@detail@@QAGHPB_W@Z

?GetAvgObject@AvgBasObjectFactoryImpl@detail@@QAGHABU_AvgGuid@@PAPAX@Z

?UnloadSharedLibraries@AvgBasObjectFactoryImpl@detail@@QAGX_N@Z

?AvgKernel32ForceInitialize@@YGXXZ

?Sleep@AvgBasThread@@SGHH@Z

?GetSpecialFolder@AvgEnvironment@@YGHW4SpecialFolder@1@AAV?$IAvgString@_W$0A@@@@Z

?GetMaxPathLength@AvgEnvironment@@YGHAAIPB_W@Z

?IsWindowsVistaOrHigher@OsInfo@AvgEnvironment@@YG_NXZ

??0AvgBasSharedLibraryLoader@@QAE@PB_W@Z

??1AvgBasSharedLibraryLoader@@UAE@XZ

?Load@AvgBasSharedLibraryLoader@@QAGHPB_W@Z

?Unload@AvgBasSharedLibraryLoader@@UAGXXZ

?AttachTo@AvgBasSharedLibraryLoader@@QAGHPBDPCRAX@Z

??0AvgBasWinRegistryHandle@@QAE@W4AvgBasWinRegistryRootType@@@Z

??1AvgBasWinRegistryHandle@@QAE@XZ

?OpenKeyIfExists@AvgBasWinRegistryHandle@@QAGHABU?$AvgStringRefBase@_W$0A@@@@Z

?IsWow64ViewModeSupported@AvgBasWinRegistryHandle@@SG_NXZ

?SetViewMode@AvgBasWinRegistryHandle@@QAGHV?$AvgFlags@W4AvgBasWinRegistryViewModeValues@@@@@Z

?GetStringValue@AvgBasWinRegistryHandle@@QAGHAAV?$IAvgString@_W$0A@@@ABU?$AvgStringRefBase@_W$0A@@@@Z

?CloseKey@AvgBasWinRegistryHandle@@QAGXXZ

?AvgPrintV@@YGHPB_WPAD@Z

?AvgCompareString@@YGHPB_W0II@Z

?AvgFormatStringV@@YGHW4AvgCodePage@@PA_WIPB_WPAIPAD@Z

?DirectoryExists@AvgBasFs@@YGHPB_W@Z

?AvgFindSubStringFromRight@@YGPB_WPB_W0II@Z

?AvgCreateErrorCodeFromWin32@@YGHK@Z

?Create@AvgBasMutex@@QAGH_N@Z

?Acquire@AvgBasMutex@@QAGHH@Z

?Release@AvgBasMutex@@QAGHXZ

?AvgGetStringSizeInElements@@YGIPB_W@Z

?GetString@AvgGuidUtils@@YGHABU_AvgGuid@@AAU_AVG_UTF16CHAR_STR@@@Z

?GetModuleDirectory@AvgModule@@YGHPAXAAU_AVG_UTF16CHAR_STR@@PAI@Z

?GetTempDirPath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PAI@Z

?GetCurrentProcessId@AvgProcess@@YGKXZ

?GetFullPath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

msvcr100

memcpy

memset

_controlfp_s

?_type_info_dtor_internal_method@type_info@@QAEXXZ

_except_handler4_common

?terminate@@YAXXZ

__set_app_type

_fmode

_commode

__setusermatherr

_configthreadlocale

_initterm_e

_initterm

__winitenv

exit

_XcptFilter

_exit

_cexit

__wgetmainargs

_amsg_exit

__CxxFrameHandler3

_onexit

_lock

__dllonexit

_unlock

??2@YAPAXI@Z

getchar

swprintf_s

_set_invalid_parameter_handler

_invoke_watson

??3@YAXPAX@Z

_purecall

??_V@YAXPAX@Z

memmove

_CxxThrowException

user32

UnregisterDeviceNotification

RegisterDeviceNotificationW

MessageBoxW

Exports

??0_Mutex@std@@QAE@W4_Uninitialized@1@@Z

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

Sections

.text
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

avgwdwsc.dll

.dll windows:5 windows x86 arch:x86

6599e3145893ac5cdfad8da44da24def

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

Extended Key Usages

ExtKeyUsageServerAuth

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

49:84:48:9d:ec:62:00:de:ce:ad:93:d4:73:2c:ab:ca
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2012, 00:00

Not After

05/01/2015, 23:59

Subject

CN=AVG Technologies CZ\, s.r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AVG Technologies CZ\, s.r.o.,L=Brno,ST=Jihomoravsky kraj,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

2a:5f:e1:66:8b:9b:a5:99:69:81:de:04:96:8b:8b:84:d4:d6:45:63
Signer

Actual PE Digest

2a:5f:e1:66:8b:9b:a5:99:69:81:de:04:96:8b:8b:84:d4:d6:45:63

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

d:\nightly\sandbox_avg_vc10_SmallUpdate2013-06\source\build\avg_client_ru_dls_win32_vs100\bin\Release_Unicode_DLS_vs100\Win32\avgwdwsc.pdb

Imports

kernel32

DisableThreadLibraryCalls

SetLastError

GetLastError

EncodePointer

DecodePointer

GetSystemTimeAsFileTime

GetCurrentProcessId

GetCurrentThreadId

GetTickCount

QueryPerformanceCounter

IsDebuggerPresent

SetUnhandledExceptionFilter

UnhandledExceptionFilter

GetCurrentProcess

TerminateProcess

InterlockedCompareExchange

Sleep

InterlockedExchange

WaitForMultipleObjectsEx

advapi32

CloseServiceHandle

QueryServiceStatus

OpenServiceW

OpenSCManagerW

ole32

CoInitializeEx

CoInitialize

CLSIDFromString

StringFromGUID2

CoUninitialize

CoCreateInstance

CoInitializeSecurity

oleaut32

VariantInit

SafeArrayCreate

SysAllocString

VariantClear

SysFreeString

ntdll

RtlReAllocateHeap

RtlAllocateHeap

RtlNtStatusToDosError

ZwSetEvent

ZwWaitForSingleObject

ZwCreateEvent

ZwClose

RtlFreeHeap

avgsysx

?Destroy@AvgBasCriticalSection@@QAGHXZ

?Create@AvgBasCriticalSection@@QAGHXZ

??1AvgBasCriticalSection@@QAE@XZ

??0AvgBasCriticalSection@@QAE@XZ

?AvgCompareString@@YGHPB_W0II@Z

?AvgPrintV@@YGHPB_WPAD@Z

?CloseKey@AvgBasWinRegistryHandle@@QAGXXZ

?GetStringValue@AvgBasWinRegistryHandle@@QAGHAAV?$IAvgString@_W$0A@@@ABU?$AvgStringRefBase@_W$0A@@@@Z

?SetViewMode@AvgBasWinRegistryHandle@@QAGHV?$AvgFlags@W4AvgBasWinRegistryViewModeValues@@@@@Z

?IsWow64ViewModeSupported@AvgBasWinRegistryHandle@@SG_NXZ

?OpenKeyIfExists@AvgBasWinRegistryHandle@@QAGHABU?$AvgStringRefBase@_W$0A@@@@Z

??1AvgBasWinRegistryHandle@@QAE@XZ

??0AvgBasWinRegistryHandle@@QAE@W4AvgBasWinRegistryRootType@@@Z

?Unload@AvgBasSharedLibraryLoader@@UAGXXZ

?IsWindowsXP@OsInfo@AvgEnvironment@@YG_NXZ

?IsWindowsServer2k3OrHigher@OsInfo@AvgEnvironment@@YG_NXZ

?IsWindowsVista@OsInfo@AvgEnvironment@@YG_NXZ

?IsWindowsXPOrHigher@OsInfo@AvgEnvironment@@YG_NXZ

?IsWindows8OrHigher@OsInfo@AvgEnvironment@@YG_NXZ

?IsServerOs@OsInfo@AvgEnvironment@@YG_NXZ

?GetMaxPathLength@AvgEnvironment@@YGHAAIPB_W@Z

?GetOsInfoData@AvgEnvironment@@YGABUOsInfoData@1@XZ

?GetSpecialFolder@AvgEnvironment@@YGHW4SpecialFolder@1@AAV?$IAvgString@_W$0A@@@@Z

?WaitForThreadToStop@AvgBasThread@@QAGHH@Z

?IsStopRequested@AvgBasThread@@QAG_NXZ

?ClearStopRequest@AvgBasThread@@QAGHXZ

?SetStopRequest@AvgBasThread@@QAGHXZ

?GetThreadState@AvgBasThread@@QAGHAAW4ThreadState@1@@Z

?IsInitialized@AvgBasThread@@QBG_NXZ

?Initialize@AvgBasThread@@QAGHPAVAvgBasEvent@@@Z

?Sleep@AvgBasThread@@SGHH@Z

?IsWindows7OrHigher@OsInfo@AvgEnvironment@@YG_NXZ

?GetHandle@AvgBasWaitable@@IBGPAXXZ

?GetForward@AvgBasWaitable@@IBGPAV1@XZ

?GetResourceType@AvgBasWaitable@@IBG?AW4AvgBasWaitableResourceType@@XZ

?GetThreadExitCode@AvgBasThread@@QAGHAAH@Z

?GetFullPath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?GetTempDirPath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PAI@Z

?GetDirectoryPathFromFilenamePath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?IsPathRooted@AvgBasPath@@YG_NPB_WI@Z

?AvgCreateErrorCodeFromWin32@@YGHK@Z

??1AvgSpinLockLocker@@QAE@XZ

??0AvgSpinLockLocker@@QAE@PAUAvgSpinLock@@_N@Z

?AvgDestroySysMini@@YGXXZ

?AvgInitializeSysMini@@YGHXZ

?InitializeEnvironment@AvgEnvironment@@YGHXZ

?DestroyEnvironment@AvgEnvironment@@YGXXZ

?AvgCreateErrorCodeFromWin32@@YGHW4_AvgErrorCodeSeverity@@K@Z

?Acquire@AvgBasCriticalSection@@QAGHXZ

?AvgBasGetStackFrameModulePath@@YGHAAV?$IAvgString@_W$0A@@@ABUAvgBasStackFrameX86@@@Z

