fa015f68037d12be466e3256df7701e5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fa015f68037d12be466e3256df7701e5_JaffaCakes118
Size

30.9MB
MD5

fa015f68037d12be466e3256df7701e5
SHA1

ff7661b9a9315c6a1f54ab9328e8a8965ff7dc9e
SHA256

3713ce3ef05711831fc7b35a865b209a2992a9b65e093e10c80fe67db42ebda0
SHA512

8c705f12c6d267845a53605b77f5452b970d99db96628f5681af3dc502fea6261a0b6d61691c8a5eee9dea89d650152c03a73c15441cba282008e08c9508977f
SSDEEP

786432:E73IvXrCrudEBQvvnjrQSXxWCFI0MNDpy/ZnwI:LvRSmvg1CGzyN

Score

3^/10

Malware Config

Signatures

Unsigned PE 118 IoCs

Checks for missing Authenticode signature.

resource
unpack001/BTKeyInd.dll
unpack001/BTXPPanel.dll
unpack001/BcbtRmv_1.7.exe
unpack001/BtAudioHelper.dll
unpack001/BtWiaExt.dll
unpack001/BtWizard.dll
unpack001/BtXpShell.dll
unpack001/BtwHtmlPrint.exe
unpack001/CSH.DLL
unpack001/CSH.DLL1
unpack001/CSH.DLL2
unpack001/F28812_BTStackServer.exe
unpack001/F36504_BTNeighborhood.dll
unpack001/F48286_BTNCopy.dll
unpack001/F54510_btwpimif.dll
unpack001/F54512_btrez.dll
unpack001/F54513_bt2k_ins.dll
unpack001/F54515_wbtapi.dll
unpack001/F54902_btcpl.cpl
unpack001/F54937_BTTray.exe
unpack001/F84085_btsec.dll
unpack001/F84465_btdfu.dll
unpack001/F84848_btkrnl.sys
unpack001/F84850_btport.sys
unpack001/F84852_btwdndis.sys
unpack001/F84853_btwdndis.sys
unpack001/F84855_frmupgr.sys
unpack001/F84857_btwdndis.sys
unpack001/F84859_btport.sys
unpack001/F84897_btosif.dll
unpack001/F84927_btosif_notes.dll
unpack001/F84957_btosif_ol.dll
unpack001/F84988_btins.dll
unpack001/F85018_btdev.dll
unpack001/Global_Controls_COMCATDLL_f0.3207D1B0_80E5_11D2_B95D_006097C4DE24
unpack001/Global_System_OLEAUT32_f2.8C0C59A0_7DC8_11D2_B95D_006097C4DE24
unpack001/Global_System_OLEAUT32_f3.8C0C59A0_7DC8_11D2_B95D_006097C4DE24
unpack001/Global_System_OLEPRO32_f0.8C0C59A0_7DC8_11D2_B95D_006097C4DE24
unpack001/Global_System_STDOLE_f1.8C0C59A0_7DC8_11D2_B95D_006097C4DE24
unpack001/Global_VC_ATLANSI_f0.7EBEDD68_AA66_11D2_B980_006097C4DE24
unpack001/Global_VC_ATLUnicode_f1.7EBEDD68_AA66_11D2_B980_006097C4DE24
unpack001/Global_VC_CPPRT60_f0.51D569E3_8A28_11D2_B962_006097C4DE24
unpack001/Global_VC_CRT_f0.51D569E0_8A28_11D2_B962_006097C4DE24
unpack001/Global_VC_IRT_f0.3CE1F932_C090_11D2_977B_006097C4DE24
unpack001/Global_VC_MFC42ANSICore_f0.51D569E2_8A28_11D2_B962_006097C4DE24
unpack001/Global_VC_MFC42UnicodeCore_f0.7EBEDD6A_AA66_11D2_B980_006097C4DE24
unpack001/HIDCLASS.SYS
unpack001/HIDPARSE.SYS
unpack001/WidcommSdk.dll
unpack001/bcbthub.sys
unpack001/bcbthub.sys1
unpack001/bcbthub.sys2
unpack001/bt2kndfl.sys
unpack001/btaudio.sys
unpack001/btaudio.sys1
unpack001/btaudio.sys2
unpack001/btaudio.sys3
unpack001/btbigbmp.dll
unpack001/btbip.dll
unpack001/btchooser.dll
unpack001/btcss.dll
unpack001/btdfuwizardp.exe
unpack001/bthcrp.dll
unpack001/bthcrp98.dll
unpack001/bthcrpui.dll
unpack001/bthcrpui98.dll
unpack001/btmcrcam.dll
unpack001/btosif_olx.dll
unpack001/btpcbcsp.sys
unpack001/btpcbcsp.sys1
unpack001/btpcbcsp.sys2
unpack001/btpch4.sys
unpack001/btpch4.sys1
unpack001/btprn2k.dll
unpack001/btprn98.dll
unpack001/btrez.dll
unpack001/btrez.dll1
unpack001/btrez.dll10
unpack001/btrez.dll11
unpack001/btrez.dll12
unpack001/btrez.dll13
unpack001/btrez.dll14
unpack001/btrez.dll15
unpack001/btrez.dll2
unpack001/btrez.dll3
unpack001/btrez.dll4
unpack001/btrez.dll5
unpack001/btrez.dll6
unpack001/btrez.dll7
unpack001/btrez.dll8
unpack001/btrez.dll9
unpack001/btrezxp.dll
unpack001/btsendto.dll
unpack001/btsendto_explorer.exe
unpack001/btsendto_ie.dll
unpack001/btsendto_notes.dll
unpack001/btsendto_office.dll
unpack001/btsendto_visio2k.vsl
unpack001/btsendto_wab.dll
unpack001/btserial.sys
unpack001/btslbcsp.sys
unpack001/btstart.exe
unpack001/btw_ci.dll
unpack001/btw_ci.dll1
unpack001/btwdins.exe
unpack001/btwhid.sys
unpack001/btwhid98.sys
unpack001/btwhidcs.dll
unpack001/btwiacam.dll
unpack001/btwmodem.sys
unpack001/btwusb.sys
unpack001/btwusb.sys1
unpack001/btwusb.sys2
unpack001/frmupgr.sys
unpack001/frmupgr.sys1
unpack001/gdiplus_dll_2_____X86.3643236F_FC70_11D3_A536_0090278A1BB8
unpack001/gzip.exe
unpack001/lcppn21.dll

Files

fa015f68037d12be466e3256df7701e5_JaffaCakes118
.cab
BTInvoke.dll
BTKeyInd.dll
.dll windows:4 windows x86 arch:x86

150d7f039b1be560b8b5f7beb68d2b34

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
FlushFileBuffers
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
RtlUnwind
SetStdHandle
LoadLibraryA
GetProcAddress
HeapReAlloc
VirtualAlloc
GetOEMCP
GetACP
LCMapStringA
GetTickCount
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
GetCPInfo

user32

CallNextHookEx
GetKeyState
PostMessageA
UnhookWindowsHookEx
DestroyWindow
SetWindowsHookExA
RegisterClassA
GetDesktopWindow
CreateWindowExA
KillTimer
FindWindowExA
GetWindowRect
MoveWindow
RedrawWindow
SetTimer
BeginPaint
GetDC
GetClientRect
FillRect
DrawTextA
ReleaseDC
EndPaint
SetActiveWindow
ShowWindow
DefWindowProcA

gdi32

GetDeviceCaps
SetBkColor
CreateSolidBrush
GetTextExtentPoint32A

Exports

Exports

DisableIndication
EnableIndication

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.JOE
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BTLOADER.VXD
BTNeighborhood.dll.manifest1
.xml
BTSERIAL.VXD
BTSLBCSP.VXD
BTW_hlp.chm1
.chm
BTW_hlp.chm10
.chm
BTW_hlp.chm11
.chm
BTW_hlp.chm12
.chm
BTW_hlp.chm13
.chm
BTW_hlp.chm2
.chm
BTW_hlp.chm3
.chm
BTW_hlp.chm4
.chm
BTW_hlp.chm5
.chm
BTW_hlp.chm6
.chm
BTW_hlp.chm7
.chm
BTW_hlp.chm8
.chm
BTW_hlp.chm9
.chm
BTW_hlp.chm_jp
.chm
BTW_hlp.chm_po
.chm
BTXPPanel.dll
.dll regsvr32 windows:4 windows x86 arch:x86

b90cf586deba6d627ff359590cf07fa9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord1182
ord815
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord3953
ord1193
ord860
ord941
ord1114
ord2623
ord3237
ord1113
ord2486
ord4226
ord800
ord614
ord290
ord1116
ord1176
ord1575
ord1168
ord1577
ord4274
ord342
ord2725
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord540
ord3579
ord823
ord6467
ord1131

msvcrt

_wcsicmp
memcpy
_purecall
__CxxFrameHandler
free
malloc
realloc
memset
memcmp
vsprintf
strlen
strcpy
fclose
fopen
sprintf
strcat
strchr
strcmp
strrchr
wcstol
wcsncmp
_mbscmp
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit

kernel32

LocalAlloc
LocalFree
lstrcmpA
GetSystemDirectoryA
OutputDebugStringA
GlobalAlloc
GlobalLock
GlobalUnlock
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
lstrcatA
lstrcpyA
LoadLibraryA
GetProcAddress
HeapDestroy
IsDBCSLeadByte
lstrcpynA
lstrcmpiA
LoadLibraryExA
GetLastError
FindResourceA
LoadResource
SizeofResource
FreeLibrary
WideCharToMultiByte
GetModuleFileNameA
GetModuleHandleA
GetShortPathNameA
lstrlenA
MultiByteToWideChar
lstrlenW
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection

user32

LoadStringA
SendMessageA
BeginPaint
GetClientRect
EndPaint
InvalidateRect
GetDC
ReleaseDC
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
SetWindowPos
IsWindow
GetParent
SetFocus
GetSysColor
GetWindow
GetKeyState
PtInRect
UnionRect
DefWindowProcA
ShowWindow
SetWindowLongA
GetWindowLongA
CreateWindowExA
CallWindowProcA
CharNextA
RegisterClassExA
wsprintfA
LoadCursorA
GetClassInfoExA
DestroyWindow
IsChild
GetFocus
FillRect
RedrawWindow
GetClassNameA
GetDesktopWindow
CreateAcceleratorTableA
ReleaseCapture
SetCapture
InvalidateRgn
GetDlgItem
RegisterWindowMessageA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
DestroyIcon
DrawIconEx

gdi32

GetStockObject
GetObjectA
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
CreateDCA
LPtoDP
SetMapMode
CreateRectRgnIndirect
DeleteMetaFile
CloseMetaFile
RestoreDC
SetWindowExtEx
SetWindowOrgEx
SaveDC
CreateMetaFileA
GetDeviceCaps
DeleteDC
SetViewportOrgEx

advapi32

RegQueryValueExA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA

shell32

ExtractIconExA

ole32

OleUninitialize
OleInitialize
CreateStreamOnHGlobal
OleLockRunning
StringFromCLSID
CLSIDFromString
CLSIDFromProgID
CreateOleAdviseHolder
OleSaveToStream
WriteClassStm
CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CreateDataAdviseHolder
OleRegGetMiscStatus
OleRegGetUserType
OleRegEnumVerbs
OleLoadFromStream

olepro32

ord253
ord250

oleaut32

LoadRegTypeLi
SysStringByteLen
SysAllocStringByteLen
VariantChangeType
RegisterTypeLi
LoadTypeLi
SysAllocString
VarUI4FromStr
SysFreeString
VariantClear
SysAllocStringLen
SysStringLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BTXPPanel.tlb
BcbtRmv_1.7.exe
.exe windows:4 windows x86 arch:x86

e1697d55cdb97ba9061077a247545c17

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHDeleteKeyA

advapi32

RegEnumKeyExA
RegCloseKey
RegOpenKeyA
RegQueryValueExA

setupapi

SetupDiRemoveDevice
SetupDiDestroyDeviceInfoList
SetupDiSetClassInstallParamsA
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

mfc42

ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord2621
ord823
ord1168
ord1134
ord6199
ord3873
ord3092
ord4710
ord5265
ord4376
ord4853
ord4998
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord641
ord4234
ord1146
ord800
ord4160
ord540
ord2863
ord2379
ord755
ord470
ord3876
ord2642
ord1576

msvcrt

__CxxFrameHandler
fclose
fprintf
fopen
vsprintf
__dllonexit
sprintf
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
toupper
_setmbcp

kernel32

GetVersion
GetStartupInfoA
GetModuleHandleA
GetCommandLineA
GetLastError
FormatMessageA
LocalFree
ExpandEnvironmentStringsA
SetFileAttributesA
DeleteFileA
GetModuleFileNameA

user32

DrawIcon
GetClientRect
LoadIconA
SendMessageA
AppendMenuA
GetSystemMenu
EnableWindow
GetSystemMetrics
IsIconic

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
BtAudio.inf
BtAudio.inf1
BtAudio.inf2
BtAudioHelper.dll
.dll windows:4 windows x86 arch:x86

cef861f0596d864ce21d4752b72fca73

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
SetEvent
CloseHandle
WaitForMultipleObjects
CreateEventA
SetThreadPriority
ResumeThread
lstrcmpA
LoadLibraryA
GetProcAddress
FreeLibrary
ResetEvent
GetVersionExA
FlushFileBuffers
GetStringTypeW
GetStringTypeA
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
SetFilePointer
VirtualAlloc
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetModuleHandleA
GetEnvironmentStringsW
InterlockedDecrement
InterlockedIncrement
GetLastError
CreateThread
GetCurrentThreadId
TlsSetValue
TlsGetValue
ExitThread
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapAlloc
HeapSize
HeapFree
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TlsAlloc
TlsFree
SetLastError
UnhandledExceptionFilter
RtlUnwind
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings

advapi32

RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyExA
RegQueryValueExA
RegEnumValueA

winmm

waveInStart
waveOutWrite
waveInStop
waveInReset
waveOutReset
waveOutSetVolume
waveOutGetVolume
waveInUnprepareHeader
waveOutUnprepareHeader
waveInClose
waveOutClose
waveInOpen
waveOutOpen
waveInPrepareHeader
waveInAddBuffer
waveOutPrepareHeader
waveOutMessage
waveInMessage
waveInGetNumDevs
waveInGetDevCapsA
waveOutGetNumDevs
waveOutGetDevCapsA
timeEndPeriod
timeGetDevCaps
timeBeginPeriod

Exports

Exports

CloseConnection
CloseMicrophoneConnection
CloseSpeakerConnection
DisableMultimediaTimer
EnableMultimediaTimer
FindBtAudioDevice
FindBtAudioInputDevice
FindBtAudioOutputDevice
GetNumberWaveInDevices
GetNumberWaveOutDevices
GetPreferredDeviceFlag
GetPreferredWaveInDevice
GetPreferredWaveOutDevice
GetSpeakerVolume
GetWaveInDeviceInfo
GetWaveOutDeviceInfo
IsBtAudioDevicePresent
IsBtAudioInputDevicePresent
IsBtAudioOutputDevicePresent
IsMultimediaTimerEnabled
OpenConnection
OpenMicrophoneConnection
OpenSpeakerConnection
SetPreferredDeviceFlag
SetPreferredWaveInDevice
SetPreferredWaveOutDevice
SetSpeakerVolume
SetupDefaultAudio

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

COMSEC
Size: 4KB - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BtWiaExt.dll
.dll regsvr32 windows:4 windows x86 arch:x86

087ded3be0233633133702d2cca85634

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

setupapi

SetupDiOpenDevRegKey
SetupDiGetDeviceRegistryPropertyA

shlwapi

SHGetValueA

mfc42

ord1168
ord6467
ord1131
ord2725
ord3953
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord1116
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord815
ord4274
ord823
ord825
ord269
ord826
ord600
ord1578
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1575
ord1176

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
_onexit
__dllonexit
_stricmp
memcpy
memset
__CxxFrameHandler
memcmp
_purecall
free
malloc
realloc
_except_handler3
strlen
sscanf
strcat
vsprintf

kernel32

GetModuleFileNameA
GetModuleHandleA
GetShortPathNameA
lstrlenA
lstrlenW
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
OutputDebugStringA
lstrcpyA
FreeLibrary
WideCharToMultiByte
GetVersionExA
IsDBCSLeadByte
HeapDestroy
LoadLibraryA
lstrcatA
LocalFree
LocalAlloc
SizeofResource
LoadResource
FindResourceA
GetLastError
SetLastError
LoadLibraryExA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
LoadLibraryW
GetModuleFileNameW
lstrcmpiA
lstrcpynA
MultiByteToWideChar

user32

LoadImageA
CopyIcon
DestroyIcon
CharNextA

advapi32

RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
LoadTypeLi
RegisterTypeLi
VarUI4FromStr

Exports

Exports

BtWiaCoInstallClass
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BtWizard.dll
.dll regsvr32 windows:4 windows x86 arch:x86

4cb208de2692aa26e63afadb241d16dd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_strdup
_adjust_fdiv
_initterm
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
??1type_info@@UAE@XZ
_stricmp
toupper
isdigit
vsprintf
atoi
_strupr
time
srand
rand
qsort
__RTDynamicCast
realloc
_purecall
wcsrchr
wcsncpy
fopen
fwrite
fclose
sscanf
_mbschr
_mbsnbcpy
strchr
malloc
wcslen
wcscpy
wcscat
swprintf
wcscmp
strcat
strcmp
strstr
_strnicmp
strtol
_mbsicmp
_mbscmp
strcpy
calloc
free
sprintf
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z
strlen
memcmp
memcpy
memset
_beginthreadex
_ltoa

wbtapi

?SetOnHSPConnectionStatusChangedCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11JJ@Z0@Z
?GapStartInquiry@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearSppStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearInquiryCompleteCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearDunStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearLapStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearFaxStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?BtmDeviceIsReady@CWBtAPI@@QAEHXZ
?ClearHAGConnectionStatusChangedCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearHSPConnectionStatusChangedCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?GapGetActiveConnections@CWBtAPI@@QAE?AW4WBtRc@@PAJJPAUtBT_ACTIVE_CONNS@@@Z
?BtmResetConfiguration@CWBtAPI@@QAE?AW4WBtRc@@XZ
?SetOnDeviceFoundNoFiltersCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11H@Z0@Z
??1CWBtAPI@@QAE@XZ
?ConnectToServer@CWBtAPI@@QAE?AW4WBtRc@@_NI00@Z
??0CWBtAPI@@QAE@XZ
?SppCreateConnection@CWBtAPI@@QAE?AW4WBtRc@@QAEABU_GUID@@PBDH@Z
?GapGetLocalServices@CWBtAPI@@QAE?AW4WBtRc@@PAHHPAUtBT_SERVICE_INFO@@@Z
?HAG_RemoveServerConnection@CWBtAPI@@QAE?AW4WBtRc@@J@Z
?HSP_RemoveServerConnection@CWBtAPI@@QAE?AW4WBtRc@@J@Z
?Hid_Disconnect@CWBtAPI@@QAE?AW4WBtRc@@QAEJ@Z
?Hid_Connect@CWBtAPI@@QAE?AW4WBtRc@@QAEJ@Z
?HAG_CreateServerConnection@CWBtAPI@@QAE?AW4WBtRc@@XZ
?HSP_CreateServerConnection@CWBtAPI@@QAE?AW4WBtRc@@XZ
?SyncCreateServerConnection@CWBtAPI@@QAE?AW4WBtRc@@U_GUID@@@Z
?SetOnHAGConnectionStatusChangedCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11JJ@Z0@Z
?FtpCreateServerConnection@CWBtAPI@@QAE?AW4WBtRc@@U_GUID@@@Z
?OppCreateServerConnection@CWBtAPI@@QAE?AW4WBtRc@@U_GUID@@@Z
?FaxCreateConnection@CWBtAPI@@QAE?AW4WBtRc@@QAEABU_GUID@@PBDH@Z
?LapCreateConnection@CWBtAPI@@QAE?AW4WBtRc@@QAEABU_GUID@@PBDH@Z
?HcrpCreateConnection@CWBtAPI@@QAE?AW4WBtRc@@QAEABU_GUID@@PBD@Z
?DunCreateConnection@CWBtAPI@@QAE?AW4WBtRc@@QAEABU_GUID@@PBDH@Z
?ClearDeviceFoundNoFiltersCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?SetOnFaxStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11ABU_GUID@@FJ@Z0@Z
?SetOnLapStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11ABU_GUID@@FJ@Z0@Z
?SetOnDunStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11ABU_GUID@@FJ@Z0@Z
?SetOnSppStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11ABU_GUID@@FJ@Z0@Z
?HSP_ConnectGateway@CWBtAPI@@QAE?AW4WBtRc@@QAEPBD@Z
?HAG_ConnectHeadset@CWBtAPI@@QAE?AW4WBtRc@@QAEPBD@Z
?DunRemoveConnection@CWBtAPI@@QAE?AW4WBtRc@@HF@Z
?GapStopInquiry@CWBtAPI@@QAE?AW4WBtRc@@XZ
?SetOnInquiryCompleteCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJF@Z0@Z

widcommsdk

??0CSdpDiscoveryRec@@QAE@XZ
?Bond@CBtIf@@QAE?AW4BOND_RETURN_CODE@1@QAEPAD@Z
?OnDiscoveryComplete@CBtIf@@UAEXXZ
?OnAudioDisconnect@CBtIf@@UAEXG@Z
?OnAudioConnected@CBtIf@@UAEXG@Z
??1CBtIf@@UAE@XZ
??1CSdpDiscoveryRec@@QAE@XZ
?FindAttribute@CSdpDiscoveryRec@@QAEHGPAUSDP_DISC_ATTTR_VAL@@@Z
?ReadDiscoveryRecords@CBtIf@@QAEHQAEHPAVCSdpDiscoveryRec@@PAU_GUID@@@Z
?UnBond@CBtIf@@QAEHQAE@Z
?BondQuery@CBtIf@@QAEHQAE@Z
?IsDeviceReady@CBtIf@@QAEHXZ
?StartDiscovery@CBtIf@@QAEHQAEPAU_GUID@@@Z
??0CBtIf@@QAE@XZ

btosif

OSIF_IsPresent

rasapi32

RasGetErrorStringA

shlwapi

SHDeleteKeyA
SHGetValueA
SHSetValueA

setupapi

SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

ws2_32

send
recv
WSAStartup
socket
bind
closesocket
accept
listen

mfc42

ord1578
ord1255
ord1570
ord1197
ord1243
ord1577
ord1575
ord1176
ord1116
ord600
ord860
ord800
ord4160
ord540
ord641
ord324
ord5265
ord4376
ord4853
ord4998
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord3597
ord858
ord2817
ord3092
ord941
ord4234
ord5953
ord2818
ord6199
ord4710
ord4204
ord2882
ord939
ord537
ord5850
ord2881
ord2646
ord926
ord6055
ord1776
ord5290
ord3402
ord4424
ord567
ord2135
ord818
ord1949
ord4034
ord4274
ord815
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5714
ord4622
ord3738
ord561
ord3953
ord2725
ord1131
ord3571
ord3626
ord3663
ord2414
ord2528
ord1641
ord1151
ord1253
ord1134
ord342
ord1182
ord1193
ord6467
ord5289
ord6215
ord2086
ord1146
ord3721
ord795
ord2370
ord2301
ord2302
ord6334
ord3286
ord6907
ord6007
ord3998
ord3701
ord772
ord6142
ord500
ord6601
ord2582
ord4402
ord3370
ord3640
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord2575
ord4396
ord3574
ord5161
ord4905
ord4948
ord4358
ord4377
ord4854
ord5287
ord4835
ord609
ord686
ord693
ord616
ord384
ord6485
ord768
ord2864
ord4258
ord4976
ord4299
ord6880
ord3996
ord6696
ord1642
ord2453
ord2862
ord2096
ord4284
ord1168
ord5860
ord6905
ord6656
ord2379
ord2642
ord5849
ord4742
ord6453
ord535
ord2688
ord3361
ord4055
ord5162
ord3610
ord656
ord1779
ord3874
ord5802
ord826
ord2860
ord781
ord1916
ord4275
ord5160
ord2116
ord5937
ord2111
ord3098
ord4224
ord3619
ord5981
ord6602
ord6592
ord5288
ord4439
ord2054
ord4431
ord6529
ord613
ord289
ord6568
ord6488
ord4259
ord4715
ord5303
ord2726
ord4699
ord5715
ord3353
ord565
ord817
ord1948
ord1200
ord4287
ord541
ord2614
ord801
ord6143
ord5572
ord2915
ord269
ord2078

kernel32

DeleteCriticalSection
GetShortPathNameA
InitializeCriticalSection
LoadResource
GetModuleHandleA
DeleteFileA
FindFirstFileA
FindClose
CloseHandle
Sleep
GetLastError
DeviceIoControl
CreateFileA
GetVersionExA
FreeLibrary
SetFileAttributesA
GetProcAddress
LoadLibraryA
CreateThread
OutputDebugStringA
GetModuleFileNameA
lstrcmpiA
Module32Next
Module32First
Process32Next
Process32First
CreateToolhelp32Snapshot
TerminateProcess
OpenProcess
LocalFree
FormatMessageA
SetLastError
GetSystemDirectoryA
WaitForMultipleObjects
TerminateThread
CreateEventA
WideCharToMultiByte
GetTickCount
FileTimeToDosDateTime
GetSystemTimeAsFileTime
MultiByteToWideChar
ReadFile
GetFileSize
lstrlenW
lstrlenA
InterlockedIncrement
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
lstrcmpA
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
GlobalUnlock
GlobalLock
GlobalAlloc
GetProfileStringA
WaitForSingleObject
CreateProcessA
SetEvent
SizeofResource
GlobalFree
CreateMutexA
CallNamedPipeA
ReleaseMutex
EnumResourceNamesA
GetComputerNameA
LocalAlloc
LocalLock
OpenEventA
lstrcatA
lstrcpyA
HeapDestroy
IsDBCSLeadByte
lstrcpynA
LoadLibraryExA
FindResourceA
CreateDirectoryA

user32

GetWindowTextA
GetDlgItem
GetClassNameA
FindWindowA
EnumWindows
KillTimer
SetTimer
EnableWindow
GetQueueStatus
MsgWaitForMultipleObjects
wsprintfW
wsprintfA
SetWindowLongA
DefWindowProcA
GetWindowLongA
CallWindowProcA
GetSysColor
SetFocus
GetWindow
IsChild
GetFocus
ReleaseDC
EndPaint
FillRect
GetClientRect
BeginPaint
SetWindowPos
IsWindow
RedrawWindow
GetParent
GetDesktopWindow
CreateAcceleratorTableA
DestroyWindow
CreateWindowExA
RegisterClassExA
LoadCursorA
GetClassInfoExA
ReleaseCapture
MessageBoxA
InvalidateRect
InvalidateRgn
RegisterWindowMessageA
SetWindowTextA
GetWindowTextLengthA
InsertMenuA
LoadStringA
UpdateWindow
SetForegroundWindow
BringWindowToTop
LoadBitmapA
GetKeyState
PtInRect
UnionRect
ShowWindow
CharNextA
SetWindowRgn
OffsetRect
EqualRect
IntersectRect
LoadIconA
SetCursor
HideCaret
SetDlgItemTextW
SystemParametersInfoA
GetSystemMetrics
CreateWindowExW
SetClassLongW
CheckRadioButton
CheckDlgButton
CallWindowProcW
GetForegroundWindow
PostMessageA
SendMessageA
PeekMessageA
GetWindowRect
DestroyIcon
SetCapture
LoadImageA
GetDC

gdi32

CreateDCA
LPtoDP
SetMapMode
SetViewportOrgEx
CreateMetaFileA
SaveDC
SetWindowOrgEx
SetWindowExtEx
RestoreDC
CloseMetaFile
CreateFontIndirectA
CreateRectRgnIndirect
GetStockObject
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
BitBlt
GetDeviceCaps
GetObjectA
CreateCompatibleDC
SelectObject
DeleteMetaFile
DeleteDC

winspool.drv

GetPrinterDataA
OpenPrinterA
ClosePrinter
GetPrinterA
EnumJobsA
EnumPrintersA

advapi32

RegEnumValueA
CryptImportKey
CryptDecrypt
CryptGetUserKey
CryptGenKey
CryptExportKey
CryptEncrypt
CryptDestroyKey
InitializeSecurityDescriptor
CryptSetProvParam
RegQueryInfoKeyA
RegDeleteValueA
OpenSCManagerA
OpenServiceA
ControlService
QueryServiceStatus
StartServiceA
CloseServiceHandle
RegCreateKeyExA
RegEnumKeyExA
RegDeleteKeyA
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
GetUserNameW
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA

shell32

SHGetMalloc
SHGetDesktopFolder
ShellExecuteA
SHChangeNotify
SHGetSpecialFolderPathA
SHGetSpecialFolderLocation
SHInvokePrinterCommandA

comctl32

ImageList_Destroy
ImageList_ReplaceIcon

ole32

StringFromGUID2
CreateOleAdviseHolder
OleSaveToStream
WriteClassStm
OleLoadFromStream
CoTaskMemRealloc
CreateDataAdviseHolder
OleRegGetMiscStatus
OleRegGetUserType
OleRegEnumVerbs
CoInitialize
CoUninitialize
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
OleLockRunning
CoTaskMemAlloc
StringFromCLSID
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoTaskMemFree

olepro32

ord250
ord253

oleaut32

SysStringByteLen
SysAllocStringByteLen
VariantChangeType
RegisterTypeLi
LoadTypeLi
VarUI4FromStr
LoadRegTypeLi
SysAllocString
VariantClear
SysFreeString
SysStringLen
SysAllocStringLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
RunMyComputerShortcut
ShowWizard

Sections

.text
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512KB - Virtual size: 510KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BtXpShell.dll
.dll windows:4 windows x86 arch:x86

6a21b2ba0ff570c8bf6244d101625d45

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord5731
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord2512
ord2554
ord4486
ord6375
ord2976
ord4274
ord1255
ord6467
ord269
ord826
ord600
ord1578
ord1116

msvcrt

__CxxFrameHandler
??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
??2@YAPAXI@Z

kernel32

LocalFree
DeactivateActCtx
CreateActCtxA
ActivateActCtx
LocalAlloc

user32

SendMessageA

Exports

Exports

BtActivateComCtl6
BtDeactivateActCtx
BtGetView
BtSetView
FVMtoLV
LVtoFVM
SetTileColumns

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BtwHtmlPrint.exe
.exe .js windows:4 windows x86 arch:x86 polyglot

5725b83cadb7b145af262557c1ef014b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord3663
ord296
ord561
ord825
ord6442
ord567
ord823
ord5214
ord1134
ord2725
ord4226
ord2486
ord1113
ord3237
ord2396
ord1114
ord3579
ord540
ord290
ord614
ord800
ord1238
ord941
ord860
ord6055
ord4078
ord1776
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord5277
ord3402
ord4627
ord2135
ord818
ord1949
ord1576
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord617
ord815
ord2623
ord4274
ord1168

msvcrt

strstr
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
strtod
fopen
fprintf
strrchr
malloc
free
_wfopen
fwrite
strtoul
strncmp
_setmbcp
_stricmp
_strlwr
_wcsicmp
__CxxFrameHandler
vsprintf
wcscmp
fclose

kernel32

GetLastError
lstrlenA
MultiByteToWideChar
GetStartupInfoA
GetModuleHandleA
OutputDebugStringA
WideCharToMultiByte

user32

PostThreadMessageA
SetTimer
EnableWindow
KillTimer

winspool.drv

ord201
ClosePrinter
OpenPrinterA
GetPrinterA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

ole32

CoInitialize
CoCreateInstance

oleaut32

VariantInit
VariantClear
SysFreeString
SysAllocString

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CSH.DLL
.dll windows:4 windows x86 arch:x86

a3342d3374c8784f211a1bf7c4cda8f6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetCurrentThreadId
GetProcAddress
FreeLibrary
GetModuleFileNameA
SetFilePointer
ReadFile
GlobalAlloc
GlobalLock
CreateFileW
GlobalHandle
GlobalUnlock
GlobalFree
lstrcpyA
CreateFileA
GetModuleHandleA
HeapDestroy
HeapCreate
GetLastError
GetLocaleInfoA
GetStringTypeA
LCMapStringW
GetStringTypeW
LCMapStringA
TlsSetValue
TlsAlloc
SetStdHandle
FlushFileBuffers
VirtualAlloc
HeapFree
TlsFree
HeapAlloc
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLocaleInfoW
GetVersion
WriteFile
FindResourceA
GetCommandLineA
CloseHandle
GetCPInfo
GetACP
GetOEMCP
ExitProcess
TerminateProcess
GetCurrentProcess
WideCharToMultiByte
GetFileType
SetLastError
TlsGetValue
GetStartupInfoA
DeleteCriticalSection
VirtualFree
SetHandleCount
FreeEnvironmentStringsA
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStrings
MultiByteToWideChar
GetEnvironmentStringsW

user32

WinHelpA
GetParent
GetDlgCtrlID
UnhookWindowsHookEx
SetWindowsHookExA
CreateWindowExA
RegisterClassA
EnumChildWindows
GetWindowLongA
MessageBoxA
SetWindowLongA
LoadIconA
ChildWindowFromPoint
GetWindowContextHelpId
SetWindowPos
ReleaseDC
GetDC
PostMessageA
SendMessageA
IsWindow
DestroyWindow
RegisterWindowMessageA
LoadStringA
ScreenToClient
DefWindowProcA
GetWindowTextA
GetWindowRect
GetClassNameA
GetActiveWindow
wsprintfA
CallNextHookEx

comdlg32

GetOpenFileNameA

advapi32

RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

gdi32

GetDeviceCaps

Exports

Exports

BSDeleteRegistryData
BSReadRegistryData
BSWriteRegistryData
CSHContextHelp
CSHContextHelp_
CSHContextMenu
CSHContextMenu_
CSHCtxHlpEditHook
CSHInitialize
CSHInitialize_
CSHRegisterDialog
CSHRegisterDialog_
GetDllVersionCSH
WM_EDITCAPTUREDIALOG
WM_IPEEDIT
WM_IPEFASTFORWARD
WM_IPEFOCUS
WM_IPEGETCTRLDATA
WM_IPEGETDEFAULTFONT
WM_IPENEXTDIALOG
WM_IPEPREVDIALOG
WM_IPERESTORE
WM_IPERESYNC
WM_IPEREWIND
WM_IPESAVECTRL
WM_IPESETCTRLDATA
WM_IPESETDEFAULTFONT
WM_IPESHUTDOWN
WM_IPESTARTUP
WM_IPESTEPBACK
WM_IPESTEPFORWARD
_CSHContextHelp
_CSHContextMenu
_CSHInitialize
_CSHRegisterDialog

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CSH.DLL1
.dll windows:4 windows x86 arch:x86

f50f253942b7414384fa83f3bb107b34

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
FreeLibrary
GetCurrentThreadId
CreateFileW
GetModuleFileNameA
GetProcAddress
LoadLibraryA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetVersion
GetACP
GetCommandLineA
LCMapStringW
LCMapStringA
SetStdHandle
FlushFileBuffers
HeapFree
HeapAlloc
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
MultiByteToWideChar
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetStdHandle
GetFileType
SetHandleCount
HeapDestroy
SetFilePointer
ReadFile
CloseHandle
GlobalHandle
GlobalUnlock
GlobalFree
GlobalAlloc
GetCPInfo
GetStringTypeW
GlobalLock
GetStringTypeA
CreateFileA
WriteFile
HeapCreate
GetModuleHandleA
TlsGetValue
GetLastError
GetOEMCP
ExitProcess
TerminateProcess
GetCurrentProcess
TlsSetValue
TlsAlloc
TlsFree
SetLastError

user32

LoadStringA
wsprintfA
SetWindowLongA
LoadIconA
ChildWindowFromPoint
DefWindowProcA
GetActiveWindow
CallNextHookEx
RegisterClassA
CreateWindowExA
SetWindowsHookExA
UnhookWindowsHookEx
WinHelpA
SendMessageA
IsWindow
DestroyWindow
RegisterWindowMessageA
MessageBoxA
EnumChildWindows
GetDlgCtrlID
GetWindowTextA
GetWindowRect
ScreenToClient
GetParent
GetClassNameA
GetWindowLongA
GetDC
SetWindowPos
ReleaseDC

comdlg32

GetOpenFileNameA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

gdi32

GetDeviceCaps

Exports

Exports

BSDeleteRegistryData
BSReadRegistryData
BSWriteRegistryData
CSHContextHelp
CSHContextHelp_
CSHContextMenu
CSHContextMenu_
CSHCtxHlpEditHook
CSHInitialize
CSHInitialize_
CSHRegisterDialog
CSHRegisterDialog_
GetDllVersionCSH
WM_EDITCAPTUREDIALOG
WM_IPEEDIT
WM_IPEFASTFORWARD
WM_IPEFOCUS
WM_IPEGETCTRLDATA
WM_IPEGETDEFAULTFONT
WM_IPENEXTDIALOG
WM_IPEPREVDIALOG
WM_IPERESTORE
WM_IPERESYNC
WM_IPEREWIND
WM_IPESAVECTRL
WM_IPESETCTRLDATA
WM_IPESETDEFAULTFONT
WM_IPESHUTDOWN
WM_IPESTARTUP
WM_IPESTEPBACK
WM_IPESTEPFORWARD
_CSHContextHelp
_CSHContextMenu
_CSHInitialize
_CSHRegisterDialog

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CSH.DLL2
.dll windows:4 windows x86 arch:x86

740aa0c01f00840df627194488883d15

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalUnlock
GlobalHandle
FreeLibrary
GetModuleFileNameA
GetCurrentThreadId
GetProcAddress
LoadLibraryA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetVersion
GetACP
GetCommandLineA
LCMapStringW
LCMapStringA
SetStdHandle
FlushFileBuffers
HeapFree
HeapAlloc
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
MultiByteToWideChar
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetStdHandle
GetFileType
SetHandleCount
HeapDestroy
ReadFile
SetFilePointer
CloseHandle
GlobalAlloc
GlobalLock
CreateFileW
GlobalFree
GetCPInfo
GetStringTypeW
CreateFileA
GetStringTypeA
lstrcpyA
WriteFile
HeapCreate
GetModuleHandleA
TlsGetValue
GetLastError
GetOEMCP
ExitProcess
TerminateProcess
GetCurrentProcess
TlsSetValue
TlsAlloc
TlsFree
SetLastError

user32

wsprintfA
LoadStringA
MessageBoxA
ChildWindowFromPoint
DefWindowProcA
GetActiveWindow
CallNextHookEx
RegisterClassA
CreateWindowExA
SetWindowsHookExA
UnhookWindowsHookEx
WinHelpA
IsWindow
DestroyWindow
EnumChildWindows
GetDlgCtrlID
GetWindowTextA
GetWindowRect
ScreenToClient
GetClassNameA
GetWindowLongA
SetWindowLongA
GetParent
LoadIconA
SendMessageA
RegisterWindowMessageA
GetDC
SetWindowPos
ReleaseDC

comdlg32

GetOpenFileNameA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

gdi32

GetDeviceCaps

Exports

Exports

BSDeleteRegistryData
BSReadRegistryData
BSWriteRegistryData
CSHContextHelp
CSHContextHelp_
CSHContextMenu
CSHContextMenu_
CSHCtxHlpEditHook
CSHInitialize
CSHInitialize_
CSHRegisterDialog
CSHRegisterDialog_
GetDllVersionCSH
WM_EDITCAPTUREDIALOG
WM_IPEEDIT
WM_IPEFASTFORWARD
WM_IPEFOCUS
WM_IPEGETCTRLDATA
WM_IPEGETDEFAULTFONT
WM_IPENEXTDIALOG
WM_IPEPREVDIALOG
WM_IPERESTORE
WM_IPERESYNC
WM_IPEREWIND
WM_IPESAVECTRL
WM_IPESETCTRLDATA
WM_IPESETDEFAULTFONT
WM_IPESHUTDOWN
WM_IPESTARTUP
WM_IPESTEPBACK
WM_IPESTEPFORWARD
_CSHContextHelp
_CSHContextMenu
_CSHInitialize
_CSHRegisterDialog

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
F28812_BTStackServer.exe
.exe windows:4 windows x86 arch:x86

9091304f09d08d77d6fa17aa5824ecbf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

btins

BTINS_ConfigureServices
?BTINS_DisableOutlookPreFirstRunMessage@@YAXXZ

btosif

OSIF_Close
OSIF_GetObjectName
OSIF_CodeToString
OSIF_WriteObject
OSIF_GetNextObject
OSIF_IsSupported
OSIF_IsPimSupported
OSIF_IsPresent
OSIF_GetFirstObject
OSIF_GetObjectById
OSIF_CL_Open
OSIF_CL_Close
OSIF_DeleteObject
OSIF_CL_GetCurrentAnchor
OSIF_CL_GetDatabaseId
OSIF_GetNextId
OSIF_GetFirstId
OSIF_CL_GetNextEntry
OSIF_CL_GetFirstEntry
OSIF_Open
OSIF_OpenX
OSIF_FreeObject
OSIF_AddObject
OSIF_ModifyObject
OSIF_FindObject
OSIF_ReadObjects
OSIF_GetObjectCount

iphlpapi

GetInterfaceInfo
IpReleaseAddress
IpRenewAddress
GetAdaptersInfo

ws2_32

ntohl
WSAStartup
socket
sendto
bind

setupapi

SetupDiOpenDevRegKey
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiClassGuidsFromNameA
SetupDiEnumDeviceInfo

shlwapi

PathRemoveFileSpecW
SHSetValueA
PathIsDirectoryA
PathFileExistsA
PathRemoveFileSpecA
PathFindNextComponentA
UrlGetPartW
PathCombineA
PathIsDirectoryW
SHDeleteKeyA

msi

ord75
ord73

btaudiohelper

IsBtAudioDevicePresent
GetNumberWaveOutDevices
SetPreferredWaveOutDevice
SetPreferredWaveInDevice
GetPreferredWaveOutDevice
GetPreferredWaveInDevice
FindBtAudioDevice
DisableMultimediaTimer
EnableMultimediaTimer
CloseSpeakerConnection
CloseMicrophoneConnection
GetSpeakerVolume
OpenMicrophoneConnection
OpenSpeakerConnection
SetSpeakerVolume
SetupDefaultAudio

msvcrt

_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
??1type_info@@UAE@XZ
_chkesp
strrchr
rand
_ftol
wcstoul
wcsstr
fseek
ftell
_wcslwr
wcstol
strtoul
strchr
_strlwr
_ltow
towlower
wcsrchr
wcschr
fwrite
fread
fclose
_wfopen
fopen
_mbsicoll
swprintf
_strnicmp
strtol
wcscat
atof
wcsncmp
wcsncpy
_endthread
mktime
localtime
asctime
__p__commode
__mb_cur_max
_isctype
_pctype
tolower
strncpy
strncmp
memmove
_mbsstr
__RTDynamicCast
_beginthreadex
calloc
_CxxThrowException
realloc
wcscmp
_mbsnbcat
_mbschr
_mbsicmp
_mbsnbcpy
strcat
_stricmp
_memicmp
wcscpy
wcslen
atoi
_mbscmp
_purecall
strcmp
memcpy
isdigit
toupper
??2@YAPAXI@Z
strstr
memcmp
__CxxFrameHandler
malloc
free
_mbsnbcmp
_strupr
sscanf
strlen
isprint
sprintf
strcpy
??3@YAXPAX@Z
vsprintf
memset
fgetc
_waccess
time
__p__fmode
__set_app_type
gmtime
_controlfp
_wcsicmp
_ltoa
_ultoa
_ultow
atol
_wrename
_wremove

mfc42

ord1151
ord1168
ord1193
ord860
ord540
ord535
ord939
ord2818
ord858
ord1601
ord537
ord1200
ord539
ord6467
ord3663
ord5450
ord6394
ord5440
ord6383
ord2841
ord2107
ord801
ord541
ord941
ord922
ord924
ord5861
ord4160
ord5710
ord4129
ord2763
ord713
ord3984
ord920
ord414
ord6141
ord3584
ord543
ord803
ord1269
ord938
ord3810
ord4202
ord5575
ord2141
ord433
ord5651
ord3130
ord3676
ord350
ord3126
ord3613
ord2614
ord6143
ord5572
ord2915
ord3337
ord3811
ord2813
ord5933
ord2764
ord4204
ord3439
ord700
ord398
ord3127
ord3616
ord5442
ord3318
ord665
ord5186
ord354
ord3499
ord641
ord2515
ord355
ord928
ord5934
ord932
ord2820
ord2827
ord5265
ord4376
ord4853
ord4998
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord3597
ord324
ord6199
ord3092
ord4710
ord4287
ord4234
ord2396
ord3346
ord5300
ord5303
ord2726
ord4079
ord4699
ord5307
ord5715
ord3353
ord4622
ord4424
ord817
ord565
ord1948
ord3954
ord798
ord1997
ord5465
ord532
ord913
ord6883
ord6283
ord6282
ord5683
ord6928
ord6407
ord5466
ord6877
ord269
ord826
ord600
ord1578
ord1243
ord1176
ord800
ord5289

kernel32

GetStartupInfoA
LocalAlloc
GetSystemDefaultLangID
GetSystemInfo
GetComputerNameA
GetCurrentDirectoryA
WideCharToMultiByte
DeviceIoControl
CreateFileA
CloseHandle
Sleep
GetVersionExA
FreeLibrary
GetProcAddress
LoadLibraryA
SetLastError
GetLastError
OutputDebugStringA
MultiByteToWideChar
ReleaseMutex
CallNamedPipeA
GetWindowsDirectoryA
GlobalMemoryStatus
TerminateThread
WaitForMultipleObjects
ResetEvent
WinExec
lstrcmpA
GlobalAlloc
GlobalFree
FormatMessageA
GetTempFileNameW
GetTempFileNameA
GetCommModemStatus
WaitCommEvent
WriteFile
ClearCommError
ReadFile
GetOverlappedResult
EscapeCommFunction
PurgeComm
SetupComm
GetCommState
SetCommState
SetCommMask
SetCommTimeouts
FindFirstFileW
FindNextFileW
FindNextFileA
CreateFileW
GetTimeZoneInformation
SetFileTime
MoveFileW
MoveFileA
CreateDirectoryW
RemoveDirectoryW
RemoveDirectoryA
SetFileAttributesA
SetFileAttributesW
DeleteFileW
GetFileAttributesExW
GetFileAttributesExA
FileTimeToSystemTime
GetFileAttributesA
GetFileAttributesW
GetTempPathW
DeleteFileA
GetTempPathA
SetThreadExecutionState
LocalFree
GetProfileStringA
OpenEventA
TlsGetValue
TlsSetValue
GetTickCount
TlsAlloc
CreateSemaphoreA
lstrcatA
lstrcpyA
GetModuleFileNameA
GetShortPathNameA
HeapDestroy
SetProcessShutdownParameters
GetCommandLineA
GetCurrentThreadId
lstrcmpiA
IsValidCodePage
GetCurrentThread
DuplicateHandle
GetCurrentProcessId
CopyFileA
SetEnvironmentVariableA
lstrlenA
GetSystemTimeAsFileTime
FileTimeToDosDateTime
CreateDirectoryA
CompareFileTime
GetSystemTime
SystemTimeToFileTime
OpenMutexA
GetCurrentProcess
SetPriorityClass
lstrlenW
ReleaseSemaphore
OpenSemaphoreA
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleA
GetEnvironmentVariableA
GetLocaleInfoA
GetSystemDirectoryA
FindFirstFileA
FindClose
CreateProcessA
WaitForSingleObject
CreateMutexA
CreateEventA
CreateThread
SetEvent

user32

GetDesktopWindow
GetWindowLongA
GetWindowTextW
GetClassNameA
GetParent
LoadStringW
EnableWindow
GetForegroundWindow
GetSystemMetrics
BringWindowToTop
SetForegroundWindow
CreatePopupMenu
DestroyMenu
keybd_event
PeekMessageA
KillTimer
MessageBoxA
DefWindowProcA
RegisterClassExA
CreateWindowExA
SetWindowLongA
SetTimer
GetMessageA
DispatchMessageA
SendMessageA
CharNextA
PostThreadMessageA
LoadStringA
UnregisterDeviceNotification
RegisterDeviceNotificationA
CallWindowProcW
GetDlgItem
CheckDlgButton
CheckRadioButton
PostMessageA
CreateWindowExW
IsWindow
SetClassLongW
FindWindowExA
DestroyWindow

winspool.drv

EnumJobsA
GetPrinterA
ClosePrinter
OpenPrinterA
EnumPrintersA
EndPagePrinter
SetJobA
EndDocPrinter
StartPagePrinter
StartDocPrinterA
DeviceCapabilitiesA
GetPrinterDataA
WritePrinter

advapi32

CryptDestroyKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
CryptAcquireContextA
CryptReleaseContext
CryptSetProvParam
InitializeSecurityDescriptor
CryptEncrypt
CryptExportKey
CryptGenKey
CryptGetUserKey
CryptDecrypt
CryptImportKey
RegDeleteKeyA
RegEnumKeyExA
RegCloseKey
GetUserNameA
OpenSCManagerA
OpenServiceA
ControlService
QueryServiceStatus
StartServiceA
CloseServiceHandle
RegEnumValueA
RegQueryInfoKeyA
RegQueryValueExA

shell32

SHChangeNotify
SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder

ole32

CoCreateInstance
CoInitialize
CoRegisterClassObject
CoDisconnectObject
CoInitializeEx
CoUninitialize
CoRevokeClassObject
CoResumeClassObjects
CoSuspendClassObjects
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream

oleaut32

SafeArrayCreate
VariantInit
SysAllocStringLen
SafeArrayGetUBound
SysFreeString
VariantClear
VariantCopy
SysAllocString
DosDateTimeToVariantTime
LoadTypeLi
RegisterTypeLi
LoadRegTypeLi
SysStringLen
SafeArrayDestroyData
SafeArrayPutElement
SafeArrayGetElement

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

msvcp60

??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??1_Winit@std@@QAE@XZ

Sections

.text
Size: 924KB - Virtual size: 922KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
F36503_BTNeighborhood.tlb
F36504_BTNeighborhood.dll
.dll regsvr32 windows:4 windows x86 arch:x86

073c15f76dace98c75eb163d38e96375

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHGetValueA
PathFindExtensionA
PathIsDirectoryW
SHDeleteValueA
SHSetValueA
PathFileExistsA
PathIsDirectoryA

wbtapi

?HSP_RemoveServerConnection@CWBtAPI@@QAE?AW4WBtRc@@J@Z
?HAG_RemoveServerConnection@CWBtAPI@@QAE?AW4WBtRc@@J@Z
?SppCreateConnection@CWBtAPI@@QAE?AW4WBtRc@@QAEABU_GUID@@PBDH@Z
?DunCreateConnection@CWBtAPI@@QAE?AW4WBtRc@@QAEABU_GUID@@PBDH@Z
?HcrpCreateConnection@CWBtAPI@@QAE?AW4WBtRc@@QAEABU_GUID@@PBD@Z
?LapCreateConnection@CWBtAPI@@QAE?AW4WBtRc@@QAEABU_GUID@@PBDH@Z
?FaxCreateConnection@CWBtAPI@@QAE?AW4WBtRc@@QAEABU_GUID@@PBDH@Z
?OppCreateServerConnection@CWBtAPI@@QAE?AW4WBtRc@@U_GUID@@@Z
?FtpCreateServerConnection@CWBtAPI@@QAE?AW4WBtRc@@U_GUID@@@Z
?SyncCreateServerConnection@CWBtAPI@@QAE?AW4WBtRc@@U_GUID@@@Z
?HSP_CreateServerConnection@CWBtAPI@@QAE?AW4WBtRc@@XZ
?HAG_CreateServerConnection@CWBtAPI@@QAE?AW4WBtRc@@XZ
?BtmResetConfiguration@CWBtAPI@@QAE?AW4WBtRc@@XZ
?SetOnOppExchangeCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJQAEJPAGJ@Z0@Z
?OppExchange@CWBtAPI@@QAE?AW4WBtRc@@QAEU_GUID@@PBDPAG3PAJ@Z
?SetOnOppPullCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJQAEJPAGJ@Z0@Z
?OppPull@CWBtAPI@@QAE?AW4WBtRc@@QAEU_GUID@@PBDPAGPAJJ@Z
?SetOnOppPushCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJQAEJPAGJ@Z0@Z
?SetOnOppProgressCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJQAEJPAGJJJ@Z0@Z
?SetOnOppAbortCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJJ@Z0@Z
?GapStopInquiry@CWBtAPI@@QAE?AW4WBtRc@@XZ
?LapRemoveConnection@CWBtAPI@@QAE?AW4WBtRc@@HF@Z
?DunRemoveConnection@CWBtAPI@@QAE?AW4WBtRc@@HF@Z
?SetOnFtpPutResponseCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJPAGJ@Z0@Z
?FtpPutFile@CWBtAPI@@QAE?AW4WBtRc@@JPAG@Z
?SetOnFtpOpenResponseCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJJ@Z0@Z
?FtpOpenConnection@CWBtAPI@@QAE?AW4WBtRc@@QAEU_GUID@@PBDPAJ@Z
?SetOnFtpCreateCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJPAGJ@Z0@Z
?FtpCreateFolder@CWBtAPI@@QAE?AW4WBtRc@@JPAG@Z
?SetOnFtpGetResponseCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJPAGJ@Z0@Z
?GapGetApplicationState@CWBtAPI@@QAE?AW4WBtRc@@QAEPAU_GUID@@PBDPAJ3@Z
?Hid_Disconnect@CWBtAPI@@QAE?AW4WBtRc@@QAEJ@Z
?GapGetAvailableServices@CWBtAPI@@QAE?AW4WBtRc@@QAEPAHHPAUtBT_SERVICE_INFO@@@Z
?GapGetInquiredDevices@CWBtAPI@@QAE?AW4WBtRc@@PAJJPAUtBT_BASIC_DEV_INFO@@@Z
?SetOnDeviceFoundCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11H@Z0@Z
?SetOnDeviceLostCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE@Z0@Z
?SetOnInquiryCompleteCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJF@Z0@Z
?SetOnConfigurationResetCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAX@Z0@Z
?SetOnDeviceStatusCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJJ@Z0@Z
?SetOnStackStateChangedCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJ@Z0@Z
?SetOnLocalServiceStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXPAUtBT_SERVICE_INFO@@@Z0@Z
?SetOnFtpProgressCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJFPAGJJJ@Z0@Z
?FtpGetFile@CWBtAPI@@QAE?AW4WBtRc@@JPAG0@Z
?SetOnFtpFolderListingCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJPAGJJ@Z0@Z
?FtpFolderListing@CWBtAPI@@QAE?AW4WBtRc@@J@Z
?SetOnFtpDeleteResponseCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJPAGJ@Z0@Z
?LapDisconnect@CWBtAPI@@QAE?AW4WBtRc@@QAE@Z
?GapGetServiceState@CWBtAPI@@QAE?AW4WBtRc@@QAEPAU_GUID@@PBDPAJ3@Z
?BtmDeviceIsReady@CWBtAPI@@QAEHXZ
?GapStartServiceDiscovery@CWBtAPI@@QAE?AW4WBtRc@@PAEU_GUID@@H@Z
?GapStartInquiry@CWBtAPI@@QAE?AW4WBtRc@@XZ
?SyncRemoveServerConnection@CWBtAPI@@QAE?AW4WBtRc@@XZ
?FtpRemoveServerConnection@CWBtAPI@@QAE?AW4WBtRc@@XZ
?OppRemoveServerConnection@CWBtAPI@@QAE?AW4WBtRc@@XZ
?FaxRemoveConnection@CWBtAPI@@QAE?AW4WBtRc@@HF@Z
WBtRcToString
?ClearSyncProgressCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearSyncSynchronizeCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearSyncAbortCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearSppStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearDunStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearLapStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearFaxStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?FtpDeleteFile@CWBtAPI@@QAE?AW4WBtRc@@JPAG@Z
?GapGetLocalServices@CWBtAPI@@QAE?AW4WBtRc@@PAHHPAUtBT_SERVICE_INFO@@@Z
?GapGetActiveConnections@CWBtAPI@@QAE?AW4WBtRc@@PAJJPAUtBT_ACTIVE_CONNS@@@Z
?ClearHAGConnectionStatusChangedCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearHSPConnectionStatusChangedCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?SetOnSppStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11ABU_GUID@@FJ@Z0@Z
?SetOnDunStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11ABU_GUID@@FJ@Z0@Z
?HcrpRemoveConnection@CWBtAPI@@QAE?AW4WBtRc@@XZ
?SppRemoveConnection@CWBtAPI@@QAE?AW4WBtRc@@HF@Z
?GapBond@CWBtAPI@@QAE?AW4WBtRc@@QAEJ0J@Z
?SetOnFtpCloseResponseCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJJ@Z0@Z
?SetOnFtpChangeFolderCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJW4FtpFolder@@PAGJ@Z0@Z
?FtpChangeFolder@CWBtAPI@@QAE?AW4WBtRc@@JPAG@Z
?FtpParent@CWBtAPI@@QAE?AW4WBtRc@@J@Z
?FtpRoot@CWBtAPI@@QAE?AW4WBtRc@@J@Z
?ClearAllCallbacks@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearFtpAbortResponseCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearFtpCloseResponseCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?FtpCloseConnection@CWBtAPI@@QAE?AW4WBtRc@@J@Z
??1CWBtAPI@@QAE@XZ
??0CWBtAPI@@QAE@XZ
?ConnectToServer@CWBtAPI@@QAE?AW4WBtRc@@_NI00@Z
?SetOnFtpAbortResponseCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJJ@Z0@Z
?FtpAbort@CWBtAPI@@QAE?AW4WBtRc@@J@Z
?SetOnLapStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11ABU_GUID@@FJ@Z0@Z
?SetOnFaxStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11ABU_GUID@@FJ@Z0@Z
?SetOnHAGConnectionStatusChangedCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11JJ@Z0@Z
?SetOnHSPConnectionStatusChangedCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11JJ@Z0@Z
?HAG_ConnectHeadsetUuid@CWBtAPI@@QAE?AW4WBtRc@@QAEPBDG@Z
?HAG_ConnectHeadset@CWBtAPI@@QAE?AW4WBtRc@@QAEPBD@Z
?HSP_ConnectGateway@CWBtAPI@@QAE?AW4WBtRc@@QAEPBD@Z
?HAG_DisconnectHeadset@CWBtAPI@@QAE?AW4WBtRc@@QAEJ@Z
?HSP_DisconnectGateway@CWBtAPI@@QAE?AW4WBtRc@@QAEJ@Z
?SetOnSyncSynchronizeCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAEJ@Z0@Z
?SetOnSyncProgressCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAEJJJJ@Z0@Z
?SyncSynchronize@CWBtAPI@@QAE?AW4WBtRc@@QAEU_GUID@@PBD@Z
?SetOnSyncAbortCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJ@Z0@Z
?SyncAbort@CWBtAPI@@QAE?AW4WBtRc@@XZ
?OppAbort@CWBtAPI@@QAE?AW4WBtRc@@J@Z
?ClearOppExchangeCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearOppPullCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearOppPushCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearOppProgressCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearOppAbortCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?SetOnDiscoveryEventCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAEGJ@Z0@Z
?GapStartDiscovery@CWBtAPI@@QAE?AW4WBtRc@@PAEH@Z
?OppPush@CWBtAPI@@QAE?AW4WBtRc@@QAEU_GUID@@PBDPAGPAJ@Z

btwpimif

BTWPIMIFSaveObject
??0CBTPIMIFFileList@@QAE@XZ
BTWPIMIFIsObject
?GetAt@CBTPIMIFFileList@@QAEPAGI@Z
??1CBTPIMIFFileList@@QAE@XZ

rasapi32

RasGetErrorStringA

btosif

OSIF_ReadObjects
OSIF_GetObjectById
OSIF_ModifyObject
OSIF_AddObject
OSIF_WriteObject
OSIF_GetFirstObject
OSIF_GetNextObject
OSIF_FreeObject
OSIF_CodeToString
OSIF_GetObjectName
?getID@CBTvCard@@QAEHPADH@Z
?getJobTitle@CBTvCard@@QAEHPADH@Z
OSIF_FindObject
OSIF_OpenX
OSIF_Open
OSIF_Close
?getCompany@CBTvCard@@QAEHPADH@Z
?getDepartment@CBTvCard@@QAEHPADH@Z
?getWorkPhone@CBTvCard@@QAEHPADH@Z
?getWorkFax@CBTvCard@@QAEHPADH@Z
?getMobilePhone@CBTvCard@@QAEHPADH@Z
?getHomePhone@CBTvCard@@QAEHPADH@Z
?getWorkAddress@CBTvCard@@QAEHPADH@Z
?getHomeAddress@CBTvCard@@QAEHPADH@Z
??0CBTvCard@@QAE@XZ
?LoadFromVCard@CBTvCard@@QAEXABUtagvCard@@@Z
?getName@CBTvCard@@QAEHPADH@Z
?getFirstName@CBTvCard@@QAEHPADH@Z
?getLastName@CBTvCard@@QAEHPADH@Z
?getMiddleName@CBTvCard@@QAEHPADH@Z
?getTitle@CBTvCard@@QAEHPADH@Z
?getSuffix@CBTvCard@@QAEHPADH@Z
?getEmailAddress@CBTvCard@@QAEHPADH@Z
??1CBTvCard@@QAE@XZ
OSIF_IsPresent
OSIF_IsPimSupported
OSIF_IsSupported
?Parse@CBTvCard@@QAEHPAG@Z
OSIF_GetObjectCount

setupapi

SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList
SetupDiClassGuidsFromNameA
SetupDiEnumDeviceInfo
SetupDiOpenDevRegKey
SetupDiEnumDeviceInterfaces

mfc42

ord3910
ord2065
ord3742
ord269
ord826
ord600
ord1578
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1575
ord1176
ord1116
ord5510
ord2457
ord1647
ord3499
ord5466
ord6407
ord6928
ord913
ord532
ord5465
ord1997
ord798
ord2827
ord2820
ord3616
ord3127
ord398
ord700
ord3439
ord932
ord5934
ord3810
ord928
ord2414
ord3626
ord2860
ord1641
ord3619
ord825
ord3663
ord823
ord547
ord1871
ord6467
ord800
ord535
ord860
ord537
ord540
ord858
ord922
ord924
ord668
ord1980
ord6883
ord3181
ord4058
ord2781
ord2770
ord356
ord939
ord2818
ord4160
ord3337
ord6648
ord4129
ord2970
ord6282
ord6055
ord1776
ord5290
ord3402
ord4424
ord3721
ord5265
ord4853
ord4998
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord3597
ord795
ord641
ord567
ord324
ord2370
ord2302
ord4234
ord2645
ord4376
ord4284
ord6215
ord6195
ord3870
ord3092
ord4710
ord713
ord414
ord5604
ord3984
ord5859
ord6141
ord6199
ord2086
ord926
ord5572
ord2915
ord2784
ord861
ord801
ord541
ord539
ord941
ord5161
ord5162
ord5160
ord4905
ord4742
ord4976
ord4948
ord4358
ord4377
ord4854
ord5287
ord4835
ord768
ord491
ord1907
ord489
ord4258
ord6334
ord1146
ord2463
ord1651
ord5710
ord5683
ord1908
ord4715
ord1690
ord2528
ord5288
ord4439
ord2054
ord4431
ord771
ord497
ord4259
ord1008
ord2301
ord5953
ord3567
ord3698
ord765
ord602
ord3361
ord2076
ord6197
ord1620
ord6877
ord536
ord4278
ord2764
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord1168
ord1783
ord5981
ord2642
ord6880
ord3996
ord6696
ord4055
ord4224
ord6007
ord6907
ord3998
ord4204
ord3098
ord3286
ord2938
ord3097
ord2763
ord2582
ord4402
ord3640
ord693
ord2841
ord4243
ord2639
ord3293
ord955
ord5450
ord5440
ord6383
ord6394
ord2107
ord2396
ord3346
ord5300
ord5303
ord2726
ord4079
ord4699
ord5307
ord5289
ord5715
ord3353
ord4622
ord565
ord817
ord1948
ord6453
ord5651
ord3130
ord3676
ord5575
ord2141
ord350
ord433
ord1193
ord1151
ord1200
ord3811
ord2813
ord920
ord5933
ord2614
ord6143
ord1768
ord3874
ord2817
ord2379
ord6283
ord3954
ord4530
ord4525
ord4544
ord5685
ord3274
ord3579
ord439
ord736
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord5302
ord4698
ord5714
ord3738
ord815
ord561
ord3953
ord2725
ord2652
ord1669
ord1949
ord4275
ord4220
ord2584
ord3654
ord3370
ord686
ord384
ord2438
ord2863
ord2862
ord1642
ord2111
ord2634
ord1134
ord2100
ord613
ord289
ord818
ord2116
ord2453
ord2408
ord6905
ord711
ord6302
ord4168
ord413
ord4299
ord6270
ord1644
ord3797
ord2919
ord2864
ord3301
ord3398
ord3733
ord810
ord2504
ord6028
ord2515
ord355
ord291
ord2455
ord1916
ord781
ord4480
ord3089
ord3708
ord4589
ord4588
ord4899
ord4370
ord4892
ord5076
ord4341
ord4349
ord4723
ord4889
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord5240
ord3748
ord1725
ord5260
ord4432
ord517
ord784
ord6131
ord6216
ord5937
ord5442
ord3318
ord665
ord5186
ord354
ord4130
ord6134
ord1920
ord4262
ord3005
ord2135
ord4287
ord4931
ord4936
ord3272
ord729
ord430
ord5903
ord2386
ord4926
ord2388
ord1706
ord2613
ord2809
ord2289
ord4644
ord1771
ord6366
ord2413
ord2024
ord4217
ord2576
ord4397
ord3352
ord3577
ord692
ord5890
ord2937
ord429

msvcrt

sprintf
_CxxThrowException
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
??1type_info@@UAE@XZ
_mbsicoll
strrchr
_strlwr
atof
time
srand
rand
realloc
memset
memcpy
_chkesp
_ltoa
_ultoa
_strdup
__CxxFrameHandler
wcsrchr
wcscpy
wcscat
wcslen
_wsplitpath
_fullpath
_wfullpath
_mbschr
_timezone
_daylight
mktime
atoi
_tzset
__RTDynamicCast
_mbsupr
_mbsicmp
fclose
ftell
fseek
fopen
_purecall
_ftol
free
calloc
_wcsicmp
ceil
_CIfmod
sscanf
swscanf
wcsstr
wcsncmp
_mbsnbcpy
strncmp
_mbscmp
malloc
atol
isprint
_mbsnbcmp
_strupr
strstr
swprintf
wcscmp
wcschr
vsprintf
isdigit
toupper
_memicmp
_stricmp
_beginthreadex
strncpy
isxdigit
_mbsnbicmp
remove
floor

kernel32

DeviceIoControl
lstrcpynA
OutputDebugStringA
GetSystemTime
CreateDirectoryA
FileTimeToSystemTime
GetTickCount
lstrlenA
RemoveDirectoryW
RemoveDirectoryA
DeleteFileW
DeleteFileA
FindNextFileW
FindNextFileA
FindFirstFileW
FindFirstFileA
MultiByteToWideChar
WideCharToMultiByte
GetVersionExA
GetLastError
SetLastError
ResetEvent
GetSystemDefaultLangID
GetSystemInfo
GetComputerNameA
GlobalMemoryStatus
FindClose
GetCurrentDirectoryA
MulDiv
GetLogicalDrives
GetDriveTypeA
lstrcatA
GetShortPathNameA
HeapDestroy
OpenProcess
InterlockedExchange
lstrlenW
IsValidCodePage
GlobalLock
GlobalUnlock
GetModuleFileNameA
GetWindowsDirectoryA
WinExec
LocalAlloc
LocalLock
GetCurrentProcessId
lstrcmpA
lstrcpyA
GlobalAlloc
GlobalFree
FormatMessageA
LocalFree
GetModuleHandleA
GetSystemDirectoryA
CreateProcessA
WaitForSingleObject
CreateMutexA
CreateEventA
CreateThread
CallNamedPipeA
SetEvent
ReleaseMutex
InterlockedDecrement
DeleteCriticalSection
InterlockedIncrement
GetTempPathW
GetTempPathA
GetLocaleInfoA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
EnumResourceNamesA
LoadLibraryA
GetProcAddress
FreeLibrary
Sleep
CloseHandle
CreateFileA

user32

GetDesktopWindow
DestroyWindow
MsgWaitForMultipleObjects
SetDlgItemTextW
InsertMenuItemA
ScreenToClient
CreateWindowExA
OpenClipboard
EmptyClipboard
CloseClipboard
RegisterClipboardFormatA
GetCursorPos
WindowFromPoint
DragDetect
LoadImageA
HideCaret
FillRect
DestroyCaret
EnumChildWindows
RemoveMenu
GetMenuItemID
GetMenuItemInfoA
CreateMenu
IsWindowVisible
SetRect
GetMenuStringA
InsertMenuA
MapWindowPoints
LoadMenuA
DeleteMenu
CopyRect
GetSysColor
GetMenuItemCount
GetSubMenu
GetKeyState
LoadStringA
AppendMenuA
SetMenuDefaultItem
CreatePopupMenu
CharNextA
GetFocus
wvsprintfA
wsprintfA
GetForegroundWindow
CallWindowProcW
GetDlgItem
CheckDlgButton
CheckRadioButton
SetClassLongW
CreateWindowExW
GetParent
GetClassNameA
SendMessageA
EnableWindow
SetTimer
BringWindowToTop
MessageBoxA
PostMessageA
IsWindow
KillTimer
DestroyIcon
LoadIconA
IsRectEmpty
GetClientRect
UpdateWindow
InvalidateRect
SetForegroundWindow
RegisterWindowMessageA
SetCursor
LoadCursorA
DispatchMessageA
TranslateMessage
PeekMessageA
GetWindowRect
GetSystemMetrics

gdi32

CreateFontIndirectA
CreateDIBSection
GetObjectA
DeleteObject
DPtoLP
GetStockObject
GetDeviceCaps

comdlg32

GetOpenFileNameA
GetOpenFileNameW

advapi32

CryptImportKey
CryptAcquireContextA
CryptReleaseContext
CryptSetProvParam
InitializeSecurityDescriptor
CryptDestroyKey
CryptEncrypt
CryptExportKey
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegEnumKeyExA
RegDeleteKeyA
CryptGenKey
CryptGetUserKey
CryptDecrypt
RegEnumValueA
GetUserNameA

shell32

SHGetSpecialFolderLocation
DragQueryFileW
SHGetFileInfoA
SHChangeNotify
SHGetDesktopFolder
SHBrowseForFolderA
SHGetPathFromIDListA
ExtractIconExA
DragQueryFileA
SHGetMalloc
ShellExecuteExA

comctl32

ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Create
ImageList_Destroy

ole32

CoFreeUnusedLibraries
RevokeDragDrop
RegisterDragDrop
CoCreateInstance
StringFromCLSID
CoTaskMemFree
ReleaseStgMedium
CoInitialize
OleGetClipboard

oleaut32

SysStringLen
VariantClear
SysFreeString
LoadTypeLi
SysAllocString
RegisterTypeLi
SysAllocStringByteLen
SysAllocStringLen

msvcp60

??0_Lockit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

msi

ord73
ord75

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 596KB - Virtual size: 594KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 285KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
F48217_BTNCopy.tlb
F48286_BTNCopy.dll
.dll regsvr32 windows:4 windows x86 arch:x86

d1a399fd2b272b0ff4369a8a5e8daec1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
lstrlenA
GetShortPathNameA
GetModuleHandleA
GetModuleFileNameA
WideCharToMultiByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
GetLastError
lstrlenW
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
HeapDestroy
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
GetTempPathA
CreateDirectoryA
LoadLibraryExA
GetCurrentDirectoryA
GetStringTypeW
GetStringTypeA
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
GetVersion
GetEnvironmentVariableA
GetVersionExA
HeapCreate
VirtualFree
VirtualAlloc
ExitProcess
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA

user32

CharNextA

advapi32

RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegSetValueA

shell32

SHFileOperationA

ole32

CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc

oleaut32

RegisterTypeLi
VarUI4FromStr
SysStringLen
LoadRegTypeLi
LoadTypeLi
SysAllocString
SysFreeString

shlwapi

PathIsDirectoryA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
F54510_btwpimif.dll
.dll windows:4 windows x86 arch:x86

5baa721bf6c031f0bd9f20626eeb564f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

btosif

OSIF_Free
OSIF_Alloc
OSIF_PIMVersion
OSIF_OpenX
OSIF_WriteObject
OSIF_GetObjectById
OSIF_FreeObject
OSIF_Close

ws2_32

WSAStartup
socket
bind
ntohl
sendto

shlwapi

PathIsDirectoryA

mfc42

ord342
ord1182
ord834
ord3055
ord6672
ord3758
ord3408
ord3227
ord3054
ord1253
ord3880
ord2814
ord800
ord1168
ord4204
ord940
ord537
ord922
ord533
ord5194
ord6392
ord4042
ord1997
ord798
ord5583
ord5933
ord6877
ord535
ord4129
ord6648
ord6928
ord540
ord3027
ord2818
ord825
ord939
ord926
ord858
ord6663
ord2614
ord941
ord860
ord2764
ord2915
ord3174
ord3425
ord823

msvcrt

__dllonexit
_onexit
_initterm
_adjust_fdiv
_mbscmp
_purecall
malloc
vsprintf
wcslen
wcscpy
sscanf
_mbsnbcmp
sprintf
__CxxFrameHandler
free

kernel32

MultiByteToWideChar
LoadLibraryA
GlobalUnlock
GlobalLock
GetTempFileNameA
GetTempPathA
GetTickCount
GetCurrentDirectoryA
CreateDirectoryA
WideCharToMultiByte
SystemTimeToFileTime
FileTimeToSystemTime
LocalFileTimeToFileTime
GetProcAddress

user32

RegisterClipboardFormatA

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueExA

oleaut32

SysStringLen
SysFreeString
SysAllocStringLen

Exports

Exports

??0CBTPIMIFFileList@@QAE@XZ
??1CBTPIMIFFileList@@QAE@XZ
??4CBTPIMIFFileList@@QAEAAV0@ABV0@@Z
?Add@CBTPIMIFFileList@@QAEXQBG@Z
?GetAt@CBTPIMIFFileList@@QAEPAGI@Z
?GetSize@CBTPIMIFFileList@@QAEIXZ
BTWPIMIFIsObject
BTWPIMIFSaveObject

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
F54512_btrez.dll
.dll windows:4 windows x86 arch:x86

92acd8d679ad5d5c10e5aae3129ee535

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

csh

ord2

shlwapi

PathFileExistsA

mfc42

ord1168
ord800
ord342
ord823
ord2915
ord941
ord537
ord1182
ord1253

msvcrt

_mbscmp
sprintf
_purecall
__CxxFrameHandler
free
_adjust_fdiv
_initterm
malloc

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueExA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 850B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
F54513_bt2k_ins.dll
.dll windows:4 windows x86 arch:x86

c9efd76392f6b68bb5af9cdd389dc70a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

setupapi

SetupDiClassGuidsFromNameW
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiSetClassInstallParamsA
CM_Reenumerate_DevNode
SetupDiClassGuidsFromNameA
SetupDiOpenDevRegKey
SetupDiGetINFClassA
CM_Get_Child
SetupDiCreateDeviceInfoA
SetupDiSetDeviceRegistryPropertyA
SetupDiCallClassInstaller
SetupDiGetDeviceInstallParamsA
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
CM_Enable_DevNode
CM_Disable_DevNode
CM_Locate_DevNodeA
CM_Get_DevNode_Registry_PropertyA
CM_Get_Sibling
CM_Get_Parent
SetupDiCreateDeviceInfoList

kernel32

GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCurrentProcess
TerminateProcess
GetCurrentThread
TlsGetValue
TlsFree
SetLastError
GetLastError
Sleep
CloseHandle
DeviceIoControl
CreateFileA
GetProcAddress
GetModuleHandleA
FreeEnvironmentStringsA
FreeLibrary
LoadLibraryA
lstrlenA
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
OutputDebugStringA
VerifyVersionInfoA
VerSetConditionMask
CompareStringW
CompareStringA
GetLocaleInfoW
GetTimeZoneInformation
FlushFileBuffers
SetConsoleCtrlHandler
ReadFile
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
SetFilePointer
GetStringTypeA
GetStringTypeW
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetEnvironmentVariableA
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetTickCount
TlsAlloc
SetStdHandle
GetOEMCP
GetACP
TlsSetValue
GetCurrentThreadId
LCMapStringW
LCMapStringA
HeapFree
HeapAlloc
InterlockedDecrement
InterlockedIncrement
RtlUnwind
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
FatalAppExitA
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
UnhandledExceptionFilter

user32

IsWindow
GetForegroundWindow

winspool.drv

OpenPrinterA
XcvDataW
ClosePrinter

advapi32

OpenSCManagerA
OpenServiceA
ControlService
DeleteService
CreateServiceA
CloseServiceHandle
StartServiceA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