?AvgGetSystemTime@@YGHAA_K@Z

?Reset@AvgBasEvent@@QAGHXZ

?IsInitialized@AvgBasCriticalSection@@QBG_NXZ

?FreeResource@AvgBasWaitable@@IAGHXZ

?GetCurrentModuleHandle@AvgProcess@@YGPAXXZ

?Wait@AvgBasEvent@@QAGHH@Z

?Cleanup@AvgBasThread@@MAGXXZ

?StartThread@AvgBasThread@@QAGHW4AvgPriority@@PAVAvgSecurityCtx@@V?$AvgFlags@W4ThreadFlag@AvgBasThread@@@@PBD@Z

?StopThread@AvgBasThread@@QAGHH@Z

?GetThreadStopRequestEvent@AvgBasThread@@QAGAAVAvgBasEvent@@XZ

?IsWindowsVistaOrHigher@OsInfo@AvgEnvironment@@YG_NXZ

??0AvgBasSharedLibraryLoader@@QAE@PB_W@Z

??1AvgBasSharedLibraryLoader@@UAE@XZ

?Load@AvgBasSharedLibraryLoader@@QAGHPB_W@Z

?AttachTo@AvgBasSharedLibraryLoader@@QAGHPBDPCRAX@Z

?Destroy@AvgBasWaitable@@UAGHXZ

?AvgGetStringSizeInElements@@YGIPB_W@Z

?Create@AvgBasEvent@@QAGHW4ResetType@1@_N@Z

?Set@AvgBasEvent@@QAGHXZ

?GetModuleDirectory@AvgModule@@YGHPAXAAU_AVG_UTF16CHAR_STR@@PAI@Z

?Release@AvgBasCriticalSection@@QAGHXZ

?AvgFormatStringV@@YGHW4AvgCodePage@@PA_WIPB_WPAIPAD@Z

?DirectoryExists@AvgBasFs@@YGHPB_W@Z

msvcr100

memcpy

_CxxThrowException

__clean_type_info_names_internal

?_type_info_dtor_internal_method@type_info@@QAEXXZ

_except_handler4_common

_crt_debugger_hook

?terminate@@YAXXZ

__CppXcptFilter

_amsg_exit

_initterm_e

_initterm

_encoded_null

free

_malloc_crt

_onexit

_lock

__dllonexit

_unlock

__CxxFrameHandler3

??2@YAPAXI@Z

wcscpy_s

wcscat_s

calloc

_purecall

??_V@YAXPAX@Z

memmove

??3@YAXPAX@Z

memset

Exports

??0_Mutex@std@@QAE@W4_Uninitialized@1@@Z

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

GetAvgObject

GetLockCount

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

avgwsc.exe

.exe windows:5 windows x86 arch:x86

613a020a9c6cb66aa7347af7dfeef356

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

Extended Key Usages

ExtKeyUsageServerAuth

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

49:84:48:9d:ec:62:00:de:ce:ad:93:d4:73:2c:ab:ca
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2012, 00:00

Not After

05/01/2015, 23:59

Subject

CN=AVG Technologies CZ\, s.r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AVG Technologies CZ\, s.r.o.,L=Brno,ST=Jihomoravsky kraj,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

73:af:d9:22:53:95:20:62:56:03:f3:97:c4:93:7d:eb:5f:f9:ce:ed
Signer

Actual PE Digest

73:af:d9:22:53:95:20:62:56:03:f3:97:c4:93:7d:eb:5f:f9:ce:ed

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\nightly\sandbox_avg_vc10_SmallUpdate2013-04_Beta\source\build\avg_client_ru_dls_win32_vs100\bin\Release_Unicode_DLS_vs100\Win32\avgwsc.pdb

Imports

ntdll

ZwReadFile

RtlInitUnicodeString

ZwCreateNamedPipeFile

ZwSetInformationFile

RtlFreeUnicodeString

ZwSetInformationThread

ZwFlushBuffersFile

ZwOpenFile

ZwWriteFile

ZwCancelIoFile

ZwSetEvent

ZwWaitForSingleObject

ZwCreateEvent

RtlAllocateHeap

RtlReAllocateHeap

RtlFreeHeap

ZwClose

ZwFsControlFile

RtlCreateUnicodeString

RtlNtStatusToDosError

avgsysx

?GetTempDirPath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PAI@Z

?GetDirectoryPathFromFilenamePath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?GetRandomName@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PAI@Z

?GetRandomNameSize@AvgBasPath@@YGIXZ

?IsPathRooted@AvgBasPath@@YG_NPB_WI@Z

??1AvgSpinLockLocker@@QAE@XZ

??0AvgSpinLockLocker@@QAE@PAUAvgSpinLock@@_N@Z

?AvgDestroySysMini@@YGXXZ

?AvgInitializeSysMini@@YGHXZ

?InitializeEnvironment@AvgEnvironment@@YGHXZ

?DestroyEnvironment@AvgEnvironment@@YGXXZ

?AvgBasGetStackFrameModulePath@@YGHAAV?$IAvgString@_W$0A@@@ABUAvgBasStackFrameX86@@@Z

?AvgCompareStringNoCase@@YGHW4AvgCodePage@@PB_W1II@Z

?AvgConvertString2Number@@YGHAAHPB_WIHPAPB_W@Z

?Set@AvgBasEvent@@QAGHXZ

?AvgCreateErrorCodeFromWin32@@YGHK@Z

?GetForward@AvgBasWaitable@@IBGPAV1@XZ

?GetResourceType@AvgBasWaitable@@IBG?AW4AvgBasWaitableResourceType@@XZ

?Destroy@AvgBasWaitable@@UAGHXZ

?GetThreadExitCode@AvgBasThread@@QAGHAAH@Z

?StopThread@AvgBasThread@@QAGHH@Z

?StartThread@AvgBasThread@@QAGHW4AvgPriority@@PAVAvgSecurityCtx@@V?$AvgFlags@W4ThreadFlag@AvgBasThread@@@@PBD@Z

?Initialize@AvgBasThread@@QAGHPAVAvgBasEvent@@@Z

?Cleanup@AvgBasThread@@MAGXXZ

?GetFullPath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?Release@AvgBasCriticalSection@@QAGHXZ

?Acquire@AvgBasCriticalSection@@QAGHXZ

?Create@AvgBasCriticalSection@@QAGHXZ

??1AvgBasCriticalSection@@QAE@XZ

??0AvgBasCriticalSection@@QAE@XZ

?Initialize@AvgWinSecurityIdentifier@@QAGHW4WellKnownSidType@1@PBV1@@Z

?Assign@AvgWinSecurityDescriptor@@QAGHABVAvgSecurityCtx@@@Z

?AddDaclAce@AvgWinSecurityDescriptor@@QAGHABVAvgWinAce@@@Z

?IsInitialized@AvgBasCriticalSection@@QBG_NXZ

?Release@AvgBasMutex@@QAGHXZ

?Acquire@AvgBasMutex@@QAGHH@Z

?Create@AvgBasMutex@@QAGH_N@Z

?IsInitialized@AvgBasWaitable@@QBG_NXZ

?WaitForThreadToStop@AvgBasThread@@QAGHH@Z

?AddDaclAce@AvgWinSecurityDescriptor@@QAGHW4WellKnownSidType@AvgWinSecurityIdentifier@@HW4Type@AvgWinAce@@V?$AvgFlags@W4FlagsValues@AvgWinAce@@@@@Z

?AvgGetTimestamp@@YGKXZ

?FreeResource@AvgBasWaitable@@IAGHXZ

?ParseWinSecDes@AvgWinSecurityDescriptor@@KGHAAV1@PBXV?$AvgFlags@W4InformationValues@AvgWinSecurityDescriptor@@@@@Z

?ReleaseClonedObject@AvgWinSecurityDescriptor@@UAEXXZ

?ClearSecurityAttributes@AvgWinSecurityDescriptor@@QAGXXZ

?CloneImpl@AvgWinSecurityDescriptor@@MBEHAAPAVAvgSecurityCtx@@@Z

?GetInformationType@AvgWinSecurityDescriptor@@QBG?AV?$AvgFlags@W4InformationValues@AvgWinSecurityDescriptor@@@@XZ

?AvgMemXor@@YGXPAEPBEI@Z

?InternalWait@AvgBasWaitable@@IAGHH@Z

?Destroy@AvgBasCriticalSection@@QAGHXZ

?AvgGenerateRandomBuffer@@YGXPAEI@Z

?GetCurrentProcessId@AvgProcess@@YGKXZ

?GetCurrentSessionId@AvgEnvironment@@YGHAAK@Z

?GetCurrentThreadId@AvgBasThread@@SGKXZ

?AvgPrintV@@YGHPB_WPAD@Z

?CreateLuid@AvgGuidUtils@@YGHAAU_AvgGuid@@@Z

?Assign@AvgGuidUtils@@YGXAAU_AvgGuid@@ABU2@@Z

?GetCurrentModuleHandle@AvgProcess@@YGPAXXZ

?AvgGetSystemTime@@YGHAA_K@Z

?AvgCopyString@@YGHPA_WIPB_WI@Z

?GetHandle@AvgBasWaitable@@IBGPAXXZ

?AvgCreateErrorCodeFromWin32@@YGHW4_AvgErrorCodeSeverity@@K@Z

?Create@AvgBasEvent@@QAGHW4ResetType@1@_N@Z

?Wait@AvgBasEvent@@QAGHH@Z

??0AvgBasObjectFactoryImpl@detail@@QAE@XZ

??1AvgBasObjectFactoryImpl@detail@@QAE@XZ

?Initialize@AvgBasObjectFactoryImpl@detail@@QAGHPBUAvgBasObjectFactoryMapping@@I@Z

?SetProgramPath@AvgBasObjectFactoryImpl@detail@@QAGHPB_W@Z

?GetAvgObject@AvgBasObjectFactoryImpl@detail@@QAGHABU_AvgGuid@@PAPAX@Z

?UnloadSharedLibraries@AvgBasObjectFactoryImpl@detail@@QAGX_N@Z

?Sleep@AvgBasThread@@SGHH@Z

?GetSpecialFolder@AvgEnvironment@@YGHW4SpecialFolder@1@AAV?$IAvgString@_W$0A@@@@Z

?GetMaxPathLength@AvgEnvironment@@YGHAAIPB_W@Z

?IsWindows8OrHigher@OsInfo@AvgEnvironment@@YG_NXZ

??0AvgBasSharedLibraryLoader@@QAE@PB_W@Z

??1AvgBasSharedLibraryLoader@@UAE@XZ

?Load@AvgBasSharedLibraryLoader@@QAGHPB_W@Z

?Unload@AvgBasSharedLibraryLoader@@UAGXXZ

?AttachTo@AvgBasSharedLibraryLoader@@QAGHPBDPCRAX@Z

?Parse@AvgGuidUtils@@YGHAAU_AvgGuid@@PB_W@Z

??0AvgBasWinRegistryHandle@@QAE@W4AvgBasWinRegistryRootType@@@Z

??1AvgBasWinRegistryHandle@@QAE@XZ

?OpenKeyIfExists@AvgBasWinRegistryHandle@@QAGHABU?$AvgStringRefBase@_W$0A@@@@Z

?IsWow64ViewModeSupported@AvgBasWinRegistryHandle@@SG_NXZ

?SetViewMode@AvgBasWinRegistryHandle@@QAGHV?$AvgFlags@W4AvgBasWinRegistryViewModeValues@@@@@Z

?GetStringValue@AvgBasWinRegistryHandle@@QAGHAAV?$IAvgString@_W$0A@@@ABU?$AvgStringRefBase@_W$0A@@@@Z

?CloseKey@AvgBasWinRegistryHandle@@QAGXXZ

?AvgCompareString@@YGHPB_W0II@Z

?AvgFormatStringV@@YGHW4AvgCodePage@@PA_WIPB_WPAIPAD@Z

?DirectoryExists@AvgBasFs@@YGHPB_W@Z

?AvgGetStringSizeInElements@@YGIPB_W@Z

?AvgNtdll_RtlDosPathNameToNtPathName_T_EliminateDosDevice@@YGHPB_WPAU_UNICODE_STRING@@@Z

?AvgWinZwOpenFile@@YGHPB_WPAPAXKPAU_IO_STATUS_BLOCK@@KK@Z

?GetSecurityDescriptor@AvgWinSecurityDescriptor@@QAGHAAPAX@Z

?AvgBufferXor@@YGXPAEPBEI1I_J@Z

?GetString@AvgGuidUtils@@YGHABU_AvgGuid@@AAU_AVG_UTF16CHAR_STR@@@Z

?GetModuleDirectory@AvgModule@@YGHPAXAAU_AVG_UTF16CHAR_STR@@PAI@Z

?Reset@AvgBasEvent@@QAGHXZ

mfc100u

ord11228

ord7391

ord11240

ord11209

ord5261

ord3416

ord266

ord6140

ord890

ord13568

ord13571

ord13569

ord13572

ord13567

ord13570

ord7179

ord11469

ord13267

ord10976

ord14162

ord1739

ord7126

ord11864

ord3625

ord3684

ord8530

ord13387

ord7108

ord13381

ord11477

ord11476

ord2164

ord9447

ord4744

ord13854

ord7176

ord4086

ord11784

ord11845

ord9498

ord11236

ord7548

ord1292

ord6869

ord7624

ord8346

ord9328

ord7393

ord4792

ord6922

ord6932

ord6931

ord4623

ord4794

ord4645

ord5118

ord4901

ord8483

ord5115

ord4923

ord4642

ord1300

ord1934

ord2089

msvcr100

_controlfp_s

_invoke_watson

?_type_info_dtor_internal_method@type_info@@QAEXXZ

_except_handler4_common

?terminate@@YAXXZ

__CxxFrameHandler3

??2@YAPAXI@Z

_onexit

_lock

__dllonexit

_unlock

__set_app_type

_fmode

_commode

__setusermatherr

_configthreadlocale

_initterm_e

_initterm

_wcmdln

exit

_XcptFilter

_exit

_cexit

__wgetmainargs

_amsg_exit

_purecall

memcpy

memset

_crt_debugger_hook

_CxxThrowException

memmove

kernel32

UnhandledExceptionFilter

GetCurrentProcess

TerminateProcess

GetSystemTimeAsFileTime

GetCurrentProcessId

GetCurrentThreadId

GetTickCount

QueryPerformanceCounter

SetUnhandledExceptionFilter

DecodePointer

EncodePointer

GetStartupInfoW

HeapSetInformation

InterlockedCompareExchange

Sleep

InterlockedExchange

WaitForMultipleObjectsEx

CloseHandle

CancelIo

DeviceIoControl

GetLastError

GetOverlappedResult

CreateFileW

IsDebuggerPresent

comctl32

InitCommonControlsEx

Sections

.text
Size: 223KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

avgxpl.dll

.dll windows:5 windows x86 arch:x86

c043e88b21875cdb813440e6a73b4c59

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

Extended Key Usages

ExtKeyUsageServerAuth

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

49:84:48:9d:ec:62:00:de:ce:ad:93:d4:73:2c:ab:ca
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2012, 00:00

Not After

05/01/2015, 23:59

Subject

CN=AVG Technologies CZ\, s.r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AVG Technologies CZ\, s.r.o.,L=Brno,ST=Jihomoravsky kraj,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

8e:5b:86:12:5c:c9:8b:34:ae:82:cd:01:04:7c:44:8e:d0:1e:8c:ab
Signer

Actual PE Digest

8e:5b:86:12:5c:c9:8b:34:ae:82:cd:01:04:7c:44:8e:d0:1e:8c:ab

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

d:\build\user\sandbox_2013_0514_095407_SmallUpdate2013-04_Release_AvgVC10\source\build\avg_client_ru_dls_win32_vs100\bin\Release_Unicode_DLS_vs100\Win32\avgxpl.pdb

Imports

ws2_32

WSAGetLastError

connect

getpeername

send

sendto

recvfrom

__WSAFDIsSet

select

accept

listen

ntohs

gethostbyname

gethostbyaddr

getservbyname

getservbyport

inet_addr

inet_ntoa

gethostname

getsockname

htonl

WSACleanup

WSAStartup

setsockopt

recv

bind

socket

closesocket

WSASetLastError

getsockopt

ioctlsocket

htons

version

GetFileVersionInfoSizeW

VerQueryValueW

GetFileVersionInfoW

kernel32

QueryPerformanceFrequency

LoadLibraryW

ExpandEnvironmentStringsW

GetModuleFileNameW

SetLastError

GetVersion

FormatMessageA

ExpandEnvironmentStringsA

WaitForMultipleObjects

GetFileType

GetStdHandle

PeekNamedPipe

GetVersionExA

LoadLibraryA

GetProcAddress

FreeLibrary

SleepEx

GetVersionExW

GetSystemDirectoryA

SetFilePointer

GetSystemTimeAsFileTime

GetCurrentProcessId

GetCurrentThreadId

QueryPerformanceCounter

IsDebuggerPresent

SetUnhandledExceptionFilter

UnhandledExceptionFilter

GetCurrentProcess

TerminateProcess

InterlockedCompareExchange

InterlockedExchange

DecodePointer

EncodePointer

FileTimeToLocalFileTime

GetDiskFreeSpaceExW

GetLocaleInfoW

lstrlenW

DeleteFileW

GetTempPathW

CompareFileTime

GetTempFileNameW

GetTickCount

OutputDebugStringW

GetSystemTime

SystemTimeToFileTime

MultiByteToWideChar

WideCharToMultiByte

GetWindowsDirectoryW

GetFileAttributesW

CopyFileW

GetFullPathNameW

CloseHandle

GetLastError

CreateFileW

ReadFile

Sleep

WriteFile

SetEndOfFile

IsProcessorFeaturePresent

GetFileSize

ntdll

ZwWriteFile

ZwCreateSection

ZwSetEvent

ZwWaitForSingleObject

ZwCreateEvent

RtlAllocateHeap

RtlReAllocateHeap

RtlFreeHeap

ZwClose

RtlNtStatusToDosError

ZwUnmapViewOfSection

ZwQuerySystemInformation

ZwFlushVirtualMemory

ZwMapViewOfSection

ZwReadFile

ZwQueryInformationFile

ZwCreateFile

RtlFreeUnicodeString

ZwSetInformationFile

wininet

InternetCrackUrlW

avgsysx

?AddDaclAce@AvgWinSecurityDescriptor@@QAGHW4WellKnownSidType@AvgWinSecurityIdentifier@@HW4Type@AvgWinAce@@V?$AvgFlags@W4FlagsValues@AvgWinAce@@@@@Z

?Initialize@AvgWinSecurityDescriptor@@QAGHXZ

?AvgGetLocalTime@@YGHAA_K@Z

?CreateDir@AvgBasFs@@YGHPB_W_NPAVAvgSecurityCtx@@@Z

??0AvgTimeStruct@@QAE@XZ

?AppendDescriptorToObject@AvgWinSecurity@@YGHAAVAvgWinSecurityDescriptor@@ABVAvgWinObject@@_N@Z

?AvgConvertAvgTimeToTimeT@@YGHAA_J_K@Z

??0AvgUtf16CharHeapBuffer@@QAE@XZ

??1AvgUtf16CharHeapBuffer@@QAE@XZ

?Assign@AvgUtf16CharHeapBuffer@@QAGHPB_WI@Z

?Create@AvgBasMutex@@QAGH_N@Z

?Initialize@AvgWinMandatoryLabel@@QAGHW4Label@1@V?$AvgFlags@W4FlagsValues@AvgWinMandatoryLabel@@@@@Z

?AvgConvertAvgTimeToStruct@@YGHAAUAvgTimeStruct@@_K@Z

?Sleep@AvgBasThread@@SGHH@Z

?UnloadSharedLibraries@AvgBasObjectFactoryImpl@detail@@QAGX_N@Z

?GetSpecialFolder@AvgEnvironment@@YGHW4SpecialFolder@1@AAV?$IAvgString@_W$0A@@@@Z