VariantInit
SysFreeString
VariantClear

Exports

Exports

?BT2K_EnableNetworkDevice@@YAHH@Z
BT2K_AllowBusRemoval
BT2K_CopyOEMInfFile
BT2K_EnableDevice
BT2K_EnumHidDevices
BT2K_EnumInstalledHid
BT2K_EnumInstalledPorts
BT2K_GetDeviceNode
BT2K_GetDongleTypes
BT2K_GetFriendlyCOMPortName
BT2K_GetFriendlyNameA
BT2K_GetFriendlyNameW
BT2K_InstallBTUSBFLT
BT2K_InstallBTWIA
BT2K_InstallDevice
BT2K_InstallHID
BT2K_InstallModem
BT2K_InstallNetAdapter
BT2K_InstallPort
BT2K_InstallServiceDriver
BT2K_IsAnyDevicePluggedIn
BT2K_IsDeviceInstalled
BT2K_IsDeviceInstalledEx
BT2K_IsDevicePluggedIn
BT2K_IsInstalledBTWIA
BT2K_IsRebootRequired
BT2K_IsStackInstalled
BT2K_Is_Win2000_SP3_or_Later
BT2K_Is_WinXP_SP1_or_Lower
BT2K_Is_WinXP_SP2_or_Later
BT2K_ModemCOMPortName
BT2K_RefreshBus
BT2K_RefreshDevice
BT2K_RefreshDevices
BT2K_RemoveBTWIA
BT2K_RemoveClassDeviceDevInst
BT2K_RemoveDevice
BT2K_RemoveDeviceNode
BT2K_RemoveHIDbyBdAddr
BT2K_RemoveModem
BT2K_RemovePort
BT2K_RemoveServiceDriver
BT2K_UninstallBTUSBFLT
RunDll32Interface

Sections

.text
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
F54515_wbtapi.dll
.dll windows:4 windows x86 arch:x86

027d8a92fd64b705de61787254120636

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA

msi

ord75
ord73

shlwapi

PathIsDirectoryA
PathFileExistsA

mfc42

ord1799
ord1168
ord1253
ord342
ord1182
ord801
ord2764
ord4204
ord535
ord541
ord3439
ord700
ord398
ord3127
ord3616
ord5442
ord3318
ord665
ord5186
ord354
ord537
ord4160
ord3499
ord641
ord2515
ord355
ord928
ord5934
ord932
ord3810
ord1200
ord3337
ord3811
ord2813
ord920
ord5933
ord922
ord2820
ord2827
ord5265
ord4376
ord4853
ord4998
ord2514
ord290
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord6199
ord3092
ord4710
ord4287
ord4234
ord2396
ord3346
ord5300
ord5303
ord2726
ord4079
ord4699
ord5307
ord5289
ord5715
ord817
ord565
ord1948
ord3954
ord798
ord1997
ord5465
ord532
ord913
ord6883
ord5710
ord6283
ord6282
ord4129
ord5683
ord6928
ord6407
ord5466
ord6877
ord614
ord3353
ord3081
ord3262
ord1269
ord3613
ord3126
ord350
ord3676
ord3130
ord5651
ord5575
ord434
ord2141
ord3663
ord415
ord5620
ord1081
ord3664
ord5823
ord5605
ord5597
ord715
ord4033
ord3237
ord540
ord860
ord924
ord858
ord800
ord939
ord941
ord2818
ord2393
ord2915
ord5572
ord823
ord825
ord4003
ord2486
ord4226
ord4622
ord2623
ord3579
ord4424
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord2985
ord3136
ord4465
ord3259
ord3147
ord2982
ord6052

msvcrt

??1type_info@@UAE@XZ
_stricmp
_mbscmp
_mbsicoll
strrchr
strncpy
_strlwr
malloc
_initterm
_mbsnbcmp
isprint
_ftol
strstr
atof
rand
sscanf
_mbsicmp
memcmp
sprintf
vsprintf
_beginthreadex
_CxxThrowException
wcslen
wcscpy
_adjust_fdiv
__dllonexit
_onexit
_strupr
__CxxFrameHandler
_chkesp
_purecall
memset
memcpy
free
calloc
strcpy

kernel32

FormatMessageA
lstrlenA
LocalAlloc
InterlockedExchange
ReleaseMutex
OpenProcess
Sleep
CreateMutexA
CreateEventA
SetEvent
GetSystemDirectoryA
InitializeCriticalSection
LocalFree
GlobalMemoryStatus
GetWindowsDirectoryA
GetVersionExA
GetComputerNameA
GetSystemInfo
DeviceIoControl
CreateFileA
WideCharToMultiByte
GetProcAddress
LoadLibraryA
FreeLibrary
DeleteFileA
GetModuleFileNameA
GetModuleHandleA
GetSystemDefaultLangID
GetCurrentDirectoryA
CreateDirectoryA
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CloseHandle
TerminateThread
GetLastError
WaitForSingleObject
GetTempPathA
SetThreadPriority

user32

wsprintfA
PostThreadMessageA
GetMessageA
SetTimer
PeekMessageA
MessageBoxA
GetDesktopWindow
DispatchMessageA
EnableWindow
BringWindowToTop
SetForegroundWindow
KillTimer

advapi32

RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExA
GetUserNameA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

ole32

CoInitializeEx
CoUninitialize

oleaut32

SafeArrayGetElement
SafeArrayCreate
SafeArrayPutElement
SafeArrayDestroyData
SysAllocString
SysFreeString
VariantInit
VariantClear
SafeArrayGetUBound

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

msvcp60

??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ

Exports

Exports

??0CWBtAPI@@QAE@PAD@Z
??0CWBtAPI@@QAE@XZ
??1CWBtAPI@@QAE@XZ
??4CWBtAPI@@QAEAAV0@ABV0@@Z
?BTAuthorizeRequestCallback@CWBtAPI@@QAE?AW4WBtRc@@QAE00JJJ@Z
?BTManageSecurity@CWBtAPI@@QAE?AW4WBtRc@@XZ
?BTPINCodeRequestCallback@CWBtAPI@@QAE?AW4WBtRc@@QAE000FJJJ@Z
?BtmDeviceIsReady@CWBtAPI@@QAEHXZ
?BtmInitialize@CWBtAPI@@QAE?AW4WBtRc@@XZ
?BtmResetConfiguration@CWBtAPI@@QAE?AW4WBtRc@@XZ
?BtmResetDevice@CWBtAPI@@QAE?AW4WBtRc@@XZ
?BtmTerminate@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearAllCallbacks@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearAuthenticationCompleteCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearBTAuthorizeRequest@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearBTPINCodeRequest@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearConfigurationResetCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearDeviceFoundCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearDeviceFoundNoFiltersCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearDeviceLostCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearDeviceResetCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearDeviceStatusCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearDiscoveryEventCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearDunStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearFTPServerEventCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearFaxStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearFtpAbortResponseCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearFtpCloseResponseCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearFtpDeleteResponseCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearFtpGetResponseCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearFtpOpenResponseCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearFtpProgressCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearFtpPutResponseCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearHAGConnectRequestCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearHAGConnectionStatusChangedCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearHFPNotificationCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearHSPConnectRequestCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearHSPConnectionStatusChangedCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearHcrpStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearHidStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearInquiryCompleteCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearLapStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearLinkKeyNotification@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearLocalServiceStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearOAPPAuthenticateCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearOPPServerEventCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearOnFtpChangeFolderCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearOnFtpCreateCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearOnFtpFolderListingCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearOppAbortCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearOppExchangeCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearOppProgressCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearOppPullCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearOppPushCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearSppStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearStackStateChangedCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearSync0VcfEventCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearSyncAbortCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearSyncConflictEventCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearSyncProgressCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearSyncServerEventCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearSyncSynchronizeCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ConnectToServer@CWBtAPI@@QAE?AW4WBtRc@@_NI00@Z
?DunCreateConnection@CWBtAPI@@QAE?AW4WBtRc@@QAEABU_GUID@@PBDH@Z
?DunRemoveConnection@CWBtAPI@@QAE?AW4WBtRc@@HF@Z
?FTP_ServerEventAuthorization@CWBtAPI@@QAE?AW4WBtRc@@JJJPAG@Z
?FaxCreateConnection@CWBtAPI@@QAE?AW4WBtRc@@QAEABU_GUID@@PBDH@Z
?FaxRemoveConnection@CWBtAPI@@QAE?AW4WBtRc@@HF@Z
?FtpAbort@CWBtAPI@@QAE?AW4WBtRc@@J@Z
?FtpChangeFolder@CWBtAPI@@QAE?AW4WBtRc@@JPAG@Z
?FtpCloseConnection@CWBtAPI@@QAE?AW4WBtRc@@J@Z
?FtpCreateEmpty@CWBtAPI@@QAE?AW4WBtRc@@JPAG@Z
?FtpCreateFolder@CWBtAPI@@QAE?AW4WBtRc@@JPAG@Z
?FtpCreateServerConnection@CWBtAPI@@QAE?AW4WBtRc@@U_GUID@@@Z
?FtpDeleteFile@CWBtAPI@@QAE?AW4WBtRc@@JPAG@Z
?FtpFolderListing@CWBtAPI@@QAE?AW4WBtRc@@J@Z
?FtpGetFile@CWBtAPI@@QAE?AW4WBtRc@@JPAG0@Z
?FtpOpenConnection@CWBtAPI@@QAE?AW4WBtRc@@QAEU_GUID@@PBDPAJ@Z
?FtpParent@CWBtAPI@@QAE?AW4WBtRc@@J@Z
?FtpPutFile@CWBtAPI@@QAE?AW4WBtRc@@JPAG@Z
?FtpRemoveServerConnection@CWBtAPI@@QAE?AW4WBtRc@@XZ
?FtpRoot@CWBtAPI@@QAE?AW4WBtRc@@J@Z
?GapBond@CWBtAPI@@QAE?AW4WBtRc@@QAEJ0J@Z
?GapBond_64@CWBtAPI@@QAE?AW4WBtRc@@QAEJ0JJ@Z
?GapGetActiveConnections@CWBtAPI@@QAE?AW4WBtRc@@PAJJPAUtBT_ACTIVE_CONNS@@@Z
?GapGetApplicationState@CWBtAPI@@QAE?AW4WBtRc@@QAEPAU_GUID@@PBDPAJ3@Z
?GapGetAvailableServices@CWBtAPI@@QAE?AW4WBtRc@@QAEPAHHPAUtBT_SERVICE_INFO@@@Z
?GapGetConnectionStats@CWBtAPI@@QAE?AW4WBtRc@@QAEPAU_GUID@@PBDHPAUtBT_CONN_STATS@@@Z
?GapGetInquiredDevices@CWBtAPI@@QAE?AW4WBtRc@@PAJJPAUtBT_BASIC_DEV_INFO@@@Z
?GapGetLocalServices@CWBtAPI@@QAE?AW4WBtRc@@PAHHPAUtBT_SERVICE_INFO@@@Z
?GapGetServiceState@CWBtAPI@@QAE?AW4WBtRc@@QAEPAU_GUID@@PBDPAJ3@Z
?GapRemoveExtAppConnection@CWBtAPI@@QAE?AW4WBtRc@@QAEPAU_GUID@@@Z
?GapStartDiscovery@CWBtAPI@@QAE?AW4WBtRc@@PAEH@Z
?GapStartFilteredInquiry@CWBtAPI@@QAE?AW4WBtRc@@JJJPAUtCOD_INQ_FILTER@@@Z
?GapStartInquiry@CWBtAPI@@QAE?AW4WBtRc@@XZ
?GapStartServiceDiscovery@CWBtAPI@@QAE?AW4WBtRc@@PAEU_GUID@@H@Z
?GapStopInquiry@CWBtAPI@@QAE?AW4WBtRc@@XZ
?HAG_ConnectConfirm@CWBtAPI@@QAE?AW4WBtRc@@QAEJ@Z
?HAG_ConnectHeadset@CWBtAPI@@QAE?AW4WBtRc@@QAEPBD@Z
?HAG_ConnectHeadsetUuid@CWBtAPI@@QAE?AW4WBtRc@@QAEPBDG@Z
?HAG_CreateServerConnection@CWBtAPI@@QAE?AW4WBtRc@@XZ
?HAG_DisconnectHeadset@CWBtAPI@@QAE?AW4WBtRc@@QAEJ@Z
?HAG_RemoveServerConnection@CWBtAPI@@QAE?AW4WBtRc@@J@Z
?HSP_ConnectConfirm@CWBtAPI@@QAE?AW4WBtRc@@QAEJ@Z
?HSP_ConnectGateway@CWBtAPI@@QAE?AW4WBtRc@@QAEPBD@Z
?HSP_CreateServerConnection@CWBtAPI@@QAE?AW4WBtRc@@XZ
?HSP_DisconnectGateway@CWBtAPI@@QAE?AW4WBtRc@@QAEJ@Z
?HSP_RemoveServerConnection@CWBtAPI@@QAE?AW4WBtRc@@J@Z
?HcrpCreateConnection@CWBtAPI@@QAE?AW4WBtRc@@QAEABU_GUID@@PBD@Z
?HcrpRemoveConnection@CWBtAPI@@QAE?AW4WBtRc@@XZ
?Hid_Connect@CWBtAPI@@QAE?AW4WBtRc@@QAEJ@Z
?Hid_Disconnect@CWBtAPI@@QAE?AW4WBtRc@@QAEJ@Z
?IsBaseGuid@@YAHPAU_GUID@@@Z
?IsClientEnabled@CWBtAPI@@QAEHI@Z
?LapCreateConnection@CWBtAPI@@QAE?AW4WBtRc@@QAEABU_GUID@@PBDH@Z
?LapDisconnect@CWBtAPI@@QAE?AW4WBtRc@@QAE@Z
?LapRemoveConnection@CWBtAPI@@QAE?AW4WBtRc@@HF@Z
?MapGuidToUuid@@YAXPAU_GUID@@PAUtBT_UUID@@@Z
?MapUuidToGuid@@YAXPAUtBT_UUID@@PAU_GUID@@@Z
?OAPP_AuthenticateAuthentication@CWBtAPI@@QAE?AW4WBtRc@@JJJPBD0@Z
?OPP_ServerEventAuthorization@CWBtAPI@@QAE?AW4WBtRc@@JJJPAG@Z
?OppAbort@CWBtAPI@@QAE?AW4WBtRc@@J@Z
?OppCreateServerConnection@CWBtAPI@@QAE?AW4WBtRc@@U_GUID@@@Z
?OppExchange@CWBtAPI@@QAE?AW4WBtRc@@QAEU_GUID@@PBDPAG3PAJ@Z
?OppPull@CWBtAPI@@QAE?AW4WBtRc@@QAEU_GUID@@PBDPAGPAJJ@Z
?OppPush@CWBtAPI@@QAE?AW4WBtRc@@QAEU_GUID@@PBDPAGPAJ@Z
?OppRemoveServerConnection@CWBtAPI@@QAE?AW4WBtRc@@XZ
?SetMachineName@CWBtAPI@@QAE?AW4WBtRc@@PAD@Z
?SetOnAuthenticationCompleteCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11J@Z0@Z
?SetOnBTAuthorizeRequest@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11JPAG@Z0@Z
?SetOnBTPINCodeRequest@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11PAG@Z0@Z
?SetOnConfigurationResetCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAX@Z0@Z
?SetOnDeviceFoundCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11H@Z0@Z
?SetOnDeviceFoundNoFiltersCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11H@Z0@Z
?SetOnDeviceLostCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE@Z0@Z
?SetOnDeviceResetCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJ@Z0@Z
?SetOnDeviceStatusCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJJ@Z0@Z
?SetOnDiscoveryEventCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAEGJ@Z0@Z
?SetOnDunStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11ABU_GUID@@FJ@Z0@Z
?SetOnFTPServerEventCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJQAE11JPAG@Z0@Z
?SetOnFaxStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11ABU_GUID@@FJ@Z0@Z
?SetOnFtpAbortResponseCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJJ@Z0@Z
?SetOnFtpChangeFolderCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJW4FtpFolder@@PAGJ@Z0@Z
?SetOnFtpCloseResponseCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJJ@Z0@Z
?SetOnFtpCreateCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJPAGJ@Z0@Z
?SetOnFtpDeleteResponseCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJPAGJ@Z0@Z
?SetOnFtpFolderListingCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJPAGJJ@Z0@Z
?SetOnFtpGetResponseCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJPAGJ@Z0@Z
?SetOnFtpOpenResponseCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJJ@Z0@Z
?SetOnFtpProgressCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJFPAGJJJ@Z0@Z
?SetOnFtpPutResponseCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJPAGJ@Z0@Z
?SetOnHAGConnectRequestCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11@Z0@Z
?SetOnHAGConnectionStatusChangedCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11JJ@Z0@Z
?SetOnHFPNotificationCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11JJJPAG@Z0@Z
?SetOnHSPConnectRequestCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11@Z0@Z
?SetOnHSPConnectionStatusChangedCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11JJ@Z0@Z
?SetOnHcrpStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11ABU_GUID@@J@Z0@Z
?SetOnHidStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAEHJ@Z0@Z
?SetOnInquiryCompleteCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJF@Z0@Z
?SetOnLapStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11ABU_GUID@@FJ@Z0@Z
?SetOnLinkKeyNotificationCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE111@Z0@Z
?SetOnLocalServiceStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXPAUtBT_SERVICE_INFO@@@Z0@Z
?SetOnOAPPAuthenticateCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJQAE11_N2JPAG3@Z0@Z
?SetOnOPPServerEventCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJQAE11JPAG@Z0@Z
?SetOnOppAbortCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJJ@Z0@Z
?SetOnOppExchangeCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJQAEJPAGJ@Z0@Z
?SetOnOppProgressCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJQAEJPAGJJJ@Z0@Z
?SetOnOppPullCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJQAEJPAGJ@Z0@Z
?SetOnOppPushCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJQAEJPAGJ@Z0@Z
?SetOnSppStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11ABU_GUID@@FJ@Z0@Z
?SetOnStackStateChangedCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJ@Z0@Z
?SetOnSync0VcfEventCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11JPAG@Z0@Z
?SetOnSyncAbortCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJ@Z0@Z
?SetOnSyncConflictEventCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11JPAGJJ@Z0@Z
?SetOnSyncProgressCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAEJJJJ@Z0@Z
?SetOnSyncServerEventCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJQAE11JPAG@Z0@Z
?SetOnSyncSynchronizeCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAEJ@Z0@Z
?SppCreateConnection@CWBtAPI@@QAE?AW4WBtRc@@QAEABU_GUID@@PBDH@Z
?SppRemoveConnection@CWBtAPI@@QAE?AW4WBtRc@@HF@Z
?StopMonitoringStack@CWBtAPI@@QAEX_N@Z
?SyncAbort@CWBtAPI@@QAE?AW4WBtRc@@XZ
?SyncAuthorize0Vcf@CWBtAPI@@QAE?AW4WBtRc@@JJJPAG@Z
?SyncCreateServerConnection@CWBtAPI@@QAE?AW4WBtRc@@U_GUID@@@Z
?SyncRemoveServerConnection@CWBtAPI@@QAE?AW4WBtRc@@XZ
?SyncResolveConflict@CWBtAPI@@QAE?AW4WBtRc@@JJH@Z
?SyncSynchronize@CWBtAPI@@QAE?AW4WBtRc@@QAEU_GUID@@PBD@Z
?Sync_ServerEventAuthorization@CWBtAPI@@QAE?AW4WBtRc@@JJJPAG@Z
?TraceControl@CWBtAPI@@QAE?AW4WBtRc@@KFFFFFFFFFF@Z
WBtRcToDescription
WBtRcToString

Sections

.text
Size: 328KB - Virtual size: 325KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 120KB - Virtual size: 374KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
F54902_btcpl.cpl
.dll windows:4 windows x86 arch:x86

f13a95affa30c188cb4e9e9af371b8bb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wbtapi

?BtmResetConfiguration@CWBtAPI@@QAE?AW4WBtRc@@XZ
?GapGetActiveConnections@CWBtAPI@@QAE?AW4WBtRc@@PAJJPAUtBT_ACTIVE_CONNS@@@Z
??1CWBtAPI@@QAE@XZ
?ClearInquiryCompleteCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?GapStopInquiry@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearDeviceFoundNoFiltersCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
??0CWBtAPI@@QAE@XZ
?ConnectToServer@CWBtAPI@@QAE?AW4WBtRc@@_NI00@Z
?SetOnDeviceFoundNoFiltersCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11H@Z0@Z
?SetOnInquiryCompleteCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJF@Z0@Z
?GapStartInquiry@CWBtAPI@@QAE?AW4WBtRc@@XZ

btosif

OSIF_GetObjectCount
OSIF_ReadObjects
OSIF_FindObject
OSIF_ModifyObject
OSIF_AddObject
OSIF_GetObjectById
OSIF_GetFirstObject
OSIF_GetNextObject
OSIF_WriteObject
OSIF_FreeObject
OSIF_GetObjectName
OSIF_CodeToString
OSIF_Close
OSIF_OpenX
OSIF_Open
OSIF_IsPresent
OSIF_IsPimSupported
OSIF_IsSupported

shlwapi

PathFileExistsA

ws2_32

WSACleanup
gethostname
WSAStartup

winmm

PlaySoundA

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiClassGuidsFromNameA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiOpenDevRegKey
SetupDiEnumDeviceInfo

btcss

?GetMessageMap@CBTNotificationPropertyPage@@MBEPBUAFX_MSGMAP@@XZ
?GetRuntimeClass@CBTServicePropertySheet@@UBEPAUCRuntimeClass@@XZ
?OnOK@CBTNotificationPropertyPage@@UAEXXZ
?OnCancel@CBTNotificationPropertyPage@@UAEXXZ
?OnApply@CBTNotificationPropertyPage@@UAEHXZ
?OnInitDialog@CBTNotificationPropertyPage@@MAEHXZ
?GetRuntimeClass@CBTNotificationPropertyPage@@UBEPAUCRuntimeClass@@XZ
??0CBTNotificationPropertyPage@@QAE@K@Z
??0CBTServicePropertySheet@@QAE@PBDPAVCWnd@@I@Z
?GetMessageMap@CBTServicePropertySheet@@MBEPBUAFX_MSGMAP@@XZ
?OnCmdMsg@CBTServicePropertySheet@@UAEHIHPAXPAUAFX_CMDHANDLERINFO@@@Z
?OnInitDialog@CBTServicePropertySheet@@UAEHXZ
?DoDataExchange@CBTNotificationPropertyPage@@MAEXPAVCDataExchange@@@Z
??1CBTNotificationPropertyPage@@UAE@XZ
??1CBTServicePropertySheet@@UAE@XZ

mfc42

ord3613
ord3663
ord1193
ord1151
ord1168
ord537
ord1200
ord3811
ord2813
ord920
ord3337
ord5933
ord535
ord939
ord858
ord1601
ord5265
ord4376
ord4998
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord3597
ord641
ord324
ord2289
ord2370
ord4234
ord5981
ord3092
ord4710
ord6334
ord4853
ord2864
ord2122
ord1088
ord941
ord5161
ord5162
ord5160
ord4905
ord4742
ord4976
ord4948
ord4358
ord4377
ord4854
ord4835
ord3385
ord491
ord768
ord1907
ord1940
ord6055
ord1776
ord5290
ord4424
ord556
ord809
ord3126
ord755
ord6172
ord5875
ord2754
ord6215
ord940
ord6877
ord3874
ord5789
ord470
ord2860
ord4299
ord2379
ord2582
ord4402
ord3640
ord693
ord398
ord700
ord4243
ord955
ord4189
ord3021
ord5594
ord5632
ord913
ord3370
ord567
ord384
ord686
ord2302
ord2642
ord2096
ord2645
ord4224
ord6453
ord3286
ord5450
ord6394
ord5440
ord6383
ord2862
ord616
ord609
ord5953
ord2575
ord4396
ord3402
ord3574
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord4674
ord1908
ord1690
ord2528
ord5288
ord4439
ord2054
ord4431
ord496
ord497
ord771
ord4259
ord5849
ord3475
ord4715
ord2882
ord489
ord6647
ord4258
ord6028
ord2652
ord1669
ord2639
ord922
ord924
ord2297
ord2363
ord2301
ord1008
ord1116
ord2463
ord1651
ord6199
ord6880
ord801
ord559
ord541
ord812
ord5856
ord5683
ord6888
ord3499
ord3177
ord2515
ord355
ord3098
ord3301
ord6675
ord4277
ord5862
ord5861
ord6883
ord4055
ord1199
ord3293
ord668
ord4204
ord3178
ord2781
ord2770
ord356
ord6007
ord4274
ord815
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord4622
ord3738
ord561
ord2298
ord1783
ord6467
ord350
ord3676
ord3130
ord5651
ord433
ord2141
ord2818
ord5575
ord2859
ord4160
ord860
ord540
ord3317
ord800
ord6197
ord1146
ord823
ord825
ord269
ord826
ord600
ord1578
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1575
ord1176
ord4270
ord818

msvcrt

_strlwr
strncpy
strtok
__dllonexit
_onexit
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
_mbsnbcat
_ftol
_stricmp
_memicmp
_purecall
strcmp
isdigit
toupper
vsprintf
wcschr
wcscmp
wcslen
wcscpy
swprintf
_mbsicmp
strcat
_mbschr
_mbscmp
_mbsnbcpy
memcpy
atoi
strstr
memcmp
__CxxFrameHandler
malloc
free
_mbsnbcmp
_strupr
sscanf
strlen
isprint
sprintf
memset
strcpy

kernel32

InitializeCriticalSection
EnterCriticalSection
GetProfileStringA
lstrlenA
EnumResourceNamesA
GetLastError
SetLastError
LoadLibraryA
GetProcAddress
FreeLibrary
GetVersionExA
Sleep
WideCharToMultiByte
CloseHandle
DeviceIoControl
LocalAlloc
LocalFree
GetCurrentDirectoryA
OpenFile
GetWindowsDirectoryA
SetCurrentDirectoryA
GetComputerNameA
GetCommandLineA
WinExec
GetModuleFileNameA
GetModuleHandleA
GetEnvironmentVariableA
GetSystemDirectoryA
FindFirstFileA
LeaveCriticalSection
MultiByteToWideChar
GetLocaleInfoA
GetTempPathA
GetTempPathW
OutputDebugStringA
InterlockedIncrement
DeleteCriticalSection
InterlockedDecrement
ReleaseMutex
SetEvent
CallNamedPipeA
CreateThread
CreateEventA
CreateMutexA
WaitForSingleObject
CreateProcessA
FindClose
CreateFileA

user32

LoadIconA
GetSystemMetrics
MessageBoxA
GetClientRect
GetDC
ReleaseDC
SendMessageA
GetNextDlgTabItem
EnableWindow
GetWindowLongA
FindWindowExA
GetWindowTextW
GetClassNameA
GetParent
LoadStringW
DestroyWindow
SetClassLongW
IsWindow
CreateWindowExW
PostMessageA
CheckRadioButton
CheckDlgButton
GetDlgItem
CallWindowProcW
GetCursorPos
OffsetRect
GetWindowRect
WindowFromPoint
ScreenToClient
CreateWindowExA
GetSysColor
ShowWindow
SetWindowPos
SetCursor
LoadCursorA
UpdateWindow
SetWindowTextA
SetTimer
KillTimer
LoadBitmapA
IsWindowVisible
InvalidateRect
LoadImageA

gdi32

GetTextMetricsA
GetTextExtentPoint32A

winspool.drv

ClosePrinter
OpenPrinterA
GetPrinterDataA
GetPrinterA
EnumJobsA
EnumPrintersA

advapi32

CryptGenKey
OpenSCManagerA
CryptAcquireContextA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA
CloseServiceHandle
StartServiceA
QueryServiceStatus
ControlService
CryptReleaseContext
CryptSetProvParam
OpenServiceA
RegEnumValueA
RegQueryInfoKeyA
CryptImportKey
CryptDecrypt
CryptGetUserKey
InitializeSecurityDescriptor
CryptExportKey
CryptEncrypt
CryptDestroyKey

comctl32

ImageList_ReplaceIcon
ImageList_SetBkColor

ole32

CoUninitialize
CoInitializeEx

oleaut32

SysFreeString
SysAllocString

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

CPlApplet

Sections

.text
Size: 220KB - Virtual size: 217KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
F54937_BTTray.exe
.exe windows:4 windows x86 arch:x86

955019884faf064d54de60d5d7b5ecac

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupDiDestroyDeviceInfoList
SetupDiOpenDevRegKey
SetupDiEnumDeviceInfo
SetupDiClassGuidsFromNameA
SetupDiGetDeviceRegistryPropertyA
SetupCloseInfFile
SetupDiGetClassDevsA
SetupGetInfFileListA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupGetStringFieldA
SetupGetLineByIndexA
SetupGetLineCountA
SetupGetFieldCount
SetupOpenInfFileA

wbtapi

?SetOnSyncConflictEventCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11JPAGJJ@Z0@Z
?SetOnSyncServerEventCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJQAE11JPAG@Z0@Z
?SetOnOAPPAuthenticateCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJQAE11_N2JPAG3@Z0@Z
?SetOnFTPServerEventCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJQAE11JPAG@Z0@Z
?SetOnOPPServerEventCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJQAE11JPAG@Z0@Z
?SetOnStackStateChangedCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJ@Z0@Z
?SetOnLinkKeyNotificationCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE111@Z0@Z
?SetOnAuthenticationCompleteCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11J@Z0@Z
?SetOnBTAuthorizeRequest@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11JPAG@Z0@Z
?SetOnBTPINCodeRequest@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11PAG@Z0@Z
?BTManageSecurity@CWBtAPI@@QAE?AW4WBtRc@@XZ
?SyncAuthorize0Vcf@CWBtAPI@@QAE?AW4WBtRc@@JJJPAG@Z
?OPP_ServerEventAuthorization@CWBtAPI@@QAE?AW4WBtRc@@JJJPAG@Z
?OAPP_AuthenticateAuthentication@CWBtAPI@@QAE?AW4WBtRc@@JJJPBD0@Z
?FTP_ServerEventAuthorization@CWBtAPI@@QAE?AW4WBtRc@@JJJPAG@Z
?BTAuthorizeRequestCallback@CWBtAPI@@QAE?AW4WBtRc@@QAE00JJJ@Z
?Hid_Connect@CWBtAPI@@QAE?AW4WBtRc@@QAEJ@Z
?HSP_ConnectGateway@CWBtAPI@@QAE?AW4WBtRc@@QAEPBD@Z
?HAG_ConnectHeadset@CWBtAPI@@QAE?AW4WBtRc@@QAEPBD@Z
?FaxCreateConnection@CWBtAPI@@QAE?AW4WBtRc@@QAEABU_GUID@@PBDH@Z
?GapBond_64@CWBtAPI@@QAE?AW4WBtRc@@QAEJ0JJ@Z
?ClearDeviceLostCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?Hid_Disconnect@CWBtAPI@@QAE?AW4WBtRc@@QAEJ@Z
?GapGetLocalServices@CWBtAPI@@QAE?AW4WBtRc@@PAHHPAUtBT_SERVICE_INFO@@@Z
?GapGetAvailableServices@CWBtAPI@@QAE?AW4WBtRc@@QAEPAHHPAUtBT_SERVICE_INFO@@@Z
?GapGetApplicationState@CWBtAPI@@QAE?AW4WBtRc@@QAEPAU_GUID@@PBDPAJ3@Z
??1CWBtAPI@@QAE@XZ
?SetOnLocalServiceStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXPAUtBT_SERVICE_INFO@@@Z0@Z
?BTPINCodeRequestCallback@CWBtAPI@@QAE?AW4WBtRc@@QAE000FJJJ@Z
?LapCreateConnection@CWBtAPI@@QAE?AW4WBtRc@@QAEABU_GUID@@PBDH@Z
?DunCreateConnection@CWBtAPI@@QAE?AW4WBtRc@@QAEABU_GUID@@PBDH@Z
?SppCreateConnection@CWBtAPI@@QAE?AW4WBtRc@@QAEABU_GUID@@PBDH@Z
?SyncSynchronize@CWBtAPI@@QAE?AW4WBtRc@@QAEU_GUID@@PBD@Z
?SetOnSyncProgressCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAEJJJJ@Z0@Z
?SetOnSyncSynchronizeCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAEJ@Z0@Z
?SetOnSync0VcfEventCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11JPAG@Z0@Z
?OppAbort@CWBtAPI@@QAE?AW4WBtRc@@J@Z
?ClearDeviceFoundCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearDeviceStatusCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?OppExchange@CWBtAPI@@QAE?AW4WBtRc@@QAEU_GUID@@PBDPAG3PAJ@Z
?OppPush@CWBtAPI@@QAE?AW4WBtRc@@QAEU_GUID@@PBDPAGPAJ@Z
?OppPull@CWBtAPI@@QAE?AW4WBtRc@@QAEU_GUID@@PBDPAGPAJJ@Z
?GapGetInquiredDevices@CWBtAPI@@QAE?AW4WBtRc@@PAJJPAUtBT_BASIC_DEV_INFO@@@Z
?BtmResetConfiguration@CWBtAPI@@QAE?AW4WBtRc@@XZ
?GapStartDiscovery@CWBtAPI@@QAE?AW4WBtRc@@PAEH@Z
?ClearDiscoveryEventCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
??0CWBtAPI@@QAE@XZ
?ConnectToServer@CWBtAPI@@QAE?AW4WBtRc@@_NI00@Z
?SetOnDeviceFoundCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11H@Z0@Z
?SetOnDeviceLostCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE@Z0@Z
?SetOnDeviceStatusCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJJ@Z0@Z
?SetOnInquiryCompleteCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJF@Z0@Z
?SetOnOppPushCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJQAEJPAGJ@Z0@Z
?SetOnOppPullCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJQAEJPAGJ@Z0@Z
?SetOnOppExchangeCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJQAEJPAGJ@Z0@Z
?SetOnOppProgressCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJQAEJPAGJJJ@Z0@Z
?SetOnOppAbortCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJJ@Z0@Z
?GapStartInquiry@CWBtAPI@@QAE?AW4WBtRc@@XZ
?GapStopInquiry@CWBtAPI@@QAE?AW4WBtRc@@XZ
?LapRemoveConnection@CWBtAPI@@QAE?AW4WBtRc@@HF@Z
?DunRemoveConnection@CWBtAPI@@QAE?AW4WBtRc@@HF@Z
?SetOnHSPConnectionStatusChangedCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11JJ@Z0@Z
?SetOnHAGConnectionStatusChangedCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11JJ@Z0@Z
?SetOnFaxStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11ABU_GUID@@FJ@Z0@Z
?SetOnLapStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11ABU_GUID@@FJ@Z0@Z
?SetOnDunStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11ABU_GUID@@FJ@Z0@Z
?SetOnSppStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11ABU_GUID@@FJ@Z0@Z
?HSP_DisconnectGateway@CWBtAPI@@QAE?AW4WBtRc@@QAEJ@Z
?HAG_DisconnectHeadset@CWBtAPI@@QAE?AW4WBtRc@@QAEJ@Z
?FaxRemoveConnection@CWBtAPI@@QAE?AW4WBtRc@@HF@Z
?LapDisconnect@CWBtAPI@@QAE?AW4WBtRc@@QAE@Z
?SppRemoveConnection@CWBtAPI@@QAE?AW4WBtRc@@HF@Z
?SetOnHFPNotificationCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11JJJPAG@Z0@Z
?SetOnHidStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAEHJ@Z0@Z
?SetOnConfigurationResetCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAX@Z0@Z
?SyncAbort@CWBtAPI@@QAE?AW4WBtRc@@XZ
?SetOnSyncAbortCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJ@Z0@Z
?ClearSyncAbortCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearSyncSynchronizeCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearSyncProgressCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearHidStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearHSPConnectionStatusChangedCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearHAGConnectionStatusChangedCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearFaxStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearLapStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearDunStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearSppStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?GapGetServiceState@CWBtAPI@@QAE?AW4WBtRc@@QAEPAU_GUID@@PBDPAJ3@Z
?GapGetActiveConnections@CWBtAPI@@QAE?AW4WBtRc@@PAJJPAUtBT_ACTIVE_CONNS@@@Z
?BtmDeviceIsReady@CWBtAPI@@QAEHXZ
?SetOnDiscoveryEventCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAEGJ@Z0@Z
?GapBond@CWBtAPI@@QAE?AW4WBtRc@@QAEJ0J@Z
?SyncResolveConflict@CWBtAPI@@QAE?AW4WBtRc@@JJH@Z

shlwapi

PathFindExtensionA
PathFileExistsA
SHSetValueA
SHGetValueA
PathIsDirectoryA

rasapi32

RasGetErrorStringA

btosif

?getSuffix@CBTvCard@@QAEHPADH@Z
?getTitle@CBTvCard@@QAEHPADH@Z
?getMiddleName@CBTvCard@@QAEHPADH@Z
??1CBTvCard@@QAE@XZ
?getFirstName@CBTvCard@@QAEHPADH@Z
?getName@CBTvCard@@QAEHPADH@Z
?LoadFromVCard@CBTvCard@@QAEXABUtagvCard@@@Z
??0CBTvCard@@QAE@XZ
?getHomeAddress@CBTvCard@@QAEHPADH@Z
?getWorkAddress@CBTvCard@@QAEHPADH@Z
?getHomePhone@CBTvCard@@QAEHPADH@Z
?getMobilePhone@CBTvCard@@QAEHPADH@Z
?getWorkFax@CBTvCard@@QAEHPADH@Z
?getLastName@CBTvCard@@QAEHPADH@Z
?getDepartment@CBTvCard@@QAEHPADH@Z
?getCompany@CBTvCard@@QAEHPADH@Z
?getEmailAddress@CBTvCard@@QAEHPADH@Z
?getID@CBTvCard@@QAEHPADH@Z
OSIF_FreeObject
OSIF_GetObjectName
OSIF_CodeToString
OSIF_WriteObject
OSIF_GetNextObject
OSIF_GetFirstObject
OSIF_GetObjectById
OSIF_AddObject
OSIF_ModifyObject
OSIF_FindObject
OSIF_ReadObjects
OSIF_GetObjectCount
OSIF_Close
OSIF_OpenX
OSIF_Open
OSIF_IsPresent
OSIF_IsPimSupported
OSIF_IsSupported
?Parse@CBTvCard@@QAEHPAG@Z
?getWorkPhone@CBTvCard@@QAEHPADH@Z
?getJobTitle@CBTvCard@@QAEHPADH@Z

winmm

PlaySoundA

msi

ord75
ord73

btwhidcs

?WaitNoInstallEvents@CBtHidExtRoot@@QAEHKK@Z
?readSettings@CBtHidExtRoot@@SAXPAHPAK001111@Z
?getStack@@YAPAVCBtHidExtRoot@@XZ
?getBatteryStatus@CBtHidExtRoot@@QAEHPAE0PAH1@Z

mfc42

ord3698
ord5466
ord6407
ord6928
ord3954
ord1948
ord3353
ord2827
ord2820
ord6282
ord913
ord532
ord5465
ord1997
ord798
ord5933
ord2813
ord355
ord2515
ord3499
ord354
ord5186
ord665
ord3318
ord5442
ord3616
ord3127
ord398
ord700
ord3439
ord1779
ord5861
ord6883
ord6283
ord920
ord938
ord2726
ord565
ord817
ord3741
ord5715
ord4699
ord5303
ord4226
ord4129
ord2289
ord3574
ord5265
ord4998
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord3597
ord795
ord641
ord324
ord616
ord2301
ord2302
ord4234
ord825
ord800
ord4160
ord540
ord823
ord1783
ord5981
ord2642
ord5953
ord6197
ord6880
ord6215
ord3092
ord3996
ord6696
ord4710
ord4055
ord4224
ord2818
ord6007
ord6907
ord4204
ord537
ord4853
ord3098
ord3286
ord2938
ord4376
ord3097
ord939
ord941
ord6877
ord535
ord2763
ord2582
ord6055
ord1776
ord4402
ord5290
ord4424
ord3640
ord693
ord4243
ord2639
ord3293
ord955
ord858
ord860
ord1168
ord3663
ord2841
ord5450
ord6394
ord2107
ord5440
ord6383
ord3402
ord3721
ord567
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord3370
ord3998
ord1146
ord3317
ord2859
ord2645
ord6453
ord5575
ord2141
ord433
ord5651
ord3130
ord3676
ord350
ord3126
ord3613
ord1601
ord2370
ord1768
ord6199
ord2086
ord1200
ord1193
ord1151
ord541
ord2614
ord801
ord6143
ord5572
ord2915
ord6334
ord924
ord3874
ord4299
ord602
ord713
ord414
ord2076
ord2652
ord1669
ord2096
ord384
ord2817
ord3984
ord926
ord3361
ord5859
ord861
ord5604
ord2864
ord2379
ord2862
ord3567
ord2135
ord818
ord1949
ord4034
ord4673
ord4274
ord815
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord2621
ord1134
ord2725
ord4287
ord2688
ord922
ord6141
ord765
ord1576
ord4284
ord539
ord6648
ord5710
ord5683
ord928
ord3810
ord5934
ord4275
ord3742
ord3811
ord2256
ord3337
ord6458
ord932
ord2438
ord6270
ord6320
ord6242
ord4220
ord2584
ord3654
ord1644
ord2463
ord1620
ord2764
ord5875
ord3573
ord3626
ord2414
ord1641
ord3619
ord2860
ord1622
ord609
ord1158
ord2575
ord4396

msvcrt

_setmbcp
calloc
_ftol
_beginthreadex
_mbsnbcat
rand
srand
time
strncpy
vsprintf
_stricmp
_memicmp
_purecall
isdigit
toupper
wcschr
wcscmp
wcslen
_controlfp
??1type_info@@UAE@XZ
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_chkesp
_strlwr
_mbsicoll
_mbsupr
_mbsstr
strrchr
__CxxFrameHandler
strcpy
strncmp
_mbsnbcpy
strcmp
strlen
strcat
_mbscmp
memset
sprintf
isprint
sscanf
_strupr
_mbsnbcmp
free
malloc
memcmp
strstr
atoi
memcpy
_mbschr
_mbsicmp
swprintf
wcscpy
atof

kernel32

OpenEventA
GetStartupInfoA
CreateDirectoryA
GetCurrentDirectoryA
GetSystemDefaultLangID
GetSystemInfo
GlobalMemoryStatus
GetModuleFileNameA
DeleteFileA
TerminateThread
MultiByteToWideChar
CreateToolhelp32Snapshot
Process32First
Process32Next
ResetEvent
InterlockedExchange
SuspendThread
GetWindowsDirectoryA
SetThreadExecutionState
GetTickCount
GetSystemTime
WinExec
GetComputerNameA
InterlockedDecrement
DeleteCriticalSection
InterlockedIncrement
IsValidCodePage
lstrcmpiA
lstrcmpA
lstrcpyA
GlobalAlloc
GlobalFree
FormatMessageA
LocalFree
GetModuleHandleA
GetEnvironmentVariableA
GetSystemDirectoryA
FindFirstFileA
FindClose
CreateProcessA
WaitForSingleObject
CreateMutexA
CreateEventA
CreateThread
CallNamedPipeA
SetEvent
ReleaseMutex
OutputDebugStringA
GetTempPathW
GetTempPathA
GetLocaleInfoA
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
GetProfileStringA
lstrlenA
EnumResourceNamesA
GetLastError
SetLastError
LoadLibraryA
GetProcAddress
FreeLibrary
GetVersionExA
Sleep
WideCharToMultiByte
CloseHandle
CreateFileA
DeviceIoControl
lstrcpynA

user32

GetWindowRect
GetClientRect
EnableWindow
LoadIconA
GetSystemMetrics
MessageBoxA
GetDC
ReleaseDC
BringWindowToTop
GetWindowLongA
FindWindowExA
GetWindowTextW
GetClassNameA
GetParent
GetCursorPos
CreatePopupMenu
LoadStringW
DestroyWindow
PostMessageA
SendMessageA
SetForegroundWindow
PeekMessageA
TranslateMessage
DispatchMessageA
SetClassLongW
AppendMenuA
GetMenuItemCount
ClientToScreen
KillTimer
IsWindow
CreateWindowExW
CheckRadioButton
CheckDlgButton
GetDlgItem
CallWindowProcW
wsprintfA
IsRectEmpty
GetSysColor
UpdateWindow
InvalidateRect
GetDesktopWindow
FindWindowA
LoadCursorA
SetCursor
RegisterWindowMessageA
SetMenuDefaultItem
LoadImageA
UnhookWinEvent
SetWinEventHook
SetTimer
IsMenu
EnableMenuItem
GetMenuState
FillRect
FrameRect
LoadAcceleratorsA
TranslateAcceleratorA
UnregisterDeviceNotification
RegisterDeviceNotificationA
wvsprintfA
PostThreadMessageA
SetDlgItemTextW
SendInput
GetForegroundWindow
GetWindowThreadProcessId
DestroyIcon
MsgWaitForMultipleObjects

gdi32

GetTextExtentPoint32A
GetCurrentObject
Polyline
GetObjectA
CreateFontIndirectA
CreateSolidBrush

comdlg32

GetOpenFileNameA

winspool.drv

GetPrinterDataA
OpenPrinterA
ClosePrinter
GetPrinterA
EnumJobsA
EnumPrintersA

advapi32

CryptSetProvParam
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA
CloseServiceHandle
StartServiceA
QueryServiceStatus
ControlService
GetUserNameA
RegEnumValueA
RegQueryInfoKeyA
CryptImportKey
CryptDecrypt
CryptGetUserKey
CryptGenKey
CryptExportKey
CryptEncrypt
CryptDestroyKey
InitializeSecurityDescriptor
OpenServiceA
CryptReleaseContext
CryptAcquireContextA
OpenSCManagerA
RegCloseKey

shell32

Shell_NotifyIconA
SHAppBarMessage
ShellExecuteA

comctl32

ImageList_ReplaceIcon
ImageList_SetBkColor

ole32

CoInitialize
CoUninitialize

msvcp60

??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??1_Winit@std@@QAE@XZ

btballoon

BalloonTooltip_Move
BalloonTooltip_Create
BalloonTooltip_RegisterClass
BalloonTooltip_Delete

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 380KB - Virtual size: 378KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 120KB - Virtual size: 357KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
F74677_btmdmins.dll
F84085_btsec.dll
.dll windows:4 windows x86 arch:x86

b550a7f7d10a37ae8be07e1859c24198

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msi

ord144
ord73
ord75

mfc42

ord641
ord2515
ord355
ord939
ord928
ord5934
ord932
ord3810
ord823
ord1200
ord3337
ord3811
ord2813
ord920
ord5933
ord4129
ord5683
ord6283
ord6282
ord798
ord6928
ord5465
ord532
ord922
ord5265
ord4376
ord4853
ord4998
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord3953
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord6199
ord3092
ord3499
ord4287
ord4234
ord5303
ord2726
ord4699
ord5715
ord3353
ord817
ord565
ord1948
ord3954
ord2820
ord2827
ord269
ord924
ord913
ord6883
ord5710
ord6407
ord5466
ord6877
ord1578
ord1255
ord1253
ord858
ord4160
ord1570
ord1197
ord1243
ord342
ord1182
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord6467
ord540
ord860
ord537
ord941
ord800
ord600
ord826
ord2818
ord354
ord350
ord5186
ord665
ord3318
ord5442
ord3663
ord3616
ord3127
ord5651
ord398
ord700
ord3439
ord541
ord535
ord4204
ord2764
ord801
ord815
ord825
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord4710
ord2982
ord6376
ord1997
ord1577
ord1168
ord1575
ord1176
ord1116

msvcrt

memset
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
_onexit
__dllonexit
_stricmp
calloc
_purecall
_mbsicoll
strncpy
_strlwr
malloc
free
_strupr
_mbsnbcmp
isprint
strrchr
_ftol
strstr
atof
rand
sscanf
sprintf
time
srand
_mbsicmp
__CxxFrameHandler
memcpy
_mbscmp
_chkesp

kernel32

WideCharToMultiByte
CloseHandle
CreateFileA
DeviceIoControl
GetSystemInfo
GetComputerNameA
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
GetLastError
LocalFree
GetSystemDefaultLCID
GetUserDefaultLCID
DeleteFileA
GetTempPathA
CreateDirectoryA
GetCurrentDirectoryA
GetSystemDefaultLangID
GetModuleHandleA
GetModuleFileNameA
Sleep
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
GetProcessHeap
HeapAlloc
FreeLibrary
HeapFree
FormatMessageA
LocalAlloc

user32

MessageBoxA
GetDesktopWindow
EnableWindow
BringWindowToTop
SetForegroundWindow

advapi32

RegCloseKey
RegQueryValueExA
FreeSid
SetSecurityInfo
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
RegCreateKeyExA
RegSetValueExA
GetUserNameA
RegEnumKeyExA
RegOpenKeyExA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

setupapi

SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList

shlwapi

PathFileExistsA
PathIsDirectoryA

msvcp60

??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ

Exports

Exports

BTSEC_CheckClientEnabled
BTSEC_CheckUpgradeCondition
BTSEC_FeatureIsEnabled
BTSEC_InstallLicenseFromFile
BTSEC_InstallLicenseFromFileEx
BTSEC_SetDefaultProductLanguage

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
F84465_btdfu.dll
.dll windows:4 windows x86 arch:x86

9772dd14d6122f894bc771b76f60252e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CallNamedPipeA
CreateFileA
Sleep
CloseHandle
DeviceIoControl
GetLastError
GetVersionExA
ReadFile
GetFileSize
CreateThread
GetCurrentThreadId
TlsSetValue
TlsGetValue
ExitThread
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
TlsAlloc
TlsFree
SetLastError
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RtlUnwind
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
SetFilePointer
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetStdHandle
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers

setupapi

SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsA

Exports

Exports

BTDFU_Abort
BTDFU_GetStatus
BTDFU_Start

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
F84848_btkrnl.sys
.sys windows:5 windows x86 arch:x86

78b42c8651d8469cd58eedb2185ee382

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeInitializeTimer
IoDeleteDevice
IoDeleteSymbolicLink
IoAttachDeviceToDeviceStack
IoCreateSymbolicLink
KeInitializeSpinLock
KeInitializeEvent
IoCreateDevice
RtlInitUnicodeString
ObfReferenceObject
IoDetachDevice
KeWaitForSingleObject
_allmul
ZwEnumerateValueKey
ZwClose
ZwQueryKey
ZwOpenKey
KeLeaveCriticalRegion
KeEnterCriticalRegion
IoInvalidateDeviceRelations
InterlockedExchange
KeCancelTimer
IoReleaseCancelSpinLock
KeSetTimer
IoGetDeviceProperty
IoOpenDeviceRegistryKey
ZwQueryValueKey
KeInitializeDpc
swprintf
wcscpy
wcslen
RtlAnsiStringToUnicodeString
RtlInitAnsiString
_aullshr
ObfDereferenceObject
IoBuildSynchronousFsdRequest
IoGetAttachedDeviceReference
IoIsWdmVersionAvailable
RtlFreeUnicodeString
ExQueueWorkItem
DbgPrint
vsprintf
KeGetCurrentThread
strncpy
KeDelayExecutionThread
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
KeQuerySystemTime
_alldiv
_vsnprintf
strncmp
sprintf
wcsstr
ZwEnumerateKey
InterlockedDecrement
KeSetEvent
InterlockedIncrement
KeClearEvent
IofCallDriver
ExFreePool
IoInvalidateDeviceState
ExAllocatePoolWithTag
RtlCopyUnicodeString
PoSetPowerState
PoCallDriver
PoStartNextPowerIrp
ZwSetValueKey
IofCompleteRequest

hal

ExReleaseFastMutex
KfReleaseSpinLock
KfAcquireSpinLock
KeGetCurrentIrql
ExAcquireFastMutex

ndis.sys

NdisFreeMemory
NdisAllocateMemory
NdisCloseAdapter
NdisQueryAdapterInstanceName
NdisDeregisterProtocol
NdisRegisterProtocol
NdisOpenAdapter

Sections

.text
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 584KB - Virtual size: 584KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 992B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
F84849_BTKRNL.VXD
F84850_btport.sys
.sys windows:5 windows x86 arch:x86

7fd7bee5aba84d254687b236400a106a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExFreePool
IoDetachDevice
RtlUnicodeStringToInteger
RtlInitUnicodeString
KeInitializeDpc
KeInitializeTimer
KeInitializeSpinLock
IoCancelIrp
IoReleaseCancelSpinLock
IoAcquireCancelSpinLock
KeSetEvent
KeInitializeEvent
IoCreateDevice
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
RtlAppendUnicodeToString
IoAttachDeviceToDeviceStack
IofCompleteRequest
InterlockedIncrement
IofCallDriver
ZwClose
IoOpenDeviceRegistryKey
RtlDeleteRegistryValue
IoDeleteDevice
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
RtlWriteRegistryValue
IoCreateSymbolicLink
InterlockedExchange
KeCancelTimer
KeSetTimer
PoCallDriver
RtlCompareUnicodeString
ZwQueryValueKey
ZwOpenKey
IoGetDeviceObjectPointer
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
ObfDereferenceObject
IoFreeIrp
IoAllocateIrp
KeQuerySystemTime
_allmul
ExAllocatePoolWithQuotaTag
_except_handler3
PoStartNextPowerIrp
InterlockedDecrement
KeWaitForSingleObject
KeRemoveQueueDpc
ExAllocatePoolWithTag
IoDeleteSymbolicLink
memmove

hal

KfAcquireSpinLock
KfReleaseSpinLock
ExAcquireFastMutex
ExReleaseFastMutex
KeGetCurrentIrql

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 480B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
F84851_BTPORT.VXD
F84852_btwdndis.sys
.sys windows:4 windows x86 arch:x86

2105b96124844b5a22b21c6124e5737b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeInitializeEvent
strncpy
IofCallDriver
KeWaitForSingleObject
IoFreeIrp
KeSetEvent
ObfDereferenceObject
RtlInitUnicodeString
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
IoGetDeviceObjectPointer
_vsnprintf
sprintf
vsprintf
memmove
strncmp
ExQueueWorkItem
KeInitializeSpinLock
KeDelayExecutionThread
IoAllocateIrp
IoIsWdmVersionAvailable

hal

KfReleaseSpinLock
KfAcquireSpinLock

ndis.sys

NdisQueryBuffer
NDIS_BUFFER_TO_SPAN_PAGES
NdisMCancelTimer
NdisOpenConfiguration
NdisWriteErrorLogEntry
NdisAllocateMemoryWithTag
NdisCloseConfiguration
NdisFreeMemory
NdisReadConfiguration
NdisMSetAttributesEx
NdisMInitializeTimer
NdisSetTimer
NdisGetCurrentSystemTime
NdisInitializeWrapper
NdisMRegisterMiniport
NdisTerminateWrapper
NdisQueryBufferOffset

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PNP
Size: 96B - Virtual size: 67B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
F84853_btwdndis.sys
.sys windows:4 windows x86 arch:x86

2105b96124844b5a22b21c6124e5737b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeInitializeEvent
strncpy
IofCallDriver
KeWaitForSingleObject
IoFreeIrp
KeSetEvent
ObfDereferenceObject
RtlInitUnicodeString
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
IoGetDeviceObjectPointer
_vsnprintf
sprintf
vsprintf
memmove
strncmp
ExQueueWorkItem
KeInitializeSpinLock
KeDelayExecutionThread
IoAllocateIrp
IoIsWdmVersionAvailable

hal

KfReleaseSpinLock
KfAcquireSpinLock

ndis.sys

NdisQueryBuffer
NDIS_BUFFER_TO_SPAN_PAGES
NdisMCancelTimer
NdisOpenConfiguration
NdisWriteErrorLogEntry
NdisAllocateMemoryWithTag
NdisCloseConfiguration
NdisFreeMemory
NdisReadConfiguration
NdisMSetAttributesEx
NdisMInitializeTimer
NdisSetTimer
NdisGetCurrentSystemTime
NdisInitializeWrapper
NdisMRegisterMiniport
NdisTerminateWrapper
NdisQueryBufferOffset

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PNP
Size: 96B - Virtual size: 67B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
F84855_frmupgr.sys
.sys windows:5 windows x86 arch:x86

7234fb389d690f177ea3e92b1f94e8e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ObReferenceObjectByHandle
PsCreateSystemThread
ObfDereferenceObject
KeWaitForSingleObject
IofCompleteRequest
ExAllocatePoolWithTag
IofCallDriver
KeDelayExecutionThread
IoCancelIrp
IoBuildDeviceIoControlRequest
KeInitializeEvent
RtlFreeUnicodeString
DbgPrint
RtlCopyUnicodeString
IoIsWdmVersionAvailable
ZwClose
IoDetachDevice
PoSetPowerState
IoAttachDeviceToDeviceStack
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
KeSetEvent
IoDeleteSymbolicLink
PoCallDriver
PoStartNextPowerIrp
PoRequestPowerIrp
InterlockedExchange
IoAllocateIrp
IoFreeIrp
ExQueueWorkItem
IoDeleteDevice
InterlockedIncrement
InterlockedDecrement
PoRegisterDeviceForIdleDetection
RtlUnwind
ExFreePool

hal

KeGetCurrentIrql

usbd.sys

_USBD_ParseConfigurationDescriptorEx@28
USBD_CreateConfigurationRequest
_USBD_ParseDescriptors@16

wmilib.sys

WmiCompleteRequest

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

page
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

init
Size: 224B - Virtual size: 212B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 320B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 352B - Virtual size: 350B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 960B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 672B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
F84857_btwdndis.sys
.sys windows:4 windows x86 arch:x86

2105b96124844b5a22b21c6124e5737b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeInitializeEvent
strncpy
IofCallDriver
KeWaitForSingleObject
IoFreeIrp
KeSetEvent
ObfDereferenceObject
RtlInitUnicodeString
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
IoGetDeviceObjectPointer
_vsnprintf
sprintf
vsprintf
memmove
strncmp
ExQueueWorkItem
KeInitializeSpinLock
KeDelayExecutionThread
IoAllocateIrp
IoIsWdmVersionAvailable

hal

KfReleaseSpinLock
KfAcquireSpinLock

ndis.sys

NdisQueryBuffer
NDIS_BUFFER_TO_SPAN_PAGES
NdisMCancelTimer
NdisOpenConfiguration
NdisWriteErrorLogEntry
NdisAllocateMemoryWithTag
NdisCloseConfiguration
NdisFreeMemory
NdisReadConfiguration
NdisMSetAttributesEx
NdisMInitializeTimer
NdisSetTimer
NdisGetCurrentSystemTime
NdisInitializeWrapper
NdisMRegisterMiniport
NdisTerminateWrapper
NdisQueryBufferOffset

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PNP
Size: 96B - Virtual size: 67B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
F84859_btport.sys
.sys windows:5 windows x86 arch:x86

7fd7bee5aba84d254687b236400a106a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExFreePool
IoDetachDevice
RtlUnicodeStringToInteger
RtlInitUnicodeString
KeInitializeDpc
KeInitializeTimer
KeInitializeSpinLock
IoCancelIrp
IoReleaseCancelSpinLock
IoAcquireCancelSpinLock
KeSetEvent
KeInitializeEvent
IoCreateDevice
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
RtlAppendUnicodeToString
IoAttachDeviceToDeviceStack
IofCompleteRequest
InterlockedIncrement
IofCallDriver
ZwClose
IoOpenDeviceRegistryKey
RtlDeleteRegistryValue
IoDeleteDevice
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
RtlWriteRegistryValue
IoCreateSymbolicLink
InterlockedExchange
KeCancelTimer
KeSetTimer
PoCallDriver
RtlCompareUnicodeString
ZwQueryValueKey
ZwOpenKey
IoGetDeviceObjectPointer
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
ObfDereferenceObject
IoFreeIrp
IoAllocateIrp
KeQuerySystemTime
_allmul
ExAllocatePoolWithQuotaTag
_except_handler3
PoStartNextPowerIrp
InterlockedDecrement
KeWaitForSingleObject
KeRemoveQueueDpc
ExAllocatePoolWithTag
IoDeleteSymbolicLink
memmove

hal

KfAcquireSpinLock
KfReleaseSpinLock
ExAcquireFastMutex
ExReleaseFastMutex
KeGetCurrentIrql

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 480B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
F84897_btosif.dll
.dll windows:4 windows x86 arch:x86

34fec45352d9c5b77e2fe816c69ca0db

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSAStartup
socket
bind
ntohl
sendto

mfc42

ord6467
ord860
ord861
ord6567
ord539
ord535
ord939
ord941
ord858
ord1085
ord823
ord2614
ord1578
ord600
ord826
ord269
ord1253
ord1570
ord1197
ord1243
ord342
ord5601
ord540
ord542
ord800
ord802
ord815
ord825
ord561
ord3738
ord1255
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord3953
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
_onexit
__dllonexit
wcsncpy
wcschr
towupper
_mbscmp
_purecall
vsprintf
strncmp
atof
atoi
toupper
wcscpy
free
malloc
strncpy
sscanf
wcslen
swprintf
_wremove
fgetc
fseek
ftell
fclose
_wfopen
fopen
_errno
strerror
fprintf
fputc
fgets
strchr
sprintf
strstr
_mbsnbcpy
__CxxFrameHandler
remove

kernel32

IsValidCodePage
LocalAlloc
FormatMessageA
LocalFree
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersionExA
GetLocaleInfoA
GetTempPathW
GetTempFileNameW
GetLastError
GetTempPathA
GetTempFileNameA
MultiByteToWideChar
WideCharToMultiByte
lstrlenW

advapi32

RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

oleaut32

SysAllocString
SysStringLen
SysAllocStringLen
SysFreeString

Exports

Exports

??0CBTvCard@@QAE@ABUtagvCard@@@Z
??0CBTvCard@@QAE@XZ
??1CBTvCard@@QAE@XZ
?CopyString@CBTvCard@@AAEHABVCString@@PADH@Z
?Empty@CBTvCard@@QAEXXZ
?FillAddress@CBTvCard@@AAEXPAUtagProp@@AAU_Address@1@PAD@Z
?FillTelephone@CBTvCard@@AAEXPAUtagProp@@AAVCString@@PAD@Z
?Generate@CBTvCard@@QAEXPAGE@Z
?LoadAddresses@CBTvCard@@AAEXPBUtagProp@@@Z
?LoadEmailAddresses@CBTvCard@@AAEXPBUtagProp@@@Z
?LoadFromVCard@CBTvCard@@QAEXABUtagvCard@@@Z
?LoadPhoneNumbers@CBTvCard@@AAEXPBUtagProp@@@Z
?LoadSingleAddress@CBTvCard@@AAEXAAU_Address@1@PBUtagProp@@@Z
?Parse@CBTvCard@@QAEHPAG@Z
?getAddress@CBTvCard@@AAE?BVCString@@AAU_Address@1@@Z
?getCompany@CBTvCard@@QAEHPADH@Z
?getDepartment@CBTvCard@@QAEHPADH@Z
?getEmailAddress@CBTvCard@@QAEHPADH@Z
?getFirstName@CBTvCard@@QAEHPADH@Z
?getFullname@CBTvCard@@QAEHPADH@Z
?getHomeAddress@CBTvCard@@QAEHPADH@Z
?getHomePhone@CBTvCard@@QAEHPADH@Z
?getID@CBTvCard@@QAEHPADH@Z
?getJobTitle@CBTvCard@@QAEHPADH@Z
?getLastName@CBTvCard@@QAEHPADH@Z
?getMiddleName@CBTvCard@@QAEHPADH@Z
?getMobilePhone@CBTvCard@@QAEHPADH@Z
?getName@CBTvCard@@QAEHPADH@Z
?getSuffix@CBTvCard@@QAEHPADH@Z
?getTitle@CBTvCard@@QAEHPADH@Z
?getWorkAddress@CBTvCard@@QAEHPADH@Z
?getWorkFax@CBTvCard@@QAEHPADH@Z
?getWorkPhone@CBTvCard@@QAEHPADH@Z
?setBusinessWebPage@CBTvCard@@QAEXQBD@Z
?setCompany@CBTvCard@@QAEXQBD@Z
?setDepartment@CBTvCard@@QAEXQBD@Z
?setEmailAddress@CBTvCard@@QAEXQBD@Z
?setFirstName@CBTvCard@@QAEXQBD@Z
?setFullname@CBTvCard@@QAEXQBD@Z
?setHomeCity@CBTvCard@@QAEXQBD@Z
?setHomeCountry@CBTvCard@@QAEXQBD@Z
?setHomeFax@CBTvCard@@QAEXQBD@Z
?setHomePOBox@CBTvCard@@QAEXQBD@Z
?setHomePhone@CBTvCard@@QAEXQBD@Z
?setHomePostalCode@CBTvCard@@QAEXQBD@Z
?setHomeState@CBTvCard@@QAEXQBD@Z
?setHomeStreet@CBTvCard@@QAEXQBD@Z
?setJobTitle@CBTvCard@@QAEXQBD@Z
?setLastName@CBTvCard@@QAEXQBD@Z
?setMiddleName@CBTvCard@@QAEXQBD@Z
?setMobilePhone@CBTvCard@@QAEXQBD@Z
?setPager@CBTvCard@@QAEXQBD@Z
?setPersonalWebPage@CBTvCard@@QAEXQBD@Z
?setSuffix@CBTvCard@@QAEXQBD@Z
?setTitle@CBTvCard@@QAEXQBD@Z
?setWorkCity@CBTvCard@@QAEXQBD@Z
?setWorkCountry@CBTvCard@@QAEXQBD@Z
?setWorkFax@CBTvCard@@QAEXQBD@Z
?setWorkPOBox@CBTvCard@@QAEXQBD@Z
?setWorkPhone@CBTvCard@@QAEXQBD@Z
?setWorkPostalCode@CBTvCard@@QAEXQBD@Z
?setWorkState@CBTvCard@@QAEXQBD@Z
?setWorkStreet@CBTvCard@@QAEXQBD@Z
OSIF_AddObject
OSIF_Alloc
OSIF_CL_Close
OSIF_CL_GetCurrentAnchor
OSIF_CL_GetDatabaseId
OSIF_CL_GetFirstEntry
OSIF_CL_GetNextEntry
OSIF_CL_Open
OSIF_Close
OSIF_CodeToString
OSIF_DecodeFile
OSIF_DeleteObject
OSIF_EncodeFile
OSIF_FindObject
OSIF_Free
OSIF_FreeObject
OSIF_GetEncoding
OSIF_GetFirstId
OSIF_GetFirstObject
OSIF_GetFormatType
OSIF_GetFormatTypeExtension
OSIF_GetNextId
OSIF_GetNextObject
OSIF_GetObjectById
OSIF_GetObjectCount
OSIF_GetObjectName
OSIF_GetProp
OSIF_IsPimSupported
OSIF_IsPresent
OSIF_IsSupported
OSIF_ModifyObject
OSIF_Open
OSIF_OpenX
OSIF_PIMToString
OSIF_PIMVersion
OSIF_ReadObjects
OSIF_WriteObject

Sections

.text
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
F84927_btosif_notes.dll
.dll windows:4 windows x86 arch:x86

a85d26a420f5129fa5adeae742629645

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

bind
ntohl
sendto
WSAStartup
socket

btosif

OSIF_EncodeFile
OSIF_DecodeFile
OSIF_Alloc
OSIF_Free

mfc42

ord535
ord540
ord433
ord5575
ord858
ord839
ord5651
ord3676
ord5572
ord2393
ord2818
ord941
ord939
ord924
ord860
ord2915
ord3130
ord2141
ord350
ord3663
ord434
ord432
ord5934
ord861
ord928
ord539
ord6877
ord1656
ord2464
ord3810
ord835
ord920
ord836
ord800
ord802
ord542
ord936
ord6569
ord6467
ord823
ord665
ord5583
ord1979
ord6385
ord5186
ord354
ord834
ord833
ord3055
ord6672
ord3758
ord3408
ord3227
ord3054
ord3425
ord3880
ord2814
ord6648
ord5933
ord919
ord4033
ord269
ord815
ord825
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord1578
ord1255
ord1253
ord1570
ord1197
ord1243
ord2982
ord3953
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord600
ord826
ord2765

msvcrt

_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
wcsstr
strncpy
wcschr
towupper
time
srand
rand
atol
strstr
_wremove
remove
fgetc
fseek
ftell
fclose
_wfopen
fopen
_errno
strerror
fprintf
fputc
fgets
strchr
atoi
_purecall
malloc
free
sprintf
toupper
isdigit
vsprintf
wcsncpy
wcslen
wcscat
swprintf
wcscpy
_ftol
_mbscmp
wcscmp
_mbsnbcpy
__CxxFrameHandler
_CxxThrowException
_mbsicmp
sscanf

kernel32

GetTempPathW
GetLocaleInfoA
GetVersionExA
SystemTimeToFileTime
GetTempFileNameW
LocalFileTimeToFileTime
IsValidCodePage
GetTempFileNameA
GetFileAttributesW
GetFileAttributesA
CopyFileW
CopyFileA
MoveFileW
MoveFileA
InterlockedIncrement
GetTempPathA
InterlockedDecrement
Sleep
LocalFree
WideCharToMultiByte
GetLastError
MultiByteToWideChar
FormatMessageA
lstrlenA
FileTimeToSystemTime
LocalAlloc

user32

TranslateMessage
PeekMessageA
PostMessageA
DispatchMessageA
wsprintfA

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueExA

ole32

CoCreateInstance
OleRun

oleaut32

GetErrorInfo
VariantClear
SafeArrayGetElement
VariantInit
VariantChangeType
SysAllocString
SysFreeString
SysStringLen
SysAllocStringLen
VariantCopy

Exports

Exports

NOTES_GetItemType
OSIF_LoadInterface

Sections

.text
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
F84957_btosif_ol.dll
.dll windows:4 windows x86 arch:x86

fe6065e9ff7a48c804365b38bde6a317

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

ntohl
sendto
bind
socket
WSAStartup

btosif

OSIF_Alloc
OSIF_Free
OSIF_DecodeFile
OSIF_EncodeFile

mfc42

ord815
ord4033
ord800
ord535
ord540
ord433
ord5575
ord5572
ord2915
ord2393
ord2818
ord941
ord939
ord858
ord924
ord860
ord1656
ord434
ord823
ord5710
ord2614
ord537
ord5934
ord919
ord5933
ord3880
ord3425
ord3054
ord836
ord839
ord465
ord3758
ord3408
ord3227
ord861
ord850
ord825
ord5651
ord3676
ord3130
ord2141
ord350
ord3663
ord3810
ord539
ord3409
ord3228
ord920
ord936
ord4204
ord6927
ord2765
ord802
ord542
ord4129
ord2763
ord6567
ord922
ord464
ord2813
ord6569
ord928
ord834
ord833
ord3055
ord6672
ord2814
ord826
ord600
ord1578
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord3953
ord5714
ord5289
ord5307
ord6467
ord1255
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1572
ord1116
ord269

msvcrt

_initterm
_adjust_fdiv
_onexit
__dllonexit
wcsstr
wcschr
towupper
time
srand
rand
atol
strstr
strncmp
_isctype
__mb_cur_max
_pctype
_wremove
remove
fgetc
fseek
ftell
fclose
_wfopen
fopen
_errno
strerror
fprintf
fputc
fgets
sscanf
_purecall
malloc
free
sprintf
toupper
vsprintf
wcsncpy
wcslen
wcscat
swprintf
wcscpy
_ftol
strncpy
wcscmp
_mbsnbcpy
atoi
strchr
_mbscmp
__CxxFrameHandler
??1type_info@@UAE@XZ

kernel32

IsValidCodePage
LocalFileTimeToFileTime
LocalFree
FileTimeToSystemTime
SystemTimeToFileTime
GetVersionExA
GetLocaleInfoA
GetTempPathW
GetTempFileNameW
GetTempPathA
GetTempFileNameA
GetFileAttributesW
GetFileAttributesA
CopyFileW
CopyFileA
MoveFileW
MoveFileA
GetLastError
WideCharToMultiByte
MultiByteToWideChar
FormatMessageA
LocalAlloc
lstrlenA

user32

wsprintfA

advapi32

RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

oleaut32

SysStringLen
SysAllocStringLen
SysAllocString
SysFreeString
VariantClear

Exports

Exports

OL_CloseX
OL_GetObjectById
OL_OpenX
OSIF_LoadInterface

Sections

.text
Size: 136KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
F84988_btins.dll
.dll windows:4 windows x86 arch:x86

c1928eeab8b11b2cb4c59b11cf4f121a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msi

ord75
ord8
ord144
ord73
ord143
ord103
ord121
ord124
ord17

shlwapi

PathIsDirectoryA
SHSetValueA
SHGetValueA
SHDeleteKeyA
PathFileExistsA
SHEnumKeyExA

tapi32

lineGetDevCapsA
lineGetDevConfigA
lineShutdown
lineInitialize

setupapi

SetupDiEnumDeviceInfo
SetupGetFieldCount
SetupGetLineCountA
SetupGetLineByIndexA
SetupGetStringFieldA
SetupGetInfFileListA
SetupOpenInfFileA
SetupCloseInfFile
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA

mfc42

ord3136
ord3262
ord2985
ord3081
ord2976
ord3370
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3640
ord693
ord3301
ord3998
ord2100
ord2864
ord567
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3402
ord3639
ord616
ord692
ord2463
ord1651
ord1871
ord414
ord713
ord668
ord3178
ord3181
ord2781
ord2770
ord356
ord2107
ord2841
ord4160
ord818
ord641
ord2514
ord926
ord1105
ord6779
ord6663
ord4465
ord2763
ord5450
ord5440
ord6383
ord6394
ord4202
ord1622
ord5683
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord4622
ord3738
ord561
ord815
ord1146
ord6929
ord6927
ord4278
ord3511
ord5303
ord2726
ord4699
ord5715
ord3353
ord817
ord565
ord1948
ord3954
ord5265
ord4376
ord4853
ord4998
ord6052
ord1775
ord4407
ord5280
ord4425
ord3597
ord324
ord2302
ord4234
ord4710
ord4287
ord2370
ord6141
ord5859
ord4058
ord4083
ord3337
ord2813
ord920
ord5933
ord1116
ord6199
ord3092
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4402
ord1776
ord4078
ord6055
ord2582
ord5861
ord6877
ord6928
ord5466
ord6407
ord1200
ord2915
ord5572
ord6143
ord801
ord2614
ord541
ord6467
ord939
ord535
ord1151
ord1193
ord1168
ord823
ord2764
ord4129
ord6282
ord6283
ord5710
ord537
ord4204
ord6883
ord913
ord924
ord532
ord5465
ord1997
ord798
ord858
ord2827
ord3663
ord3811
ord2820
ord2818
ord350
ord922
ord3127
ord941
ord3616
ord5651
ord860
ord665
ord825
ord540
ord354
ord800
ord269
ord826
ord600
ord1578
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1575
ord1176
ord1106

msvcrt

??1type_info@@UAE@XZ
rand
_ftol
wcscat
wcsrchr
wcsncpy
fopen
fwrite
fclose
__dllonexit
calloc
realloc
_strlwr
_mbsnbcat
_stricmp
wcslen
atoi
_purecall
toupper
isdigit
vsprintf
_mbsicmp
_mbschr
_onexit
_initterm
_adjust_fdiv
_mbsstr
__CxxFrameHandler
sprintf
strrchr
_mbsicoll
sscanf
_strupr
free
malloc
strstr
_mbsnbcpy
_mbscmp

kernel32

EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
MultiByteToWideChar
OutputDebugStringA
GetProfileStringA
lstrlenA
SetLastError
LoadLibraryA
GetProcAddress
FreeLibrary
Sleep
WideCharToMultiByte
CloseHandle
CreateFileA
DeviceIoControl
GetModuleHandleA
GetModuleFileNameA
DeleteFileA
InterlockedIncrement
GetComputerNameA
GetVersionExA
GetWindowsDirectoryA
GetSystemDirectoryA
GlobalMemoryStatus
GetLastError
FormatMessageA
LocalFree
GetTempPathA
GetEnvironmentVariableA
GlobalFree
GlobalAlloc
IsDBCSLeadByte
SystemTimeToFileTime
GetSystemTime
TerminateThread
TerminateProcess
SetFileAttributesA
OpenProcess
GetCurrentProcessId
GetSystemPowerStatus
Process32Next
Process32First
CreateToolhelp32Snapshot
GetTickCount
RemoveDirectoryA
ResumeThread
CopyFileA
GetDriveTypeA
lstrlenW
SetEnvironmentVariableA
FindNextFileA
GetFileAttributesA
ReadFile
HeapFree
HeapAlloc
GetProcessHeap
GetCurrentDirectoryA
CreateDirectoryA
GetUserDefaultLangID
SetCurrentDirectoryA
GetSystemDefaultLangID
LocalAlloc
DeleteCriticalSection
InterlockedDecrement
ReleaseMutex
SetEvent
CallNamedPipeA
CreateThread
CreateEventA
CreateMutexA
WaitForSingleObject
CreateProcessA
FindClose
GetSystemInfo
FindFirstFileA

user32

CheckDlgButton
GetDlgItem
CallWindowProcW
IsWindowVisible
CheckRadioButton
IsWindow
GetClassNameA
CreateWindowExW
FindWindowExA
GetWindowLongA
IsWindowEnabled
BringWindowToTop
SetForegroundWindow
EnumChildWindows
MessageBoxA
LoadStringA
FindWindowA
GetWindow
EnableWindow
EnumWindows
SetClassLongW
PostMessageA
SetFocus
VkKeyScanA
keybd_event
GetWindowTextA
UpdateWindow
GetDesktopWindow
SendMessageA
DestroyWindow
LoadIconA

winspool.drv

EnumPrintersA
ClosePrinter
OpenPrinterA
GetPrinterDataA
EnumJobsA
GetPrinterA

advapi32

ControlService
StartServiceA
CloseServiceHandle
RegDeleteKeyA
RegEnumKeyExA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
GetUserNameA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
CryptAcquireContextA
CryptReleaseContext
CryptSetProvParam
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
SetSecurityDescriptorDacl
SetSecurityInfo
FreeSid
RegEnumKeyA
LookupPrivilegeValueA
OpenProcessToken
GetTokenInformation
RegEnumValueA
RegQueryInfoKeyA
InitializeSecurityDescriptor

shell32

ShellExecuteA
SHGetMalloc
SHChangeNotify
SHGetSpecialFolderLocation
Shell_NotifyIconA
SHFileOperationA
SHGetDesktopFolder
SHGetSpecialFolderPathA