?GetMaxPathLength@AvgEnvironment@@YGHAAIPB_W@Z

??0AvgBasSharedLibraryLoader@@QAE@PB_W@Z

??1AvgBasSharedLibraryLoader@@UAE@XZ

?Load@AvgBasSharedLibraryLoader@@QAGHPB_W@Z

?Unload@AvgBasSharedLibraryLoader@@UAGXXZ

?AttachTo@AvgBasSharedLibraryLoader@@QAGHPBDPCRAX@Z

??0AvgBasWinRegistryHandle@@QAE@W4AvgBasWinRegistryRootType@@@Z

??1AvgBasWinRegistryHandle@@QAE@XZ

?OpenKeyIfExists@AvgBasWinRegistryHandle@@QAGHABU?$AvgStringRefBase@_W$0A@@@@Z

?IsWow64ViewModeSupported@AvgBasWinRegistryHandle@@SG_NXZ

?SetViewMode@AvgBasWinRegistryHandle@@QAGHV?$AvgFlags@W4AvgBasWinRegistryViewModeValues@@@@@Z

?GetStringValue@AvgBasWinRegistryHandle@@QAGHAAV?$IAvgString@_W$0A@@@ABU?$AvgStringRefBase@_W$0A@@@@Z

?CloseKey@AvgBasWinRegistryHandle@@QAGXXZ

?AvgConvertT2MbString@@YGHPADIPB_WW4AvgCodePage@@PAII@Z

?AvgCompareString@@YGHPB_W0II@Z

?AvgFormatStringV@@YGHW4AvgCodePage@@PA_WIPB_WPAIPAD@Z

?AvgConvertMb2Utf16String@@YGHPA_WIPBDW4AvgCodePage@@PAII@Z

?AvgGetMb2Utf16StringSize@@YGHAAIPBDW4AvgCodePage@@I@Z

?DirectoryExists@AvgBasFs@@YGHPB_W@Z

?AvgCreateErrorCodeFromWin32@@YGHK@Z

?AvgGetStringSizeInElements@@YGIPB_W@Z

?AvgGetStringSizeInElements@@YGIPBD@Z

?GetAvgObject@AvgBasObjectFactoryImpl@detail@@QAGHABU_AvgGuid@@PAPAX@Z

?SetProgramPath@AvgBasObjectFactoryImpl@detail@@QAGHPB_W@Z

?Initialize@AvgBasObjectFactoryImpl@detail@@QAGHPBUAvgBasObjectFactoryMapping@@I@Z

??1AvgBasObjectFactoryImpl@detail@@QAE@XZ

?AvgUpperASCIIString@@YGXPADI@Z

?AvgConvertString2Number@@YGHAAKPB_WIHPAPB_W@Z

?AvgConvertString2Number@@YGHAAHPB_WIHPAPB_W@Z

?AvgUpperString@@YGHW4AvgCodePage@@PA_WIPB_WPAII@Z

?AvgLowerString@@YGHW4AvgCodePage@@PA_WIPB_WPAII@Z

??0AvgBasResource@@QAE@XZ

??1AvgBasResource@@UAE@XZ

?Create@AvgBasResource@@QAGHXZ

?AcquireExclusive@AvgBasResource@@QAGHH@Z

?AcquireShared@AvgBasResource@@QAGHH@Z

?Release@AvgBasResource@@QAGHXZ

?AvgConvertNumber2String@@YGHPADIHHPAI@Z

?AvgGetLocalTime@@YGHAAUAvgTimeStruct@@@Z

?AvgConvertSize2String@@YGHPADIIHPAI@Z

?AvgGetMb2MbStringSize@@YGHAAIPBDW4AvgCodePage@@2I@Z

?AvgCompareString@@YGHPBD0II@Z

?AvgConvertMb2MbString@@YGHPADIPBDW4AvgCodePage@@2PAII@Z

?AvgFindElement@@YGPBDPBDDI@Z

?AvgConvertUtf162MbString@@YGHPADIPB_WW4AvgCodePage@@PAII@Z

?AvgLowerASCIIString@@YGXPADI@Z

??0AvgMiniHashSha1@@QAE@XZ

??1AvgMiniHashSha1@@QAE@XZ

?Initialize@AvgMiniHashSha1@@QAGXXZ

?Add@AvgMiniHashSha1@@QAGHPBEI@Z

?Get@AvgMiniHashSha1@@QAGXAAUHashType@1@@Z

?AvgGetUtf162MbStringSize@@YGHAAIPB_WW4AvgCodePage@@I@Z

?AvgFormatStringV@@YGHW4AvgCodePage@@PADIPBDPAI1@Z

?AvgGetSystemTime@@YGHAA_K@Z

?IsInitialized@AvgBasWaitable@@QBG_NXZ

?Acquire@AvgBasMutex@@QAGHH@Z

?Release@AvgBasMutex@@QAGHXZ

?FreeResource@AvgBasWaitable@@IAGHXZ

?GetInformationType@AvgWinSecurityDescriptor@@QBG?AV?$AvgFlags@W4InformationValues@AvgWinSecurityDescriptor@@@@XZ

?CloneImpl@AvgWinSecurityDescriptor@@MBEHAAPAVAvgSecurityCtx@@@Z

?ClearSecurityAttributes@AvgWinSecurityDescriptor@@QAGXXZ

?ReleaseClonedObject@AvgWinSecurityDescriptor@@UAEXXZ

?ParseWinSecDes@AvgWinSecurityDescriptor@@KGHAAV1@PBXV?$AvgFlags@W4InformationValues@AvgWinSecurityDescriptor@@@@@Z

?Destroy@AvgBasWaitable@@UAGHXZ

?AvgConvertLocalTimeToSystemTime@@YGHAAUAvgTimeStruct@@@Z

?DestroyEnvironment@AvgEnvironment@@YGXXZ

?InitializeEnvironment@AvgEnvironment@@YGHXZ

?AvgInitializeSysMini@@YGHXZ

?AvgDestroySysMini@@YGXXZ

??0AvgSpinLockLocker@@QAE@PAUAvgSpinLock@@_N@Z

??1AvgSpinLockLocker@@QAE@XZ

?Release@AvgBasCriticalSection@@QAGHXZ

?Acquire@AvgBasCriticalSection@@QAGHXZ

?Create@AvgBasCriticalSection@@QAGHXZ

??1AvgBasCriticalSection@@QAE@XZ

??0AvgBasCriticalSection@@QAE@XZ

?GetCurrentModuleHandle@AvgProcess@@YGPAXXZ

?AvgCompareStringNoCase@@YGHW4AvgCodePage@@PB_W1II@Z

?GetModuleDirectory@AvgModule@@YGHPAXAAU_AVG_UTF16CHAR_STR@@PAI@Z

?GetCurrentDirectoryPath@AvgProcess@@YGHAAU_AVG_UTF16CHAR_STR@@PAI@Z

?GetProcessName@AvgProcess@@YGHKAAU_AVG_UTF16CHAR_STR@@PAI@Z

?AvgNtdll_RtlDosPathNameToNtPathName_T_EliminateDosDevice@@YGHPB_WPAU_UNICODE_STRING@@@Z

?AvgBasGetStackFrameModulePath@@YGHAAV?$IAvgString@_W$0A@@@ABUAvgBasStackFrameX86@@@Z

?AvgCreateErrorCodeFromWin32@@YGHW4_AvgErrorCodeSeverity@@K@Z

?GetFilename@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?IsPathRooted@AvgBasPath@@YG_NPB_WI@Z

?GetDirectoryPathFromFilenamePath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?GetTempDirPath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PAI@Z

?GetFullPath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?AvgConvertWin32FileTimeToAvgTime@@YGHAA_KKK@Z

??0AvgBasObjectFactoryImpl@detail@@QAE@XZ

msvcp100

?_Xlength_error@std@@YAXPBD@Z

?_Xout_of_range@std@@YAXPBD@Z

msvcr100

__sys_nerr

strerror

getenv

isalnum

fflush

fputc

_fstat64

_lseeki64

fopen

fgets

fputs

_strtoi64

qsort

fseek

_time64

strtoul

strrchr

fread

strtol

sscanf

isalpha

_errno

_stat64

isgraph

isprint

isupper

islower

_localtime64

_CxxThrowException

__clean_type_info_names_internal

?_type_info_dtor_internal_method@type_info@@QAEXXZ

?terminate@@YAXXZ

_except_handler4_common

_crt_debugger_hook

__CppXcptFilter

strcpy_s

_fileno

_read

_close

_open

_strnicmp

_amsg_exit

_initterm_e

_initterm

_encoded_null

_malloc_crt

__CxxFrameHandler3

_onexit

_lock

__dllonexit

_unlock

wcstombs

_stricmp

fclose

fwrite

_snprintf

_wfopen

isxdigit

realloc

tolower

calloc

fprintf

__iob_func

atol

_strupr_s

_strupr

_vsnwprintf

strncpy

strstr

sprintf

bsearch

memcpy

memset

strcat_s

strncpy_s

_strdup

_gmtime64

wcschr

?what@exception@std@@UBEPBDXZ

??1exception@std@@UAE@XZ

??0exception@std@@QAE@ABQBD@Z

??0exception@std@@QAE@ABV01@@Z

memmove

??_V@YAXPAX@Z

_purecall

??3@YAXPAX@Z

memcpy_s

??2@YAPAXI@Z

malloc

strncmp

free

_vswprintf_c_l

isspace

wcsftime

isdigit

_strlwr_s

_wcslwr_s

wcsncmp

sprintf_s

_wtoi

memchr

_wcsicmp

strchr

wcscat_s

_wcsdup

strtok_s

atoi

toupper

advapi32

RegOpenKeyExW

RegQueryValueExW

RegCloseKey

shell32

SHGetFolderPathW

Exports

??0_Mutex@std@@QAE@W4_Uninitialized@1@@Z

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

AVGXPL_AddMalwarePrevalence

AVGXPL_AddMalwarePrevalence2

AVGXPL_CheckForExploitByStream2

AVGXPL_CheckSite

AVGXPL_FreeBuffer

AVGXPL_GetDatCreateTime

AVGXPL_HandleStreamContentType

AVGXPL_Initialize3

XPL_CheckForExploitByBuffer

XPL_CheckForExploitByStream

XPL_CheckForExploitByURL

XPL_CheckForFilter

XPL_CheckForFilterEx

XPL_CheckSite

XPL_CloseByStreamSession

XPL_EncodeDat

XPL_FreeResults

XPL_FreeSingleResult

XPL_GetExploitInfo

XPL_GetResultsCount

XPL_GetSelectedAlgo

XPL_GetSingleResult

XPL_Initialize

XPL_Initialize2

XPL_SetWebProxy

XPL_Terminate

XPL_UpdateDataFiles

_XPLRESEARCH_CheckForExploitByBuffer@20

_XPLRESEARCH_CheckForExploitByStream@28

_XPL_GetDatCreateTime@4

_XPL_GetSDKVersion@0

Sections

.text
Size: 538KB - Virtual size: 538KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

boost.txt

bsdiff.txt

bzip.txt

carp.html

.html

cfgexlog.cfg

cfglog.cfg

cryptopp.txt

csllog.cfg

curl.txt

dazukofs.txt

deciderlog.cfg

dfncfg.dat

expat.txt

fixcfg.exe

.exe windows:5 windows x86 arch:x86

8e69d98c8c74f90c6f976d4ae3d36fdf

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

Extended Key Usages

ExtKeyUsageServerAuth

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

49:84:48:9d:ec:62:00:de:ce:ad:93:d4:73:2c:ab:ca
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2012, 00:00

Not After

05/01/2015, 23:59

Subject

CN=AVG Technologies CZ\, s.r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AVG Technologies CZ\, s.r.o.,L=Brno,ST=Jihomoravsky kraj,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

66:4e:11:3f:28:a9:d2:14:06:50:e3:ed:e0:3f:90:cf:38:ac:1a:40
Signer

Actual PE Digest

66:4e:11:3f:28:a9:d2:14:06:50:e3:ed:e0:3f:90:cf:38:ac:1a:40

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\nightly\sandbox_avg_vc10_HotFix2013-16\source\build\avg_client_ru_dls_win32_vs100\bin\Release_Unicode_DLS_vs100\Win32\fixcfg.pdb

Imports

ntdll

ZwOpenFile

RtlInitUnicodeString

ZwWriteFile

ZwQueryInformationFile

ZwCreateSection

ZwUnmapViewOfSection

ZwSetInformationFile

ZwQuerySystemInformation

ZwFlushVirtualMemory

ZwMapViewOfSection

ZwReadFile

ZwFsControlFile

ZwCreateFile

RtlCreateUnicodeString

ZwCancelIoFile

RtlFreeUnicodeString

ZwSetEvent

ZwWaitForSingleObject

ZwCreateEvent

RtlAllocateHeap

RtlReAllocateHeap

RtlFreeHeap

ZwClose

RtlNtStatusToDosError

avgsysx

?Sleep@AvgBasThread@@SGHH@Z

?UnloadSharedLibraries@AvgBasObjectFactoryImpl@detail@@QAGX_N@Z

?GetAvgObject@AvgBasObjectFactoryImpl@detail@@QAGHABU_AvgGuid@@PAPAX@Z

?SetProgramPath@AvgBasObjectFactoryImpl@detail@@QAGHPB_W@Z

?Initialize@AvgBasObjectFactoryImpl@detail@@QAGHPBUAvgBasObjectFactoryMapping@@I@Z

??1AvgBasObjectFactoryImpl@detail@@QAE@XZ

??0AvgBasObjectFactoryImpl@detail@@QAE@XZ

?GetFullPath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?GetTempDirPath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PAI@Z

?GetDirectoryPathFromFilenamePath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z

?IsPathRooted@AvgBasPath@@YG_NPB_WI@Z

??1AvgSpinLockLocker@@QAE@XZ

??0AvgSpinLockLocker@@QAE@PAUAvgSpinLock@@_N@Z

?AvgDestroySysMini@@YGXXZ

?AvgInitializeSysMini@@YGHXZ

?InitializeEnvironment@AvgEnvironment@@YGHXZ

?DestroyEnvironment@AvgEnvironment@@YGXXZ

?AvgCreateErrorCodeFromWin32@@YGHW4_AvgErrorCodeSeverity@@K@Z

?AvgBasGetStackFrameModulePath@@YGHAAV?$IAvgString@_W$0A@@@ABUAvgBasStackFrameX86@@@Z

?AvgCompareStringNoCase@@YGHW4AvgCodePage@@PB_W1II@Z

?AvgConvertString2Number@@YGHAAHPB_WIHPAPB_W@Z

?GetSpecialFolder@AvgEnvironment@@YGHW4SpecialFolder@1@AAV?$IAvgString@_W$0A@@@@Z

?AddDaclAce@AvgWinSecurityDescriptor@@QAGHW4WellKnownSidType@AvgWinSecurityIdentifier@@HW4Type@AvgWinAce@@V?$AvgFlags@W4FlagsValues@AvgWinAce@@@@@Z

?AvgNtdll_RtlDosPathNameToNtPathName_T_EliminateDosDevice@@YGHPB_WPAU_UNICODE_STRING@@@Z

?ParseWinSecDes@AvgWinSecurityDescriptor@@KGHAAV1@PBXV?$AvgFlags@W4InformationValues@AvgWinSecurityDescriptor@@@@@Z

?ReleaseClonedObject@AvgWinSecurityDescriptor@@UAEXXZ

?ClearSecurityAttributes@AvgWinSecurityDescriptor@@QAGXXZ

?CloneImpl@AvgWinSecurityDescriptor@@MBEHAAPAVAvgSecurityCtx@@@Z

?GetInformationType@AvgWinSecurityDescriptor@@QBG?AV?$AvgFlags@W4InformationValues@AvgWinSecurityDescriptor@@@@XZ

?AvgWinZwOpenFile@@YGHPB_WPAPAXKPAU_IO_STATUS_BLOCK@@KK@Z

?AvgGetUtf162MbStringSize@@YGHAAIPB_WW4AvgCodePage@@I@Z

?Get@AvgMiniHashCrc32@@QAGKXZ

?Add@AvgMiniHashCrc32@@QAGXPBEI@Z

?Reset@AvgMiniHashCrc32@@QAGXK@Z

??1AvgMiniHashCrc32@@QAE@XZ

??0AvgMiniHashCrc32@@QAE@XZ

?CreateDir@AvgBasFs@@YGHPB_WPAVAvgSecurityCtx@@@Z

?AvgLowerString@@YGHW4AvgCodePage@@PA_WIPB_WPAII@Z

?AvgConvertUtf162MbString@@YGHPADIPB_WW4AvgCodePage@@PAII@Z

?AvgMemXor@@YGXPAEPBEI@Z

?Delete@AvgBasFs@@YGHPB_WV?$AvgFlags@W4FileDeleteFlagItems@AvgBasFs@@@@@Z

?GetName@Item@AvgBasFs@@QBGPB_WXZ

??1Item@AvgBasFs@@QAE@XZ

?AvgGetSystemTime@@YGHAA_K@Z

?AvgGenerateRandomBuffer@@YGXPAEI@Z

?FileExists@AvgBasFs@@YGHPB_W@Z

?GetChildrenEnumeratorImpl@AvgBasWinRegistryHandle@@AAGHAAPAV?$IAvgEnumerator@U?$AvgStringzRefBase@_W$0A@@@@@@Z

?EnablePrivilege@AvgBasWinRegistryHandle@@SGHW4AvgBasWinRegistryPrivilege@@_N@Z

?UnLoadKey@AvgBasWinRegistryHandle@@QAGHABU?$AvgStringRefBase@_W$0A@@@@Z

?LoadKey@AvgBasWinRegistryHandle@@QAGHABU?$AvgStringRefBase@_W$0A@@@0@Z

?SetParent@AvgBasWinRegistryHandle@@QAGHW4AvgBasWinRegistryRootType@@@Z

??0AvgBasWinRegistryHandle@@QAE@PAV0@@Z

?Release@AvgBasCriticalSection@@QAGHXZ

?Acquire@AvgBasCriticalSection@@QAGHXZ

?Create@AvgBasCriticalSection@@QAGHXZ

??1AvgBasCriticalSection@@QAE@XZ

??0AvgBasCriticalSection@@QAE@XZ

?GetCurrentModuleHandle@AvgProcess@@YGPAXXZ

?GetMaxPathLength@AvgEnvironment@@YGHAAIPB_W@Z

??0AvgBasSharedLibraryLoader@@QAE@PB_W@Z

??1AvgBasSharedLibraryLoader@@UAE@XZ

?Load@AvgBasSharedLibraryLoader@@QAGHPB_W@Z

?Unload@AvgBasSharedLibraryLoader@@UAGXXZ

?AttachTo@AvgBasSharedLibraryLoader@@QAGHPBDPCRAX@Z

??0AvgBasWinRegistryHandle@@QAE@W4AvgBasWinRegistryRootType@@@Z

??1AvgBasWinRegistryHandle@@QAE@XZ

?OpenKeyIfExists@AvgBasWinRegistryHandle@@QAGHABU?$AvgStringRefBase@_W$0A@@@@Z

?IsWow64ViewModeSupported@AvgBasWinRegistryHandle@@SG_NXZ

?SetViewMode@AvgBasWinRegistryHandle@@QAGHV?$AvgFlags@W4AvgBasWinRegistryViewModeValues@@@@@Z

?GetStringValue@AvgBasWinRegistryHandle@@QAGHAAV?$IAvgString@_W$0A@@@ABU?$AvgStringRefBase@_W$0A@@@@Z