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance
CoInitialize
StringFromGUID2

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

msvcp60

??0Init@ios_base@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ

Exports

Exports

?BTINS_CleanAutoConnect@@YG?AW4BTINS_ERR@@XZ
?BTINS_DeleteDriverBinFiles@@YG?AW4BTINS_ERR@@XZ
?BTINS_DeleteMonitor@@YG?AW4BTINS_ERR@@XZ
?BTINS_DeleteShellIconCache@@YG?AW4BTINS_ERR@@XZ
?BTINS_DisableOldDevices@@YGXXZ
?BTINS_DisableOutlookPreFirstRunMessage@@YAXXZ
?BTINS_InstallAudio@@YG?AW4BTINS_ERR@@K_NPAH0@Z
?BTINS_InstallHids@@YG?AW4BTINS_ERR@@_NPAH@Z
?BTINS_InstallMonitor@@YG?AW4BTINS_ERR@@XZ
?BTINS_InstallNDIS@@YG?AW4BTINS_ERR@@K_NPAH0@Z
?BTINS_InstallNetworking@@YG?AW4BTINS_ERR@@XZ
?BTINS_InstallSendToExplorer@@YG?AW4BTINS_ERR@@_N@Z
?BTINS_InstallSendToInternetExplorer@@YG?AW4BTINS_ERR@@_N@Z
?BTINS_InstallServiceDriver@@YG?AW4BTINS_ERR@@KPBD000_NPAH@Z
?BTINS_LocalizeRegistry@@YG?AW4BTINS_ERR@@K@Z
?BTINS_RemoveBluetoothDevices@@YG?AW4BTINS_ERR@@K_NPAH0@Z
?BTINS_SetRegistrySecurity@@YG?AW4BTINS_ERR@@XZ
?BTINS_StartSpooler@@YG?AW4BTINS_ERR@@XZ
?BTINS_StopSpooler@@YG?AW4BTINS_ERR@@XZ
?BTINS_UninstallMonitor@@YG?AW4BTINS_ERR@@XZ
?BTINS_UninstallSendTo@@YG?AW4BTINS_ERR@@PAUHWND__@@@Z
BTINS_CheckInstallDir
BTINS_CheckUserPrivileges
BTINS_CleanComponents
BTINS_CleanInfFilesWithHardwareID
BTINS_CleanRegistry
BTINS_ConfigureForLotusNotes
BTINS_ConfigureRas
BTINS_ConfigureServices
BTINS_EnableServiceApps
BTINS_Install
BTINS_InstallDriver
BTINS_InstallKernel
BTINS_InstallModems
BTINS_InstallPorts
BTINS_InstallServicePack
BTINS_IsDeviceInstalled
BTINS_IsDevicePresent
BTINS_IsDialupAdapterInstalled
BTINS_IsDialupNetworkingInstalled
BTINS_IsProcessPrivileged
BTINS_RebootIfNeeded
BTINS_RefreshDevices
BTINS_RegisterBTNeighborhood
BTINS_RemoveBluetoothCommunicationDevice
BTINS_SetDriverOption
BTINS_SetInstallerProperties
BTINS_SetProductName
BTINS_SetServiceAppProperties
BTINS_StartLogging
BTINS_StartStack
BTINS_StartStackServer
BTINS_StopLogging
BTINS_StopStackServer
BTINS_Uninstall
BTINS_UnsetDriverOption
BTINS_UpdateDevices

Sections

.text
Size: 228KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
F85018_btdev.dll
.dll windows:4 windows x86 arch:x86

8bd35bba166d3e04412255c8835ec7d7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiClassGuidsFromNameA
SetupDiDestroyDeviceInfoList

mfc42

ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord2725
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord269
ord5302
ord826
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord2764
ord4129
ord1578
ord6467
ord1255
ord1253
ord6283
ord1151
ord1193
ord1200
ord537
ord823
ord858
ord2818
ord540
ord800
ord825
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord3830
ord600
ord1243
ord1197
ord1570

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
_onexit
__dllonexit
_mbsstr
_strlwr
sscanf
sprintf
malloc
__CxxFrameHandler
strstr
free

kernel32

WaitForSingleObject
Sleep
CloseHandle
CreateProcessA
GetLastError
GetVersionExA
LoadLibraryA
FreeLibrary
GetProcAddress
GetSystemDirectoryA
TerminateProcess
LocalFree
LocalAlloc

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegDeleteValueA

Exports

Exports

?BTDEV_RemoveHIDbyBdAddr@@YA?AW4BTDEV_ERR@@PAEPAH@Z
BTDEV_CopyOemInfFile
BTDEV_GetModems
BTDEV_GetPorts
BTDEV_InstallAudio
BTDEV_InstallKernel
BTDEV_InstallModem
BTDEV_InstallNDIS
BTDEV_InstallPort
BTDEV_InstallPorts
BTDEV_RemoveAudio
BTDEV_RemoveDevice
BTDEV_RemoveKernel
BTDEV_RemoveKeyboard
BTDEV_RemoveModem
BTDEV_RemoveMouse
BTDEV_RemoveNDIS
BTDEV_RemovePort

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Global_Controls_COMCATDLL_f0.3207D1B0_80E5_11D2_B95D_006097C4DE24
.dll regsvr32 windows:4 windows x86 arch:x86

5316dd1ba7417f578451f902c4b4f845

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

ole32

StringFromCLSID
StringFromGUID2
CoTaskMemAlloc
CLSIDFromString
CoTaskMemFree

kernel32

GetModuleFileNameA
lstrlenA
GlobalAlloc
lstrlenW
GetModuleHandleA
WideCharToMultiByte
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
IsBadReadPtr
GetUserDefaultLCID
IsBadWritePtr
GlobalFree

user32

wsprintfA

advapi32

RegCreateKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyW
RegEnumKeyA
RegOpenKeyA
RegCloseKey
RegDeleteKeyA
RegSetValueExW
RegSetValueExA
RegCreateKeyExW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 906B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Global_System_OLEAUT32_f2.8C0C59A0_7DC8_11D2_B95D_006097C4DE24
.dll windows:4 windows x86 arch:x86

28b659576236be75a4bbcbfa9113e470

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

ole32

ReleaseStgMedium

user32

UnionRect

gdi32

CreateSolidBrush
SetDIBits
SetMapMode
DeleteObject
PatBlt
GetCurrentObject
SelectObject
SetStretchBltMode
GetObjectA
GetNearestPaletteIndex
SetDIBColorTable
GetNearestColor
SelectPalette
SetDIBitsToDevice
StretchDIBits

kernel32

SetLastError
GetCPInfo
GetACP
GetStartupInfoA
InterlockedIncrement
InitializeCriticalSection
InterlockedDecrement
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetTickCount
lstrlenA
GlobalDeleteAtom
GlobalAddAtomA
GetCommandLineA
GetProcAddress
GetModuleHandleA
GetVersion
HeapFree
GetModuleFileNameA
RtlUnwind
HeapAlloc
HeapReAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetLocaleInfoA
GetLocaleInfoW
GetOEMCP
FreeEnvironmentStringsA
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WideCharToMultiByte
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
LoadLibraryA
FlushFileBuffers
SetFilePointer
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetStdHandle
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
CloseHandle
ReadFile

Exports

Exports

DllCanUnloadNow
FilterCreateInstance

Sections

.text
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Global_System_OLEAUT32_f3.8C0C59A0_7DC8_11D2_B95D_006097C4DE24
.dll regsvr32 windows:4 windows x86 arch:x86

d7112004d3c345a2ed68d74bba3d37f5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

ole32

StgCreateDocfileOnILockBytes
WriteFmtUserTypeStg
WriteClassStg
ReadClassStg
MkParseDisplayName
StgCreateDocfile
CreateBindCtx
CoCreateInstance
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
CoSetState
ReleaseStgMedium
CoGetClassObject
StringFromGUID2
CreateItemMoniker
GetRunningObjectTable
CoGetMalloc
CLSIDFromString
CoUnmarshalInterface
CoMarshalInterface
CoUnmarshalHresult
CoMarshalHresult

user32

CreateWindowExA
RegisterClipboardFormatA
RegisterClassA
GetClassInfoA
GetWindowLongA
IsWindow
DestroyWindow
DefWindowProcA
GetSysColor
SetWindowLongA
SetFocus
SetActiveWindow
GetActiveWindow
PostQuitMessage
PostMessageA
DispatchMessageA
DispatchMessageW
TranslateMessage
GetMessageW
GetMessageA
SendMessageA
EnableWindow
GetParent
GetFocus
CharNextA
GetWindowTextA
CharLowerA
SendMessageW
GetDlgItem
GetKeyState
ReleaseDC
GetDialogBaseUnits
GetDC
GetClientRect
IsWindowUnicode
GetTopWindow
WinHelpA
wsprintfA
DestroyIcon
CreateIcon
CreateCursor
DrawIcon
GetSystemMetrics
GetIconInfo
CopyIcon
CopyImage

gdi32

GetWindowOrgEx
CreateHalftonePalette
CreateDIBitmap
CreateDIBSection
Escape
SetBitmapBits
SetDIBits
PlayMetaFileRecord
CreatePalette
GetEnhMetaFileBits
GetMetaFileBitsEx
CreateCompatibleDC
BitBlt
DeleteDC
CreateCompatibleBitmap
GetBitmapBits
SetEnhMetaFileBits
SaveDC
IntersectClipRect
GetPaletteEntries
OffsetViewportOrgEx
PlayEnhMetaFile
EnumMetaFile
RestoreDC
SetStretchBltMode
SetBkColor
SetTextColor
SetMapMode
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
GetWinMetaFileBits
GetCurrentObject
GetObjectType
GetStockObject
SelectPalette
RealizePalette
StretchBlt
GetDIBits
StretchDIBits
GetObjectA
GetBitmapDimensionEx
GetEnhMetaFileHeader
SetMetaFileBitsEx
CreateBitmap
PatBlt
DeleteEnhMetaFile
DeleteMetaFile
GetTextExtentPointA
GetDeviceCaps
SelectObject
GetTextMetricsW
GetTextMetricsA
GetTextFaceW
GetTextFaceA
EnumFontFamiliesExA
CreateFontIndirectA
DeleteObject

kernel32

LoadLibraryA
GlobalSize
FreeLibrary
LockResource
FlushFileBuffers
GetTimeZoneInformation
GetStringTypeW
GetStringTypeA
GetCurrentDirectoryA
VirtualAlloc
HeapSize
HeapReAlloc
RaiseException
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
ExitProcess
DeleteFileA
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
HeapFree
HeapAlloc
SetEnvironmentVariableA
SetFilePointer
GetLocalTime
MultiByteToWideChar
GetProcAddress
SetStdHandle
GetLocaleInfoA
GetSystemDefaultLCID
GetUserDefaultLCID
GetVersionExA
TlsGetValue
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
GetModuleHandleA
CompareStringA
CompareStringW
LCMapStringA
LCMapStringW
GetStringTypeExA
GetStringTypeExW
GetLocaleInfoW
GetLastError
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
IsBadWritePtr
IsBadReadPtr
InterlockedExchange
GetVersion
IsDBCSLeadByte
MulDiv
RtlUnwind
GetDriveTypeA
LoadResource
FindResourceA
_lclose
_lread
_lwrite
_llseek
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
MapViewOfFile
GlobalHandle
GlobalReAlloc
GlobalDeleteAtom
GlobalAddAtomA
lstrlenW
GetDriveTypeW
TlsAlloc
_lopen
lstrcmpiA
UnmapViewOfFile
CloseHandle
TlsSetValue
GetSystemInfo
CreateFileMappingA
GetFileSize
SearchPathA
TlsFree
CreateFileA
SetErrorMode
GetFullPathNameA
SetLastError
GetCommandLineA

advapi32

RegOpenKeyW
RegQueryInfoKeyA
RegDeleteKeyA
RegCreateKeyW
RegQueryValueExW
RegSetValueExW
RegQueryValueW
RegEnumKeyW
RegCloseKey
RegFlushKey
RegSetValueA
RegEnumKeyA
RegQueryValueA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegCreateKeyA
RegSetValueExA

Exports

Exports

BSTR_UserFree
BSTR_UserMarshal
BSTR_UserSize
BSTR_UserUnmarshal
BstrFromVector
ClearCustData
CreateDispTypeInfo
CreateErrorInfo
CreateStdDispatch
CreateTypeLib
CreateTypeLib2
DispCallFunc
DispGetIDsOfNames
DispGetParam
DispInvoke
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
DosDateTimeToVariantTime
GetActiveObject
GetAltMonthNames
GetErrorInfo
GetRecordInfoFromGuids
GetRecordInfoFromTypeInfo
LHashValOfNameSys
LHashValOfNameSysA
LPSAFEARRAY_Marshal
LPSAFEARRAY_Size
LPSAFEARRAY_Unmarshal
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserSize
LPSAFEARRAY_UserUnmarshal
LoadRegTypeLib
LoadTypeLib
LoadTypeLibEx
OACreateTypeLib2
OaBuildVersion
OleCreateFontIndirect
OleCreatePictureIndirect
OleCreatePropertyFrame
OleCreatePropertyFrameIndirect
OleIconToCursor
OleLoadPicture
OleLoadPictureEx
OleLoadPictureFile
OleLoadPictureFileEx
OleLoadPicturePath
OleSavePictureFile
OleTranslateColor
QueryPathOfRegTypeLib
RegisterActiveObject
RegisterTypeLib
RevokeActiveObject
SafeArrayAccessData
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayAllocDescriptorEx
SafeArrayCopy
SafeArrayCopyData
SafeArrayCreate
SafeArrayCreateEx
SafeArrayCreateVector
SafeArrayCreateVectorEx
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SafeArrayGetDim
SafeArrayGetElement
SafeArrayGetElemsize
SafeArrayGetIID
SafeArrayGetLBound
SafeArrayGetRecordInfo
SafeArrayGetUBound
SafeArrayGetVartype
SafeArrayLock
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayRedim
SafeArraySetIID
SafeArraySetRecordInfo
SafeArrayUnaccessData
SafeArrayUnlock
SetErrorInfo
SysAllocString
SysAllocStringByteLen
SysAllocStringLen
SysFreeString
SysReAllocString
SysReAllocStringLen
SysStringByteLen
SysStringLen
SystemTimeToVariantTime
UnRegisterTypeLib
UserBSTR_free_inst
UserBSTR_free_local
UserBSTR_from_local
UserBSTR_to_local
UserEXCEPINFO_free_inst
UserEXCEPINFO_free_local
UserEXCEPINFO_from_local
UserEXCEPINFO_to_local
UserHWND_free_inst
UserHWND_free_local
UserHWND_from_local
UserHWND_to_local
UserMSG_free_inst
UserMSG_free_local
UserMSG_from_local
UserMSG_to_local
UserVARIANT_free_inst
UserVARIANT_free_local
UserVARIANT_from_local
UserVARIANT_to_local
VARIANT_UserFree
VARIANT_UserMarshal
VARIANT_UserSize
VARIANT_UserUnmarshal
VarAbs
VarAdd
VarAnd
VarBoolFromCy
VarBoolFromDate
VarBoolFromDec
VarBoolFromDisp
VarBoolFromI1
VarBoolFromI2
VarBoolFromI4
VarBoolFromR4
VarBoolFromR8
VarBoolFromStr
VarBoolFromUI1
VarBoolFromUI2
VarBoolFromUI4
VarBstrCat
VarBstrCmp
VarBstrFromBool
VarBstrFromCy
VarBstrFromDate
VarBstrFromDec
VarBstrFromDisp
VarBstrFromI1
VarBstrFromI2
VarBstrFromI4
VarBstrFromR4
VarBstrFromR8
VarBstrFromUI1
VarBstrFromUI2
VarBstrFromUI4
VarCat
VarCmp
VarCyAbs
VarCyAdd
VarCyCmp
VarCyCmpR8
VarCyFix
VarCyFromBool
VarCyFromDate
VarCyFromDec
VarCyFromDisp
VarCyFromI1
VarCyFromI2
VarCyFromI4
VarCyFromR4
VarCyFromR8
VarCyFromStr
VarCyFromUI1
VarCyFromUI2
VarCyFromUI4
VarCyInt
VarCyMul
VarCyMulI4
VarCyNeg
VarCyRound
VarCySub
VarDateFromBool
VarDateFromCy
VarDateFromDec
VarDateFromDisp
VarDateFromI1
VarDateFromI2
VarDateFromI4
VarDateFromR4
VarDateFromR8
VarDateFromStr
VarDateFromUI1
VarDateFromUI2
VarDateFromUI4
VarDateFromUdate
VarDateFromUdateEx
VarDecAbs
VarDecAdd
VarDecCmp
VarDecCmpR8
VarDecDiv
VarDecFix
VarDecFromBool
VarDecFromCy
VarDecFromDate
VarDecFromDisp
VarDecFromI1
VarDecFromI2
VarDecFromI4
VarDecFromR4
VarDecFromR8
VarDecFromStr
VarDecFromUI1
VarDecFromUI2
VarDecFromUI4
VarDecInt
VarDecMul
VarDecNeg
VarDecRound
VarDecSub
VarDiv
VarEqv
VarFix
VarFormat
VarFormatCurrency
VarFormatDateTime
VarFormatFromTokens
VarFormatNumber
VarFormatPercent
VarI1FromBool
VarI1FromCy
VarI1FromDate
VarI1FromDec
VarI1FromDisp
VarI1FromI2
VarI1FromI4
VarI1FromR4
VarI1FromR8
VarI1FromStr
VarI1FromUI1
VarI1FromUI2
VarI1FromUI4
VarI2FromBool
VarI2FromCy
VarI2FromDate
VarI2FromDec
VarI2FromDisp
VarI2FromI1
VarI2FromI4
VarI2FromR4
VarI2FromR8
VarI2FromStr
VarI2FromUI1
VarI2FromUI2
VarI2FromUI4
VarI4FromBool
VarI4FromCy
VarI4FromDate
VarI4FromDec
VarI4FromDisp
VarI4FromI1
VarI4FromI2
VarI4FromR4
VarI4FromR8
VarI4FromStr
VarI4FromUI1
VarI4FromUI2
VarI4FromUI4
VarIdiv
VarImp
VarInt
VarMod
VarMonthName
VarMul
VarNeg
VarNot
VarNumFromParseNum
VarOr
VarParseNumFromStr
VarPow
VarR4CmpR8
VarR4FromBool
VarR4FromCy
VarR4FromDate
VarR4FromDec
VarR4FromDisp
VarR4FromI1
VarR4FromI2
VarR4FromI4
VarR4FromR8
VarR4FromStr
VarR4FromUI1
VarR4FromUI2
VarR4FromUI4
VarR8FromBool
VarR8FromCy
VarR8FromDate
VarR8FromDec
VarR8FromDisp
VarR8FromI1
VarR8FromI2
VarR8FromI4
VarR8FromR4
VarR8FromStr
VarR8FromUI1
VarR8FromUI2
VarR8FromUI4
VarR8Pow
VarR8Round
VarRound
VarSub
VarTokenizeFormatString
VarUI1FromBool
VarUI1FromCy
VarUI1FromDate
VarUI1FromDec
VarUI1FromDisp
VarUI1FromI1
VarUI1FromI2
VarUI1FromI4
VarUI1FromR4
VarUI1FromR8
VarUI1FromStr
VarUI1FromUI2
VarUI1FromUI4
VarUI2FromBool
VarUI2FromCy
VarUI2FromDate
VarUI2FromDec
VarUI2FromDisp
VarUI2FromI1
VarUI2FromI2
VarUI2FromI4
VarUI2FromR4
VarUI2FromR8
VarUI2FromStr
VarUI2FromUI1
VarUI2FromUI4
VarUI4FromBool
VarUI4FromCy
VarUI4FromDate
VarUI4FromDec
VarUI4FromDisp
VarUI4FromI1
VarUI4FromI2
VarUI4FromI4
VarUI4FromR4
VarUI4FromR8
VarUI4FromStr
VarUI4FromUI1
VarUI4FromUI2
VarUdateFromDate
VarWeekdayName
VarXor
VariantChangeType
VariantChangeTypeEx
VariantClear
VariantCopy
VariantCopyInd
VariantInit
VariantTimeToDosDateTime
VariantTimeToSystemTime
VectorFromBstr

Sections

.text
Size: 520KB - Virtual size: 519KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Global_System_OLEPRO32_f0.8C0C59A0_7DC8_11D2_B95D_006097C4DE24
.dll regsvr32 windows:4 windows x86 arch:x86

8f50e2228a97d0224410529663a78a82

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

SetLastError
GetModuleHandleA
InitializeCriticalSection
DeleteCriticalSection
lstrlenW
GlobalAddAtomA
GlobalDeleteAtom
GlobalReAlloc
GlobalHandle
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
FindResourceA
LoadResource
LockResource
FreeLibrary
MulDiv
IsDBCSLeadByte
LoadLibraryA
InterlockedDecrement
HeapDestroy
SetFilePointer
SetStdHandle
CloseHandle
FlushFileBuffers
RaiseException
GetLocaleInfoW
InterlockedIncrement
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetProcAddress
WideCharToMultiByte
VirtualAlloc
LCMapStringW
LCMapStringA
WriteFile
VirtualFree
HeapCreate
GetCommandLineA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
ExitProcess
HeapFree
HeapAlloc
GetVersion
GetLastError
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
InterlockedExchange
RtlUnwind

user32

GetMessageA
SendMessageA
EnableWindow
CopyIcon
GetIconInfo
CopyImage
DrawIcon
CreateCursor
GetSystemMetrics
DestroyIcon
wsprintfA
GetSysColor
SetWindowLongA
GetWindowLongA
DestroyWindow
SetFocus
IsWindow
SetActiveWindow
GetActiveWindow
PostQuitMessage
PostMessageA
DispatchMessageA
DispatchMessageW
TranslateMessage
GetMessageW
RegisterClipboardFormatA
GetDlgItem
CreateIcon
GetParent
GetFocus
CharNextA
GetWindowTextA
CharLowerA
SendMessageW
GetDC
GetKeyState
ReleaseDC
GetDialogBaseUnits
GetClientRect
IsWindowUnicode
GetTopWindow
WinHelpA

gdi32

SetViewportExtEx
SetMapMode
SetTextColor
DeleteDC
CreateCompatibleBitmap
PatBlt
DeleteEnhMetaFile
DeleteMetaFile
GetTextExtentPointA
GetPaletteEntries
DeleteObject
CreateFontIndirectA
EnumFontFamiliesExA
GetTextFaceA
GetTextFaceW
GetTextMetricsA
GetTextMetricsW
SelectObject
GetDeviceCaps
CreateBitmap
SetMetaFileBitsEx
GetEnhMetaFileHeader
GetBitmapDimensionEx
GetObjectA
StretchDIBits
GetDIBits
StretchBlt
RealizePalette
SelectPalette
GetStockObject
GetObjectType
GetCurrentObject
CreateHalftonePalette
CreateDIBitmap
CreateDIBSection
Escape
SetBitmapBits
SetDIBits
PlayMetaFileRecord
CreatePalette
GetEnhMetaFileBits
GetMetaFileBitsEx
CreateCompatibleDC
BitBlt
SetViewportOrgEx
GetWinMetaFileBits
GetBitmapBits
SetEnhMetaFileBits
SaveDC
IntersectClipRect
GetWindowOrgEx
OffsetViewportOrgEx
PlayEnhMetaFile
EnumMetaFile
RestoreDC
SetStretchBltMode
SetBkColor
SetWindowOrgEx
SetWindowExtEx

ole32

ReleaseStgMedium
CreateStreamOnHGlobal
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
StgCreateDocfile
CoCreateInstance
StringFromGUID2
CoGetMalloc

advapi32

RegFlushKey
RegQueryValueA
RegSetValueA
RegCreateKeyA
RegOpenKeyA
RegCloseKey

oleaut32

SysAllocString
VariantClear
VariantChangeType
SysFreeString
VariantInit
LoadTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
OleCreateFontIndirect
OleCreatePictureIndirect
OleCreatePropertyFrame
OleCreatePropertyFrameIndirect
OleIconToCursor
OleLoadPicture
OleTranslateColor

Sections

.text
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Global_System_STDOLE_f1.8C0C59A0_7DC8_11D2_B95D_006097C4DE24
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Global_VC_ATLANSI_f0.7EBEDD68_AA66_11D2_B980_006097C4DE24
.dll regsvr32 windows:4 windows x86 arch:x86

8ef95172470b9f552734e3fd0e068e7e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalLock
MultiByteToWideChar
lstrlenA
lstrcpyA
GetACP
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
DeleteCriticalSection
lstrlenW
GetShortPathNameA
GetModuleHandleA
GetModuleFileNameA
lstrcatA
WideCharToMultiByte
FreeLibrary
GetProcAddress
LoadLibraryA
GetCurrentThreadId
FreeResource
GlobalFree
GlobalHandle
LockResource
LoadResource
FindResourceW
GlobalAlloc
FindResourceA
GlobalUnlock
WaitForSingleObject
DisableThreadLibraryCalls
OutputDebugStringA
GetVersionExA
HeapAlloc
GetSystemInfo
HeapCreate
InterlockedDecrement
InterlockedIncrement
lstrcmpA
FlushInstructionCache
GetCurrentProcess
SizeofResource
GetLastError
LoadLibraryExA
CloseHandle
ReadFile
GetFileSize
CreateFileA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
DebugBreak
HeapReAlloc
HeapFree
LocalAlloc
InterlockedExchange
RaiseException
LocalFree

Exports

Exports

AtlAdvise
AtlAxAttachControl
AtlAxCreateControl
AtlAxCreateControlEx
AtlAxCreateDialogA
AtlAxCreateDialogW
AtlAxDialogBoxA
AtlAxDialogBoxW
AtlAxGetControl
AtlAxGetHost
AtlAxWinInit
AtlComPtrAssign
AtlComQIPtrAssign
AtlCreateTargetDC
AtlDevModeW2A
AtlFreeMarshalStream
AtlGetObjectSourceInterface
AtlGetVersion
AtlHiMetricToPixel
AtlIPersistPropertyBag_Load
AtlIPersistPropertyBag_Save
AtlIPersistStreamInit_Load
AtlIPersistStreamInit_Save
AtlInternalQueryInterface
AtlMarshalPtrInProc
AtlModuleAddCreateWndData
AtlModuleAddTermFunc
AtlModuleExtractCreateWndData
AtlModuleGetClassObject
AtlModuleInit
AtlModuleLoadTypeLib
AtlModuleRegisterClassObjects
AtlModuleRegisterServer
AtlModuleRegisterTypeLib
AtlModuleRegisterWndClassInfoA
AtlModuleRegisterWndClassInfoW
AtlModuleRevokeClassObjects
AtlModuleTerm
AtlModuleUnRegisterTypeLib
AtlModuleUnregisterServer
AtlModuleUnregisterServerEx
AtlModuleUpdateRegistryFromResourceD
AtlPixelToHiMetric
AtlRegisterClassCategoriesHelper
AtlSetErrorInfo
AtlUnadvise
AtlUnmarshalPtr
AtlWaitWithMessageLoop
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Global_VC_ATLUnicode_f1.7EBEDD68_AA66_11D2_B980_006097C4DE24
.dll regsvr32 windows:4 windows x86 arch:x86

332ff7b41058fa1fb461987ed0c21de7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
lstrcpyW
GetACP
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
DeleteCriticalSection
lstrlenW
GetShortPathNameW
GetModuleHandleW
GetModuleFileNameW
lstrcatW
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentThreadId
WideCharToMultiByte
FreeResource
GlobalFree
GlobalHandle
LockResource
LoadResource
FindResourceW
GlobalAlloc
FindResourceA
GlobalUnlock
GlobalLock
DisableThreadLibraryCalls
WaitForSingleObject
HeapAlloc
GetSystemInfo
GetVersionExW
HeapCreate
InterlockedDecrement
InterlockedIncrement
lstrcmpW
FlushInstructionCache
GetCurrentProcess
MultiByteToWideChar
lstrlenA
SizeofResource
GetLastError
LoadLibraryExW
CloseHandle
ReadFile
GetFileSize
CreateFileW
lstrcmpiW
lstrcpynW
DebugBreak
HeapReAlloc
HeapFree
LocalAlloc
InterlockedExchange
RaiseException
LoadLibraryA
LocalFree

Exports

Exports

AtlAdvise
AtlAxAttachControl
AtlAxCreateControl
AtlAxCreateControlEx
AtlAxCreateDialogA
AtlAxCreateDialogW
AtlAxDialogBoxA
AtlAxDialogBoxW
AtlAxGetControl
AtlAxGetHost
AtlAxWinInit
AtlComPtrAssign
AtlComQIPtrAssign
AtlCreateTargetDC
AtlDevModeW2A
AtlFreeMarshalStream
AtlGetObjectSourceInterface
AtlGetVersion
AtlHiMetricToPixel
AtlIPersistPropertyBag_Load
AtlIPersistPropertyBag_Save
AtlIPersistStreamInit_Load
AtlIPersistStreamInit_Save
AtlInternalQueryInterface
AtlMarshalPtrInProc
AtlModuleAddCreateWndData
AtlModuleAddTermFunc
AtlModuleExtractCreateWndData
AtlModuleGetClassObject
AtlModuleInit
AtlModuleLoadTypeLib
AtlModuleRegisterClassObjects
AtlModuleRegisterServer
AtlModuleRegisterTypeLib
AtlModuleRegisterWndClassInfoA
AtlModuleRegisterWndClassInfoW
AtlModuleRevokeClassObjects
AtlModuleTerm
AtlModuleUnRegisterTypeLib
AtlModuleUnregisterServer
AtlModuleUnregisterServerEx
AtlModuleUpdateRegistryFromResourceD
AtlPixelToHiMetric
AtlRegisterClassCategoriesHelper
AtlSetErrorInfo
AtlUnadvise
AtlUnmarshalPtr
AtlWaitWithMessageLoop
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Global_VC_CPPRT60_f0.51D569E3_8A28_11D2_B962_006097C4DE24
.dll windows:4 windows x86 arch:x86

1b1839992700df52b049b87961a724e3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

memmove
__CxxFrameHandler
free
localeconv
_Gettnames
_Getdays
_Getmonths
__mb_cur_max
atan2
cos
exp
ldexp
log
pow
sin
sqrt
??2@YAPAXI@Z
strtoul
_errno
strtol
sprintf
strcspn
fclose
fwrite
fputc
ungetc
fgetc
fgetpos
fseek
fsetpos
setvbuf
memchr
memset
ungetwc
fgetwc
_Strftime
fopen
_iob
setlocale
malloc
realloc
__crtCompareStringA
__lc_collate_cp
_unlock
__lc_handle
_lock
__setlc_active
__unguarded_readlc_active
__crtLCMapStringA
__lc_codepage
towlower
towupper
strcmp
_pctype
_isctype
_ftol
strtod
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
__dllonexit
_onexit
_initterm
_adjust_fdiv
memcmp
memcpy
strlen
_CxxThrowException
wcslen
??4exception@@QAEAAV0@ABV0@@Z
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
fflush
?what@exception@@UBEPBDXZ
fputwc

kernel32

DisableThreadLibraryCalls
MultiByteToWideChar
DeleteCriticalSection
InterlockedExchange
LeaveCriticalSection
Sleep
EnterCriticalSection
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte

Exports

Exports

??0?$_Complex_base@M@std@@QAE@ABM0@Z
??0?$_Complex_base@N@std@@QAE@ABN0@Z
??0?$_Complex_base@O@std@@QAE@ABO0@Z
??0?$_Mpunct@D@std@@QAE@ABV_Locinfo@1@I_N@Z
??0?$_Mpunct@D@std@@QAE@I_N@Z
??0?$_Mpunct@G@std@@QAE@ABV_Locinfo@1@I_N@Z
??0?$_Mpunct@G@std@@QAE@I_N@Z
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_filebuf@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
??0?$basic_filebuf@GU?$char_traits@G@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_filebuf@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@PBDH@Z
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@XZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@PBDH@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@PBDH@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N1@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@IIABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0ABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@IIABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IGABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG0ABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGIABV?$allocator@G@1@@Z
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$codecvt@DDH@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@DDH@std@@QAE@I@Z
??0?$codecvt@GDH@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@GDH@std@@QAE@I@Z
??0?$collate@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$collate@D@std@@QAE@I@Z
??0?$collate@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$collate@G@std@@QAE@I@Z
??0?$complex@M@std@@QAE@ABM0@Z
??0?$complex@M@std@@QAE@ABV?$complex@N@1@@Z
??0?$complex@M@std@@QAE@ABV?$complex@O@1@@Z
??0?$complex@N@std@@QAE@ABN0@Z
??0?$complex@N@std@@QAE@ABV?$complex@M@1@@Z
??0?$complex@N@std@@QAE@ABV?$complex@O@1@@Z
??0?$complex@O@std@@QAE@ABO0@Z
??0?$complex@O@std@@QAE@ABV?$complex@M@1@@Z
??0?$complex@O@std@@QAE@ABV?$complex@N@1@@Z
??0?$ctype@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@D@std@@QAE@PBF_NI@Z
??0?$ctype@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@G@std@@QAE@I@Z
??0?$messages@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$messages@D@std@@QAE@I@Z
??0?$messages@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$messages@G@std@@QAE@I@Z
??0?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$money_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$moneypunct@D$00@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@D$00@std@@QAE@I@Z
??0?$moneypunct@D$0A@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@D$0A@@std@@QAE@I@Z
??0?$moneypunct@G$00@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@G$00@std@@QAE@I@Z
??0?$moneypunct@G$0A@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@G$0A@@std@@QAE@I@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$numpunct@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$numpunct@D@std@@QAE@I@Z
??0?$numpunct@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$numpunct@G@std@@QAE@I@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0Init@ios_base@std@@QAE@XZ
??0_Locinfo@std@@QAE@ABV01@@Z
??0_Locinfo@std@@QAE@HPBD@Z
??0_Locinfo@std@@QAE@PBD@Z
??0_Lockit@std@@QAE@XZ
??0_Timevec@std@@QAE@ABV01@@Z
??0_Timevec@std@@QAE@PAX@Z
??0_Winit@std@@QAE@XZ
??0__non_rtti_object@std@@QAE@ABV01@@Z
??0__non_rtti_object@std@@QAE@PBD@Z
??0bad_alloc@std@@QAE@ABV01@@Z
??0bad_alloc@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
??0bad_exception@std@@QAE@ABV01@@Z
??0bad_exception@std@@QAE@PBD@Z
??0bad_typeid@std@@QAE@ABV01@@Z
??0bad_typeid@std@@QAE@PBD@Z
??0codecvt_base@std@@QAE@I@Z
??0ctype_base@std@@QAE@I@Z
??0domain_error@std@@QAE@ABV01@@Z
??0domain_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0facet@locale@std@@IAE@I@Z
??0ios_base@std@@IAE@XZ
??0ios_base@std@@QAE@ABV01@@Z
??0length_error@std@@QAE@ABV01@@Z
??0length_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0locale@std@@AAE@PAV_Locimp@01@@Z
??0locale@std@@QAE@ABV01@0H@Z
??0locale@std@@QAE@ABV01@@Z
??0locale@std@@QAE@ABV01@PBDH@Z
??0locale@std@@QAE@PBDH@Z
??0locale@std@@QAE@W4_Uninitialized@1@@Z
??0locale@std@@QAE@XZ
??0logic_error@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0messages_base@std@@QAE@I@Z
??0money_base@std@@QAE@I@Z
??0ostrstream@std@@QAE@PADHH@Z
??0out_of_range@std@@QAE@ABV01@@Z
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0overflow_error@std@@QAE@ABV01@@Z
??0overflow_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0range_error@std@@QAE@ABV01@@Z
??0range_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0runtime_error@std@@QAE@ABV01@@Z
??0runtime_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0strstream@std@@QAE@PADHH@Z
??0time_base@std@@QAE@I@Z
??0underflow_error@std@@QAE@ABV01@@Z
??0underflow_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??1?$_Mpunct@D@std@@UAE@XZ
??1?$_Mpunct@G@std@@UAE@XZ
??1?$basic_filebuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_filebuf@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_fstream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_fstream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_ifstream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ifstream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??1?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@UAE@XZ
??1?$basic_ofstream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ofstream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??1?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??1?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??1?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@UAE@XZ
??1?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??1?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@UAE@XZ
??1?$codecvt@DDH@std@@UAE@XZ
??1?$codecvt@GDH@std@@UAE@XZ
??1?$collate@D@std@@UAE@XZ
??1?$collate@G@std@@UAE@XZ
??1?$ctype@D@std@@UAE@XZ
??1?$ctype@G@std@@UAE@XZ
??1?$messages@D@std@@UAE@XZ
??1?$messages@G@std@@UAE@XZ
??1?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@UAE@XZ
??1?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@UAE@XZ
??1?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@UAE@XZ
??1?$money_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@UAE@XZ
??1?$moneypunct@D$00@std@@UAE@XZ
??1?$moneypunct@D$0A@@std@@UAE@XZ
??1?$moneypunct@G$00@std@@UAE@XZ
??1?$moneypunct@G$0A@@std@@UAE@XZ
??1?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@UAE@XZ
??1?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@UAE@XZ
??1?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@UAE@XZ
??1?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@UAE@XZ
??1?$numpunct@D@std@@UAE@XZ
??1?$numpunct@G@std@@UAE@XZ
??1?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@UAE@XZ
??1?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@UAE@XZ
??1?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@UAE@XZ
??1?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@UAE@XZ
??1Init@ios_base@std@@QAE@XZ
??1_Locinfo@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??1_Timevec@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1__non_rtti_object@std@@UAE@XZ
??1bad_alloc@std@@UAE@XZ
??1bad_cast@std@@UAE@XZ
??1bad_exception@std@@UAE@XZ
??1bad_typeid@std@@UAE@XZ
??1codecvt_base@std@@UAE@XZ
??1ctype_base@std@@UAE@XZ
??1domain_error@std@@UAE@XZ
??1facet@locale@std@@UAE@XZ
??1ios_base@std@@UAE@XZ
??1istrstream@std@@UAE@XZ
??1length_error@std@@UAE@XZ
??1locale@std@@QAE@XZ
??1logic_error@std@@UAE@XZ
??1messages_base@std@@UAE@XZ
??1money_base@std@@UAE@XZ
??1ostrstream@std@@UAE@XZ
??1out_of_range@std@@UAE@XZ
??1overflow_error@std@@UAE@XZ
??1range_error@std@@UAE@XZ
??1runtime_error@std@@UAE@XZ
??1strstream@std@@UAE@XZ
??1strstreambuf@std@@UAE@XZ
??1time_base@std@@UAE@XZ
??1underflow_error@std@@UAE@XZ
??4?$_Complex_base@M@std@@QAEAAV01@ABV01@@Z
??4?$_Complex_base@N@std@@QAEAAV01@ABV01@@Z
??4?$_Complex_base@O@std@@QAEAAV01@ABV01@@Z
??4?$_Ctr@M@std@@QAEAAV01@ABV01@@Z
??4?$_Ctr@N@std@@QAEAAV01@ABV01@@Z
??4?$_Ctr@O@std@@QAEAAV01@ABV01@@Z
??4?$allocator@X@std@@QAEAAV01@ABV01@@Z
??4?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_filebuf@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_fstream@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_ios@DU?$char_traits@D@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_ios@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_iostream@DU?$char_traits@D@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_iostream@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??4?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??4?$char_traits@D@std@@QAEAAU01@ABU01@@Z
??4?$char_traits@G@std@@QAEAAU01@ABU01@@Z
??4?$complex@M@std@@QAEAAV01@ABM@Z
??4?$complex@M@std@@QAEAAV01@ABV01@@Z
??4?$complex@N@std@@QAEAAV01@ABN@Z
??4?$complex@N@std@@QAEAAV01@ABV01@@Z
??4?$complex@O@std@@QAEAAV01@ABO@Z
??4?$complex@O@std@@QAEAAV01@ABV01@@Z
??4?$numeric_limits@C@std@@QAEAAV01@ABV01@@Z
??4?$numeric_limits@D@std@@QAEAAV01@ABV01@@Z
??4?$numeric_limits@E@std@@QAEAAV01@ABV01@@Z
??4?$numeric_limits@F@std@@QAEAAV01@ABV01@@Z
??4?$numeric_limits@G@std@@QAEAAV01@ABV01@@Z
??4?$numeric_limits@H@std@@QAEAAV01@ABV01@@Z
??4?$numeric_limits@I@std@@QAEAAV01@ABV01@@Z
??4?$numeric_limits@J@std@@QAEAAV01@ABV01@@Z
??4?$numeric_limits@K@std@@QAEAAV01@ABV01@@Z
??4?$numeric_limits@M@std@@QAEAAV01@ABV01@@Z
??4?$numeric_limits@N@std@@QAEAAV01@ABV01@@Z
??4?$numeric_limits@O@std@@QAEAAV01@ABV01@@Z
??4?$numeric_limits@_N@std@@QAEAAV01@ABV01@@Z
??4Init@ios_base@std@@QAEAAV012@ABV012@@Z
??4_Locinfo@std@@QAEAAV01@ABV01@@Z
??4_Lockit@std@@QAEAAV01@ABV01@@Z
??4_Num_base@std@@QAEAAU01@ABU01@@Z
??4_Num_float_base@std@@QAEAAU01@ABU01@@Z
??4_Num_int_base@std@@QAEAAU01@ABU01@@Z
??4_Timevec@std@@QAEAAV01@ABV01@@Z
??4_Winit@std@@QAEAAV01@ABV01@@Z
??4__non_rtti_object@std@@QAEAAV01@ABV01@@Z
??4bad_alloc@std@@QAEAAV01@ABV01@@Z
??4bad_cast@std@@QAEAAV01@ABV01@@Z
??4bad_exception@std@@QAEAAV01@ABV01@@Z
??4bad_typeid@std@@QAEAAV01@ABV01@@Z
??4domain_error@std@@QAEAAV01@ABV01@@Z
??4id@locale@std@@QAEAAV012@ABV012@@Z
??4ios_base@std@@QAEAAV01@ABV01@@Z
??4length_error@std@@QAEAAV01@ABV01@@Z
??4locale@std@@QAEAAV01@ABV01@@Z
??4logic_error@std@@QAEAAV01@ABV01@@Z
??4out_of_range@std@@QAEAAV01@ABV01@@Z
??4overflow_error@std@@QAEAAV01@ABV01@@Z
??4range_error@std@@QAEAAV01@ABV01@@Z
??4runtime_error@std@@QAEAAV01@ABV01@@Z
??4underflow_error@std@@QAEAAV01@ABV01@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAF@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAG@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAJ@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAK@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAM@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAO@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAPAX@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@DU?$char_traits@D@std@@@1@AAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAF@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAG@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAI@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAJ@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAK@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAM@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAN@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAO@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAPAX@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AA_N@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@GU?$char_traits@G@std@@@1@AAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAC@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAD@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAE@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$complex@M@0@@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$complex@N@0@@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$complex@O@0@@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAC@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAD@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAE@Z
??5std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAG@Z
??5std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??5std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$complex@M@0@@Z
??5std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$complex@N@0@@Z
??5std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$complex@O@0@@Z
??5std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@PAF@Z
??5std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@PAG@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@F@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@O@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@DU?$char_traits@D@std@@@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@F@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@O@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@GU?$char_traits@G@std@@@1@AAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@_N@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$complex@M@0@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$complex@N@0@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$complex@O@0@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@C@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@E@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBC@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBE@Z
??6std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??6std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$complex@M@0@@Z
??6std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$complex@N@0@@Z
??6std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$complex@O@0@@Z
??6std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@G@Z
??6std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@PBF@Z
??6std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@PBG@Z
??7ios_base@std@@QBE_NXZ
??8locale@std@@QBE_NABV01@@Z
??8std@@YA_NABMABV?$complex@M@0@@Z
??8std@@YA_NABNABV?$complex@N@0@@Z
??8std@@YA_NABOABV?$complex@O@0@@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??8std@@YA_NABV?$complex@M@0@0@Z
??8std@@YA_NABV?$complex@M@0@ABM@Z
??8std@@YA_NABV?$complex@N@0@0@Z
??8std@@YA_NABV?$complex@N@0@ABN@Z
??8std@@YA_NABV?$complex@O@0@0@Z
??8std@@YA_NABV?$complex@O@0@ABO@Z
??8std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??8std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??9locale@std@@QBE_NABV01@@Z
??9std@@YA_NABMABV?$complex@M@0@@Z
??9std@@YA_NABNABV?$complex@N@0@@Z
??9std@@YA_NABOABV?$complex@O@0@@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??9std@@YA_NABV?$complex@M@0@0@Z
??9std@@YA_NABV?$complex@M@0@ABM@Z

Sections

.text
Size: 168KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 192KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Global_VC_CRT_f0.51D569E0_8A28_11D2_B962_006097C4DE24
.dll windows:4 windows x86 arch:x86

8d26773106ed39fbb89a157d19d8aa89

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetFilePointer
RtlUnwind
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
SetUnhandledExceptionFilter
GetModuleFileNameA
GetModuleFileNameW
ExitProcess
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
ResumeThread
CreateThread
TlsSetValue
ExitThread
CloseHandle
GetCurrentThreadId
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
FindNextFileA
FindFirstFileA
FindClose
FindNextFileW
FindFirstFileW
HeapFree
HeapAlloc
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
SetHandleCount
GetFileType
GetStartupInfoA
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
MultiByteToWideChar
GetCommandLineW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
UnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetConsoleCtrlHandler
SetEnvironmentVariableW
InterlockedDecrement
InterlockedIncrement
FlushFileBuffers
RaiseException
SetStdHandle
Sleep
CompareStringA
CompareStringW
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetLocaleInfoW
GetTimeZoneInformation
SetEnvironmentVariableA
Beep
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDiskFreeSpaceA
GetLogicalDrives
SetErrorMode
GetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetFileAttributesA
GetFullPathNameA
GetDriveTypeA
GetCurrentProcessId
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
DeleteFileW
MoveFileW
RemoveDirectoryW
GetDriveTypeW
MoveFileA
GetExitCodeProcess
WaitForSingleObject
FreeLibrary
CreateProcessA
CreateProcessW
HeapValidate
HeapCompact
HeapWalk
HeapSize
ReadConsoleA
SetConsoleMode
GetConsoleMode
SetEndOfFile
WriteConsoleA
DuplicateHandle
GetFileInformationByHandle
PeekNamedPipe
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
LockFile
UnlockFile
CreateFileA
CreatePipe
ReadFile
CreateFileW
GetSystemTimeAsFileTime
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetLocalTime
SetLocalTime
GetSystemTime

Exports

Exports

$I10_OUTPUT
??0__non_rtti_object@@QAE@ABV0@@Z
??0__non_rtti_object@@QAE@PBD@Z
??0bad_cast@@QAE@ABQBD@Z
??0bad_cast@@QAE@ABV0@@Z
??0bad_typeid@@QAE@ABV0@@Z
??0bad_typeid@@QAE@PBD@Z
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1__non_rtti_object@@UAE@XZ
??1bad_cast@@UAE@XZ
??1bad_typeid@@UAE@XZ
??1exception@@UAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??3@YAXPAX@Z
??4__non_rtti_object@@QAEAAV0@ABV0@@Z
??4bad_cast@@QAEAAV0@ABV0@@Z
??4bad_typeid@@QAEAAV0@ABV0@@Z
??4exception@@QAEAAV0@ABV0@@Z
??8type_info@@QBEHABV0@@Z
??9type_info@@QBEHABV0@@Z
??_7__non_rtti_object@@6B@
??_7bad_cast@@6B@
??_7bad_typeid@@6B@
??_7exception@@6B@
??_E__non_rtti_object@@UAEPAXI@Z
??_Ebad_cast@@UAEPAXI@Z
??_Ebad_typeid@@UAEPAXI@Z
??_Eexception@@UAEPAXI@Z
??_G__non_rtti_object@@UAEPAXI@Z
??_Gbad_cast@@UAEPAXI@Z
??_Gbad_typeid@@UAEPAXI@Z
??_Gexception@@UAEPAXI@Z
?_query_new_handler@@YAP6AHI@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?before@type_info@@QBEHABV1@@Z
?name@type_info@@QBEPBDXZ
?raw_name@type_info@@QBEPBDXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?terminate@@YAXXZ
?unexpected@@YAXXZ
?what@exception@@UBEPBDXZ
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CxxThrowException
_EH_prolog
_Getdays
_Getmonths
_Gettnames
_HUGE
_Strftime
_XcptFilter
__CxxFrameHandler
__CxxLongjmpUnwind
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
__argc
__argv
__badioinfo
__crtCompareStringA
__crtGetLocaleInfoW
__crtLCMapStringA
__dllonexit
__doserrno
__fpecode
__getmainargs
__initenv
__isascii
__iscsym
__iscsymf
__lc_codepage
__lc_collate_cp
__lc_handle
__lconv_init
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__amblksiz
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fileinfo
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__osver
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__winmajor
__p__winminor
__p__winver
__p__wpgmptr
__pioinfo
__pxcptinfoptrs
__set_app_type
__setlc_active
__setusermatherr
__threadhandle
__threadid
__toascii
__unDName
__unDNameEx
__unguarded_readlc_active
__wargv
__wgetmainargs
__winitenv
_abnormal_termination
_access
_acmdln
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_adjust_fdiv
_aexit_rtn
_amsg_exit
_assert
_atodbl
_atoi64
_atoldbl
_beep
_beginthread
_beginthreadex
_c_exit
_cabs
_callnewh
_cexit
_cgets
_chdir
_chdrive
_chgsign
_chkesp
_chmod
_chsize
_clearfp
_close
_commit
_commode
_control87
_controlfp
_copysign
_cprintf
_cputs
_creat
_cscanf
_ctype
_cwait
_daylight
_dstbias
_dup
_dup2
_ecvt
_endthread
_endthreadex
_environ
_eof
_errno
_except_handler2
_except_handler3
_execl
_execle
_execlp
_execlpe
_execv
_execve
_execvp
_execvpe
_exit
_expand
_fcloseall
_fcvt
_fdopen
_fgetchar
_fgetwchar
_filbuf
_fileinfo
_filelength
_filelengthi64
_fileno
_findclose
_findfirst
_findfirsti64
_findnext
_findnexti64
_finite
_flsbuf
_flushall
_fmode
_fpclass
_fpieee_flt
_fpreset
_fputchar
_fputwchar
_fsopen
_fstat
_fstati64
_ftime
_ftol
_fullpath
_futime
_gcvt
_get_osfhandle
_get_sbh_threshold
_getch
_getche
_getcwd
_getdcwd
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp
_getpid
_getsystime
_getw
_getws
_global_unwind2
_heapadd
_heapchk
_heapmin
_heapset
_heapused
_heapwalk
_hypot
_i64toa
_i64tow
_initterm
_inp
_inpd
_inpw
_iob
_isatty
_isctype
_ismbbalnum
_ismbbalpha
_ismbbgraph
_ismbbkalnum
_ismbbkana
_ismbbkprint
_ismbbkpunct
_ismbblead
_ismbbprint
_ismbbpunct
_ismbbtrail
_ismbcalnum
_ismbcalpha
_ismbcdigit
_ismbcgraph
_ismbchira
_ismbckata
_ismbcl0
_ismbcl1
_ismbcl2
_ismbclegal
_ismbclower
_ismbcprint
_ismbcpunct
_ismbcspace
_ismbcsymbol
_ismbcupper
_ismbslead
_ismbstrail
_isnan
_itoa
_itow
_j0
_j1
_jn
_kbhit
_lfind
_loaddll
_local_unwind2
_lock
_locking
_logb
_longjmpex
_lrotl
_lrotr
_lsearch
_lseek
_lseeki64
_ltoa
_ltow
_makepath
_mbbtombc
_mbbtype
_mbcasemap
_mbccpy
_mbcjistojms
_mbcjmstojis
_mbclen
_mbctohira
_mbctokata
_mbctolower
_mbctombb
_mbctoupper
_mbctype
_mbsbtype
_mbscat
_mbschr
_mbscmp
_mbscoll
_mbscpy
_mbscspn
_mbsdec
_mbsdup
_mbsicmp
_mbsicoll
_mbsinc
_mbslen
_mbslwr
_mbsnbcat
_mbsnbcmp
_mbsnbcnt
_mbsnbcoll
_mbsnbcpy
_mbsnbicmp
_mbsnbicoll
_mbsnbset
_mbsncat
_mbsnccnt
_mbsncmp
_mbsncoll
_mbsncpy
_mbsnextc
_mbsnicmp
_mbsnicoll
_mbsninc
_mbsnset
_mbspbrk
_mbsrchr
_mbsrev
_mbsset
_mbsspn
_mbsspnp
_mbsstr
_mbstok
_mbstrlen
_mbsupr
_memccpy
_memicmp
_mkdir
_mktemp
_msize
_nextafter
_onexit
_open
_open_osfhandle
_osver
_outp
_outpd
_outpw
_pclose
_pctype
_pgmptr
_pipe
_popen
_purecall
_putch
_putenv
_putw
_putws
_pwctype
_read
_rmdir
_rmtmp
_rotl
_rotr
_safe_fdiv
_safe_fdivr
_safe_fprem
_safe_fprem1
_scalb
_searchenv
_seh_longjmp_unwind
_set_error_mode
_set_sbh_threshold
_seterrormode
_setjmp
_setjmp3
_setmaxstdio
_setmbcp
_setmode
_setsystime
_sleep
_snprintf
_snwprintf
_sopen
_spawnl
_spawnle
_spawnlp
_spawnlpe
_spawnv
_spawnve
_spawnvp
_spawnvpe
_splitpath
_stat
_stati64
_statusfp
_strcmpi
_strdate
_strdup
_strerror
_stricmp
_stricoll
_strlwr
_strncoll
_strnicmp
_strnicoll
_strnset
_strrev
_strset
_strtime
_strupr
_swab
_sys_errlist
_sys_nerr
_tell
_telli64
_tempnam
_timezone
_tolower
_toupper
_tzname
_tzset
_ui64toa
_ui64tow
_ultoa
_ultow
_umask
_ungetch
_unlink
_unloaddll
_unlock
_utime
_vsnprintf
_vsnwprintf
_waccess
_wasctime
_wchdir
_wchmod
_wcmdln
_wcreat
_wcsdup
_wcsicmp
_wcsicoll
_wcslwr
_wcsncoll
_wcsnicmp
_wcsnicoll
_wcsnset
_wcsrev
_wcsset
_wcsupr

Sections

.text
Size: 192KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Global_VC_IRT_f0.3CE1F932_C090_11D2_977B_006097C4DE24
.dll windows:4 windows x86 arch:x86

1112e4cb1fe53fd1591f8f593a9c815a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

??2@YAPAXI@Z
_read
_lseek
__pioinfo
memmove
_sopen
_setmode
strtod
isspace
isdigit
isxdigit
strtol
_errno
strtoul
strcpy
strlen
toupper
sprintf
_close
_write
fputc
fwrite
fgetc
fread
ftell
fseek
__badioinfo
memcpy
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
__dllonexit
_onexit
free
_initterm
malloc
_adjust_fdiv
_EH_prolog
__CxxFrameHandler
??3@YAXPAX@Z
_purecall
fflush
_iob

kernel32

LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls

Exports

Exports

??0Iostream_init@@QAE@AAVios@@H@Z
??0Iostream_init@@QAE@XZ
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??0filebuf@@QAE@ABV0@@Z
??0filebuf@@QAE@H@Z
??0filebuf@@QAE@HPADH@Z
??0filebuf@@QAE@XZ
??0fstream@@QAE@ABV0@@Z
??0fstream@@QAE@H@Z
??0fstream@@QAE@HPADH@Z
??0fstream@@QAE@PBDHH@Z
??0fstream@@QAE@XZ
??0ifstream@@QAE@ABV0@@Z
??0ifstream@@QAE@H@Z
??0ifstream@@QAE@HPADH@Z
??0ifstream@@QAE@PBDHH@Z
??0ifstream@@QAE@XZ
??0ios@@IAE@ABV0@@Z
??0ios@@IAE@XZ
??0ios@@QAE@PAVstreambuf@@@Z
??0iostream@@IAE@ABV0@@Z
??0iostream@@IAE@XZ
??0iostream@@QAE@PAVstreambuf@@@Z
??0istream@@IAE@ABV0@@Z
??0istream@@IAE@XZ
??0istream@@QAE@PAVstreambuf@@@Z
??0istream_withassign@@QAE@ABV0@@Z
??0istream_withassign@@QAE@PAVstreambuf@@@Z
??0istream_withassign@@QAE@XZ
??0istrstream@@QAE@ABV0@@Z
??0istrstream@@QAE@PAD@Z
??0istrstream@@QAE@PADH@Z
??0logic_error@@QAE@ABQBD@Z
??0logic_error@@QAE@ABV0@@Z
??0ofstream@@QAE@ABV0@@Z
??0ofstream@@QAE@H@Z
??0ofstream@@QAE@HPADH@Z
??0ofstream@@QAE@PBDHH@Z
??0ofstream@@QAE@XZ
??0ostream@@IAE@ABV0@@Z
??0ostream@@IAE@XZ
??0ostream@@QAE@PAVstreambuf@@@Z
??0ostream_withassign@@QAE@ABV0@@Z
??0ostream_withassign@@QAE@PAVstreambuf@@@Z
??0ostream_withassign@@QAE@XZ
??0ostrstream@@QAE@ABV0@@Z
??0ostrstream@@QAE@PADHH@Z
??0ostrstream@@QAE@XZ
??0stdiobuf@@QAE@ABV0@@Z
??0stdiobuf@@QAE@PAU_iobuf@@@Z
??0stdiostream@@QAE@ABV0@@Z
??0stdiostream@@QAE@PAU_iobuf@@@Z
??0streambuf@@IAE@PADH@Z
??0streambuf@@IAE@XZ
??0streambuf@@QAE@ABV0@@Z
??0strstream@@QAE@ABV0@@Z
??0strstream@@QAE@PADHH@Z
??0strstream@@QAE@XZ
??0strstreambuf@@QAE@ABV0@@Z
??0strstreambuf@@QAE@H@Z
??0strstreambuf@@QAE@P6APAXJ@ZP6AXPAX@Z@Z
??0strstreambuf@@QAE@PADH0@Z
??0strstreambuf@@QAE@PAEH0@Z
??0strstreambuf@@QAE@XZ
??1Iostream_init@@QAE@XZ
??1exception@@UAE@XZ
??1filebuf@@UAE@XZ
??1fstream@@UAE@XZ
??1ifstream@@UAE@XZ
??1ios@@UAE@XZ
??1iostream@@UAE@XZ
??1istream@@UAE@XZ
??1istream_withassign@@UAE@XZ
??1istrstream@@UAE@XZ
??1logic_error@@UAE@XZ
??1ofstream@@UAE@XZ
??1ostream@@UAE@XZ
??1ostream_withassign@@UAE@XZ
??1ostrstream@@UAE@XZ
??1stdiobuf@@UAE@XZ
??1stdiostream@@UAE@XZ
??1streambuf@@UAE@XZ
??1strstream@@UAE@XZ
??1strstreambuf@@UAE@XZ
??4Iostream_init@@QAEAAV0@ABV0@@Z
??4exception@@QAEAAV0@ABV0@@Z
??4filebuf@@QAEAAV0@ABV0@@Z
??4fstream@@QAEAAV0@AAV0@@Z
??4ifstream@@QAEAAV0@ABV0@@Z
??4ios@@IAEAAV0@ABV0@@Z
??4iostream@@IAEAAV0@AAV0@@Z
??4iostream@@IAEAAV0@PAVstreambuf@@@Z
??4istream@@IAEAAV0@ABV0@@Z
??4istream@@IAEAAV0@PAVstreambuf@@@Z
??4istream_withassign@@QAEAAV0@ABV0@@Z
??4istream_withassign@@QAEAAVistream@@ABV1@@Z
??4istream_withassign@@QAEAAVistream@@PAVstreambuf@@@Z
??4istrstream@@QAEAAV0@ABV0@@Z
??4logic_error@@QAEAAV0@ABV0@@Z
??4ofstream@@QAEAAV0@ABV0@@Z
??4ostream@@IAEAAV0@ABV0@@Z
??4ostream@@IAEAAV0@PAVstreambuf@@@Z
??4ostream_withassign@@QAEAAV0@ABV0@@Z
??4ostream_withassign@@QAEAAVostream@@ABV1@@Z
??4ostream_withassign@@QAEAAVostream@@PAVstreambuf@@@Z
??4ostrstream@@QAEAAV0@ABV0@@Z
??4stdiobuf@@QAEAAV0@ABV0@@Z
??4stdiostream@@QAEAAV0@AAV0@@Z
??4streambuf@@QAEAAV0@ABV0@@Z
??4strstream@@QAEAAV0@AAV0@@Z
??4strstreambuf@@QAEAAV0@ABV0@@Z
??5istream@@QAEAAV0@AAC@Z
??5istream@@QAEAAV0@AAD@Z
??5istream@@QAEAAV0@AAE@Z
??5istream@@QAEAAV0@AAF@Z
??5istream@@QAEAAV0@AAG@Z
??5istream@@QAEAAV0@AAH@Z
??5istream@@QAEAAV0@AAI@Z
??5istream@@QAEAAV0@AAJ@Z
??5istream@@QAEAAV0@AAK@Z
??5istream@@QAEAAV0@AAM@Z
??5istream@@QAEAAV0@AAN@Z
??5istream@@QAEAAV0@AAO@Z
??5istream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
??5istream@@QAEAAV0@P6AAAVios@@AAV1@@Z@Z
??5istream@@QAEAAV0@PAC@Z
??5istream@@QAEAAV0@PAD@Z
??5istream@@QAEAAV0@PAE@Z
??5istream@@QAEAAV0@PAVstreambuf@@@Z
??6ostream@@QAEAAV0@C@Z
??6ostream@@QAEAAV0@D@Z
??6ostream@@QAEAAV0@E@Z
??6ostream@@QAEAAV0@F@Z
??6ostream@@QAEAAV0@G@Z
??6ostream@@QAEAAV0@H@Z
??6ostream@@QAEAAV0@I@Z
??6ostream@@QAEAAV0@J@Z
??6ostream@@QAEAAV0@K@Z
??6ostream@@QAEAAV0@M@Z
??6ostream@@QAEAAV0@N@Z
??6ostream@@QAEAAV0@O@Z
??6ostream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
??6ostream@@QAEAAV0@P6AAAVios@@AAV1@@Z@Z
??6ostream@@QAEAAV0@PAVstreambuf@@@Z
??6ostream@@QAEAAV0@PBC@Z
??6ostream@@QAEAAV0@PBD@Z
??6ostream@@QAEAAV0@PBE@Z
??6ostream@@QAEAAV0@PBX@Z
??7ios@@QBEHXZ
??Bios@@QBEPAXXZ
??_7exception@@6B@
??_7filebuf@@6B@
??_7fstream@@6B@
??_7ifstream@@6B@
??_7ios@@6B@
??_7iostream@@6B@
??_7istream@@6B@
??_7istream_withassign@@6B@
??_7istrstream@@6B@
??_7logic_error@@6B@
??_7ofstream@@6B@
??_7ostream@@6B@
??_7ostream_withassign@@6B@
??_7ostrstream@@6B@
??_7stdiobuf@@6B@
??_7stdiostream@@6B@
??_7streambuf@@6B@
??_7strstream@@6B@
??_7strstreambuf@@6B@
??_8fstream@@7Bistream@@@
??_8fstream@@7Bostream@@@
??_8ifstream@@7B@
??_8iostream@@7Bistream@@@
??_8iostream@@7Bostream@@@
??_8istream@@7B@
??_8istream_withassign@@7B@
??_8istrstream@@7B@
??_8ofstream@@7B@
??_8ostream@@7B@
??_8ostream_withassign@@7B@
??_8ostrstream@@7B@
??_8stdiostream@@7Bistream@@@
??_8stdiostream@@7Bostream@@@
??_8strstream@@7Bistream@@@
??_8strstream@@7Bostream@@@
??_Dfstream@@QAEXXZ
??_Difstream@@QAEXXZ
??_Diostream@@QAEXXZ
??_Distream@@QAEXXZ
??_Distream_withassign@@QAEXXZ
??_Distrstream@@QAEXXZ
??_Dofstream@@QAEXXZ
??_Dostream@@QAEXXZ
??_Dostream_withassign@@QAEXXZ
??_Dostrstream@@QAEXXZ
??_Dstdiostream@@QAEXXZ
??_Dstrstream@@QAEXXZ
??_Eexception@@UAEPAXI@Z
??_Efilebuf@@UAEPAXI@Z
??_Efstream@@UAEPAXI@Z
??_Eifstream@@UAEPAXI@Z
??_Eios@@UAEPAXI@Z
??_Eiostream@@UAEPAXI@Z
??_Eistream@@UAEPAXI@Z
??_Eistream_withassign@@UAEPAXI@Z
??_Eistrstream@@UAEPAXI@Z
??_Elogic_error@@UAEPAXI@Z
??_Eofstream@@UAEPAXI@Z
??_Eostream@@UAEPAXI@Z
??_Eostream_withassign@@UAEPAXI@Z
??_Eostrstream@@UAEPAXI@Z
??_Estdiobuf@@UAEPAXI@Z
??_Estdiostream@@UAEPAXI@Z
??_Estreambuf@@UAEPAXI@Z
??_Estrstream@@UAEPAXI@Z
??_Estrstreambuf@@UAEPAXI@Z
??_Gexception@@UAEPAXI@Z
??_Gfilebuf@@UAEPAXI@Z
??_Gfstream@@UAEPAXI@Z
??_Gifstream@@UAEPAXI@Z
??_Gios@@UAEPAXI@Z
??_Giostream@@UAEPAXI@Z
??_Gistream@@UAEPAXI@Z
??_Gistream_withassign@@UAEPAXI@Z
??_Gistrstream@@UAEPAXI@Z
??_Glogic_error@@UAEPAXI@Z
??_Gofstream@@UAEPAXI@Z
??_Gostream@@UAEPAXI@Z
??_Gostream_withassign@@UAEPAXI@Z
??_Gostrstream@@UAEPAXI@Z
??_Gstdiobuf@@UAEPAXI@Z
??_Gstdiostream@@UAEPAXI@Z
??_Gstreambuf@@UAEPAXI@Z
??_Gstrstream@@UAEPAXI@Z
??_Gstrstreambuf@@UAEPAXI@Z
?adjustfield@ios@@2JB
?allocate@streambuf@@IAEHXZ
?attach@filebuf@@QAEPAV1@H@Z
?attach@fstream@@QAEXH@Z
?attach@ifstream@@QAEXH@Z
?attach@ofstream@@QAEXH@Z
?bad@ios@@QBEHXZ
?base@streambuf@@IBEPADXZ
?basefield@ios@@2JB
?binary@filebuf@@2HB
?bitalloc@ios@@SAJXZ
?blen@streambuf@@IBEHXZ
?cerr@@3Vostream_withassign@@A
?cin@@3Vistream_withassign@@A
?clear@ios@@QAEXH@Z
?clog@@3Vostream_withassign@@A
?close@filebuf@@QAEPAV1@XZ
?close@fstream@@QAEXXZ
?close@ifstream@@QAEXXZ
?close@ofstream@@QAEXXZ
?clrlock@ios@@QAAXXZ
?clrlock@streambuf@@QAEXXZ
?cout@@3Vostream_withassign@@A
?dbp@streambuf@@QAEXXZ
?dec@@YAAAVios@@AAV1@@Z
?delbuf@ios@@QAEXH@Z
?delbuf@ios@@QBEHXZ
?doallocate@streambuf@@MAEHXZ
?doallocate@strstreambuf@@MAEHXZ
?eatwhite@istream@@QAEXXZ
?eback@streambuf@@IBEPADXZ
?ebuf@streambuf@@IBEPADXZ
?egptr@streambuf@@IBEPADXZ
?endl@@YAAAVostream@@AAV1@@Z
?ends@@YAAAVostream@@AAV1@@Z
?eof@ios@@QBEHXZ
?epptr@streambuf@@IBEPADXZ
?fLockcInit@ios@@0HA
?fail@ios@@QBEHXZ
?fd@filebuf@@QBEHXZ
?fd@fstream@@QBEHXZ
?fd@ifstream@@QBEHXZ
?fd@ofstream@@QBEHXZ
?fill@ios@@QAEDD@Z
?fill@ios@@QBEDXZ
?flags@ios@@QAEJJ@Z
?flags@ios@@QBEJXZ
?floatfield@ios@@2JB
?flush@@YAAAVostream@@AAV1@@Z
?flush@ostream@@QAEAAV1@XZ
?freeze@strstreambuf@@QAEXH@Z
?gbump@streambuf@@IAEXH@Z
?gcount@istream@@QBEHXZ
?get@istream@@IAEAAV1@PADHH@Z
?get@istream@@QAEAAV1@AAC@Z
?get@istream@@QAEAAV1@AAD@Z
?get@istream@@QAEAAV1@AAE@Z
?get@istream@@QAEAAV1@AAVstreambuf@@D@Z
?get@istream@@QAEAAV1@PACHD@Z
?get@istream@@QAEAAV1@PADHD@Z
?get@istream@@QAEAAV1@PAEHD@Z
?get@istream@@QAEHXZ
?getdouble@istream@@AAEHPADH@Z
?getint@istream@@AAEHPAD@Z
?getline@istream@@QAEAAV1@PACHD@Z
?getline@istream@@QAEAAV1@PADHD@Z
?getline@istream@@QAEAAV1@PAEHD@Z
?good@ios@@QBEHXZ
?gptr@streambuf@@IBEPADXZ
?hex@@YAAAVios@@AAV1@@Z
?ignore@istream@@QAEAAV1@HH@Z
?in_avail@streambuf@@QBEHXZ
?init@ios@@IAEXPAVstreambuf@@@Z
?ipfx@istream@@QAEHH@Z
?is_open@filebuf@@QBEHXZ
?is_open@fstream@@QBEHXZ
?is_open@ifstream@@QBEHXZ
?is_open@ofstream@@QBEHXZ
?isfx@istream@@QAEXXZ
?iword@ios@@QBEAAJH@Z
?lock@ios@@QAAXXZ
?lock@streambuf@@QAEXXZ
?lockbuf@ios@@QAAXXZ
?lockc@ios@@KAXXZ
?lockptr@ios@@IAEPAU_CRT_CRITICAL_SECTION@@XZ
?lockptr@streambuf@@IAEPAU_CRT_CRITICAL_SECTION@@XZ
?oct@@YAAAVios@@AAV1@@Z
?open@filebuf@@QAEPAV1@PBDHH@Z
?open@fstream@@QAEXPBDHH@Z
?open@ifstream@@QAEXPBDHH@Z
?open@ofstream@@QAEXPBDHH@Z
?openprot@filebuf@@2HB
?opfx@ostream@@QAEHXZ
?osfx@ostream@@QAEXXZ
?out_waiting@streambuf@@QBEHXZ
?overflow@filebuf@@UAEHH@Z
?overflow@stdiobuf@@UAEHH@Z
?overflow@strstreambuf@@UAEHH@Z
?pbackfail@stdiobuf@@UAEHH@Z
?pbackfail@streambuf@@UAEHH@Z
?pbase@streambuf@@IBEPADXZ
?pbump@streambuf@@IAEXH@Z
?pcount@ostrstream@@QBEHXZ
?pcount@strstream@@QBEHXZ
?peek@istream@@QAEHXZ
?pptr@streambuf@@IBEPADXZ
?precision@ios@@QAEHH@Z
?precision@ios@@QBEHXZ
?put@ostream@@QAEAAV1@C@Z
?put@ostream@@QAEAAV1@D@Z
?put@ostream@@QAEAAV1@E@Z
?putback@istream@@QAEAAV1@D@Z
?pword@ios@@QBEAAPAXH@Z
?rdbuf@fstream@@QBEPAVfilebuf@@XZ
?rdbuf@ifstream@@QBEPAVfilebuf@@XZ
?rdbuf@ios@@QBEPAVstreambuf@@XZ
?rdbuf@istrstream@@QBEPAVstrstreambuf@@XZ
?rdbuf@ofstream@@QBEPAVfilebuf@@XZ
?rdbuf@ostrstream@@QBEPAVstrstreambuf@@XZ
?rdbuf@stdiostream@@QBEPAVstdiobuf@@XZ
?rdbuf@strstream@@QBEPAVstrstreambuf@@XZ
?rdstate@ios@@QBEHXZ
?read@istream@@QAEAAV1@PACH@Z
?read@istream@@QAEAAV1@PADH@Z
?read@istream@@QAEAAV1@PAEH@Z
?sbumpc@streambuf@@QAEHXZ
?seekg@istream@@QAEAAV1@J@Z
?seekg@istream@@QAEAAV1@JW4seek_dir@ios@@@Z
?seekoff@filebuf@@UAEJJW4seek_dir@ios@@H@Z
?seekoff@stdiobuf@@UAEJJW4seek_dir@ios@@H@Z
?seekoff@streambuf@@UAEJJW4seek_dir@ios@@H@Z
?seekoff@strstreambuf@@UAEJJW4seek_dir@ios@@H@Z
?seekp@ostream@@QAEAAV1@J@Z
?seekp@ostream@@QAEAAV1@JW4seek_dir@ios@@@Z
?seekpos@streambuf@@UAEJJH@Z
?setb@streambuf@@IAEXPAD0H@Z
?setbuf@filebuf@@UAEPAVstreambuf@@PADH@Z
?setbuf@fstream@@QAEPAVstreambuf@@PADH@Z
?setbuf@ifstream@@QAEPAVstreambuf@@PADH@Z
?setbuf@ofstream@@QAEPAVstreambuf@@PADH@Z
?setbuf@streambuf@@UAEPAV1@PADH@Z
?setbuf@strstreambuf@@UAEPAVstreambuf@@PADH@Z
?setf@ios@@QAEJJ@Z
?setf@ios@@QAEJJJ@Z
?setg@streambuf@@IAEXPAD00@Z
?setlock@ios@@QAAXXZ
?setlock@streambuf@@QAEXXZ
?setmode@filebuf@@QAEHH@Z
?setmode@fstream@@QAEHH@Z
?setmode@ifstream@@QAEHH@Z
?setmode@ofstream@@QAEHH@Z
?setp@streambuf@@IAEXPAD0@Z
?setrwbuf@stdiobuf@@QAEHHH@Z
?sgetc@streambuf@@QAEHXZ
?sgetn@streambuf@@QAEHPADH@Z
?sh_none@filebuf@@2HB
?sh_read@filebuf@@2HB
?sh_write@filebuf@@2HB
?snextc@streambuf@@QAEHXZ
?sputbackc@streambuf@@QAEHD@Z
?sputc@streambuf@@QAEHH@Z
?sputn@streambuf@@QAEHPBDH@Z
?stdiofile@stdiobuf@@QAEPAU_iobuf@@XZ
?stossc@streambuf@@QAEXXZ
?str@istrstream@@QAEPADXZ
?str@ostrstream@@QAEPADXZ
?str@strstream@@QAEPADXZ
?str@strstreambuf@@QAEPADXZ
?sunk_with_stdio@ios@@0HA
?sync@filebuf@@UAEHXZ
?sync@istream@@QAEHXZ
?sync@stdiobuf@@UAEHXZ
?sync@streambuf@@UAEHXZ
?sync@strstreambuf@@UAEHXZ
?sync_with_stdio@ios@@SAXXZ
?tellg@istream@@QAEJXZ
?tellp@ostream@@QAEJXZ
?text@filebuf@@2HB
?tie@ios@@QAEPAVostream@@PAV2@@Z
?tie@ios@@QBEPAVostream@@XZ
?unbuffered@streambuf@@IAEXH@Z
?unbuffered@streambuf@@IBEHXZ
?underflow@filebuf@@UAEHXZ
?underflow@stdiobuf@@UAEHXZ
?underflow@strstreambuf@@UAEHXZ
?unlock@ios@@QAAXXZ
?unlock@streambuf@@QAEXXZ
?unlockbuf@ios@@QAAXXZ
?unlockc@ios@@KAXXZ
?unsetf@ios@@QAEJJ@Z
?what@exception@@UBEPBDXZ
?width@ios@@QAEHH@Z
?width@ios@@QBEHXZ
?write@ostream@@QAEAAV1@PBCH@Z
?write@ostream@@QAEAAV1@PBDH@Z
?write@ostream@@QAEAAV1@PBEH@Z
?writepad@ostream@@AAEAAV1@PBD0@Z
?ws@@YAAAVistream@@AAV1@@Z
?x_curindex@ios@@0HA
?x_lockc@ios@@0U_CRT_CRITICAL_SECTION@@A
?x_maxbit@ios@@0JA
?x_statebuf@ios@@0PAJA
?xalloc@ios@@SAHXZ
?xsgetn@streambuf@@UAEHPADH@Z
?xsputn@streambuf@@UAEHPBDH@Z
__dummy_export
_mtlock
_mtunlock