?CloseKey@AvgBasWinRegistryHandle@@QAGXXZ

?AvgPrintV@@YGHPB_WPAD@Z

?AvgCompareString@@YGHPB_W0II@Z

?AvgFormatStringV@@YGHW4AvgCodePage@@PA_WIPB_WPAIPAD@Z

?DirectoryExists@AvgBasFs@@YGHPB_W@Z

?AvgGetStringSizeInElements@@YGIPB_W@Z

?AvgGetStringSizeInElements@@YGIPBD@Z

?AvgGetTimestamp@@YGKXZ

?FreeResource@AvgBasWaitable@@IAGHXZ

?AvgCreateErrorCodeFromWin32@@YGHK@Z

?GetHandle@AvgBasWaitable@@IBGPAXXZ

?GetForward@AvgBasWaitable@@IBGPAV1@XZ

?GetResourceType@AvgBasWaitable@@IBG?AW4AvgBasWaitableResourceType@@XZ

?GetThreadExitCode@AvgBasThread@@QAGHAAH@Z

?Initialize@AvgBasThread@@QAGHPAVAvgBasEvent@@@Z

?Cleanup@AvgBasThread@@MAGXXZ

?StartThread@AvgBasThread@@QAGHW4AvgPriority@@PAVAvgSecurityCtx@@V?$AvgFlags@W4ThreadFlag@AvgBasThread@@@@PBD@Z

?StopThread@AvgBasThread@@QAGHH@Z

?IsInitialized@AvgBasCriticalSection@@QBG_NXZ

?AvgBufferXor@@YGXPAEPBEI1I_J@Z

??0Item@AvgBasFs@@QAE@XZ

?GetModuleDirectory@AvgModule@@YGHPAXAAU_AVG_UTF16CHAR_STR@@PAI@Z

?New@Impl@DirectoryEnumerator@AvgBasFs@@SGHAAPAU123@PB_W1V?$AvgFlags@W4DirectoryEnumerationFlagItems@AvgBasFs@@@@PAVAvgWinTransaction@@@Z

?Initialize@Item@AvgBasFs@@QAGHPBEIABU?$AvgStringRefBase@_W$0A@@@@Z

?Reset@AvgBasEvent@@QAGHXZ

?Set@AvgBasEvent@@QAGHXZ

?Wait@AvgBasEvent@@QAGHH@Z

?Create@AvgBasEvent@@QAGHW4ResetType@1@_N@Z

?Destroy@AvgBasWaitable@@UAGHXZ

msvcr100

memcpy

memset

_controlfp_s

_invoke_watson

?_type_info_dtor_internal_method@type_info@@QAEXXZ

_except_handler4_common

_crt_debugger_hook

?terminate@@YAXXZ

__set_app_type

_fmode

_commode

__setusermatherr

_configthreadlocale

_initterm_e

_initterm

__winitenv

exit

_XcptFilter

_exit

_cexit

__wgetmainargs

_amsg_exit

__CxxFrameHandler3

_onexit

_lock

__dllonexit

_unlock

??2@YAPAXI@Z

??3@YAXPAX@Z

_purecall

??_V@YAXPAX@Z

memmove

_CxxThrowException

kernel32

DecodePointer

InterlockedExchange

GetLastError

WaitForMultipleObjectsEx

GetSystemTimeAsFileTime

GetCurrentProcessId

GetCurrentThreadId

GetTickCount

QueryPerformanceCounter

IsDebuggerPresent

SetUnhandledExceptionFilter

UnhandledExceptionFilter

GetCurrentProcess

TerminateProcess

HeapSetInformation

InterlockedCompareExchange

Sleep

EncodePointer

Exports

??0_Mutex@std@@QAE@W4_Uninitialized@1@@Z

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

Sections

.text
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

idpehlog.cfg

imagemagick.txt

infozip.txt

krnlapi.cfg

lnglog.cfg

lua.txt

md4_md5_license.txt

mflog.cfg

milter.txt

minizip.txt

msgdisplog.cfg

openssl_license.html

.html

privlog.cfg

publog.cfg

readme.txt

sasl.txt

schedlog.cfg

secapilog.cfg

srmlog.cfg

tinyxml.txt

unrar.txt

untar.txt

upgrade.exe

.exe windows:5 windows x86 arch:x86

6471af75e89191bbbddfc8ba3d2726ca

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

Extended Key Usages

ExtKeyUsageServerAuth

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

26:6d:33:3e:de:17:a8:b4:72:05:3e:4f:a3:93:45:72
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

22/10/2014, 00:00

Not After

20/01/2018, 23:59

Subject

CN=AVG Technologies CZ\, s.r.o.,O=AVG Technologies CZ\, s.r.o.,L=Brno,ST=Jihomoravsky kraj,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

2a:45:1f:8c:c9:48:65:d6:68:2c:84:1a:a6:f5:7a:13:4f:40:1f:0b
Signer

Actual PE Digest

2a:45:1f:8c:c9:48:65:d6:68:2c:84:1a:a6:f5:7a:13:4f:40:1f:0b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\build\user\2015_0605_161740_SmallUpdate2015-05_release_AvCompile\source\build\avcli_smoke_utils\RU_MT_SLL!Win32_vs110\bin\Release_Unicode_MT_SLL_vs110\Win32\win10upgradex.pdb