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Global_VC_MFC42ANSICore_f0.51D569E2_8A28_11D2_B962_006097C4DE24
.dll regsvr32 windows:4 windows x86 arch:x86

1557eebc6134cee9eb9d0583a2b40341

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_initterm
?terminate@@YAXXZ
_except_handler3
_adjust_fdiv
_onexit
__dllonexit
??1type_info@@UAE@XZ
_mbsnbicmp
wcsncpy
wcscpy
_ltoa
_ultoa
swprintf
_itoa
modf
ceil
fabs
floor
labs
_ftol
_splitpath
_fullpath
atol
__p___argc
_EH_prolog
__p___argv
_beginthreadex
_endthreadex
_strdup
_mbsdec
_expand
strtod
strtol
strtoul
abs
calloc
_msize
_purecall
strftime
_mbctype
localtime
gmtime
time
_ismbcspace
atoi
_ismbcdigit
_mbsnbcmp
sprintf
strlen
_mbclen
vsprintf
_mbsrchr
_mbscspn
_mbsspn
_mbsstr
_mbsrev
_mbslwr
_mbsupr
_mbspbrk
_mbschr
wcslen
_mbscmp
realloc
fclose
fflush
fseek
ftell
fgets
fputs
fwrite
fread
clearerr
_open_osfhandle
_fdopen
__doserrno
_get_osfhandle
memset
_mbsinc
abort
free
malloc
memcmp
memmove
memcpy
_CxxThrowException
mktime
__CxxFrameHandler

kernel32

FindClose
FindFirstFileA
lstrcpyA
MultiByteToWideChar
GetFullPathNameA
GetStringTypeExA
GetThreadLocale
lstrcmpiA
GetShortPathNameA
GetModuleFileNameA
GlobalSize
GlobalLock
GlobalAlloc
GlobalReAlloc
GlobalUnlock
GlobalFree
GetFileAttributesA
GetFileSize
GetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
SetFileAttributesA
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
LocalFree
FormatMessageA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCPInfo
GetOEMCP
LocalAlloc
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalHandle
TlsFree
LeaveCriticalSection
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
WaitForSingleObject
CreateSemaphoreA
DeleteFileA
LoadLibraryA
ReleaseMutex
InterlockedExchange
WaitForMultipleObjects
GetModuleHandleA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetCurrentThreadId
lstrcatA
GetVersion
LockResource
LoadResource
FindResourceA
FreeLibrary
MulDiv
GetProfileIntA
VirtualProtect
FindResourceExA
SizeofResource
GetProcessVersion
GlobalFlags
GetTempFileNameA
GetDiskFreeSpaceA
LocalUnlock
LocalLock
GetTempPathA
SearchPathA
SetEvent
ResumeThread
SetThreadPriority
SuspendThread
GetCurrentThread
SetErrorMode
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetCurrentDirectoryA
FindNextFileA
GetTickCount
lstrlenW
CopyFileA
lstrcpyW
GetUserDefaultLCID
IsDBCSLeadByte
GetSystemDirectoryA
GetProcAddress
UnlockFile
MoveFileA
SetEndOfFile
FlushFileBuffers
LockFile
CloseHandle
ReadFile
SetFilePointer
WriteFile
DuplicateHandle
CreateFileA
GetCurrentProcess
lstrlenA
lstrcmpA
OutputDebugStringA
IsBadStringPtrA
IsBadReadPtr
IsBadWritePtr
GetLastError
IsBadStringPtrW
lstrcpynA
ReleaseSemaphore
SetLastError
CreateMutexA
GetVolumeInformationA
CreateEventA
RaiseException

gdi32

TextOutA
GetPolyFillMode
EnumFontFamiliesA
GetPixel
CreatePalette
GetPaletteEntries
RealizePalette
OffsetRgn
SetBrushOrgEx
CreateMetaFileA
CopyMetaFileA
LPtoDP
SetAbortProc
StartPage
EndPage
EndDoc
AbortDoc
DPtoLP
CombineRgn
SetRectRgn
GetMapMode
CreateDIBPatternBrushPt
CreateHatchBrush
ExtCreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
ExtSelectClipRgn
SelectClipPath
CreateRectRgn
GetClipRgn
PolyBezierTo
SetColorAdjustment
PolylineTo
PolyDraw
SetArcDirection
ArcTo
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
LineTo
OffsetClipRgn
ExcludeClipRect
SelectClipRgn
OffsetWindowOrgEx
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SelectPalette
StartDocA
EnumFontFamiliesExA
CreateDCA
CreateRectRgnIndirect
Rectangle
UnrealizeObject
PatBlt
CreateBitmap
CreatePatternBrush
CreatePen
CloseMetaFile
DeleteMetaFile
RectVisible
PtVisible
IntersectClipRect
GetViewportOrgEx
GetWindowOrgEx
SetWindowOrgEx
GetDeviceCaps
Escape
GetCurrentPositionEx
MoveToEx
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
GetTextFaceA
GetWindowExtEx
GetViewportExtEx
GetROP2
GetBkMode
GetTextAlign
GetNearestColor
GetBkColor
GetTextColor
SaveDC
GetStockObject
RestoreDC
GetCharWidthA
DeleteObject
CreateFontA
StretchDIBits
DeleteDC
CreateCompatibleBitmap
GetTextExtentPoint32A
ExtTextOutA
CreateSolidBrush
BitBlt
CreateFontIndirectA
CreateCompatibleDC
GetTextMetricsA
GetObjectA
SelectObject
SetTextColor
GetClipBox
SetBkColor
GetStretchBltMode

user32

SetCapture
CharToOemA
OemToCharA
UnhookWindowsHookEx
MsgWaitForMultipleObjects
GetWindowRect
GetWindowPlacement
IsIconic
SystemParametersInfoA
IntersectRect
OffsetRect
RegisterWindowMessageA
SetWindowPos
SetWindowLongA
GetWindowLongA
GetWindow
SendMessageA
SetForegroundWindow
GetForegroundWindow
GetLastActivePopup
GetMessagePos
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
DestroyWindow
DefWindowProcA
GetKeyState
GetDlgCtrlID
GetWindowTextA
GetWindowTextLengthA
GetDlgItem
SetWindowPlacement
TrackPopupMenu
GetMenuItemID
GetSubMenu
GetMenuItemCount
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetParent
IsChild
MessageBoxA
GetTopWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetScrollInfo
GetScrollInfo
ScrollWindow
IsWindowVisible
EnableWindow
EndDeferWindowPos
CopyRect
BeginDeferWindowPos
GetClientRect
DeferWindowPos
EqualRect
ScreenToClient
AdjustWindowRectEx
SetFocus
IsWindow
SetActiveWindow
GetFocus
DispatchMessageA
PeekMessageA
GetSysColor
MapWindowPoints
SendDlgItemMessageA
UpdateWindow
PostMessageA
LoadIconA
SetRectEmpty
LoadAcceleratorsA
TranslateAcceleratorA
ReleaseCapture
SetCursor
IsWindowEnabled
GetDesktopWindow
ShowWindow
GetActiveWindow
DestroyMenu
LoadMenuA
SetMenu
ReuseDDElParam
UnpackDDElParam
InvalidateRect
BringWindowToTop
LoadCursorA
GetSystemMetrics
WaitMessage
GetCursorPos
GetWindowThreadProcessId
WindowFromPoint
ClientToScreen
TranslateMessage
GetMessageA
DefFrameProcA
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
RedrawWindow
LoadBitmapA
InflateRect
PtInRect
ReleaseDC
InvertRect
GetWindowDC
FillRect
SetTimer
KillTimer
SetRect
GetDC
IsZoomed
SetParent
IsRectEmpty
AppendMenuA
DeleteMenu
GetSystemMenu
GetDCEx
LockWindowUpdate
GetTabbedTextExtentA
DrawTextA
GrayStringA
UnionRect
DrawFocusRect
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
wvsprintfA
GetAsyncKeyState
MapDialogRect
GetDialogBaseUnits
BeginPaint
EndPaint
TabbedTextOutA
GetSysColorBrush
GetClassNameA
SetWindowTextA
CheckDlgButton
CheckRadioButton
GetDlgItemInt
GetDlgItemTextA
SetDlgItemInt
SetDlgItemTextA
IsDlgButtonChecked
ScrollWindowEx
IsDialogMessageA
MoveWindow
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
GetMenuCheckMarkDimensions
DestroyIcon
SetCursorPos
DestroyCursor
FindWindowA
IsClipboardFormatAvailable
MessageBeep
RemoveMenu
ValidateRect
PostQuitMessage
UnregisterClassA
ShowOwnedPopups
InsertMenuA
GetMenuStringA
RegisterClipboardFormatA
CopyAcceleratorTableA
InSendMessage
PostThreadMessageA
CreateMenu
WindowFromDC
CountClipboardFormats
SetWindowContextHelpId
CharNextA
GetNextDlgGroupItem
ClipCursor
DrawEdge
EnumChildWindows
InvalidateRgn
FrameRect
LoadStringA
CharUpperA
wsprintfA

Exports

Exports

?classCCachedDataPathProperty@CCachedDataPathProperty@@2UCRuntimeClass@@B
?classCDataPathProperty@CDataPathProperty@@2UCRuntimeClass@@B
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 616KB - Virtual size: 613KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Global_VC_MFC42UnicodeCore_f0.7EBEDD6A_AA66_11D2_B980_006097C4DE24
.dll regsvr32 windows:4 windows x86 arch:x86

812a1105faba586fcfb8abc7e4d75b94

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_initterm
?terminate@@YAXXZ
_except_handler3
_adjust_fdiv
_onexit
__dllonexit
??1type_info@@UAE@XZ
_wcsnicmp
wcsncpy
wcscpy
_ltow
_ultow
_itow
modf
ceil
fabs
floor
labs
_ftol
_EH_prolog
_wsplitpath
_wfullpath
_wtol
__p___argc
__p___wargv
_beginthreadex
_endthreadex
_wcsdup
_expand
wcstod
wcstol
wcstoul
abs
calloc
_msize
_purecall
wcsftime
localtime
gmtime
time
iswspace
_wtoi
iswdigit
wcsncmp
wcslen
swprintf
vswprintf
wcsrchr
wcscspn
wcsspn
wcsstr
_wcsrev
_wcslwr
_wcsupr
wcspbrk
wcschr
wcscmp
realloc
fclose
fflush
fseek
ftell
fgetws
fputws
fwrite
fread
clearerr
_open_osfhandle
_fdopen
__doserrno
_get_osfhandle
memset
abort
free
malloc
memcmp
memmove
memcpy
_CxxThrowException
mktime
__CxxFrameHandler

kernel32

GetShortPathNameW
GetModuleFileNameW
GlobalSize
lstrcmpiW
FormatMessageW
GlobalAlloc
GlobalReAlloc
GlobalUnlock
GlobalFree
GetFileAttributesW
GetFileSize
GetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
SetFileAttributesW
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeExW
GetThreadLocale
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalAlloc
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalHandle
TlsFree
LeaveCriticalSection
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
WaitForSingleObject
CreateSemaphoreW
ReleaseSemaphore
CreateMutexW
ReleaseMutex
CreateEventW
WaitForMultipleObjects
GetModuleHandleW
LocalFree
FindFirstFileW
GlobalAddAtomW
InterlockedExchange
lstrcatW
GetVersion
LockResource
LoadResource
FindResourceW
FreeLibrary
LoadLibraryA
GlobalGetAtomNameW
GetModuleHandleA
MulDiv
GetProfileIntW
VirtualProtect
lstrcpyA
FindResourceExW
SizeofResource
GetProcessVersion
lstrcmpW
GlobalFlags
GetTempFileNameW
GetDiskFreeSpaceW
LocalUnlock
LocalLock
GetTempPathW
SearchPathW
SetEvent
ResumeThread
SetThreadPriority
SuspendThread
GetCurrentThread
lstrcmpiA
SetErrorMode
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetCurrentDirectoryW
FindNextFileW
GetTickCount
CopyFileW
GetUserDefaultLCID
IsDBCSLeadByte
lstrcatA
GetSystemDirectoryA
GetFullPathNameW
GetVolumeInformationW
LoadLibraryW
FindClose
lstrcpyW
MoveFileW
GetProcAddress
DeleteFileW
LockFile
SetEndOfFile
UnlockFile
SetFilePointer
CloseHandle
FlushFileBuffers
CreateFileW
WriteFile
ReadFile
lstrlenA
GetCurrentProcess
DuplicateHandle
lstrlenW
lstrcmpA
OutputDebugStringW
IsBadStringPtrA
IsBadReadPtr
IsBadWritePtr
GetLastError
IsBadStringPtrW
lstrcpynW
GlobalDeleteAtom
SetLastError
GlobalFindAtomW
GlobalLock
GetCurrentThreadId
RaiseException

gdi32

CreatePen
SetMapMode
EnumFontFamiliesW
GetPixel
CreatePalette
GetPaletteEntries
RealizePalette
OffsetRgn
SetBrushOrgEx
CreateMetaFileW
CopyMetaFileW
LPtoDP
SetAbortProc
StartPage
EndPage
EndDoc
AbortDoc
DPtoLP
CombineRgn
SetRectRgn
GetMapMode
CreateDIBPatternBrushPt
CreateHatchBrush
ExtCreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
ExtSelectClipRgn
SelectClipPath
CreateRectRgn
GetClipRgn
PolyBezierTo
SetColorAdjustment
PolylineTo
PolyDraw
SetArcDirection
ArcTo
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
LineTo
OffsetClipRgn
ExcludeClipRect
SelectClipRgn
OffsetWindowOrgEx
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SelectPalette
StartDocW
EnumFontFamiliesExW
CreateDCW
CreateRectRgnIndirect
Rectangle
UnrealizeObject
PatBlt
CreateBitmap
CreatePatternBrush
TextOutW
CloseMetaFile
DeleteMetaFile
RectVisible
PtVisible
IntersectClipRect
GetViewportOrgEx
GetWindowOrgEx
SetWindowOrgEx
GetDeviceCaps
Escape
GetTextExtentPoint32A
GetCurrentPositionEx
MoveToEx
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetViewportExtEx
GetROP2
GetWindowExtEx
GetTextAlign
GetPolyFillMode
GetBkMode
GetTextColor
GetNearestColor
GetStretchBltMode
RestoreDC
SaveDC
GetBkColor
CreateFontW
GetCharWidthW
GetStockObject
CreateCompatibleBitmap
StretchDIBits
DeleteObject
CreateSolidBrush
GetTextExtentPoint32W
DeleteDC
CreateCompatibleDC
BitBlt
ExtTextOutW
SelectObject
GetTextMetricsW
CreateFontIndirectW
SetBkColor
SetTextColor
GetObjectW
GetClipBox
GetTextFaceW

user32

GetCursorPos
UnhookWindowsHookEx
MsgWaitForMultipleObjects
GetWindowRect
GetWindowPlacement
IsIconic
SystemParametersInfoW
IntersectRect
OffsetRect
RegisterWindowMessageW
SetWindowPos
SetWindowLongW
GetWindowLongW
GetWindow
SendMessageW
SetForegroundWindow
GetForegroundWindow
GetLastActivePopup
GetMessagePos
GetMessageTime
RemovePropW
CallWindowProcW
GetPropW
SetPropW
CallNextHookEx
SetWindowsHookExW
CreateWindowExW
DestroyWindow
DefWindowProcW
GetKeyState
GetDlgCtrlID
GetWindowTextW
GetWindowTextLengthW
GetDlgItem
SetWindowPlacement
TrackPopupMenu
GetMenuItemID
GetSubMenu
GetMenuItemCount
GetMenu
RegisterClassW
GetClassInfoW
WinHelpW
GetCapture
GetParent
IsChild
MessageBoxW
GetTopWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetScrollInfo
GetScrollInfo
ScrollWindow
IsWindowVisible
EnableWindow
EndDeferWindowPos
CopyRect
BeginDeferWindowPos
GetClientRect
DeferWindowPos
EqualRect
ScreenToClient
AdjustWindowRectEx
SetFocus
IsWindow
SetActiveWindow
GetFocus
DispatchMessageW
PeekMessageW
GetSysColor
MapWindowPoints
SendDlgItemMessageA
SendDlgItemMessageW
UpdateWindow
PostMessageW
LoadIconW
SetRectEmpty
LoadAcceleratorsW
TranslateAcceleratorW
ReleaseCapture
SetCursor
IsWindowEnabled
GetDesktopWindow
ShowWindow
GetActiveWindow
DestroyMenu
LoadMenuW
SetMenu
ReuseDDElParam
UnpackDDElParam
InvalidateRect
BringWindowToTop
LoadCursorW
SetCapture
WaitMessage
GetSystemMetrics
GetWindowThreadProcessId
WindowFromPoint
ClientToScreen
TranslateMessage
GetMessageW
DefFrameProcW
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
RedrawWindow
LoadBitmapW
InflateRect
PtInRect
ReleaseDC
InvertRect
GetWindowDC
FillRect
SetTimer
KillTimer
SetRect
GetDC
IsZoomed
SetParent
IsRectEmpty
AppendMenuW
DeleteMenu
GetSystemMenu
GetDCEx
LockWindowUpdate
GetTabbedTextExtentA
DrawTextW
GrayStringW
UnionRect
DrawFocusRect
CreateDialogIndirectParamW
EndDialog
GetNextDlgTabItem
wvsprintfW
GetAsyncKeyState
MapDialogRect
GetDialogBaseUnits
BeginPaint
EndPaint
TabbedTextOutW
GetSysColorBrush
GetClassNameW
SetWindowTextW
CheckDlgButton
CheckRadioButton
GetDlgItemInt
GetDlgItemTextW
SetDlgItemInt
SetDlgItemTextW
IsDlgButtonChecked
ScrollWindowEx
IsDialogMessageW
MoveWindow
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuW
GetMenuState
GetMenuCheckMarkDimensions
DestroyIcon
SetCursorPos
DestroyCursor
FindWindowW
GetTabbedTextExtentW
IsClipboardFormatAvailable
MessageBeep
RemoveMenu
ValidateRect
PostQuitMessage
UnregisterClassW
ShowOwnedPopups
InsertMenuW
GetMenuStringW
RegisterClipboardFormatW
CopyAcceleratorTableW
InSendMessage
PostThreadMessageW
CreateMenu
WindowFromDC
CountClipboardFormats
SetWindowContextHelpId
CharNextW
GetNextDlgGroupItem
ClipCursor
DrawEdge
EnumChildWindows
InvalidateRgn
FrameRect
LoadStringW
MessageBoxA
CharUpperW
wsprintfW

Exports

Exports

?classCCachedDataPathProperty@CCachedDataPathProperty@@2UCRuntimeClass@@B
?classCDataPathProperty@CDataPathProperty@@2UCRuntimeClass@@B
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 608KB - Virtual size: 605KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 216KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HIDCLASS.SYS
.dll windows:4 windows x86 arch:x86

37abe4b9cad1a8d66b4d1a1b6bed2812

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

hidparse.sys

HidP_FreeCollectionDescription
HidP_SysPowerCaps
HidP_GetCollectionDescription
HidP_SysPowerEvent

ntoskrnl.exe

InterlockedExchange
KeBugCheckEx
KeWaitForSingleObject
KeInitializeEvent
IofCompleteRequest
ExfInterlockedInsertHeadList
KeSetEvent
InterlockedCompareExchange
IoGetDeviceProperty
MmMapLockedPages
ProbeForWrite
ObfReferenceObject
IoAllocateIrp
KeInitializeDpc
KeInitializeSpinLock
ExAllocatePoolWithTag
RtlFreeUnicodeString
ExFreePool
IoCancelIrp
IoFreeIrp
IoReleaseCancelSpinLock
IoAllocateDriverObjectExtension
IoAttachDeviceToDeviceStack
IoCreateDevice
RtlInitUnicodeString
swprintf
InterlockedIncrement
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
IoDeleteDevice
ObfDereferenceObject
IofCallDriver
ZwClose
ZwEnumerateValueKey
IoOpenDeviceRegistryKey
ZwOpenKey
IoInvalidateDeviceRelations
IoDetachDevice
KeInitializeTimer
KeSetTimer
PoStartNextPowerIrp
PoRequestPowerIrp
KeCancelTimer
RtlUnwind

hal

ExAcquireFastMutex
ExReleaseFastMutex
KfAcquireSpinLock
KfReleaseSpinLock

Exports

Exports

HidRegisterMinidriver

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96B - Virtual size: 82B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 656B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 96B - Virtual size: 85B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 944B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 864B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HIDPARSE.SYS
.dll windows:4 windows x86 arch:x86

392aa42cd8450535cbe015c4fef7d7ac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

memcpy
ExAllocatePoolWithTag
memset
ExFreePool

Exports

Exports

HidP_FreeCollectionDescription
HidP_GetButtonCaps
HidP_GetCaps
HidP_GetCollectionDescription
HidP_GetData
HidP_GetExtendedAttributes
HidP_GetLinkCollectionNodes
HidP_GetScaledUsageValue
HidP_GetSpecificButtonCaps
HidP_GetSpecificValueCaps
HidP_GetUsageValue
HidP_GetUsageValueArray
HidP_GetUsages
HidP_GetUsagesEx
HidP_GetValueCaps
HidP_InitializeReportForID
HidP_MaxDataListLength
HidP_MaxUsageListLength
HidP_SetData
HidP_SetScaledUsageValue
HidP_SetUsageValue
HidP_SetUsageValueArray
HidP_SetUsages
HidP_SysPowerCaps
HidP_SysPowerEvent
HidP_TranslateUsageAndPagesToI8042ScanCodes
HidP_TranslateUsagesToI8042ScanCodes
HidP_UnsetUsages
HidP_UsageAndPageListDifference
HidP_UsageListDifference

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 160B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 944B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 336B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PhoneBookTemplate.htm
.html
WidcommSdk.dll
.dll windows:4 windows x86 arch:x86

f20a6307d60b12dc9ad6b31f08fadbea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wbtapi

?SetOnSppStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11ABU_GUID@@FJ@Z0@Z
?ClearSppStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?SppCreateConnection@CWBtAPI@@QAE?AW4WBtRc@@QAEABU_GUID@@PBDH@Z
?SppRemoveConnection@CWBtAPI@@QAE?AW4WBtRc@@HF@Z
?MapGuidToUuid@@YAXPAU_GUID@@PAUtBT_UUID@@@Z
?OppAbort@CWBtAPI@@QAE?AW4WBtRc@@J@Z
?OppExchange@CWBtAPI@@QAE?AW4WBtRc@@QAEU_GUID@@PBDPAG3PAJ@Z
?OppPull@CWBtAPI@@QAE?AW4WBtRc@@QAEU_GUID@@PBDPAGPAJJ@Z
?OppPush@CWBtAPI@@QAE?AW4WBtRc@@QAEU_GUID@@PBDPAGPAJ@Z
?SetOnOppProgressCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJQAEJPAGJJJ@Z0@Z
?SetOnOppPullCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJQAEJPAGJ@Z0@Z
?SetOnOppPushCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJQAEJPAGJ@Z0@Z
?SetOnOppExchangeCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJQAEJPAGJ@Z0@Z
?SetOnOppAbortCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJJ@Z0@Z
?LapDisconnect@CWBtAPI@@QAE?AW4WBtRc@@QAE@Z
?LapCreateConnection@CWBtAPI@@QAE?AW4WBtRc@@QAEABU_GUID@@PBDH@Z
?ClearLapStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?SetOnLapStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11ABU_GUID@@FJ@Z0@Z
?FtpCreateFolder@CWBtAPI@@QAE?AW4WBtRc@@JPAG@Z
?FtpCreateEmpty@CWBtAPI@@QAE?AW4WBtRc@@JPAG@Z
?FtpRoot@CWBtAPI@@QAE?AW4WBtRc@@J@Z
?FtpParent@CWBtAPI@@QAE?AW4WBtRc@@J@Z
?FtpAbort@CWBtAPI@@QAE?AW4WBtRc@@J@Z
?FtpDeleteFile@CWBtAPI@@QAE?AW4WBtRc@@JPAG@Z
?FtpChangeFolder@CWBtAPI@@QAE?AW4WBtRc@@JPAG@Z
?FtpFolderListing@CWBtAPI@@QAE?AW4WBtRc@@J@Z
?FtpGetFile@CWBtAPI@@QAE?AW4WBtRc@@JPAG0@Z
?FtpPutFile@CWBtAPI@@QAE?AW4WBtRc@@JPAG@Z
?FtpCloseConnection@CWBtAPI@@QAE?AW4WBtRc@@J@Z
?SetOnFtpOpenResponseCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJJ@Z0@Z
?SetOnFtpCloseResponseCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJJ@Z0@Z
?SetOnFtpGetResponseCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJPAGJ@Z0@Z
?SetOnFtpPutResponseCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJPAGJ@Z0@Z
?SetOnFtpProgressCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJFPAGJJJ@Z0@Z
?SetOnFtpCreateCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJPAGJ@Z0@Z
?SetOnFtpDeleteResponseCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJPAGJ@Z0@Z
?SetOnFtpChangeFolderCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJW4FtpFolder@@PAGJ@Z0@Z
?SetOnFtpFolderListingCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJPAGJJ@Z0@Z
?SetOnFtpAbortResponseCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJJ@Z0@Z
?FtpOpenConnection@CWBtAPI@@QAE?AW4WBtRc@@QAEU_GUID@@PBDPAJ@Z
?GapGetConnectionStats@CWBtAPI@@QAE?AW4WBtRc@@QAEPAU_GUID@@PBDHPAUtBT_CONN_STATS@@@Z
?DunRemoveConnection@CWBtAPI@@QAE?AW4WBtRc@@HF@Z
?SetOnDunStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11ABU_GUID@@FJ@Z0@Z
?DunCreateConnection@CWBtAPI@@QAE?AW4WBtRc@@QAEABU_GUID@@PBDH@Z
?ClearDunStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?GapBond@CWBtAPI@@QAE?AW4WBtRc@@QAEJ0J@Z
?GapGetAvailableServices@CWBtAPI@@QAE?AW4WBtRc@@QAEPAHHPAUtBT_SERVICE_INFO@@@Z
?SetOnDiscoveryEventCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAEGJ@Z0@Z
?GapStartServiceDiscovery@CWBtAPI@@QAE?AW4WBtRc@@PAEU_GUID@@H@Z
?GapStartDiscovery@CWBtAPI@@QAE?AW4WBtRc@@PAEH@Z
?ClearDeviceFoundCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearInquiryCompleteCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?GapStopInquiry@CWBtAPI@@QAE?AW4WBtRc@@XZ
?SetOnDeviceFoundCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11H@Z0@Z
?SetOnInquiryCompleteCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJF@Z0@Z
?BtmDeviceIsReady@CWBtAPI@@QAEHXZ
?GapStartInquiry@CWBtAPI@@QAE?AW4WBtRc@@XZ
?SetOnDeviceStatusCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJJ@Z0@Z
??1CWBtAPI@@QAE@XZ
?ConnectToServer@CWBtAPI@@QAE?AW4WBtRc@@_NI00@Z
?ClearDeviceStatusCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
??0CWBtAPI@@QAE@XZ

ws2_32

bind
ntohl
sendto
ntohs
socket
WSAStartup

kernel32

GetFileType
GetStdHandle
SetHandleCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetOEMCP
GetACP
GetCPInfo
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
FatalAppExitA
ExitProcess
DeleteCriticalSection
GetCurrentThread
TlsFree
GetTimeZoneInformation
GetVersion
GetCommandLineA
ResumeThread
ExitThread
GetCurrentThreadId
HeapAlloc
HeapFree
RtlUnwind
InterlockedIncrement
InterlockedDecrement
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
SetFilePointer
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetVersionExA
FreeLibrary
GetProcAddress
LoadLibraryA
SetLastError
GetLastError
OutputDebugStringA
WideCharToMultiByte
MultiByteToWideChar
ReleaseMutex
SetEvent
CloseHandle
CallNamedPipeA
CreateThread
CreateEventA
CreateMutexA
WaitForSingleObject
GetModuleHandleA
TlsAlloc
GetTickCount
InitializeCriticalSection
Sleep
TlsSetValue
TlsGetValue
LeaveCriticalSection
EnterCriticalSection
DeviceIoControl
WaitForMultipleObjects
ResetEvent
GetModuleFileNameA
OpenProcess
OpenEventA
CreateFileA
GetFileAttributesExA
ReadFile
lstrlenA
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
SetConsoleCtrlHandler
SetStdHandle
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetLocaleInfoW

user32

PostMessageA
CheckRadioButton
CheckDlgButton
GetDlgItem
CallWindowProcW
PeekMessageA
wsprintfA
CreateWindowExW
IsWindow
DestroyWindow
LoadStringW
GetParent
GetClassNameA
GetWindowTextW
FindWindowExA
GetWindowLongA
SetClassLongW

winspool.drv

EnumPortsA

advapi32

CryptGenKey
CryptReleaseContext
CryptAcquireContextA
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey
InitializeSecurityDescriptor
CryptDestroyKey
CryptEncrypt
CryptExportKey
CryptSetProvParam
CryptGetUserKey
CryptDecrypt
CryptImportKey
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyExA
RegQueryInfoKeyA
RegEnumValueA

ole32

CLSIDFromString
CoInitialize

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

Exports

Exports

??0CBtIf@@QAE@XZ
??0CDunClient@@QAE@XZ
??0CFtpClient@@QAE@XZ
??0CL2CapConn@@QAE@XZ
??0CL2CapIf@@QAE@XZ
??0CLapClient@@QAE@XZ
??0CObexClient@@QAE@ABV0@@Z
??0CObexClient@@QAE@XZ
??0CObexHeaders@@AAE@PAUtOBEX_HEADERS@@@Z
??0CObexHeaders@@QAE@XZ
??0CObexServer@@QAE@ABV0@@Z
??0CObexServer@@QAE@XZ
??0CObexUserDefined@@QAE@XZ
??0COppClient@@QAE@XZ
??0CPrintClient@@QAE@ABV0@@Z
??0CPrintClient@@QAE@XZ
??0CRfCommIf@@QAE@XZ
??0CRfCommPort@@QAE@XZ
??0CSdpDiscoveryRec@@QAE@XZ
??0CSdpService@@QAE@XZ
??0CSppClient@@QAE@XZ
??0CSppServer@@QAE@XZ
??1CBtIf@@UAE@XZ
??1CDunClient@@UAE@XZ
??1CFtpClient@@UAE@XZ
??1CL2CapConn@@UAE@XZ
??1CL2CapIf@@QAE@XZ
??1CLapClient@@UAE@XZ
??1CObexClient@@QAE@XZ
??1CObexHeaders@@QAE@XZ
??1CObexServer@@QAE@XZ
??1CObexUserDefined@@QAE@XZ
??1COppClient@@UAE@XZ
??1CPrintClient@@QAE@XZ
??1CRfCommIf@@QAE@XZ
??1CRfCommPort@@UAE@XZ
??1CSdpDiscoveryRec@@QAE@XZ
??1CSdpService@@UAE@XZ
??1CSppClient@@UAE@XZ
??1CSppServer@@UAE@XZ
??4CObexClient@@QAEAAV0@ABV0@@Z
??4CObexServer@@QAEAAV0@ABV0@@Z
??4CPrintClient@@QAEAAV0@ABV0@@Z
??_7CBtIf@@6B@
??_7CDunClient@@6B@
??_7CFtpClient@@6B@
??_7CL2CapConn@@6B@
??_7CLapClient@@6B@
??_7CObexClient@@6B@
??_7CObexServer@@6B@
??_7COppClient@@6B@
??_7CPrintClient@@6B@
??_7CRfCommPort@@6B@
??_7CSdpService@@6B@
??_7CSppClient@@6B@
??_7CSppServer@@6B@
?Abort@CFtpClient@@QAE?AW4FTP_RETURN_CODE@1@XZ
?Abort@CObexClient@@QAE?AW4tOBEX_ERRORS@@PAVCObexHeaders@@@Z
?Abort@COppClient@@QAE?AW4OPP_RETURN_CODE@1@XZ
?AbortCnf@CObexServer@@QAE?AW4tOBEX_ERRORS@@W42@W4tOBEX_RESPONSE_CODE@@PAVCObexHeaders@@@Z
?Accept@CL2CapConn@@QAEHG@Z
?AddAdditionProtoLists@CSdpService@@QAE?AW4SDP_RETURN_CODE@@HPAUtSDP_PROTO_LIST_ELEM@@@Z
?AddAppParam@CObexHeaders@@QAEHEEPAE@Z
?AddAttribute@CSdpService@@QAE?AW4SDP_RETURN_CODE@@GEIPAE@Z
?AddAuthChallenge@CObexHeaders@@QAEHEEPAE@Z
?AddAuthResponse@CObexHeaders@@QAEHEEPAE@Z
?AddDiscoveryAttr@CSdpDiscoveryRec@@AAEPAEPAEHPAXH@Z
?AddHttp@CObexHeaders@@QAEHPAEI@Z
?AddL2CapProtocolDescriptor@CSdpService@@QAE?AW4SDP_RETURN_CODE@@G@Z
?AddLanguageBaseAttrIDList@CSdpService@@QAE?AW4SDP_RETURN_CODE@@GGG@Z
?AddProfileDescriptorList@CSdpService@@QAE?AW4SDP_RETURN_CODE@@PAU_GUID@@G@Z
?AddProtocolList@CSdpService@@QAE?AW4SDP_RETURN_CODE@@HPAUtSDP_PROTOCOL_ELEM@@@Z
?AddRFCommProtocolDescriptor@CSdpService@@QAE?AW4SDP_RETURN_CODE@@E@Z
?AddServiceClassIdList@CSdpService@@QAE?AW4SDP_RETURN_CODE@@HPAU_GUID@@@Z
?AddServiceName@CSdpService@@QAE?AW4SDP_RETURN_CODE@@PAD@Z
?AddSupportedFormatsList@CSdpService@@QAE?AW4SDP_RETURN_CODE@@EQAE0QAPAE@Z
?AddTarget@CObexHeaders@@QAEHPAEI@Z
?AddTempRegistry@CBtIf@@AAEHPBU_GUID@@@Z
?AddUserDefined@CObexHeaders@@QAEHPAVCObexUserDefined@@@Z
?Add_Printer@CBtIf@@QAEHPBDQAE@Z
?AssignPsmValue@CL2CapIf@@QAEHPAU_GUID@@G@Z
?AssignScnValue@CRfCommIf@@QAEHPAU_GUID@@EPBD@Z
?Bond@CBtIf@@QAE?AW4BOND_RETURN_CODE@1@QAEPAD@Z
?BondQuery@CBtIf@@QAEHQAE@Z
?Cancel@CPrintClient@@QAEXXZ
?CancelSniffMode@CBtIf@@SAHQAE@Z
?ChangeEScoLinkParms@CBtIf@@SA?AW4AUDIO_RETURN_CODE@@GPAUtBTM_CHG_ESCO_PARAMS@@@Z
?ChangeEScoLinkParms@CL2CapConn@@QAE?AW4AUDIO_RETURN_CODE@@GPAUtBTM_CHG_ESCO_PARAMS@@@Z
?ChangeEScoLinkParms@CObexClient@@QAE?AW4AUDIO_RETURN_CODE@@GPAUtBTM_CHG_ESCO_PARAMS@@@Z
?ChangeEScoLinkParms@CObexServer@@QAE?AW4AUDIO_RETURN_CODE@@GPAUtBTM_CHG_ESCO_PARAMS@@@Z
?ChangeEScoLinkParms@CRfCommPort@@QAE?AW4AUDIO_RETURN_CODE@@GPAUtBTM_CHG_ESCO_PARAMS@@@Z
?ChangeFolder@CFtpClient@@QAE?AW4FTP_RETURN_CODE@1@PAG@Z
?ClearFlag@CObexHeaders@@AAEXI@Z
?Close@CObexClient@@QAE?AW4tOBEX_ERRORS@@PAVCObexHeaders@@@Z
?Close@CRfCommPort@@QAE?AW4PORT_RETURN_CODE@1@XZ
?CloseCnf@CObexServer@@QAE?AW4tOBEX_ERRORS@@W42@W4tOBEX_RESPONSE_CODE@@PAVCObexHeaders@@@Z
?CloseConnection@CFtpClient@@QAE?AW4FTP_RETURN_CODE@1@XZ
?Connect@CL2CapConn@@QAEHPAVCL2CapIf@@QAEG@Z
?ConnectToStackServer@CBtIf@@AAEHXZ
?Create@CSdpDiscoveryRec@@AAEXPAX@Z
?CreateAudioConnection@CBtIf@@QAE?AW4AUDIO_RETURN_CODE@@QAEHPAG@Z
?CreateAudioConnection@CBtIf@@SA?AW4AUDIO_RETURN_CODE@@QAEHPAGP6AXG@Z2@Z
?CreateAudioConnection@CL2CapConn@@QAE?AW4AUDIO_RETURN_CODE@@HPAG@Z
?CreateAudioConnection@CL2CapConn@@QAE?AW4AUDIO_RETURN_CODE@@HPAGQAE@Z
?CreateAudioConnection@CObexClient@@QAE?AW4AUDIO_RETURN_CODE@@HPAG@Z
?CreateAudioConnection@CObexServer@@QAE?AW4AUDIO_RETURN_CODE@@HPAG@Z
?CreateAudioConnection@CObexServer@@QAE?AW4AUDIO_RETURN_CODE@@HPAGQAE@Z
?CreateAudioConnection@CRfCommPort@@QAE?AW4AUDIO_RETURN_CODE@@HPAG@Z
?CreateAudioConnection@CRfCommPort@@QAE?AW4AUDIO_RETURN_CODE@@HPAGQAE@Z
?CreateCOMPort@CSppClient@@QAE?AW4SPP_CLIENT_RETURN_CODE@1@PAF@Z
?CreateCOMPort@CSppServer@@QAE?AW4SPP_SERVER_RETURN_CODE@1@PAF@Z
?CreateCOMPortAssociation@CBtIf@@QAEHQAEPAU_GUID@@PBDGEEGPAG@Z
?CreateConnection@CDunClient@@QAE?AW4DUN_RETURN_CODE@1@QAEAAVCSdpDiscoveryRec@@@Z
?CreateConnection@CLapClient@@QAE?AW4LAP_RETURN_CODE@1@QAEAAVCSdpDiscoveryRec@@@Z
?CreateConnection@CLapClient@@QAE?AW4LAP_RETURN_CODE@1@QAEU_GUID@@AAVCSdpDiscoveryRec@@@Z
?CreateConnection@CSppClient@@QAE?AW4SPP_CLIENT_RETURN_CODE@1@QAEPAD@Z
?CreateConnection@CSppServer@@QAE?AW4SPP_SERVER_RETURN_CODE@1@PAD@Z
?CreateEmpty@CFtpClient@@QAE?AW4FTP_RETURN_CODE@1@PAG@Z
?CreateFolder@CFtpClient@@QAE?AW4FTP_RETURN_CODE@1@PAG@Z
?DeleteAppParam@CObexHeaders@@QAEHG@Z
?DeleteAttribute@CSdpService@@QAE?AW4SDP_RETURN_CODE@@G@Z
?DeleteAuthChallenge@CObexHeaders@@QAEHG@Z
?DeleteAuthResponse@CObexHeaders@@QAEHG@Z
?DeleteBody@CObexHeaders@@QAEXXZ
?DeleteCount@CObexHeaders@@QAEXXZ
?DeleteDescription@CObexHeaders@@QAEXXZ
?DeleteFileA@CFtpClient@@QAE?AW4FTP_RETURN_CODE@1@PAG@Z
?DeleteHttp@CObexHeaders@@QAEHG@Z
?DeleteLength@CObexHeaders@@QAEXXZ
?DeleteName@CObexHeaders@@QAEXXZ
?DeleteObjectClass@CObexHeaders@@QAEXXZ
?DeleteTarget@CObexHeaders@@QAEHG@Z
?DeleteTempRegistry@CBtIf@@AAEXXZ
?DeleteTime@CObexHeaders@@QAEXXZ
?DeleteType@CObexHeaders@@QAEXXZ
?DeleteUserDefined@CObexHeaders@@QAEHG@Z
?DeleteWbtApi@CBtIf@@AAEXXZ
?DeleteWho@CObexHeaders@@QAEXXZ
?Deregister@CL2CapIf@@QAEXXZ
?Disconnect@CL2CapConn@@QAEXXZ
?EScoConnRsp@CBtIf@@SAXGEPAUtBTM_ESCO_PARAMS@@@Z
?EScoConnRsp@CL2CapConn@@QAEXGEPAUtBTM_ESCO_PARAMS@@@Z
?EScoConnRsp@CObexClient@@QAEXGEPAUtBTM_ESCO_PARAMS@@@Z
?EScoConnRsp@CObexServer@@QAEXGEPAUtBTM_ESCO_PARAMS@@@Z
?EScoConnRsp@CRfCommPort@@QAEXGEPAUtBTM_ESCO_PARAMS@@@Z
?Exchange@COppClient@@QAE?AW4OPP_RETURN_CODE@1@QAEPAG1AAVCSdpDiscoveryRec@@@Z
?FindAdditionalProtocolListElem@CSdpDiscoveryRec@@QAEHGPAUtSDP_PROTOCOL_ELEM@@@Z
?FindAttribute@CSdpDiscoveryRec@@QAEHGPAUSDP_DISC_ATTTR_VAL@@@Z
?FindL2CapPsm@CSdpDiscoveryRec@@QAEHPAG@Z
?FindProfileVersion@CSdpDiscoveryRec@@QAEHPAU_GUID@@PAG@Z
?FindProtocolListElem@CSdpDiscoveryRec@@QAEHGPAUtSDP_PROTOCOL_ELEM@@@Z
?FindRFCommScn@CSdpDiscoveryRec@@QAEHPAE@Z
?FolderListing@CFtpClient@@QAE?AW4FTP_RETURN_CODE@1@XZ
?FreeInternal@CObexHeaders@@AAEXPAUtOBEX_HEADERS@@@Z
?Get@CObexClient@@QAE?AW4tOBEX_ERRORS@@PAVCObexHeaders@@H@Z
?GetAppParam@CObexHeaders@@QAEHPAE0G@Z
?GetAppParamCnt@CObexHeaders@@QAEIXZ
?GetAppParamLength@CObexHeaders@@QAEHPAEG@Z
?GetAuthChallenge@CObexHeaders@@QAEHPAE0G@Z
?GetAuthChallengeCnt@CObexHeaders@@QAEIXZ
?GetAuthChallengeLength@CObexHeaders@@QAEHPAEG@Z
?GetAuthResponse@CObexHeaders@@QAEHPAE0G@Z
?GetAuthResponseCnt@CObexHeaders@@QAEIXZ
?GetAuthResponseLength@CObexHeaders@@QAEHPAEG@Z
?GetBTWVersionInfo@CBtIf@@SAHPADH@Z
?GetBinaryPtr@CObexClient@@AAEPAUtOBEX_HEADERS@@PAVCObexHeaders@@@Z
?GetBinaryPtr@CObexHeaders@@AAEPAUtOBEX_HEADERS@@XZ
?GetBinaryPtr@CObexServer@@AAEPAUtOBEX_HEADERS@@PAVCObexHeaders@@@Z
?GetBody@CObexHeaders@@QAEHPAEPAH@Z
?GetBodyLength@CObexHeaders@@QAEHPAI@Z
?GetByte@CObexUserDefined@@QAEHPAE@Z
?GetBytesSent@CPrintClient@@QAEIXZ
?GetBytesTotal@CPrintClient@@QAEIXZ
?GetCid@CL2CapConn@@QAEGXZ
?GetCnf@CObexServer@@QAE?AW4tOBEX_ERRORS@@W42@W4tOBEX_RESPONSE_CODE@@HPAVCObexHeaders@@@Z
?GetConnectionStats@CBtIf@@QAEHQAEPAUtBT_CONN_STATS@@@Z
?GetConnectionStats@CDunClient@@QAE?AW4DUN_RETURN_CODE@1@PAUtBT_CONN_STATS@@@Z
?GetConnectionStats@CL2CapConn@@QAEHPAUtBT_CONN_STATS@@@Z
?GetConnectionStats@CLapClient@@QAE?AW4LAP_RETURN_CODE@1@PAUtBT_CONN_STATS@@@Z
?GetConnectionStats@CRfCommPort@@QAE?AW4PORT_RETURN_CODE@1@PAUtBT_CONN_STATS@@@Z
?GetConnectionStats@CSppClient@@QAE?AW4SPP_CLIENT_RETURN_CODE@1@PAUtBT_CONN_STATS@@@Z
?GetConnectionStats@CSppServer@@QAE?AW4SPP_SERVER_RETURN_CODE@1@PAUtBT_CONN_STATS@@@Z
?GetCount@CObexHeaders@@QAEHPAI@Z
?GetDKVersionInfo@CBtIf@@SAHPADH@Z
?GetDLLVersion@CBtIf@@CAHPBDPAD@Z
?GetDescription@CObexHeaders@@QAEHPAG@Z
?GetDescriptionLength@CObexHeaders@@QAEHPAI@Z
?GetExtendedError@CBtIf@@QBE?AW4WBtRc@@XZ
?GetExtendedError@CDunClient@@QBE?AW4WBtRc@@XZ
?GetExtendedError@CFtpClient@@QBE?AW4WBtRc@@XZ
?GetExtendedError@CHeadphoneClient@@QBE?AW4WBtRc@@XZ
?GetExtendedError@CLapClient@@QBE?AW4WBtRc@@XZ
?GetExtendedError@COppClient@@QBE?AW4WBtRc@@XZ
?GetExtendedError@CSppClient@@QBE?AW4WBtRc@@XZ
?GetExtendedError@CSppServer@@QBE?AW4WBtRc@@XZ
?GetFile@CFtpClient@@QAE?AW4FTP_RETURN_CODE@1@PAG0@Z
?GetFourByte@CObexUserDefined@@QAEHPAI@Z
?GetHttp@CObexHeaders@@QAEHPAEG@Z
?GetHttpCnt@CObexHeaders@@QAEIXZ
?GetHttpLength@CObexHeaders@@QAEHPAIG@Z
?GetLastDiscoveryResult@CBtIf@@QAE?AW4DISCOVERY_RESULT@1@QAEPAG@Z
?GetLastError@CPrintClient@@QAE?AW4ePRINT_ERROR@1@PAPAD@Z
?GetLength@CObexHeaders@@QAEHPAI@Z
?GetLength@CObexUserDefined@@QAEGXZ
?GetLocalDeviceInfo@CBtIf@@QAEHXZ
?GetLocalDeviceName@CBtIf@@QAEHPAY0PI@E@Z
?GetLocalDeviceVersionInfo@CBtIf@@QAEHPAUDEV_VER_INFO@1@@Z
?GetLocalServiceName@CBtIf@@QAEHPADH@Z
?GetModemStatus@CRfCommPort@@QAE?AW4PORT_RETURN_CODE@1@PAE@Z
?GetName@CObexHeaders@@QAEHPAG@Z
?GetNameLength@CObexHeaders@@QAEHPAI@Z
?GetNextLocalServiceName@CBtIf@@QAEHPADH@Z
?GetNextRemoteDeviceInfo@CBtIf@@QAE?AW4REM_DEV_INFO_RETURN_CODE@1@PAUREM_DEV_INFO@1@@Z
?GetObjectClass@CObexHeaders@@QAEHPAE@Z
?GetObjectClassLength@CObexHeaders@@QAEHPAI@Z
?GetOctets@CObexUserDefined@@QAEHPAE@Z
?GetPsm@CL2CapIf@@QAEGXZ
?GetRemoteBDAddr@CObexServer@@QAEXPAE@Z
?GetRemoteDeviceInfo@CBtIf@@QAE?AW4REM_DEV_INFO_RETURN_CODE@1@QAEPAUREM_DEV_INFO@1@@Z
?GetRemoteDeviceName@CBtIf@@AAEHQAEPAY0PI@EPAY02E@Z
?GetRemoteDeviceVersionInfo@CBtIf@@QAEHQAEPAUDEV_VER_INFO@1@@Z
?GetRfcHandle@CObexClient@@QAEGXZ
?GetScn@CRfCommIf@@QAEEXZ
?GetState@CPrintClient@@QAE?AW4ePRINT_STATE@1@XZ
?GetTarget@CObexHeaders@@QAEHPAEG@Z
?GetTargetCnt@CObexHeaders@@QAEIXZ
?GetTargetLength@CObexHeaders@@QAEHPAIG@Z
?GetText@CObexUserDefined@@QAEHPAG@Z
?GetTime@CObexHeaders@@QAEHPAD@Z
?GetType@CObexHeaders@@QAEHPAE@Z
?GetTypeLength@CObexHeaders@@QAEHPAI@Z
?GetUserDefined@CObexHeaders@@QAEHPAVCObexUserDefined@@G@Z
?GetUserDefinedCnt@CObexHeaders@@QAEIXZ
?GetUserDefinedLength@CObexHeaders@@QAEHPAGG@Z
?GetUserType@CObexUserDefined@@QAEEPAE@Z
?GetWho@CObexHeaders@@QAEHPAE@Z
?GetWhoLength@CObexHeaders@@QAEHPAI@Z
?IsClientEnabled@CBtIf@@QAEHI@Z
?IsConnected@CRfCommPort@@QAEHPAY05E@Z
?IsDeviceReady@CBtIf@@QAEHXZ
?IsRemoteDeviceConnected@CBtIf@@QAEHQAE@Z
?IsRemoteDevicePresent@CBtIf@@QAE?AW4SDK_RETURN_CODE@@QAE@Z
?IsStackServerUp@CBtIf@@QAEHXZ
?Listen@CL2CapConn@@QAEHPAVCL2CapIf@@@Z
?MakePublicBrowseable@CSdpService@@QAE?AW4SDP_RETURN_CODE@@XZ
?OnAbort@CObexClient@@UAEXPAVCObexHeaders@@W4tOBEX_ERRORS@@W4tOBEX_RESPONSE_CODE@@@Z
?OnAbortResponse@CFtpClient@@UAEXW4FTP_RESULT_CODE@1@@Z
?OnAbortResponse@COppClient@@UAEXW4OPP_RESULT_CODE@1@@Z
?OnAudioConnected@CBtIf@@UAEXG@Z
?OnAudioConnected@CL2CapConn@@UAEXG@Z
?OnAudioConnected@CObexClient@@UAEXG@Z
?OnAudioConnected@CObexServer@@UAEXG@Z
?OnAudioConnected@CRfCommPort@@UAEXG@Z
?OnAudioDisconnect@CBtIf@@UAEXG@Z
?OnAudioDisconnect@CL2CapConn@@UAEXG@Z
?OnAudioDisconnect@CObexClient@@UAEXG@Z
?OnAudioDisconnect@CObexServer@@UAEXG@Z
?OnAudioDisconnect@CRfCommPort@@UAEXG@Z
?OnChangeFolderResponse@CFtpClient@@UAEXW4FTP_RESULT_CODE@1@W4FtpFolder@1@PAG@Z
?OnCloseResponse@CFtpClient@@UAEXW4FTP_RESULT_CODE@1@@Z
?OnCongestionStatus@CL2CapConn@@UAEXH@Z
?OnConnectPendingReceived@CL2CapConn@@UAEXXZ
?OnConnected@CL2CapConn@@UAEXXZ
?OnCreateResponse@CFtpClient@@UAEXW4FTP_RESULT_CODE@1@PAG@Z
?OnDataReceived@CL2CapConn@@UAEXPAXG@Z
?OnDataReceived@CRfCommPort@@UAEXPAXG@Z
?OnDeleteResponse@CFtpClient@@UAEXW4FTP_RESULT_CODE@1@PAG@Z
?OnDeviceResponded@CBtIf@@UAEXQAE00H@Z
?OnDiscoveryComplete@CBtIf@@UAEXGJ@Z
?OnDiscoveryComplete@CBtIf@@UAEXXZ
?OnEventReceived@CRfCommPort@@UAEXI@Z
?OnExchangeResponse@COppClient@@UAEXW4OPP_RESULT_CODE@1@QAEPAG@Z
?OnExchangeResponse@COppClient@@UAEXW4OPP_RESULT_CODE@1@QAEPAGW4OPP_TRANSACTION_CODE@1@@Z
?OnFlowEnabled@CRfCommPort@@UAEXH@Z
?OnFolderListingResponse@CFtpClient@@UAEXW4FTP_RESULT_CODE@1@PAUtFTP_FILE_ENTRY@@J@Z
?OnGet@CObexClient@@UAEXPAVCObexHeaders@@W4tOBEX_ERRORS@@HW4tOBEX_RESPONSE_CODE@@@Z
?OnGetResponse@CFtpClient@@UAEXW4FTP_RESULT_CODE@1@PAG@Z
?OnIncomingConnection@CL2CapConn@@UAEXXZ
?OnInquiryComplete@CBtIf@@UAEXHF@Z
?OnOpenResponse@CFtpClient@@UAEXW4FTP_RESULT_CODE@1@@Z
?OnProgress@CFtpClient@@UAEXW4FTP_RESULT_CODE@1@PAGJJ@Z
?OnProgress@COppClient@@UAEXW4OPP_RESULT_CODE@1@QAEPAGJJ@Z
?OnPullResponse@COppClient@@UAEXW4OPP_RESULT_CODE@1@QAEPAG@Z
?OnPushResponse@COppClient@@UAEXW4OPP_RESULT_CODE@1@QAEPAG@Z
?OnPut@CObexClient@@UAEXPAVCObexHeaders@@W4tOBEX_ERRORS@@W4tOBEX_RESPONSE_CODE@@@Z
?OnPutResponse@CFtpClient@@UAEXW4FTP_RESULT_CODE@1@PAG@Z
?OnRemoteDisconnected@CL2CapConn@@UAEXG@Z
?OnSetPath@CObexClient@@UAEXPAVCObexHeaders@@W4tOBEX_ERRORS@@W4tOBEX_RESPONSE_CODE@@@Z
?OnStackStatusChange@CBtIf@@UAEXW4STACK_STATUS@1@@Z
?OnStateChange@CPrintClient@@UAEXW4ePRINT_STATE@1@@Z
?OnXmlFolderListingResponse@CFtpClient@@UAEXW4FTP_RESULT_CODE@1@PAGJ@Z
?Open@CObexClient@@QAE?AW4tOBEX_ERRORS@@EQAEPAVCObexHeaders@@G@Z
?OpenClient@CRfCommPort@@QAE?AW4PORT_RETURN_CODE@1@EQAEG@Z
?OpenCnf@CObexServer@@QAE?AW4tOBEX_ERRORS@@W42@W4tOBEX_RESPONSE_CODE@@PAVCObexHeaders@@G@Z
?OpenConnection@CFtpClient@@QAE?AW4FTP_RETURN_CODE@1@QAEAAVCSdpDiscoveryRec@@@Z
?OpenServer@CRfCommPort@@QAE?AW4PORT_RETURN_CODE@1@EG@Z
?Parent@CFtpClient@@QAE?AW4FTP_RETURN_CODE@1@XZ
?Pull@COppClient@@QAE?AW4OPP_RETURN_CODE@1@QAEPAGAAVCSdpDiscoveryRec@@@Z
?Purge@CRfCommPort@@QAE?AW4PORT_RETURN_CODE@1@E@Z
?Push@COppClient@@QAE?AW4OPP_RETURN_CODE@1@QAEPAGAAVCSdpDiscoveryRec@@@Z
?Put@CObexClient@@QAE?AW4tOBEX_ERRORS@@PAVCObexHeaders@@H@Z
?PutCnf@CObexServer@@QAE?AW4tOBEX_ERRORS@@W42@W4tOBEX_RESPONSE_CODE@@PAVCObexHeaders@@@Z
?PutCreateCnf@CObexServer@@QAE?AW4tOBEX_ERRORS@@W42@W4tOBEX_RESPONSE_CODE@@PAVCObexHeaders@@@Z
?PutDeleteCnf@CObexServer@@QAE?AW4tOBEX_ERRORS@@W42@W4tOBEX_RESPONSE_CODE@@PAVCObexHeaders@@@Z
?PutFile@CFtpClient@@QAE?AW4FTP_RETURN_CODE@1@PAG@Z
?ReadCOMPortAssociation@CBtIf@@QAEHPAUtBT_REM_ASSOC_REC@@KPAK@Z
?ReadDiscoveryRecords@CBtIf@@QAEHQAEHPAVCSdpDiscoveryRec@@PAU_GUID@@@Z
?ReadEScoLinkData@CBtIf@@SA?AW4AUDIO_RETURN_CODE@@GPAUtBTM_ESCO_DATA@@@Z
?ReadEScoLinkData@CL2CapConn@@QAE?AW4AUDIO_RETURN_CODE@@GPAUtBTM_ESCO_DATA@@@Z
?ReadEScoLinkData@CObexClient@@QAE?AW4AUDIO_RETURN_CODE@@GPAUtBTM_ESCO_DATA@@@Z
?ReadEScoLinkData@CObexServer@@QAE?AW4AUDIO_RETURN_CODE@@GPAUtBTM_ESCO_DATA@@@Z
?ReadEScoLinkData@CRfCommPort@@QAE?AW4AUDIO_RETURN_CODE@@GPAUtBTM_ESCO_DATA@@@Z
?ReadLinkMode@CBtIf@@SAHQAEPAE@Z
?Reconfigure@CL2CapConn@@QAEHPAUtL2CAP_CONFIG_INFO@@@Z
?RegForEScoEvts@CBtIf@@SA?AW4AUDIO_RETURN_CODE@@GP6AXEPATtBTM_ESCO_EVT_DATA@@@Z@Z
?RegForEScoEvts@CL2CapConn@@QAE?AW4AUDIO_RETURN_CODE@@GP6AXEPATtBTM_ESCO_EVT_DATA@@@Z@Z
?RegForEScoEvts@CObexClient@@QAE?AW4AUDIO_RETURN_CODE@@GP6AXEPATtBTM_ESCO_EVT_DATA@@@Z@Z
?RegForEScoEvts@CObexServer@@QAE?AW4AUDIO_RETURN_CODE@@GP6AXEPATtBTM_ESCO_EVT_DATA@@@Z@Z
?RegForEScoEvts@CRfCommPort@@QAE?AW4AUDIO_RETURN_CODE@@GP6AXEPATtBTM_ESCO_EVT_DATA@@@Z@Z
?Register@CL2CapIf@@QAEHXZ
?Register@CObexServer@@QAE?AW4tOBEX_ERRORS@@EPAE@Z
?RegisterBinaryTarget@CObexServer@@QAE?AW4tOBEX_ERRORS@@EPAEG@Z
?RegisterForLinkStatusChanges@CBtIf@@QAEHP6AXQAEH@Z0@Z
?Reject@CL2CapConn@@QAEHG@Z
?RemoveAudioConnection@CBtIf@@SA?AW4AUDIO_RETURN_CODE@@G@Z
?RemoveAudioConnection@CL2CapConn@@QAE?AW4AUDIO_RETURN_CODE@@G@Z
?RemoveAudioConnection@CObexClient@@QAE?AW4AUDIO_RETURN_CODE@@G@Z
?RemoveAudioConnection@CObexServer@@QAE?AW4AUDIO_RETURN_CODE@@G@Z
?RemoveAudioConnection@CRfCommPort@@QAE?AW4AUDIO_RETURN_CODE@@G@Z
?RemoveCOMPortAssociation@CBtIf@@QAEHG@Z
?RemoveConnection@CDunClient@@QAE?AW4DUN_RETURN_CODE@1@XZ
?RemoveConnection@CLapClient@@QAE?AW4LAP_RETURN_CODE@1@XZ
?RemoveConnection@CSppClient@@QAE?AW4SPP_CLIENT_RETURN_CODE@1@XZ
?RemoveConnection@CSppServer@@QAE?AW4SPP_SERVER_RETURN_CODE@1@XZ
?Remove_Printer@CBtIf@@QAEHQAE@Z
?RestoreSecurity@CDunClient@@AAEXXZ
?RestoreSecurity@CFtpClient@@AAEXXZ
?RestoreSecurity@CLapClient@@AAEXXZ
?RestoreSecurity@COppClient@@AAEXXZ
?Root@CFtpClient@@QAE?AW4FTP_RETURN_CODE@1@XZ
?SaveSecurity@CDunClient@@AAEXXZ
?SaveSecurity@CFtpClient@@AAEXXZ
?SaveSecurity@CLapClient@@AAEXXZ
?SaveSecurity@COppClient@@AAEXXZ
?SendError@CRfCommPort@@QAE?AW4PORT_RETURN_CODE@1@E@Z
?SendVendorSpecific_HCICMD@CBtIf@@QAE?AW4SENDVENDOR_HCICMD_RETURN_CODE@1@GPAEE0E@Z
?SetAvailability@CSdpService@@QAE?AW4SDP_RETURN_CODE@@E@Z
?SetBody@CObexHeaders@@QAEHPAEIH@Z
?SetCount@CObexHeaders@@QAEXI@Z
?SetDefaults@CObexHeaders@@AAEXPAUtOBEX_HEADERS@@@Z
?SetDescription@CObexHeaders@@QAEHPAG@Z
?SetEScoMode@CBtIf@@SA?AW4AUDIO_RETURN_CODE@@EPAUtBTM_ESCO_PARAMS@@@Z
?SetEScoMode@CL2CapConn@@QAE?AW4AUDIO_RETURN_CODE@@EPAUtBTM_ESCO_PARAMS@@@Z
?SetEScoMode@CObexClient@@QAE?AW4AUDIO_RETURN_CODE@@EPAUtBTM_ESCO_PARAMS@@@Z
?SetEScoMode@CObexServer@@QAE?AW4AUDIO_RETURN_CODE@@EPAUtBTM_ESCO_PARAMS@@@Z
?SetEScoMode@CRfCommPort@@QAE?AW4AUDIO_RETURN_CODE@@EPAUtBTM_ESCO_PARAMS@@@Z
?SetExtendedError@CBtIf@@QAEXW4WBtRc@@@Z
?SetExtendedError@CDunClient@@QAEXW4WBtRc@@@Z
?SetExtendedError@CFtpClient@@QAEXW4WBtRc@@@Z
?SetExtendedError@CHeadphoneClient@@QAEXW4WBtRc@@@Z
?SetExtendedError@CLapClient@@QAEXW4WBtRc@@@Z
?SetExtendedError@COppClient@@QAEXW4WBtRc@@@Z
?SetExtendedError@CSppClient@@QAEXW4WBtRc@@@Z
?SetExtendedError@CSppServer@@QAEXW4WBtRc@@@Z
?SetFlag@CObexHeaders@@AAEXI@Z
?SetFlowEnabled@CRfCommPort@@QAE?AW4PORT_RETURN_CODE@1@H@Z
?SetHeader@CObexUserDefined@@QAEHEE@Z
?SetHeader@CObexUserDefined@@QAEHEI@Z
?SetHeader@CObexUserDefined@@QAEHEPAEG@Z
?SetHeader@CObexUserDefined@@QAEHEPAG@Z
?SetIdle@CL2CapConn@@AAEXXZ
?SetLength@CObexHeaders@@QAEXI@Z
?SetLinkSupervisionTimeOut@CBtIf@@SAHQAEG@Z
?SetLinkSupervisionTimeOut@CL2CapConn@@QAEHG@Z
?SetLinkSupervisionTimeOut@CObexClient@@QAE?AW4tOBEX_ERRORS@@G@Z
?SetLinkSupervisionTimeOut@CObexServer@@QAE?AW4tOBEX_ERRORS@@G@Z
?SetLinkSupervisionTimeOut@CRfCommPort@@QAE?AW4PORT_RETURN_CODE@1@G@Z
?SetLocalDeviceName@CBtIf@@QAEHQAE@Z
?SetModemSignal@CRfCommPort@@QAE?AW4PORT_RETURN_CODE@1@E@Z
?SetName@CObexHeaders@@QAEHPAG@Z
?SetObjectClass@CObexHeaders@@QAEHPAEI@Z
?SetOnDeviceStatusCallback@CBtIf@@IAEXXZ
?SetPath@CObexClient@@QAE?AW4tOBEX_ERRORS@@PAVCObexHeaders@@HH@Z
?SetPathCnf@CObexServer@@QAE?AW4tOBEX_ERRORS@@W42@W4tOBEX_RESPONSE_CODE@@PAVCObexHeaders@@@Z
?SetSecurity@CDunClient@@QAEXHH@Z
?SetSecurity@CFtpClient@@QAEXHH@Z
?SetSecurity@CLapClient@@QAEXHH@Z
?SetSecurity@COppClient@@QAEXHH@Z
?SetSecurityLevel@CL2CapIf@@QAEHPADEH@Z
?SetSecurityLevel@CObexClient@@QAEHEPADEPAU_GUID@@@Z
?SetSecurityLevel@CRfCommIf@@QAEHPADEH@Z
?SetSniffMode@CBtIf@@SAHQAE@Z
?SetTime@CObexHeaders@@QAEHPAD@Z
?SetType@CObexHeaders@@QAEHPAEI@Z
?SetWho@CObexHeaders@@QAEHPAEI@Z
?SetWriteTimeOut@CObexClient@@QAE?AW4tOBEX_ERRORS@@G@Z
?SppLocalServices@CSppServer@@AAEXPAUSPP_LOCAL_SERVICE@1@FPAF@Z
?Start@CPrintClient@@QAE?AW4ePRINT_ERROR@1@QAEW4ePRINT_PROFILE@1@PBDPAUBTPRINTSTRUCT@@@Z
?StartDiscovery@CBtIf@@QAEHQAEPAU_GUID@@@Z
?StartInquiry@CBtIf@@QAEHXZ
?StopInquiry@CBtIf@@QAEXXZ
?SwitchRole@CBtIf@@SAHQAEW4MASTER_SLAVE_ROLE@@@Z
?SwitchRole@CL2CapConn@@QAEHW4MASTER_SLAVE_ROLE@@@Z
?SwitchRole@CObexServer@@QAEHW4MASTER_SLAVE_ROLE@@@Z
?SwitchRole@CRfCommPort@@QAEHW4MASTER_SLAVE_ROLE@@@Z
?TestFlag@CObexHeaders@@AAEHI@Z
?UnBond@CBtIf@@QAEHQAE@Z
?Unregister@CObexServer@@QAE?AW4tOBEX_ERRORS@@XZ
?WIDCOMMSDK_Init@@YAXXZ
?WIDCOMMSDK_ShutDown@@YAXXZ
?Write@CL2CapConn@@QAEHPAXGPAG@Z
?Write@CRfCommPort@@QAE?AW4PORT_RETURN_CODE@1@PAXGPAG@Z
?guid_SERVCLASS_BPP_PRINTING@CBtIf@@2U_GUID@@B
?guid_SERVCLASS_BROWSE_GROUP_DESCRIPTOR@CBtIf@@2U_GUID@@B
?guid_SERVCLASS_CORDLESS_TELEPHONY@CBtIf@@2U_GUID@@B
?guid_SERVCLASS_DIALUP_NETWORKING@CBtIf@@2U_GUID@@B
?guid_SERVCLASS_FAX@CBtIf@@2U_GUID@@B
?guid_SERVCLASS_GENERIC_AUDIO@CBtIf@@2U_GUID@@B
?guid_SERVCLASS_GENERIC_FILETRANSFER@CBtIf@@2U_GUID@@B
?guid_SERVCLASS_GENERIC_NETWORKING@CBtIf@@2U_GUID@@B
?guid_SERVCLASS_GENERIC_TELEPHONY@CBtIf@@2U_GUID@@B
?guid_SERVCLASS_GN@CBtIf@@2U_GUID@@B
?guid_SERVCLASS_HCRP_PRINTING@CBtIf@@2U_GUID@@B
?guid_SERVCLASS_HEADSET@CBtIf@@2U_GUID@@B
?guid_SERVCLASS_HEADSET_AUDIO_GATEWAY@CBtIf@@2U_GUID@@B
?guid_SERVCLASS_HUMAN_INTERFACE@CBtIf@@2U_GUID@@B
?guid_SERVCLASS_INTERCOM@CBtIf@@2U_GUID@@B
?guid_SERVCLASS_IRMC_SYNC@CBtIf@@2U_GUID@@B
?guid_SERVCLASS_IRMC_SYNC_COMMAND@CBtIf@@2U_GUID@@B
?guid_SERVCLASS_LAN_ACCESS_USING_PPP@CBtIf@@2U_GUID@@B
?guid_SERVCLASS_NAP@CBtIf@@2U_GUID@@B
?guid_SERVCLASS_OBEX_FILE_TRANSFER@CBtIf@@2U_GUID@@B
?guid_SERVCLASS_OBEX_OBJECT_PUSH@CBtIf@@2U_GUID@@B
?guid_SERVCLASS_PANU@CBtIf@@2U_GUID@@B
?guid_SERVCLASS_PNP_INFORMATION@CBtIf@@2U_GUID@@B
?guid_SERVCLASS_PUBLIC_BROWSE_GROUP@CBtIf@@2U_GUID@@B
?guid_SERVCLASS_SERIAL_PORT@CBtIf@@2U_GUID@@B
?guid_SERVCLASS_SERVICE_DISCOVERY_SERVER@CBtIf@@2U_GUID@@B
?guid_SERVCLASS_SPP_PRINTING@CBtIf@@2U_GUID@@B
?m_p_first_client@CObexClient@@0PAV1@A
?m_p_first_conn@CL2CapConn@@0PAV1@A
?m_p_first_port@CRfCommPort@@0PAV1@A
?m_p_first_server@CObexServer@@0PAV1@A
?pIp@CPrintClient@@2PAVCPrintInternal@@A
?serviceAvailable@CSppServer@@AAEHPBD@Z
sdk_close
sdk_init

Sections

.text
Size: 400KB - Virtual size: 398KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 525KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
_1D32479D6DC841308C870E9C546501A3
.exe windows:5 windows x86 arch:x86

e5f18214bf0610282336218551760e32

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:05:76:74:00:00:00:00:00:2d
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Not Before

18/10/2002, 19:02

Not After

18/12/2003, 19:12

Subject

CN=Microsoft Windows 2000 Publisher,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:9d:aa:11:d3:30:a8:95:60:ac:fa
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

01/07/1999, 07:00

Not After

15/10/2005, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

8b:af:51:cb:93:46:d0:03:b6:32:44:c0:4e:ae:11:4e:23:d8:e6:6e
Signer

Actual PE Digest

8b:af:51:cb:93:46:d0:03:b6:32:44:c0:4e:ae:11:4e:23:d8:e6:6e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

kernel32

SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
CreateFileA
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
FreeLibrary
WriteFile
ExitProcess
DeleteCriticalSection
FlushFileBuffers
GetVersionExA
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
CreateDirectoryA
FindClose
FindNextFileA
FindFirstFileA
Sleep
SetFileAttributesA
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceA
QueryDosDeviceA
GetDriveTypeA
GetCurrentDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetExitCodeProcess
CreateProcessA
GetFileSize
CreateThread
CreateEventA
GetProcessHeap
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
TerminateProcess
SetEvent
EnterCriticalSection
MoveFileExA
GetLastError
RemoveDirectoryA
LeaveCriticalSection
FormatMessageA
CloseHandle
HeapFree
GetTempFileNameA
DeleteFileA
SetFilePointer
CopyFileA
ReadFile

msvcrt

_strlwr
strstr
sprintf
_stricmp
strncpy
strchr
strrchr

advapi32

CryptGenRandom
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
GetLengthSid
InitiateSystemShutdownA
CryptAcquireContextA
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor
CryptReleaseContext

user32

ShowWindow
SendDlgItemMessageA
LoadStringA
EndDialog
SetParent
MessageBoxA
DialogBoxParamA
SendMessageA

ntdll

NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose
NtShutdownSystem

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 286KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_1E78FF413CD34DED80E3AF9DC1216D61
.exe windows:5 windows x86 arch:x86

75aea3270c51c17eeeea7d97d2e8a47e

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:9d:aa:11:d3:30:a8:95:60:ac:fa
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

01/07/1999, 07:00

Not After

15/10/2005, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:0e:3b:71:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Not Before

29/05/2002, 19:32

Not After

29/07/2003, 19:42

Subject

CN=Microsoft Windows XP Publisher,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

msvcrt

strchr
sprintf
strstr
_strlwr
strncpy

advapi32

OpenProcessToken
InitializeSecurityDescriptor
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
CryptAcquireContextA
InitiateSystemShutdownA
GetLengthSid
GetTokenInformation
AllocateAndInitializeSid
CryptReleaseContext
CryptGenRandom

kernel32

CreateEventA
GetProcessHeap
GetVersionExA
ReadFile
SetFilePointer
HeapFree
CloseHandle
FormatMessageA
LeaveCriticalSection
RemoveDirectoryA
GetLastError
DeleteFileA
MoveFileExA
EnterCriticalSection
TerminateProcess
SetEvent
Sleep
SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
CreateFileA
WriteFile
ExitProcess
DeleteCriticalSection
FreeLibrary
FlushFileBuffers
GetSystemDirectoryA
CreateThread
GetProcAddress
LoadLibraryA
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
CreateDirectoryA
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceA
QueryDosDeviceA
GetDriveTypeA
GetCurrentDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetExitCodeProcess
CreateProcessA
InitializeCriticalSectionAndSpinCount

user32

DialogBoxParamA
LoadStringA
EndDialog
SetParent
MessageBoxA
SendMessageA
SendDlgItemMessageA
ShowWindow

ntdll

NtShutdownSystem
NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 243KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_2108A321A5A841048871D0CDD1CBF802
.exe windows:5 windows x86 arch:x86

75aea3270c51c17eeeea7d97d2e8a47e

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:9d:aa:11:d3:30:a8:95:60:ac:fa
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

01/07/1999, 07:00

Not After

15/10/2005, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:0e:3b:71:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Not Before

29/05/2002, 19:32

Not After

29/07/2003, 19:42

Subject

CN=Microsoft Windows XP Publisher,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

msvcrt

strchr
sprintf
strstr
_strlwr
strncpy

advapi32

OpenProcessToken
InitializeSecurityDescriptor
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
CryptAcquireContextA
InitiateSystemShutdownA
GetLengthSid
GetTokenInformation
AllocateAndInitializeSid
CryptReleaseContext
CryptGenRandom

kernel32

CreateEventA
GetProcessHeap
GetVersionExA
ReadFile
SetFilePointer
HeapFree
CloseHandle
FormatMessageA
LeaveCriticalSection
RemoveDirectoryA
GetLastError
DeleteFileA
MoveFileExA
EnterCriticalSection
TerminateProcess
SetEvent
Sleep
SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
CreateFileA
WriteFile
ExitProcess
DeleteCriticalSection
FreeLibrary
FlushFileBuffers
GetSystemDirectoryA
CreateThread
GetProcAddress
LoadLibraryA
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
CreateDirectoryA
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceA
QueryDosDeviceA
GetDriveTypeA
GetCurrentDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetExitCodeProcess
CreateProcessA
InitializeCriticalSectionAndSpinCount

user32

DialogBoxParamA
LoadStringA
EndDialog
SetParent
MessageBoxA
SendMessageA
SendDlgItemMessageA
ShowWindow

ntdll

NtShutdownSystem
NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 242KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_2C65E47AAE7C4577A773658B742C6BDE
.exe windows:5 windows x86 arch:x86

e5f18214bf0610282336218551760e32

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:05:76:74:00:00:00:00:00:2d
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Not Before