Imports

ntdll

ZwCreateSection

ZwFlushBuffersFile

ZwUnmapViewOfSection

ZwSetInformationFile

ZwQuerySystemInformation

ZwFlushVirtualMemory

ZwMapViewOfSection

ZwReadFile

ZwDeviceIoControlFile

ZwOpenFile

ZwDuplicateToken

ZwFsControlFile

ZwCreateEvent

ZwOpenKey

RtlSetOwnerSecurityDescriptor

ZwSetEvent

ZwResetEvent

RtlEnterCriticalSection

RtlLeaveCriticalSection

RtlGetCurrentDirectory_U

ZwQueryVirtualMemory

RtlInitializeCriticalSection

RtlDeleteCriticalSection

LdrGetDllHandle

ZwQueryDirectoryFile

ZwQueryAttributesFile

ZwQueryKey

ZwEnumerateKey

ZwDeleteKey

ZwLoadKey

ZwSetValueKey

ZwQueryInformationFile

ZwCreateKey

ZwUnloadKey

ZwSetInformationToken

RtlDosPathNameToNtPathName_U

RtlGetFullPathName_U

LdrLoadDll

LdrGetProcedureAddress

LdrUnloadDll

RtlCreateUnicodeString

RtlExpandEnvironmentStrings_U

RtlAllocateHeap

RtlFreeHeap

RtlUpcaseUnicodeChar

RtlQueryEnvironmentVariable_U

ZwReadVirtualMemory

RtlInitUnicodeString

RtlLocalTimeToSystemTime

RtlTimeFieldsToTime

RtlSystemTimeToLocalTime

ZwDelayExecution

RtlCreateUserThread

ZwTerminateProcess

ZwDuplicateObject

ZwWaitForSingleObject

LdrShutdownThread

CsrClientCallServer

ZwResumeThread

ZwTerminateThread

ZwCreateFile

RtlFreeUnicodeString

ZwQueryInformationProcess

ZwClose

ZwOpenSymbolicLinkObject

ZwQuerySymbolicLinkObject

RtlxUnicodeStringToOemSize

NlsMbOemCodePageTag

RtlxUnicodeStringToAnsiSize

RtlTimeToTimeFields

RtlOpenCurrentUser

ZwWriteFile

RtlGetAce

ZwOpenThreadToken

RtlAddAccessDeniedAceEx

RtlCreateAcl

RtlValidSecurityDescriptor

RtlSetDaclSecurityDescriptor

RtlEqualSid

RtlCopySid

ZwQuerySecurityObject

RtlGetSaclSecurityDescriptor

RtlSetGroupSecurityDescriptor

RtlGetGroupSecurityDescriptor

RtlSetSaclSecurityDescriptor

ZwSetSecurityObject

ZwCancelIoFile

ZwNotifyChangeDirectoryFile

NtLockFile

RtlCreateSecurityDescriptor

RtlLengthSid

RtlGetOwnerSecurityDescriptor

ZwQueryInformationToken

ZwOpenProcess

RtlAddAccessAllowedAceEx

RtlGetDaclSecurityDescriptor

RtlNtStatusToDosError

RtlOemStringToUnicodeString

RtlxAnsiStringToUnicodeSize

RtlxOemStringToUnicodeSize

RtlUnicodeStringToOemString

RtlUnicodeStringToAnsiString

RtlAnsiStringToUnicodeString

RtlUnwind

VerSetConditionMask

RtlInitAnsiString

RtlReAllocateHeap

ZwQueryValueKey

NtClose

NtUnlockFile

ws2_32

setsockopt

recv

bind

socket

WSASetLastError

closesocket

getsockopt

WSAStartup

WSACleanup

WSAEnumNetworkEvents

WSAEventSelect

__WSAFDIsSet

select

WSAGetLastError

shutdown

listen

WSASendTo

accept

sendto

WSARecvFrom

WSASend

WSARecv

recvfrom

htonl

inet_addr

getaddrinfo

freeaddrinfo

ioctlsocket

send

getsockname

ntohs

htons

connect

WSAIoctl

getpeername

kernel32

WaitForSingleObject

SetThreadPriority

ResumeThread

GlobalFlags

InitializeCriticalSection

lstrcpyW

VerifyVersionInfoW

GlobalGetAtomNameW

FileTimeToSystemTime

SystemTimeToFileTime

GetThreadLocale

TlsAlloc

TlsGetValue

TlsSetValue

TlsFree

GlobalReAlloc

GlobalHandle

LocalAlloc

LocalReAlloc

GetCurrentDirectoryW

InterlockedIncrement

CompareStringW

GetLocaleInfoW

GetSystemDefaultUILanguage

GetUserDefaultUILanguage

GetFileTime

GetFullPathNameW

GetTempFileNameW

CreateFileW

DeleteFileW

FindClose

FindFirstFileW

FlushFileBuffers

GetFileSize

GetVolumeInformationW

LockFile

ReadFile

SetEndOfFile

UnlockFile

WriteFile

DuplicateHandle

GetCurrentProcess

lstrcmpiW

GetTempPathW

SearchPathW

GetTickCount

GetProfileIntW

Sleep

GetWindowsDirectoryW

FileTimeToLocalFileTime

GetFileAttributesExW

GetFileSizeEx

SetErrorMode

VirtualProtect

FindResourceExW

GetCommandLineW

GetConsoleMode

ReadConsoleW

IsDebuggerPresent

IsProcessorFeaturePresent

GetConsoleCP

HeapFree

HeapAlloc

HeapReAlloc

RaiseException

ExitProcess

GetModuleHandleExW

AreFileApisANSI

CreateThread

ExitThread

HeapSize

HeapQueryInformation

GetSystemTimeAsFileTime

GetSystemInfo

VirtualAlloc

VirtualQuery

SetStdHandle

GetFileType

GetStdHandle

GetProcessHeap

GetStartupInfoW

QueryPerformanceCounter

GetEnvironmentStringsW

FreeEnvironmentStringsW

UnhandledExceptionFilter

SetUnhandledExceptionFilter

TerminateProcess

IsValidCodePage

GetACP

GetOEMCP

GetCPInfo

SetFilePointerEx

WriteConsoleW

SetConsoleCtrlHandler

GetStringTypeW

GetTimeZoneInformation

OutputDebugStringW

LCMapStringW

SetEnvironmentVariableA

SleepEx

VerifyVersionInfoA

FormatMessageA

ExpandEnvironmentStringsA

GetSystemTime

FlushConsoleInputBuffer

WritePrivateProfileStringW

GetPrivateProfileStringW

GetPrivateProfileIntW

lstrcmpA

GetVersionExW

GetCurrentThread

InterlockedExchange

GlobalFindAtomW

GlobalAddAtomW

lstrcmpW

GlobalDeleteAtom

LoadLibraryExW

GetSystemDirectoryW

DeleteCriticalSection

InitializeCriticalSectionAndSpinCount

LeaveCriticalSection

EnterCriticalSection

DecodePointer

EncodePointer

CopyFileW

FormatMessageW

LocalFree

GlobalSize

GlobalAlloc

GlobalFree

GetModuleHandleW

GetModuleHandleA

FreeResource

GetVersion

OutputDebugStringA

GetFileAttributesW

MulDiv

GlobalUnlock

GlobalLock

SetLastError

GetCurrentProcessId

MultiByteToWideChar

WideCharToMultiByte

LoadLibraryW

InterlockedDecrement

GetCurrentThreadId

LockResource

GetLastError

SizeofResource

LoadResource

FindResourceW

GetModuleFileNameW

LocalFileTimeToFileTime

CloseHandle

LoadLibraryA

SetFileAttributesA

GetProcAddress

CreateDirectoryA

SetFileTime

FreeLibrary

CreateFileA

DosDateTimeToFileTime

GetFileInformationByHandle

PeekNamedPipe

ReadConsoleInputA

SetConsoleMode

FindFirstFileExW

GetDriveTypeW

WaitForMultipleObjectsEx

SetFilePointer

user32

MapDialogRect

GetMessageW

TranslateMessage

RealChildWindowFromPoint

GetSysColorBrush

SetLayeredWindowAttributes

SetRectEmpty

EnumDisplayMonitors

InflateRect

IntersectRect

TrackMouseEvent

IsZoomed

CharUpperW

GetAsyncKeyState

LoadMenuW

GetSystemMenu

DeleteMenu

MessageBeep

WindowFromPoint

NotifyWinEvent

CreatePopupMenu

GetMenuItemInfoW

GetMenuDefaultItem

SetMenuDefaultItem

IsMenu

UpdateLayeredWindow

DestroyMenu

EnableScrollBar

UnionRect

MonitorFromPoint

SendDlgItemMessageA

UnregisterClassW

CopyImage

CopyAcceleratorTableW

InvalidateRgn

SetRect

CharNextW

LoadAcceleratorsW

TranslateAcceleratorW

InsertMenuItemW

UnpackDDElParam

ReuseDDElParam

WaitMessage

GetNextDlgGroupItem

MoveWindow

DrawFrameControl

DrawFocusRect

DrawIconEx

ToUnicodeEx

GetKeyboardLayout

GetKeyboardState

MapVirtualKeyW

CreateAcceleratorTableW

DestroyAcceleratorTable

SetCursorPos

SetParent

LockWindowUpdate

SetClassLongW

OpenClipboard

CloseClipboard

SetClipboardData

EmptyClipboard

RegisterClipboardFormatW

CharUpperBuffW

ModifyMenuW

CopyIcon

FrameRect

PostThreadMessageW

GetKeyNameTextW

GetDoubleClickTime

GetIconInfo

IsCharLowerW

MapVirtualKeyExW

DrawMenuBar

DefFrameProcW

DefMDIChildProcW

TranslateMDISysAccel

IsClipboardFormatAvailable

GetUpdateRect

SubtractRect

CreateMenu

DestroyCursor

GetComboBoxInfo

HideCaret

InvertRect

GetWindowRgn

ShowWindow

GetMonitorInfoW

MonitorFromWindow

WinHelpW

GetScrollInfo

SetScrollInfo

LoadIconW

GetWindow

GetTopWindow

GetClassLongW

SetWindowLongW

EqualRect

CopyRect

SetWindowContextHelpId

AdjustWindowRectEx

GetWindowTextLengthW

GetWindowTextW

RemovePropW

GetPropW

SetPropW

ShowScrollBar

GetScrollRange

SetScrollRange

GetScrollPos

SetScrollPos

ScrollWindow

RedrawWindow

ValidateRect

TrackPopupMenu

SetMenu

GetMenu

GetCapture

GetDlgCtrlID

IsWindowVisible

EndDeferWindowPos

DeferWindowPos

BeginDeferWindowPos

SetWindowPlacement

GetWindowPlacement

SetWindowPos

IsChild

CreateWindowExW

GetClassInfoExW

GetClassInfoW

RegisterClassW

CallWindowProcW

DefWindowProcW

GetMessageTime

GetMessagePos

PeekMessageW

DispatchMessageW

RemoveMenu

AppendMenuW

InsertMenuW

GetMenuItemCount

GetMenuItemID

GetSubMenu

GetMenuState

GetMenuStringW

GetDesktopWindow

SetActiveWindow

GetActiveWindow

GetDlgItem

EndDialog

CreateDialogIndirectParamW

DestroyWindow

CallNextHookEx

UnhookWindowsHookEx

SetWindowsHookExW

GetCursorPos

GetSysColor

ClientToScreen

EndPaint

BeginPaint

GetWindowDC

GetDC

TabbedTextOutW

GrayStringW

DrawTextExW

DrawTextW

GetLastActivePopup

GetWindowLongW

MessageBoxW

IsWindowEnabled

GetClassNameW

FillRect

InvalidateRect

UpdateWindow

LoadBitmapW

GetParent

SetMenuItemInfoW

GetMenuCheckMarkDimensions

SetMenuItemBitmaps

EnableMenuItem

CheckMenuItem

GetFocus

GetNextDlgTabItem

PostMessageW

GetKeyState

ScreenToClient

GetWindowRect

PostQuitMessage

RegisterWindowMessageW

IsIconic

LoadImageW

KillTimer

SetForegroundWindow

AttachThreadInput

DrawIcon

GetClientRect

SetFocus

PtInRect

GetForegroundWindow

FlashWindowEx

BringWindowToTop

SendMessageTimeoutW

IsWindow

GetSystemMetrics

SendMessageW

EnableWindow

DestroyIcon

GetWindowThreadProcessId

ShowOwnedPopups

SystemParametersInfoW

LoadCursorW

IsRectEmpty

OffsetRect

SetCursor

SetWindowRgn

SetTimer

ReleaseCapture

SetCapture

IsDialogMessageW

SetWindowTextW

CheckDlgButton

MapWindowPoints

ReleaseDC

DrawStateW

DrawEdge

gdi32

GetDeviceCaps

GetObjectType

GetClipBox

ExcludeClipRect

Escape

DeleteDC

CreateRectRgn

CreatePatternBrush

CreatePen

CreateHatchBrush

CreateCompatibleDC

BitBlt

GetObjectW

GetStockObject

DeleteObject

CreateSolidBrush

GetPixel

GetViewportExtEx

GetWindowExtEx

IntersectClipRect

LineTo

PtVisible

RectVisible

RestoreDC

SaveDC

SelectClipRgn

ExtSelectClipRgn

SelectObject

SelectPalette

SetBkColor

GetWindowOrgEx

SetBkMode

CreateBitmap

SetROP2

GetTextFaceW

SetPixelV

EnumFontFamiliesExW

SetMapMode

SetLayout

GetLayout

SetPolyFillMode

GetViewportOrgEx

SetTextColor

SetTextAlign

MoveToEx

TextOutW