18/10/2002, 19:02

Not After

18/12/2003, 19:12

Subject

CN=Microsoft Windows 2000 Publisher,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:9d:aa:11:d3:30:a8:95:60:ac:fa
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

01/07/1999, 07:00

Not After

15/10/2005, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

b3:02:c7:3a:ee:a0:96:62:0e:9b:93:d2:48:dd:d8:40:68:e1:d7:d1
Signer

Actual PE Digest

b3:02:c7:3a:ee:a0:96:62:0e:9b:93:d2:48:dd:d8:40:68:e1:d7:d1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

kernel32

SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
CreateFileA
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
FreeLibrary
WriteFile
ExitProcess
DeleteCriticalSection
FlushFileBuffers
GetVersionExA
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
CreateDirectoryA
FindClose
FindNextFileA
FindFirstFileA
Sleep
SetFileAttributesA
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceA
QueryDosDeviceA
GetDriveTypeA
GetCurrentDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetExitCodeProcess
CreateProcessA
GetFileSize
CreateThread
CreateEventA
GetProcessHeap
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
TerminateProcess
SetEvent
EnterCriticalSection
MoveFileExA
GetLastError
RemoveDirectoryA
LeaveCriticalSection
FormatMessageA
CloseHandle
HeapFree
GetTempFileNameA
DeleteFileA
SetFilePointer
CopyFileA
ReadFile

msvcrt

_strlwr
strstr
sprintf
_stricmp
strncpy
strchr
strrchr

advapi32

CryptGenRandom
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
GetLengthSid
InitiateSystemShutdownA
CryptAcquireContextA
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor
CryptReleaseContext

user32

ShowWindow
SendDlgItemMessageA
LoadStringA
EndDialog
SetParent
MessageBoxA
DialogBoxParamA
SendMessageA

ntdll

NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose
NtShutdownSystem

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 286KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_32D44011AA344A42B5DC2EE702C6A589
.exe windows:5 windows x86 arch:x86

75aea3270c51c17eeeea7d97d2e8a47e

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:9d:aa:11:d3:30:a8:95:60:ac:fa
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

01/07/1999, 07:00

Not After

15/10/2005, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:0e:3b:71:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Not Before

29/05/2002, 19:32

Not After

29/07/2003, 19:42

Subject

CN=Microsoft Windows XP Publisher,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

msvcrt

strchr
sprintf
strstr
_strlwr
strncpy

advapi32

OpenProcessToken
InitializeSecurityDescriptor
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
CryptAcquireContextA
InitiateSystemShutdownA
GetLengthSid
GetTokenInformation
AllocateAndInitializeSid
CryptReleaseContext
CryptGenRandom

kernel32

CreateEventA
GetProcessHeap
GetVersionExA
ReadFile
SetFilePointer
HeapFree
CloseHandle
FormatMessageA
LeaveCriticalSection
RemoveDirectoryA
GetLastError
DeleteFileA
MoveFileExA
EnterCriticalSection
TerminateProcess
SetEvent
Sleep
SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
CreateFileA
WriteFile
ExitProcess
DeleteCriticalSection
FreeLibrary
FlushFileBuffers
GetSystemDirectoryA
CreateThread
GetProcAddress
LoadLibraryA
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
CreateDirectoryA
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceA
QueryDosDeviceA
GetDriveTypeA
GetCurrentDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetExitCodeProcess
CreateProcessA
InitializeCriticalSectionAndSpinCount

user32

DialogBoxParamA
LoadStringA
EndDialog
SetParent
MessageBoxA
SendMessageA
SendDlgItemMessageA
ShowWindow

ntdll

NtShutdownSystem
NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 242KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_3378CA38732D4E39A8D23475BABA816B
.exe windows:5 windows x86 arch:x86

e5f18214bf0610282336218551760e32

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:05:76:74:00:00:00:00:00:2d
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Not Before

18/10/2002, 19:02

Not After

18/12/2003, 19:12

Subject

CN=Microsoft Windows 2000 Publisher,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:9d:aa:11:d3:30:a8:95:60:ac:fa
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

01/07/1999, 07:00

Not After

15/10/2005, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

aa:73:6c:20:ae:a7:32:ba:62:cf:a6:bf:03:33:64:0c:52:49:ac:10
Signer

Actual PE Digest

aa:73:6c:20:ae:a7:32:ba:62:cf:a6:bf:03:33:64:0c:52:49:ac:10

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

kernel32

SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
CreateFileA
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
FreeLibrary
WriteFile
ExitProcess
DeleteCriticalSection
FlushFileBuffers
GetVersionExA
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
CreateDirectoryA
FindClose
FindNextFileA
FindFirstFileA
Sleep
SetFileAttributesA
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceA
QueryDosDeviceA
GetDriveTypeA
GetCurrentDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetExitCodeProcess
CreateProcessA
GetFileSize
CreateThread
CreateEventA
GetProcessHeap
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
TerminateProcess
SetEvent
EnterCriticalSection
MoveFileExA
GetLastError
RemoveDirectoryA
LeaveCriticalSection
FormatMessageA
CloseHandle
HeapFree
GetTempFileNameA
DeleteFileA
SetFilePointer
CopyFileA
ReadFile

msvcrt

_strlwr
strstr
sprintf
_stricmp
strncpy
strchr
strrchr

advapi32

CryptGenRandom
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
GetLengthSid
InitiateSystemShutdownA
CryptAcquireContextA
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor
CryptReleaseContext

user32

ShowWindow
SendDlgItemMessageA
LoadStringA
EndDialog
SetParent
MessageBoxA
DialogBoxParamA
SendMessageA

ntdll

NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose
NtShutdownSystem

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 287KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_33814FE4300E4DD29406A818CE37CE7F
.exe windows:5 windows x86 arch:x86

75aea3270c51c17eeeea7d97d2e8a47e

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:9d:aa:11:d3:30:a8:95:60:ac:fa
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

01/07/1999, 07:00

Not After

15/10/2005, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:0e:3b:71:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Not Before

29/05/2002, 19:32

Not After

29/07/2003, 19:42

Subject

CN=Microsoft Windows XP Publisher,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

msvcrt

strchr
sprintf
strstr
_strlwr
strncpy

advapi32

OpenProcessToken
InitializeSecurityDescriptor
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
CryptAcquireContextA
InitiateSystemShutdownA
GetLengthSid
GetTokenInformation
AllocateAndInitializeSid
CryptReleaseContext
CryptGenRandom

kernel32

CreateEventA
GetProcessHeap
GetVersionExA
ReadFile
SetFilePointer
HeapFree
CloseHandle
FormatMessageA
LeaveCriticalSection
RemoveDirectoryA
GetLastError
DeleteFileA
MoveFileExA
EnterCriticalSection
TerminateProcess
SetEvent
Sleep
SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
CreateFileA
WriteFile
ExitProcess
DeleteCriticalSection
FreeLibrary
FlushFileBuffers
GetSystemDirectoryA
CreateThread
GetProcAddress
LoadLibraryA
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
CreateDirectoryA
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceA
QueryDosDeviceA
GetDriveTypeA
GetCurrentDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetExitCodeProcess
CreateProcessA
InitializeCriticalSectionAndSpinCount

user32

DialogBoxParamA
LoadStringA
EndDialog
SetParent
MessageBoxA
SendMessageA
SendDlgItemMessageA
ShowWindow

ntdll

NtShutdownSystem
NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 240KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_3561B241352244D1BAE7DF752748097A
.exe windows:5 windows x86 arch:x86

75aea3270c51c17eeeea7d97d2e8a47e

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:9d:aa:11:d3:30:a8:95:60:ac:fa
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

01/07/1999, 07:00

Not After

15/10/2005, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:0e:3b:71:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Not Before

29/05/2002, 19:32

Not After

29/07/2003, 19:42

Subject

CN=Microsoft Windows XP Publisher,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

msvcrt

strchr
sprintf
strstr
_strlwr
strncpy

advapi32

OpenProcessToken
InitializeSecurityDescriptor
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
CryptAcquireContextA
InitiateSystemShutdownA
GetLengthSid
GetTokenInformation
AllocateAndInitializeSid
CryptReleaseContext
CryptGenRandom

kernel32

CreateEventA
GetProcessHeap
GetVersionExA
ReadFile
SetFilePointer
HeapFree
CloseHandle
FormatMessageA
LeaveCriticalSection
RemoveDirectoryA
GetLastError
DeleteFileA
MoveFileExA
EnterCriticalSection
TerminateProcess
SetEvent
Sleep
SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
CreateFileA
WriteFile
ExitProcess
DeleteCriticalSection
FreeLibrary
FlushFileBuffers
GetSystemDirectoryA
CreateThread
GetProcAddress
LoadLibraryA
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
CreateDirectoryA
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceA
QueryDosDeviceA
GetDriveTypeA
GetCurrentDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetExitCodeProcess
CreateProcessA
InitializeCriticalSectionAndSpinCount

user32

DialogBoxParamA
LoadStringA
EndDialog
SetParent
MessageBoxA
SendMessageA
SendDlgItemMessageA
ShowWindow

ntdll

NtShutdownSystem
NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 240KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_363D873761114B848D8E05A75D86F6D5
.exe windows:5 windows x86 arch:x86

e5f18214bf0610282336218551760e32

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:05:76:74:00:00:00:00:00:2d
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Not Before

18/10/2002, 19:02

Not After

18/12/2003, 19:12

Subject

CN=Microsoft Windows 2000 Publisher,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:9d:aa:11:d3:30:a8:95:60:ac:fa
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

01/07/1999, 07:00

Not After

15/10/2005, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

96:de:62:ea:56:ce:1d:9f:99:a1:e4:82:d9:bf:05:11:6f:e2:c1:02
Signer

Actual PE Digest

96:de:62:ea:56:ce:1d:9f:99:a1:e4:82:d9:bf:05:11:6f:e2:c1:02

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

kernel32

SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
CreateFileA
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
FreeLibrary
WriteFile
ExitProcess
DeleteCriticalSection
FlushFileBuffers
GetVersionExA
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
CreateDirectoryA
FindClose
FindNextFileA
FindFirstFileA
Sleep
SetFileAttributesA
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceA
QueryDosDeviceA
GetDriveTypeA
GetCurrentDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetExitCodeProcess
CreateProcessA
GetFileSize
CreateThread
CreateEventA
GetProcessHeap
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
TerminateProcess
SetEvent
EnterCriticalSection
MoveFileExA
GetLastError
RemoveDirectoryA
LeaveCriticalSection
FormatMessageA
CloseHandle
HeapFree
GetTempFileNameA
DeleteFileA
SetFilePointer
CopyFileA
ReadFile

msvcrt

_strlwr
strstr
sprintf
_stricmp
strncpy
strchr
strrchr

advapi32

CryptGenRandom
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
GetLengthSid
InitiateSystemShutdownA
CryptAcquireContextA
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor
CryptReleaseContext

user32

ShowWindow
SendDlgItemMessageA
LoadStringA
EndDialog
SetParent
MessageBoxA
DialogBoxParamA
SendMessageA

ntdll

NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose
NtShutdownSystem

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 287KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_3BCE9D25249E46EA9172689D2F0F2A48
.exe windows:5 windows x86 arch:x86

e5f18214bf0610282336218551760e32

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:05:76:74:00:00:00:00:00:2d
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Not Before

18/10/2002, 19:02

Not After

18/12/2003, 19:12

Subject

CN=Microsoft Windows 2000 Publisher,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:9d:aa:11:d3:30:a8:95:60:ac:fa
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

01/07/1999, 07:00

Not After

15/10/2005, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

c4:4e:16:d7:92:8d:94:e5:15:26:6f:70:04:ab:08:cc:3e:e0:2c:91
Signer

Actual PE Digest

c4:4e:16:d7:92:8d:94:e5:15:26:6f:70:04:ab:08:cc:3e:e0:2c:91

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

kernel32

SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
CreateFileA
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
FreeLibrary
WriteFile
ExitProcess
DeleteCriticalSection
FlushFileBuffers
GetVersionExA
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
CreateDirectoryA
FindClose
FindNextFileA
FindFirstFileA
Sleep
SetFileAttributesA
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceA
QueryDosDeviceA
GetDriveTypeA
GetCurrentDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetExitCodeProcess
CreateProcessA
GetFileSize
CreateThread
CreateEventA
GetProcessHeap
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
TerminateProcess
SetEvent
EnterCriticalSection
MoveFileExA
GetLastError
RemoveDirectoryA
LeaveCriticalSection
FormatMessageA
CloseHandle
HeapFree
GetTempFileNameA
DeleteFileA
SetFilePointer
CopyFileA
ReadFile

msvcrt

_strlwr
strstr
sprintf
_stricmp
strncpy
strchr
strrchr

advapi32

CryptGenRandom
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
GetLengthSid
InitiateSystemShutdownA
CryptAcquireContextA
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor
CryptReleaseContext

user32

ShowWindow
SendDlgItemMessageA
LoadStringA
EndDialog
SetParent
MessageBoxA
DialogBoxParamA
SendMessageA

ntdll

NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose
NtShutdownSystem

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 284KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_5BE005C557584CAB8347E939F3570362
.exe windows:5 windows x86 arch:x86

e5f18214bf0610282336218551760e32

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:05:76:74:00:00:00:00:00:2d
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Not Before

18/10/2002, 19:02

Not After

18/12/2003, 19:12

Subject

CN=Microsoft Windows 2000 Publisher,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:9d:aa:11:d3:30:a8:95:60:ac:fa
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

01/07/1999, 07:00

Not After

15/10/2005, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

68:d7:89:ae:44:67:c2:0b:8e:34:93:a4:49:66:9b:ee:cf:77:be:26
Signer

Actual PE Digest

68:d7:89:ae:44:67:c2:0b:8e:34:93:a4:49:66:9b:ee:cf:77:be:26

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

kernel32

SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
CreateFileA
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
FreeLibrary
WriteFile
ExitProcess
DeleteCriticalSection
FlushFileBuffers
GetVersionExA
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
CreateDirectoryA
FindClose
FindNextFileA
FindFirstFileA
Sleep
SetFileAttributesA
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceA
QueryDosDeviceA
GetDriveTypeA
GetCurrentDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetExitCodeProcess
CreateProcessA
GetFileSize
CreateThread
CreateEventA
GetProcessHeap
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
TerminateProcess
SetEvent
EnterCriticalSection
MoveFileExA
GetLastError
RemoveDirectoryA
LeaveCriticalSection
FormatMessageA
CloseHandle
HeapFree
GetTempFileNameA
DeleteFileA
SetFilePointer
CopyFileA
ReadFile

msvcrt

_strlwr
strstr
sprintf
_stricmp
strncpy
strchr
strrchr

advapi32

CryptGenRandom
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
GetLengthSid
InitiateSystemShutdownA
CryptAcquireContextA
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor
CryptReleaseContext

user32

ShowWindow
SendDlgItemMessageA
LoadStringA
EndDialog
SetParent
MessageBoxA
DialogBoxParamA
SendMessageA

ntdll

NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose
NtShutdownSystem

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 285KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_5E2800E0B56A49EBA1C1F611681FD574
.exe windows:5 windows x86 arch:x86

e5f18214bf0610282336218551760e32

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:05:76:74:00:00:00:00:00:2d
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Not Before

18/10/2002, 19:02

Not After

18/12/2003, 19:12

Subject

CN=Microsoft Windows 2000 Publisher,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:9d:aa:11:d3:30:a8:95:60:ac:fa
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

01/07/1999, 07:00

Not After

15/10/2005, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

0b:3f:ba:34:10:c6:85:27:64:a5:fd:1f:05:4c:2a:6d:97:9a:cd:de
Signer

Actual PE Digest

0b:3f:ba:34:10:c6:85:27:64:a5:fd:1f:05:4c:2a:6d:97:9a:cd:de

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

kernel32

SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
CreateFileA
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
FreeLibrary
WriteFile
ExitProcess
DeleteCriticalSection
FlushFileBuffers
GetVersionExA
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
CreateDirectoryA
FindClose
FindNextFileA
FindFirstFileA
Sleep
SetFileAttributesA
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceA
QueryDosDeviceA
GetDriveTypeA
GetCurrentDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetExitCodeProcess
CreateProcessA
GetFileSize
CreateThread
CreateEventA
GetProcessHeap
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
TerminateProcess
SetEvent
EnterCriticalSection
MoveFileExA
GetLastError
RemoveDirectoryA
LeaveCriticalSection
FormatMessageA
CloseHandle
HeapFree
GetTempFileNameA
DeleteFileA
SetFilePointer
CopyFileA
ReadFile

msvcrt

_strlwr
strstr
sprintf
_stricmp
strncpy
strchr
strrchr

advapi32

CryptGenRandom
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
GetLengthSid
InitiateSystemShutdownA
CryptAcquireContextA
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor
CryptReleaseContext

user32

ShowWindow
SendDlgItemMessageA
LoadStringA
EndDialog
SetParent
MessageBoxA
DialogBoxParamA
SendMessageA

ntdll

NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose
NtShutdownSystem

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 286KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_6294920236A5446CB6459B8B2F51E901
.exe windows:5 windows x86 arch:x86

e5f18214bf0610282336218551760e32

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:05:76:74:00:00:00:00:00:2d
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Not Before

18/10/2002, 19:02

Not After

18/12/2003, 19:12

Subject

CN=Microsoft Windows 2000 Publisher,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:9d:aa:11:d3:30:a8:95:60:ac:fa
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

01/07/1999, 07:00

Not After

15/10/2005, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

0c:05:74:72:ff:3f:99:55:6e:c8:60:38:f3:ee:75:1c:b9:84:fc:f2
Signer

Actual PE Digest

0c:05:74:72:ff:3f:99:55:6e:c8:60:38:f3:ee:75:1c:b9:84:fc:f2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

kernel32

SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
CreateFileA
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
FreeLibrary
WriteFile
ExitProcess
DeleteCriticalSection
FlushFileBuffers
GetVersionExA
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
CreateDirectoryA
FindClose
FindNextFileA
FindFirstFileA
Sleep
SetFileAttributesA
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceA
QueryDosDeviceA
GetDriveTypeA
GetCurrentDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetExitCodeProcess
CreateProcessA
GetFileSize
CreateThread
CreateEventA
GetProcessHeap
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
TerminateProcess
SetEvent
EnterCriticalSection
MoveFileExA
GetLastError
RemoveDirectoryA
LeaveCriticalSection
FormatMessageA
CloseHandle
HeapFree
GetTempFileNameA
DeleteFileA
SetFilePointer
CopyFileA
ReadFile

msvcrt

_strlwr
strstr
sprintf
_stricmp
strncpy
strchr
strrchr

advapi32

CryptGenRandom
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
GetLengthSid
InitiateSystemShutdownA
CryptAcquireContextA
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor
CryptReleaseContext

user32

ShowWindow
SendDlgItemMessageA
LoadStringA
EndDialog
SetParent
MessageBoxA
DialogBoxParamA
SendMessageA

ntdll

NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose
NtShutdownSystem

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 286KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_65C07045FFC1499088DA3B68E986AE7B
.exe windows:5 windows x86 arch:x86

75aea3270c51c17eeeea7d97d2e8a47e

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:9d:aa:11:d3:30:a8:95:60:ac:fa
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

01/07/1999, 07:00

Not After

15/10/2005, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:0e:3b:71:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Not Before

29/05/2002, 19:32

Not After

29/07/2003, 19:42

Subject

CN=Microsoft Windows XP Publisher,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

msvcrt

strchr
sprintf
strstr
_strlwr
strncpy

advapi32

OpenProcessToken
InitializeSecurityDescriptor
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
CryptAcquireContextA
InitiateSystemShutdownA
GetLengthSid
GetTokenInformation
AllocateAndInitializeSid
CryptReleaseContext
CryptGenRandom

kernel32

CreateEventA
GetProcessHeap
GetVersionExA
ReadFile
SetFilePointer
HeapFree
CloseHandle
FormatMessageA
LeaveCriticalSection
RemoveDirectoryA
GetLastError
DeleteFileA
MoveFileExA
EnterCriticalSection
TerminateProcess
SetEvent
Sleep
SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
CreateFileA
WriteFile
ExitProcess
DeleteCriticalSection
FreeLibrary
FlushFileBuffers
GetSystemDirectoryA
CreateThread
GetProcAddress
LoadLibraryA
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
CreateDirectoryA
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceA
QueryDosDeviceA
GetDriveTypeA
GetCurrentDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetExitCodeProcess
CreateProcessA
InitializeCriticalSectionAndSpinCount

user32

DialogBoxParamA
LoadStringA
EndDialog
SetParent
MessageBoxA
SendMessageA
SendDlgItemMessageA
ShowWindow

ntdll

NtShutdownSystem
NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 240KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_6A96D343B0C0404B82F1691540208D23
.exe windows:5 windows x86 arch:x86

e5f18214bf0610282336218551760e32

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:05:76:74:00:00:00:00:00:2d
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Not Before

18/10/2002, 19:02

Not After

18/12/2003, 19:12

Subject

CN=Microsoft Windows 2000 Publisher,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:9d:aa:11:d3:30:a8:95:60:ac:fa
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

01/07/1999, 07:00

Not After

15/10/2005, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

0d:2f:5c:b5:9e:a7:d1:b4:bc:4a:f6:39:34:06:03:40:e4:0b:cc:25
Signer

Actual PE Digest

0d:2f:5c:b5:9e:a7:d1:b4:bc:4a:f6:39:34:06:03:40:e4:0b:cc:25

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

kernel32

SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
CreateFileA
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
FreeLibrary
WriteFile
ExitProcess
DeleteCriticalSection
FlushFileBuffers
GetVersionExA
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
CreateDirectoryA
FindClose
FindNextFileA
FindFirstFileA
Sleep
SetFileAttributesA
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceA
QueryDosDeviceA
GetDriveTypeA
GetCurrentDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetExitCodeProcess
CreateProcessA
GetFileSize
CreateThread
CreateEventA
GetProcessHeap
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
TerminateProcess
SetEvent
EnterCriticalSection
MoveFileExA
GetLastError
RemoveDirectoryA
LeaveCriticalSection
FormatMessageA
CloseHandle
HeapFree
GetTempFileNameA
DeleteFileA
SetFilePointer
CopyFileA
ReadFile

msvcrt

_strlwr
strstr
sprintf
_stricmp
strncpy
strchr
strrchr

advapi32

CryptGenRandom
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
GetLengthSid
InitiateSystemShutdownA
CryptAcquireContextA
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor
CryptReleaseContext

user32

ShowWindow
SendDlgItemMessageA
LoadStringA
EndDialog
SetParent
MessageBoxA
DialogBoxParamA
SendMessageA

ntdll

NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose
NtShutdownSystem

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 287KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_77158495CA90413EBE59D7BC80465033
.exe windows:5 windows x86 arch:x86

75aea3270c51c17eeeea7d97d2e8a47e

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:9d:aa:11:d3:30:a8:95:60:ac:fa
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

01/07/1999, 07:00

Not After

15/10/2005, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:0e:3b:71:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Not Before

29/05/2002, 19:32

Not After

29/07/2003, 19:42

Subject

CN=Microsoft Windows XP Publisher,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

msvcrt

strchr
sprintf
strstr
_strlwr
strncpy

advapi32

OpenProcessToken
InitializeSecurityDescriptor
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
CryptAcquireContextA
InitiateSystemShutdownA
GetLengthSid
GetTokenInformation
AllocateAndInitializeSid
CryptReleaseContext
CryptGenRandom

kernel32

CreateEventA
GetProcessHeap
GetVersionExA
ReadFile
SetFilePointer
HeapFree
CloseHandle
FormatMessageA
LeaveCriticalSection
RemoveDirectoryA
GetLastError
DeleteFileA
MoveFileExA
EnterCriticalSection
TerminateProcess
SetEvent
Sleep
SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
CreateFileA
WriteFile
ExitProcess
DeleteCriticalSection
FreeLibrary
FlushFileBuffers
GetSystemDirectoryA
CreateThread
GetProcAddress
LoadLibraryA
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
CreateDirectoryA
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceA
QueryDosDeviceA
GetDriveTypeA
GetCurrentDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetExitCodeProcess
CreateProcessA
InitializeCriticalSectionAndSpinCount

user32

DialogBoxParamA
LoadStringA
EndDialog
SetParent
MessageBoxA
SendMessageA
SendDlgItemMessageA
ShowWindow

ntdll

NtShutdownSystem
NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 241KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_7F02C0319ED7427DA84589024CD07AB0
.exe windows:5 windows x86 arch:x86

e5f18214bf0610282336218551760e32

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:05:76:74:00:00:00:00:00:2d
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Not Before

18/10/2002, 19:02

Not After

18/12/2003, 19:12

Subject

CN=Microsoft Windows 2000 Publisher,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:9d:aa:11:d3:30:a8:95:60:ac:fa
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

01/07/1999, 07:00

Not After

15/10/2005, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

1c:9f:a1:a8:96:7d:8e:4c:4f:08:54:dd:79:c6:04:22:71:64:d8:46
Signer

Actual PE Digest

1c:9f:a1:a8:96:7d:8e:4c:4f:08:54:dd:79:c6:04:22:71:64:d8:46

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

kernel32

SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
CreateFileA
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
FreeLibrary
WriteFile
ExitProcess
DeleteCriticalSection
FlushFileBuffers
GetVersionExA
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
CreateDirectoryA
FindClose
FindNextFileA
FindFirstFileA
Sleep
SetFileAttributesA
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceA
QueryDosDeviceA
GetDriveTypeA
GetCurrentDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetExitCodeProcess
CreateProcessA
GetFileSize
CreateThread
CreateEventA
GetProcessHeap
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
TerminateProcess
SetEvent
EnterCriticalSection
MoveFileExA
GetLastError
RemoveDirectoryA
LeaveCriticalSection
FormatMessageA
CloseHandle
HeapFree
GetTempFileNameA
DeleteFileA
SetFilePointer
CopyFileA
ReadFile

msvcrt

_strlwr
strstr
sprintf
_stricmp
strncpy
strchr
strrchr

advapi32

CryptGenRandom
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
GetLengthSid
InitiateSystemShutdownA
CryptAcquireContextA
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor
CryptReleaseContext

user32

ShowWindow
SendDlgItemMessageA
LoadStringA
EndDialog
SetParent
MessageBoxA
DialogBoxParamA
SendMessageA

ntdll

NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose
NtShutdownSystem

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 287KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_7FD12FAA66B14D0D9439BE84DF2DB062
.exe windows:5 windows x86 arch:x86

75aea3270c51c17eeeea7d97d2e8a47e

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:9d:aa:11:d3:30:a8:95:60:ac:fa
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

01/07/1999, 07:00

Not After

15/10/2005, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:0e:3b:71:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Not Before

29/05/2002, 19:32

Not After

29/07/2003, 19:42

Subject

CN=Microsoft Windows XP Publisher,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

msvcrt

strchr
sprintf
strstr
_strlwr
strncpy

advapi32

OpenProcessToken
InitializeSecurityDescriptor
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
CryptAcquireContextA
InitiateSystemShutdownA
GetLengthSid
GetTokenInformation
AllocateAndInitializeSid
CryptReleaseContext
CryptGenRandom

kernel32

CreateEventA
GetProcessHeap
GetVersionExA
ReadFile
SetFilePointer
HeapFree
CloseHandle
FormatMessageA
LeaveCriticalSection
RemoveDirectoryA
GetLastError
DeleteFileA
MoveFileExA
EnterCriticalSection
TerminateProcess
SetEvent
Sleep
SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
CreateFileA
WriteFile
ExitProcess
DeleteCriticalSection
FreeLibrary
FlushFileBuffers
GetSystemDirectoryA
CreateThread
GetProcAddress
LoadLibraryA
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
CreateDirectoryA
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceA
QueryDosDeviceA
GetDriveTypeA
GetCurrentDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetExitCodeProcess
CreateProcessA
InitializeCriticalSectionAndSpinCount

user32

DialogBoxParamA
LoadStringA
EndDialog
SetParent
MessageBoxA
SendMessageA
SendDlgItemMessageA
ShowWindow

ntdll

NtShutdownSystem
NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 242KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_83F3E3F046A6423484D2069A1950387E
.exe windows:5 windows x86 arch:x86

e5f18214bf0610282336218551760e32

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:05:76:74:00:00:00:00:00:2d
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Not Before

18/10/2002, 19:02

Not After

18/12/2003, 19:12

Subject

CN=Microsoft Windows 2000 Publisher,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:9d:aa:11:d3:30:a8:95:60:ac:fa
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

01/07/1999, 07:00

Not After

15/10/2005, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

3d:2f:c7:dd:17:98:28:92:71:95:ca:ae:31:53:0a:96:45:4c:bc:38
Signer

Actual PE Digest

3d:2f:c7:dd:17:98:28:92:71:95:ca:ae:31:53:0a:96:45:4c:bc:38

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

kernel32

SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
CreateFileA
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
FreeLibrary
WriteFile
ExitProcess
DeleteCriticalSection
FlushFileBuffers
GetVersionExA
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
CreateDirectoryA
FindClose
FindNextFileA
FindFirstFileA
Sleep
SetFileAttributesA
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceA
QueryDosDeviceA
GetDriveTypeA
GetCurrentDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetExitCodeProcess
CreateProcessA
GetFileSize
CreateThread
CreateEventA
GetProcessHeap
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
TerminateProcess
SetEvent
EnterCriticalSection
MoveFileExA
GetLastError
RemoveDirectoryA
LeaveCriticalSection
FormatMessageA
CloseHandle
HeapFree
GetTempFileNameA
DeleteFileA
SetFilePointer
CopyFileA
ReadFile

msvcrt

_strlwr
strstr
sprintf
_stricmp
strncpy
strchr
strrchr

advapi32

CryptGenRandom
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
GetLengthSid
InitiateSystemShutdownA
CryptAcquireContextA
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor
CryptReleaseContext

user32

ShowWindow
SendDlgItemMessageA
LoadStringA
EndDialog
SetParent
MessageBoxA
DialogBoxParamA
SendMessageA

ntdll

NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose
NtShutdownSystem

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 284KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_8E544B8917D242C5A415D4B474FC73BD
.exe windows:5 windows x86 arch:x86

e5f18214bf0610282336218551760e32

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:05:76:74:00:00:00:00:00:2d
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Not Before

18/10/2002, 19:02

Not After

18/12/2003, 19:12

Subject

CN=Microsoft Windows 2000 Publisher,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:9d:aa:11:d3:30:a8:95:60:ac:fa
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

01/07/1999, 07:00

Not After

15/10/2005, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

1b:85:06:a1:6e:37:57:5b:bc:29:04:5e:c4:a1:e0:e5:8d:20:e1:bb
Signer

Actual PE Digest

1b:85:06:a1:6e:37:57:5b:bc:29:04:5e:c4:a1:e0:e5:8d:20:e1:bb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

kernel32

SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
CreateFileA
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
FreeLibrary
WriteFile
ExitProcess
DeleteCriticalSection
FlushFileBuffers
GetVersionExA
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
CreateDirectoryA
FindClose
FindNextFileA
FindFirstFileA
Sleep
SetFileAttributesA
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceA
QueryDosDeviceA
GetDriveTypeA
GetCurrentDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetExitCodeProcess
CreateProcessA
GetFileSize
CreateThread
CreateEventA
GetProcessHeap
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
TerminateProcess
SetEvent
EnterCriticalSection
MoveFileExA
GetLastError
RemoveDirectoryA
LeaveCriticalSection
FormatMessageA
CloseHandle
HeapFree
GetTempFileNameA
DeleteFileA
SetFilePointer
CopyFileA
ReadFile

msvcrt

_strlwr
strstr
sprintf
_stricmp
strncpy
strchr
strrchr

advapi32

CryptGenRandom
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
GetLengthSid
InitiateSystemShutdownA
CryptAcquireContextA
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor
CryptReleaseContext

user32

ShowWindow
SendDlgItemMessageA
LoadStringA
EndDialog
SetParent
MessageBoxA
DialogBoxParamA
SendMessageA

ntdll

NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose
NtShutdownSystem

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 288KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_90BCF81B963248E8A1AA8BD42AFA7427
.exe windows:5 windows x86 arch:x86

e5f18214bf0610282336218551760e32

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:05:76:74:00:00:00:00:00:2d
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Not Before

18/10/2002, 19:02

Not After

18/12/2003, 19:12

Subject

CN=Microsoft Windows 2000 Publisher,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:9d:aa:11:d3:30:a8:95:60:ac:fa
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

01/07/1999, 07:00

Not After

15/10/2005, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

79:63:b8:93:23:5f:36:e7:b0:c1:06:97:2b:21:47:2b:16:1d:34:f8
Signer

Actual PE Digest

79:63:b8:93:23:5f:36:e7:b0:c1:06:97:2b:21:47:2b:16:1d:34:f8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

kernel32

SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
CreateFileA
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
FreeLibrary
WriteFile
ExitProcess
DeleteCriticalSection
FlushFileBuffers
GetVersionExA
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
CreateDirectoryA
FindClose
FindNextFileA
FindFirstFileA
Sleep
SetFileAttributesA
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceA
QueryDosDeviceA
GetDriveTypeA
GetCurrentDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetExitCodeProcess
CreateProcessA
GetFileSize
CreateThread
CreateEventA
GetProcessHeap
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
TerminateProcess
SetEvent
EnterCriticalSection
MoveFileExA
GetLastError
RemoveDirectoryA
LeaveCriticalSection
FormatMessageA
CloseHandle
HeapFree
GetTempFileNameA
DeleteFileA
SetFilePointer
CopyFileA
ReadFile

msvcrt

_strlwr
strstr
sprintf
_stricmp
strncpy
strchr
strrchr

advapi32

CryptGenRandom
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
GetLengthSid
InitiateSystemShutdownA
CryptAcquireContextA
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor
CryptReleaseContext

user32

ShowWindow
SendDlgItemMessageA
LoadStringA
EndDialog
SetParent
MessageBoxA
DialogBoxParamA
SendMessageA

ntdll

NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose
NtShutdownSystem

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 287KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_9621A40CFC5B46C5AAA2EA4C42CBC7B4
.exe windows:5 windows x86 arch:x86

75aea3270c51c17eeeea7d97d2e8a47e

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:9d:aa:11:d3:30:a8:95:60:ac:fa
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

01/07/1999, 07:00

Not After

15/10/2005, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:0e:3b:71:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Not Before

29/05/2002, 19:32

Not After

29/07/2003, 19:42

Subject

CN=Microsoft Windows XP Publisher,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

msvcrt

strchr
sprintf
strstr
_strlwr
strncpy

advapi32

OpenProcessToken
InitializeSecurityDescriptor
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
CryptAcquireContextA
InitiateSystemShutdownA
GetLengthSid
GetTokenInformation
AllocateAndInitializeSid
CryptReleaseContext
CryptGenRandom

kernel32

CreateEventA
GetProcessHeap
GetVersionExA
ReadFile
SetFilePointer
HeapFree
CloseHandle
FormatMessageA
LeaveCriticalSection
RemoveDirectoryA
GetLastError
DeleteFileA
MoveFileExA
EnterCriticalSection
TerminateProcess
SetEvent
Sleep
SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
CreateFileA
WriteFile
ExitProcess
DeleteCriticalSection
FreeLibrary
FlushFileBuffers
GetSystemDirectoryA
CreateThread
GetProcAddress
LoadLibraryA
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
CreateDirectoryA
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceA
QueryDosDeviceA
GetDriveTypeA
GetCurrentDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetExitCodeProcess
CreateProcessA
InitializeCriticalSectionAndSpinCount

user32

DialogBoxParamA
LoadStringA
EndDialog
SetParent
MessageBoxA
SendMessageA
SendDlgItemMessageA
ShowWindow

ntdll

NtShutdownSystem
NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 243KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_B02D54AF665C44F89E984B5F1950DAC6
.exe windows:5 windows x86 arch:x86

75aea3270c51c17eeeea7d97d2e8a47e

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:9d:aa:11:d3:30:a8:95:60:ac:fa
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

01/07/1999, 07:00

Not After

15/10/2005, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:0e:3b:71:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Not Before

29/05/2002, 19:32

Not After

29/07/2003, 19:42

Subject

CN=Microsoft Windows XP Publisher,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

msvcrt

strchr
sprintf
strstr
_strlwr
strncpy

advapi32

OpenProcessToken
InitializeSecurityDescriptor
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
CryptAcquireContextA
InitiateSystemShutdownA
GetLengthSid
GetTokenInformation
AllocateAndInitializeSid
CryptReleaseContext
CryptGenRandom

kernel32

CreateEventA
GetProcessHeap
GetVersionExA
ReadFile
SetFilePointer
HeapFree
CloseHandle
FormatMessageA
LeaveCriticalSection
RemoveDirectoryA
GetLastError
DeleteFileA
MoveFileExA
EnterCriticalSection
TerminateProcess
SetEvent
Sleep
SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
CreateFileA
WriteFile
ExitProcess
DeleteCriticalSection
FreeLibrary
FlushFileBuffers
GetSystemDirectoryA
CreateThread
GetProcAddress
LoadLibraryA
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
CreateDirectoryA
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceA
QueryDosDeviceA
GetDriveTypeA
GetCurrentDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetExitCodeProcess
CreateProcessA
InitializeCriticalSectionAndSpinCount

user32

DialogBoxParamA
LoadStringA
EndDialog
SetParent
MessageBoxA
SendMessageA
SendDlgItemMessageA
ShowWindow

ntdll

NtShutdownSystem
NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 242KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_B14E32DBA934419C8C3F00F2A107AF2F
.exe windows:5 windows x86 arch:x86

75aea3270c51c17eeeea7d97d2e8a47e

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:9d:aa:11:d3:30:a8:95:60:ac:fa
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

01/07/1999, 07:00

Not After

15/10/2005, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:0e:3b:71:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Not Before

29/05/2002, 19:32

Not After

29/07/2003, 19:42

Subject

CN=Microsoft Windows XP Publisher,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

msvcrt

strchr
sprintf
strstr
_strlwr
strncpy

advapi32

OpenProcessToken
InitializeSecurityDescriptor
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
CryptAcquireContextA
InitiateSystemShutdownA
GetLengthSid
GetTokenInformation
AllocateAndInitializeSid
CryptReleaseContext
CryptGenRandom

kernel32

CreateEventA
GetProcessHeap
GetVersionExA
ReadFile
SetFilePointer
HeapFree
CloseHandle
FormatMessageA
LeaveCriticalSection
RemoveDirectoryA
GetLastError
DeleteFileA
MoveFileExA
EnterCriticalSection
TerminateProcess
SetEvent
Sleep
SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
CreateFileA
WriteFile
ExitProcess
DeleteCriticalSection
FreeLibrary
FlushFileBuffers
GetSystemDirectoryA
CreateThread
GetProcAddress
LoadLibraryA
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
CreateDirectoryA
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceA
QueryDosDeviceA
GetDriveTypeA
GetCurrentDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetExitCodeProcess
CreateProcessA
InitializeCriticalSectionAndSpinCount

user32

DialogBoxParamA
LoadStringA
EndDialog
SetParent
MessageBoxA
SendMessageA
SendDlgItemMessageA
ShowWindow

ntdll

NtShutdownSystem
NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 242KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_B5C8198712744832B448BED984F60DEE
.exe windows:5 windows x86 arch:x86

75aea3270c51c17eeeea7d97d2e8a47e

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:9d:aa:11:d3:30:a8:95:60:ac:fa
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

01/07/1999, 07:00

Not After

15/10/2005, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:0e:3b:71:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Not Before

29/05/2002, 19:32

Not After

29/07/2003, 19:42

Subject

CN=Microsoft Windows XP Publisher,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

msvcrt

strchr
sprintf
strstr
_strlwr
strncpy

advapi32

OpenProcessToken
InitializeSecurityDescriptor
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
CryptAcquireContextA
InitiateSystemShutdownA
GetLengthSid
GetTokenInformation
AllocateAndInitializeSid
CryptReleaseContext
CryptGenRandom

kernel32

CreateEventA
GetProcessHeap
GetVersionExA
ReadFile
SetFilePointer
HeapFree
CloseHandle
FormatMessageA
LeaveCriticalSection
RemoveDirectoryA
GetLastError
DeleteFileA
MoveFileExA
EnterCriticalSection
TerminateProcess
SetEvent
Sleep
SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
CreateFileA
WriteFile
ExitProcess
DeleteCriticalSection
FreeLibrary
FlushFileBuffers
GetSystemDirectoryA
CreateThread
GetProcAddress
LoadLibraryA
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
CreateDirectoryA
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceA
QueryDosDeviceA
GetDriveTypeA
GetCurrentDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetExitCodeProcess
CreateProcessA
InitializeCriticalSectionAndSpinCount

user32

DialogBoxParamA
LoadStringA
EndDialog
SetParent
MessageBoxA
SendMessageA
SendDlgItemMessageA
ShowWindow

ntdll

NtShutdownSystem
NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 240KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_C0F6EAA1404D48618C1BB8D2E6E8E938
.exe windows:5 windows x86 arch:x86

e5f18214bf0610282336218551760e32

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:05:76:74:00:00:00:00:00:2d
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Not Before

18/10/2002, 19:02

Not After

18/12/2003, 19:12

Subject

CN=Microsoft Windows 2000 Publisher,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:9d:aa:11:d3:30:a8:95:60:ac:fa
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

01/07/1999, 07:00

Not After

15/10/2005, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

71:e4:c2:54:ef:6a:e4:51:28:64:c1:70:3a:16:71:12:82:c9:33:25
Signer

Actual PE Digest

71:e4:c2:54:ef:6a:e4:51:28:64:c1:70:3a:16:71:12:82:c9:33:25

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

kernel32

SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
CreateFileA
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
FreeLibrary
WriteFile
ExitProcess
DeleteCriticalSection
FlushFileBuffers
GetVersionExA
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
CreateDirectoryA
FindClose
FindNextFileA
FindFirstFileA
Sleep
SetFileAttributesA
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceA
QueryDosDeviceA
GetDriveTypeA
GetCurrentDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetExitCodeProcess
CreateProcessA
GetFileSize
CreateThread
CreateEventA
GetProcessHeap
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
TerminateProcess
SetEvent
EnterCriticalSection
MoveFileExA
GetLastError
RemoveDirectoryA
LeaveCriticalSection
FormatMessageA
CloseHandle
HeapFree
GetTempFileNameA
DeleteFileA
SetFilePointer
CopyFileA
ReadFile

msvcrt

_strlwr
strstr
sprintf
_stricmp
strncpy
strchr
strrchr

advapi32

CryptGenRandom
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
GetLengthSid
InitiateSystemShutdownA
CryptAcquireContextA
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor
CryptReleaseContext

user32

ShowWindow
SendDlgItemMessageA
LoadStringA
EndDialog
SetParent
MessageBoxA
DialogBoxParamA
SendMessageA

ntdll

NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose
NtShutdownSystem

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 284KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_C43755958BD948B5A88E7F09845D16CA
.exe windows:5 windows x86 arch:x86

e5f18214bf0610282336218551760e32

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:05:76:74:00:00:00:00:00:2d
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Not Before

18/10/2002, 19:02

Not After

18/12/2003, 19:12

Subject

CN=Microsoft Windows 2000 Publisher,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:9d:aa:11:d3:30:a8:95:60:ac:fa
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

01/07/1999, 07:00

Not After

15/10/2005, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

5c:4b:a6:32:1b:3b:18:05:42:72:33:ad:75:df:6a:e6:83:f8:4e:7e
Signer

Actual PE Digest

5c:4b:a6:32:1b:3b:18:05:42:72:33:ad:75:df:6a:e6:83:f8:4e:7e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

kernel32

SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
CreateFileA
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
FreeLibrary
WriteFile
ExitProcess
DeleteCriticalSection
FlushFileBuffers
GetVersionExA
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
CreateDirectoryA
FindClose
FindNextFileA
FindFirstFileA
Sleep
SetFileAttributesA
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceA
QueryDosDeviceA
GetDriveTypeA
GetCurrentDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetExitCodeProcess
CreateProcessA
GetFileSize
CreateThread
CreateEventA
GetProcessHeap
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
TerminateProcess
SetEvent
EnterCriticalSection
MoveFileExA
GetLastError
RemoveDirectoryA
LeaveCriticalSection
FormatMessageA
CloseHandle
HeapFree
GetTempFileNameA
DeleteFileA
SetFilePointer
CopyFileA
ReadFile

msvcrt

_strlwr
strstr
sprintf
_stricmp
strncpy
strchr
strrchr

advapi32

CryptGenRandom
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
GetLengthSid
InitiateSystemShutdownA
CryptAcquireContextA
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor
CryptReleaseContext

user32

ShowWindow
SendDlgItemMessageA
LoadStringA
EndDialog
SetParent
MessageBoxA
DialogBoxParamA
SendMessageA

ntdll

NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose
NtShutdownSystem

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 286KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_D2128807231D4BDCBF6ED23DBE656BA0
.exe windows:5 windows x86 arch:x86

75aea3270c51c17eeeea7d97d2e8a47e

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:9d:aa:11:d3:30:a8:95:60:ac:fa
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

01/07/1999, 07:00

Not After

15/10/2005, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:0e:3b:71:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Not Before

29/05/2002, 19:32

Not After

29/07/2003, 19:42

Subject

CN=Microsoft Windows XP Publisher,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

msvcrt

strchr
sprintf
strstr
_strlwr
strncpy

advapi32

OpenProcessToken
InitializeSecurityDescriptor
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
CryptAcquireContextA
InitiateSystemShutdownA
GetLengthSid
GetTokenInformation
AllocateAndInitializeSid
CryptReleaseContext
CryptGenRandom

kernel32

CreateEventA
GetProcessHeap
GetVersionExA
ReadFile
SetFilePointer
HeapFree
CloseHandle
FormatMessageA
LeaveCriticalSection
RemoveDirectoryA
GetLastError
DeleteFileA
MoveFileExA
EnterCriticalSection
TerminateProcess
SetEvent
Sleep
SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
CreateFileA
WriteFile
ExitProcess
DeleteCriticalSection
FreeLibrary
FlushFileBuffers
GetSystemDirectoryA
CreateThread
GetProcAddress
LoadLibraryA
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
CreateDirectoryA
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceA
QueryDosDeviceA
GetDriveTypeA
GetCurrentDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetExitCodeProcess
CreateProcessA
InitializeCriticalSectionAndSpinCount

user32

DialogBoxParamA
LoadStringA
EndDialog
SetParent
MessageBoxA
SendMessageA
SendDlgItemMessageA
ShowWindow

ntdll

NtShutdownSystem
NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 242KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_D6D9787B09C949129005B7265092546E
.exe windows:5 windows x86 arch:x86

75aea3270c51c17eeeea7d97d2e8a47e

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:9d:aa:11:d3:30:a8:95:60:ac:fa
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

01/07/1999, 07:00

Not After

15/10/2005, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:0e:3b:71:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Not Before

29/05/2002, 19:32

Not After

29/07/2003, 19:42

Subject

CN=Microsoft Windows XP Publisher,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

msvcrt

strchr
sprintf
strstr
_strlwr
strncpy

advapi32

OpenProcessToken
InitializeSecurityDescriptor
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
CryptAcquireContextA
InitiateSystemShutdownA
GetLengthSid
GetTokenInformation
AllocateAndInitializeSid
CryptReleaseContext
CryptGenRandom

kernel32

CreateEventA
GetProcessHeap
GetVersionExA
ReadFile
SetFilePointer
HeapFree
CloseHandle
FormatMessageA
LeaveCriticalSection
RemoveDirectoryA
GetLastError
DeleteFileA
MoveFileExA
EnterCriticalSection
TerminateProcess
SetEvent
Sleep
SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
CreateFileA
WriteFile
ExitProcess
DeleteCriticalSection
FreeLibrary
FlushFileBuffers
GetSystemDirectoryA
CreateThread
GetProcAddress
LoadLibraryA
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
CreateDirectoryA
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceA
QueryDosDeviceA
GetDriveTypeA
GetCurrentDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetExitCodeProcess
CreateProcessA
InitializeCriticalSectionAndSpinCount

user32

DialogBoxParamA
LoadStringA
EndDialog
SetParent
MessageBoxA
SendMessageA
SendDlgItemMessageA
ShowWindow

ntdll

NtShutdownSystem
NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 243KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_D87B3466FC6E4DFEB8A78EF86D4B9B74
.exe windows:5 windows x86 arch:x86

75aea3270c51c17eeeea7d97d2e8a47e

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:9d:aa:11:d3:30:a8:95:60:ac:fa
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

01/07/1999, 07:00

Not After

15/10/2005, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:0e:3b:71:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Not Before

29/05/2002, 19:32

Not After

29/07/2003, 19:42

Subject

CN=Microsoft Windows XP Publisher,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

msvcrt

strchr
sprintf
strstr
_strlwr
strncpy

advapi32

OpenProcessToken
InitializeSecurityDescriptor
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
CryptAcquireContextA
InitiateSystemShutdownA
GetLengthSid
GetTokenInformation
AllocateAndInitializeSid
CryptReleaseContext
CryptGenRandom

kernel32

CreateEventA
GetProcessHeap
GetVersionExA
ReadFile
SetFilePointer
HeapFree
CloseHandle
FormatMessageA
LeaveCriticalSection
RemoveDirectoryA
GetLastError
DeleteFileA
MoveFileExA
EnterCriticalSection
TerminateProcess
SetEvent
Sleep
SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
CreateFileA
WriteFile
ExitProcess
DeleteCriticalSection
FreeLibrary
FlushFileBuffers
GetSystemDirectoryA
CreateThread
GetProcAddress
LoadLibraryA
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
CreateDirectoryA
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceA
QueryDosDeviceA
GetDriveTypeA
GetCurrentDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetExitCodeProcess
CreateProcessA
InitializeCriticalSectionAndSpinCount

user32

DialogBoxParamA
LoadStringA
EndDialog
SetParent
MessageBoxA
SendMessageA
SendDlgItemMessageA
ShowWindow

ntdll

NtShutdownSystem
NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 240KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_E9AB524B033E4DCEA920A9AA08461D27
.exe windows:5 windows x86 arch:x86

e5f18214bf0610282336218551760e32

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:05:76:74:00:00:00:00:00:2d
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Not Before

18/10/2002, 19:02

Not After

18/12/2003, 19:12

Subject

CN=Microsoft Windows 2000 Publisher,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:9d:aa:11:d3:30:a8:95:60:ac:fa
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

01/07/1999, 07:00

Not After

15/10/2005, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

7d:34:51:ca:21:30:46:c8:89:52:a9:f6:b2:49:ac:55:86:76:2f:f5
Signer

Actual PE Digest

7d:34:51:ca:21:30:46:c8:89:52:a9:f6:b2:49:ac:55:86:76:2f:f5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

kernel32

SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
CreateFileA
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
FreeLibrary
WriteFile
ExitProcess
DeleteCriticalSection
FlushFileBuffers
GetVersionExA
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
CreateDirectoryA
FindClose
FindNextFileA
FindFirstFileA
Sleep
SetFileAttributesA
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceA
QueryDosDeviceA
GetDriveTypeA
GetCurrentDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetExitCodeProcess
CreateProcessA
GetFileSize
CreateThread
CreateEventA
GetProcessHeap
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
TerminateProcess
SetEvent
EnterCriticalSection
MoveFileExA
GetLastError
RemoveDirectoryA
LeaveCriticalSection
FormatMessageA
CloseHandle
HeapFree
GetTempFileNameA
DeleteFileA
SetFilePointer
CopyFileA
ReadFile

msvcrt

_strlwr
strstr
sprintf
_stricmp
strncpy
strchr
strrchr

advapi32

CryptGenRandom
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
GetLengthSid
InitiateSystemShutdownA
CryptAcquireContextA
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor
CryptReleaseContext

user32

ShowWindow
SendDlgItemMessageA
LoadStringA
EndDialog
SetParent
MessageBoxA
DialogBoxParamA
SendMessageA

ntdll

NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose
NtShutdownSystem

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 287KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_E9FDBA34FA96421EA6660AC69B29A912
.exe windows:5 windows x86 arch:x86

e5f18214bf0610282336218551760e32

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:05:76:74:00:00:00:00:00:2d
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Not Before

18/10/2002, 19:02

Not After

18/12/2003, 19:12

Subject

CN=Microsoft Windows 2000 Publisher,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:9d:aa:11:d3:30:a8:95:60:ac:fa
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

01/07/1999, 07:00

Not After

15/10/2005, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

15:35:ed:22:32:6a:41:91:c2:ce:ff:b5:de:01:fd:8e:a7:d5:ca:73
Signer

Actual PE Digest

15:35:ed:22:32:6a:41:91:c2:ce:ff:b5:de:01:fd:8e:a7:d5:ca:73

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

kernel32

SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
CreateFileA
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
FreeLibrary
WriteFile
ExitProcess
DeleteCriticalSection
FlushFileBuffers
GetVersionExA
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
CreateDirectoryA
FindClose
FindNextFileA
FindFirstFileA
Sleep
SetFileAttributesA
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceA
QueryDosDeviceA
GetDriveTypeA
GetCurrentDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetExitCodeProcess
CreateProcessA
GetFileSize
CreateThread
CreateEventA
GetProcessHeap
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
TerminateProcess
SetEvent
EnterCriticalSection
MoveFileExA
GetLastError
RemoveDirectoryA
LeaveCriticalSection
FormatMessageA
CloseHandle
HeapFree
GetTempFileNameA
DeleteFileA
SetFilePointer
CopyFileA
ReadFile

msvcrt

_strlwr
strstr
sprintf
_stricmp
strncpy
strchr
strrchr

advapi32

CryptGenRandom
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
GetLengthSid
InitiateSystemShutdownA
CryptAcquireContextA
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor
CryptReleaseContext

user32

ShowWindow
SendDlgItemMessageA
LoadStringA
EndDialog
SetParent
MessageBoxA
DialogBoxParamA
SendMessageA

ntdll

NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose
NtShutdownSystem

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 285KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_F54C616167654DE59ECC435C7DB5B033
.exe windows:5 windows x86 arch:x86

75aea3270c51c17eeeea7d97d2e8a47e

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:9d:aa:11:d3:30:a8:95:60:ac:fa
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

01/07/1999, 07:00

Not After

15/10/2005, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:0e:3b:71:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Not Before

29/05/2002, 19:32

Not After

29/07/2003, 19:42

Subject

CN=Microsoft Windows XP Publisher,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

msvcrt

strchr
sprintf
strstr
_strlwr
strncpy

advapi32

OpenProcessToken
InitializeSecurityDescriptor
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
CryptAcquireContextA
InitiateSystemShutdownA
GetLengthSid
GetTokenInformation
AllocateAndInitializeSid
CryptReleaseContext
CryptGenRandom

kernel32

CreateEventA
GetProcessHeap
GetVersionExA
ReadFile
SetFilePointer
HeapFree
CloseHandle
FormatMessageA
LeaveCriticalSection
RemoveDirectoryA
GetLastError
DeleteFileA
MoveFileExA
EnterCriticalSection
TerminateProcess
SetEvent
Sleep
SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
CreateFileA
WriteFile
ExitProcess
DeleteCriticalSection
FreeLibrary
FlushFileBuffers
GetSystemDirectoryA
CreateThread
GetProcAddress
LoadLibraryA
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
CreateDirectoryA
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceA
QueryDosDeviceA
GetDriveTypeA
GetCurrentDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetExitCodeProcess
CreateProcessA
InitializeCriticalSectionAndSpinCount

user32

DialogBoxParamA
LoadStringA
EndDialog
SetParent
MessageBoxA
SendMessageA
SendDlgItemMessageA
ShowWindow

ntdll

NtShutdownSystem
NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 242KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_F899CFC899E74982B093126F4C3641C4
.exe windows:5 windows x86 arch:x86

75aea3270c51c17eeeea7d97d2e8a47e

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:9d:aa:11:d3:30:a8:95:60:ac:fa
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

01/07/1999, 07:00

Not After

15/10/2005, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:0e:3b:71:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Not Before

29/05/2002, 19:32

Not After

29/07/2003, 19:42

Subject

CN=Microsoft Windows XP Publisher,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

msvcrt

strchr
sprintf
strstr
_strlwr
strncpy

advapi32

OpenProcessToken
InitializeSecurityDescriptor
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
CryptAcquireContextA
InitiateSystemShutdownA
GetLengthSid
GetTokenInformation
AllocateAndInitializeSid
CryptReleaseContext
CryptGenRandom

kernel32

CreateEventA
GetProcessHeap
GetVersionExA
ReadFile
SetFilePointer
HeapFree
CloseHandle
FormatMessageA
LeaveCriticalSection
RemoveDirectoryA
GetLastError
DeleteFileA
MoveFileExA
EnterCriticalSection
TerminateProcess
SetEvent
Sleep
SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
CreateFileA
WriteFile
ExitProcess
DeleteCriticalSection
FreeLibrary
FlushFileBuffers
GetSystemDirectoryA
CreateThread
GetProcAddress
LoadLibraryA
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
CreateDirectoryA
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceA
QueryDosDeviceA
GetDriveTypeA
GetCurrentDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetExitCodeProcess
CreateProcessA
InitializeCriticalSectionAndSpinCount

user32

DialogBoxParamA
LoadStringA
EndDialog
SetParent
MessageBoxA
SendMessageA
SendDlgItemMessageA
ShowWindow

ntdll

NtShutdownSystem
NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 242KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bcbthub.sys
.sys windows:5 windows x86 arch:x86

29e0b5c527b7bf03d067cdd300031a17

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

PoSetPowerState
ExFreePool
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
ExAllocatePoolWithTag
IoGetDeviceProperty
IoCreateDevice
IofCallDriver
ObfReferenceObject
MmUnlockPagableImageSection
MmLockPagableDataSection
InterlockedExchange
IoDeleteDevice
KeWaitForSingleObject
IoDetachDevice
IofCompleteRequest
wcscpy
wcslen
IoFreeIrp
IoAllocateIrp
IoGetAttachedDeviceReference
ObfDereferenceObject
IoCancelIrp
IoReleaseCancelSpinLock
IoAttachDeviceToDeviceStack
RtlFreeAnsiString
IoIsWdmVersionAvailable
KeInitializeEvent
DbgPrint
KeSetEvent
InterlockedDecrement
InterlockedIncrement
PoCallDriver
PoStartNextPowerIrp
PoRequestPowerIrp
RtlFreeUnicodeString
ZwQueryValueKey
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwClose
IoOpenDeviceRegistryKey
ZwOpenKey
ZwSetValueKey
KeDelayExecutionThread
RtlExtendedLargeIntegerDivide
KeQuerySystemTime
ZwReadFile
ZwCreateFile
wcsncmp
sprintf

usbd.sys

_USBD_ParseConfigurationDescriptorEx@28
USBD_GetUSBDIVersion
_USBD_CreateConfigurationRequestEx@8

hal

KeGetCurrentIrql
KeQueryPerformanceCounter

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 576B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGECODE
Size: 768B - Virtual size: 765B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDNLD
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDATA
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bcbthub.sys1
.sys windows:5 windows x86 arch:x86

29e0b5c527b7bf03d067cdd300031a17

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

PoSetPowerState
ExFreePool
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
ExAllocatePoolWithTag
IoGetDeviceProperty
IoCreateDevice
IofCallDriver
ObfReferenceObject
MmUnlockPagableImageSection
MmLockPagableDataSection
InterlockedExchange
IoDeleteDevice
KeWaitForSingleObject
IoDetachDevice
IofCompleteRequest
wcscpy
wcslen
IoFreeIrp
IoAllocateIrp
IoGetAttachedDeviceReference
ObfDereferenceObject
IoCancelIrp
IoReleaseCancelSpinLock
IoAttachDeviceToDeviceStack
RtlFreeAnsiString
IoIsWdmVersionAvailable
KeInitializeEvent
DbgPrint
KeSetEvent
InterlockedDecrement
InterlockedIncrement
PoCallDriver
PoStartNextPowerIrp
PoRequestPowerIrp
RtlFreeUnicodeString
ZwQueryValueKey
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwClose
IoOpenDeviceRegistryKey
ZwOpenKey
ZwSetValueKey
KeDelayExecutionThread
RtlExtendedLargeIntegerDivide
KeQuerySystemTime
ZwReadFile
ZwCreateFile
wcsncmp
sprintf

usbd.sys

_USBD_ParseConfigurationDescriptorEx@28
USBD_GetUSBDIVersion
_USBD_CreateConfigurationRequestEx@8

hal

KeGetCurrentIrql
KeQueryPerformanceCounter

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 576B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGECODE
Size: 768B - Virtual size: 765B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDNLD
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDATA
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bcbthub.sys2
.sys windows:5 windows x86 arch:x86

29e0b5c527b7bf03d067cdd300031a17

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

PoSetPowerState
ExFreePool
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
ExAllocatePoolWithTag
IoGetDeviceProperty
IoCreateDevice
IofCallDriver
ObfReferenceObject
MmUnlockPagableImageSection
MmLockPagableDataSection
InterlockedExchange
IoDeleteDevice
KeWaitForSingleObject
IoDetachDevice
IofCompleteRequest
wcscpy
wcslen
IoFreeIrp
IoAllocateIrp
IoGetAttachedDeviceReference
ObfDereferenceObject
IoCancelIrp
IoReleaseCancelSpinLock
IoAttachDeviceToDeviceStack
RtlFreeAnsiString
IoIsWdmVersionAvailable
KeInitializeEvent
DbgPrint
KeSetEvent
InterlockedDecrement
InterlockedIncrement
PoCallDriver
PoStartNextPowerIrp
PoRequestPowerIrp
RtlFreeUnicodeString
ZwQueryValueKey
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwClose
IoOpenDeviceRegistryKey
ZwOpenKey
ZwSetValueKey
KeDelayExecutionThread
RtlExtendedLargeIntegerDivide
KeQuerySystemTime
ZwReadFile
ZwCreateFile
wcsncmp
sprintf

usbd.sys

_USBD_ParseConfigurationDescriptorEx@28
USBD_GetUSBDIVersion
_USBD_CreateConfigurationRequestEx@8

hal

KeGetCurrentIrql
KeQueryPerformanceCounter

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 576B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGECODE
Size: 768B - Virtual size: 765B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDNLD
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDATA
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
brcmusb.inf
brcmusb.inf1
bt2kndfl.sys
.sys windows:5 windows x86 arch:x86

d97fd632447fbf3d0987bb87d204c398

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoDeleteDevice
IoAttachDeviceToDeviceStack
IoCreateDevice
IofCallDriver
KeSetEvent
IofCompleteRequest
ExFreePool
KeWaitForSingleObject
KeInitializeEvent
ExAllocatePoolWithTag
IoDetachDevice
PoCallDriver
PoStartNextPowerIrp

Sections

.text
Size: 224B - Virtual size: 198B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 704B - Virtual size: 701B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 448B - Virtual size: 430B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 96B - Virtual size: 86B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bt_cold_icon.ico
bt_cold_icon_grey.ico
bt_hot_icon.ico
btaudio.cat
btaudio.sys
.sys windows:5 windows x86 arch:x86

2d1c17784ff6fc53f4266af40e08bfb7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

InterlockedDecrement
InterlockedIncrement
_alldiv
_allmul
_allshr
vsprintf
KeGetCurrentThread
KeClearEvent
KeWaitForSingleObject
KeInitializeEvent
strncpy
KeSetTimer
KeInitializeTimer
KeInitializeDpc
ExAllocatePoolWithTag
KeInitializeSpinLock
IoIsWdmVersionAvailable
KeDelayExecutionThread
ExFreePool
KeCancelTimer
ZwClose
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
_except_handler3
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
KeQuerySystemTime
KeSetPriorityThread
ObReferenceObjectByHandle
PsCreateSystemThread
ObfDereferenceObject
PsTerminateSystemThread
_vsnprintf
wcslen
wcscpy
KeInitializeMutex
_purecall
KeInitializeTimerEx
KeReleaseMutex
KeSetTimerEx
KeQueryInterruptTime
InterlockedCompareExchange
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
IoFreeIrp
IofCallDriver
IoAllocateIrp
IoGetDeviceObjectPointer
DbgPrint
sprintf
ZwSetValueKey
KeSetEvent

hal

KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock

portcls.sys

PcInitializeAdapterDriver
PcAddAdapterDevice
PcRegisterSubdevice
PcNewMiniport
PcNewPort
PcRegisterPhysicalConnection
PcRegisterAdapterPowerManagement
PcNewRegistryKey
PcNewServiceGroup

Sections

.text
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_LTEXT
Size: 96B - Virtual size: 67B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btaudio.sys1
.sys windows:5 windows x86 arch:x86

2d1c17784ff6fc53f4266af40e08bfb7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

InterlockedDecrement
InterlockedIncrement
_alldiv
_allmul
_allshr
vsprintf
KeGetCurrentThread
KeClearEvent
KeWaitForSingleObject
KeInitializeEvent
strncpy
KeSetTimer
KeInitializeTimer
KeInitializeDpc
ExAllocatePoolWithTag
KeInitializeSpinLock
IoIsWdmVersionAvailable
KeDelayExecutionThread
ExFreePool
KeCancelTimer
ZwClose
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
_except_handler3
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
KeQuerySystemTime
KeSetPriorityThread
ObReferenceObjectByHandle
PsCreateSystemThread
ObfDereferenceObject
PsTerminateSystemThread
_vsnprintf
wcslen
wcscpy
KeInitializeMutex
_purecall
KeInitializeTimerEx
KeReleaseMutex
KeSetTimerEx
KeQueryInterruptTime
InterlockedCompareExchange
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
IoFreeIrp
IofCallDriver
IoAllocateIrp
IoGetDeviceObjectPointer
DbgPrint
sprintf
ZwSetValueKey
KeSetEvent

hal

KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock

portcls.sys

PcInitializeAdapterDriver
PcAddAdapterDevice
PcRegisterSubdevice
PcNewMiniport
PcNewPort
PcRegisterPhysicalConnection
PcRegisterAdapterPowerManagement
PcNewRegistryKey
PcNewServiceGroup

Sections

.text
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_LTEXT
Size: 96B - Virtual size: 67B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btaudio.sys2
.sys windows:5 windows x86 arch:x86

2d1c17784ff6fc53f4266af40e08bfb7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

InterlockedDecrement
InterlockedIncrement
_alldiv
_allmul
_allshr
vsprintf
KeGetCurrentThread
KeClearEvent
KeWaitForSingleObject
KeInitializeEvent
strncpy
KeSetTimer
KeInitializeTimer
KeInitializeDpc
ExAllocatePoolWithTag
KeInitializeSpinLock
IoIsWdmVersionAvailable
KeDelayExecutionThread
ExFreePool
KeCancelTimer
ZwClose
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
_except_handler3
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
KeQuerySystemTime
KeSetPriorityThread
ObReferenceObjectByHandle
PsCreateSystemThread
ObfDereferenceObject
PsTerminateSystemThread
_vsnprintf
wcslen
wcscpy
KeInitializeMutex
_purecall
KeInitializeTimerEx
KeReleaseMutex
KeSetTimerEx
KeQueryInterruptTime
InterlockedCompareExchange
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
IoFreeIrp
IofCallDriver
IoAllocateIrp
IoGetDeviceObjectPointer
DbgPrint
sprintf
ZwSetValueKey
KeSetEvent

hal

KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock

portcls.sys

PcInitializeAdapterDriver
PcAddAdapterDevice
PcRegisterSubdevice
PcNewMiniport
PcNewPort
PcRegisterPhysicalConnection
PcRegisterAdapterPowerManagement
PcNewRegistryKey
PcNewServiceGroup

Sections

.text
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_LTEXT
Size: 96B - Virtual size: 67B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btaudio.sys3
.sys windows:5 windows x86 arch:x86

2d1c17784ff6fc53f4266af40e08bfb7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

InterlockedDecrement
InterlockedIncrement
_alldiv
_allmul
_allshr
vsprintf
KeGetCurrentThread
KeClearEvent
KeWaitForSingleObject
KeInitializeEvent
strncpy
KeSetTimer
KeInitializeTimer
KeInitializeDpc
ExAllocatePoolWithTag
KeInitializeSpinLock
IoIsWdmVersionAvailable
KeDelayExecutionThread
ExFreePool
KeCancelTimer
ZwClose
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
_except_handler3
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
KeQuerySystemTime
KeSetPriorityThread
ObReferenceObjectByHandle
PsCreateSystemThread
ObfDereferenceObject
PsTerminateSystemThread
_vsnprintf
wcslen
wcscpy
KeInitializeMutex
_purecall
KeInitializeTimerEx
KeReleaseMutex
KeSetTimerEx
KeQueryInterruptTime
InterlockedCompareExchange
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
IoFreeIrp
IofCallDriver
IoAllocateIrp
IoGetDeviceObjectPointer
DbgPrint
sprintf
ZwSetValueKey
KeSetEvent

hal

KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock

portcls.sys

PcInitializeAdapterDriver
PcAddAdapterDevice
PcRegisterSubdevice
PcNewMiniport
PcNewPort
PcRegisterPhysicalConnection
PcRegisterAdapterPowerManagement
PcNewRegistryKey
PcNewServiceGroup

Sections

.text
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_LTEXT
Size: 96B - Virtual size: 67B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btbigbmp.dll
.dll windows:4 windows x86 arch:x86

5c54715227e960c5019e7a45d4b9d02a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btbip.dll
.dll windows:4 windows x86 arch:x86

0060583250814c23722c4793d25e5cc5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

widcommsdk

?OnAudioDisconnect@CObexClient@@UAEXG@Z
??0CObexHeaders@@QAE@XZ
?SetType@CObexHeaders@@QAEHPAEI@Z
??1CObexHeaders@@QAE@XZ
?SetSecurityLevel@CObexClient@@QAEHEPADEPAU_GUID@@@Z
?GetRfcHandle@CObexClient@@QAEGXZ
?OnAudioConnected@CObexClient@@UAEXG@Z
?OnAbort@CObexClient@@UAEXPAVCObexHeaders@@W4tOBEX_ERRORS@@W4tOBEX_RESPONSE_CODE@@@Z
??1CObexClient@@QAE@XZ
??0CObexClient@@QAE@XZ
?GetText@CObexUserDefined@@QAEHPAG@Z
?GetLength@CObexUserDefined@@QAEGXZ
?GetUserType@CObexUserDefined@@QAEEPAE@Z
?GetUserDefined@CObexHeaders@@QAEHPAVCObexUserDefined@@G@Z
??0CObexUserDefined@@QAE@XZ
??1CObexUserDefined@@QAE@XZ
?GetUserDefinedCnt@CObexHeaders@@QAEIXZ
?Put@CObexClient@@QAE?AW4tOBEX_ERRORS@@PAVCObexHeaders@@H@Z
?GetBody@CObexHeaders@@QAEHPAEPAH@Z
?GetBodyLength@CObexHeaders@@QAEHPAI@Z
?Get@CObexClient@@QAE?AW4tOBEX_ERRORS@@PAVCObexHeaders@@H@Z
?SetHeader@CObexUserDefined@@QAEHEPAEG@Z
?AddUserDefined@CObexHeaders@@QAEHPAVCObexUserDefined@@@Z
?SetHeader@CObexUserDefined@@QAEHEPAG@Z
?OnSetPath@CObexClient@@UAEXPAVCObexHeaders@@W4tOBEX_ERRORS@@W4tOBEX_RESPONSE_CODE@@@Z
?AddAppParam@CObexHeaders@@QAEHEEPAE@Z
?SetName@CObexHeaders@@QAEHPAG@Z
?SetBody@CObexHeaders@@QAEHPAEIH@Z
?SetWriteTimeOut@CObexClient@@QAE?AW4tOBEX_ERRORS@@G@Z
?Close@CObexClient@@QAE?AW4tOBEX_ERRORS@@PAVCObexHeaders@@@Z
?Open@CObexClient@@QAE?AW4tOBEX_ERRORS@@EQAEPAVCObexHeaders@@G@Z
?AddTarget@CObexHeaders@@QAEHPAEI@Z

gdiplus

GdiplusShutdown
GdipGetImageWidth
GdipGetImageHeight
GdipLoadImageFromFile
GdipAlloc
GdiplusStartup
GdipDisposeImage
GdipCloneImage
GdipSaveImageToFile
GdipDeleteGraphics
GdipDeleteBrush
GdipDrawImageRectI
GdipFillRectangleI
GdipCreateSolidFill
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipCreateBitmapFromFile
GdipCloneBrush
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipGetImageThumbnail
GdipFree

kernel32

GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
SetFilePointer
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
ReadFile
ExitProcess
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
TlsFree
TlsAlloc
LeaveCriticalSection
EnterCriticalSection
GetEnvironmentStringsW
GetCommandLineA
GetTempPathA
OutputDebugStringA
GetCurrentThreadId
GetLastError
MultiByteToWideChar
MulDiv
WideCharToMultiByte
GetVersionExA
DeleteFileA
CreateEventA
CloseHandle
SetEvent
GetTickCount
LoadLibraryA
WaitForSingleObject
CreateThread
SetLastError
Sleep
DeviceIoControl
CreateFileA
DeleteCriticalSection
HeapFree
InitializeCriticalSection
HeapAlloc
GetProcessHeap
ExitThread
TlsGetValue
TlsSetValue
InterlockedIncrement
InterlockedDecrement
RtlUnwind
WriteFile
SetStdHandle
FlushFileBuffers
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
CreateFileW
SetEndOfFile
GetVersion

user32

LoadStringA
FindWindowA
SendMessageA
wvsprintfA
PeekMessageA

advapi32

RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

oleaut32

VariantClear
SysFreeString
VariantInit

Exports

Exports

BTBIP_AdjustCompatibleImageParams
BTBIP_AllocateResponse
BTBIP_Connect
BTBIP_DeleteImage
BTBIP_Disconnect
BTBIP_FindBestService
BTBIP_FreeResponse
BTBIP_GDIPP_GetImageProperties
BTBIP_GDIPP_SaveThumbnail
BTBIP_GDIPP_TransformImageFile
BTBIP_GetCapabilities
BTBIP_GetImage
BTBIP_GetImageFirst
BTBIP_GetImageInfo
BTBIP_GetImageNext
BTBIP_GetImageProperties
BTBIP_GetImagesList
BTBIP_GetInfFile
BTBIP_GetLinkedAttachment
BTBIP_GetLinkedThumbnail
BTBIP_GetMonitoringImage
BTBIP_GetSupported
BTBIP_LoadXml
BTBIP_OutputDebugString
BTBIP_PutImage
BTBIP_PutImageFile
BTBIP_PutImageFileCompat
BTBIP_PutLinkedThumbnail
BTBIP_PutLinkedThumbnailFile
BTBIP_PutLinkedThumbnailFromImageFile
BTBIP_ResponseCodeToShortText
BTBIP_ResponseCodeToString
BTBIP_SetOnDisconnectedCallback
BTBIP_SetPutImageTimeout
BTBIP_SetTraceLevel

Sections

.text
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btchooser.dll
.dll windows:4 windows x86 arch:x86

c4b231678b053d816e03207c8327d2d7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
_stricmp
_purecall
vsprintf
atoi
malloc
sscanf
_mbscmp
mbstowcs
time
srand
rand
wcslen
free
sprintf
??2@YAPAXI@Z
__CxxFrameHandler
??3@YAXPAX@Z

wbtapi

?Hid_Connect@CWBtAPI@@QAE?AW4WBtRc@@QAEJ@Z
?Hid_Disconnect@CWBtAPI@@QAE?AW4WBtRc@@QAEJ@Z
?GapGetActiveConnections@CWBtAPI@@QAE?AW4WBtRc@@PAJJPAUtBT_ACTIVE_CONNS@@@Z
??0CWBtAPI@@QAE@XZ
?ConnectToServer@CWBtAPI@@QAE?AW4WBtRc@@_NI00@Z
??1CWBtAPI@@QAE@XZ
?SetOnDeviceFoundNoFiltersCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11H@Z0@Z
?SetOnInquiryCompleteCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJF@Z0@Z
?GapStartInquiry@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearDeviceFoundNoFiltersCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearInquiryCompleteCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?GapStopInquiry@CWBtAPI@@QAE?AW4WBtRc@@XZ

widcommsdk

??1CSdpDiscoveryRec@@QAE@XZ
?UnBond@CBtIf@@QAEHQAE@Z
?BondQuery@CBtIf@@QAEHQAE@Z
?IsDeviceReady@CBtIf@@QAEHXZ
?StartDiscovery@CBtIf@@QAEHQAEPAU_GUID@@@Z
??0CBtIf@@QAE@XZ
??1CBtIf@@UAE@XZ
?OnAudioConnected@CBtIf@@UAEXG@Z
?OnAudioDisconnect@CBtIf@@UAEXG@Z
?OnDiscoveryComplete@CBtIf@@UAEXXZ
?Bond@CBtIf@@QAE?AW4BOND_RETURN_CODE@1@QAEPAD@Z
??0CSdpDiscoveryRec@@QAE@XZ

mfc42

ord1116
ord1176
ord1575
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord3571
ord3626
ord3663
ord2414
ord2528
ord1641
ord1146
ord6467
ord860
ord800
ord4160
ord540
ord3092
ord4204
ord5161
ord5162
ord5160
ord4905
ord4948
ord4358
ord5265
ord4377
ord4854
ord4998
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5287
ord3798
ord4835
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord6747
ord6485
ord768
ord4258
ord6215
ord4299
ord6880
ord2864
ord4710
ord4976
ord6199
ord4742
ord5850
ord2881
ord3874
ord6055
ord1776
ord5290
ord4837
ord3402
ord3610
ord656
ord567
ord1577
ord2646
ord4224
ord939
ord537
ord2818
ord2642
ord3619
ord5981
ord5953
ord2860
ord2379
ord535
ord3698
ord765
ord2370
ord6334
ord858
ord6656
ord6602
ord6592
ord5288
ord4439
ord2054
ord4431
ord6529
ord613
ord289
ord6568
ord6488
ord4259
ord4715
ord1168
ord6453
ord3286
ord6907
ord6007
ord3998
ord3701
ord772
ord6142
ord500
ord2582
ord4402
ord3370
ord3640
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord2575
ord4396
ord3574
ord609
ord686
ord693
ord616
ord384
ord3996
ord6696
ord1642
ord2453
ord2862
ord2096
ord4284
ord5860
ord6905
ord2882
ord5849
ord1193
ord1151
ord269
ord826
ord600
ord1578
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord2302

kernel32

GetLastError
Sleep
DeviceIoControl
LocalAlloc
CreateFileA
GetVersionExA
CreateThread
OutputDebugStringA
FreeLibrary
LoadLibraryA
GetProcAddress
GetModuleFileNameA
LocalFree
WaitForMultipleObjects
TerminateThread
CreateEventA
MultiByteToWideChar
lstrcpyA
SetEvent
OpenEventA
WideCharToMultiByte
EnumResourceNamesA
SetLastError
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
InterlockedIncrement
DeleteCriticalSection
InterlockedDecrement
CloseHandle

user32

GetWindowRect
MessageBoxA
GetParent
EnableWindow
SetTimer
SetDlgItemTextW
IsWindow
LoadCursorA
SetCursor
KillTimer
PostThreadMessageA
SystemParametersInfoA
LoadIconA
ShowWindow
SetWindowPos
GetClientRect
CreateWindowExA
PostMessageA
SendMessageA
LoadBitmapA
LoadImageA

gdi32

GetDeviceCaps
CreateFontIndirectA
GetObjectA

advapi32

CryptDestroyKey
RegEnumKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
CryptAcquireContextA
CryptReleaseContext
CryptSetProvParam
InitializeSecurityDescriptor
CryptImportKey
CryptEncrypt
CryptExportKey
CryptGenKey
CryptGetUserKey
CryptDecrypt

comctl32

ImageList_ReplaceIcon
ImageList_Destroy

Exports

Exports

BluetoothSelectDevicesWizard

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 500KB - Virtual size: 499KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btcpl.cpl.manifest1
.xml
btcss.dll
.dll windows:4 windows x86 arch:x86

844fa9fc9f6acc324f6f637980f82ae2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wbtapi

?LapRemoveConnection@CWBtAPI@@QAE?AW4WBtRc@@HF@Z
?DunRemoveConnection@CWBtAPI@@QAE?AW4WBtRc@@HF@Z
?HcrpRemoveConnection@CWBtAPI@@QAE?AW4WBtRc@@XZ
?SyncRemoveServerConnection@CWBtAPI@@QAE?AW4WBtRc@@XZ
?OppRemoveServerConnection@CWBtAPI@@QAE?AW4WBtRc@@XZ
?FtpRemoveServerConnection@CWBtAPI@@QAE?AW4WBtRc@@XZ
?FaxRemoveConnection@CWBtAPI@@QAE?AW4WBtRc@@HF@Z
?SppRemoveConnection@CWBtAPI@@QAE?AW4WBtRc@@HF@Z
?HAG_RemoveServerConnection@CWBtAPI@@QAE?AW4WBtRc@@J@Z
?SppCreateConnection@CWBtAPI@@QAE?AW4WBtRc@@QAEABU_GUID@@PBDH@Z
?LapCreateConnection@CWBtAPI@@QAE?AW4WBtRc@@QAEABU_GUID@@PBDH@Z
?SyncAbort@CWBtAPI@@QAE?AW4WBtRc@@XZ
?LapDisconnect@CWBtAPI@@QAE?AW4WBtRc@@QAE@Z
?BtmResetConfiguration@CWBtAPI@@QAE?AW4WBtRc@@XZ
?HAG_DisconnectHeadset@CWBtAPI@@QAE?AW4WBtRc@@QAEJ@Z
?GapRemoveExtAppConnection@CWBtAPI@@QAE?AW4WBtRc@@QAEPAU_GUID@@@Z
?Hid_Disconnect@CWBtAPI@@QAE?AW4WBtRc@@QAEJ@Z
?HSP_DisconnectGateway@CWBtAPI@@QAE?AW4WBtRc@@QAEJ@Z
?HSP_RemoveServerConnection@CWBtAPI@@QAE?AW4WBtRc@@J@Z
?DunCreateConnection@CWBtAPI@@QAE?AW4WBtRc@@QAEABU_GUID@@PBDH@Z
?HcrpCreateConnection@CWBtAPI@@QAE?AW4WBtRc@@QAEABU_GUID@@PBD@Z
?SyncCreateServerConnection@CWBtAPI@@QAE?AW4WBtRc@@U_GUID@@@Z
?OppCreateServerConnection@CWBtAPI@@QAE?AW4WBtRc@@U_GUID@@@Z
?FtpCreateServerConnection@CWBtAPI@@QAE?AW4WBtRc@@U_GUID@@@Z
?FaxCreateConnection@CWBtAPI@@QAE?AW4WBtRc@@QAEABU_GUID@@PBDH@Z
?HSP_CreateServerConnection@CWBtAPI@@QAE?AW4WBtRc@@XZ
?HAG_CreateServerConnection@CWBtAPI@@QAE?AW4WBtRc@@XZ
?GapGetLocalServices@CWBtAPI@@QAE?AW4WBtRc@@PAHHPAUtBT_SERVICE_INFO@@@Z
?GapGetActiveConnections@CWBtAPI@@QAE?AW4WBtRc@@PAJJPAUtBT_ACTIVE_CONNS@@@Z
?BtmDeviceIsReady@CWBtAPI@@QAEHXZ
??0CWBtAPI@@QAE@XZ
?ConnectToServer@CWBtAPI@@QAE?AW4WBtRc@@_NI00@Z
??1CWBtAPI@@QAE@XZ
?GapGetConnectionStats@CWBtAPI@@QAE?AW4WBtRc@@QAEPAU_GUID@@PBDHPAUtBT_CONN_STATS@@@Z

btosif

?getJobTitle@CBTvCard@@QAEHPADH@Z
?getID@CBTvCard@@QAEHPADH@Z
OSIF_GetObjectName
OSIF_CodeToString
OSIF_FreeObject
OSIF_GetNextObject
OSIF_GetFirstObject
OSIF_WriteObject
OSIF_AddObject
?getCompany@CBTvCard@@QAEHPADH@Z
OSIF_GetObjectById
OSIF_ReadObjects
OSIF_GetObjectCount
OSIF_FindObject
OSIF_OpenX
OSIF_Open
OSIF_Close
?getFirstName@CBTvCard@@QAEHPADH@Z
?getLastName@CBTvCard@@QAEHPADH@Z
?getMiddleName@CBTvCard@@QAEHPADH@Z
?getDepartment@CBTvCard@@QAEHPADH@Z
?getWorkPhone@CBTvCard@@QAEHPADH@Z
?getWorkFax@CBTvCard@@QAEHPADH@Z
?getMobilePhone@CBTvCard@@QAEHPADH@Z
?getHomePhone@CBTvCard@@QAEHPADH@Z
?getWorkAddress@CBTvCard@@QAEHPADH@Z
?getHomeAddress@CBTvCard@@QAEHPADH@Z
OSIF_ModifyObject
?LoadFromVCard@CBTvCard@@QAEXABUtagvCard@@@Z
?getTitle@CBTvCard@@QAEHPADH@Z
?getSuffix@CBTvCard@@QAEHPADH@Z
?getEmailAddress@CBTvCard@@QAEHPADH@Z
??0CBTvCard@@QAE@XZ
?Parse@CBTvCard@@QAEHPAG@Z
?getName@CBTvCard@@QAEHPADH@Z
??0CBTvCard@@QAE@ABUtagvCard@@@Z
??1CBTvCard@@QAE@XZ
OSIF_IsSupported
OSIF_IsPimSupported
OSIF_IsPresent

rasapi32

RasEditPhonebookEntryA

shlwapi

PathFileExistsA
PathIsDirectoryA
StrRetToBufA
PathFindExtensionA

winmm

PlaySoundA

setupapi

SetupDiEnumDeviceInfo
SetupDiOpenDevRegKey
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiClassGuidsFromNameA

mfc42

ord269
ord826
ord600
ord1578
ord1255
ord1253
ord1570
ord1197
ord823
ord5161
ord5162
ord5160
ord4905
ord4742
ord4976
ord4948
ord4358
ord5265
ord4377
ord4854
ord4998
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord3798
ord4835
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3385
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord540
ord489
ord768
ord825
ord800
ord2301
ord2289
ord2370
ord4258
ord6028
ord4224
ord2817
ord4160
ord6334
ord2938
ord1783
ord2642
ord3092
ord860
ord6453
ord1908
ord1690
ord2528
ord6055
ord1776
ord5288
ord4837
ord4439
ord2054
ord771
ord496
ord497
ord4259
ord4715
ord4431
ord2818
ord1151
ord1193
ord1008
ord1243
ord1175
ord6467
ord2109
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord3953
ord2725
ord4424
ord3698
ord5290
ord3402
ord3721
ord765
ord795
ord567
ord2302
ord6215
ord5953
ord2882
ord2864
ord6199
ord2614
ord535
ord858
ord641
ord2915
ord2299
ord3874
ord5981
ord3093
ord4674
ord3663
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord2575
ord4396
ord3574
ord609
ord616
ord5856
ord5683
ord3499
ord3177
ord2515
ord355
ord3098
ord4277
ord668
ord3181
ord4204
ord3178
ord2781
ord2770
ord356
ord1779
ord4055
ord3317
ord5440
ord6383
ord5450
ord6394
ord4284
ord1200
ord3337
ord3811
ord2813
ord920
ord5933
ord324
ord2652
ord1669
ord1168
ord6378
ord6197
ord6380
ord1116
ord6880
ord5303
ord2726
ord4699
ord5715
ord3353
ord565
ord817
ord1948
ord1106
ord4376
ord4853
ord5280
ord3597
ord4234
ord941
ord4710
ord2645
ord3996
ord6696
ord6007
ord6907
ord3998
ord3286
ord3097
ord939
ord6877
ord2763
ord2582
ord4402
ord3640
ord693
ord2841
ord4243
ord2639
ord3293
ord955
ord2107
ord1146
ord2859
ord5651
ord3130
ord3676
ord5575
ord2141
ord350
ord433
ord1601
ord541
ord801
ord6143
ord5572
ord2122
ord1088
ord491
ord1907
ord4275
ord6442
ord1940
ord556
ord809
ord4270
ord755
ord6172
ord5875
ord2754
ord940
ord5789
ord2860
ord470
ord2379
ord2448
ord3496
ord6905
ord6904
ord3910
ord2044
ord5834
ord342
ord1182
ord1577
ord1575
ord1176
ord537
ord4299

msvcrt

strncmp
_mbsnbcpy
_mbsicoll
strstr
strncpy
_ftol
isprint
_mbsnbcmp
sscanf
_strupr
malloc
atoi
_mbschr
swprintf
wcscpy
wcslen
wcscmp
wcschr
vsprintf
isdigit
toupper
_memicmp
_stricmp
_mbsnbcat
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
_mbsicmp
calloc
free
sprintf
_purecall
_mbscmp
__CxxFrameHandler

kernel32

ResumeThread
GetCurrentDirectoryA
GetWindowsDirectoryA
SetCurrentDirectoryA
WinExec
Sleep
LoadLibraryA
FreeLibrary
OutputDebugStringA
MultiByteToWideChar
GetVersionExA
CreateFileA
DeviceIoControl
CloseHandle
GetProcAddress
lstrcmpA
lstrcpyA
GlobalAlloc
GlobalFree
FormatMessageA
LocalFree
GetModuleHandleA
GetEnvironmentVariableA
GetSystemDirectoryA
FindFirstFileA
FindClose
CreateProcessA
WaitForSingleObject
CreateMutexA
CreateEventA
CreateThread
CallNamedPipeA
SetEvent
ReleaseMutex
InterlockedDecrement
DeleteCriticalSection
InterlockedIncrement
GetTempPathW
GetTempPathA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLocaleInfoA
LocalAlloc
LocalLock
GetNumberFormatA
GetUserDefaultLCID
GetProfileStringA
lstrlenA
EnumResourceNamesA
GetLastError
SetLastError
WideCharToMultiByte
lstrcpynA

user32

GetCursorPos
WindowFromPoint
OffsetRect
IsWindowVisible
GetForegroundWindow
CallWindowProcW
CheckDlgButton
CheckRadioButton
SetClassLongW
CreateWindowExW
DestroyWindow
LoadStringW
GetWindowTextW
FindWindowExA
GetDC
ReleaseDC
GetSystemMetrics
LoadIconA
GetClientRect
SetForegroundWindow
PostMessageA
PeekMessageA
TranslateMessage
DispatchMessageA
RegisterWindowMessageA
SendMessageA
EnableWindow
SetFocus
BringWindowToTop
SetWindowPos
SetTimer
KillTimer
GetParent
MessageBoxA
SetWindowTextA
ShowWindow
GetDlgItem
SetWindowLongA
GetWindowLongA
GetClassNameA
EnumWindows
SetCursor
LoadCursorA
LoadBitmapA
IsWindow
SetActiveWindow
GetWindowRect
PostQuitMessage

gdi32

GetTextMetricsA
GetTextExtentPoint32A

comdlg32

GetOpenFileNameA

winspool.drv

GetPrinterA
EnumJobsA
EnumPrintersA
ClosePrinter
OpenPrinterA
GetPrinterDataA

advapi32

CryptEncrypt
OpenSCManagerA
CryptAcquireContextA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegEnumKeyExA
RegDeleteKeyA
CloseServiceHandle
StartServiceA
QueryServiceStatus
ControlService
RegEnumValueA
RegQueryInfoKeyA
CryptImportKey
CryptDecrypt
CryptGetUserKey
CryptGenKey
CryptExportKey
CryptReleaseContext
CryptDestroyKey
InitializeSecurityDescriptor
CryptSetProvParam
OpenServiceA

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc

ole32

CoUninitialize
CoInitialize

Exports

Exports

??0CBTNotificationPropertyPage@@QAE@K@Z
??0CBTNotificationPropertyPage@@QAE@XZ
??0CBTServicePropertySheet@@QAE@IPAVCWnd@@I@Z
??0CBTServicePropertySheet@@QAE@PBDPAVCWnd@@I@Z
??1CBTNotificationPropertyPage@@UAE@XZ
??1CBTServicePropertySheet@@UAE@XZ
??_7CBTNotificationPropertyPage@@6B@
??_7CBTServicePropertySheet@@6B@
?BTCSS_ConnectionStatusVisible@@YAHQAEABU_GUID@@PBDH@Z
?BTCSS_PropertiesVisible@@YAHABU_GUID@@PBDH@Z
?Cleanup@CBTNotificationPropertyPage@@QAEXXZ
?CreateObject@CBTNotificationPropertyPage@@SGPAVCObject@@XZ
?DoDataExchange@CBTNotificationPropertyPage@@MAEXPAVCDataExchange@@@Z
?GetMessageMap@CBTNotificationPropertyPage@@MBEPBUAFX_MSGMAP@@XZ
?GetMessageMap@CBTServicePropertySheet@@MBEPBUAFX_MSGMAP@@XZ
?GetRuntimeClass@CBTNotificationPropertyPage@@UBEPAUCRuntimeClass@@XZ
?GetRuntimeClass@CBTServicePropertySheet@@UBEPAUCRuntimeClass@@XZ
?OnApply@CBTNotificationPropertyPage@@UAEHXZ
?OnCancel@CBTNotificationPropertyPage@@UAEXXZ
?OnCheckAudio@CBTNotificationPropertyPage@@IAEXXZ
?OnCheckNone@CBTNotificationPropertyPage@@IAEXXZ
?OnCheckVisual@CBTNotificationPropertyPage@@IAEXXZ
?OnCmdMsg@CBTServicePropertySheet@@UAEHIHPAXPAUAFX_CMDHANDLERINFO@@@Z
?OnEditchange@CBTNotificationPropertyPage@@IAEXXZ
?OnInitDialog@CBTNotificationPropertyPage@@MAEHXZ
?OnInitDialog@CBTServicePropertySheet@@UAEHXZ
?OnOK@CBTNotificationPropertyPage@@UAEXXZ
?OnPreviewStart@CBTNotificationPropertyPage@@IAEXXZ
?OnSelchange@CBTNotificationPropertyPage@@IAEXXZ
?OnSoundBrowse@CBTNotificationPropertyPage@@IAEXXZ
?OnTimer@CBTNotificationPropertyPage@@IAEXI@Z
?Read@CBTNotificationPropertyPage@@QAEHXZ
?ReadSoundsFromCurrentDirectoryIntoList@CBTNotificationPropertyPage@@QAEXXZ
?Save@CBTNotificationPropertyPage@@QAEHXZ
?_GetBaseClass@CBTNotificationPropertyPage@@KGPAUCRuntimeClass@@XZ
?_GetBaseClass@CBTServicePropertySheet@@KGPAUCRuntimeClass@@XZ
?_GetBaseMessageMap@CBTNotificationPropertyPage@@KGPBUAFX_MSGMAP@@XZ
?_GetBaseMessageMap@CBTServicePropertySheet@@KGPBUAFX_MSGMAP@@XZ
?_messageEntries@CBTNotificationPropertyPage@@0QBUAFX_MSGMAP_ENTRY@@B
?_messageEntries@CBTServicePropertySheet@@0QBUAFX_MSGMAP_ENTRY@@B
?classCBTNotificationPropertyPage@CBTNotificationPropertyPage@@2UCRuntimeClass@@B
?classCBTServicePropertySheet@CBTServicePropertySheet@@2UCRuntimeClass@@B
?messageMap@CBTNotificationPropertyPage@@1UAFX_MSGMAP@@B
?messageMap@CBTServicePropertySheet@@1UAFX_MSGMAP@@B
?setBitmapButton@CBTNotificationPropertyPage@@QAEXXZ
BT_ChooseBusCard
BT_ExecUIFunctionProperty
BT_ExecUIFunctionStatus
BT_ShowConnectionStatus
BT_ShowConnectionStatusModal
BT_ShowProperties
BT_ShowPropertiesModal

Sections

.text
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btcss.dll.manifest1
.xml
btdfuwizardp.exe
.exe windows:4 windows x86 arch:x86

4769dcb0553869517f3a1cc1cc45a193

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord641
ord656
ord609
ord2514
ord2621
ord1134
ord5265
ord4376
ord4853
ord4998
ord6052
ord1775
ord5280
ord4425
ord3597
ord4407
ord3610
ord2575
ord6055
ord4078
ord1776
ord4396
ord5241
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord3402
ord4627
ord3574
ord1146
ord5307
ord860
ord567
ord324
ord2302
ord4234
ord1105
ord6334
ord2818
ord2642
ord6215
ord4710
ord535
ord2379
ord755
ord470
ord1200
ord4160
ord1979
ord665
ord5186
ord354
ord922
ord537
ord5442
ord5773
ord941
ord3698
ord765
ord4275
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord5873
ord5789
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord3571
ord3626
ord3663
ord3706
ord640
ord5785
ord2414
ord6172
ord5781
ord1641
ord5875
ord2754
ord6194
ord1640
ord323
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4673
ord4129
ord858
ord2915
ord825
ord2614
ord540
ord1168
ord800
ord1576

msvcrt

exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_exit
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
calloc
_setmbcp
__CxxFrameHandler
_XcptFilter
strncpy
strncmp
free
_ftol

kernel32

GetModuleFileNameA
GetCurrentProcess
GetStartupInfoA
GetModuleHandleA
GetProcAddress
CreateDirectoryA
GetLastError
RemoveDirectoryA
CreateProcessA
WaitForSingleObject
CloseHandle
GetTempPathA

user32

InvalidateRect
GetSysColor
EnableWindow
PostMessageA
IsWindow
GetSystemMetrics
GetClientRect
DrawIcon
SendMessageA
GrayStringA
DrawTextA
TabbedTextOutA
IsIconic
RedrawWindow
LoadIconA

gdi32

ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateCompatibleBitmap
CreateCompatibleDC
CreateRectRgn
BitBlt
Escape

shell32

SHFileOperationA

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
btfaxmdm.cat
btfaxmdm.inf
btfaxmdm.inf1
bthcrp.dll
.dll windows:4 windows x86 arch:x86

72c0e8d3a14f0ef12c6329f2cac173e5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winspool.drv

GetPrinterDataW
OpenPrinterW
SetPortW
SetJobW
EnumPortsW
ClosePrinter

widcommsdk

?Register@CL2CapIf@@QAEHXZ
??1CL2CapIf@@QAE@XZ
??1CL2CapConn@@UAE@XZ
?OnDataReceived@CL2CapConn@@UAEXPAXG@Z
?OnAudioConnected@CL2CapConn@@UAEXG@Z
?OnAudioDisconnect@CL2CapConn@@UAEXG@Z
?OnIncomingConnection@CL2CapConn@@UAEXXZ
?OnConnectPendingReceived@CL2CapConn@@UAEXXZ
?AssignPsmValue@CL2CapIf@@QAEHPAU_GUID@@G@Z
??0CL2CapIf@@QAE@XZ
??0CL2CapConn@@QAE@XZ
?Connect@CL2CapConn@@QAEHPAVCL2CapIf@@QAEG@Z
?Write@CL2CapConn@@QAEHPAXGPAG@Z
?SetSecurityLevel@CL2CapIf@@QAEHPADEH@Z

kernel32

WideCharToMultiByte
MultiByteToWideChar
lstrcpyW
lstrlenW
GlobalFree
lstrcmpiW
FreeLibrary
LoadLibraryW
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetTickCount
WaitForSingleObject
ResetEvent
SetEvent
Process32NextW
OpenProcess
Process32FirstW
SetLastError
GetVersionExW
CreateEventW
GetProcAddress
OutputDebugStringW
FlushFileBuffers
SetCommTimeouts
GetCommTimeouts
DisableThreadLibraryCalls
GlobalAlloc
GetCurrentThread
lstrcmpW
SetFilePointer
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetVersionExA
CreateFileA
DeviceIoControl
GetLastError
Sleep
CloseHandle
GetCPInfo
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
LoadLibraryA
SetStdHandle
CreateToolhelp32Snapshot
CreateThread
GetCurrentThreadId
TlsSetValue
TlsGetValue
ExitThread
HeapFree
HeapAlloc
InterlockedDecrement
InterlockedIncrement
RtlUnwind
HeapReAlloc
GetCommandLineA
GetVersion
TlsAlloc
TlsFree
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType

user32

wvsprintfW
FindWindowA
SendMessageW
LoadStringW
PeekMessageA

advapi32

ImpersonateLoggedOnUser
RegOpenCurrentUser
RevertToSelf
OpenProcessToken
GetTokenInformation
RegEnumValueW
RegDeleteValueW
RegEnumKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegSetValueExW

Exports

Exports

DllEntryPoint
InitializeMonitorEx

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bthcrp98.dll
.dll windows:4 windows x86 arch:x86

f9f818488a9e1fc6a12989732d836446

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winspool.drv

SetPrinterDataA
GetPrinterDataA
OpenPrinterA
SetJobA
EnumPortsA
ClosePrinter

widcommsdk

?Register@CL2CapIf@@QAEHXZ
??1CL2CapIf@@QAE@XZ
??1CL2CapConn@@UAE@XZ
?OnDataReceived@CL2CapConn@@UAEXPAXG@Z
?OnAudioConnected@CL2CapConn@@UAEXG@Z
?OnAudioDisconnect@CL2CapConn@@UAEXG@Z
?OnIncomingConnection@CL2CapConn@@UAEXXZ
?OnConnectPendingReceived@CL2CapConn@@UAEXXZ
?AssignPsmValue@CL2CapIf@@QAEHPAU_GUID@@G@Z
??0CL2CapIf@@QAE@XZ
??0CL2CapConn@@QAE@XZ
?Connect@CL2CapConn@@QAEHPAVCL2CapIf@@QAEG@Z
?Write@CL2CapConn@@QAEHPAXGPAG@Z
?SetSecurityLevel@CL2CapIf@@QAEHPADEH@Z

kernel32

GetLastError
DeviceIoControl
CreateFileA
GetVersionExA
SetLastError
OutputDebugStringA
WideCharToMultiByte
MultiByteToWideChar
lstrcpyA
lstrlenA
GlobalFree
lstrcmpiA
FreeLibrary
LoadLibraryA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetTickCount
WaitForSingleObject
ResetEvent
SetEvent
Sleep
CreateEventA
FlushFileBuffers
GetProcAddress
CreateMutexA
DisableThreadLibraryCalls
GlobalAlloc
GetCurrentThread
lstrcmpA
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
CloseHandle
SetFilePointer
GetCPInfo
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
SetStdHandle
CreateThread
GetCurrentThreadId
TlsSetValue
TlsGetValue
ExitThread
HeapFree
HeapAlloc
InterlockedDecrement
InterlockedIncrement
RtlUnwind
HeapReAlloc
GetCommandLineA
GetVersion
TlsAlloc
TlsFree
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle

user32

wvsprintfA
FindWindowA
SendMessageA
LoadStringA
PeekMessageA

advapi32

RegEnumValueA
RegDeleteValueA
RegEnumKeyExA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueExA

Exports

Exports

DllEntryPoint
InitializeMonitorEx

Sections

.text
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bthcrpui.dll
.dll windows:4 windows x86 arch:x86

34270fcb3051437e84059bdc0503d09f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

widcommsdk

??0CSdpDiscoveryRec@@QAE@XZ
?ReadDiscoveryRecords@CBtIf@@QAEHQAEHPAVCSdpDiscoveryRec@@PAU_GUID@@@Z
??1CSdpDiscoveryRec@@QAE@XZ
?StartDiscovery@CBtIf@@QAEHQAEPAU_GUID@@@Z
?StartInquiry@CBtIf@@QAEHXZ
?StopInquiry@CBtIf@@QAEXXZ
??1CBtIf@@UAE@XZ
??0CBtIf@@QAE@XZ
?OnAudioConnected@CBtIf@@UAEXG@Z
?OnAudioDisconnect@CBtIf@@UAEXG@Z
?OnDiscoveryComplete@CBtIf@@UAEXGJ@Z
?OnStackStatusChange@CBtIf@@UAEXW4STACK_STATUS@1@@Z

kernel32

WaitForSingleObject
CloseHandle
CreateEventW
OutputDebugStringW
DisableThreadLibraryCalls
LocalFree
FormatMessageW
GlobalAlloc
OutputDebugStringA
WideCharToMultiByte
ReleaseMutex
CallNamedPipeA
CreateThread
CreateMutexW
GetModuleHandleW
GetCPInfo
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
SetFilePointer
WriteFile
GetEnvironmentStringsW
GetVersionExW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCurrentProcess
TerminateProcess
LCMapStringW
LCMapStringA
ExitProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
LoadLibraryA
GetModuleFileNameA
lstrcpyW
lstrcatW
lstrlenW
GlobalFree
MultiByteToWideChar
SetEvent
LoadLibraryW
GetProcAddress
FreeLibrary
GetLastError
SetLastError
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
SetStdHandle
ReadFile
FlushFileBuffers
GetModuleHandleA
TlsGetValue
TlsFree
TlsAlloc
GetEnvironmentStrings
RtlUnwind
HeapFree
HeapReAlloc
HeapAlloc
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue

user32

SetWindowLongW
wsprintfW
IsWindow
DialogBoxParamW
EnableWindow
CallWindowProcW
CheckDlgButton
CheckRadioButton
PostMessageW
SetClassLongW
DestroyWindow
wvsprintfW
WinHelpW
ShowWindow
SetWindowPos
InvalidateRect
SendDlgItemMessageW
MessageBoxW
SetDlgItemTextW
GetWindowLongW
EndDialog
SetWindowTextW
SetForegroundWindow
GetDlgItem
LoadCursorW
SetCursor
GetDlgItemTextW
GetClientRect
CreateWindowExW
LoadIconW
GetWindowRect
LoadStringW
SendMessageW

advapi32

CryptSetProvParam
RegQueryValueExW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
CryptImportKey
CryptDecrypt
CryptGetUserKey
CryptGenKey
CryptExportKey
CryptEncrypt
CryptDestroyKey
InitializeSecurityDescriptor
CryptReleaseContext
CryptAcquireContextW
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW
RegCloseKey

winspool.drv

XcvDataW
OpenPrinterW
EnumPortsW
ClosePrinter

comctl32

ImageList_Create
ImageList_ReplaceIcon

Exports

Exports

DllEntryPoint
InitializePrintMonitorUI

Sections

.text
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bthcrpui98.dll
.dll windows:4 windows x86 arch:x86

bfbdee54e5c208693077f6e03dab18eb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

widcommsdk

??0CSdpDiscoveryRec@@QAE@XZ
?ReadDiscoveryRecords@CBtIf@@QAEHQAEHPAVCSdpDiscoveryRec@@PAU_GUID@@@Z
??1CSdpDiscoveryRec@@QAE@XZ
?StartDiscovery@CBtIf@@QAEHQAEPAU_GUID@@@Z
?StartInquiry@CBtIf@@QAEHXZ
?StopInquiry@CBtIf@@QAEXXZ
??1CBtIf@@UAE@XZ
??0CBtIf@@QAE@XZ
?OnAudioConnected@CBtIf@@UAEXG@Z
?OnAudioDisconnect@CBtIf@@UAEXG@Z
?OnDiscoveryComplete@CBtIf@@UAEXGJ@Z
?OnStackStatusChange@CBtIf@@UAEXW4STACK_STATUS@1@@Z

kernel32

CloseHandle
CreateEventA
OutputDebugStringA
DisableThreadLibraryCalls
GlobalAlloc
WideCharToMultiByte
MultiByteToWideChar
ReleaseMutex
CallNamedPipeA
CreateThread
CreateMutexA
GetModuleHandleA
GetCPInfo
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
SetFilePointer
WriteFile
GetEnvironmentStringsW
WaitForSingleObject
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCurrentProcess
TerminateProcess
LCMapStringW
LCMapStringA
ExitProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetModuleFileNameA
TlsGetValue
GetVersionExA
SetLastError
lstrlenA
lstrcpyA
lstrcatA
GlobalFree
SetEvent
GetLastError
LoadLibraryA
GetProcAddress
FreeLibrary
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
SetStdHandle
ReadFile
FlushFileBuffers
TlsFree
TlsAlloc
GetEnvironmentStrings
RtlUnwind
HeapFree
HeapReAlloc
HeapAlloc
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue

user32

SetWindowLongA
wsprintfA
CallWindowProcW
CheckDlgButton
CheckRadioButton
PostMessageA
SetClassLongW
CreateWindowExW
DestroyWindow
wvsprintfA
WinHelpA
ShowWindow
SetWindowPos
InvalidateRect
SendDlgItemMessageA
MessageBoxA
SetDlgItemTextA
GetWindowLongA
EndDialog
SetWindowTextA
SetForegroundWindow
DialogBoxParamA
LoadCursorA
SetCursor
GetDlgItemTextA
GetClientRect
CreateWindowExA
LoadIconA
GetWindowRect
LoadStringA
GetDlgItem
EnableWindow
IsWindow
SendMessageA

advapi32

CryptAcquireContextA
RegQueryValueExA
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
CryptImportKey
CryptDecrypt
CryptGetUserKey
CryptGenKey
CryptExportKey
CryptEncrypt
CryptDestroyKey
InitializeSecurityDescriptor
CryptSetProvParam
CryptReleaseContext
RegDeleteValueA
RegSetValueExA
RegOpenKeyExA
RegCloseKey

winspool.drv

EnumPortsA

comctl32

ImageList_Create
ImageList_ReplaceIcon

Exports

Exports

AddPortUIWin98
DllEntryPoint

Sections

.text
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btkrnl.inf
btmcrcam.dll
.dll windows:5 windows x86 arch:x86

9b6b152bacae7c45ca2365d0ccad1a15

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_vsnprintf
strrchr
_snprintf
sprintf
malloc
wcstol
??3@YAXPAX@Z
??2@YAPAXI@Z
wcscpy
wcsncpy
wcslen
free
realloc
swscanf
_wcsicmp

kernel32

GetLocalTime
DisableThreadLibraryCalls
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentThreadId
FormatMessageA
DebugBreak
lstrcpyA
lstrcatA
GetModuleFileNameA
lstrcpynA
OutputDebugStringA
WaitForSingleObject
ExpandEnvironmentStringsA
HeapFree
CreateMutexA
HeapAlloc
GetProcessHeap
ReleaseMutex
FlushFileBuffers
WriteFile
SetFilePointerEx
CreateFileA

advapi32

RegCreateKeyExA
RegSetValueExA
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

btbip

BTBIP_AllocateResponse
BTBIP_GetImageProperties
BTBIP_FreeResponse
BTBIP_GetMonitoringImage
BTBIP_GetLinkedThumbnail
BTBIP_DeleteImage
BTBIP_SetOnDisconnectedCallback
BTBIP_Disconnect
BTBIP_GetImageFirst
BTBIP_GetImagesList
BTBIP_GetImageNext
BTBIP_ResponseCodeToShortText
BTBIP_GetSupported
BTBIP_Connect

Exports

Exports

DllCanUnloadNow
WiaMCamClose
WiaMCamDeleteItem
WiaMCamFreeItemInfo
WiaMCamFreeThumbnail
WiaMCamGetDeviceInfo
WiaMCamGetItemData
WiaMCamGetItemInfo
WiaMCamGetMonitoringImage
WiaMCamGetThumbnail
WiaMCamInit
WiaMCamOpen
WiaMCamReadEvent
WiaMCamReset
WiaMCamSetItemProt
WiaMCamStatus
WiaMCamStopEvents
WiaMCamTakePicture
WiaMCamUnInit
_DllEntryPoint@12

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btnulmdm.inf
btosif_olx.dll
.dll windows:4 windows x86 arch:x86

e81bbb29a621474e5d67d96a06b1e6f0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

ntohl
bind
sendto
socket
WSAStartup

mapi32

ord17
ord140

btosif

OSIF_EncodeFile
OSIF_Free
OSIF_DecodeFile
OSIF_Alloc

mfc42

ord924
ord860
ord5710
ord4129
ord2763
ord858
ord2813
ord540
ord928
ord5934
ord936
ord823
ord665
ord5583
ord1979
ord6385
ord5186
ord354
ord861
ord398
ord700
ord535
ord537
ord913
ord5594
ord922
ord3439
ord4189
ord2393
ord2614
ord4204
ord6282
ord539
ord5632
ord3880
ord3425
ord3054
ord3227
ord3408
ord6877
ord4278
ord6662
ord6567
ord1085
ord5601
ord6648
ord833
ord6672
ord834
ord3055
ord3758
ord2814
ord919
ord2915
ord5572
ord542
ord939
ord269
ord2765
ord3810
ord800
ord815
ord825
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord6467
ord1255
ord1253
ord3830
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord3953
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord1168
ord1575
ord1176
ord1116
ord941
ord802
ord2818
ord1578
ord600
ord826
ord5933

msvcrt

_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
wcsstr
_mbschr
_mbsnbcat
strncpy
towupper
wcschr
wcstok
time
srand
rand
atol
_beginthreadex
wcscmp
strstr
_wremove
remove
fgetc
fseek
ftell
fclose
_wfopen
fopen
_errno
strerror
fprintf
fputc
strchr
_mbsnbcpy
atoi
sscanf
_mbscmp
_purecall
malloc
free
sprintf
toupper
isdigit
vsprintf
wcsncpy
wcscat
swprintf
wcscpy
__CxxFrameHandler
_CxxThrowException
wcslen
fgets

kernel32

GetTempFileNameA
GetTempFileNameW
GetTempPathW
GetLocaleInfoA
GetVersionExA
GetProcAddress
LoadLibraryA
FreeLibrary
GetFileAttributesW
WaitForSingleObject
ResetEvent
TerminateThread
CloseHandle
CreateEventA
SystemTimeToFileTime
FileTimeToSystemTime
LocalFileTimeToFileTime
IsValidCodePage
GetEnvironmentVariableA
GetFileAttributesA
CopyFileW
CopyFileA
MoveFileW
MoveFileA
InterlockedIncrement
GetTempPathA
InterlockedDecrement
Sleep
LocalAlloc
lstrlenA
FormatMessageA
GetLastError
WideCharToMultiByte
MultiByteToWideChar
SetEvent
LocalFree

user32

wsprintfA
PeekMessageA
DispatchMessageA
PostThreadMessageA
GetMessageA
RegisterWindowMessageA
PostMessageA
TranslateMessage

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueExA

ole32

CoCreateInstance
OleRun

oleaut32

GetErrorInfo
VariantClear
SysFreeString
SysAllocStringLen
SysAllocString
SysStringLen

Exports

Exports

OSIF_LoadInterface

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btpcbcsp.cat
btpcbcsp.inf
btpcbcsp.inf1
btpcbcsp.inf2
btpcbcsp.sys
.sys windows:4 windows x86 arch:x86

3ff176fca1da5a096d2c4cc83f292a04

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
ObfDereferenceObject
RtlCompareMemory
KeSetEvent
InterlockedIncrement
InterlockedDecrement
KeWaitForSingleObject
KeInitializeEvent
ExFreePool
IoDeleteDevice
IoDetachDevice
PoSetPowerState
KeInitializeDpc
ExAllocatePoolWithTag
IoGetDeviceProperty
IoAttachDeviceToDeviceStack
KeInitializeSpinLock
IoCreateDevice
RtlUnicodeStringToAnsiString
IoConnectInterrupt
IofCompleteRequest
IoSetDeviceInterfaceState
IoDisconnectInterrupt
KeDelayExecutionThread
RtlFreeAnsiString
IoGetDeviceObjectPointer
KeQuerySystemTime
PoCallDriver
PoStartNextPowerIrp
IoCancelIrp
PoRequestPowerIrp
InterlockedExchange
ExQueueWorkItem
IoAllocateIrp
ZwClose
IoOpenDeviceRegistryKey
ZwQueryValueKey
ObReferenceObjectByHandle
PsCreateSystemThread
KeClearEvent
IofCallDriver
IoFreeIrp
ZwSetValueKey
wcscpy
wcslen
RtlFreeUnicodeString
IoRegisterDeviceInterface
PsTerminateSystemThread
KeSynchronizeExecution
memmove
KeQueryInterruptTime
KeInsertQueueDpc
KeSetPriorityThread
KeGetCurrentThread
IoIsWdmVersionAvailable
RtlUnwind

hal

KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock
WRITE_PORT_UCHAR
KeStallExecutionProcessor
READ_PORT_UCHAR

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PNP
Size: 96B - Virtual size: 67B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btpcbcsp.sys1
.sys windows:4 windows x86 arch:x86

3ff176fca1da5a096d2c4cc83f292a04

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
ObfDereferenceObject
RtlCompareMemory
KeSetEvent
InterlockedIncrement
InterlockedDecrement
KeWaitForSingleObject
KeInitializeEvent
ExFreePool
IoDeleteDevice
IoDetachDevice
PoSetPowerState
KeInitializeDpc
ExAllocatePoolWithTag
IoGetDeviceProperty
IoAttachDeviceToDeviceStack
KeInitializeSpinLock
IoCreateDevice
RtlUnicodeStringToAnsiString
IoConnectInterrupt
IofCompleteRequest
IoSetDeviceInterfaceState
IoDisconnectInterrupt
KeDelayExecutionThread
RtlFreeAnsiString
IoGetDeviceObjectPointer
KeQuerySystemTime
PoCallDriver
PoStartNextPowerIrp
IoCancelIrp
PoRequestPowerIrp
InterlockedExchange
ExQueueWorkItem
IoAllocateIrp
ZwClose
IoOpenDeviceRegistryKey
ZwQueryValueKey
ObReferenceObjectByHandle
PsCreateSystemThread
KeClearEvent
IofCallDriver
IoFreeIrp
ZwSetValueKey
wcscpy
wcslen
RtlFreeUnicodeString
IoRegisterDeviceInterface
PsTerminateSystemThread
KeSynchronizeExecution
memmove
KeQueryInterruptTime
KeInsertQueueDpc
KeSetPriorityThread
KeGetCurrentThread
IoIsWdmVersionAvailable
RtlUnwind

hal

KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock
WRITE_PORT_UCHAR
KeStallExecutionProcessor
READ_PORT_UCHAR

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PNP
Size: 96B - Virtual size: 67B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btpcbcsp.sys2
.sys windows:4 windows x86 arch:x86

3ff176fca1da5a096d2c4cc83f292a04

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
ObfDereferenceObject
RtlCompareMemory
KeSetEvent
InterlockedIncrement
InterlockedDecrement
KeWaitForSingleObject
KeInitializeEvent
ExFreePool
IoDeleteDevice
IoDetachDevice
PoSetPowerState
KeInitializeDpc
ExAllocatePoolWithTag
IoGetDeviceProperty
IoAttachDeviceToDeviceStack
KeInitializeSpinLock
IoCreateDevice
RtlUnicodeStringToAnsiString
IoConnectInterrupt
IofCompleteRequest
IoSetDeviceInterfaceState
IoDisconnectInterrupt
KeDelayExecutionThread
RtlFreeAnsiString
IoGetDeviceObjectPointer
KeQuerySystemTime
PoCallDriver
PoStartNextPowerIrp
IoCancelIrp
PoRequestPowerIrp
InterlockedExchange
ExQueueWorkItem
IoAllocateIrp
ZwClose
IoOpenDeviceRegistryKey
ZwQueryValueKey
ObReferenceObjectByHandle
PsCreateSystemThread
KeClearEvent
IofCallDriver
IoFreeIrp
ZwSetValueKey
wcscpy
wcslen
RtlFreeUnicodeString
IoRegisterDeviceInterface
PsTerminateSystemThread
KeSynchronizeExecution
memmove
KeQueryInterruptTime
KeInsertQueueDpc
KeSetPriorityThread
KeGetCurrentThread
IoIsWdmVersionAvailable
RtlUnwind

hal

KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock
WRITE_PORT_UCHAR
KeStallExecutionProcessor
READ_PORT_UCHAR

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PNP
Size: 96B - Virtual size: 67B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btpcfrh4.inf
btpcfrh4.inf1
btpcfrh4.inf2
btpch4.sys
.sys windows:4 windows x86 arch:x86

4a6aa6e71234bd72a1012263bdbd613d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlFreeAnsiString
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
ObfDereferenceObject
KeSetEvent
InterlockedIncrement
InterlockedDecrement
KeWaitForSingleObject
KeInitializeEvent
ExFreePool
IoDeleteDevice
IoDetachDevice
PoSetPowerState
KeInitializeDpc
ExAllocatePoolWithTag
IoGetDeviceObjectPointer
IoAttachDeviceToDeviceStack
KeInitializeSpinLock
IoCreateDevice
IoAllocateIrp
IoConnectInterrupt
IofCompleteRequest
IoSetDeviceInterfaceState
IoDisconnectInterrupt
IofCallDriver
IoFreeIrp
PoCallDriver
PoStartNextPowerIrp
IoCancelIrp
PoRequestPowerIrp
InterlockedExchange
ExQueueWorkItem
IoGetDeviceProperty
ZwClose
IoOpenDeviceRegistryKey
ZwQueryValueKey
KeClearEvent
wcscpy
wcslen
ZwSetValueKey
RtlFreeUnicodeString
IoRegisterDeviceInterface
KeSynchronizeExecution
memmove
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
KeInsertQueueDpc
IoIsWdmVersionAvailable

hal

KeGetCurrentIrql
READ_PORT_UCHAR
WRITE_PORT_UCHAR

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PNP
Size: 96B - Virtual size: 67B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 448B - Virtual size: 422B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 832B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btpch4.sys1
.sys windows:4 windows x86 arch:x86

4a6aa6e71234bd72a1012263bdbd613d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlFreeAnsiString
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
ObfDereferenceObject
KeSetEvent
InterlockedIncrement
InterlockedDecrement
KeWaitForSingleObject
KeInitializeEvent
ExFreePool
IoDeleteDevice
IoDetachDevice
PoSetPowerState
KeInitializeDpc
ExAllocatePoolWithTag
IoGetDeviceObjectPointer
IoAttachDeviceToDeviceStack
KeInitializeSpinLock
IoCreateDevice
IoAllocateIrp
IoConnectInterrupt
IofCompleteRequest
IoSetDeviceInterfaceState
IoDisconnectInterrupt
IofCallDriver
IoFreeIrp
PoCallDriver
PoStartNextPowerIrp
IoCancelIrp
PoRequestPowerIrp
InterlockedExchange
ExQueueWorkItem
IoGetDeviceProperty
ZwClose
IoOpenDeviceRegistryKey
ZwQueryValueKey
KeClearEvent
wcscpy
wcslen
ZwSetValueKey
RtlFreeUnicodeString
IoRegisterDeviceInterface
KeSynchronizeExecution
memmove
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
KeInsertQueueDpc
IoIsWdmVersionAvailable

hal

KeGetCurrentIrql
READ_PORT_UCHAR
WRITE_PORT_UCHAR

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PNP
Size: 96B - Virtual size: 67B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 448B - Virtual size: 422B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 832B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btpcibm.cat
btpcibm.cat2
btpcibm.inf
btpcibm.inf1
btpcibm.inf2
btpcphil.cat
btpcphil.cat2
btpcphil.inf
btpcphil.inf1
btpctse.cat
btpctse.cat2
btpctse.inf
btpctse.inf1
btpctse.inf2
btport.cat
btport.inf1
btprn2k.dll
.dll windows:4 windows x86 arch:x86

d2ecf0de551fd1c32a1478fcbea8f056

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

setupapi

SetupOpenInfFileA
SetupFindFirstLineA
SetupGetStringFieldA
SetupGetFieldCount
SetupFindNextMatchLineA
SetupCloseInfFile
SetupDiEnumDriverInfoA
SetupDiGetDriverInfoDetailA
SetupDiSetSelectedDriverA
SetupDiCreateDeviceInfoList
SetupDiBuildDriverInfoList
SetupDiGetSelectedDriverA
SetupDiDestroyDriverInfoList
SetupDiSetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiCallClassInstaller

kernel32

TlsGetValue
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
LCMapStringW
LCMapStringA
WideCharToMultiByte
SetLastError
GetLastError
OutputDebugStringA
MultiByteToWideChar
lstrcpyA
Sleep
GetVersionExA
lstrcmpiA
lstrlenA
DeleteFileA
GetSystemDirectoryA
FreeLibrary
CloseHandle
FlushFileBuffers
ReadFile
SetStdHandle
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
LoadLibraryA
SetFilePointer
RtlUnwind
HeapFree
HeapAlloc
HeapReAlloc
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
WriteFile

user32

LoadStringA
wvsprintfA

winspool.drv

SetPrinterDataA
EnumPrintProcessorsA
GetPrinterDriverA
DeletePrinter
DeletePrinterDriverA
EnumPrintersA
AddPrinterA
OpenPrinterA
EnumPrinterDriversA
DeletePortA
OpenPrinterW
XcvDataW
ClosePrinter
AddMonitorA
DeleteMonitorA
EnumPortsA

advapi32

QueryServiceStatus
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
StartServiceA
OpenSCManagerA
OpenServiceA
ControlService
CloseServiceHandle

shell32

SHInvokePrinterCommandA

Exports

Exports

InitializeBtPrn

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btprn98.dll
.dll windows:4 windows x86 arch:x86

77f9808d712606e8d8cadb424d54d223

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiSetDeviceRegistryPropertyA

winspool.drv

EnumPrintersA
GetPrinterDataA
EnumPortsA
DeletePrinterDriverA
DeletePrinter
GetPrinterDriverA
OpenPrinterA
EnumPrintProcessorsA
SetPrinterDataA
AddPrinterA
AddMonitorA
DeleteMonitorA
ClosePrinter
DeletePortA
AddPortA

advapi32

RegEnumKeyExA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA

user32

LoadStringA
wvsprintfA

kernel32

SetStdHandle
ReadFile
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
SetFilePointer
WriteFile
FlushFileBuffers
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
LCMapStringW
GetEnvironmentStringsW
DeleteFileA
LCMapStringA
WideCharToMultiByte
RtlUnwind
FreeLibrary
GetLastError
GetProcAddress
LoadLibraryA
SetLastError
CloseHandle
ReleaseMutex
lstrlenA
WaitForSingleObject
CreateMutexA
WinExec
GetVersionExA
OutputDebugStringA
lstrcpyA
Sleep
lstrcmpiA
GetSystemDirectoryA
MultiByteToWideChar
HeapFree
HeapAlloc
HeapReAlloc
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess

Exports

Exports

InitializeBtPrn

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btrez.dll
.dll windows:4 windows x86 arch:x86

6e367df14513933b31561286c3f5c8f8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

csh

ord2

shlwapi

PathFileExistsA

mfc42

ord1168
ord800
ord342
ord823
ord2915
ord941
ord537
ord1200
ord1182
ord1253

msvcrt

_mbscmp
sprintf
_purecall
__CxxFrameHandler
free
_adjust_fdiv
_initterm
malloc

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueExA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 850B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btrez.dll1
.dll windows:4 windows x86 arch:x86

6e367df14513933b31561286c3f5c8f8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

csh

ord2

shlwapi

PathFileExistsA

mfc42

ord1168
ord800
ord342
ord823
ord2915
ord941
ord537
ord1200
ord1182
ord1253

msvcrt

_mbscmp
sprintf
_purecall
__CxxFrameHandler
free
_adjust_fdiv
_initterm
malloc

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueExA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 850B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btrez.dll10
.dll windows:4 windows x86 arch:x86

6e367df14513933b31561286c3f5c8f8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

csh

ord2

shlwapi

PathFileExistsA

mfc42

ord1168
ord800
ord342
ord823
ord2915
ord941
ord537
ord1200
ord1182
ord1253

msvcrt

_mbscmp
sprintf
_purecall
__CxxFrameHandler
free
_adjust_fdiv
_initterm
malloc

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueExA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 850B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btrez.dll11
.dll windows:4 windows x86 arch:x86

a7e1c0652c45ef8f72369c6d9d891d4b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

csh

ord2

shlwapi

PathFileExistsA

mfc42

ord1168
ord800
ord342
ord823
ord2915
ord941
ord537
ord1182
ord1253

msvcrt

_mbscmp
sprintf
_purecall
__CxxFrameHandler
free
_adjust_fdiv
_initterm
malloc

user32

MessageBoxA

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueExA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 898B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btrez.dll12
.dll windows:4 windows x86 arch:x86

92acd8d679ad5d5c10e5aae3129ee535

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

csh

ord2

shlwapi

PathFileExistsA

mfc42

ord1168
ord800
ord342
ord823
ord2915
ord941
ord537
ord1182
ord1253

msvcrt

_mbscmp
sprintf
_purecall
__CxxFrameHandler
free
_adjust_fdiv
_initterm
malloc

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueExA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 850B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btrez.dll13
.dll windows:4 windows x86 arch:x86

a7e1c0652c45ef8f72369c6d9d891d4b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

csh

ord2

shlwapi

PathFileExistsA

mfc42

ord1168
ord800
ord342
ord823
ord2915
ord941
ord537
ord1182
ord1253

msvcrt

_mbscmp
sprintf
_purecall
__CxxFrameHandler
free
_adjust_fdiv
_initterm
malloc

user32

MessageBoxA

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueExA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 898B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btrez.dll14
.dll windows:4 windows x86 arch:x86

a7e1c0652c45ef8f72369c6d9d891d4b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

csh

ord2

shlwapi

PathFileExistsA

mfc42

ord1168
ord800
ord342
ord823
ord2915
ord941
ord537
ord1182
ord1253

msvcrt

_mbscmp
sprintf
_purecall
__CxxFrameHandler
free
_adjust_fdiv
_initterm
malloc

user32

MessageBoxA

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueExA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 898B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btrez.dll15
.dll windows:4 windows x86 arch:x86

a7e1c0652c45ef8f72369c6d9d891d4b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

csh

ord2

shlwapi

PathFileExistsA

mfc42

ord1168
ord800
ord342
ord823
ord2915
ord941
ord537
ord1182
ord1253

msvcrt

_mbscmp
sprintf
_purecall
__CxxFrameHandler
free
_adjust_fdiv
_initterm
malloc

user32

MessageBoxA

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueExA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 898B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btrez.dll2
.dll windows:4 windows x86 arch:x86

6e367df14513933b31561286c3f5c8f8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

csh

ord2

shlwapi

PathFileExistsA

mfc42

ord1168
ord800
ord342
ord823
ord2915
ord941
ord537
ord1200
ord1182
ord1253

msvcrt

_mbscmp
sprintf
_purecall
__CxxFrameHandler
free
_adjust_fdiv
_initterm
malloc

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueExA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 850B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btrez.dll3
.dll windows:4 windows x86 arch:x86

6e367df14513933b31561286c3f5c8f8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

csh

ord2

shlwapi

PathFileExistsA

mfc42

ord1168
ord800
ord342
ord823
ord2915
ord941
ord537
ord1200
ord1182
ord1253

msvcrt

_mbscmp
sprintf
_purecall
__CxxFrameHandler
free
_adjust_fdiv
_initterm
malloc

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueExA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 850B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btrez.dll4
.dll windows:4 windows x86 arch:x86

6e367df14513933b31561286c3f5c8f8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

csh

ord2

shlwapi

PathFileExistsA

mfc42

ord1168
ord800
ord342
ord823
ord2915
ord941
ord537
ord1200
ord1182
ord1253

msvcrt

_mbscmp
sprintf
_purecall
__CxxFrameHandler
free
_adjust_fdiv
_initterm
malloc

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueExA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 850B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btrez.dll5
.dll windows:4 windows x86 arch:x86

6e367df14513933b31561286c3f5c8f8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

csh

ord2

shlwapi

PathFileExistsA

mfc42

ord1168
ord800
ord342
ord823
ord2915
ord941
ord537
ord1200
ord1182
ord1253

msvcrt

_mbscmp
sprintf
_purecall
__CxxFrameHandler
free
_adjust_fdiv
_initterm
malloc

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueExA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 850B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btrez.dll6
.dll windows:4 windows x86 arch:x86

92acd8d679ad5d5c10e5aae3129ee535

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

csh

ord2

shlwapi

PathFileExistsA

mfc42

ord1168
ord800
ord342
ord823
ord2915
ord941
ord537
ord1182
ord1253

msvcrt

_mbscmp
sprintf
_purecall
__CxxFrameHandler
free
_adjust_fdiv
_initterm
malloc

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueExA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 850B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btrez.dll7
.dll windows:4 windows x86 arch:x86

6e367df14513933b31561286c3f5c8f8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

csh

ord2

shlwapi

PathFileExistsA

mfc42

ord1168
ord800
ord342
ord823
ord2915
ord941
ord537
ord1200
ord1182
ord1253

msvcrt

_mbscmp
sprintf
_purecall
__CxxFrameHandler
free
_adjust_fdiv
_initterm
malloc

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueExA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 850B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btrez.dll8
.dll windows:4 windows x86 arch:x86

6e367df14513933b31561286c3f5c8f8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

csh

ord2

shlwapi

PathFileExistsA

mfc42

ord1168
ord800
ord342
ord823
ord2915
ord941
ord537
ord1200
ord1182
ord1253

msvcrt

_mbscmp
sprintf
_purecall
__CxxFrameHandler
free
_adjust_fdiv
_initterm
malloc

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueExA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 850B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btrez.dll9
.dll windows:4 windows x86 arch:x86

92acd8d679ad5d5c10e5aae3129ee535

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

csh

ord2

shlwapi

PathFileExistsA

mfc42

ord1168
ord800
ord342
ord823
ord2915
ord941
ord537
ord1182
ord1253

msvcrt

_mbscmp
sprintf
_purecall
__CxxFrameHandler
free
_adjust_fdiv
_initterm
malloc

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueExA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 850B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btrezxp.dll
.dll windows:4 windows x86 arch:x86

d6b9a94a0c75777625df869de7af2621

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord4486
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord6375
ord2985
ord4274
ord269
ord826
ord600
ord1578
ord6467
ord1255
ord1116

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
??2@YAPAXI@Z
__CxxFrameHandler

kernel32

LocalFree
LocalAlloc

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 586B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btsendto.dll
.dll windows:4 windows x86 arch:x86

6e571e517740583f5266cc4a592bcb5a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

widcommsdk

??0CSdpDiscoveryRec@@QAE@XZ
?StartDiscovery@CBtIf@@QAEHQAEPAU_GUID@@@Z
?ReadDiscoveryRecords@CBtIf@@QAEHQAEHPAVCSdpDiscoveryRec@@PAU_GUID@@@Z
?guid_SERVCLASS_OBEX_OBJECT_PUSH@CBtIf@@2U_GUID@@B
?SetSecurity@COppClient@@QAEXHH@Z
?Abort@COppClient@@QAE?AW4OPP_RETURN_CODE@1@XZ
?guid_SERVCLASS_HCRP_PRINTING@CBtIf@@2U_GUID@@B
?Push@COppClient@@QAE?AW4OPP_RETURN_CODE@1@QAEPAGAAVCSdpDiscoveryRec@@@Z
?OnExchangeResponse@COppClient@@UAEXW4OPP_RESULT_CODE@1@QAEPAG@Z
?OnExchangeResponse@COppClient@@UAEXW4OPP_RESULT_CODE@1@QAEPAGW4OPP_TRANSACTION_CODE@1@@Z
?OnPullResponse@COppClient@@UAEXW4OPP_RESULT_CODE@1@QAEPAG@Z
?OnDiscoveryComplete@CBtIf@@UAEXGJ@Z
?OnDeviceResponded@CBtIf@@UAEXQAE00H@Z
?OnInquiryComplete@CBtIf@@UAEXHF@Z
?OnAudioDisconnect@CBtIf@@UAEXG@Z
?OnAudioConnected@CBtIf@@UAEXG@Z
?IsDeviceReady@CBtIf@@QAEHXZ
?GetLastDiscoveryResult@CBtIf@@QAE?AW4DISCOVERY_RESULT@1@QAEPAG@Z
?DeleteFileA@CFtpClient@@QAE?AW4FTP_RETURN_CODE@1@PAG@Z
?CreateFolder@CFtpClient@@QAE?AW4FTP_RETURN_CODE@1@PAG@Z
?Abort@CFtpClient@@QAE?AW4FTP_RETURN_CODE@1@XZ
?FolderListing@CFtpClient@@QAE?AW4FTP_RETURN_CODE@1@XZ
?PutFile@CFtpClient@@QAE?AW4FTP_RETURN_CODE@1@PAG@Z
?CloseConnection@CFtpClient@@QAE?AW4FTP_RETURN_CODE@1@XZ
?OpenConnection@CFtpClient@@QAE?AW4FTP_RETURN_CODE@1@QAEAAVCSdpDiscoveryRec@@@Z
?SetSecurity@CFtpClient@@QAEXHH@Z
?guid_SERVCLASS_OBEX_FILE_TRANSFER@CBtIf@@2U_GUID@@B
??0CFtpClient@@QAE@XZ
??1CFtpClient@@UAE@XZ
?OnGetResponse@CFtpClient@@UAEXW4FTP_RESULT_CODE@1@PAG@Z
?OnXmlFolderListingResponse@CFtpClient@@UAEXW4FTP_RESULT_CODE@1@PAGJ@Z
?FindAttribute@CSdpDiscoveryRec@@QAEHGPAUSDP_DISC_ATTTR_VAL@@@Z
?StopInquiry@CBtIf@@QAEXXZ
?StartInquiry@CBtIf@@QAEHXZ
?OnStackStatusChange@CBtIf@@UAEXW4STACK_STATUS@1@@Z
??1COppClient@@UAE@XZ
??0CBtIf@@QAE@XZ
??1CBtIf@@UAE@XZ
??0COppClient@@QAE@XZ
??1CSdpDiscoveryRec@@QAE@XZ

btosif

OSIF_GetObjectName
OSIF_CodeToString
OSIF_Close
OSIF_Open
OSIF_OpenX
OSIF_FindObject
OSIF_GetObjectCount
OSIF_ReadObjects
OSIF_GetObjectById
OSIF_ModifyObject
OSIF_AddObject
OSIF_WriteObject
OSIF_GetFirstObject
OSIF_GetNextObject
OSIF_FreeObject

shlwapi

PathCombineA
PathIsDirectoryA

ws2_32

WSACleanup
closesocket
socket
WSAStartup
getsockname
bind
sendto
ntohl

mfc42

ord269
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord815
ord561
ord825
ord6197
ord6467
ord6199
ord800
ord858
ord922
ord2818
ord540
ord6215
ord535
ord537
ord5265
ord4853
ord4998
ord2514
ord6052
ord1775
ord4425
ord3597
ord3567
ord6055
ord4078
ord1776
ord4407
ord5241
ord2385
ord826
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord3402
ord4627
ord3698
ord663
ord602
ord765
ord641
ord348
ord567
ord324
ord823
ord2302
ord4234
ord2076
ord3092
ord4160
ord4710
ord6453
ord4376
ord6734
ord860
ord2652
ord2645
ord1669
ord5280
ord1200
ord1199
ord2642
ord939
ord4284
ord3996
ord2862
ord2096
ord6007
ord6907
ord3998
ord2582
ord4402
ord3370
ord3640
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord686
ord616
ord693
ord384
ord2370
ord6334
ord926
ord3286
ord2379
ord5303
ord4699
ord5715
ord3741
ord600
ord565
ord1138
ord2726
ord4226
ord941
ord3663
ord2841
ord802
ord539
ord6569
ord542
ord2107
ord5601
ord795
ord5450
ord5440
ord6383
ord6394
ord4224
ord1106
ord2575
ord4396
ord3574
ord609
ord3353
ord1948
ord2256
ord1146
ord2301
ord5953
ord1168
ord1193
ord1151
ord2614
ord3721
ord6195
ord3870
ord1578
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1575
ord1176
ord1116
ord5163
ord817

msvcrt

atoi
_mbscmp
wcschr
vsprintf
isdigit
toupper
free
malloc
_purecall
_stricmp
_mbsnbcpy
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
sscanf
sprintf
mbstowcs
_mbsicmp
_splitpath
_wremove
remove
_ftol
wcslen
wcscpy
wcscat
__CxxFrameHandler

kernel32

GetCurrentThreadId
SetEvent
LoadLibraryA
GetProcAddress
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
ResetEvent
CopyFileW
WideCharToMultiByte
CopyFileA
GetVersionExA
WaitForSingleObject
Sleep
FreeLibrary
LocalAlloc
InterlockedDecrement
InterlockedIncrement
OutputDebugStringA
GetTempPathW
GetTempPathA
EnumResourceNamesA
CreateFileA
DeviceIoControl
CloseHandle
lstrcmpA
MoveFileA
DeleteFileA
FindNextFileA
CompareFileTime
GetModuleFileNameA
SetLastError
FormatMessageA
LocalFree
CreateThread
GetLastError
FindFirstFileA
FindClose
ResumeThread
WaitForMultipleObjects
MultiByteToWideChar

user32

PostMessageA
EnableWindow
MessageBoxA
GetClientRect
RegisterWindowMessageA
UpdateWindow
GetWindowRect
GetSysColor
DestroyIcon
InvalidateRect
SendMessageA
PostQuitMessage
LoadCursorA
SetCursor
LoadStringA
LoadIconA
PostThreadMessageA
MsgWaitForMultipleObjects
DispatchMessageA
PeekMessageA
IsRectEmpty

advapi32

CryptReleaseContext
CryptSetProvParam
InitializeSecurityDescriptor
CryptDestroyKey
CryptEncrypt
CryptExportKey
CryptGenKey
CryptGetUserKey
CryptDecrypt
CryptImportKey
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
CryptAcquireContextA
RegDeleteValueA

shell32

SHGetSpecialFolderPathA
SHGetFileInfoA

comctl32

ImageList_SetBkColor
ImageList_ReplaceIcon

ole32

CoCreateInstance

Exports

Exports

BluetoothSelectDevices
BluetoothSelectDevicesFree
BluetoothUpdateSendTo
BluetoothUpdateSendToRunDll32
SENDTO_BipTransferProgressDialog
SENDTO_CheckIfPimChanged
SENDTO_DeleteUselessLinks
SENDTO_OPPTransferDialog
SENDTO_SelectDevice
SENDTO_SelectDeviceDialog
SENDTO_SetServiceFilter
SENDTO_TransferProgressDialog
SENDTO_TransferProgressDialogEx
SENDTO_TransferThreadEx

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btsendto_explorer.exe
.exe windows:4 windows x86 arch:x86

c6f7b8561f540bb3c63654f39f20c3c0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

btsendto

SENDTO_TransferProgressDialog
SENDTO_DeleteUselessLinks
SENDTO_SelectDeviceDialog
SENDTO_BipTransferProgressDialog

shlwapi

PathCombineA
PathMakeSystemFolderA

ws2_32

WSAStartup
ntohl
sendto
bind
socket

mfc42

ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord815
ord540
ord561
ord1168
ord2818
ord860
ord2614
ord5601
ord5214
ord2621
ord3081
ord535
ord1146
ord823
ord1193
ord1151
ord939
ord6467
ord2841
ord2107
ord5450
ord5440
ord6383
ord6394
ord2985
ord3262
ord3136
ord1576
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord537
ord2764
ord4129
ord5710
ord6877
ord800
ord858
ord6569
ord1085
ord802
ord825
ord296
ord542
ord617
ord3663
ord4673
ord269
ord826
ord600
ord1578
ord1243
ord1176
ord1205

msvcrt

_controlfp
??1type_info@@UAE@XZ
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_errno
_stricmp
wcslen
_purecall
malloc
free
toupper
isdigit
vsprintf
atoi
sprintf
_mbsicmp
sscanf
strtol
__CxxFrameHandler
_rmdir
_setmbcp
_mbscmp

kernel32

GetVersionExA
LoadLibraryA
FreeLibrary
CloseHandle
FindNextFileA
WriteFile
CreateFileA
SetFileAttributesA
LocalFree
LocalAlloc
GetModuleHandleA
GetStartupInfoA
InterlockedDecrement
DeleteCriticalSection
InterlockedIncrement
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetLongPathNameA
GetModuleFileNameA
CreateDirectoryA
DeleteFileA
GetSystemDirectoryA
MultiByteToWideChar
FindClose
FindFirstFileA
EnumResourceNamesA
SetLastError
OutputDebugStringA
WideCharToMultiByte

user32

LoadStringA
LoadIconA
MessageBoxA

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
CryptImportKey
CryptDecrypt
CryptGetUserKey
CryptGenKey
CryptExportKey
CryptEncrypt
CryptDestroyKey
InitializeSecurityDescriptor
CryptSetProvParam
CryptReleaseContext
CryptAcquireContextA
RegEnumKeyExA
RegDeleteValueA
RegQueryValueExA

shell32

SHGetSpecialFolderPathA

ole32

CoCreateInstance

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
btsendto_ie.dll
.dll regsvr32 windows:4 windows x86 arch:x86

717f2ceab4d2936d46b1541d3215b4d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindNextFileA
SetFileAttributesA
CompareStringA
InterlockedExchange
GetModuleHandleA
GetModuleFileNameA
GetWindowsDirectoryA
DeleteFileA
GetSystemDirectoryA
GetVersionExA
FindFirstFileA
FindClose
SetLastError
CreateProcessA
WaitForSingleObject
EnumResourceTypesW
LoadResource
LockResource
SizeofResource
FreeLibrary
EnumResourceNamesW
GetCurrentProcessId
GetFileSize
SetFilePointer
DeleteCriticalSection
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
LoadLibraryA
InitializeCriticalSection
CloseHandle
FlushFileBuffers
WriteFile
GetLastError
ReadFile
LocalFree
LocalAlloc

advapi32

RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA

user32

GetClassNameA
LoadCursorA
GetWindowThreadProcessId
EnumWindows
LoadStringA
SetCursor
LoadIconA
SendMessageA
MessageBoxA

shlwapi

UrlIsW
PathCombineA
SHDeleteValueA
PathCombineW
PathAddExtensionW
StrStrIW
PathFileExistsW
SHDeleteKeyA
PathCreateFromUrlW

ws2_32

bind
ntohl
socket
sendto
WSAStartup

wininet

InternetGetConnectedState
InternetCrackUrlW
GetUrlCacheEntryInfoW
InternetGetLastResponseInfoA
InternetOpenW
InternetOpenUrlW
InternetReadFile
InternetCloseHandle
InternetCanonicalizeUrlW
InternetGoOnline
InternetAttemptConnect
InternetCombineUrlW

btsendto

SENDTO_TransferThreadEx

btchooser

BluetoothSelectDevicesWizard

mfc42

ord269
ord826
ord600
ord1578
ord1255
ord1253
ord1570
ord1197
ord342
ord1182
ord1577
ord1575
ord1176
ord924
ord537
ord939
ord1151
ord1193
ord1168
ord4055
ord2645
ord4710
ord4234
ord2302
ord1116
ord1243
ord4274
ord815
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord3953
ord2725
ord1131
ord6467
ord823
ord800
ord4160
ord540
ord3663
ord6569
ord539
ord542
ord2818
ord535
ord3337
ord3811
ord1601
ord861
ord641
ord795
ord2514
ord860
ord858
ord5450
ord6394
ord2841
ord2107
ord5440
ord6383
ord6055
ord1776
ord5290
ord3402
ord3721
ord5265
ord4376
ord4853
ord4998
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord567
ord324

msvcrt

_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
_errno
memcpy
_purecall
__CxxFrameHandler
memcmp
strcpy
strlen
sprintf
_CxxThrowException
free
swprintf
wcscat
wcslen
memset
wcsncpy
_wsplitpath
_mbscmp
wcscmp
realloc
_msize
wcsncat
wcsstr
calloc
wcscpy
_wcsicmp
wcschr
wcsrchr
wcsncmp
_mbsnbcpy
vsprintf
malloc
_rmdir

oleaut32

LoadRegTypeLi
SysStringLen
SysFreeString
SysAllocString

urlmon

FindMimeFromData

atl

ord23
ord30
ord58
ord32
ord57
ord18
ord15
ord21
ord16

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
SENDTO_IE_Install
SENDTO_IE_Uninstall

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btsendto_ie.htm
.html .vbs polyglot
btsendto_ie_ctx.htm
.html .vbs polyglot
btsendto_lnagent.nsf
btsendto_notes.dll
.dll windows:4 windows x86 arch:x86

69c052248f849e85e3a93d35219cf359

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

btsendto

SENDTO_CheckIfPimChanged
SENDTO_SelectDeviceDialog
SENDTO_OPPTransferDialog

shlwapi

PathCombineA

btosif

OSIF_FreeObject
OSIF_OpenX
OSIF_Close
OSIF_GetObjectById
OSIF_WriteObject

lcppn21

??ALNDatabaseArray@@QAE?AVLNDatabase@@K@Z
??4LNDatabase@@QAEAAV0@ABV0@@Z
?GetAddressBooks@LNNotesSession@@QAEKPAVLNDatabaseArray@@ABVLNString@@@Z
?Open@LNDatabase@@QAEKXZ
?GetAgent@LNDatabase@@QAEKABVLNString@@PAVLNAgent@@@Z
?Open@LNAgent@@UAEKK@Z
?GetLotusScript@LNAgent@@QBEKPAVLNLotusScript@@@Z
?Close@LNNote@@UAEKXZ
?AgentExists@LNDatabase@@QBEHABVLNString@@@Z
?CreateAgent@LNDatabase@@QAEKABVLNString@@HPAVLNAgent@@@Z
?SetLotusScript@LNAgent@@QAEKABVLNLotusScript@@@Z
?Save@LNAgent@@UAEKG@Z
?Close@LNDatabase@@QAEKXZ
?Term@LNNotesSession@@QAEKH@Z
?IsNull@LNString@@UBEHXZ
??1LNString@@QAE@XZ
?GetDatabase@LNNotesSession@@QAEKABVLNString@@PAVLNDatabase@@0@Z
?Setup@LNString@@AAEXPBD@Z
?SetThrowAllErrors@LNNotesSession@@QAEXH@Z
?Initialize@LNNotesSession@@AAEKKHQAPADPBD@Z
??1LNNotesSession@@UAE@XZ
?DeleteBody@LNSmartPtr@@UAEHXZ
??1LNAgent@@QAE@XZ
??1LNLotusScript@@QAE@XZ
??0LNLotusScript@@QAE@XZ
??0LNAgent@@QAE@XZ
??0LNNotesSession@@QAE@XZ
?LNGetClassName@@YAPBDW4LNCLASSID@@H@Z
?LNGetErrorMessageText@@YAKKPADKH@Z
?DeleteAgent@LNDatabase@@QAEKABVLNString@@@Z
?GetMailDatabase@LNNotesSession@@QAEKPAVLNDatabase@@@Z

ws2_32

ntohl
bind
socket
WSAStartup
sendto

mfc42

ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord4274
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord3953
ord860
ord800
ord540
ord537
ord1567
ord798
ord6407
ord2820
ord3811
ord939
ord5465
ord532
ord268
ord941
ord5710
ord6283
ord6282
ord858
ord4129
ord2764
ord6569
ord802
ord823
ord542
ord1168
ord535
ord269
ord2614
ord6467
ord826
ord600
ord1578
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1575
ord1176
ord1116
ord3259
ord2818

msvcrt

__dllonexit
_onexit
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
malloc
free
sprintf
toupper
isdigit
vsprintf
strtok
_mbscmp
__CxxFrameHandler
_purecall

kernel32

MultiByteToWideChar
LoadLibraryA
FreeLibrary
GetTempPathA
GetSystemDirectoryA
GetLastError
LocalAlloc
LocalFree
DeleteFileA

user32

LoadStringA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegEnumKeyExA

Exports

Exports

SENDTO_NOTES_Install
SENDTO_NOTES_LoadString
SENDTO_NOTES_SendItems
SENDTO_NOTES_SetDefaultCard
SENDTO_NOTES_Uninstall

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btsendto_office.dll
.dll regsvr32 windows:4 windows x86 arch:x86

d072c46f77916b2122d3f0f73129dc4e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

btosif

OSIF_WriteObject
OSIF_FreeObject
OSIF_CodeToString

btsendto

SENDTO_OPPTransferDialog
SENDTO_SelectDeviceDialog
SENDTO_CheckIfPimChanged
SENDTO_TransferProgressDialog

ws2_32

sendto
WSAStartup
socket
bind
ntohl

mfc42

ord3626
ord816
ord640
ord2414
ord2860
ord5785
ord1641
ord1640
ord323
ord562
ord2864
ord5265
ord4376
ord4853
ord4998
ord2514
ord6052
ord1775
ord4407
ord5280
ord4425
ord3597
ord2582
ord6055
ord4078
ord1776
ord4402
ord5241
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord3573
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord3370
ord4627
ord3640
ord641
ord567
ord324
ord693
ord2302
ord4234
ord3998
ord4160
ord4710
ord6883
ord537
ord6159
ord941
ord5710
ord4033
ord1146
ord1168
ord1193
ord1151
ord939
ord2614
ord4129
ord2820
ord3811
ord3571
ord858
ord535
ord2818
ord542
ord6569
ord802
ord2107
ord6383
ord5440
ord2841
ord6394
ord5450
ord3663
ord823
ord1656
ord2393
ord2464
ord434
ord433
ord839
ord5575
ord540
ord860
ord800
ord6467
ord1131
ord2725
ord3953
ord825
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord815
ord4274
ord269
ord826
ord600
ord1578
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1575
ord1176
ord1116
ord4837

msvcrt

_adjust_fdiv
_initterm
?terminate@@YAXXZ
_except_handler3
??1type_info@@UAE@XZ
_onexit
__dllonexit
strrchr
_errno
strtok
_mbsicmp
_stricmp
wcslen
sscanf
sprintf
toupper
isdigit
_rmdir
memcpy
__CxxFrameHandler
_purecall
memset
free
vsprintf
malloc
realloc
memcmp
_chmod
wcsrchr
wcscmp
strcpy
atoi
strlen
strncpy
_mbscmp
strcmp
_CxxThrowException

kernel32

GetModuleHandleA
GetShortPathNameA
lstrlenA
MultiByteToWideChar
lstrlenW
GetCurrentProcess
FlushInstructionCache
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
OutputDebugStringA
GlobalAlloc
GlobalSize
GlobalLock
FindResourceA
Process32Next
Process32First
CreateToolhelp32Snapshot
Sleep
DeviceIoControl
CreateFileA
GetVersionExA
EnumResourceNamesA
GetModuleFileNameA
CreateDirectoryA
GetTempFileNameA
GetTempPathA
LocalFree
GetLastError
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
HeapDestroy
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
LocalAlloc
WideCharToMultiByte
FreeLibrary
SizeofResource
SetLastError
LoadResource
FormatMessageA
DeleteFileA
CopyFileA
CloseHandle
GlobalUnlock

user32

LoadIconA
GetActiveWindow
LoadStringA
LoadImageA
EmptyClipboard
OpenClipboard
SetCursor
LoadCursorA
EnableWindow
CharNextA
wsprintfA
MessageBoxA
DestroyWindow
CountClipboardFormats
EnumClipboardFormats
IsClipboardFormatAvailable
GetClipboardData
CloseClipboard
CreateWindowExA
GetSysColorBrush
DrawIconEx
SetClipboardData

gdi32

CreateCompatibleBitmap
GetObjectA
GetCurrentObject
CreateCompatibleDC

advapi32

CryptReleaseContext
CryptAcquireContextA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegCloseKey
CryptSetProvParam
InitializeSecurityDescriptor
CryptDestroyKey
CryptEncrypt
CryptExportKey
CryptGenKey
CryptGetUserKey
CryptDecrypt
CryptImportKey
RegQueryValueExA
RegCreateKeyExA
RegEnumKeyExA
RegDeleteValueA

ole32

CLSIDFromProgID
OleRun
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CLSIDFromString

oleaut32

CreateErrorInfo
VariantClear
DispCallFunc
VarUI4FromStr
SysFreeString
SysAllocString
LoadTypeLi
LoadRegTypeLi
SysStringLen
SysAllocStringByteLen
SysStringByteLen
VariantCopy
SysAllocStringLen
VariantInit
GetErrorInfo
VariantChangeType
RegisterTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
SENDTO_OFFICE_RunningOfficeApps
SENDTO_OFFICE_Uninstall

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btsendto_visio2k.vsl
.dll windows:4 windows x86 arch:x86

c5b4e9995963a58ee01b9ea2c4dec731

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

btsendto

SENDTO_SelectDeviceDialog
SENDTO_TransferProgressDialog

shlwapi

PathFindFileNameA

ws2_32

socket
sendto
WSAStartup
ntohl
bind

mfc42

ord6569
ord542
ord6662
ord6283
ord537
ord5572
ord2915
ord535
ord858
ord2818
ord939
ord941
ord6648
ord823
ord6467
ord1168
ord1146
ord1193
ord1151
ord4129
ord3663
ord2841
ord802
ord5450
ord5440
ord6383
ord6394
ord1176
ord2512
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord1116
ord600
ord826
ord269
ord4274
ord6375
ord4486
ord2554
ord540
ord2614
ord860
ord800
ord3953
ord815
ord825
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord2107
ord5731

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
_onexit
__dllonexit
strrchr
_rmdir
strtok
_mbsicmp
wcslen
sscanf
malloc
free
sprintf
isdigit
vsprintf
atoi
strncpy
_mbsnbcpy
_mbscmp
_chmod
_purecall
toupper
__CxxFrameHandler
_errno

kernel32

DeleteCriticalSection
InterlockedIncrement
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringA
SetLastError
EnumResourceNamesA
GetVersionExA
CreateFileA
DeviceIoControl
GetLastError
CloseHandle
MultiByteToWideChar
GetModuleFileNameA
GetACP
WideCharToMultiByte
CopyFileA
DeleteFileA
LoadLibraryA
FreeLibrary
CreateDirectoryA
GetTempFileNameA
GetTempPathA
LocalFree
LocalAlloc
InterlockedDecrement

user32

LoadStringA
LoadIconA
SetCursor
LoadCursorA
MessageBoxA
GetActiveWindow

advapi32

CryptDecrypt
CryptGenKey
CryptExportKey
CryptEncrypt
CryptDestroyKey
InitializeSecurityDescriptor
CryptSetProvParam
CryptReleaseContext
CryptAcquireContextA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
CryptImportKey
RegSetValueExA
RegCreateKeyExA
RegEnumKeyExA
RegDeleteValueA
CryptGetUserKey

shell32

SHGetSpecialFolderPathA

ole32

CoCreateInstance

oleaut32

GetActiveObject
VariantClear
VariantInit
SysAllocString
SysFreeString
LoadRegTypeLi
DispGetIDsOfNames
DispInvoke

Exports

Exports

VisioLibMain

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btsendto_wab.dll
.dll regsvr32 windows:4 windows x86 arch:x86

f490fc51a33ad63d79d4b67ed2b26c2f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

btosif

OSIF_Close
OSIF_FreeObject
OSIF_WriteObject
OSIF_GetObjectById
OSIF_CodeToString
OSIF_OpenX

btsendto

SENDTO_SelectDeviceDialog
SENDTO_OPPTransferDialog
SENDTO_CheckIfPimChanged

ws2_32

sendto
WSAStartup
socket
bind
ntohl

mfc42

ord323
ord562
ord2864
ord1085
ord5601
ord939
ord2818
ord6569
ord858
ord1146
ord1168
ord1193
ord1151
ord860
ord535
ord537
ord2614
ord2820
ord941
ord3811
ord1640
ord5450
ord6394
ord2107
ord5440
ord6383
ord1176
ord1575
ord1577
ord6375
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord4274
ord1116
ord815
ord1641
ord2414
ord640
ord816
ord3663
ord3626
ord3573
ord2915
ord540
ord542
ord802
ord800
ord823
ord6467
ord1131
ord2725
ord3953
ord825
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord2841
ord4486

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
_onexit
__dllonexit
wcslen
sscanf
_mbscmp
strcmp
toupper
isdigit
vsprintf
swprintf
sprintf
strlen
wcstoul
strtoul
strcpy
memcmp
memset
realloc
malloc
__CxxFrameHandler
_purecall
memcpy
atoi
free
_mbsicmp

kernel32

GetProcAddress
IsDBCSLeadByte
lstrcpynA
lstrcmpiA
LoadLibraryExA
GetLastError
FindResourceA
LoadResource
SizeofResource
FreeLibrary
WideCharToMultiByte
GetModuleFileNameA
GetModuleHandleA
GetShortPathNameA
lstrlenA
MultiByteToWideChar
lstrlenW
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryA
lstrcpyA
lstrcatA
lstrcpynW
DeleteFileA
CloseHandle
DeviceIoControl
CreateFileA
GetVersionExA
EnumResourceNamesA
SetLastError
OutputDebugStringA
GetTempPathA
LocalFree
LocalAlloc
HeapDestroy

user32

DrawIconEx
DestroyWindow
GetActiveWindow
GetSysColorBrush
CharNextA
LoadIconA
LoadStringA
CreateWindowExA
LoadImageA
SetCursor
LoadCursorA
MessageBoxA
CreatePopupMenu
InsertMenuItemA

gdi32

CreateCompatibleDC
GetObjectA
CreateCompatibleBitmap
SelectObject

advapi32

CryptAcquireContextA
InitializeSecurityDescriptor
CryptEncrypt
CryptExportKey
RegDeleteKeyA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegOpenKeyExA
RegEnumKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumValueA
CryptDestroyKey
CryptReleaseContext
CryptSetProvParam
RegQueryValueExA
CryptImportKey
CryptDecrypt
CryptGetUserKey
CryptGenKey

ole32

CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc

oleaut32

VarUI4FromStr
LoadTypeLi
SysAllocString
SysFreeString
RegisterTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btserial.sys
.sys windows:5 windows x86 arch:x86

fa77b4062cb63ec463ca50a085d2c3d7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
IoIsWdmVersionAvailable
RtlFreeUnicodeString
ExFreePool
IofCompleteRequest
DbgPrint
vsprintf
wcscpy
ZwClose
ZwQueryValueKey
ZwOpenKey
wcscmp
ZwEnumerateValueKey
KeWaitForSingleObject
IofCallDriver
IoDeleteSymbolicLink
KeClearEvent
IoFreeIrp
KeSetEvent
IoBuildSynchronousFsdRequest
KeInitializeEvent
IoAllocateIrp
PsTerminateSystemThread
IoCancelIrp
ObReferenceObjectByHandle
ObfDereferenceObject
PsCreateSystemThread
KeInitializeSpinLock
IoGetDeviceObjectPointer
wcsncpy
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
IoDeleteDevice
IoBuildDeviceIoControlRequest
RtlCopyUnicodeString

hal

KfReleaseSpinLock
KfAcquireSpinLock

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 288B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 576B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btslbcsp.sys
.sys windows:4 windows x86 arch:x86

4ed4d18664c50991569ec611cb7e35af

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoCreateDevice
RtlInitUnicodeString
IoIsWdmVersionAvailable
RtlFreeUnicodeString
ExFreePool
wcscpy
ZwClose
ZwQueryValueKey
ZwOpenKey
wcscmp
ZwEnumerateValueKey
KeWaitForSingleObject
IofCallDriver
IoCreateSymbolicLink
KeClearEvent
KeInitializeSpinLock
KeInitializeEvent
IoGetDeviceObjectPointer
wcsncpy
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ObfDereferenceObject
KeSetEvent
ExAllocatePoolWithTag
IoDeleteSymbolicLink
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
IoFreeIrp
IoAllocateIrp
KeDelayExecutionThread
IoDeleteDevice
IoBuildDeviceIoControlRequest
KeQuerySystemTime
InterlockedIncrement
IofCompleteRequest
InterlockedDecrement
KeQueryInterruptTime
ObReferenceObjectByHandle
PsCreateSystemThread
PsTerminateSystemThread
IoCancelIrp
KeSetPriorityThread
KeGetCurrentThread
sprintf
ExQueueWorkItem
IoBuildSynchronousFsdRequest
RtlCopyUnicodeString
RtlUnwind

hal

KeStallExecutionProcessor
KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btstart.exe
.exe windows:4 windows x86 arch:x86

d97812e0dbdca32c2251847d1036890a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
SetStdHandle
ReadFile
FlushFileBuffers
CreateEventA
MultiByteToWideChar
WideCharToMultiByte
OutputDebugStringA
SetLastError
GetVersionExA
CreateFileA
DeviceIoControl
GetLastError
Sleep
CloseHandle
CreateThread
GetCurrentThreadId
TlsSetValue
TlsGetValue
ExitThread
InterlockedDecrement
InterlockedIncrement
HeapFree
HeapAlloc
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TlsAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
LCMapStringA
LCMapStringW
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
GetCPInfo
GetACP
GetOEMCP
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
WriteFile
SetFilePointer
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetProcAddress

user32

PostQuitMessage
DefWindowProcA
RegisterClassA
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
PeekMessageA

advapi32

CryptAcquireContextA
RegDeleteValueA
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueExA
CryptImportKey
CryptDecrypt
CryptGetUserKey
CryptGenKey
CryptExportKey
CryptEncrypt
CryptDestroyKey
InitializeSecurityDescriptor
CryptSetProvParam
CryptReleaseContext

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
bttray.exe.manifest
.xml
btw_ci.dll
.dll windows:4 windows x86 arch:x86

2013be6d8ab57d6abc7d20d2178d81f1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

Exports

Exports

BTWClassInstaller

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btw_ci.dll1
.dll windows:4 windows x86 arch:x86

2013be6d8ab57d6abc7d20d2178d81f1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

Exports

Exports

BTWClassInstaller

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btw_hlp.chm
.chm
btw_hlp.chm_ru
.chm
btwaudio.cat1
btwdins.exe
.exe windows:4 windows x86 arch:x86

dc0a3e0277addf8bfe9afde9ae5b535e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

bind
WSAStartup
sendto
ntohl
socket

kernel32

SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcpynW
InitializeCriticalSection
lstrcpyW
lstrcatW
GetCurrentProcess
GetCurrentThread
lstrcmpW
SetThreadPriority
GetWindowsDirectoryW
GetModuleHandleA
MulDiv
LockResource
FindResourceExW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
TlsSetValue
TlsGetValue
ExitThread
InterlockedIncrement
HeapFree
HeapAlloc
RtlUnwind
HeapReAlloc
GetStartupInfoW
GetVersion
ExitProcess
TlsAlloc
TlsFree
TerminateProcess
UnhandledExceptionFilter
lstrlenA
LCMapStringA
LCMapStringW
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
FlushFileBuffers
SetConsoleCtrlHandler
SetEndOfFile
GetTimeZoneInformation
GetLocaleInfoW
CompareStringA
CompareStringW
GetACP
GetModuleHandleW
SetEnvironmentVariableA
GetShortPathNameW
LoadLibraryA
CreateNamedPipeW
LocalFree
ResetEvent
WaitForMultipleObjects
ConnectNamedPipe
ReadFile
WriteFile
DisconnectNamedPipe
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
CreateFileW
GetSystemDirectoryW
OutputDebugStringW
GetModuleFileNameW
lstrlenW
GetCommandLineW
lstrcmpiW
GetCurrentThreadId
GetVersionExW
InterlockedDecrement
LoadLibraryW
GetProcAddress
FreeLibrary
WaitForSingleObject
CreateMutexW
CreateEventW
CreateThread
CallNamedPipeA
SetEvent
ReleaseMutex
MultiByteToWideChar
WideCharToMultiByte
OutputDebugStringA
SetLastError
GetVersionExA
CreateFileA
DeviceIoControl
GetLastError
Sleep
CloseHandle
FatalAppExitA
GetOEMCP

user32

SetWindowPos
CreateDialogParamW
PostQuitMessage
SetDlgItemTextW
ShowWindow
RegisterClassExW
DefWindowProcW
KillTimer
SetTimer
GetWindowThreadProcessId
BringWindowToTop
SetActiveWindow
SetFocus
EnableWindow
GetSystemMetrics
IsWindowEnabled
GetWindowRect
mouse_event
FindWindowW
SendMessageW
UpdateWindow
EnumWindows
IsWindowVisible
EnumChildWindows
CallWindowProcW
GetDlgItem
CheckDlgButton
CheckRadioButton
PostMessageW
SetClassLongW
IsWindow
GetParent
GetClassNameW
GetWindowTextW
FindWindowExW
GetWindowLongW
CreateWindowExW
GetForegroundWindow
DestroyWindow
wvsprintfW
CloseDesktop
GetDesktopWindow
GetProcessWindowStation
GetThreadDesktop
OpenWindowStationW
SetProcessWindowStation
OpenDesktopW
CloseWindowStation
SetThreadDesktop
MessageBoxW
LoadStringW
GetMessageW
DispatchMessageW
PostThreadMessageW
CharNextW
PeekMessageA

advapi32

CryptAcquireContextW
CryptReleaseContext
CryptSetProvParam
InitializeSecurityDescriptor
CryptDestroyKey
CryptEncrypt
CryptGetUserKey
CryptDecrypt
CryptImportKey
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegQueryValueExA
RegSetValueExA
RegEnumValueW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
RegisterServiceCtrlHandlerW
SetServiceStatus
ChangeServiceConfig2W
CreateServiceW
DeleteService
ControlService
StartServiceCtrlDispatcherW
RegOpenKeyExA
QueryServiceStatus
StartServiceW
GetUserNameW
RevertToSelf
RegOpenCurrentUser
ImpersonateLoggedOnUser
OpenProcessToken
SetSecurityDescriptorDacl
CopySid
GetLengthSid
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
OpenThreadToken
GetTokenInformation
CryptExportKey
CryptGenKey

ole32

CoRegisterClassObject
CoTaskMemRealloc
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoInitializeSecurity
CoRevokeClassObject
CoUninitialize

oleaut32

SysFreeString
SysAllocString
LoadTypeLi
RegisterTypeLi
VarUI4FromStr

Sections

.text
Size: 160KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
btwdndis.cat
btwdndis.inf
btwdndis.inf1
btwhid.sys
.sys windows:5 windows x86 arch:x86

0a47f2eb0215d1339c13a96fe74bf130

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
ExFreePool
KeSetEvent
ZwQueryValueKey
RtlInitUnicodeString
IoBuildSynchronousFsdRequest
ZwClose
wcslen
ZwOpenKey
ZwEnumerateKey
wcscpy
ZwCreateKey
ZwSetValueKey
ObfDereferenceObject
wcsstr
KeDelayExecutionThread
InterlockedExchange
IofCompleteRequest
KeInitializeSpinLock
KeCancelTimer
PoStartNextPowerIrp
PoCallDriver
IoReleaseCancelSpinLock
memmove
IoIsWdmVersionAvailable
MmMapLockedPagesSpecifyCache
KeSetTimer
IoGetDeviceObjectPointer
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
IoFreeIrp
IoAllocateIrp
ExQueueWorkItem
KeQuerySystemTime
strncpy
KeInitializeTimer
IoOpenDeviceRegistryKey
KeInitializeDpc

hal

KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql

hidclass.sys

HidRegisterMinidriver

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 288B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btwhid98.inf
btwhid98.inf1
btwhid98.sys
.sys windows:4 windows x86 arch:x86

a1540c0794591987e19a0c505ee4ff67

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
ExFreePool
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
KeSetEvent
ZwQueryValueKey
RtlInitUnicodeString
IoBuildSynchronousFsdRequest
ZwClose
wcslen
ZwOpenKey
ZwEnumerateKey
wcscpy
ZwCreateKey
wcsstr
ObfDereferenceObject
IoOpenDeviceRegistryKey
KeDelayExecutionThread
IofCompleteRequest
InterlockedExchange
KeInitializeSpinLock
KeCancelTimer
PoStartNextPowerIrp
PoCallDriver
IoReleaseCancelSpinLock
memmove
IoIsWdmVersionAvailable
MmMapLockedPages
KeSetTimer
ExQueueWorkItem
KeQuerySystemTime
strncpy
KeInitializeTimer
ZwSetValueKey
KeInitializeDpc

hal

KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql

hidclass.sys

HidRegisterMinidriver

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PNP
Size: 96B - Virtual size: 67B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btwhidcs.dll
.dll regsvr32 windows:4 windows x86 arch:x86

7d73891eca9cbd76f61b3a3ad6b50c69

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

cfgmgr32

CM_Get_Parent
CM_Locate_DevNodeA
CM_Get_Device_IDA

setupapi

SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiGetDeviceInstanceIdA
SetupDiEnumDeviceInfo
SetupDiOpenDevRegKey
SetupDiDestroyDeviceInfoList

ws2_32

getsockname
closesocket
WSACleanup
socket
WSAStartup
bind

mfc42

ord800
ord2302
ord4258
ord539
ord2818
ord6199
ord540
ord641
ord790
ord609
ord4710
ord6215
ord3092
ord2379
ord4976
ord6453
ord4274
ord815
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord3953
ord2725
ord1131
ord6467
ord2575
ord4396
ord3574
ord768
ord4402
ord3370
ord3640
ord693
ord6907
ord3998
ord5290
ord858
ord3301
ord3996
ord6696
ord6028
ord860
ord3716
ord4376
ord5280
ord3597
ord324
ord4234
ord2642
ord6111
ord4694
ord4853
ord1116
ord1176
ord1575
ord1168
ord6485
ord567
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord825
ord823
ord6601
ord6055
ord1776
ord5241
ord269
ord826
ord795
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4835
ord3798
ord5287
ord4353
ord6374
ord5163
ord2385
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4854
ord4377
ord5265
ord4358
ord4948
ord4742
ord4905
ord5160
ord5162
ord5161
ord3721
ord4424
ord3402
ord2582
ord4837
ord6905

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
_onexit
__dllonexit
?terminate@@YAXXZ
_stricmp
_mbscmp
strcpy
vsprintf
_beginthreadex
wcslen
strcmp
wcscpy
strstr
sscanf
realloc
malloc
free
_except_handler3
memset
strcat
strlen
sprintf
__CxxFrameHandler
memcmp
memcpy
_purecall
_wcsdup
_ultoa

kernel32

FindResourceA
LoadResource
SizeofResource
FreeLibrary
WideCharToMultiByte
GetModuleFileNameA
GetShortPathNameA
lstrlenA
lstrlenW
LoadLibraryA
GetModuleFileNameW
LoadLibraryW
OutputDebugStringA
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
CreateThread
Sleep
TerminateThread
CreateMutexA
CreateEventA
GetProcessHeap
HeapAlloc
InitializeCriticalSection
LoadLibraryExA
HeapFree
DeleteCriticalSection
ReleaseMutex
SetEvent
GetSystemDirectoryA
WinExec
MultiByteToWideChar
SetLastError
InterlockedDecrement
DeviceIoControl
CreateFileA
CloseHandle
InterlockedIncrement
GetLastError
IsDBCSLeadByte
HeapDestroy
LeaveCriticalSection
EnterCriticalSection
lstrcpyA
lstrcatA
GetVersionExA
GetTickCount
MulDiv
LocalFree
LocalAlloc
WaitForSingleObject
lstrcpynA
lstrcmpiA

user32

SetTimer
SendMessageA
LoadImageA
KillTimer
CharNextA
GetWindowRect
SetWindowTextA
EnumChildWindows
GetParent
PeekMessageA
EnableWindow
PostMessageA
wvsprintfA
LoadStringA
SetDlgItemTextA

gdi32

DeleteObject

advapi32

RegOpenKeyExA
CryptImportKey
CryptDecrypt
CryptGetUserKey
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegQueryValueExA
RegCloseKey
RegEnumKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumValueA
CryptAcquireContextA
CryptReleaseContext
CryptSetProvParam
InitializeSecurityDescriptor
CryptDestroyKey
CryptEncrypt
CryptExportKey
CryptGenKey

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

oleaut32

LoadTypeLi
SysAllocString
RegisterTypeLi
VarUI4FromStr
SysFreeString

Exports

Exports

??0CBtHidExtRoot@@QAE@ABV0@@Z
??0CBtHidExtRoot@@QAE@XZ
??1CBtHidExtRoot@@UAE@XZ
??4CBtHidExtRoot@@QAEAAV0@ABV0@@Z
??_7CBtHidExtRoot@@6B@
?DeviceNotification@CBtHidExtRoot@@UAEHIJPAEPAH@Z
?GetFirmwareVersionFromSDP@CBtHidExtRoot@@UAEHPAEPAG@Z
?ReadFirmwareVersionFromRegistry@CBtHidExtRoot@@UAEHPAEPAG@Z
?RegisterDeviceNotificationA@CBtHidExtRoot@@UAEHKW4eDeviceType@@PAUHWND__@@@Z
?UnregisterDeviceNotification@CBtHidExtRoot@@UAEXXZ
?WaitNoInstallEvents@CBtHidExtRoot@@QAEHKK@Z
?WriteFirmwareVersionToRegistry@CBtHidExtRoot@@UAEHPAEG@Z
?devClassToDeviceType@@YA?AW4eDeviceType@@EE@Z
?enableTrace@CBtHidExtRoot@@SAXK@Z
?findVendor@CBtHidExtRoot@@SAHG@Z
?findVendor@CBtHidExtRoot@@SAHPAD@Z
?getAllowWakeup@CBtHidExtRoot@@UAEHPAEPAH@Z
?getBatteryStatus@CBtHidExtRoot@@QAEHPAE0PAH1@Z
?getManufacturerInfo@CBtHidExtRoot@@UAEHPAEPAG01@Z
?getPidVid@CBtHidExtRoot@@QAEHPAEPAG111K@Z
?getStack@@YAPAVCBtHidExtRoot@@XZ
?isDevSelSuspended@CBtHidExtRoot@@UAEHXZ
?isMsStackActive@@YAHXZ
?manufacturers@CBtHidExtRoot@@2PAPBDA
?manufacturersNumber@CBtHidExtRoot@@2KB
?readSettings@CBtHidExtRoot@@SAXPAHPAK001111@Z
?registerPowerChangedNotification@CBtHidExtRoot@@QAEHPAUHWND__@@K@Z
?setAllowWakeup@CBtHidExtRoot@@UAEXPAEH@Z
?unregisterPowerChangedNotification@CBtHidExtRoot@@QAEXXZ
?vendors@CBtHidExtRoot@@2QBUVENOR_ID_NAME@@B
?vendorsNumber@CBtHidExtRoot@@2KB
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetDevPowerManagementCPropertyPageEx
GetDevPowerManagementPropPage
GetHidCPropertyPageEx
GetHidPropPage
ShowHidPropPage
ShowHidPropPageRunDll32

Sections

.text
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btwhidme.inf
btwhidme.inf1
btwhidnt.cat
btwhidnt.inf
btwiacam.dll
.dll windows:5 windows x86 arch:x86

aee4dfce54cbc1d3785ff9c77c161da9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_ftol
_vsnprintf
strrchr
_snprintf
wcschr
free
malloc
sscanf
sprintf
??2@YAPAXI@Z
??3@YAXPAX@Z

kernel32

lstrcatW
lstrcpyW
FreeLibrary
GetLastError
GetProcAddress
LoadLibraryA
GetCurrentThreadId
FormatMessageA
DebugBreak
InterlockedDecrement
DisableThreadLibraryCalls
lstrcpyA
lstrcatA
GetModuleFileNameA
lstrcpynA
GetLocalTime
OutputDebugStringA
HeapAlloc
WaitForSingleObject
ExpandEnvironmentStringsA
CreateFileA
SetFilePointerEx
WriteFile
FlushFileBuffers
ReleaseMutex
GetProcessHeap
InterlockedIncrement
lstrlenW
HeapFree
CreateMutexA
MultiByteToWideChar

advapi32

FreeSid
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
RegOpenKeyExA
AllocateAndInitializeSid
GetLengthSid
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
SetSecurityDescriptorDacl

oleaut32

SysFreeString
SysAllocString

wiaservc

wiasWriteBufToFile
wiasWriteMultiple
wiasWritePropLong
wiasCreateDrvItem
wiasQueueEvent
wiasValidateItemProperties
wiasGetItemType
wiasReadPropLong
wiasCreatePropContext
wiasUpdateValidFormat
wiasFreePropContext
wiasGetDrvItem
wiasReadPropGuid
wiasSetItemPropAttribs
wiasSetItemPropNames

user32

LoadStringW

gdiplus

GdipGetImageEncodersSize
GdipGetImageEncoders
GdipGetImagePixelFormat
GdipDisposeImage
GdipCloneImage
GdipGetImageDimension
GdipSaveImageToStream
GdipLoadImageFromStreamICM
GdiplusStartup
GdipLoadImageFromStream
GdiplusShutdown
GdipFree
GdipAlloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
_DllEntryPoint@12

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btwiacam.inf
btwmodem.sys
.sys windows:5 windows x86 arch:x86

baeff64f5cc0248f026ff473800ca99f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExFreePool
IoDetachDevice
RtlUnicodeStringToInteger
RtlInitUnicodeString
KeInitializeDpc
KeInitializeTimer
KeInitializeSpinLock
IoCancelIrp
IoReleaseCancelSpinLock
IoAcquireCancelSpinLock
KeSetEvent
KeInitializeEvent
IoCreateDevice
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
RtlAppendUnicodeToString
IoAttachDeviceToDeviceStack
IofCompleteRequest
InterlockedIncrement
IofCallDriver
IoOpenDeviceRegistryKey
RtlDeleteRegistryValue
IoDeleteSymbolicLink
IoDeleteDevice
IoRegisterDeviceInterface
RtlWriteRegistryValue
IoCreateSymbolicLink
ZwClose
InterlockedExchange
KeCancelTimer
KeSetTimer
PoCallDriver
RtlCompareUnicodeString
ZwQueryValueKey
ZwOpenKey
IoGetDeviceObjectPointer
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
ObfDereferenceObject
IoFreeIrp
IoAllocateIrp
KeQuerySystemTime
_allmul
ExAllocatePoolWithQuotaTag
_except_handler3
PoStartNextPowerIrp
InterlockedDecrement
KeWaitForSingleObject
KeRemoveQueueDpc
ExAllocatePoolWithTag
IoSetDeviceInterfaceState
memmove

hal

KfAcquireSpinLock
KfReleaseSpinLock
ExAcquireFastMutex
ExReleaseFastMutex
KeGetCurrentIrql

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 480B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btwusb.cat
btwusb.cat2
btwusb.inf
btwusb.inf1
btwusb.inf2
btwusb.sys
.sys windows:4 windows x86 arch:x86

c5754ddacf5073c21c11fd5ea7fde898

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoAllocateIrp
KeInitializeSpinLock
ExFreePool
KeInitializeDpc
KeInitializeTimer
IoCancelIrp
KeDelayExecutionThread
KeCancelTimer
KeWaitForSingleObject
KeInitializeEvent
ZwClose
IoOpenDeviceRegistryKey
IoGetDeviceProperty
PoSetPowerState
IoDeleteDevice
IoDetachDevice
IoAttachDeviceToDeviceStack
memcpy
ZwQueryValueKey
IoFreeIrp
IoCreateSymbolicLink
IoCreateDevice
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
IoDeleteSymbolicLink
IoBuildDeviceIoControlRequest
IofCallDriver
IofCompleteRequest
PoCallDriver
InterlockedIncrement
PoStartNextPowerIrp
PoRequestPowerIrp
InterlockedExchange
ZwSetValueKey
KeSetEvent
InterlockedDecrement
KeSetTimer
KeTickCount
ExQueueWorkItem
KeClearEvent
memset
RtlInitUnicodeString
RtlCompareMemory
memmove
IoInitializeIrp
wcscpy
wcslen
wcscmp
strcpy
IoGetDeviceObjectPointer
ObfDereferenceObject
IoIsWdmVersionAvailable

hal

KfReleaseSpinLock
KeGetCurrentIrql
KfAcquireSpinLock

usbd.sys

_USBD_ParseConfigurationDescriptorEx@28
_USBD_CreateConfigurationRequestEx@8
USBD_CreateConfigurationRequest
_USBD_ParseDescriptors@16

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PNP
Size: 96B - Virtual size: 67B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 480B - Virtual size: 470B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btwusb.sys1
.sys windows:4 windows x86 arch:x86

c5754ddacf5073c21c11fd5ea7fde898

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoAllocateIrp
KeInitializeSpinLock
ExFreePool
KeInitializeDpc
KeInitializeTimer
IoCancelIrp
KeDelayExecutionThread
KeCancelTimer
KeWaitForSingleObject
KeInitializeEvent
ZwClose
IoOpenDeviceRegistryKey
IoGetDeviceProperty
PoSetPowerState
IoDeleteDevice
IoDetachDevice
IoAttachDeviceToDeviceStack
memcpy
ZwQueryValueKey
IoFreeIrp
IoCreateSymbolicLink
IoCreateDevice
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
IoDeleteSymbolicLink
IoBuildDeviceIoControlRequest
IofCallDriver
IofCompleteRequest
PoCallDriver
InterlockedIncrement
PoStartNextPowerIrp
PoRequestPowerIrp
InterlockedExchange
ZwSetValueKey
KeSetEvent
InterlockedDecrement
KeSetTimer
KeTickCount
ExQueueWorkItem
KeClearEvent
memset
RtlInitUnicodeString
RtlCompareMemory
memmove
IoInitializeIrp
wcscpy
wcslen
wcscmp
strcpy
IoGetDeviceObjectPointer
ObfDereferenceObject
IoIsWdmVersionAvailable

hal

KfReleaseSpinLock
KeGetCurrentIrql
KfAcquireSpinLock

usbd.sys

_USBD_ParseConfigurationDescriptorEx@28
_USBD_CreateConfigurationRequestEx@8
USBD_CreateConfigurationRequest
_USBD_ParseDescriptors@16

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PNP
Size: 96B - Virtual size: 67B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 480B - Virtual size: 470B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btwusb.sys2
.sys windows:4 windows x86 arch:x86

c5754ddacf5073c21c11fd5ea7fde898

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoAllocateIrp
KeInitializeSpinLock
ExFreePool
KeInitializeDpc
KeInitializeTimer
IoCancelIrp
KeDelayExecutionThread
KeCancelTimer
KeWaitForSingleObject
KeInitializeEvent
ZwClose
IoOpenDeviceRegistryKey
IoGetDeviceProperty
PoSetPowerState
IoDeleteDevice
IoDetachDevice
IoAttachDeviceToDeviceStack
memcpy
ZwQueryValueKey
IoFreeIrp
IoCreateSymbolicLink
IoCreateDevice
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
IoDeleteSymbolicLink
IoBuildDeviceIoControlRequest
IofCallDriver
IofCompleteRequest
PoCallDriver
InterlockedIncrement
PoStartNextPowerIrp
PoRequestPowerIrp
InterlockedExchange
ZwSetValueKey
KeSetEvent
InterlockedDecrement
KeSetTimer
KeTickCount
ExQueueWorkItem
KeClearEvent
memset
RtlInitUnicodeString
RtlCompareMemory
memmove
IoInitializeIrp
wcscpy
wcslen
wcscmp
strcpy
IoGetDeviceObjectPointer
ObfDereferenceObject
IoIsWdmVersionAvailable

hal

KfReleaseSpinLock
KeGetCurrentIrql
KfAcquireSpinLock

usbd.sys

_USBD_ParseConfigurationDescriptorEx@28
_USBD_CreateConfigurationRequestEx@8
USBD_CreateConfigurationRequest
_USBD_ParseDescriptors@16

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PNP
Size: 96B - Virtual size: 67B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 480B - Virtual size: 470B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
frmupgr.sys
.sys windows:5 windows x86 arch:x86

7234fb389d690f177ea3e92b1f94e8e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ObReferenceObjectByHandle
PsCreateSystemThread
ObfDereferenceObject
KeWaitForSingleObject
IofCompleteRequest
ExAllocatePoolWithTag
IofCallDriver
KeDelayExecutionThread
IoCancelIrp
IoBuildDeviceIoControlRequest
KeInitializeEvent
RtlFreeUnicodeString
DbgPrint
RtlCopyUnicodeString
IoIsWdmVersionAvailable
ZwClose
IoDetachDevice
PoSetPowerState
IoAttachDeviceToDeviceStack
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
KeSetEvent
IoDeleteSymbolicLink
PoCallDriver
PoStartNextPowerIrp
PoRequestPowerIrp
InterlockedExchange
IoAllocateIrp
IoFreeIrp
ExQueueWorkItem
IoDeleteDevice
InterlockedIncrement
InterlockedDecrement
PoRegisterDeviceForIdleDetection
RtlUnwind
ExFreePool

hal

KeGetCurrentIrql

usbd.sys

_USBD_ParseConfigurationDescriptorEx@28
USBD_CreateConfigurationRequest
_USBD_ParseDescriptors@16

wmilib.sys

WmiCompleteRequest

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

page
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

init
Size: 224B - Virtual size: 212B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 320B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 352B - Virtual size: 350B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 960B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 672B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
frmupgr.sys1
.sys windows:5 windows x86 arch:x86

7234fb389d690f177ea3e92b1f94e8e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ObReferenceObjectByHandle
PsCreateSystemThread
ObfDereferenceObject
KeWaitForSingleObject
IofCompleteRequest
ExAllocatePoolWithTag
IofCallDriver
KeDelayExecutionThread
IoCancelIrp
IoBuildDeviceIoControlRequest
KeInitializeEvent
RtlFreeUnicodeString
DbgPrint
RtlCopyUnicodeString
IoIsWdmVersionAvailable
ZwClose
IoDetachDevice
PoSetPowerState
IoAttachDeviceToDeviceStack
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
KeSetEvent
IoDeleteSymbolicLink
PoCallDriver
PoStartNextPowerIrp
PoRequestPowerIrp
InterlockedExchange
IoAllocateIrp
IoFreeIrp
ExQueueWorkItem
IoDeleteDevice
InterlockedIncrement
InterlockedDecrement
PoRegisterDeviceForIdleDetection
RtlUnwind
ExFreePool

hal

KeGetCurrentIrql

usbd.sys

_USBD_ParseConfigurationDescriptorEx@28
USBD_CreateConfigurationRequest
_USBD_ParseDescriptors@16

wmilib.sys

WmiCompleteRequest

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

page
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

init
Size: 224B - Virtual size: 212B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 320B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 352B - Virtual size: 350B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 960B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 672B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
gdiplus.dll
.dll windows:5 windows x86 arch:x86

2a1ab6b72adad6b03d0746b0a5fa55d6

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:9d:aa:11:d3:30:a8:95:60:ac:fa
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

01/07/1999, 07:00

Not After

15/10/2005, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:06:51:3f:00:00:00:00:00:35
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Not Before

30/06/2003, 23:22

Not After

30/08/2004, 23:32

Subject

CN=Microsoft Windows XP Publisher,OU=Copyright (c) 2003 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

4f:11:fb:cd:c0:44:ea:be:51:45:c5:b8:65:ea:1c:b3:ee:fd:20:31
Signer

Actual PE Digest

4f:11:fb:cd:c0:44:ea:be:51:45:c5:b8:65:ea:1c:b3:ee:fd:20:31

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SearchPathA
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
InterlockedExchange
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
DisableThreadLibraryCalls
RaiseException
Sleep
CloseHandle
WriteFile
CreateFileA
WaitForSingleObject
SetEvent
lstrcmpiA
CreateThread
CreateEventA
WideCharToMultiByte
MultiByteToWideChar
GetTickCount
GetSystemDefaultLCID
GetProcAddress
GetModuleHandleW
GetACP
GetVersionExA
LoadLibraryA
VirtualQuery
VirtualProtect
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
ExitProcess
GetCommandLineA
GetSystemInfo
HeapReAlloc
HeapFree
VirtualAlloc
IsValidLocale
ConvertDefaultLocale
GetLocaleInfoW
GetModuleFileNameW
GetModuleFileNameA
FindResourceA
LoadResource
LockResource
GetProfileIntA
GetProfileStringA
lstrcmpiW
IsDBCSLeadByteEx
LocalReAlloc
MulDiv
SetLastError
LocalAlloc
LocalFree
GetFileTime
SearchPathW
InterlockedIncrement
GetOEMCP
CreateSemaphoreA
lstrcpyW
lstrcatW
LoadLibraryW
lstrcpyA
lstrcatA
GetSystemDirectoryA
CreateFileMappingW
ReleaseSemaphore
GetProfileSectionA
CreateFileW
SetEndOfFile
SetFilePointer
ReadFile
UnlockFile
GetFileInformationByHandle
LockFile
FlushFileBuffers
GetLastError
VirtualFree
GlobalAlloc
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GlobalLock
GlobalSize
GlobalUnlock
GlobalFree
HeapCreate
GetModuleHandleA
GetSystemDirectoryW
GetWindowsDirectoryA
FreeLibrary
HeapDestroy

user32

ReleaseDC
GetDC
LoadBitmapW
LoadBitmapA
wsprintfW
SystemParametersInfoA
wsprintfA
GetSysColor
UnregisterClassA
DestroyWindow
GetSystemMetrics
DefWindowProcA
CreateWindowExA
RegisterWindowMessageA
RegisterClassA
DispatchMessageA
TranslateMessage
MsgWaitForMultipleObjects
PeekMessageA
GetClientRect
GetDesktopWindow
GetWindowRect
WindowFromDC
CreateIconIndirect
GetIconInfo
ClientToScreen
wvsprintfA
GetDCEx
GetWindowLongA
GetClassLongA

gdi32

GetNearestPaletteIndex
GetDIBColorTable
FillRgn
SetMiterLimit
CreateSolidBrush
StrokePath
GetGraphicsMode
SetPolyFillMode
FillPath
StrokeAndFillPath
GetWindowExtEx
ExtTextOutA
GetTextCharsetInfo
TranslateCharsetInfo
PolylineTo
Polyline
LineTo
GetCurrentPositionEx
ArcTo
SetArcDirection
SelectClipPath
GetPath
CloseFigure
AbortPath
FlattenPath
WidenPath
BeginPath
Ellipse
AngleArc
PolyBezierTo
PolyBezier
RoundRect
PolyDraw
Pie
Chord
Arc
EndPath
OffsetClipRgn
GetRgnBox
CombineRgn
SetPaletteEntries
ResizePalette
ExcludeClipRect
MoveToEx
PlayEnhMetaFile
GetWinMetaFileBits
PlgBlt
BitBlt
OffsetViewportOrgEx
StretchBlt
ScaleViewportExtEx
ScaleWindowExtEx
CombineTransform
SetMapperFlags
CreatePen
CreateDIBitmap
CreatePatternBrush
ExtSelectClipRgn
GetBkMode
GetTextAlign
ModifyWorldTransform
ExtCreateRegion
CreateCompatibleBitmap
GetNearestColor
SetStretchBltMode
StretchDIBits
SetTextAlign
SetTextJustification
PolyPolygon
PlayMetaFileRecord
ExtCreatePen
GetWorldTransform
GetROP2
SetROP2
Rectangle
Polygon
IntersectClipRect
SetBrushOrgEx
GetClipRgn
SelectClipRgn
GetBkColor
GetTextColor
CreatePenIndirect
GetObjectW
DPtoLP
CreateDIBPatternBrushPt
ExtTextOutW
SetBitmapBits
CreateEnhMetaFileW
GdiComment
GetMetaFileW
GetMetaFileA
SaveDC
SetWindowOrgEx
SetViewportOrgEx
SetGraphicsMode
SetWorldTransform
GetEnhMetaFileW
GetEnhMetaFileA
GetEnhMetaFileBits
CopyEnhMetaFileA
CopyMetaFileA
DeleteMetaFile
GetEnhMetaFileHeader
SetMetaFileBitsEx
SetEnhMetaFileBits
CreateEnhMetaFileA
SetMapMode
SetViewportExtEx
SetWindowExtEx
PlayMetaFile
CloseEnhMetaFile
DeleteEnhMetaFile
SetMetaRgn
GetMetaFileBitsEx
EnumMetaFile
EnumEnhMetaFile
PlayEnhMetaFileRecord
RestoreDC
GetStockObject
CreateBitmap
SetTextColor
SetBkColor
SetBkMode
SetDIBits
CreateBrushIndirect
CreatePalette
GetSystemPaletteEntries
GetSystemPaletteUse
GetDeviceCaps
ExtEscape
GetObjectType
GetPixel
SetDIBColorTable
DeleteObject
SelectPalette
GetTextFaceA
GetTextMetricsA
GetTextFaceW
GetTextMetricsW
EnumFontFamiliesExA
EnumFontFamiliesExW
SelectObject
CreateFontIndirectW
CreateFontIndirectA
GetRegionData
DeleteDC
CreateDCA
CreateICA
CreateRectRgn
GetRandomRgn
LPtoDP
PolyPolyline
GetViewportExtEx
GetWindowOrgEx
GetViewportOrgEx
GetMapMode
SetICMMode
Escape
GetDCOrgEx
GetObjectA
GetCurrentObject
GetDIBits
CreateCompatibleDC
CreateDIBSection
RealizePalette
GetPaletteEntries
GdiFlush
PatBlt

ole32

CoTaskMemAlloc
CoTaskMemFree
CreateStreamOnHGlobal

advapi32

RegSetValueExA
RegCloseKey
RegEnumValueW
RegQueryInfoKeyA
RegOpenKeyExA
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExA
RegEnumKeyExA
RegEnumKeyExW
RegCreateKeyExA
RegQueryValueExW
RegSetValueExW
RegEnumValueA
RegDeleteKeyW
RegDeleteKeyA
RegCreateKeyExW

Exports

Exports

GdipAddPathArc
GdipAddPathArcI
GdipAddPathBezier
GdipAddPathBezierI
GdipAddPathBeziers
GdipAddPathBeziersI
GdipAddPathClosedCurve
GdipAddPathClosedCurve2
GdipAddPathClosedCurve2I
GdipAddPathClosedCurveI
GdipAddPathCurve
GdipAddPathCurve2
GdipAddPathCurve2I
GdipAddPathCurve3
GdipAddPathCurve3I
GdipAddPathCurveI
GdipAddPathEllipse
GdipAddPathEllipseI
GdipAddPathLine
GdipAddPathLine2
GdipAddPathLine2I
GdipAddPathLineI
GdipAddPathPath
GdipAddPathPie
GdipAddPathPieI
GdipAddPathPolygon
GdipAddPathPolygonI
GdipAddPathRectangle
GdipAddPathRectangleI
GdipAddPathRectangles
GdipAddPathRectanglesI
GdipAddPathString
GdipAddPathStringI
GdipAlloc
GdipBeginContainer
GdipBeginContainer2
GdipBeginContainerI
GdipBitmapGetPixel
GdipBitmapLockBits
GdipBitmapSetPixel
GdipBitmapSetResolution
GdipBitmapUnlockBits
GdipClearPathMarkers
GdipCloneBitmapArea
GdipCloneBitmapAreaI
GdipCloneBrush
GdipCloneCustomLineCap
GdipCloneFont
GdipCloneFontFamily
GdipCloneImage
GdipCloneImageAttributes
GdipCloneMatrix
GdipClonePath
GdipClonePen
GdipCloneRegion
GdipCloneStringFormat
GdipClosePathFigure
GdipClosePathFigures
GdipCombineRegionPath
GdipCombineRegionRect
GdipCombineRegionRectI
GdipCombineRegionRegion
GdipComment
GdipCreateAdjustableArrowCap
GdipCreateBitmapFromDirectDrawSurface
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromGdiDib
GdipCreateBitmapFromGraphics
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromHICON
GdipCreateBitmapFromResource
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateCachedBitmap
GdipCreateCustomLineCap
GdipCreateFont
GdipCreateFontFamilyFromName
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipCreateFontFromLogfontW
GdipCreateFromHDC
GdipCreateFromHDC2
GdipCreateFromHWND
GdipCreateFromHWNDICM
GdipCreateHBITMAPFromBitmap
GdipCreateHICONFromBitmap
GdipCreateHalftonePalette
GdipCreateHatchBrush
GdipCreateImageAttributes
GdipCreateLineBrush
GdipCreateLineBrushFromRect
GdipCreateLineBrushFromRectI
GdipCreateLineBrushFromRectWithAngle
GdipCreateLineBrushFromRectWithAngleI
GdipCreateLineBrushI
GdipCreateMatrix
GdipCreateMatrix2
GdipCreateMatrix3
GdipCreateMatrix3I
GdipCreateMetafileFromEmf
GdipCreateMetafileFromFile
GdipCreateMetafileFromStream
GdipCreateMetafileFromWmf
GdipCreateMetafileFromWmfFile
GdipCreatePath
GdipCreatePath2
GdipCreatePath2I
GdipCreatePathGradient
GdipCreatePathGradientFromPath
GdipCreatePathGradientI
GdipCreatePathIter
GdipCreatePen1
GdipCreatePen2
GdipCreateRegion
GdipCreateRegionHrgn
GdipCreateRegionPath
GdipCreateRegionRect
GdipCreateRegionRectI
GdipCreateRegionRgnData
GdipCreateSolidFill
GdipCreateStreamOnFile
GdipCreateStringFormat
GdipCreateTexture
GdipCreateTexture2
GdipCreateTexture2I
GdipCreateTextureIA
GdipCreateTextureIAI
GdipDeleteBrush
GdipDeleteCachedBitmap
GdipDeleteCustomLineCap
GdipDeleteFont
GdipDeleteFontFamily
GdipDeleteGraphics
GdipDeleteMatrix
GdipDeletePath
GdipDeletePathIter
GdipDeletePen
GdipDeletePrivateFontCollection
GdipDeleteRegion
GdipDeleteStringFormat
GdipDisposeImage
GdipDisposeImageAttributes
GdipDrawArc
GdipDrawArcI
GdipDrawBezier
GdipDrawBezierI
GdipDrawBeziers
GdipDrawBeziersI
GdipDrawCachedBitmap
GdipDrawClosedCurve
GdipDrawClosedCurve2
GdipDrawClosedCurve2I
GdipDrawClosedCurveI
GdipDrawCurve
GdipDrawCurve2
GdipDrawCurve2I
GdipDrawCurve3
GdipDrawCurve3I
GdipDrawCurveI
GdipDrawDriverString
GdipDrawEllipse
GdipDrawEllipseI
GdipDrawImage
GdipDrawImageI
GdipDrawImagePointRect
GdipDrawImagePointRectI
GdipDrawImagePoints
GdipDrawImagePointsI
GdipDrawImagePointsRect
GdipDrawImagePointsRectI
GdipDrawImageRect
GdipDrawImageRectI
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipDrawLine
GdipDrawLineI
GdipDrawLines
GdipDrawLinesI
GdipDrawPath
GdipDrawPie
GdipDrawPieI
GdipDrawPolygon
GdipDrawPolygonI
GdipDrawRectangle
GdipDrawRectangleI
GdipDrawRectangles
GdipDrawRectanglesI
GdipDrawString
GdipEmfToWmfBits
GdipEndContainer
GdipEnumerateMetafileDestPoint
GdipEnumerateMetafileDestPointI
GdipEnumerateMetafileDestPoints
GdipEnumerateMetafileDestPointsI
GdipEnumerateMetafileDestRect
GdipEnumerateMetafileDestRectI
GdipEnumerateMetafileSrcRectDestPoint
GdipEnumerateMetafileSrcRectDestPointI
GdipEnumerateMetafileSrcRectDestPoints
GdipEnumerateMetafileSrcRectDestPointsI
GdipEnumerateMetafileSrcRectDestRect
GdipEnumerateMetafileSrcRectDestRectI
GdipFillClosedCurve
GdipFillClosedCurve2
GdipFillClosedCurve2I
GdipFillClosedCurveI
GdipFillEllipse
GdipFillEllipseI
GdipFillPath
GdipFillPie
GdipFillPieI
GdipFillPolygon
GdipFillPolygon2
GdipFillPolygon2I
GdipFillPolygonI
GdipFillRectangle
GdipFillRectangleI
GdipFillRectangles
GdipFillRectanglesI
GdipFillRegion
GdipFlattenPath
GdipFlush
GdipFree
GdipGetAdjustableArrowCapFillState
GdipGetAdjustableArrowCapHeight
GdipGetAdjustableArrowCapMiddleInset
GdipGetAdjustableArrowCapWidth
GdipGetAllPropertyItems
GdipGetBrushType
GdipGetCellAscent
GdipGetCellDescent
GdipGetClip
GdipGetClipBounds
GdipGetClipBoundsI
GdipGetCompositingMode
GdipGetCompositingQuality
GdipGetCustomLineCapBaseCap
GdipGetCustomLineCapBaseInset
GdipGetCustomLineCapStrokeCaps
GdipGetCustomLineCapStrokeJoin
GdipGetCustomLineCapType
GdipGetCustomLineCapWidthScale
GdipGetDC
GdipGetDpiX
GdipGetDpiY
GdipGetEmHeight
GdipGetEncoderParameterList
GdipGetEncoderParameterListSize
GdipGetFamily
GdipGetFamilyName
GdipGetFontCollectionFamilyCount
GdipGetFontCollectionFamilyList
GdipGetFontHeight
GdipGetFontHeightGivenDPI
GdipGetFontSize
GdipGetFontStyle
GdipGetFontUnit
GdipGetGenericFontFamilyMonospace
GdipGetGenericFontFamilySansSerif
GdipGetGenericFontFamilySerif
GdipGetHatchBackgroundColor
GdipGetHatchForegroundColor
GdipGetHatchStyle
GdipGetHemfFromMetafile
GdipGetImageAttributesAdjustedPalette
GdipGetImageBounds
GdipGetImageDecoders
GdipGetImageDecodersSize
GdipGetImageDimension
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipGetImageFlags
GdipGetImageGraphicsContext
GdipGetImageHeight
GdipGetImageHorizontalResolution
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageRawFormat
GdipGetImageThumbnail
GdipGetImageType
GdipGetImageVerticalResolution
GdipGetImageWidth
GdipGetInterpolationMode
GdipGetLineBlend
GdipGetLineBlendCount
GdipGetLineColors
GdipGetLineGammaCorrection
GdipGetLinePresetBlend
GdipGetLinePresetBlendCount
GdipGetLineRect
GdipGetLineRectI
GdipGetLineSpacing
GdipGetLineTransform
GdipGetLineWrapMode
GdipGetLogFontA
GdipGetLogFontW
GdipGetMatrixElements
GdipGetMetafileDownLevelRasterizationLimit
GdipGetMetafileHeaderFromEmf
GdipGetMetafileHeaderFromFile
GdipGetMetafileHeaderFromMetafile
GdipGetMetafileHeaderFromStream
GdipGetMetafileHeaderFromWmf
GdipGetNearestColor
GdipGetPageScale
GdipGetPageUnit
GdipGetPathData
GdipGetPathFillMode
GdipGetPathGradientBlend
GdipGetPathGradientBlendCount
GdipGetPathGradientCenterColor
GdipGetPathGradientCenterPoint
GdipGetPathGradientCenterPointI
GdipGetPathGradientFocusScales
GdipGetPathGradientGammaCorrection
GdipGetPathGradientPath
GdipGetPathGradientPointCount
GdipGetPathGradientPresetBlend
GdipGetPathGradientPresetBlendCount
GdipGetPathGradientRect
GdipGetPathGradientRectI
GdipGetPathGradientSurroundColorCount
GdipGetPathGradientSurroundColorsWithCount
GdipGetPathGradientTransform
GdipGetPathGradientWrapMode
GdipGetPathLastPoint
GdipGetPathPoints
GdipGetPathPointsI
GdipGetPathTypes
GdipGetPathWorldBounds
GdipGetPathWorldBoundsI
GdipGetPenBrushFill
GdipGetPenColor
GdipGetPenCompoundArray
GdipGetPenCompoundCount
GdipGetPenCustomEndCap
GdipGetPenCustomStartCap
GdipGetPenDashArray
GdipGetPenDashCap197819
GdipGetPenDashCount
GdipGetPenDashOffset
GdipGetPenDashStyle
GdipGetPenEndCap
GdipGetPenFillType
GdipGetPenLineJoin
GdipGetPenMiterLimit
GdipGetPenMode
GdipGetPenStartCap
GdipGetPenTransform
GdipGetPenUnit
GdipGetPenWidth
GdipGetPixelOffsetMode
GdipGetPointCount
GdipGetPropertyCount
GdipGetPropertyIdList
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipGetPropertySize
GdipGetRegionBounds
GdipGetRegionBoundsI
GdipGetRegionData
GdipGetRegionDataSize
GdipGetRegionHRgn
GdipGetRegionScans
GdipGetRegionScansCount
GdipGetRegionScansI
GdipGetRenderingOrigin
GdipGetSmoothingMode
GdipGetSolidFillColor
GdipGetStringFormatAlign
GdipGetStringFormatDigitSubstitution
GdipGetStringFormatFlags
GdipGetStringFormatHotkeyPrefix
GdipGetStringFormatLineAlign
GdipGetStringFormatMeasurableCharacterRangeCount
GdipGetStringFormatTabStopCount
GdipGetStringFormatTabStops
GdipGetStringFormatTrimming
GdipGetTextContrast
GdipGetTextRenderingHint
GdipGetTextureImage
GdipGetTextureTransform
GdipGetTextureWrapMode
GdipGetVisibleClipBounds
GdipGetVisibleClipBoundsI
GdipGetWorldTransform
GdipGraphicsClear
GdipImageForceValidation
GdipImageGetFrameCount
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageRotateFlip
GdipImageSelectActiveFrame
GdipInvertMatrix
GdipIsClipEmpty
GdipIsEmptyRegion
GdipIsEqualRegion
GdipIsInfiniteRegion
GdipIsMatrixEqual
GdipIsMatrixIdentity
GdipIsMatrixInvertible
GdipIsOutlineVisiblePathPoint
GdipIsOutlineVisiblePathPointI
GdipIsStyleAvailable
GdipIsVisibleClipEmpty
GdipIsVisiblePathPoint
GdipIsVisiblePathPointI
GdipIsVisiblePoint
GdipIsVisiblePointI
GdipIsVisibleRect
GdipIsVisibleRectI
GdipIsVisibleRegionPoint
GdipIsVisibleRegionPointI
GdipIsVisibleRegionRect
GdipIsVisibleRegionRectI
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipMeasureCharacterRanges
GdipMeasureDriverString
GdipMeasureString
GdipMultiplyLineTransform
GdipMultiplyMatrix
GdipMultiplyPathGradientTransform
GdipMultiplyPenTransform
GdipMultiplyTextureTransform
GdipMultiplyWorldTransform
GdipNewInstalledFontCollection
GdipNewPrivateFontCollection
GdipPathIterCopyData
GdipPathIterEnumerate
GdipPathIterGetCount
GdipPathIterGetSubpathCount
GdipPathIterHasCurve
GdipPathIterIsValid
GdipPathIterNextMarker
GdipPathIterNextMarkerPath
GdipPathIterNextPathType
GdipPathIterNextSubpath
GdipPathIterNextSubpathPath
GdipPathIterRewind
GdipPlayMetafileRecord
GdipPrivateAddFontFile
GdipPrivateAddMemoryFont
GdipRecordMetafile
GdipRecordMetafileFileName
GdipRecordMetafileFileNameI
GdipRecordMetafileI
GdipRecordMetafileStream
GdipRecordMetafileStreamI
GdipReleaseDC
GdipRemovePropertyItem
GdipResetClip
GdipResetImageAttributes
GdipResetLineTransform
GdipResetPageTransform
GdipResetPath
GdipResetPathGradientTransform
GdipResetPenTransform
GdipResetTextureTransform
GdipResetWorldTransform
GdipRestoreGraphics
GdipReversePath
GdipRotateLineTransform
GdipRotateMatrix
GdipRotatePathGradientTransform
GdipRotatePenTransform
GdipRotateTextureTransform
GdipRotateWorldTransform
GdipSaveAdd
GdipSaveAddImage
GdipSaveGraphics
GdipSaveImageToFile
GdipSaveImageToStream
GdipScaleLineTransform
GdipScaleMatrix
GdipScalePathGradientTransform
GdipScalePenTransform
GdipScaleTextureTransform
GdipScaleWorldTransform
GdipSetAdjustableArrowCapFillState
GdipSetAdjustableArrowCapHeight
GdipSetAdjustableArrowCapMiddleInset
GdipSetAdjustableArrowCapWidth
GdipSetClipGraphics
GdipSetClipHrgn
GdipSetClipPath
GdipSetClipRect
GdipSetClipRectI
GdipSetClipRegion
GdipSetCompositingMode
GdipSetCompositingQuality
GdipSetCustomLineCapBaseCap
GdipSetCustomLineCapBaseInset
GdipSetCustomLineCapStrokeCaps
GdipSetCustomLineCapStrokeJoin

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
gdiplus_dll_2_____X86.3643236F_FC70_11D3_A536_0090278A1BB8
.dll windows:5 windows x86 arch:x86

2a1ab6b72adad6b03d0746b0a5fa55d6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SearchPathA
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
InterlockedExchange
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
DisableThreadLibraryCalls
RaiseException
Sleep
CloseHandle
WriteFile
CreateFileA
WaitForSingleObject
SetEvent
lstrcmpiA
CreateThread
CreateEventA
WideCharToMultiByte
MultiByteToWideChar
GetTickCount
GetSystemDefaultLCID
GetProcAddress
GetModuleHandleW
GetACP
GetVersionExA
LoadLibraryA
VirtualQuery
VirtualProtect
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
ExitProcess
GetCommandLineA
GetSystemInfo
HeapReAlloc
HeapFree
VirtualAlloc
IsValidLocale
ConvertDefaultLocale
GetLocaleInfoW
GetModuleFileNameW
GetModuleFileNameA
FindResourceA
LoadResource
LockResource
GetProfileIntA
GetProfileStringA
lstrcmpiW
IsDBCSLeadByteEx
LocalReAlloc
MulDiv
SetLastError
LocalAlloc
LocalFree
GetFileTime
SearchPathW
InterlockedIncrement
GetOEMCP
CreateSemaphoreA
lstrcpyW
lstrcatW
LoadLibraryW
lstrcpyA
lstrcatA
GetSystemDirectoryA
CreateFileMappingW
ReleaseSemaphore
GetProfileSectionA
CreateFileW
SetEndOfFile
SetFilePointer
ReadFile
UnlockFile
GetFileInformationByHandle
LockFile
FlushFileBuffers
GetLastError
VirtualFree
GlobalAlloc
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GlobalLock
GlobalSize
GlobalUnlock
GlobalFree
HeapCreate
GetModuleHandleA
GetSystemDirectoryW
GetWindowsDirectoryA
FreeLibrary
HeapDestroy

user32

ReleaseDC
GetDC
LoadBitmapW
LoadBitmapA
wsprintfW
SystemParametersInfoA
wsprintfA
GetSysColor
UnregisterClassA
DestroyWindow
GetSystemMetrics
DefWindowProcA
CreateWindowExA
RegisterWindowMessageA
RegisterClassA
DispatchMessageA
TranslateMessage
MsgWaitForMultipleObjects
PeekMessageA
GetClientRect
GetDesktopWindow
GetWindowRect
WindowFromDC
CreateIconIndirect
GetIconInfo
ClientToScreen
wvsprintfA
GetDCEx
GetWindowLongA
GetClassLongA

gdi32

GetNearestPaletteIndex
GetDIBColorTable
FillRgn
SetMiterLimit
CreateSolidBrush
StrokePath
GetGraphicsMode
SetPolyFillMode
FillPath
StrokeAndFillPath
GetWindowExtEx
ExtTextOutA
GetTextCharsetInfo
TranslateCharsetInfo
PolylineTo
Polyline
LineTo
GetCurrentPositionEx
ArcTo
SetArcDirection
SelectClipPath
GetPath
CloseFigure
AbortPath
FlattenPath
WidenPath
BeginPath
Ellipse
AngleArc
PolyBezierTo
PolyBezier
RoundRect
PolyDraw
Pie
Chord
Arc
EndPath
OffsetClipRgn
GetRgnBox
CombineRgn
SetPaletteEntries
ResizePalette
ExcludeClipRect
MoveToEx
PlayEnhMetaFile
GetWinMetaFileBits
PlgBlt
BitBlt
OffsetViewportOrgEx
StretchBlt
ScaleViewportExtEx
ScaleWindowExtEx
CombineTransform
SetMapperFlags
CreatePen
CreateDIBitmap
CreatePatternBrush
ExtSelectClipRgn
GetBkMode
GetTextAlign
ModifyWorldTransform
ExtCreateRegion
CreateCompatibleBitmap
GetNearestColor
SetStretchBltMode
StretchDIBits
SetTextAlign
SetTextJustification
PolyPolygon
PlayMetaFileRecord
ExtCreatePen
GetWorldTransform
GetROP2
SetROP2
Rectangle
Polygon
IntersectClipRect
SetBrushOrgEx
GetClipRgn
SelectClipRgn
GetBkColor
GetTextColor
CreatePenIndirect
GetObjectW
DPtoLP
CreateDIBPatternBrushPt
ExtTextOutW
SetBitmapBits
CreateEnhMetaFileW
GdiComment
GetMetaFileW
GetMetaFileA
SaveDC
SetWindowOrgEx
SetViewportOrgEx
SetGraphicsMode
SetWorldTransform
GetEnhMetaFileW
GetEnhMetaFileA
GetEnhMetaFileBits
CopyEnhMetaFileA
CopyMetaFileA
DeleteMetaFile
GetEnhMetaFileHeader
SetMetaFileBitsEx
SetEnhMetaFileBits
CreateEnhMetaFileA
SetMapMode
SetViewportExtEx
SetWindowExtEx
PlayMetaFile
CloseEnhMetaFile
DeleteEnhMetaFile
SetMetaRgn
GetMetaFileBitsEx
EnumMetaFile
EnumEnhMetaFile
PlayEnhMetaFileRecord
RestoreDC
GetStockObject
CreateBitmap
SetTextColor
SetBkColor
SetBkMode
SetDIBits
CreateBrushIndirect
CreatePalette
GetSystemPaletteEntries
GetSystemPaletteUse
GetDeviceCaps
ExtEscape
GetObjectType
GetPixel
SetDIBColorTable
DeleteObject
SelectPalette
GetTextFaceA
GetTextMetricsA
GetTextFaceW
GetTextMetricsW
EnumFontFamiliesExA
EnumFontFamiliesExW
SelectObject
CreateFontIndirectW
CreateFontIndirectA
GetRegionData
DeleteDC
CreateDCA
CreateICA
CreateRectRgn
GetRandomRgn
LPtoDP
PolyPolyline
GetViewportExtEx
GetWindowOrgEx
GetViewportOrgEx
GetMapMode
SetICMMode
Escape
GetDCOrgEx
GetObjectA
GetCurrentObject
GetDIBits
CreateCompatibleDC
CreateDIBSection
RealizePalette
GetPaletteEntries
GdiFlush
PatBlt

ole32

CoTaskMemAlloc
CoTaskMemFree
CreateStreamOnHGlobal

advapi32

RegSetValueExA
RegCloseKey
RegEnumValueW
RegQueryInfoKeyA
RegOpenKeyExA
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExA
RegEnumKeyExA
RegEnumKeyExW
RegCreateKeyExA
RegQueryValueExW
RegSetValueExW
RegEnumValueA
RegDeleteKeyW
RegDeleteKeyA
RegCreateKeyExW

Exports

Exports

GdipAddPathArc
GdipAddPathArcI
GdipAddPathBezier
GdipAddPathBezierI
GdipAddPathBeziers
GdipAddPathBeziersI
GdipAddPathClosedCurve
GdipAddPathClosedCurve2
GdipAddPathClosedCurve2I
GdipAddPathClosedCurveI
GdipAddPathCurve
GdipAddPathCurve2
GdipAddPathCurve2I
GdipAddPathCurve3
GdipAddPathCurve3I
GdipAddPathCurveI
GdipAddPathEllipse
GdipAddPathEllipseI
GdipAddPathLine
GdipAddPathLine2
GdipAddPathLine2I
GdipAddPathLineI
GdipAddPathPath
GdipAddPathPie
GdipAddPathPieI
GdipAddPathPolygon
GdipAddPathPolygonI
GdipAddPathRectangle
GdipAddPathRectangleI
GdipAddPathRectangles
GdipAddPathRectanglesI
GdipAddPathString
GdipAddPathStringI
GdipAlloc
GdipBeginContainer
GdipBeginContainer2
GdipBeginContainerI
GdipBitmapGetPixel
GdipBitmapLockBits
GdipBitmapSetPixel
GdipBitmapSetResolution
GdipBitmapUnlockBits
GdipClearPathMarkers
GdipCloneBitmapArea
GdipCloneBitmapAreaI
GdipCloneBrush
GdipCloneCustomLineCap
GdipCloneFont
GdipCloneFontFamily
GdipCloneImage
GdipCloneImageAttributes
GdipCloneMatrix
GdipClonePath
GdipClonePen
GdipCloneRegion
GdipCloneStringFormat
GdipClosePathFigure
GdipClosePathFigures
GdipCombineRegionPath
GdipCombineRegionRect
GdipCombineRegionRectI
GdipCombineRegionRegion
GdipComment
GdipCreateAdjustableArrowCap
GdipCreateBitmapFromDirectDrawSurface
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromGdiDib
GdipCreateBitmapFromGraphics
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromHICON
GdipCreateBitmapFromResource
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateCachedBitmap
GdipCreateCustomLineCap
GdipCreateFont
GdipCreateFontFamilyFromName
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipCreateFontFromLogfontW
GdipCreateFromHDC
GdipCreateFromHDC2
GdipCreateFromHWND
GdipCreateFromHWNDICM
GdipCreateHBITMAPFromBitmap
GdipCreateHICONFromBitmap
GdipCreateHalftonePalette
GdipCreateHatchBrush
GdipCreateImageAttributes
GdipCreateLineBrush
GdipCreateLineBrushFromRect
GdipCreateLineBrushFromRectI
GdipCreateLineBrushFromRectWithAngle
GdipCreateLineBrushFromRectWithAngleI
GdipCreateLineBrushI
GdipCreateMatrix
GdipCreateMatrix2
GdipCreateMatrix3
GdipCreateMatrix3I
GdipCreateMetafileFromEmf
GdipCreateMetafileFromFile
GdipCreateMetafileFromStream
GdipCreateMetafileFromWmf
GdipCreateMetafileFromWmfFile
GdipCreatePath
GdipCreatePath2
GdipCreatePath2I
GdipCreatePathGradient
GdipCreatePathGradientFromPath
GdipCreatePathGradientI
GdipCreatePathIter
GdipCreatePen1
GdipCreatePen2
GdipCreateRegion
GdipCreateRegionHrgn
GdipCreateRegionPath
GdipCreateRegionRect
GdipCreateRegionRectI
GdipCreateRegionRgnData
GdipCreateSolidFill
GdipCreateStreamOnFile
GdipCreateStringFormat
GdipCreateTexture
GdipCreateTexture2
GdipCreateTexture2I
GdipCreateTextureIA
GdipCreateTextureIAI
GdipDeleteBrush
GdipDeleteCachedBitmap
GdipDeleteCustomLineCap
GdipDeleteFont
GdipDeleteFontFamily
GdipDeleteGraphics
GdipDeleteMatrix
GdipDeletePath
GdipDeletePathIter
GdipDeletePen
GdipDeletePrivateFontCollection
GdipDeleteRegion
GdipDeleteStringFormat
GdipDisposeImage
GdipDisposeImageAttributes
GdipDrawArc
GdipDrawArcI
GdipDrawBezier
GdipDrawBezierI
GdipDrawBeziers
GdipDrawBeziersI
GdipDrawCachedBitmap
GdipDrawClosedCurve
GdipDrawClosedCurve2
GdipDrawClosedCurve2I
GdipDrawClosedCurveI
GdipDrawCurve
GdipDrawCurve2
GdipDrawCurve2I
GdipDrawCurve3
GdipDrawCurve3I
GdipDrawCurveI
GdipDrawDriverString
GdipDrawEllipse
GdipDrawEllipseI
GdipDrawImage
GdipDrawImageI
GdipDrawImagePointRect
GdipDrawImagePointRectI
GdipDrawImagePoints
GdipDrawImagePointsI
GdipDrawImagePointsRect
GdipDrawImagePointsRectI
GdipDrawImageRect
GdipDrawImageRectI
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipDrawLine
GdipDrawLineI
GdipDrawLines
GdipDrawLinesI
GdipDrawPath
GdipDrawPie
GdipDrawPieI
GdipDrawPolygon
GdipDrawPolygonI
GdipDrawRectangle
GdipDrawRectangleI
GdipDrawRectangles
GdipDrawRectanglesI
GdipDrawString
GdipEmfToWmfBits
GdipEndContainer
GdipEnumerateMetafileDestPoint
GdipEnumerateMetafileDestPointI
GdipEnumerateMetafileDestPoints
GdipEnumerateMetafileDestPointsI
GdipEnumerateMetafileDestRect
GdipEnumerateMetafileDestRectI
GdipEnumerateMetafileSrcRectDestPoint
GdipEnumerateMetafileSrcRectDestPointI
GdipEnumerateMetafileSrcRectDestPoints
GdipEnumerateMetafileSrcRectDestPointsI
GdipEnumerateMetafileSrcRectDestRect
GdipEnumerateMetafileSrcRectDestRectI
GdipFillClosedCurve
GdipFillClosedCurve2
GdipFillClosedCurve2I
GdipFillClosedCurveI
GdipFillEllipse
GdipFillEllipseI
GdipFillPath
GdipFillPie
GdipFillPieI
GdipFillPolygon
GdipFillPolygon2
GdipFillPolygon2I
GdipFillPolygonI
GdipFillRectangle
GdipFillRectangleI
GdipFillRectangles
GdipFillRectanglesI
GdipFillRegion
GdipFlattenPath
GdipFlush
GdipFree
GdipGetAdjustableArrowCapFillState
GdipGetAdjustableArrowCapHeight
GdipGetAdjustableArrowCapMiddleInset
GdipGetAdjustableArrowCapWidth
GdipGetAllPropertyItems
GdipGetBrushType
GdipGetCellAscent
GdipGetCellDescent
GdipGetClip
GdipGetClipBounds
GdipGetClipBoundsI
GdipGetCompositingMode
GdipGetCompositingQuality
GdipGetCustomLineCapBaseCap
GdipGetCustomLineCapBaseInset
GdipGetCustomLineCapStrokeCaps
GdipGetCustomLineCapStrokeJoin
GdipGetCustomLineCapType
GdipGetCustomLineCapWidthScale
GdipGetDC
GdipGetDpiX
GdipGetDpiY
GdipGetEmHeight
GdipGetEncoderParameterList
GdipGetEncoderParameterListSize
GdipGetFamily
GdipGetFamilyName
GdipGetFontCollectionFamilyCount
GdipGetFontCollectionFamilyList
GdipGetFontHeight
GdipGetFontHeightGivenDPI
GdipGetFontSize
GdipGetFontStyle
GdipGetFontUnit
GdipGetGenericFontFamilyMonospace
GdipGetGenericFontFamilySansSerif
GdipGetGenericFontFamilySerif
GdipGetHatchBackgroundColor
GdipGetHatchForegroundColor
GdipGetHatchStyle
GdipGetHemfFromMetafile
GdipGetImageAttributesAdjustedPalette
GdipGetImageBounds
GdipGetImageDecoders
GdipGetImageDecodersSize
GdipGetImageDimension
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipGetImageFlags
GdipGetImageGraphicsContext
GdipGetImageHeight
GdipGetImageHorizontalResolution
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageRawFormat
GdipGetImageThumbnail
GdipGetImageType
GdipGetImageVerticalResolution
GdipGetImageWidth
GdipGetInterpolationMode
GdipGetLineBlend
GdipGetLineBlendCount
GdipGetLineColors
GdipGetLineGammaCorrection
GdipGetLinePresetBlend
GdipGetLinePresetBlendCount
GdipGetLineRect
GdipGetLineRectI
GdipGetLineSpacing
GdipGetLineTransform
GdipGetLineWrapMode
GdipGetLogFontA
GdipGetLogFontW
GdipGetMatrixElements
GdipGetMetafileDownLevelRasterizationLimit
GdipGetMetafileHeaderFromEmf
GdipGetMetafileHeaderFromFile
GdipGetMetafileHeaderFromMetafile
GdipGetMetafileHeaderFromStream
GdipGetMetafileHeaderFromWmf
GdipGetNearestColor
GdipGetPageScale
GdipGetPageUnit
GdipGetPathData
GdipGetPathFillMode
GdipGetPathGradientBlend
GdipGetPathGradientBlendCount
GdipGetPathGradientCenterColor
GdipGetPathGradientCenterPoint
GdipGetPathGradientCenterPointI
GdipGetPathGradientFocusScales
GdipGetPathGradientGammaCorrection
GdipGetPathGradientPath
GdipGetPathGradientPointCount
GdipGetPathGradientPresetBlend
GdipGetPathGradientPresetBlendCount
GdipGetPathGradientRect
GdipGetPathGradientRectI
GdipGetPathGradientSurroundColorCount
GdipGetPathGradientSurroundColorsWithCount
GdipGetPathGradientTransform
GdipGetPathGradientWrapMode
GdipGetPathLastPoint
GdipGetPathPoints
GdipGetPathPointsI
GdipGetPathTypes
GdipGetPathWorldBounds
GdipGetPathWorldBoundsI
GdipGetPenBrushFill
GdipGetPenColor
GdipGetPenCompoundArray
GdipGetPenCompoundCount
GdipGetPenCustomEndCap
GdipGetPenCustomStartCap
GdipGetPenDashArray
GdipGetPenDashCap197819
GdipGetPenDashCount
GdipGetPenDashOffset
GdipGetPenDashStyle
GdipGetPenEndCap
GdipGetPenFillType
GdipGetPenLineJoin
GdipGetPenMiterLimit
GdipGetPenMode
GdipGetPenStartCap
GdipGetPenTransform
GdipGetPenUnit
GdipGetPenWidth
GdipGetPixelOffsetMode
GdipGetPointCount
GdipGetPropertyCount
GdipGetPropertyIdList
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipGetPropertySize
GdipGetRegionBounds
GdipGetRegionBoundsI
GdipGetRegionData
GdipGetRegionDataSize
GdipGetRegionHRgn
GdipGetRegionScans
GdipGetRegionScansCount
GdipGetRegionScansI
GdipGetRenderingOrigin
GdipGetSmoothingMode
GdipGetSolidFillColor
GdipGetStringFormatAlign
GdipGetStringFormatDigitSubstitution
GdipGetStringFormatFlags
GdipGetStringFormatHotkeyPrefix
GdipGetStringFormatLineAlign
GdipGetStringFormatMeasurableCharacterRangeCount
GdipGetStringFormatTabStopCount
GdipGetStringFormatTabStops
GdipGetStringFormatTrimming
GdipGetTextContrast
GdipGetTextRenderingHint
GdipGetTextureImage
GdipGetTextureTransform
GdipGetTextureWrapMode
GdipGetVisibleClipBounds
GdipGetVisibleClipBoundsI
GdipGetWorldTransform
GdipGraphicsClear
GdipImageForceValidation
GdipImageGetFrameCount
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageRotateFlip
GdipImageSelectActiveFrame
GdipInvertMatrix
GdipIsClipEmpty
GdipIsEmptyRegion
GdipIsEqualRegion
GdipIsInfiniteRegion
GdipIsMatrixEqual
GdipIsMatrixIdentity
GdipIsMatrixInvertible
GdipIsOutlineVisiblePathPoint
GdipIsOutlineVisiblePathPointI
GdipIsStyleAvailable
GdipIsVisibleClipEmpty
GdipIsVisiblePathPoint
GdipIsVisiblePathPointI
GdipIsVisiblePoint
GdipIsVisiblePointI
GdipIsVisibleRect
GdipIsVisibleRectI
GdipIsVisibleRegionPoint
GdipIsVisibleRegionPointI
GdipIsVisibleRegionRect
GdipIsVisibleRegionRectI
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipMeasureCharacterRanges
GdipMeasureDriverString
GdipMeasureString
GdipMultiplyLineTransform
GdipMultiplyMatrix
GdipMultiplyPathGradientTransform
GdipMultiplyPenTransform
GdipMultiplyTextureTransform
GdipMultiplyWorldTransform
GdipNewInstalledFontCollection
GdipNewPrivateFontCollection
GdipPathIterCopyData
GdipPathIterEnumerate
GdipPathIterGetCount
GdipPathIterGetSubpathCount
GdipPathIterHasCurve
GdipPathIterIsValid
GdipPathIterNextMarker
GdipPathIterNextMarkerPath
GdipPathIterNextPathType
GdipPathIterNextSubpath
GdipPathIterNextSubpathPath
GdipPathIterRewind
GdipPlayMetafileRecord
GdipPrivateAddFontFile
GdipPrivateAddMemoryFont
GdipRecordMetafile
GdipRecordMetafileFileName
GdipRecordMetafileFileNameI
GdipRecordMetafileI
GdipRecordMetafileStream
GdipRecordMetafileStreamI
GdipReleaseDC
GdipRemovePropertyItem
GdipResetClip
GdipResetImageAttributes
GdipResetLineTransform
GdipResetPageTransform
GdipResetPath
GdipResetPathGradientTransform
GdipResetPenTransform
GdipResetTextureTransform
GdipResetWorldTransform
GdipRestoreGraphics
GdipReversePath
GdipRotateLineTransform
GdipRotateMatrix
GdipRotatePathGradientTransform
GdipRotatePenTransform
GdipRotateTextureTransform
GdipRotateWorldTransform
GdipSaveAdd
GdipSaveAddImage
GdipSaveGraphics
GdipSaveImageToFile
GdipSaveImageToStream
GdipScaleLineTransform
GdipScaleMatrix
GdipScalePathGradientTransform
GdipScalePenTransform
GdipScaleTextureTransform
GdipScaleWorldTransform
GdipSetAdjustableArrowCapFillState
GdipSetAdjustableArrowCapHeight
GdipSetAdjustableArrowCapMiddleInset
GdipSetAdjustableArrowCapWidth
GdipSetClipGraphics
GdipSetClipHrgn
GdipSetClipPath
GdipSetClipRect
GdipSetClipRectI
GdipSetClipRegion
GdipSetCompositingMode
GdipSetCompositingQuality
GdipSetCustomLineCapBaseCap
GdipSetCustomLineCapBaseInset
GdipSetCustomLineCapStrokeCaps
GdipSetCustomLineCapStrokeJoin

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
gzip.exe
.exe windows:4 windows x86 arch:x86

2ab023877e2f63b8673e0d2e900163a0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeEnvironmentStringsA
GetLastError
SetConsoleCtrlHandler
ExitProcess
TerminateProcess
GetCurrentProcess
FindFirstFileA
FindNextFileA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
GetCPInfo
GetACP
GetOEMCP
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
WideCharToMultiByte
UnhandledExceptionFilter
WriteFile
GetStringTypeA
GetStringTypeW
MultiByteToWideChar
FlushFileBuffers
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
SetFilePointer
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
RtlUnwind
LCMapStringA
LCMapStringW
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetTimeZoneInformation
ReadFile
SetStdHandle
GetProcAddress
LoadLibraryA
CloseHandle
HeapReAlloc
GetFileInformationByHandle
PeekNamedPipe
DeleteFileA
CreateFileA
GetDriveTypeA
SetFileAttributesA
GetFileAttributesA
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetEndOfFile
GetFullPathNameA
GetCurrentDirectoryA
GetSystemTime
GetLocalTime

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 343KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
lcppn21.dll
.dll windows:4 windows x86 arch:x86

1a2db8cc5e216af641e25afb2aa3b1d0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

nnotes

ord2030
ord2154
ord2118
ord2018
ord2013
ord2008
ord2064
ord2141
ord2342
ord2010
ord2162
ord4601
ord4604
ord4610
ord2549
ord2548
ord2256
ord2020
ord2133
ord2878
ord2856
ord2910
ord4609
ord2711
ord2709
ord321
ord2094
ord232
ord3502
ord3506
ord3510
ord3509
ord3508
ord2019
ord2015
ord521
ord3520
ord2150
ord2638
ord2078
ord861
ord320
ord2183
ord2087
ord2102
ord2089
ord323
ord2140
ord2111
ord2475
ord324
ord357
ord2261
ord2260
ord2441
ord5818
ord628
ord5817
ord2262
ord2264
ord2259
ord969
ord449
ord230
ord223
ord308
ord231
ord210
ord450
ord237
ord229
ord167
ord448
ord224
ord165
ord311
ord904
ord903
ord4331
ord533
ord536
ord325
ord733
ord322
ord734
ord327
ord142
ord144
ord2780
ord851
ord896
ord853
ord858
ord850
ord852
ord857
ord849
ord2085
ord2303
ord2009
ord2006
ord1508
ord2073
ord5132
ord183
ord5131
ord2074
ord2147
ord2107
ord2029
ord2145
ord2343
ord2149
ord5130
ord2714
ord3625
ord1560
ord3626
ord3629
ord3603
ord3636
ord3632
ord416
ord358
ord375
ord376
ord546
ord545
ord23
ord38
ord37
ord35
ord33
ord34
ord36
ord24
ord21
ord32
ord39
ord40
ord549
ord532
ord534
ord535
ord539
ord540
ord541
ord542
ord524
ord529
ord528
ord531
ord530
ord2370
ord2112
ord2398
ord2304
ord2116
ord2110
ord2113
ord3092
ord3093
ord3090
ord206
ord205
ord2266
ord3089
ord2265
ord2403
ord2039
ord2055
ord2626
ord3088
ord3031
ord2656
ord1559
ord1568
ord2130
ord940
ord708
ord2024
ord2331
ord1562
ord15
ord12
ord16
ord2558
ord4104
ord401
ord245
ord13
ord17
ord2098
ord4606
ord4607
ord4605
ord4612
ord2802
ord2801
ord2849
ord3525
ord2848
ord2806
ord2032
ord2049
ord2034
ord2051
ord2177
ord2050
ord408
ord2178
ord2179
ord2048
ord2033
ord2124
ord2182
ord4319
ord4315
ord4317
ord4320
ord4326
ord4316
ord4321
ord4314
ord4318
ord2086
ord4484
ord4485
ord4482
ord3604
ord2011
ord4486
ord4487
ord2088
ord4483
ord4480
ord4481
ord2239
ord2026
ord2121
ord451
ord438
ord382
ord2137
ord877
ord381
ord880
ord876
ord879
ord387
ord388
ord386
ord629
ord385
ord2198
ord435
ord441
ord525
ord222
ord2040
ord2045
ord2043
ord2412
ord2429
ord143
ord2413
ord2047
ord2046
ord140
ord2194
ord2027
ord2062
ord707
ord391
ord439
ord2095
ord2100
ord939
ord938
ord2005
ord2195
ord2001
ord2847
ord182
ord2109
ord2072
ord2164

ole32

StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoFileTimeNow

kernel32

CompareStringA
SetEndOfFile
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
CreateFileA
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadReadPtr
InterlockedIncrement
InterlockedDecrement
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
ReadFile
SetFilePointer
CloseHandle
IsBadWritePtr
VirtualAlloc
SetUnhandledExceptionFilter
GetModuleHandleA
GetProcAddress
WriteFile
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
SetLastError
GetCurrentThreadId
DeleteFileA
GetLastError
HeapAlloc
HeapReAlloc
GetLocalTime
GetSystemTime
GetTimeZoneInformation
GetCurrentProcess
TerminateProcess
ExitProcess
RaiseException
RtlUnwind
GetVersion
GetCommandLineA
TlsFree
TlsAlloc
TlsSetValue
TlsGetValue
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SystemTimeToFileTime
LocalFileTimeToFileTime
CompareStringW
SetEnvironmentVariableA

Exports

Exports

??0LNACL@@AAE@ABV0@@Z
??0LNACL@@QAE@XZ
??0LNACLEntry@@QAE@ABV0@@Z
??0LNACLEntry@@QAE@XZ
??0LNACLEntryArray@@AAE@ABV0@@Z
??0LNACLEntryArray@@AAE@PAXPAKW4LNACLLEVEL@@@Z
??0LNACLEntryArray@@QAE@XZ
??0LNACLRoleArray@@AAE@ABV0@@Z
??0LNACLRoleArray@@AAE@PAXPAK@Z
??0LNACLRoleArray@@AAE@PAXPAUACL_PRIVILEGES@@PAK@Z
??0LNACLRoleArray@@QAE@XZ
??0LNAction@@IAE@PAVLNActionBody@@@Z
??0LNAction@@QAE@ABV0@@Z
??0LNAction@@QAE@ABVLNString@@ABVLNFormula@@@Z
??0LNAction@@QAE@ABVLNString@@ABVLNJavaScript@@@Z
??0LNAction@@QAE@ABVLNString@@ABVLNLotusScript@@@Z
??0LNAction@@QAE@ABVLNString@@ABVLNSimpleAction@@@Z
??0LNAction@@QAE@ABVLNString@@ABVLNSimpleActions@@@Z
??0LNAction@@QAE@XZ
??0LNActionHotspot@@IAE@ABVLNFormula@@@Z
??0LNActionHotspot@@IAE@ABVLNLotusScript@@@Z
??0LNActionHotspot@@IAE@ABVLNSimpleAction@@@Z
??0LNActionHotspot@@IAE@ABVLNSimpleActions@@@Z
??0LNActionHotspot@@QAE@ABV0@@Z
??0LNActionHotspot@@QAE@ABVLNFormula@@ABVLNGraphic@@@Z
??0LNActionHotspot@@QAE@ABVLNFormula@@ABVLNString@@@Z
??0LNActionHotspot@@QAE@ABVLNLotusScript@@ABVLNGraphic@@@Z
??0LNActionHotspot@@QAE@ABVLNLotusScript@@ABVLNString@@@Z
??0LNActionHotspot@@QAE@ABVLNRTObject@@@Z
??0LNActionHotspot@@QAE@ABVLNSimpleAction@@ABVLNGraphic@@@Z
??0LNActionHotspot@@QAE@ABVLNSimpleAction@@ABVLNString@@@Z
??0LNActionHotspot@@QAE@ABVLNSimpleActions@@ABVLNGraphic@@@Z
??0LNActionHotspot@@QAE@ABVLNSimpleActions@@ABVLNString@@@Z
??0LNActionHotspot@@QAE@XZ
??0LNActions@@AAE@PAVLNNoteBody@@PAVLNActionsBody@@@Z
??0LNActions@@QAE@ABV0@@Z
??0LNActions@@QAE@ABVLNItem@@@Z
??0LNActions@@QAE@ABVLNNote@@@Z
??0LNActions@@QAE@XZ
??0LNActiveObject@@IAE@PAVLNActiveObjectBody@@@Z
??0LNActiveObject@@QAE@ABV0@@Z
??0LNActiveObject@@QAE@ABVLNRTObject@@@Z
??0LNActiveObject@@QAE@XZ
??0LNActiveObjectParameter@@IAE@PAVLNActiveObjectParameterBody@@@Z
??0LNActiveObjectParameter@@QAE@ABV0@@Z
??0LNActiveObjectParameter@@QAE@ABVLNString@@@Z
??0LNActiveObjectParameter@@QAE@XZ
??0LNActiveObjectParameters@@IAE@PAVLNActiveObjectParametersBody@@@Z
??0LNActiveObjectParameters@@QAE@ABV0@@Z
??0LNActiveObjectParameters@@QAE@XZ
??0LNAddinStatusLine@@AAE@ABV0@@Z
??0LNAddinStatusLine@@AAE@ABVLNString@@0@Z
??0LNAddinStatusLine@@AAE@PAX@Z
??0LNAdministrationProcess@@QAE@ABV0@@Z
??0LNAdministrationProcess@@QAE@XZ
??0LNAgent@@AAE@PAVLNDatabaseBody@@K@Z
??0LNAgent@@QAE@ABV0@@Z
??0LNAgent@@QAE@ABVLNNote@@@Z
??0LNAgent@@QAE@XZ
??0LNAgentArray@@QAE@ABV0@@Z
??0LNAgentArray@@QAE@XZ
??0LNAgentJava@@AAE@ABVLNString@@00PAVLNNoteBody@@PBV1@2PBVLNText@@@Z
??0LNAgentJava@@AAE@ABVLNString@@0ABVLNText@@PAVLNNoteBody@@PBV2@@Z
??0LNAgentJava@@AAE@PAVLNNoteBody@@@Z
??0LNAgentJava@@QAE@ABV0@@Z
??0LNAgentJava@@QAE@XZ
??0LNAgentRunData@@AAE@ABUODS_ASSISTRUNINFO@@PBD@Z
??0LNAgentRunData@@QAE@ABV0@@Z
??0LNAgentRunData@@QAE@XZ
??0LNAnchorLink@@QAE@ABV0@@Z
??0LNAnchorLink@@QAE@ABVLNRTObject@@@Z
??0LNAnchorLink@@QAE@ABVLNViewFolder@@ABVLNAnchorLocation@@@Z
??0LNAnchorLink@@QAE@ABVLNViewFolder@@ABVLNDocument@@ABVLNString@@@Z
??0LNAnchorLink@@QAE@UtagTIMEDATE@@PBUUNIVERSALNOTEID_tag@@1ABVLNString@@2PBVLNNotesSession@@@Z
??0LNAnchorLink@@QAE@XZ
??0LNAnchorLocation@@QAE@ABV0@@Z
??0LNAnchorLocation@@QAE@ABVLNRTObject@@@Z
??0LNAnchorLocation@@QAE@ABVLNString@@@Z
??0LNAnchorLocation@@QAE@XZ
??0LNAppletResource@@AAE@PAVLNDatabaseBody@@K@Z
??0LNAppletResource@@QAE@ABV0@@Z
??0LNAppletResource@@QAE@ABVLNNote@@@Z
??0LNAppletResource@@QAE@XZ
??0LNAppletResourceArray@@QAE@ABV0@@Z
??0LNAppletResourceArray@@QAE@XZ
??0LNAttachment@@QAE@ABV0@@Z
??0LNAttachment@@QAE@ABVLNItem@@@Z
??0LNAttachment@@QAE@XZ
??0LNAttachmentArray@@QAE@ABV0@@Z
??0LNAttachmentArray@@QAE@XZ
??0LNBitmap@@QAE@ABV0@@Z
??0LNBitmap@@QAE@ABVLNRTObject@@@Z
??0LNBitmap@@QAE@XZ
??0LNBitmapColorTable@@QAE@ABV0@@Z
??0LNBitmapColorTable@@QAE@ABVLNRTObject@@@Z
??0LNBitmapColorTable@@QAE@XZ
??0LNBitmapPatternTable@@QAE@ABV0@@Z
??0LNBitmapPatternTable@@QAE@ABVLNRTObject@@@Z
??0LNBitmapPatternTable@@QAE@XZ
??0LNBitmapSegment@@QAE@ABV0@@Z
??0LNBitmapSegment@@QAE@ABVLNRTObject@@@Z
??0LNBitmapSegment@@QAE@XZ
??0LNBitmapTransparencyTable@@QAE@ABV0@@Z
??0LNBitmapTransparencyTable@@QAE@ABVLNRTObject@@@Z
??0LNBitmapTransparencyTable@@QAE@XZ
??0LNButton@@QAE@ABV0@@Z
??0LNButton@@QAE@ABVLNRTObject@@@Z
??0LNButton@@QAE@ABVLNString@@ABVLNFormula@@@Z
??0LNButton@@QAE@ABVLNString@@ABVLNLotusScript@@@Z
??0LNButton@@QAE@ABVLNString@@ABVLNSimpleAction@@@Z
??0LNButton@@QAE@ABVLNString@@ABVLNSimpleActions@@@Z
??0LNButton@@QAE@XZ
??0LNCGMMetafile@@QAE@ABV0@@Z
??0LNCGMMetafile@@QAE@ABVLNRTObject@@@Z
??0LNCGMMetafile@@QAE@XZ
??0LNCalendar@@QAE@ABV0@@Z
??0LNCalendar@@QAE@XZ
??0LNCalendarEntry@@AAE@PAVLNDatabaseBody@@K@Z
??0LNCalendarEntry@@QAE@ABV0@@Z
??0LNCalendarEntry@@QAE@ABVLNDocument@@@Z
??0LNCalendarEntry@@QAE@XZ
??0LNCalendarEntryArray@@AAE@ABVLNDatabase@@@Z
??0LNCalendarEntryArray@@QAE@ABV0@@Z
??0LNCalendarEntryArray@@QAE@XZ
??0LNCalendarProfileDocument@@QAE@ABV0@@Z
??0LNCalendarProfileDocument@@QAE@XZ
??0LNCertifier@@QAE@XZ
??0LNChar@@QAE@ABV0@@Z
??0LNChar@@QAE@D@Z
??0LNChar@@QAE@PAVLNStringBody@@K@Z
??0LNColor@@QAE@ABUCOLOR_VALUE@@@Z
??0LNColor@@QAE@ABV0@@Z
??0LNColor@@QAE@G@Z
??0LNColor@@QAE@KKK@Z
??0LNCompositeContainer@@IAE@PAVLNRTContainerBody@@@Z
??0LNCompositeContainer@@QAE@ABV0@@Z
??0LNCompositeContainer@@QAE@ABVLNRTObject@@@Z
??0LNCompositeContainer@@QAE@XZ
??0LNCompositeData@@QAE@ABV0@@Z
??0LNCompositeData@@QAE@ABVLNRTObject@@@Z
??0LNCompositeData@@QAE@XZ
??0LNCompositeDataArray@@QAE@ABV0@@Z
??0LNCompositeDataArray@@QAE@ABVLNRTContainer@@@Z
??0LNCompositeDataArray@@QAE@XZ
??0LNCreateDatabaseOptions@@QAE@ABV0@@Z
??0LNCreateDatabaseOptions@@QAE@XZ
??0LNDatabase@@QAE@ABV0@@Z
??0LNDatabase@@QAE@XZ
??0LNDatabaseArray@@QAE@ABV0@@Z
??0LNDatabaseArray@@QAE@XZ
??0LNDatabaseLink@@QAE@ABV0@@Z
??0LNDatabaseLink@@QAE@ABVLNDatabase@@@Z
??0LNDatabaseLink@@QAE@ABVLNRTObject@@@Z
??0LNDatabaseLink@@QAE@UtagTIMEDATE@@ABVLNString@@PBVLNNotesSession@@@Z
??0LNDatabaseLink@@QAE@XZ
??0LNDatetime@@QAE@ABUtagTIMEDATE@@@Z
??0LNDatetime@@QAE@ABV0@@Z
??0LNDatetime@@QAE@ABVLNString@@PAK@Z
??0LNDatetime@@QAE@W4LNDATETIMESPECIAL@@@Z
??0LNDatetime@@QAE@XZ
??0LNDatetimeFormat@@QAE@ABUTFMT@@@Z
??0LNDatetimeFormat@@QAE@ABV0@@Z
??0LNDatetimeFormat@@QAE@XZ
??0LNDatetimeRange@@QAE@ABUTIMEDATE_PAIR@@@Z
??0LNDatetimeRange@@QAE@ABUtagTIMEDATE@@@Z
??0LNDatetimeRange@@QAE@ABV0@@Z
??0LNDatetimeRange@@QAE@ABVLNDatetime@@@Z
??0LNDatetimeRange@@QAE@ABVLNDatetimesElement@@@Z
??0LNDatetimeRange@@QAE@XZ
??0LNDatetimes@@QAE@ABV0@@Z
??0LNDatetimes@@QAE@ABVLNItem@@@Z
??0LNDatetimes@@QAE@XZ
??0LNDatetimesElement@@AAE@PAVLNDatetimesBody@@K@Z
??0LNDatetimesElement@@QAE@ABV0@@Z
??0LNDocument@@IAE@PAVLNDatabaseBody@@KK@Z
??0LNDocument@@QAE@ABV0@@Z
??0LNDocument@@QAE@ABVLNNote@@K@Z
??0LNDocument@@QAE@XZ
??0LNDocumentArray@@QAE@ABV0@@Z
??0LNDocumentArray@@QAE@XZ
??0LNDocumentLink@@QAE@ABV0@@Z
??0LNDocumentLink@@QAE@ABVLNRTObject@@@Z
??0LNDocumentLink@@QAE@ABVLNViewFolder@@ABVLNDocument@@@Z
??0LNDocumentLink@@QAE@UtagTIMEDATE@@PBUUNIVERSALNOTEID_tag@@1ABVLNString@@PBVLNNotesSession@@@Z
??0LNDocumentLink@@QAE@XZ
??0LNFTIndexStatistics@@QAE@ABV0@@Z
??0LNFTIndexStatistics@@QAE@XZ
??0LNFTSearchOptions@@QAE@ABV0@@Z
??0LNFTSearchOptions@@QAE@XZ
??0LNFontStyle@@IAE@KPAVLNNoteBody@@@Z
??0LNFontStyle@@IAE@PAVLNFontStyleBody@@@Z
??0LNFontStyle@@QAE@ABV0@@Z
??0LNFontStyle@@QAE@EEABVLNString@@HH@Z
??0LNFontStyle@@QAE@KPBVLNFontTable@@@Z
??0LNFontStyle@@QAE@XZ
??0LNFontTable@@IAE@PAVLNFontTableBody@@@Z
??0LNFontTable@@QAE@ABV0@@Z
??0LNFontTable@@QAE@ABVLNItem@@@Z
??0LNFontTable@@QAE@XZ
??0LNForm@@AAE@PAVLNDatabaseBody@@K@Z
??0LNForm@@QAE@ABV0@@Z
??0LNForm@@QAE@ABVLNNote@@@Z
??0LNForm@@QAE@XZ
??0LNFormArray@@QAE@ABV0@@Z
??0LNFormArray@@QAE@XZ
??0LNFormField@@AAE@PAVLNFormFieldBody@@@Z
??0LNFormField@@QAE@ABV0@@Z
??0LNFormField@@QAE@ABVLNRTObject@@@Z
??0LNFormField@@QAE@ABVLNString@@W4LNRTTYPE@@@Z
??0LNFormField@@QAE@XZ
??0LNFormFieldArray@@QAE@ABV0@@Z
??0LNFormFieldArray@@QAE@XZ
??0LNFormula@@QAE@ABV0@@Z
??0LNFormula@@QAE@ABVLNString@@@Z
??0LNFormula@@QAE@PBD@Z
??0LNFormula@@QAE@PBDKH@Z
??0LNFormula@@QAE@XZ
??0LNFormulaPopup@@IAE@ABVLNFormula@@@Z
??0LNFormulaPopup@@IAE@PAVLNFormulaPopupBody@@@Z
??0LNFormulaPopup@@QAE@ABV0@@Z
??0LNFormulaPopup@@QAE@ABVLNFormula@@ABVLNGraphic@@@Z
??0LNFormulaPopup@@QAE@ABVLNFormula@@ABVLNString@@@Z
??0LNFormulaPopup@@QAE@ABVLNRTObject@@@Z
??0LNFormulaPopup@@QAE@XZ
??0LNFrame@@AAE@PAVLNFrameBody@@@Z
??0LNFrame@@QAE@ABV0@@Z
??0LNFrame@@QAE@XZ
??0LNFrameSplitOptions@@QAE@ABV0@@Z
??0LNFrameSplitOptions@@QAE@XZ
??0LNFrameset@@AAE@PAVLNDatabaseBody@@K@Z
??0LNFrameset@@QAE@ABV0@@Z
??0LNFrameset@@QAE@ABVLNNote@@@Z
??0LNFrameset@@QAE@XZ
??0LNFramesetArray@@QAE@ABV0@@Z
??0LNFramesetArray@@QAE@XZ
??0LNGraphic@@IAE@PAVLNGraphicBody@@@Z
??0LNGraphic@@QAE@ABV0@@Z
??0LNGraphic@@QAE@ABVLNFormula@@@Z
??0LNGraphic@@QAE@ABVLNRTObject@@@Z
??0LNGraphic@@QAE@XZ
??0LNHTMLTags@@QAE@ABV0@@Z
??0LNHTMLTags@@QAE@XZ
??0LNHotspot@@IAE@PAVLNHotspotBody@@@Z
??0LNHotspot@@QAE@ABV0@@Z
??0LNHotspot@@QAE@ABVLNRTObject@@@Z
??0LNHotspot@@QAE@XZ
??0LNIDFile@@AAE@PBVLNNotesSession@@ABVLNString@@@Z
??0LNIDFile@@QAE@ABV0@@Z
??0LNIDFile@@QAE@XZ
??0LNImageResource@@AAE@PAVLNDatabaseBody@@K@Z
??0LNImageResource@@QAE@ABV0@@Z
??0LNImageResource@@QAE@ABVLNNote@@@Z
??0LNImageResource@@QAE@XZ
??0LNImageResourceArray@@QAE@ABV0@@Z
??0LNImageResourceArray@@QAE@XZ
??0LNInternational@@AAE@PBVLNNotesSession@@PAUINTLFORMAT@@@Z
??0LNInternational@@QAE@ABV0@@Z
??0LNInternational@@QAE@XZ
??0LNItem@@IAE@PAVLNNoteBody@@PAVLNItemBody@@@Z
??0LNItem@@QAE@ABV0@@Z
??0LNItem@@QAE@XZ
??0LNItemArray@@QAE@ABV0@@Z
??0LNItemArray@@QAE@XZ
??0LNJavaScript@@QAE@ABV0@@Z
??0LNJavaScript@@QAE@XZ
??0LNKeywordsField@@IAE@PAVLNFormFieldBody@@@Z
??0LNKeywordsField@@QAE@ABV0@@Z
??0LNKeywordsField@@QAE@ABVLNRTObject@@@Z
??0LNKeywordsField@@QAE@ABVLNString@@@Z
??0LNKeywordsField@@QAE@XZ
??0LNLinkHotspot@@IAE@ABVLNDatabaseLink@@@Z
??0LNLinkHotspot@@IAE@PAVLNResourceLinkBody@@@Z
??0LNLinkHotspot@@QAE@ABV0@@Z
??0LNLinkHotspot@@QAE@ABVLNDatabaseLink@@ABVLNGraphic@@@Z
??0LNLinkHotspot@@QAE@ABVLNDatabaseLink@@ABVLNString@@@Z
??0LNLinkHotspot@@QAE@ABVLNRTObject@@@Z
??0LNLinkHotspot@@QAE@XZ
??0LNLinks@@IAE@PAVLNItemBody@@@Z
??0LNLinks@@QAE@ABV0@@Z
??0LNLinks@@QAE@ABVLNItem@@@Z
??0LNLinks@@QAE@XZ
??0LNLogEntry@@AAE@ABV0@@Z
??0LNLogEntry@@QAE@XZ
??0LNLotusScript@@IAE@PAVLNLotusScriptBody@@@Z
??0LNLotusScript@@QAE@ABV0@@Z
??0LNLotusScript@@QAE@ABVLNString@@@Z
??0LNLotusScript@@QAE@ABVLNString@@PADK@Z
??0LNLotusScript@@QAE@PADK0K@Z
??0LNLotusScript@@QAE@PADK@Z
??0LNLotusScript@@QAE@XZ
??0LNMacMetafile@@QAE@ABV0@@Z
??0LNMacMetafile@@QAE@ABVLNRTObject@@@Z
??0LNMacMetafile@@QAE@XZ
??0LNMacMetafileSegment@@QAE@ABV0@@Z
??0LNMacMetafileSegment@@QAE@ABVLNRTObject@@@Z
??0LNMacMetafileSegment@@QAE@XZ
??0LNMailMessage@@QAE@ABV0@@Z
??0LNMailMessage@@QAE@ABVLNDocument@@@Z
??0LNMailMessage@@QAE@XZ
??0LNMessageQueue@@AAE@ABV0@@Z
??0LNMessageQueue@@QAE@XZ
??0LNMetafile@@QAE@ABV0@@Z
??0LNMetafile@@QAE@ABVLNRTObject@@@Z
??0LNMetafile@@QAE@XZ
??0LNNamedStyle@@IAE@PAVLNNamedStyleBody@@@Z
??0LNNamedStyle@@QAE@ABV0@@Z
??0LNNamedStyle@@QAE@ABVLNParagraphStyle@@@Z
??0LNNamedStyle@@QAE@ABVLNString@@@Z
??0LNNamedStyle@@QAE@ABVLNString@@ABVLNParagraphStyle@@@Z
??0LNNamedStyle@@QAE@ABVLNString@@ABVLNParagraphStyle@@ABVLNFontStyle@@@Z
??0LNNamedStyle@@QAE@XZ
??0LNNamesField@@IAE@PAVLNFormFieldBody@@@Z
??0LNNamesField@@QAE@ABV0@@Z
??0LNNamesField@@QAE@ABVLNRTObject@@@Z
??0LNNamesField@@QAE@ABVLNString@@W4LNRTTYPE@@@Z
??0LNNamesField@@QAE@XZ
??0LNNavigator@@AAE@PAVLNDatabaseBody@@K@Z
??0LNNavigator@@QAE@ABV0@@Z
??0LNNavigator@@QAE@ABVLNNote@@@Z
??0LNNavigator@@QAE@XZ
??0LNNavigatorArray@@QAE@ABV0@@Z
??0LNNavigatorArray@@QAE@XZ
??0LNNote@@IAE@PAVLNDatabaseBody@@K@Z
??0LNNote@@QAE@ABV0@@Z
??0LNNote@@QAE@XZ
??0LNNoteArray@@QAE@ABV0@@Z
??0LNNoteArray@@QAE@ABVLNDatabase@@@Z
??0LNNoteArray@@QAE@ABVLNVFNavigator@@@Z
??0LNNoteArray@@QAE@ABVLNViewFolder@@@Z
??0LNNoteArray@@QAE@XZ
??0LNNotesClass@@IAE@ABV0@@Z
??0LNNotesClass@@IAE@PBVLNNotesSession@@@Z
??0LNNotesClass@@IAE@XZ
??0LNNotesSession@@QAE@XZ
??0LNNumber@@QAE@ABN@Z
??0LNNumber@@QAE@ABV0@@Z
??0LNNumber@@QAE@ABVLNString@@PAK@Z
??0LNNumber@@QAE@XZ
??0LNNumberFormat@@QAE@ABUNFMT@@@Z
??0LNNumberFormat@@QAE@ABV0@@Z
??0LNNumberFormat@@QAE@XZ
??0LNNumbers@@QAE@ABV0@@Z
??0LNNumbers@@QAE@ABVLNItem@@@Z
??0LNNumbers@@QAE@XZ
??0LNNumbersElement@@AAE@PAVLNNumbersBody@@K@Z
??0LNNumbersElement@@QAE@ABV0@@Z
??0LNOLEObject@@QAE@ABV0@@Z
??0LNOLEObject@@QAE@ABVLNItem@@@Z
??0LNOLEObject@@QAE@XZ
??0LNOLEObjectArray@@QAE@ABV0@@Z
??0LNOLEObjectArray@@QAE@XZ
??0LNObjectList@@QAE@XZ
??0LNOutline@@AAE@PAVLNDatabaseBody@@K@Z
??0LNOutline@@QAE@ABV0@@Z
??0LNOutline@@QAE@ABVLNNote@@@Z
??0LNOutline@@QAE@XZ
??0LNOutlineArray@@QAE@ABV0@@Z
??0LNOutlineArray@@QAE@XZ
??0LNPMMetafile@@QAE@ABV0@@Z
??0LNPMMetafile@@QAE@ABVLNRTObject@@@Z
??0LNPMMetafile@@QAE@XZ
??0LNPMMetafileSegment@@QAE@ABV0@@Z
??0LNPMMetafileSegment@@QAE@ABVLNRTObject@@@Z
??0LNPMMetafileSegment@@QAE@XZ
??0LNPage@@AAE@PAVLNDatabaseBody@@K@Z
??0LNPage@@QAE@ABV0@@Z
??0LNPage@@QAE@ABVLNNote@@@Z
??0LNPage@@QAE@XZ
??0LNPageArray@@QAE@ABV0@@Z
??0LNPageArray@@QAE@XZ
??0LNParagraphStyle@@IAE@PAVLNParagraphStyleBody@@@Z
??0LNParagraphStyle@@QAE@ABUCDPABDEFINITION@@ABVLNFormula@@W4LNUNITS@@@Z
??0LNParagraphStyle@@QAE@ABUCDPABDEFINITION@@W4LNUNITS@@@Z
??0LNParagraphStyle@@QAE@ABV0@@Z
??0LNParagraphStyle@@QAE@XZ
??0LNProfileDocument@@QAE@ABV0@@Z
??0LNProfileDocument@@QAE@XZ
??0LNProfileDocumentArray@@QAE@ABV0@@Z
??0LNProfileDocumentArray@@QAE@XZ
??0LNRTAttachment@@IAE@ABVLNAttachment@@@Z
??0LNRTAttachment@@IAE@ABVLNString@@0@Z
??0LNRTAttachment@@QAE@ABV0@@Z
??0LNRTAttachment@@QAE@ABVLNRTObject@@@Z
??0LNRTAttachment@@QAE@XZ
??0LNRTComputedSubform@@IAE@PAVLNRTSubformBody@@@Z
??0LNRTComputedSubform@@QAE@ABV0@@Z
??0LNRTComputedSubform@@QAE@ABVLNFormula@@@Z
??0LNRTComputedSubform@@QAE@ABVLNRTObject@@@Z
??0LNRTComputedSubform@@QAE@XZ
??0LNRTContainer@@IAE@PAVLNRTContainerBody@@@Z
??0LNRTContainer@@QAE@ABV0@@Z
??0LNRTContainer@@QAE@ABVLNRTObject@@@Z
??0LNRTContainer@@QAE@XZ
??0LNRTCursor@@IAE@ABVLNRTElement@@H@Z
??0LNRTCursor@@IAE@PAVLNStylizedTextBody@@KH@Z
??0LNRTCursor@@QAE@ABV0@@Z
??0LNRTCursor@@QAE@XZ
??0LNRTElement@@IAE@PAVLNRTElementBody@@@Z
??0LNRTElement@@QAE@ABV0@@Z
??0LNRTElement@@QAE@ABVLNRTObject@@@Z
??0LNRTElement@@QAE@XZ
??0LNRTEmbeddedObject@@IAE@ABV0@@Z
??0LNRTEmbeddedObject@@IAE@ABVLNRTObject@@@Z
??0LNRTEmbeddedObject@@IAE@XZ
??0LNRTJavaApplet@@IAE@PAVLNRTJavaAppletBody@@@Z
??0LNRTJavaApplet@@QAE@ABV0@@Z
??0LNRTJavaApplet@@QAE@ABVLNRTObject@@@Z
??0LNRTJavaApplet@@QAE@XZ
??0LNRTOLEObject@@IAE@ABVLNNote@@W4LNOLECLIPBOARDFORMAT@@ABVLNString@@PAV3@@Z
??0LNRTOLEObject@@IAE@PAVLNRTOLEObjectBody@@@Z
??0LNRTOLEObject@@QAE@ABV0@@Z
??0LNRTOLEObject@@QAE@ABVLNRTObject@@@Z
??0LNRTOLEObject@@QAE@XZ
??0LNRTObject@@IAE@PAVLNRTObjectBody@@@Z
??0LNRTObject@@IAE@PAVLNStylizedTextBody@@K@Z
??0LNRTObject@@QAE@ABV0@@Z
??0LNRTObject@@QAE@XZ
??0LNRTSubform@@AAE@ABVLNSubform@@@Z
??0LNRTSubform@@AAE@PAVLNRTSubformBody@@@Z
??0LNRTSubform@@QAE@ABV0@@Z
??0LNRTSubform@@QAE@ABVLNRTObject@@@Z
??0LNRTSubform@@QAE@XZ
??0LNRegistrationOptions@@QAE@ABV0@@Z
??0LNRegistrationOptions@@QAE@XZ
??0LNReplicationFileStatistics@@AAE@PAUREPLFILESTATS@@@Z
??0LNReplicationFileStatistics@@QAE@ABV0@@Z
??0LNReplicationFileStatistics@@QAE@XZ
??0LNReplicationOptions@@QAE@ABV0@@Z
??0LNReplicationOptions@@QAE@XZ
??0LNReplicationStatistics@@AAE@PAUREPLSERVSTATS@@@Z
??0LNReplicationStatistics@@QAE@ABV0@@Z
??0LNReplicationStatistics@@QAE@XZ
??0LNRichText@@IAE@PAVLNRichTextBody@@@Z
??0LNRichText@@QAE@ABV0@@Z
??0LNRichText@@QAE@ABVLNItem@@@Z
??0LNRichText@@QAE@ABVLNString@@@Z
??0LNRichText@@QAE@XZ
??0LNScriptLibrary@@AAE@PAVLNDatabaseBody@@K@Z
??0LNScriptLibrary@@QAE@ABV0@@Z
??0LNScriptLibrary@@QAE@ABVLNNote@@@Z
??0LNScriptLibrary@@QAE@XZ
??0LNScriptLibraryArray@@QAE@ABV0@@Z
??0LNScriptLibraryArray@@QAE@XZ
??0LNSearch@@IAE@PAVLNSearchBody@@@Z
??0LNSearch@@IAE@W4LNSEARCHTYPE@@@Z
??0LNSearch@@QAE@ABV0@@Z
??0LNSearch@@QAE@XZ
??0LNSearchByAuthor@@QAE@ABV0@@Z
??0LNSearchByAuthor@@QAE@ABVLNSearch@@@Z
??0LNSearchByAuthor@@QAE@ABVLNText@@H@Z
??0LNSearchByAuthor@@QAE@XZ
??0LNSearchByDate@@QAE@ABV0@@Z
??0LNSearchByDate@@QAE@ABVLNSearch@@@Z
??0LNSearchByDate@@QAE@HW4LNSEARCHDATECOND@@ABVLNDatetime@@1K@Z
??0LNSearchByDate@@QAE@XZ
??0LNSearchByDateInField@@QAE@ABV0@@Z
??0LNSearchByDateInField@@QAE@ABVLNSearch@@@Z
??0LNSearchByDateInField@@QAE@ABVLNString@@W4LNSEARCHDATECOND@@ABVLNDatetime@@2@Z
??0LNSearchByDateInField@@QAE@XZ
??0LNSearchByFieldsInForm@@QAE@ABV0@@Z
??0LNSearchByFieldsInForm@@QAE@ABVLNSearch@@@Z
??0LNSearchByFieldsInForm@@QAE@ABVLNString@@ABVLNText@@1@Z
??0LNSearchByFieldsInForm@@QAE@XZ
??0LNSearchByFormUsed@@QAE@ABV0@@Z
??0LNSearchByFormUsed@@QAE@ABVLNSearch@@@Z
??0LNSearchByFormUsed@@QAE@ABVLNText@@@Z
??0LNSearchByFormUsed@@QAE@XZ
??0LNSearchByNumberInField@@QAE@ABV0@@Z
??0LNSearchByNumberInField@@QAE@ABVLNSearch@@@Z
??0LNSearchByNumberInField@@QAE@ABVLNString@@W4LNSEARCHNUMBERCOND@@ABN2@Z
??0LNSearchByNumberInField@@QAE@XZ
??0LNSearchByPlainText@@QAE@ABV0@@Z
??0LNSearchByPlainText@@QAE@ABVLNSearch@@@Z
??0LNSearchByPlainText@@QAE@ABVLNString@@@Z
??0LNSearchByPlainText@@QAE@XZ
??0LNSearchByTextInField@@QAE@ABV0@@Z
??0LNSearchByTextInField@@QAE@ABVLNSearch@@@Z
??0LNSearchByTextInField@@QAE@HABVLNString@@0@Z
??0LNSearchByTextInField@@QAE@XZ
??0LNSearchByTextTerms@@QAE@ABV0@@Z
??0LNSearchByTextTerms@@QAE@ABVLNSearch@@@Z
??0LNSearchByTextTerms@@QAE@HABVLNText@@@Z
??0LNSearchByTextTerms@@QAE@XZ
??0LNSearchInFolder@@QAE@ABV0@@Z
??0LNSearchInFolder@@QAE@ABVLNSearch@@@Z
??0LNSearchInFolder@@QAE@ABVLNString@@@Z
??0LNSearchInFolder@@QAE@XZ
??0LNSearchOptions@@QAE@ABV0@@Z
??0LNSearchOptions@@QAE@XZ
??0LNSearches@@IAE@PAVLNSearchesBody@@@Z
??0LNSearches@@QAE@ABV0@@Z
??0LNSearches@@QAE@XZ
??0LNSection@@IAE@PAVLNSectionBody@@@Z
??0LNSection@@QAE@ABV0@@Z
??0LNSection@@QAE@ABVLNRTObject@@@Z
??0LNSection@@QAE@XZ
??0LNServerAddin@@QAE@XZ
??0LNSharedField@@AAE@PAVLNDatabaseBody@@K@Z
??0LNSharedField@@QAE@ABV0@@Z
??0LNSharedField@@QAE@ABVLNNote@@@Z

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 460KB - Virtual size: 457KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lnuser.id
unicows.dll
.dll windows:5 windows x86 arch:x86

263b6aa606212e61f04bf325434becf4

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/12/2000, 08:00

Not After

12/11/2005, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:07:11:43:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/05/2002, 00:55

Not After

25/11/2003, 01:05

Subject

CN=Microsoft Corporation,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetDriveTypeA
GetDriveTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetEnvironmentVariableW
FindClose
IsDBCSLeadByte
GetFullPathNameA
GetFullPathNameW
GetLocaleInfoW
GetLogicalDriveStringsA
GetLogicalDriveStringsW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
GetNamedPipeHandleStateA
GetNamedPipeHandleStateW
GetNumberFormatA
GetNumberFormatW
GetPrivateProfileIntA
GetPrivateProfileIntW
GetPrivateProfileSectionA
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesA
GetPrivateProfileSectionNamesW
GetPrivateProfileStringA
GetPrivateProfileStringW
GetPrivateProfileStructA
GetPrivateProfileStructW
GetProfileIntA
GetProfileIntW
GetProfileSectionA
GetProfileSectionW
GetProfileStringA
GetProfileStringW
GetShortPathNameA
GetShortPathNameW
GetStartupInfoA
GetStartupInfoW
GetStringTypeExA
GetStringTypeExW
GetSystemDirectoryA
GetSystemDirectoryW
GetTempFileNameW
GetTempPathW
GetTimeFormatA
GetTimeFormatW
GetVersionExA
GetVersionExW
GetVolumeInformationA
GetVolumeInformationW
GetWindowsDirectoryA
GetWindowsDirectoryW
GlobalAddAtomW
GlobalFindAtomA
GlobalFindAtomW
GlobalGetAtomNameA
GlobalGetAtomNameW
IsBadStringPtrW
IsValidCodePage
LCMapStringA
LCMapStringW
LoadLibraryW
LoadLibraryExW
lstrcatW
lstrcmpW
lstrcmpiW
lstrcpyW
lstrcpynW
MoveFileW
OpenEventA
OpenEventW
GetDiskFreeSpaceW
OpenFileMappingW
OpenMutexA
OpenMutexW
OpenSemaphoreA
OpenSemaphoreW
OutputDebugStringA
OutputDebugStringW
PeekConsoleInputA
PeekConsoleInputW
QueryDosDeviceA
QueryDosDeviceW
ReadConsoleA
ReadConsoleW
ReadConsoleInputA
ReadConsoleInputW
ReadConsoleOutputA
ReadConsoleOutputW
ReadConsoleOutputCharacterA
ReadConsoleOutputCharacterW
RemoveDirectoryA
RemoveDirectoryW
ScrollConsoleScreenBufferA
ScrollConsoleScreenBufferW
SearchPathA
SearchPathW
SetComputerNameA
SetComputerNameW
SetConsoleTitleA
SetConsoleTitleW
SetCurrentDirectoryA
SetCurrentDirectoryW
SetDefaultCommConfigA
SetDefaultCommConfigW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetFileAttributesA
SetFileAttributesW
SetLocaleInfoA
SetLocaleInfoW
SetVolumeLabelA
SetVolumeLabelW
VerLanguageNameA
VerLanguageNameW
WaitNamedPipeA
WaitNamedPipeW
WriteConsoleA
WriteConsoleW
WriteConsoleInputA
WriteConsoleInputW
WriteConsoleOutputA
WriteConsoleOutputW
WriteConsoleOutputCharacterA
WriteConsoleOutputCharacterW
WritePrivateProfileSectionA
WritePrivateProfileSectionW
WritePrivateProfileStringA
WritePrivateProfileStringW
WritePrivateProfileStructA
WritePrivateProfileStructW
WriteProfileSectionA
WriteProfileSectionW
WriteProfileStringA
WriteProfileStringW
FindResourceA
lstrcpyA
IsBadWritePtr
SetErrorMode
GetStringTypeW
FindResourceW
TerminateProcess
GetCurrentProcess
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
GetDefaultCommConfigW
GetDefaultCommConfigA
GetDateFormatA
GetDateFormatW
GetCurrentDirectoryW
GetCurrentDirectoryA
GetCurrencyFormatW
GetCurrencyFormatA
GetConsoleTitleW
GetConsoleTitleA
GetComputerNameW
GetComputerNameA
GetAtomNameW
GetAtomNameA
FormatMessageW
FormatMessageA
LocalFree
HeapReAlloc
LocalAlloc
FreeEnvironmentStringsW
FindNextFileW
FindNextFileA
FindFirstFileW
FindFirstFileA
FindFirstChangeNotificationW
FindFirstChangeNotificationA
FindAtomW
FindAtomA
FillConsoleOutputCharacterW
FillConsoleOutputCharacterA
FatalAppExitW
FatalAppExitA
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
EnumTimeFormatsW
EnumTimeFormatsA
EnumSystemLocalesW
EnumSystemLocalesA
EnumSystemCodePagesW
EnumDateFormatsW
EnumDateFormatsA
EnumCalendarInfoW
EnumCalendarInfoA
DeleteFileW
CreateSemaphoreW
CreateSemaphoreA
CreateProcessW
CreateProcessA
CreateNamedPipeW
CreateNamedPipeA
CreateMutexW
CreateMutexA
CreateMailslotW
CreateMailslotA
CreateFileMappingW
CreateFileMappingA
CreateFileW
CreateEventW
CreateEventA
CreateDirectoryExW
CreateDirectoryExA
CreateDirectoryW
CreateDirectoryA
CopyFileW
CopyFileA
CompareStringW
CompareStringA
CommConfigDialogW
CommConfigDialogA
CallNamedPipeW
CallNamedPipeA
BuildCommDCBAndTimeoutsW
BuildCommDCBAndTimeoutsA
BuildCommDCBW
BuildCommDCBA
AddAtomW
AddAtomA
InitializeCriticalSection
GetACP
GetOEMCP
DeleteCriticalSection
GetFileAttributesA
LoadLibraryExA
EnumResourceTypesW
EnumResourceNamesW
EnumResourceLanguagesW
lstrlenW
FindResourceExW
SizeofResource
LoadResource
LockResource
FreeResource
GetTempFileNameA
GetTempPathA
DeleteFileA
MoveFileA
CreateFileA
_lclose
_lread
_lwrite
_llseek
VirtualQuery
GetSystemInfo
VirtualFree
VirtualAlloc
VirtualProtect
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
GetCurrentProcessId
EnterCriticalSection
LeaveCriticalSection
GlobalAddAtomA
AreFileApisANSI
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
GetCurrentThreadId
lstrcmpA
WideCharToMultiByte
lstrcmpiA
GetLocaleInfoA
IsDBCSLeadByteEx
LoadLibraryA
InterlockedExchange
FreeLibrary
GetModuleHandleA
GetProcAddress
GetCPInfo
GetVersion
GetFileAttributesW
GetLastError
lstrlenA
GetProcessHeap
HeapAlloc
SetLastError
MultiByteToWideChar
OpenFileMappingA
HeapFree
RtlUnwind

user32

SystemParametersInfoW
TranslateAcceleratorW
TabbedTextOutA
TabbedTextOutW
UnregisterClassA
UnregisterClassW
VkKeyScanExA
VkKeyScanExW
WinHelpA
WinHelpW
wvsprintfW
EnumClipboardFormats
SetClipboardData
GetClipboardData
VkKeyScanW
wsprintfW
IsCharLowerW
IsCharAlphaNumericW
IsCharAlphaW
InsertMenuItemW
InsertMenuItemA
InsertMenuW
InsertMenuA
GrayStringW
GrayStringA
GetWindowTextLengthW
GetWindowTextLengthA
GetWindowTextW
GetWindowTextA
GetWindowLongW
GetTabbedTextExtentW
GetTabbedTextExtentA
GetPropW
GetMessageW
GetMenuStringW
GetMenuStringA
GetMenuItemInfoW
GetMenuItemInfoA
GetKeyNameTextW
GetKeyboardLayout
GetKeyNameTextA
GetKeyboardLayoutNameW
GetKeyboardLayoutNameA
GetDlgItemTextW
GetDlgItemTextA
GetClipboardFormatNameW
GetClipboardFormatNameA
GetClassNameW
GetClassLongW
GetClassLongA
GetClassInfoExW
GetClassInfoExA
GetClassInfoW
GetClassInfoA
FindWindowExW
FindWindowExA
FindWindowW
FindWindowA
EnableWindow
EnumPropsExW
EnumPropsExA
EnumPropsW
EnumPropsA
EnumDisplaySettingsW
EnumDisplaySettingsA
DrawTextExW
DrawTextExA
DrawTextW
DrawTextA
DrawStateW
DrawStateA
DlgDirSelectExW
DlgDirSelectExA
DlgDirSelectComboBoxExW
DlgDirSelectComboBoxExA
DlgDirListComboBoxW
DlgDirListComboBoxA
DlgDirListW
SystemParametersInfoA
DispatchMessageW
DialogBoxParamW
DialogBoxParamA
DialogBoxIndirectParamW
DialogBoxIndirectParamA
DefMDIChildProcW
DefFrameProcW
DefDlgProcW
DdeQueryStringW
DdeQueryStringA
DdeQueryConvInfo
DdeInitializeW
DdeInitializeA
DdeCreateStringHandleW
DdeCreateStringHandleA
DdeConnectList
DdeConnect
CharUpperBuffW
CharUpperW
CharToOemBuffW
CharToOemW
CharPrevW
CharNextW
CharLowerBuffW
CharLowerW
ChangeMenuW
SetWindowTextW
SetWindowTextA
SetWindowsHookExW
SetWindowsHookW
SetWindowsHookA
SetWindowLongW
SetPropW
SetMenuItemInfoW
SetMenuItemInfoA
SetDlgItemTextW
SetDlgItemTextA
SetClassLongW
SetClassLongA
SendNotifyMessageW
SendMessageTimeoutW
SendMessageCallbackW
SendMessageW
SendDlgItemMessageW
RemovePropW
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClipboardFormatA
RegisterClassExW
RegisterClassExA
RegisterClassW
RegisterClassA
PostThreadMessageW
PostMessageW
PeekMessageW
OemToCharBuffW
OemToCharW
ModifyMenuW
ModifyMenuA
MessageBoxIndirectW
MessageBoxIndirectA
MessageBoxExW
MessageBoxW
MapVirtualKeyExW
MapVirtualKeyExA
ChangeMenuA
ChangeDisplaySettingsW
ChangeDisplaySettingsA
CreateWindowExW
CreateWindowExA
CreateMDIWindowW
CreateMDIWindowA
CreateDialogParamW
CreateDialogParamA
CreateDialogIndirectParamW
CreateDialogIndirectParamA
CreateAcceleratorTableW
CreateAcceleratorTableA
CopyAcceleratorTableW
CopyAcceleratorTableA
CallWindowProcW
CallMsgFilterW
CallMsgFilterA
AppendMenuW
AppendMenuA
GetWindowThreadProcessId
SetWindowLongA
TranslateAcceleratorA
IsDialogMessageA
DispatchMessageA
PeekMessageA
GetMessageA
PostThreadMessageA
PostMessageA
SendNotifyMessageA
SendMessageTimeoutA
SendMessageCallbackA
SendMessageA
DefWindowProcA
CallWindowProcA
DefMDIChildProcA
DefFrameProcA
DefDlgProcA
GetWindowLongA
GetParent
GetDlgItem
SetPropA
RemovePropA
GetPropA
IsDlgButtonChecked
GetClassNameA
CharLowerA
CharUpperA
UnhookWindowsHookEx
SetWindowsHookExA
MapVirtualKeyW
CallNextHookEx
MapVirtualKeyA
LoadStringW
LoadMenuIndirectW
LoadMenuIndirectA
EnumChildWindows
RegisterWindowMessageA
LoadMenuW
LoadMenuA
LoadKeyboardLayoutW
LoadKeyboardLayoutA
LoadImageW
LoadImageA
LoadIconW
LoadIconA
LoadCursorFromFileW
LoadCursorFromFileA
LoadCursorW
LoadCursorA
LoadBitmapW
LoadBitmapA
LoadAcceleratorsW
LoadAcceleratorsA
IsWindowUnicode
IsCharUpperW
IsDialogMessageW
DlgDirListA
IsClipboardFormatAvailable
IsWindow

gdi32

GetEnhMetaFileDescriptionW
GetGlyphOutlineA
GetGlyphOutlineW
GetICMProfileA
GetICMProfileW
GetKerningPairsA
GetKerningPairsW
GetLogColorSpaceA
GetLogColorSpaceW
GetMetaFileA
GetMetaFileW
GetObjectA
GetObjectType
GetObjectW
GetOutlineTextMetricsA
GetOutlineTextMetricsW
GetTextExtentExPointA
GetTextExtentExPointW
GetTextExtentPointA
GetEnhMetaFileDescriptionA
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextFaceA
GetTextFaceW
GetTextMetricsA
GetTextMetricsW
PolyTextOutA
PolyTextOutW
RemoveFontResourceA
RemoveFontResourceW
ResetDCA
ResetDCW
SetICMProfileA
SetICMProfileW
StartDocA
StartDocW
TextOutW
UpdateICMRegKeyA
UpdateICMRegKeyW
GetEnhMetaFileW
GetEnhMetaFileA
GetCharacterPlacementW
GetCharacterPlacementA
GetCharWidthFloatW
GetCharWidthFloatA
GetCharWidth32W
GetCharWidthW
GetCharWidthA
GetCharABCWidthsFloatW
GetCharABCWidthsFloatA
GetCharABCWidthsW
GetCharABCWidthsA
ExtTextOutW
ExtTextOutA
EnumICMProfilesW
EnumICMProfilesA
EnumFontsW
EnumFontsA
EnumFontFamiliesExW
EnumFontFamiliesExA
EnumFontFamiliesW
EnumFontFamiliesA
CreateScalableFontResourceW
CreateScalableFontResourceA
CreateMetaFileW
CreateMetaFileA
CreateICW
CreateICA
CreateFontIndirectW
CreateFontIndirectA
CreateFontW
CreateFontA
CreateEnhMetaFileW
CreateEnhMetaFileA
CreateDCW
CreateDCA
CreateColorSpaceW
CreateColorSpaceA
CopyMetaFileW
CopyMetaFileA
CopyEnhMetaFileW
CopyEnhMetaFileA
AddFontResourceW
AddFontResourceA
GetFontData
GetTextExtentPointW
TranslateCharsetInfo
GetTextCharset

mpr

WNetGetUniversalNameW
MultinetGetConnectionPerformanceW
WNetAddConnectionA
WNetAddConnectionW
WNetAddConnection2A
WNetAddConnection2W
WNetAddConnection3A
WNetAddConnection3W
WNetCancelConnectionA
WNetCancelConnectionW
WNetCancelConnection2A
WNetCancelConnection2W
WNetConnectionDialog1A
WNetConnectionDialog1W
WNetDisconnectDialog1A
WNetDisconnectDialog1W
WNetEnumResourceA
WNetEnumResourceW
WNetGetConnectionA
WNetGetConnectionW
WNetGetLastErrorA
WNetGetLastErrorW
WNetGetNetworkInformationA
WNetGetNetworkInformationW
WNetGetProviderNameA
WNetUseConnectionW
WNetUseConnectionA
WNetOpenEnumW
WNetOpenEnumA
WNetGetUserW
WNetGetUserA
MultinetGetConnectionPerformanceA
WNetGetUniversalNameA
WNetGetResourceParentW
WNetGetResourceParentA
WNetGetResourceInformationW
WNetGetResourceInformationA
WNetGetProviderNameW

advapi32

RegOpenKeyA
RegEnumValueA
RegUnLoadKeyW
RegUnLoadKeyA
RegSetValueExW
RegSetValueExA
RegSetValueW
RegSetValueA
RegSaveKeyW
RegSaveKeyA
RegReplaceKeyW
RegReplaceKeyA
RegQueryValueExW
RegQueryValueExA
RegQueryValueW
RegQueryValueA
RegQueryMultipleValuesW
RegQueryMultipleValuesA
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyExW
RegOpenKeyW
RegCloseKey
RegLoadKeyW
RegLoadKeyA
RegEnumValueW
RegEnumKeyExW
RegEnumKeyExA
RegEnumKeyW
RegEnumKeyA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegCreateKeyExW
RegCreateKeyExA
RegCreateKeyW
RegCreateKeyA
RegConnectRegistryW
RegConnectRegistryA
IsTextUnicode
GetUserNameW
GetUserNameA
RegOpenKeyExA

comdlg32

GetOpenFileNameW
GetFileTitleW
GetFileTitleA
FindTextW
ChooseFontW
ChooseFontA
ChooseColorW
ChooseColorA
ReplaceTextW
FindTextA
ReplaceTextA
GetOpenFileNameA
GetSaveFileNameA
PageSetupDlgA
PageSetupDlgW
PrintDlgA
PrintDlgW
GetSaveFileNameW

version

VerQueryValueW
VerQueryValueA
VerInstallFileW
VerInstallFileA
VerFindFileW
VerFindFileA
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
GetFileVersionInfoW
GetFileVersionInfoA

shell32

SHGetPathFromIDListA
ord180
ord179
SHGetFileInfoA
SHFileOperationA
SHChangeNotify
SHBrowseForFolderA
Shell_NotifyIconA
ShellExecuteExA
ShellExecuteW
ShellExecuteA
ShellAboutW
ShellAboutA
FindExecutableW
FindExecutableA
ExtractIconExA
DragQueryFileA
DragQueryFileW
ExtractIconW
ExtractIconA

winspool.drv

GetJobW
GetPrinterW
GetPrinterDataW
GetPrinterDriverW
GetPrinterDriverDirectoryA
GetPrinterDriverDirectoryW
GetPrintProcessorDirectoryA
EnumPrintProcessorsW
OpenPrinterA
OpenPrinterW
ResetPrinterA
ResetPrinterW
SetJobA
SetJobW
SetPrinterA
SetPrinterW
SetPrinterDataA
SetPrinterDataW
StartDocPrinterA
EnumPrintProcessorsA
EnumPrintProcessorDatatypesW
EnumPrintersW
EnumPrinterDriversW
EnumPortsW
EnumMonitorsW
DocumentPropertiesW
DocumentPropertiesA
DeviceCapabilitiesW
DeviceCapabilitiesA
DeletePrintProvidorW
DeletePrintProvidorA
DeletePrintProcessorW
DeletePrintProcessorA
DeletePrinterDriverW
DeletePrinterDriverA
DeletePortW
DeletePortA
DeleteMonitorW
DeleteMonitorA
ConfigurePortW
ConfigurePortA
AdvancedDocumentPropertiesW
AdvancedDocumentPropertiesA
AddPrintProvidorW
AddPrintProvidorA
AddPrintProcessorW
AddPrintProcessorA
AddPrinterDriverW
AddPrinterDriverA
AddPrinterW
AddPrinterA
AddPortW
AddPortA
AddMonitorW
AddMonitorA
AddJobW
AddJobA
GetPrintProcessorDirectoryW
StartDocPrinterW

oledlg

OleUIUpdateLinksW
OleUIPromptUserW
OleUIPasteSpecialW
OleUIObjectPropertiesW
OleUIInsertObjectW
OleUIEditLinksW
OleUIConvertW
OleUIChangeSourceW
OleUIChangeIconW
OleUIBusyW
ord8
OleUIAddVerbMenuW
ord1
ord6

winmm

waveOutGetErrorTextW
waveOutGetErrorTextA
waveOutGetDevCapsW
waveOutGetDevCapsA
waveInGetErrorTextW
mixerGetControlDetailsW
midiOutGetErrorTextW
midiOutGetErrorTextA
midiOutGetDevCapsW
midiOutGetDevCapsA
midiInGetErrorTextW
midiInGetDevCapsW
midiInGetDevCapsA
mciSendStringW
mciSendStringA
mciSendCommandW
mciGetErrorStringW
mciGetErrorStringA
midiInGetErrorTextA
mciGetDeviceIDW
mciGetDeviceIDA
joyGetDevCapsW
joyGetDevCapsA
auxGetDevCapsW
auxGetDevCapsA
PlaySoundW
PlaySoundA
mixerGetDevCapsW
mixerGetLineControlsW
mixerGetLineInfoW
mmioInstallIOProcW
mmioOpenA
mmioOpenW
mmioRenameA
mmioRenameW
mmioStringToFOURCCA
mmioStringToFOURCCW
sndPlaySoundA
sndPlaySoundW
waveInGetDevCapsA
waveInGetDevCapsW
waveInGetErrorTextA
mixerGetDevCapsA

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

msvfw32

MCIWndCreateW
MCIWndCreateA
GetSaveFileNamePreviewW
GetOpenFileNamePreviewW

imm32

ImmReleaseContext
ImmGetCompositionStringA
ImmGetContext
ImmGetCompositionStringW

Exports

Exports

AcquireCredentialsHandleW
AddAtomW
AddFontResourceW
AddJobW
AddMonitorW
AddPortW
AddPrintProcessorW
AddPrintProvidorW
AddPrinterDriverW
AddPrinterW
AdvancedDocumentPropertiesW
AppendMenuW
BeginUpdateResourceA
BeginUpdateResourceW
BroadcastSystemMessageW
BuildCommDCBAndTimeoutsW
BuildCommDCBW
CallMsgFilterW
CallNamedPipeW
CallWindowProcA
CallWindowProcW
ChangeDisplaySettingsExW
ChangeDisplaySettingsW
ChangeMenuW
CharLowerBuffW
CharLowerW
CharNextW
CharPrevW
CharToOemBuffW
CharToOemW
CharUpperBuffW
CharUpperW
ChooseColorW
ChooseFontW
CommConfigDialogW
CompareStringW
ConfigurePortW
CopyAcceleratorTableW
CopyEnhMetaFileW
CopyFileExW
CopyFileW
CopyMetaFileW
CreateAcceleratorTableW
CreateColorSpaceW
CreateDCW
CreateDialogIndirectParamW
CreateDialogParamW
CreateDirectoryExW
CreateDirectoryW
CreateEnhMetaFileW
CreateEventW
CreateFileMappingW
CreateFileW
CreateFontIndirectW
CreateFontW
CreateICW
CreateMDIWindowW
CreateMailslotW
CreateMetaFileW
CreateMutexW
CreateNamedPipeW
CreateProcessW
CreateScalableFontResourceW
CreateSemaphoreW
CreateStdAccessibleProxyW
CreateWaitableTimerW
CreateWindowExW
CryptAcquireContextW
CryptEnumProviderTypesW
CryptEnumProvidersW
CryptGetDefaultProviderW
CryptSetProviderExW
CryptSetProviderW
CryptSignHashW
CryptVerifySignatureW
DdeConnect
DdeConnectList
DdeCreateStringHandleW
DdeInitializeW
DdeQueryConvInfo
DdeQueryStringW
DefDlgProcW
DefFrameProcW
DefMDIChildProcW
DefWindowProcW
DeleteFileW
DeleteMonitorW
DeletePortW
DeletePrintProcessorW
DeletePrintProvidorW
DeletePrinterDriverW
DeviceCapabilitiesW
DialogBoxIndirectParamW
DialogBoxParamW
DispatchMessageW
DlgDirListComboBoxW
DlgDirListW
DlgDirSelectComboBoxExW
DlgDirSelectExW
DocumentPropertiesW
DragQueryFileW
DrawStateW
DrawTextExW
DrawTextW
EnableWindow
EndUpdateResourceA
EndUpdateResourceW
EnumCalendarInfoExW
EnumCalendarInfoW
EnumClipboardFormats
EnumDateFormatsExW
EnumDateFormatsW
EnumDisplayDevicesW
EnumDisplaySettingsExW
EnumDisplaySettingsW
EnumFontFamiliesExW
EnumFontFamiliesW
EnumFontsW
EnumICMProfilesW
EnumMonitorsW
EnumPortsW
EnumPrintProcessorDatatypesW
EnumPrintProcessorsW
EnumPrinterDriversW
EnumPrintersW
EnumPropsA
EnumPropsExA
EnumPropsExW
EnumPropsW
EnumSystemCodePagesW
EnumSystemLocalesW
EnumTimeFormatsW
EnumerateSecurityPackagesW
ExpandEnvironmentStringsW
ExtTextOutW
ExtractIconExW
ExtractIconW
FatalAppExitW
FillConsoleOutputCharacterW
FindAtomW
FindExecutableW
FindFirstChangeNotificationW
FindFirstFileW
FindNextFileW
FindResourceExW
FindResourceW
FindTextW
FindWindowExW
FindWindowW
FormatMessageW
FreeContextBuffer
FreeEnvironmentStringsW
GetAltTabInfoW
GetAtomNameW
GetCPInfo
GetCPInfoExW
GetCalendarInfoW
GetCharABCWidthsFloatW
GetCharABCWidthsW
GetCharWidth32W
GetCharWidthFloatW
GetCharWidthW
GetCharacterPlacementW
GetClassInfoExW
GetClassInfoW
GetClassLongW
GetClassNameW
GetClipboardData
GetClipboardFormatNameW
GetComputerNameW
GetConsoleTitleW
GetCurrencyFormatW
GetCurrentDirectoryW
GetCurrentHwProfileW
GetDateFormatW
GetDefaultCommConfigW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDlgItemTextW
GetDriveTypeW
GetEnhMetaFileDescriptionW
GetEnhMetaFileW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetFileAttributesExW
GetFileAttributesW
GetFileTitleW
GetFileVersionInfoSizeW
GetFileVersionInfoW
GetFullPathNameW
GetGlyphOutlineW
GetICMProfileW
GetJobW
GetKerningPairsW
GetKeyNameTextW
GetKeyboardLayoutNameW
GetLocaleInfoW
GetLogColorSpaceW
GetLogicalDriveStringsW
GetLongPathNameW
GetMenuItemInfoW
GetMenuStringW
GetMessageW
GetMetaFileW
GetModuleFileNameW
GetModuleHandleW
GetMonitorInfoW
GetNamedPipeHandleStateW
GetNumberFormatW
GetObjectW
GetOpenFileNamePreviewW
GetOpenFileNameW
GetOutlineTextMetricsW
GetPrintProcessorDirectoryW
GetPrinterDataW
GetPrinterDriverDirectoryW
GetPrinterDriverW
GetPrinterW
GetPrivateProfileIntW
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
GetPrivateProfileStringW
GetPrivateProfileStructW
GetProcAddress
GetProfileIntW
GetProfileSectionW
GetProfileStringW
GetPropA
GetPropW
GetRoleTextW
GetSaveFileNamePreviewW
GetSaveFileNameW
GetShortPathNameW
GetStartupInfoW
GetStateTextW
GetStringTypeExW
GetStringTypeW
GetSystemDirectoryW
GetSystemWindowsDirectoryW
GetTabbedTextExtentW
GetTempFileNameW
GetTempPathW
GetTextExtentExPointW
GetTextExtentPoint32W
GetTextExtentPointW
GetTextFaceW
GetTextMetricsW
GetTimeFormatW
GetUserNameW
GetVersionExW
GetVolumeInformationW
GetWindowLongA
GetWindowLongW
GetWindowModuleFileNameW
GetWindowTextLengthW
GetWindowTextW
GetWindowsDirectoryW
GlobalAddAtomW
GlobalFindAtomW
GlobalGetAtomNameW
GrayStringW
InitSecurityInterfaceW
InitializeSecurityContextW
InsertMenuItemW
InsertMenuW
IsBadStringPtrW
IsCharAlphaNumericW
IsCharAlphaW
IsCharLowerW
IsCharUpperW
IsClipboardFormatAvailable
IsDestinationReachableW
IsDialogMessageW
IsTextUnicode
IsValidCodePage
IsWindowUnicode
LCMapStringW
LoadAcceleratorsW
LoadBitmapW
LoadCursorFromFileW
LoadCursorW
LoadIconW
LoadImageW
LoadKeyboardLayoutW
LoadLibraryExW
LoadLibraryW
LoadMenuIndirectW
LoadMenuW
LoadStringW
MCIWndCreateW
MapVirtualKeyExW
MapVirtualKeyW
MessageBoxExW
MessageBoxIndirectW
MessageBoxW
ModifyMenuW
MoveFileW
MultiByteToWideChar
MultinetGetConnectionPerformanceW
OemToCharBuffW
OemToCharW
OleUIAddVerbMenuW
OleUIBusyW
OleUIChangeIconW
OleUIChangeSourceW
OleUIConvertW
OleUIEditLinksW
OleUIInsertObjectW
OleUIObjectPropertiesW
OleUIPasteSpecialW
OleUIPromptUserW
OleUIUpdateLinksW
OpenEventW
OpenFileMappingW
OpenMutexW
OpenPrinterW
OpenSemaphoreW
OpenWaitableTimerW
OutputDebugStringW
PageSetupDlgW
PeekConsoleInputW
PeekMessageW
PlaySoundW
PolyTextOutW
PostMessageW
PostThreadMessageW
PrintDlgW
QueryContextAttributesW
QueryCredentialsAttributesW
QueryDosDeviceW
QuerySecurityPackageInfoW
RasConnectionNotificationW
RasCreatePhonebookEntryW
RasDeleteEntryW
RasDeleteSubEntryW
RasDialW
RasEditPhonebookEntryW
RasEnumConnectionsW
RasEnumDevicesW
RasEnumEntriesW
RasGetConnectStatusW
RasGetEntryDialParamsW
RasGetEntryPropertiesW
RasGetErrorStringW
RasGetProjectionInfoW
RasHangUpW
RasRenameEntryW
RasSetEntryDialParamsW
RasSetEntryPropertiesW
RasSetSubEntryPropertiesW
RasValidateEntryNameW
ReadConsoleInputW
ReadConsoleOutputCharacterW
ReadConsoleOutputW
ReadConsoleW
RegConnectRegistryW
RegCreateKeyExW
RegCreateKeyW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumKeyW
RegEnumValueW
RegLoadKeyW
RegOpenKeyExW
RegOpenKeyW
RegQueryInfoKeyW
RegQueryMultipleValuesW
RegQueryValueExW
RegQueryValueW
RegReplaceKeyW
RegSaveKeyW
RegSetValueExW
RegSetValueW
RegUnLoadKeyW
RegisterClassExW
RegisterClassW
RegisterClipboardFormatW
RegisterDeviceNotificationW
RegisterWindowMessageW
RemoveDirectoryW
RemoveFontResourceW
RemovePropA
RemovePropW
ReplaceTextW
ResetDCW
ResetPrinterW
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHGetFileInfoW
SHGetNewLinkInfoW
SHGetPathFromIDListW
ScrollConsoleScreenBufferW
SearchPathW
SendDlgItemMessageW
SendMessageCallbackW
SendMessageTimeoutW
SendMessageW
SendNotifyMessageW
SetCalendarInfoW
SetClassLongW
SetComputerNameW
SetConsoleTitleW
SetCurrentDirectoryW
SetDefaultCommConfigW
SetDlgItemTextW
SetEnvironmentVariableW
SetFileAttributesW
SetICMProfileW
SetJobW
SetLocaleInfoW
SetMenuItemInfoW
SetPrinterDataW
SetPrinterW
SetPropA
SetPropW
SetVolumeLabelW
SetWindowLongA
SetWindowLongW
SetWindowTextW
SetWindowsHookExW
SetWindowsHookW
ShellAboutW
ShellExecuteExW
ShellExecuteW
Shell_NotifyIconW
StartDocPrinterW
StartDocW
SystemParametersInfoW
TabbedTextOutW
TextOutW
TranslateAcceleratorW
UnregisterClassW
UpdateICMRegKeyW
UpdateResourceA
UpdateResourceW
VerFindFileW
VerInstallFileW
VerLanguageNameW
VerQueryValueW
VkKeyScanExW
VkKeyScanW
WNetAddConnection2W
WNetAddConnection3W
WNetAddConnectionW
WNetCancelConnection2W
WNetCancelConnectionW
WNetConnectionDialog1W
WNetDisconnectDialog1W
WNetEnumResourceW
WNetGetConnectionW
WNetGetLastErrorW
WNetGetNetworkInformationW
WNetGetProviderNameW
WNetGetResourceInformationW
WNetGetResourceParentW
WNetGetUniversalNameW
WNetGetUserW
WNetOpenEnumW
WNetUseConnectionW
WaitNamedPipeW
WideCharToMultiByte
WinHelpW
WriteConsoleInputW
WriteConsoleOutputCharacterW
WriteConsoleOutputW
WriteConsoleW
WritePrivateProfileSectionW
WritePrivateProfileStringW
WritePrivateProfileStructW
WriteProfileSectionW
WriteProfileStringW
__FreeAllLibrariesInMsluDll
auxGetDevCapsW
capCreateCaptureWindowW
capGetDriverDescriptionW
joyGetDevCapsW
lstrcatW
lstrcmpW
lstrcmpiW
lstrcpyW
lstrcpynW
lstrlenW
mciGetDeviceIDW
mciGetErrorStringW
mciSendCommandW
mciSendStringW
midiInGetDevCapsW
midiInGetErrorTextW
midiOutGetDevCapsW
midiOutGetErrorTextW
mixerGetControlDetailsW
mixerGetDevCapsW
mixerGetLineControlsW
mixerGetLineInfoW
mmioInstallIOProcW
mmioOpenW
mmioRenameW
mmioStringToFOURCCW

Sections

.text
Size: 217KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vCardTemplate.htm
.html
wc_modem.cat
wc_modem.inf
wc_modem.inf1
widcomm.tag
win2knul.cat
win2knul.inf

Sharing

General

Malware Config

Signatures

Files

150d7f039b1be560b8b5f7beb68d2b34

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 17KB

.JOE Size: 4KB - Virtual size: 12B

.reloc Size: 4KB - Virtual size: 3KB

b90cf586deba6d627ff359590cf07fa9

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ole32

olepro32

oleaut32

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 52KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 12KB - Virtual size: 9KB

.reloc Size: 12KB - Virtual size: 9KB

e1697d55cdb97ba9061077a247545c17

Headers

File Characteristics

Imports

shlwapi

advapi32

setupapi

version

mfc42

msvcrt

kernel32

user32

Sections

.text Size: 12KB - Virtual size: 9KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 5KB

.rsrc Size: 20KB - Virtual size: 17KB

cef861f0596d864ce21d4752b72fca73

Headers

File Characteristics

Imports

kernel32

advapi32

winmm

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 30KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 20KB

COMSEC Size: 4KB - Virtual size: 20B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

087ded3be0233633133702d2cca85634

Headers

File Characteristics

Imports

setupapi

.text
Size: 24KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 17KB

.JOE
Size: 4KB - Virtual size: 12B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 56KB - Virtual size: 52KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 12KB - Virtual size: 9KB

.reloc
Size: 12KB - Virtual size: 9KB

.text
Size: 12KB - Virtual size: 9KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 20KB - Virtual size: 17KB

.text
Size: 32KB - Virtual size: 30KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 20KB

COMSEC
Size: 4KB - Virtual size: 20B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 16KB - Virtual size: 12KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 48KB - Virtual size: 44KB

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 196KB - Virtual size: 195KB

.rdata
Size: 60KB - Virtual size: 56KB

.data
Size: 28KB - Virtual size: 50KB

.rsrc
Size: 512KB - Virtual size: 510KB

.reloc
Size: 28KB - Virtual size: 27KB

.text
Size: 4KB - Virtual size: 1KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 436B