ExtTextOutW

SetViewportExtEx

SetViewportOrgEx

SetWindowExtEx

SetWindowOrgEx

OffsetViewportOrgEx

OffsetWindowOrgEx

ScaleViewportExtEx

ScaleWindowExtEx

CopyMetaFileW

CreateDCW

CreateEllipticRgn

Ellipse

CreateDIBSection

DPtoLP

LPtoDP

CreateCompatibleBitmap

CreateDIBitmap

CreateFontIndirectW

CreateRectRgnIndirect

EnumFontFamiliesW

GetTextCharsetInfo

GetTextMetricsW

CombineRgn

GetMapMode

PtInRegion

PatBlt

SetRectRgn

CreateRoundRectRgn

GetTextExtentPoint32W

GetRgnBox

GetBkColor

GetTextColor

CreatePolygonRgn

Polygon

Polyline

RealizePalette

SetPixel

StretchBlt

SetDIBColorTable

OffsetRgn

Rectangle

RoundRect

CreatePalette

GetPaletteEntries

ExtFloodFill

SetPaletteEntries

GetNearestPaletteIndex

GetSystemPaletteEntries

FillRgn

FrameRgn

GetBoundsRect

msimg32

TransparentBlt

AlphaBlend

winspool.drv

DocumentPropertiesW

ClosePrinter

OpenPrinterW

advapi32

RegCloseKey

RegOpenKeyExW

RegQueryValueExW

RegCreateKeyExW

RegDeleteKeyW

RegDeleteValueW

RegSetValueExW

RegEnumKeyW

RegQueryValueW

RegEnumValueW

RegEnumKeyExW

CloseServiceHandle

OpenSCManagerW

OpenServiceW

QueryServiceStatus

shell32

DragQueryFileW

DragFinish

ShellExecuteW

SHAppBarMessage

ShellExecuteExW

SHBrowseForFolderW

SHGetFileInfoW

SHGetDesktopFolder

SHGetSpecialFolderLocation

SHGetPathFromIDListW

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameW

PathIsUNCW

PathStripToRootW

StrFormatKBSizeW

PathFindExtensionW

PathRemoveFileSpecW

uxtheme

GetThemeSysColor

DrawThemeParentBackground

DrawThemeText

OpenThemeData

CloseThemeData

DrawThemeBackground

GetThemeColor

GetThemePartSize

GetWindowTheme

IsAppThemed

IsThemeBackgroundPartiallyTransparent

GetCurrentThemeName

ole32

CoCreateInstance

CoRegisterMessageFilter

CoRevokeClassObject

RevokeDragDrop

RegisterDragDrop

CoLockObjectExternal

OleGetClipboard

IsAccelerator

OleTranslateAccelerator

OleDestroyMenuDescriptor

OleCreateMenuDescriptor

OleLockRunning

OleUninitialize

OleInitialize

CoFreeUnusedLibraries

DoDragDrop

OleIsCurrentClipboard

OleFlushClipboard

CreateILockBytesOnHGlobal

StgOpenStorageOnILockBytes

StgCreateDocfileOnILockBytes

CoGetClassObject

CLSIDFromProgID

CLSIDFromString

CoInitialize

CoCreateGuid

OleDraw

CreateStreamOnHGlobal

ReleaseStgMedium

OleDuplicateData

CoTaskMemFree

CoTaskMemAlloc

CoInitializeEx

CoInitializeSecurity

CoUninitialize

oleaut32

SafeArrayUnaccessData

SafeArrayAccessData

SafeArrayGetLBound

SafeArrayGetUBound

OleCreateFontIndirect

VariantCopy

SafeArrayGetElemsize

SysAllocString

SysStringLen

VariantClear

VariantInit

SysFreeString

SysAllocStringLen

VariantChangeType

SystemTimeToVariantTime

VariantTimeToSystemTime

SafeArrayCreate

SafeArrayDestroy

SafeArrayRedim

SafeArrayGetDim

VarBstrFromDate

oledlg

OleUIBusyW

gdiplus

GdipBitmapUnlockBits

GdipBitmapLockBits

GdipCreateBitmapFromScan0

GdipCreateBitmapFromStream

GdipGetImagePaletteSize

GdipGetImagePalette

GdipGetImagePixelFormat

GdipGetImageHeight

GdipGetImageWidth

GdipGetImageGraphicsContext

GdipDrawImageRectI

GdipSetInterpolationMode

GdipDeleteGraphics

GdipCreateFromHDC

GdipCreateBitmapFromHBITMAP

GdipDisposeImage

GdipCloneImage

GdiplusStartup

GdipFree

GdipAlloc

GdiplusShutdown

GdipDrawImageI

oleacc

AccessibleObjectFromWindow

LresultFromObject

CreateStdAccessibleObject

imm32

ImmGetOpenStatus

ImmGetContext

ImmReleaseContext

winmm

PlaySoundW

crypt32

CertRDNValueToStrW

CertGetCertificateChain

CertCloseStore

CertAddCertificateContextToStore

CertFreeCertificateChain

CertOpenStore

CertVerifyCertificateChainPolicy

CertDuplicateCertificateContext

CryptHashCertificate

CertFreeCertificateContext

CertGetPublicKeyLength

CertFindExtension

CryptDecodeObjectEx

CertAddEncodedCertificateToStore

CryptFindOIDInfo

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 695KB - Virtual size: 694KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

vaultlog.cfg

wdlog.cfg

wdsvclog.cfg

winamapix.dll

.dll windows:6 windows x86 arch:x86

8cc427842a52fa948a9db0d185a57760

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

Extended Key Usages

ExtKeyUsageServerAuth

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

49:84:48:9d:ec:62:00:de:ce:ad:93:d4:73:2c:ab:ca
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2012, 00:00

Not After

05/01/2015, 23:59

Subject

CN=AVG Technologies CZ\, s.r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AVG Technologies CZ\, s.r.o.,L=Brno,ST=Jihomoravsky kraj,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

6c:ad:71:d2:5e:4b:1a:8e:d8:30:ec:9c:e4:10:89:fa:5b:e9:0c:35
Signer

Actual PE Digest

6c:ad:71:d2:5e:4b:1a:8e:d8:30:ec:9c:e4:10:89:fa:5b:e9:0c:35

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

d:\nightly\sandbox_avg_vc10_AVG2013_SP1_RR\source\common\winamapi\winamapi_output_vs110\bin\Release_Unicode_MT_SLL_vs110\Win32\winamapix.pdb

Imports

kernel32

SetLastError

DisableThreadLibraryCalls

CloseHandle

WriteConsoleW

SetFilePointerEx

SetStdHandle

GetConsoleMode

GetConsoleCP

FlushFileBuffers

RaiseException

LCMapStringW

LoadLibraryW

OutputDebugStringW

HeapReAlloc

HeapAlloc

LoadLibraryExW

LeaveCriticalSection

EnterCriticalSection

GetStringTypeW

GetCPInfo

GetOEMCP

GetACP

IsValidCodePage

IsDebuggerPresent

GetModuleHandleW

TlsFree

TlsSetValue

TlsGetValue

TlsAlloc

TerminateProcess

GetCurrentProcess

SetUnhandledExceptionFilter

UnhandledExceptionFilter

WideCharToMultiByte

FreeEnvironmentStringsW

GetEnvironmentStringsW

GetSystemTimeAsFileTime

GetCurrentProcessId

QueryPerformanceCounter

GetModuleFileNameA

GetStartupInfoW

DeleteCriticalSection

InitializeCriticalSectionAndSpinCount

GetFileType

GetProcessHeap

InterlockedIncrement

RtlUnwind

IsProcessorFeaturePresent

GetModuleFileNameW

WriteFile

GetStdHandle

Sleep

HeapSize

MultiByteToWideChar

GetProcAddress

GetModuleHandleExW

ExitProcess

InterlockedDecrement

HeapFree

GetLastError

GetCurrentThreadId

GetCommandLineA

DecodePointer

EncodePointer

CreateFileW

ntdll

RtlGetCurrentDirectory_U

ZwDelayExecution

ZwQuerySymbolicLinkObject

ZwOpenSymbolicLinkObject

LdrGetDllHandle

ZwTerminateProcess

RtlAnsiStringToUnicodeString

RtlxOemStringToUnicodeSize

RtlxAnsiStringToUnicodeSize

RtlOemStringToUnicodeString

NlsMbOemCodePageTag

RtlQueryEnvironmentVariable_U

RtlGetFullPathName_U

RtlExpandEnvironmentStrings_U

ZwQuerySystemInformation

RtlCopySid

RtlUpcaseUnicodeString

LdrLoadDll

LdrGetProcedureAddress

RtlInitAnsiString

RtlInitUnicodeString

LdrUnloadDll

RtlLeaveCriticalSection

RtlEnterCriticalSection

ZwOpenKey

ZwQueryKey

ZwQueryValueKey

RtlEqualSid

ZwCreateKey

ZwQueryVirtualMemory

ZwReadVirtualMemory

RtlOpenCurrentUser

NtClose

ZwQueryInformationToken

ZwQueryInformationProcess

ZwOpenProcess

ZwClose

RtlNtStatusToDosError

RtlAllocateHeap

RtlReAllocateHeap

RtlFreeHeap

Exports

AvgModuleFinish

AvgModuleInit

GetAvgObject

GetAvgObject2

GetLockCount

Sections

.text
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

xalan_xerces.txt

zlib.txt

Sharing

General

Malware Config

Signatures

Files

e481c4858ced812a26285f3519c716ec

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

49:84:48:9d:ec:62:00:de:ce:ad:93:d4:73:2c:ab:caCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

74:df:6f:9b:13:be:b1:35:ad:10:4a:93:ec:5f:51:80:de:b9:15:84Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ntdll

avgsysx

msvcr100

ws2_32

iphlpapi

snmpapi

rpcrt4

Exports

Exports

Sections

.text Size: 239KB - Virtual size: 239KB

.rdata Size: 46KB - Virtual size: 45KB

.data Size: 512B - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 26KB - Virtual size: 26KB

bed94e6cf7eccda3663ba116bf3e61de

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

49:84:48:9d:ec:62:00:de:ce:ad:93:d4:73:2c:ab:caCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

60:c9:0f:57:95:8e:7a:70:35:c7:81:a9:8a:15:68:19:fa:11:71:69Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ntdll

msvcr100

Exports

Exports

Sections

.text Size: 30KB - Virtual size: 30KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

c2b55a6feff681dd8d31d3a3426166d9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

49:84:48:9d:ec:62:00:de:ce:ad:93:d4:73:2c:ab:ca
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

74:df:6f:9b:13:be:b1:35:ad:10:4a:93:ec:5f:51:80:de:b9:15:84
Signer

.text
Size: 239KB - Virtual size: 239KB

.rdata
Size: 46KB - Virtual size: 45KB

.data
Size: 512B - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 26KB - Virtual size: 26KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

49:84:48:9d:ec:62:00:de:ce:ad:93:d4:73:2c:ab:ca
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

60:c9:0f:57:95:8e:7a:70:35:c7:81:a9:8a:15:68:19:fa:11:71:69
Signer

.text
Size: 30KB - Virtual size: 30KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

49:84:48:9d:ec:62:00:de:ce:ad:93:d4:73:2c:ab:ca
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

dc:28:8d:b0:b5:c9:ad:e4:3a:0a:d7:0a:8f:d5:74:3e:2c:e7:91:ca
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 96KB - Virtual size: 96KB

.data
Size: 5KB - Virtual size: 17KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 71KB - Virtual size: 71KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

49:84:48:9d:ec:62:00:de:ce:ad:93:d4:73:2c:ab:ca
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

b8:1c:e8:e7:be:cd:1f:f9:ef:9d:77:c2:68:ea:af:bb:3e:c6:20:d6
Signer

.text
Size: 162KB - Virtual size: 161KB

.rdata
Size: 39KB - Virtual size: 39KB

.data
Size: 512B - Virtual size: 2KB

.rsrc
Size: 86KB - Virtual size: 86KB

.reloc
Size: 24KB - Virtual size: 23KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate