fab887b14b90e85321c9d5c7fc854fdd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fab887b14b90e85321c9d5c7fc854fdd_JaffaCakes118
Size

3.5MB
MD5

fab887b14b90e85321c9d5c7fc854fdd
SHA1

77ccac7ac0350e4fa29a54c00905c2fd37bb4bec
SHA256

8913376e3eb59cb5267450a411b2ee853405c30c51e54d7a92f37127095eb86b
SHA512

89fee4ab00010df14270323a9f63b4627bc47eca451bb04298d719d87dc3a4e4405307e4771bee8745a6a61a09edd6128d5c519f51a4288c0dd3dc114aefaa01
SSDEEP

98304:C8ssMHvNq9Mc9joWc1s/xeyBuj/bm3Wu63DIZQ:KQfjBGsfw/FsC

Score

3^/10

Malware Config

Signatures

Unsigned PE 13 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$LOCALAPPDATA/BeAnywhere Support Express/GetSupport/BASupLib.dll
unpack001/$LOCALAPPDATA/BeAnywhere Support Express/GetSupport/BASupSysShell64.exe
unpack001/$LOCALAPPDATA/BeAnywhere Support Express/GetSupport/BASupUnElev.exe
unpack001/$LOCALAPPDATA/BeAnywhere Support Express/GetSupport/LibLZMA-5.dll
unpack001/$LOCALAPPDATA/BeAnywhere Support Express/GetSupport/SILK.dll
unpack001/$LOCALAPPDATA/BeAnywhere Support Express/GetSupport/TurboJPEG.dll
unpack001/$LOCALAPPDATA/BeAnywhere Support Express/GetSupport/borlndmm.dll
unpack001/$LOCALAPPDATA/BeAnywhere Support Express/GetSupport/libeay32.dll
unpack001/$LOCALAPPDATA/BeAnywhere Support Express/GetSupport/ssleay32.dll
unpack001/$LOCALAPPDATA/BeAnywhere Support Express/GetSupport/zlib1.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/WinVersion.dll
unpack001/$PLUGINSDIR/XMLConfigPlugIn.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

fab887b14b90e85321c9d5c7fc854fdd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:9e:c1:e5:a7:3d:de:54:8f:59:ff:64:c8:dd:1d:6a
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

05/11/2015, 00:00

Not After

04/12/2016, 23:59

Subject

CN=Multiplicar Negocios - Actividades de Marketing Inovadoras Lda,O=Multiplicar Negocios - Actividades de Marketing Inovadoras Lda,L=Prior Velho,ST=LOURES,C=PT

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a4:2a:0f:fc:75:51:da:b9:c9:39:a4:d2:d3:bd:82:2c:d2:b5:06:6d
Signer

Actual PE Digest

a4:2a:0f:fc:75:51:da:b9:c9:39:a4:d2:d3:bd:82:2c:d2:b5:06:6d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 289KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$LOCALAPPDATA/BeAnywhere Support Express/GetSupport/BASupApp.exe
.exe windows:4 windows x86 arch:x86

bf9c84c3a3257624ea75aefc55b86e9d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:01:0f:ac:4a:4f:67:ea:f6:79:d1:6c:51:20:1c:3d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

16/10/2014, 00:00

Not After

15/11/2015, 23:59

Subject

CN=Multiplicar Negocios - Actividades de Marketing Inovadoras Lda,O=Multiplicar Negocios - Actividades de Marketing Inovadoras Lda,L=Prior Velho,ST=LOURES,C=PT

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetQueryOptionA

sensapi

IsNetworkAlive

iphlpapi

GetAdaptersInfo
GetNetworkParams

zlib1

compress2
gzclose
gzopen
gzwrite
uncompress

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock
GetUserProfileDirectoryW
LoadUserProfileA
UnloadUserProfile

turbojpeg

tjCompress2
tjDecompress2
tjDestroy
tjInitCompress
tjInitDecompress

liblzma-5

lzma_lzma_preset
lzma_stream_buffer_decode
lzma_stream_buffer_encode

basuplib

CompBlockWEx2
ConvertImageTo5BitGray
ConvertImageTo5BitGrayEx
ConvertImageToRGB12
ConvertImageToRGB332
GetBlockW
MidasCompress332
MidasCompressFull332
MidasCompressFullGrayScale
MidasCompressFullLowColor
MidasCompressLowColor
PXCompress16
PXCompressGrayScale
PutBlockW
PutCroppedBlockW
RGB15toRBG24
RGB24_12toRBG15
RGB24_332toRBG15
RGB24toRBG15
RGB32toRBG15
RLEDecode16
RLEDecode8
RLEEncode16
RLEEncode8

secur32

TranslateNameA

crypt32

CryptProtectData
CryptUnprotectData

advapi32

AccessCheck
AddAccessAllowedAce
AddAce
AdjustTokenPrivileges
AllocateAndInitializeSid
ChangeServiceConfigA
CloseServiceHandle
ControlService
ConvertSidToStringSidA
ConvertStringSidToSidA
CopySid
CreateProcessAsUserW
CreateProcessWithLogonW
CreateServiceA
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
DeleteService
DuplicateToken
DuplicateTokenEx
EqualSid
FreeSid
GetAce
GetAclInformation
GetLengthSid
GetSecurityDescriptorDacl
GetSidIdentifierAuthority
GetSidLengthRequired
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
ImpersonateLoggedOnUser
InitializeAcl
InitializeSecurityDescriptor
InitializeSid
InitiateSystemShutdownA
IsValidSid
LogonUserW
LookupAccountSidA
LookupPrivilegeValueA
LsaClose
LsaNtStatusToWinError
LsaOpenPolicy
LsaStorePrivateData
OpenProcessToken
OpenSCManagerA
OpenServiceA
OpenThreadToken
QueryServiceConfigA
QueryServiceStatus
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegFlushKey
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueExA
RegSetValueExA
RevertToSelf
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetTokenInformation
StartServiceA
IsValidSecurityDescriptor

kernel32

CloseHandle
CompareStringA
CopyFileA
CreateDirectoryA
CreateEventA
CreateFileA
CreateMutexA
CreatePipe
CreateProcessA
CreateProcessW
CreateSemaphoreA
CreateThread
CreateToolhelp32Snapshot
DebugBreak
DeleteCriticalSection
DeleteFileA
DuplicateHandle
EnterCriticalSection
EnumCalendarInfoA
ExitProcess
ExitThread
FileTimeToDosDateTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindResourceA
FormatMessageA
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCommandLineA
GetComputerNameA
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetDriveTypeA
GetEnvironmentStrings
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileSize
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetLocaleInfoA
GetLogicalDriveStringsA
GetLogicalDrives
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
GetProcessTimes
GetProfileStringA
GetShortPathNameA
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeExA
GetStringTypeW
GetSystemDirectoryA
GetSystemInfo
GetSystemTime
GetTempFileNameA
GetTempPathA
GetThreadLocale
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFree
GlobalHandle
GlobalLock
GlobalMemoryStatusEx
GlobalReAlloc
GlobalSize
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadResource
LocalAlloc
LocalFree
LockResource
MoveFileA
MoveFileExA
MulDiv
MultiByteToWideChar
OpenEventA
OpenMutexA
OpenProcess
OutputDebugStringA
PeekNamedPipe
Process32First
Process32Next
ProcessIdToSessionId
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ReleaseMutex
ReleaseSemaphore
RemoveDirectoryA
ResetEvent
ResumeThread
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetErrorMode
SetEvent
SetFileAttributesA
SetFilePointer
SetFileTime
SetHandleCount
SetHandleInformation
SetLastError
SetPriorityClass
SetThreadLocale
SetThreadPriority
SizeofResource
Sleep
SuspendThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VerSetConditionMask
VerifyVersionInfoA
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
WritePrivateProfileStringA
lstrcmpA
lstrcpyA
lstrcpynA
lstrlenA
GetVolumeInformationA

netapi32

NetApiBufferFree
NetUserGetInfo
NetUserGetLocalGroups
NetUserModalsGet
NetWkstaGetInfo
NetWkstaUserGetInfo

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wsock32

WSACleanup
WSAGetLastError
WSAStartup
gethostbyname
gethostname

winspool.drv

ClosePrinter
DocumentPropertiesA
EnumPrintersA
OpenPrinterA

comctl32

ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_DrawEx
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Read
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetDragCursorImage
ImageList_SetIconSize
ImageList_Write
ord17

comdlg32

GetOpenFileNameA
GetSaveFileNameA

gdi32

BitBlt
CombineRgn
CopyEnhMetaFileA
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
CreateDIBSection
CreateDIBitmap
CreateFontIndirectA
CreateHalftonePalette
CreateICA
CreatePalette
CreatePen
CreatePenIndirect
CreateRectRgn
CreateRectRgnIndirect
CreateSolidBrush
DeleteDC
DeleteEnhMetaFile
DeleteObject
EndDoc
EndPage
EnumFontFamiliesExA
EqualRgn
ExcludeClipRect
ExtTextOutA
GdiFlush
GetBitmapBits
GetBkMode
GetBrushOrgEx
GetClipBox
GetCurrentPositionEx
GetDCOrgEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetEnhMetaFileBits
GetEnhMetaFileHeader
GetEnhMetaFilePaletteEntries
GetNearestPaletteIndex
GetObjectA
GetPaletteEntries
GetPixel
GetRegionData
GetRgnBox
GetStockObject
GetSystemPaletteEntries
GetTextColor
GetTextExtentPoint32A
GetTextExtentPointA
GetTextMetricsA
GetWinMetaFileBits
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
MoveToEx
PatBlt
PlayEnhMetaFile
Polygon
Polyline
RealizePalette
RectVisible
Rectangle
ResizePalette
RestoreDC
SaveDC
SelectClipRgn
SelectObject
SelectPalette
SetAbortProc
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetEnhMetaFileBits
SetMapMode
SetPaletteEntries
SetPixel
SetROP2
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWinMetaFileBits
SetWindowOrgEx
StartDocA
StartPage
StretchBlt
StretchDIBits
UnrealizeObject

shell32

DragAcceptFiles
DragFinish
DragQueryFileA
SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteA
ShellExecuteExA
SHGetPathFromIDListA

shfolder

SHGetFolderPathA

user32

ActivateKeyboardLayout
AdjustWindowRectEx
AllowSetForegroundWindow
AttachThreadInput
BeginPaint
BringWindowToTop
CallNextHookEx
CallWindowProcA
ChangeClipboardChain
ChangeDisplaySettingsA
CharLowerA
CharLowerBuffA
CharNextA
CharToOemA
CharUpperBuffA
CheckMenuItem
ChildWindowFromPoint
ClientToScreen
CloseClipboard
CloseDesktop
CloseWindowStation
CopyIcon
CreateIcon
CreateMenu
CreatePopupMenu
CreateWindowExA
DefFrameProcA
DefMDIChildProcA
DefWindowProcA
DeleteMenu
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextA
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndPaint
EnumDisplayDevicesA
EnumDisplayMonitors
EnumDisplaySettingsA
EnumDisplaySettingsExA
EnumThreadWindows
EnumWindows
EqualRect
FillRect
FindWindowA
FlashWindowEx
FrameRect
GetActiveWindow
GetAsyncKeyState
GetCapture
GetClassInfoA
GetClassNameA
GetClientRect
GetClipboardData
GetClipboardOwner
GetCursor
GetCursorInfo
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetDlgItem
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextA
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardState
GetKeyboardType
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoA
GetMenuState
GetMenuStringA
GetMessageA
GetMessagePos
GetMonitorInfoA
GetParent
GetProcessWindowStation
GetPropA
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSystemMenu
GetSystemMetrics
GetThreadDesktop
GetTopWindow
GetUpdateRect
GetUserObjectInformationA
GetUserObjectSecurity
GetWindow
GetWindowDC
GetWindowLongA
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
InflateRect
InsertMenuA
InsertMenuItemA
IntersectRect
InvalidateRect
IsChild
IsClipboardFormatAvailable
IsDialogMessageA
IsIconic
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapA
LoadCursorA
LoadIconA
LoadKeyboardLayoutA
LoadStringA
LockWorkStation
MapVirtualKeyA
MapWindowPoints
MessageBeep
MessageBoxA
MonitorFromPoint
MsgWaitForMultipleObjects
OemToCharA
OffsetRect
OpenClipboard
OpenDesktopA
OpenDesktopW
OpenInputDesktop
OpenWindowStationW
PeekMessageA
PostMessageA
PostQuitMessage
PostThreadMessageA
PtInRect
RedrawWindow
RegisterClassA
RegisterClipboardFormatA
RegisterWindowMessageA
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropA
ScreenToClient
ScrollWindow
SendInput
SendMessageA
SendNotifyMessageA
SetActiveWindow
SetCapture
SetClassLongA
SetClipboardData
SetClipboardViewer
SetCursor
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoA
SetProcessWindowStation
SetPropA
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetThreadDesktop
SetTimer
SetUserObjectSecurity
SetWindowLongA
SetWindowPlacement
SetWindowPos
SetWindowTextA
SetWindowsHookExA
ShowCursor
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoA
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassA
UpdateWindow
ValidateRect
WaitMessage
WinHelpA
WindowFromPoint
keybd_event
wsprintfA
wvsprintfA
GetSysColor

winmm

timeBeginPeriod
timeEndPeriod
timeGetDevCaps
timeKillEvent
timeSetEvent
waveInAddBuffer
waveInClose
waveInGetDevCapsA
waveInGetNumDevs
waveInOpen
waveInPrepareHeader
waveInReset
waveInStart
waveInStop
waveInUnprepareHeader
waveOutClose
waveOutGetDevCapsA
waveOutGetNumDevs
waveOutOpen
waveOutPrepareHeader
waveOutReset
waveOutUnprepareHeader
waveOutWrite

ole32

CLSIDFromProgID
CoCreateInstance
CoInitialize
CoInitializeEx
CoUninitialize

oleaut32

CreateErrorInfo
GetErrorInfo
SafeArrayAccessData
SafeArrayCreate
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayRedim
SafeArrayUnaccessData
SetErrorInfo
SysAllocStringLen
SysFreeString
SysReAllocStringLen
SysStringLen
VariantChangeType
VariantClear
VariantCopy
VariantCopyInd
VariantInit

Exports

Exports

@$xp$15Pngimage@TChunk
@$xp$16Pngimage@TFilter
@$xp$17Pngbutton@TOffset
@$xp$17Pngimage@TFilters
@$xp$17Pngimage@TPNGList
@$xp$17Pngimage@TRGBLine
@$xp$17Pngimage@pRGBLine
@$xp$18Pngimage@EPngError
@$xp$18Pngimage@TIHDRData
@$xp$18Pngimage@TRGBPixel
@$xp$18Pngimage@TUnitType
@$xp$18Pngimage@pCardinal
@$xp$18Pngimage@pIHDRData
@$xp$18Pngimage@pRGBPixel
@$xp$18Pngimage@pUnitType
@$xp$19Pngimage@TByteArray
@$xp$19Pngimage@TChunkIDAT
@$xp$19Pngimage@TChunkIEND
@$xp$19Pngimage@TChunkIHDR
@$xp$19Pngimage@TChunkName
@$xp$19Pngimage@TChunkPLTE
@$xp$19Pngimage@TChunkgAMA
@$xp$19Pngimage@TChunkpHYs
@$xp$19Pngimage@TChunktEXt
@$xp$19Pngimage@TChunktIME
@$xp$19Pngimage@TChunktRNS
@$xp$19Pngimage@TChunkzTXt
@$xp$19Pngimage@TPNGObject
@$xp$19Pngimage@pByteArray
@$xp$20Pngbutton@TPngButton
@$xp$20Pngimage@TChunkClass
@$xp$20Pngimage@pngimage__1
@$xp$20Pxbuttone@TNumGlyphs
@$xp$20Pxbuttone@TPxButtonE
@$xp$21Pngimage@TZStreamRec2
@$xp$21Pxbuttone@TClickEvent
@$xp$21Pxbuttone@TGlyphState
@$xp$21Pxbuttone@TMouseState
@$xp$21Pxbuttone@TWin8Styles
@$xp$21Pxcheckbox@TNumGlyphs
@$xp$22Pngimage@EPNGNotExists
@$xp$22Pngimage@EPNGOutMemory
@$xp$22Pngimage@EPNGZLIBError
@$xp$22Pngimage@TPointerArray
@$xp$22Pngimage@pPointerArray
@$xp$22Pxcheckbox@TGlyphState
@$xp$22Pxcheckbox@TMouseState
@$xp$22Pxcheckbox@TPxCheckBox
@$xp$22Richeditex@TRichEditEx
@$xp$23Pngbutton@TCaptionAlign
@$xp$23Pngimage@EPngInvalidCRC
@$xp$23Pngimage@TMAXBITMAPINFO
@$xp$23Pxcheckbox@TChangeEvent
@$xp$24Pngbutton@TCaptionColors
@$xp$24Pngimage@EPNGInvalidSpec
@$xp$24Pngimage@EPNGNoImageData
@$xp$24Pngimage@EPNGSizeExceeds
@$xp$24Pngimage@EPngInvalidIHDR
@$xp$24Pngimage@TPNGPointerList
@$xp$25Pngbutton@TCaptionMargins
@$xp$25Pngbutton@TCaptionOffsets
@$xp$25Pngimage@EPNGIHDRNotFirst
@$xp$25Pngimage@TInterlaceMethod
@$xp$25Richeditex@TURLClickEvent
@$xp$26Pngimage@EPngUnexpectedEnd
@$xp$26Pngimage@TCompressionLevel
@$xp$27Pngbutton@TCaptionVertAlign
@$xp$27Pngimage@EPNGInvalidNewSize
@$xp$27Pngimage@EPNGInvalidPalette
@$xp$27Pngimage@EPNGMissingPalette
@$xp$27Pxbuttone@TCaptionVertAlign
@$xp$27Pxbuttone@TWin8BorderColors
@$xp$28Pxbuttone@TCaptionHorizAlign
@$xp$28Pxbuttone@TWin8GlyphPosition
@$xp$29Pngimage@EPNGHeaderNotPresent
@$xp$29Pngimage@EPNGUnknownInterlace
@$xp$29Pngimage@TPNGTransparencyMode
@$xp$30Pngimage@EPNGInvalidFileHeader
@$xp$31Pngimage@EPNGUnknownCompression
@$xp$32Pngimage@EPNGMissingMultipleIDAT
@$xp$33Pngimage@EPNGCouldNotLoadResource
@$xp$33Pngimage@EPNGUnknownCriticalChunk
@$xp$36Pngimage@EPNGCannotChangeTransparent
@$xp$36Pxbuttone@TWin8BottomThickLineColors
@$xp$4TMD5
@$xp$9TJImageEx
@@Admincredfrm@Finalize
@@Admincredfrm@Initialize
@@Aes@Finalize
@@Aes@Initialize
@@Aesctr@Finalize
@@Aesctr@Initialize
@@Audioin@Finalize
@@Audioin@Initialize
@@Audiointhread@Finalize
@@Audiointhread@Initialize
@@Audioout@Finalize
@@Audioout@Initialize
@@Audiooutthread@Finalize
@@Audiooutthread@Initialize
@@Baproxysettingsfrm@Finalize
@@Baproxysettingsfrm@Initialize
@@Base64@Finalize
@@Base64@Initialize
@@Basefrm@Finalize
@@Basefrm@Initialize
@@Basupappsrvcconfigini@Finalize
@@Basupappsrvcconfigini@Initialize
@@Bawhookbcc@Finalize
@@Bawhookbcc@Initialize
@@Bilinear@Finalize
@@Bilinear@Finalize
@@Bilinear@Initialize
@@Bilinear@Initialize
@@Capture@Finalize
@@Capture@Initialize
@@Checkadmin@Finalize
@@Checkadmin@Initialize
@@Clipboard@Finalize
@@Clipboard@Initialize
@@Clipboardchangethread@Finalize
@@Clipboardchangethread@Initialize
@@Clipformatlistener@Finalize
@@Clipformatlistener@Initialize
@@Cmdprocthread@Finalize
@@Cmdprocthread@Initialize
@@Cntrlcmdsendthrd@Finalize
@@Cntrlcmdsendthrd@Initialize
@@Codeimplm@Finalize
@@Codeimplm@Initialize
@@Comserver@Finalize
@@Comserver@Initialize
@@Comserverbaseinfra@Finalize
@@Comserverbaseinfra@Initialize
@@Comserverthread@Finalize
@@Comserverthread@Initialize
@@Connectingfrm@Finalize
@@Connectingfrm@Initialize
@@Connection@Finalize
@@Connection@Initialize
@@Customerrormsg@Finalize
@@Customerrormsg@Initialize
@@Customthread@Finalize
@@Customthread@Initialize
@@Deleteinstallerthrd@Finalize
@@Deleteinstallerthrd@Initialize
@@Desktop@Finalize
@@Desktop@Initialize
@@Fileacl@Finalize
@@Fileacl@Initialize
@@Filecmds@Finalize
@@Filecmds@Initialize
@@Fileerrors@Finalize
@@Fileerrors@Initialize
@@Filereceive@Finalize
@@Filereceive@Initialize
@@Filesend@Finalize
@@Filesend@Initialize
@@Filestreamex@Finalize
@@Filestreamex@Initialize
@@Fileutils@Finalize
@@Fileutils@Initialize
@@Formutils@Finalize
@@Formutils@Initialize
@@Funcbaproxy@Finalize
@@Funcbaproxy@Initialize
@@Funcemail@Finalize
@@Funcemail@Initialize
@@Funchex@Finalize
@@Funchex@Initialize
@@Funcip@Finalize
@@Funcip@Initialize
@@Gatewayconn@Finalize
@@Gatewayconn@Initialize
@@Gatewayconnthread@Finalize
@@Gatewayconnthread@Initialize
@@Gwconnmonitor@Finalize
@@Gwconnmonitor@Initialize
@@Hirestime@Finalize
@@Hirestime@Initialize
@@Hist@Finalize
@@Hist@Initialize
@@Hmac_sha256@Finalize
@@Hmac_sha256@Initialize
@@Httpgatewayconn@Finalize
@@Httpgatewayconn@Initialize
@@Httpgatewayconnthread@Finalize
@@Httpgatewayconnthread@Initialize
@@Httppingthrd@Finalize
@@Httppingthrd@Initialize
@@Icmppingthrd@Finalize
@@Icmppingthrd@Initialize
@@Iconretrievethrd@Finalize
@@Iconretrievethrd@Initialize
@@Idtcpasync@Finalize
@@Idtcpasync@Initialize
@@Imgblocks@Finalize
@@Imgblocks@Finalize
@@Imgblocks@Initialize
@@Imgblocks@Initialize
@@Imgblocksex@Finalize
@@Imgblocksex@Initialize
@@Imgcapture@Finalize
@@Imgcapture@Initialize
@@Imgdecode@Finalize
@@Imgdecode@Initialize
@@Imgencode@Finalize
@@Imgencode@Initialize
@@Imgencodethread@Finalize
@@Imgencodethread@Initialize
@@Imgregions@Finalize
@@Imgregions@Initialize
@@Imgthread@Finalize
@@Imgthread@Initialize
@@Ip@Finalize
@@Ip@Initialize
@@Jimageex@Finalize
@@Jimageex@Initialize
@@Keepwaitingfrm@Finalize
@@Keepwaitingfrm@Initialize
@@Lang@Finalize
@@Lang@Initialize
@@Laserpointfrm@Finalize
@@Laserpointfrm@Initialize
@@Leavemsgfrm@Finalize
@@Leavemsgfrm@Initialize
@@Leavemsgthrd@Finalize
@@Leavemsgthrd@Initialize
@@Liblzma@Finalize
@@Liblzma@Initialize
@@Log@Finalize
@@Log@Initialize
@@Loguploaderthrd@Finalize
@@Loguploaderthrd@Initialize
@@Lowleveldecode@Finalize
@@Lowleveldecode@Initialize
@@Lowlevelencode@Finalize
@@Lowlevelencode@Initialize
@@Magicthrdlist@Finalize
@@Magicthrdlist@Initialize
@@Messagesthread@Finalize
@@Messagesthread@Initialize
@@Mouseutil@Finalize
@@Mouseutil@Initialize
@@Msgqueue@Finalize
@@Msgqueue@Initialize
@@Multiparthttp@Finalize
@@Multiparthttp@Initialize
@@Multipartparser@Finalize
@@Multipartparser@Initialize
@@Mycrc32@Finalize
@@Mycrc32@Initialize
@@Mysspi@Finalize
@@Mysspi@Initialize
@@Networkinfo@Finalize
@@Networkinfo@Initialize
@@Notechresponsefrm@Finalize
@@Notechresponsefrm@Initialize
@@Os@Finalize
@@Os@Initialize
@@Packetdecoder@Finalize
@@Packetdecoder@Initialize
@@Packetencoder@Finalize
@@Packetencoder@Initialize
@@Pbkdf2_hmac_sha256@Finalize
@@Pbkdf2_hmac_sha256@Initialize
@@Peerlist@Finalize
@@Peerlist@Initialize
@@Pingackthread@Finalize
@@Pingackthread@Initialize
@@Pingstrthread@Finalize
@@Pingstrthread@Initialize
@@Pingthread@Finalize
@@Pingthread@Initialize
@@Popupfrm@Finalize
@@Popupfrm@Initialize
@@Proxysettingsfrm@Finalize
@@Proxysettingsfrm@Initialize
@@Quicksysinfothrd@Finalize
@@Quicksysinfothrd@Initialize
@@Rc4crypt@Finalize
@@Rc4crypt@Initialize
@@Regkeys@Finalize
@@Regkeys@Initialize
@@Regproxyconfig@Finalize
@@Regproxyconfig@Initialize
@@Requestfrm@Finalize
@@Requestfrm@Initialize
@@Ringbuffer@Finalize
@@Ringbuffer@Initialize
@@Rle@Finalize
@@Rle@Initialize
@@Rmtsysshellthd@Finalize
@@Rmtsysshellthd@Initialize
@@Safemodeutils@Finalize
@@Safemodeutils@Initialize
@@Safepasswd@Finalize
@@Safepasswd@Initialize
@@Securestring@Finalize
@@Securestring@Initialize
@@Serverbase@Finalize
@@Serverbase@Initialize
@@Serviceutils@Finalize
@@Serviceutils@Initialize
@@Sha256@Finalize
@@Sha256@Initialize
@@Silkwrap@Finalize
@@Silkwrap@Initialize
@@Simulatectrlaltdel@Finalize
@@Simulatectrlaltdel@Initialize
@@Startupfrm@Finalize
@@Startupfrm@Initialize
@@Startupthrd@Finalize
@@Startupthrd@Initialize
@@Style@Finalize
@@Style@Initialize
@@Syscmds@Finalize
@@Syscmds@Initialize
@@Sysinfocmdthrd@Finalize
@@Sysinfocmdthrd@Initialize
@@Sysinfothrd@Finalize
@@Sysinfothrd@Initialize
@@Tcpuusage@Finalize
@@Tcpuusage@Initialize
@@Techimgfrm@Finalize
@@Techimgfrm@Initialize
@@Termsofservicefrm@Finalize
@@Termsofservicefrm@Initialize
@@Tgwconncheckthrd@Finalize
@@Tgwconncheckthrd@Initialize
@@Threadlistex@Finalize
@@Threadlistex@Initialize
@@Tidwebdownload@Finalize
@@Tidwebdownload@Initialize
@@Tinetconnmonitorthrd@Finalize
@@Tinetconnmonitorthrd@Initialize
@@Tmd5@Finalize
@@Tmd5@Initialize
@@Tmsxmlwebdownload@Finalize
@@Tmsxmlwebdownload@Initialize
@@Tmytimer@Finalize
@@Tmytimer@Initialize
@@Tunneldatadecoder@Finalize
@@Tunneldatadecoder@Initialize
@@Tunneldataencoder@Finalize
@@Tunneldataencoder@Initialize
@@Tunnelthrd@Finalize
@@Tunnelthrd@Initialize
@@Twebdownload@Finalize
@@Twebdownload@Initialize
@@Twebdownloadthread@Finalize
@@Twebdownloadthread@Initialize
@@Twebechomsxml@Finalize
@@Twebechomsxml@Initialize
@@Twebechothrd@Finalize
@@Twebechothrd@Initialize
@@Twebimg@Finalize
@@Twebimg@Initialize
@@Twebquerythrd@Finalize
@@Twebquerythrd@Initialize
@@Twebupdate@Finalize
@@Twebupdate@Initialize
@@Uac@Finalize
@@Uac@Initialize
@@Udpgwconnthrd@Finalize
@@Udpgwconnthrd@Initialize
@@Udpp2p@Finalize
@@Udpp2p@Initialize
@@Udpreader@Finalize
@@Udpreader@Initialize
@@Udprxthrd@Finalize
@@Udprxthrd@Initialize
@@Udpsegments@Finalize
@@Udpsegments@Initialize
@@Udptxthrd@Finalize
@@Udptxthrd@Initialize
@@Usercredfrm@Finalize
@@Usercredfrm@Initialize
@@Vistastyle@Finalize
@@Vistastyle@Initialize
@@Voipengine@Finalize
@@Voipengine@Initialize
@@Waitthread@Finalize
@@Waitthread@Initialize
@@Winstatdesk@Finalize
@@Winstatdesk@Initialize
@@Xml@Finalize
@@Xml@Initialize
@@Xmlconfigfile@Finalize
@@Xmlconfigfile@Initialize
@@Xmlparser@Finalize
@@Xmlparser@Initialize
@@Xpstyle@Finalize
@@Xpstyle@Initialize
@@Zlibbcc@Finalize
@@Zlibbcc@Initialize
@Jimageex@Register$qqrv
@Pngbutton@Finalization$qqrv
@Pngbutton@Register$qqrv
@Pngbutton@TCaptionColors@
@Pngbutton@TCaptionColors@$bctr$qqrv
@Pngbutton@TCaptionMargins@
@Pngbutton@TCaptionMargins@$bctr$qqrv
@Pngbutton@TCaptionOffsets@
@Pngbutton@TCaptionOffsets@$bctr$qqrv
@Pngbutton@TOffset@
@Pngbutton@TOffset@$bctr$qqrv
@Pngbutton@TPngButton@
@Pngbutton@TPngButton@$bctr$qqrp18Classes@TComponent
@Pngbutton@TPngButton@$bdtr$qqrv
@Pngbutton@TPngButton@CMMouseEnter$qqrr17Messages@TMessage
@Pngbutton@TPngButton@CMMouseLeave$qqrr17Messages@TMessage
@Pngbutton@TPngButton@ControlHasFocus$qqrv
@Pngbutton@TPngButton@DoOnMouseTimer$qqrp14System@TObject
@Pngbutton@TPngButton@DrawCaption$qqrv
@Pngbutton@TPngButton@GetMousePos$qqrv
@Pngbutton@TPngButton@InRectangle$qqrrx12Types@TPointrx11Types@TRect
@Pngbutton@TPngButton@IsMouseOverButton$qqrii
@Pngbutton@TPngButton@MouseDown$qqr21Controls@TMouseButton46System@%Set$t18Classes@Classes__1$iuc$0$iuc$6%ii
@Pngbutton@TPngButton@MouseEnter$qqrv
@Pngbutton@TPngButton@MouseLeave$qqrv
@Pngbutton@TPngButton@MouseMove$qqr46System@%Set$t18Classes@Classes__1$iuc$0$iuc$6%ii
@Pngbutton@TPngButton@MouseUp$qqr21Controls@TMouseButton46System@%Set$t18Classes@Classes__1$iuc$0$iuc$6%ii
@Pngbutton@TPngButton@Paint$qqrv
@Pngbutton@TPngButton@RaiseError$qqr17System@AnsiString
@Pngbutton@TPngButton@SetCaption$qqr17System@AnsiString
@Pngbutton@TPngButton@SetCaptionAlign$qqr23Pngbutton@TCaptionAlign
@Pngbutton@TPngButton@SetCaptionColors$qqrp24Pngbutton@TCaptionColors
@Pngbutton@TPngButton@SetCaptionMargins$qqrp25Pngbutton@TCaptionMargins
@Pngbutton@TPngButton@SetCaptionOffsets$qqrp25Pngbutton@TCaptionOffsets
@Pngbutton@TPngButton@SetCaptionVertAlign$qqr27Pngbutton@TCaptionVertAlign
@Pngbutton@TPngButton@SetDown$qqro
@Pngbutton@TPngButton@SetEnabled$qqro
@Pngbutton@TPngButton@SetGray$qqro
@Pngbutton@TPngButton@SetImgMask$qqrp16Graphics@TBitmap
@Pngbutton@TPngButton@SetPngImg$qqrp19Pngimage@TPNGObject
@Pngbutton@initialization$qqrv
@Pngimage@ByteSwap$qqrxi
@Pngimage@EPNGCannotChangeTransparent@
@Pngimage@EPNGCouldNotLoadResource@
@Pngimage@EPNGHeaderNotPresent@
@Pngimage@EPNGIHDRNotFirst@
@Pngimage@EPNGInvalidFileHeader@
@Pngimage@EPNGInvalidNewSize@
@Pngimage@EPNGInvalidPalette@
@Pngimage@EPNGInvalidSpec@
@Pngimage@EPNGMissingMultipleIDAT@
@Pngimage@EPNGMissingPalette@
@Pngimage@EPNGNoImageData@
@Pngimage@EPNGNotExists@
@Pngimage@EPNGOutMemory@
@Pngimage@EPNGSizeExceeds@
@Pngimage@EPNGUnknownCompression@
@Pngimage@EPNGUnknownCriticalChunk@
@Pngimage@EPNGUnknownInterlace@
@Pngimage@EPNGZLIBError@
@Pngimage@EPngError@
@Pngimage@EPngInvalidCRC@
@Pngimage@EPngInvalidIHDR@
@Pngimage@EPngUnexpectedEnd@
@Pngimage@Finalization$qqrv
@Pngimage@PNG_IMG_ZLIBErrors
@Pngimage@RegisterChunk$qqrp17System@TMetaClass
@Pngimage@TChunk@
@Pngimage@TChunk@$bctr$qqrp19Pngimage@TPNGObject
@Pngimage@TChunk@$bdtr$qqrv
@Pngimage@TChunk@Assign$qqrp15Pngimage@TChunk
@Pngimage@TChunk@GetChunkName$qqrv
@Pngimage@TChunk@GetHeader$qqrv
@Pngimage@TChunk@GetIndex$qqrv
@Pngimage@TChunk@GetName$qqrp17System@TMetaClass
@Pngimage@TChunk@LoadFromStream$qqrp15Classes@TStreampxci
@Pngimage@TChunk@ResizeData$qqrxui
@Pngimage@TChunk@SaveData$qqrp15Classes@TStream
@Pngimage@TChunk@SaveToStream$qqrp15Classes@TStream
@Pngimage@TChunkIDAT@
@Pngimage@TChunkIDAT@CopyInterlacedGray2$qqrxucpct2t2t2
@Pngimage@TChunkIDAT@CopyInterlacedGrayscale16$qqrxucpct2t2t2
@Pngimage@TChunkIDAT@CopyInterlacedGrayscaleAlpha16$qqrxucpct2t2t2
@Pngimage@TChunkIDAT@CopyInterlacedGrayscaleAlpha8$qqrxucpct2t2t2
@Pngimage@TChunkIDAT@CopyInterlacedPalette148$qqrxucpct2t2t2
@Pngimage@TChunkIDAT@CopyInterlacedPalette2$qqrxucpct2t2t2
@Pngimage@TChunkIDAT@CopyInterlacedRGB16$qqrxucpct2t2t2
@Pngimage@TChunkIDAT@CopyInterlacedRGB8$qqrxucpct2t2t2
@Pngimage@TChunkIDAT@CopyInterlacedRGBAlpha16$qqrxucpct2t2t2
@Pngimage@TChunkIDAT@CopyInterlacedRGBAlpha8$qqrxucpct2t2t2
@Pngimage@TChunkIDAT@CopyNonInterlacedGray2$qqrpct1t1t1
@Pngimage@TChunkIDAT@CopyNonInterlacedGrayscale16$qqrpct1t1t1
@Pngimage@TChunkIDAT@CopyNonInterlacedGrayscaleAlpha16$qqrpct1t1t1
@Pngimage@TChunkIDAT@CopyNonInterlacedGrayscaleAlpha8$qqrpct1t1t1
@Pngimage@TChunkIDAT@CopyNonInterlacedPalette148$qqrpct1t1t1
@Pngimage@TChunkIDAT@CopyNonInterlacedPalette2$qqrpct1t1t1
@Pngimage@TChunkIDAT@CopyNonInterlacedRGB16$qqrpct1t1t1
@Pngimage@TChunkIDAT@CopyNonInterlacedRGB8$qqrpct1t1t1
@Pngimage@TChunkIDAT@CopyNonInterlacedRGBAlpha16$qqrpct1t1t1
@Pngimage@TChunkIDAT@CopyNonInterlacedRGBAlpha8$qqrpct1t1t1
@Pngimage@TChunkIDAT@DecodeInterlacedAdam7$qqrp15Classes@TStreamr21Pngimage@TZStreamRec2xirui
@Pngimage@TChunkIDAT@DecodeNonInterlaced$qqrp15Classes@TStreamr21Pngimage@TZStreamRec2xirui
@Pngimage@TChunkIDAT@EncodeInterlacedAdam7$qqrp15Classes@TStreamr21Pngimage@TZStreamRec2
@Pngimage@TChunkIDAT@EncodeInterlacedGrayscale16$qqrxucpct2t2

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 990KB - Virtual size: 1020KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 36KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 190KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$LOCALAPPDATA/BeAnywhere Support Express/GetSupport/BASupAppDE.dll
.dll windows:4 windows x86 arch:x86

d649c53a6c1b3249aefaefcc8074dbe7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:01:0f:ac:4a:4f:67:ea:f6:79:d1:6c:51:20:1c:3d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

16/10/2014, 00:00

Not After

15/11/2015, 23:59

Subject

CN=Multiplicar Negocios - Actividades de Marketing Inovadoras Lda,O=Multiplicar Negocios - Actividades de Marketing Inovadoras Lda,L=Prior Velho,ST=LOURES,C=PT

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CompareStringA
CreateEventA
CreateFileA
DeleteCriticalSection
EnterCriticalSection
EnumCalendarInfoA
ExitProcess
FindClose
FindFirstFileA
FormatMessageA
FreeEnvironmentStringsA
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceA
GetEnvironmentStrings
GetFileSize
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeExA
GetStringTypeW
GetThreadLocale
GetVersion
GetVersionExA
GlobalAlloc
GlobalFree
GlobalHandle
GlobalLock
GlobalMemoryStatus
GlobalReAlloc
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LocalAlloc
LocalFree
MultiByteToWideChar
RaiseException
ReadFile
ResetEvent
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetEvent
SetFilePointer
SetHandleCount
SetLastError
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcpynA
lstrlenA

user32

CharNextA
EnumThreadWindows
GetKeyboardType
GetSystemMetrics
LoadStringA
MessageBoxA
wsprintfA

oleaut32

SafeArrayCreate
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayRedim
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeType
VariantClear
VariantCopy
VariantCopyInd
VariantInit

Exports

Exports

@@Lang@Finalize
@@Lang@Initialize
_GetLangStr
___CPPdebugHook

Sections

.text
Size: 190KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$LOCALAPPDATA/BeAnywhere Support Express/GetSupport/BASupAppEN.dll
.dll windows:4 windows x86 arch:x86

d649c53a6c1b3249aefaefcc8074dbe7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:01:0f:ac:4a:4f:67:ea:f6:79:d1:6c:51:20:1c:3d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

16/10/2014, 00:00

Not After

15/11/2015, 23:59

Subject

CN=Multiplicar Negocios - Actividades de Marketing Inovadoras Lda,O=Multiplicar Negocios - Actividades de Marketing Inovadoras Lda,L=Prior Velho,ST=LOURES,C=PT

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CompareStringA
CreateEventA
CreateFileA
DeleteCriticalSection
EnterCriticalSection
EnumCalendarInfoA
ExitProcess
FindClose
FindFirstFileA
FormatMessageA
FreeEnvironmentStringsA
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceA
GetEnvironmentStrings
GetFileSize
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeExA
GetStringTypeW
GetThreadLocale
GetVersion
GetVersionExA
GlobalAlloc
GlobalFree
GlobalHandle
GlobalLock
GlobalMemoryStatus
GlobalReAlloc
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LocalAlloc
LocalFree
MultiByteToWideChar
RaiseException
ReadFile
ResetEvent
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetEvent
SetFilePointer
SetHandleCount
SetLastError
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcpynA
lstrlenA

user32

CharNextA
EnumThreadWindows
GetKeyboardType
GetSystemMetrics
LoadStringA
MessageBoxA
wsprintfA

oleaut32

SafeArrayCreate
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayRedim
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeType
VariantClear
VariantCopy
VariantCopyInd
VariantInit

Exports

Exports

@@Lang@Finalize
@@Lang@Initialize
_GetLangStr
___CPPdebugHook

Sections

.text
Size: 190KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$LOCALAPPDATA/BeAnywhere Support Express/GetSupport/BASupAppES.dll
.dll windows:4 windows x86 arch:x86

d649c53a6c1b3249aefaefcc8074dbe7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:01:0f:ac:4a:4f:67:ea:f6:79:d1:6c:51:20:1c:3d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

16/10/2014, 00:00

Not After

15/11/2015, 23:59

Subject

CN=Multiplicar Negocios - Actividades de Marketing Inovadoras Lda,O=Multiplicar Negocios - Actividades de Marketing Inovadoras Lda,L=Prior Velho,ST=LOURES,C=PT

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CompareStringA
CreateEventA
CreateFileA
DeleteCriticalSection
EnterCriticalSection
EnumCalendarInfoA
ExitProcess
FindClose
FindFirstFileA
FormatMessageA
FreeEnvironmentStringsA
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceA
GetEnvironmentStrings
GetFileSize
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeExA
GetStringTypeW
GetThreadLocale
GetVersion
GetVersionExA
GlobalAlloc
GlobalFree
GlobalHandle
GlobalLock
GlobalMemoryStatus
GlobalReAlloc
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LocalAlloc
LocalFree
MultiByteToWideChar
RaiseException
ReadFile
ResetEvent
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetEvent
SetFilePointer
SetHandleCount
SetLastError
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcpynA
lstrlenA

user32

CharNextA
EnumThreadWindows
GetKeyboardType
GetSystemMetrics
LoadStringA
MessageBoxA
wsprintfA

oleaut32

SafeArrayCreate
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayRedim
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeType
VariantClear
VariantCopy
VariantCopyInd
VariantInit

Exports

Exports

@@Lang@Finalize
@@Lang@Initialize
_GetLangStr
___CPPdebugHook

Sections

.text
Size: 190KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$LOCALAPPDATA/BeAnywhere Support Express/GetSupport/BASupAppElev.exe
.exe windows:4 windows x86 arch:x86

bb16c5c330f7b5019ffcdb33651a351c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:01:0f:ac:4a:4f:67:ea:f6:79:d1:6c:51:20:1c:3d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

16/10/2014, 00:00

Not After

15/11/2015, 23:59

Subject

CN=Multiplicar Negocios - Actividades de Marketing Inovadoras Lda,O=Multiplicar Negocios - Actividades de Marketing Inovadoras Lda,L=Prior Velho,ST=LOURES,C=PT

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock
GetUserProfileDirectoryW

advapi32

CreateProcessWithLogonW
LogonUserW
RegCloseKey
RegCreateKeyExA
RegFlushKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

kernel32

CloseHandle
CompareStringA
CreateDirectoryA
CreateEventA
CreateFileA
CreateMutexA
CreateThread
DeleteCriticalSection
EnterCriticalSection
EnumCalendarInfoA
ExitProcess
FileTimeToDosDateTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
FindResourceA
FormatMessageA
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceA
GetEnvironmentStrings
GetFileAttributesA
GetFileSize
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetShortPathNameA
GetStartupInfoA
GetStdHandle
GetStringTypeExA
GetStringTypeW
GetSystemInfo
GetThreadLocale
GetTickCount
GetVersion
GetVersionExA
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFree
GlobalHandle
GlobalLock
GlobalReAlloc
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadResource
LocalAlloc
LocalFree
LockResource
MulDiv
MultiByteToWideChar
OpenMutexA
RaiseException
ReadFile
ReleaseMutex
ResetEvent
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
SizeofResource
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcpyA
lstrcpynA
lstrlenA

comctl32

ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_DrawEx
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Read
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetDragCursorImage
ImageList_SetIconSize
ImageList_Write

gdi32

BitBlt
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateDIBitmap
CreateFontIndirectA
CreateHalftonePalette
CreatePalette
CreatePenIndirect
CreateSolidBrush
DeleteDC
DeleteObject
ExcludeClipRect
GetBitmapBits
GetBrushOrgEx
GetClipBox
GetCurrentPositionEx
GetDCOrgEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetObjectA
GetPaletteEntries
GetPixel
GetStockObject
GetSystemPaletteEntries
GetTextExtentPoint32A
GetTextMetricsA
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
MoveToEx
PatBlt
RealizePalette
RectVisible
RestoreDC
SaveDC
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetPixel
SetROP2
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWindowOrgEx
StretchBlt
UnrealizeObject

shell32

ShellExecuteExA

user32

ActivateKeyboardLayout
AdjustWindowRectEx
BeginPaint
CallNextHookEx
CallWindowProcA
CharLowerA
CharLowerBuffA
CharNextA
CheckMenuItem
ClientToScreen
CreateIcon
CreateMenu
CreatePopupMenu
CreateWindowExA
DefFrameProcA
DefMDIChildProcA
DefWindowProcA
DeleteMenu
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DrawEdge
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextA
EnableMenuItem
EnableScrollBar
EnableWindow
EndPaint
EnumThreadWindows
EnumWindows
EqualRect
FillRect
FindWindowA
FrameRect
GetActiveWindow
GetCapture
GetClassInfoA
GetClassNameA
GetClientRect
GetCursor
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextA
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardState
GetKeyboardType
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoA
GetMenuState
GetMenuStringA
GetParent
GetPropA
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSystemMenu
GetSystemMetrics
GetTopWindow
GetWindow
GetWindowDC
GetWindowLongA
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
InflateRect
InsertMenuA
InsertMenuItemA
IntersectRect
InvalidateRect
IsChild
IsDialogMessageA
IsIconic
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapA
LoadCursorA
LoadIconA
LoadKeyboardLayoutA
LoadStringA
MapVirtualKeyA
MapWindowPoints
MessageBoxA
OemToCharA
OffsetRect
PeekMessageA
PostMessageA
PostQuitMessage
PtInRect
RedrawWindow
RegisterClassA
RegisterClipboardFormatA
RegisterWindowMessageA
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropA
ScreenToClient
ScrollWindow
SendMessageA
SetActiveWindow
SetCapture
SetClassLongA
SetCursor
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoA
SetPropA
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongA
SetWindowPlacement
SetWindowPos
SetWindowsHookExA
ShowCursor
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoA
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassA
UpdateWindow
WaitMessage
WinHelpA
WindowFromPoint
wsprintfA
GetSysColor

ole32

CoInitialize
CoUninitialize

oleaut32

GetErrorInfo
SafeArrayCreate
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayRedim
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeType
VariantClear
VariantCopy
VariantCopyInd
VariantInit

Exports

Exports

@@Code@Finalize
@@Code@Initialize
@@Log@Finalize
@@Log@Initialize
_MainForm
__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 412KB - Virtual size: 412KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$LOCALAPPDATA/BeAnywhere Support Express/GetSupport/BASupAppFR.dll
.dll windows:4 windows x86 arch:x86

d649c53a6c1b3249aefaefcc8074dbe7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:01:0f:ac:4a:4f:67:ea:f6:79:d1:6c:51:20:1c:3d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

16/10/2014, 00:00

Not After

15/11/2015, 23:59

Subject

CN=Multiplicar Negocios - Actividades de Marketing Inovadoras Lda,O=Multiplicar Negocios - Actividades de Marketing Inovadoras Lda,L=Prior Velho,ST=LOURES,C=PT

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CompareStringA
CreateEventA
CreateFileA
DeleteCriticalSection
EnterCriticalSection
EnumCalendarInfoA
ExitProcess
FindClose
FindFirstFileA
FormatMessageA
FreeEnvironmentStringsA
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceA
GetEnvironmentStrings
GetFileSize
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeExA
GetStringTypeW
GetThreadLocale
GetVersion
GetVersionExA
GlobalAlloc
GlobalFree
GlobalHandle
GlobalLock
GlobalMemoryStatus
GlobalReAlloc
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LocalAlloc
LocalFree
MultiByteToWideChar
RaiseException
ReadFile
ResetEvent
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetEvent
SetFilePointer
SetHandleCount
SetLastError
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcpynA
lstrlenA

user32

CharNextA
EnumThreadWindows
GetKeyboardType
GetSystemMetrics
LoadStringA
MessageBoxA
wsprintfA

oleaut32

SafeArrayCreate
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayRedim
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeType
VariantClear
VariantCopy
VariantCopyInd
VariantInit

Exports

Exports

@@Lang@Finalize
@@Lang@Initialize
_GetLangStr
___CPPdebugHook

Sections

.text
Size: 190KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$LOCALAPPDATA/BeAnywhere Support Express/GetSupport/BASupAppPT.dll
.dll windows:4 windows x86 arch:x86

d649c53a6c1b3249aefaefcc8074dbe7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:01:0f:ac:4a:4f:67:ea:f6:79:d1:6c:51:20:1c:3d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

16/10/2014, 00:00

Not After

15/11/2015, 23:59

Subject

CN=Multiplicar Negocios - Actividades de Marketing Inovadoras Lda,O=Multiplicar Negocios - Actividades de Marketing Inovadoras Lda,L=Prior Velho,ST=LOURES,C=PT

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CompareStringA
CreateEventA
CreateFileA
DeleteCriticalSection
EnterCriticalSection
EnumCalendarInfoA
ExitProcess
FindClose
FindFirstFileA
FormatMessageA
FreeEnvironmentStringsA
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceA
GetEnvironmentStrings
GetFileSize
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeExA
GetStringTypeW
GetThreadLocale
GetVersion
GetVersionExA
GlobalAlloc
GlobalFree
GlobalHandle
GlobalLock
GlobalMemoryStatus
GlobalReAlloc
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LocalAlloc
LocalFree
MultiByteToWideChar
RaiseException
ReadFile
ResetEvent
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetEvent
SetFilePointer
SetHandleCount
SetLastError
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcpynA
lstrlenA

user32

CharNextA
EnumThreadWindows
GetKeyboardType
GetSystemMetrics
LoadStringA
MessageBoxA
wsprintfA

oleaut32

SafeArrayCreate
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayRedim
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeType
VariantClear
VariantCopy
VariantCopyInd
VariantInit

Exports

Exports

@@Lang@Finalize
@@Lang@Initialize
_GetLangStr
___CPPdebugHook

Sections

.text
Size: 190KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$LOCALAPPDATA/BeAnywhere Support Express/GetSupport/BASupAppSrvc.exe
.exe windows:4 windows x86 arch:x86

9308f2705fb697f28f8eba7dc0fff06b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:01:0f:ac:4a:4f:67:ea:f6:79:d1:6c:51:20:1c:3d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

16/10/2014, 00:00

Not After

15/11/2015, 23:59

Subject

CN=Multiplicar Negocios - Actividades de Marketing Inovadoras Lda,O=Multiplicar Negocios - Actividades de Marketing Inovadoras Lda,L=Prior Velho,ST=LOURES,C=PT

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

userenv

CreateEnvironmentBlock

advapi32

CloseServiceHandle
CopySid
CreateProcessAsUserW
CreateServiceA
DeleteService
DeregisterEventSource
DuplicateTokenEx
GetLengthSid
GetTokenInformation
ImpersonateLoggedOnUser
InitializeSecurityDescriptor
IsValidSid
OpenProcessToken
OpenSCManagerA
OpenServiceA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegisterEventSourceA
RegisterServiceCtrlHandlerA
ReportEventA
RevertToSelf
SetSecurityDescriptorDacl
SetServiceStatus
SetTokenInformation
StartServiceCtrlDispatcherA

kernel32

CloseHandle
CompareStringA
CreateDirectoryA
CreateEventA
CreateFileA
CreateMutexA
CreateThread
DeleteCriticalSection
EnterCriticalSection
EnumCalendarInfoA
ExitProcess
ExitThread
FileTimeToDosDateTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
FindResourceA
FormatMessageA
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCommandLineA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceA
GetEnvironmentStrings
GetExitCodeThread
GetFileAttributesA
GetFileSize
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
GetShortPathNameA
GetStartupInfoA
GetStdHandle
GetStringTypeExA
GetStringTypeW
GetSystemInfo
GetThreadLocale
GetTickCount
GetVersion
GetVersionExA
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFree
GlobalHandle
GlobalLock
GlobalReAlloc
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadResource
LocalAlloc
LocalFree
LockResource
MulDiv
MultiByteToWideChar
OpenMutexA
ProcessIdToSessionId
RaiseException
ReadFile
ReleaseMutex
ResetEvent
ResumeThread
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
SizeofResource
Sleep
SuspendThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
WritePrivateProfileStringA
lstrcpyA
lstrcpynA
lstrlenA

comctl32

ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_DrawEx
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Read
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetDragCursorImage
ImageList_SetIconSize
ImageList_Write

gdi32

BitBlt
CopyEnhMetaFileA
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateDIBitmap
CreateFontIndirectA
CreateHalftonePalette
CreatePalette
CreatePenIndirect
CreateSolidBrush
DeleteDC
DeleteEnhMetaFile
DeleteObject
ExcludeClipRect
GetBitmapBits
GetBrushOrgEx
GetClipBox
GetCurrentPositionEx
GetDCOrgEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetEnhMetaFileBits
GetEnhMetaFileHeader
GetEnhMetaFilePaletteEntries
GetObjectA
GetPaletteEntries
GetPixel
GetStockObject
GetSystemPaletteEntries
GetTextExtentPoint32A
GetTextExtentPointA
GetTextMetricsA
GetWinMetaFileBits
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
MoveToEx
PatBlt
PlayEnhMetaFile
RealizePalette
RectVisible
Rectangle
RestoreDC
SaveDC
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetEnhMetaFileBits
SetPixel
SetROP2
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWinMetaFileBits
SetWindowOrgEx
StretchBlt
UnrealizeObject

user32

ActivateKeyboardLayout
AdjustWindowRectEx
BeginPaint
CallNextHookEx
CallWindowProcA
CharLowerA
CharLowerBuffA
CharNextA
CharUpperBuffA
CheckMenuItem
ClientToScreen
CloseClipboard
CreateIcon
CreateMenu
CreatePopupMenu
CreateWindowExA
DefFrameProcA
DefMDIChildProcA
DefWindowProcA
DeleteMenu
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DrawEdge
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextA
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndPaint
EnumThreadWindows
EnumWindows
EqualRect
FillRect
FindWindowA
FrameRect
GetActiveWindow
GetCapture
GetClassInfoA
GetClassNameA
GetClientRect
GetClipboardData
GetCursor
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextA
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardState
GetKeyboardType
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoA
GetMenuState
GetMenuStringA
GetMessageA
GetParent
GetPropA
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSystemMenu
GetSystemMetrics
GetTopWindow
GetWindow
GetWindowDC
GetWindowLongA
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
InflateRect
InsertMenuA
InsertMenuItemA
IntersectRect
InvalidateRect
IsChild
IsDialogMessageA
IsIconic
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapA
LoadCursorA
LoadIconA
LoadKeyboardLayoutA
LoadStringA
MapVirtualKeyA
MapWindowPoints
MessageBeep
MessageBoxA
MsgWaitForMultipleObjects
OemToCharA
OffsetRect
OpenClipboard
PeekMessageA
PostMessageA
PostQuitMessage
PostThreadMessageA
PtInRect
RedrawWindow
RegisterClassA
RegisterClipboardFormatA
RegisterWindowMessageA
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropA
ScreenToClient
ScrollWindow
SendMessageA
SetActiveWindow
SetCapture
SetClassLongA
SetClipboardData
SetCursor
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoA
SetPropA
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongA
SetWindowPlacement
SetWindowPos
SetWindowsHookExA
ShowCursor
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoA
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassA
UpdateWindow
WaitMessage
WinHelpA
WindowFromPoint
wsprintfA
GetSysColor

oleaut32

SafeArrayCreate
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayRedim
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeType
VariantClear
VariantCopy
VariantCopyInd
VariantInit

Exports

Exports

@@Basupappsrvcconfigini@Finalize
@@Basupappsrvcconfigini@Initialize
@@Basupappsrvcwaitforsignalthread@Finalize
@@Basupappsrvcwaitforsignalthread@Initialize
@@Codeimplm@Finalize
@@Codeimplm@Initialize
@@Funcos@Finalize
@@Funcos@Initialize
@@Log@Finalize
@@Log@Initialize
@@Winstatdesk@Finalize
@@Winstatdesk@Initialize
_BASupportExpressService
__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 452KB - Virtual size: 456KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$LOCALAPPDATA/BeAnywhere Support Express/GetSupport/BASupLib.dll
.dll windows:5 windows x86 arch:x86

b1ef5315be487f2c21eade374734763b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\BeAnywhere_CT\BASupLib\BASupLib\Release\BASupLib.pdb

Imports

kernel32

GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
WriteFile
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize

Exports

Exports

CompBlockW
CompBlockWEx
CompBlockWEx2
Convert15To12
Convert15To332
ConvertImageTo5BitGray
ConvertImageTo5BitGrayEx
ConvertImageToRGB12
ConvertImageToRGB332
ConvertTo5BitGray
GetBlock
GetBlockBgColorRGB15
GetBlockW
MidasCompress332
MidasCompressFull332
MidasCompressFullGrayScale
MidasCompressFullLowColor
MidasCompressLowColor
PXCompress16
PXCompressGrayScale
PutBlock
PutBlockW
PutCroppedBlockW
RGB15toRBG24
RGB24_12toRBG15
RGB24_332toRBG15
RGB24toRBG15
RGB32toRBG15
RLEDecode16
RLEDecode8
RLEEncode16
RLEEncode8

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$LOCALAPPDATA/BeAnywhere Support Express/GetSupport/BASupRestoreBootSrvc.exe
.exe windows:4 windows x86 arch:x86

b84f550fe614991602331fb1921c7c07

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:01:0f:ac:4a:4f:67:ea:f6:79:d1:6c:51:20:1c:3d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

16/10/2014, 00:00

Not After

15/11/2015, 23:59

Subject

CN=Multiplicar Negocios - Actividades de Marketing Inovadoras Lda,O=Multiplicar Negocios - Actividades de Marketing Inovadoras Lda,L=Prior Velho,ST=LOURES,C=PT

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CloseServiceHandle
CreateServiceA
DeleteService
DeregisterEventSource
OpenSCManagerA
OpenServiceA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegisterEventSourceA
RegisterServiceCtrlHandlerA
ReportEventA
SetServiceStatus
StartServiceCtrlDispatcherA

kernel32

CloseHandle
CompareStringA
CopyFileA
CreateDirectoryA
CreateEventA
CreateFileA
CreateThread
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
EnumCalendarInfoA
ExitProcess
ExitThread
FileTimeToDosDateTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
FindResourceA
FormatMessageA
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCommandLineA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceA
GetEnvironmentStrings
GetExitCodeThread
GetFileAttributesA
GetFileSize
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetShortPathNameA
GetStartupInfoA
GetStdHandle
GetStringTypeExA
GetStringTypeW
GetSystemDirectoryA
GetSystemInfo
GetThreadLocale
GetTickCount
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFree
GlobalHandle
GlobalLock
GlobalReAlloc
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadResource
LocalAlloc
LocalFree
LockResource
MulDiv
MultiByteToWideChar
RaiseException
ReadFile
ResetEvent
ResumeThread
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetErrorMode
SetEvent
SetFileAttributesA
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
SizeofResource
Sleep
SuspendThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VerSetConditionMask
VerifyVersionInfoA
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
lstrcpyA
lstrcpynA
lstrlenA

comctl32

ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_DrawEx
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Read
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetDragCursorImage
ImageList_SetIconSize
ImageList_Write

gdi32

BitBlt
CopyEnhMetaFileA
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateDIBitmap
CreateFontIndirectA
CreateHalftonePalette
CreatePalette
CreatePenIndirect
CreateSolidBrush
DeleteDC
DeleteEnhMetaFile
DeleteObject
ExcludeClipRect
GetBitmapBits
GetBrushOrgEx
GetClipBox
GetCurrentPositionEx
GetDCOrgEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetEnhMetaFileBits
GetEnhMetaFileHeader
GetEnhMetaFilePaletteEntries
GetObjectA
GetPaletteEntries
GetPixel
GetStockObject
GetSystemPaletteEntries
GetTextExtentPoint32A
GetTextExtentPointA
GetTextMetricsA
GetWinMetaFileBits
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
MoveToEx
PatBlt
PlayEnhMetaFile
RealizePalette
RectVisible
Rectangle
RestoreDC
SaveDC
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetEnhMetaFileBits
SetPixel
SetROP2
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWinMetaFileBits
SetWindowOrgEx
StretchBlt
UnrealizeObject

user32

ActivateKeyboardLayout
AdjustWindowRectEx
BeginPaint
CallNextHookEx
CallWindowProcA
CharLowerA
CharLowerBuffA
CharNextA
CharUpperBuffA
CheckMenuItem
ClientToScreen
CloseClipboard
CreateIcon
CreateMenu
CreatePopupMenu
CreateWindowExA
DefFrameProcA
DefMDIChildProcA
DefWindowProcA
DeleteMenu
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DrawEdge
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextA
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndPaint
EnumThreadWindows
EnumWindows
EqualRect
FillRect
FindWindowA
FrameRect
GetActiveWindow
GetCapture
GetClassInfoA
GetClassNameA
GetClientRect
GetClipboardData
GetCursor
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextA
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardState
GetKeyboardType
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoA
GetMenuState
GetMenuStringA
GetMessageA
GetParent
GetPropA
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSystemMenu
GetSystemMetrics
GetTopWindow
GetWindow
GetWindowDC
GetWindowLongA
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
InflateRect
InsertMenuA
InsertMenuItemA
IntersectRect
InvalidateRect
IsChild
IsDialogMessageA
IsIconic
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapA
LoadCursorA
LoadIconA
LoadKeyboardLayoutA
LoadStringA
MapVirtualKeyA
MapWindowPoints
MessageBeep
MessageBoxA
MsgWaitForMultipleObjects
OemToCharA
OffsetRect
OpenClipboard
PeekMessageA
PostMessageA
PostQuitMessage
PostThreadMessageA
PtInRect
RedrawWindow
RegisterClassA
RegisterClipboardFormatA
RegisterWindowMessageA
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropA
ScreenToClient
ScrollWindow
SendMessageA
SetActiveWindow
SetCapture
SetClassLongA
SetClipboardData
SetCursor
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoA
SetPropA
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongA
SetWindowPlacement
SetWindowPos
SetWindowsHookExA
ShowCursor
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoA
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassA
UpdateWindow
WaitMessage
WinHelpA
WindowFromPoint
wsprintfA
GetSysColor

ole32

CoInitialize
CoUninitialize

oleaut32

GetErrorInfo
SafeArrayCreate
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayRedim
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeType
VariantClear
VariantCopy
VariantCopyInd
VariantInit

Exports

Exports

@@Code@Finalize
@@Code@Initialize
@@Desktop@Finalize
@@Desktop@Initialize
@@Fileutils@Finalize
@@Fileutils@Initialize
@@Log@Finalize
@@Log@Initialize
@@Os@Finalize
@@Os@Initialize
@@Regkeys@Finalize
@@Regkeys@Initialize
@@Safemodeutils@Finalize
@@Safemodeutils@Initialize
_BASERestoreNormalBootService
__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 439KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$LOCALAPPDATA/BeAnywhere Support Express/GetSupport/BASupSysInf.exe
.exe windows:4 windows x86 arch:x86

d9f6802b55b232607fefcec01a60231b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:01:0f:ac:4a:4f:67:ea:f6:79:d1:6c:51:20:1c:3d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

16/10/2014, 00:00

Not After

15/11/2015, 23:59

Subject

CN=Multiplicar Negocios - Actividades de Marketing Inovadoras Lda,O=Multiplicar Negocios - Actividades de Marketing Inovadoras Lda,L=Prior Velho,ST=LOURES,C=PT

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CloseServiceHandle
GetTokenInformation
LookupAccountNameA
LookupAccountSidA
LookupPrivilegeDisplayNameA
LsaClose
LsaEnumerateAccountRights
LsaNtStatusToWinError
LsaOpenPolicy
OpenProcessToken
OpenSCManagerA
OpenServiceA
QueryServiceStatus
RegCloseKey
RegConnectRegistryW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegLoadKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegReplaceKeyW
RegRestoreKeyW
RegSaveKeyW
RegSetValueExW
RegUnLoadKeyW

kernel32

AreFileApisANSI
CloseHandle
CompareStringA
CompareStringW
CreateDirectoryW
CreateEventW
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateMutexA
CreateMutexW
CreateSemaphoreA
DeleteCriticalSection
DeleteFileA
DeleteFileW
EnterCriticalSection
EnumCalendarInfoW
EnumSystemLocalesW
ExitProcess
FindClose
FindFirstFileW
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeLibrary
GetACP
GetCPInfo
GetCPInfoExW
GetCommandLineA
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetEnvironmentStrings
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileSize
GetFileType
GetFullPathNameA
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetPrivateProfileStringW
GetProcAddress
GetProcessHeap
GetShortPathNameA
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetSystemDefaultUILanguage
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryA
GetTempPathA
GetTempPathW
GetThreadLocale
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultUILanguage
GetVersion
GetVersionExA
GetVersionExW
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
HeapValidate
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedIncrement
IsDBCSLeadByteEx
IsDebuggerPresent
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LocalAlloc
LocalFree
LockFile
LockFileEx
MapViewOfFile
MultiByteToWideChar
OpenFileMappingA
OpenProcess
OpenSemaphoreA
OutputDebugStringA
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ReleaseSemaphore
RemoveDirectoryW
ResetEvent
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
Sleep
SwitchToThread
SystemTimeToFileTime
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnlockFile
UnlockFileEx
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoA
VirtualAlloc
VirtualFree
VirtualQuery
VirtualQueryEx
WaitForSingleObject
WideCharToMultiByte
WriteFile
WritePrivateProfileStringW
lstrcpynW
lstrlenW

netapi32

NetApiBufferFree
NetServerEnum
NetUserGetLocalGroups

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

gdi32

CreateDCA
DeleteDC
GetDeviceCaps

shfolder

SHGetFolderPathA

user32

CharLowerBuffA
CharLowerBuffW
CharNextW
CharUpperBuffA
CharUpperBuffW
CharUpperW
EnumThreadWindows
GetSystemMetrics
LoadStringW
MessageBoxA
MessageBoxW
wsprintfA

ole32

CLSIDFromProgID
CoCreateInstance
CoInitialize
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize

oleaut32

CreateErrorInfo
GetErrorInfo
SafeArrayCreate
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SetErrorInfo
SysAllocString
SysAllocStringLen
SysFreeString
SysReAllocStringLen
SysStringLen
VariantChangeType
VariantClear
VariantCopy
VariantInit
VariantTimeToSystemTime

Exports

Exports

@@Activedirectory@Finalize
@@Activedirectory@Initialize
@@Appinfo@Finalize
@@Appinfo@Initialize
@@Consoleout@Finalize
@@Consoleout@Initialize
@@Dashinfo@Finalize
@@Dashinfo@Initialize
@@Driverinfo@Finalize
@@Driverinfo@Initialize
@@Eventinfo@Finalize
@@Eventinfo@Initialize
@@Hwmoninfo@Finalize
@@Hwmoninfo@Initialize
@@Log@Finalize
@@Log@Initialize
@@Netinfo@Finalize
@@Netinfo@Initialize
@@Os@Finalize
@@Os@Initialize
@@Procinfo@Finalize
@@Procinfo@Initialize
@@Quickdashinfo@Finalize
@@Quickdashinfo@Initialize
@@Schedjobsinfo@Finalize
@@Schedjobsinfo@Initialize
@@Servicesettings@Finalize
@@Servicesettings@Initialize
@@Servicesinfo@Finalize
@@Servicesinfo@Initialize
@@Serviceutils@Finalize
@@Serviceutils@Initialize
@@Sha256@Finalize
@@Sha256@Initialize
@@Sqlitedb@Finalize
@@Sqlitedb@Initialize
@@Startinfo@Finalize
@@Startinfo@Initialize
@@Sysinfosettings@Finalize
@@Sysinfosettings@Initialize
@@Systemmonitordb@Finalize
@@Systemmonitordb@Initialize
@@Systemmonitorinfo@Finalize
@@Systemmonitorinfo@Initialize
@@Twmiinterf@Finalize
@@Twmiinterf@Initialize
@@Userprivinfo@Finalize
@@Userprivinfo@Initialize
@@Windowsupdates@Finalize
@@Windowsupdates@Initialize
@@Xml@Finalize
@@Xml@Initialize
@@Xmlparser@Finalize
@@Xmlparser@Initialize
__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 243KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 73KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$LOCALAPPDATA/BeAnywhere Support Express/GetSupport/BASupSysShell.exe
.exe windows:5 windows x86 arch:x86

1b484cfef2c447888557c53cff5fa677

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:01:0f:ac:4a:4f:67:ea:f6:79:d1:6c:51:20:1c:3d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

16/10/2014, 00:00

Not After

15/11/2015, 23:59

Subject

CN=Multiplicar Negocios - Actividades de Marketing Inovadoras Lda,O=Multiplicar Negocios - Actividades de Marketing Inovadoras Lda,L=Prior Velho,ST=LOURES,C=PT

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\BeAnywhere_CT\BASupSysShell\Release\BASupSysShell.pdb

Imports

user32

PostMessageW
EnumWindows
GetWindowTextW
GetWindowThreadProcessId

kernel32

GetCurrentThreadId
CreateProcessW
GenerateConsoleCtrlEvent
OpenProcess
GetExitCodeProcess
TerminateProcess
GetLastError
WaitForMultipleObjects
OpenSemaphoreW
CloseHandle
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
Sleep
HeapFree
GetModuleHandleW
GetProcAddress
ExitProcess
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
HeapAlloc
HeapReAlloc
VirtualAlloc
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
SetFilePointer
SetStdHandle
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetLocaleInfoA
CreateFileA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$LOCALAPPDATA/BeAnywhere Support Express/GetSupport/BASupSysShell64.exe
.exe windows:5 windows x64 arch:x64

2e9314e36c9a24eac358e242ab94e174

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Projects\BeAnywhere_CT\BASupSysShell64\x64\Release\BASupSysShell64.pdb

Imports

user32

PostMessageW
EnumWindows
GetWindowTextW
GetWindowThreadProcessId

kernel32

FlsGetValue
CreateProcessW
GenerateConsoleCtrlEvent
OpenProcess
GetExitCodeProcess
TerminateProcess
GetLastError
WaitForMultipleObjects
OpenSemaphoreW
CloseHandle
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
Sleep
HeapFree
GetModuleHandleW
GetProcAddress
ExitProcess
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
RtlUnwindEx
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
EncodePointer
DecodePointer
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
HeapAlloc
HeapReAlloc
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
SetFilePointer
SetStdHandle
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetLocaleInfoA
CreateFileA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 632B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$LOCALAPPDATA/BeAnywhere Support Express/GetSupport/BASupUnElev.exe
.exe windows:4 windows x86 arch:x86

af4fa666d36bc3c856af3a0e9598febc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Projects\BeAnywhere_CT\BASupUnElev\BASupUnElev\Release\BASupUnElev.pdb

Imports

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysAllocString
SysFreeString
VariantClear
VariantInit

kernel32

InterlockedDecrement
HeapSize
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
RaiseException
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
InitializeCriticalSection
Sleep
RtlUnwind
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$LOCALAPPDATA/BeAnywhere Support Express/GetSupport/BAWHook.dll
.dll windows:4 windows x86 arch:x86

62da02282329c511de3e2aa0a9cfd297

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:01:0f:ac:4a:4f:67:ea:f6:79:d1:6c:51:20:1c:3d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

16/10/2014, 00:00

Not After

15/11/2015, 23:59

Subject

CN=Multiplicar Negocios - Actividades de Marketing Inovadoras Lda,O=Multiplicar Negocios - Actividades de Marketing Inovadoras Lda,L=Prior Velho,ST=LOURES,C=PT

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GlobalAddAtomA
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetLastError
RaiseException
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
HeapSize
WriteFile
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
MultiByteToWideChar
GetLocaleInfoA

user32

RegisterWindowMessageA
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
IsWindowVisible
GetWindowRect
GetPropA
SetPropA
GetCursor
GetUpdateRgn
ClientToScreen
PostThreadMessageA

gdi32

GetRegionData
DeleteObject
CreateRectRgn

Exports

Exports

WM_Hooks_CursorChanged
WM_Hooks_DisableScreenSaver
WM_Hooks_Install
WM_Hooks_RectangleChanged
WM_Hooks_Remove
WM_Hooks_WindowBorderChanged
WM_Hooks_WindowChanged
WM_Hooks_WindowClientAreaChanged

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HOOKDAT
Size: 4KB - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$LOCALAPPDATA/BeAnywhere Support Express/GetSupport/COPYRIGHTS.txt
$LOCALAPPDATA/BeAnywhere Support Express/GetSupport/LibLZMA-5.dll
.dll windows:4 windows x86 arch:x86

2cf4836942d47fa0f21856740dc9a362

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateEventA
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
GetVersion
GlobalMemoryStatus
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
SetEvent
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject

msvcrt

__dllonexit
_amsg_exit
_beginthreadex
_initterm
_iob
_lock
_onexit
_unlock
abort
calloc
free
fwrite
malloc
memcmp
memcpy
memmove
memset
strlen
strncmp
vfprintf

Exports

Exports

lzma_alone_decoder
lzma_alone_encoder
lzma_auto_decoder
lzma_block_buffer_bound
lzma_block_buffer_decode
lzma_block_buffer_encode
lzma_block_compressed_size
lzma_block_decoder
lzma_block_encoder
lzma_block_header_decode
lzma_block_header_encode
lzma_block_header_size
lzma_block_total_size
lzma_block_uncomp_encode
lzma_block_unpadded_size
lzma_check_is_supported
lzma_check_size
lzma_code
lzma_cputhreads
lzma_crc32
lzma_crc64
lzma_easy_buffer_encode
lzma_easy_decoder_memusage
lzma_easy_encoder
lzma_easy_encoder_memusage
lzma_end
lzma_filter_decoder_is_supported
lzma_filter_encoder_is_supported
lzma_filter_flags_decode
lzma_filter_flags_encode
lzma_filter_flags_size
lzma_filters_copy
lzma_filters_update
lzma_get_check
lzma_get_progress
lzma_index_append
lzma_index_block_count
lzma_index_buffer_decode
lzma_index_buffer_encode
lzma_index_cat
lzma_index_checks
lzma_index_decoder
lzma_index_dup
lzma_index_encoder
lzma_index_end
lzma_index_file_size
lzma_index_hash_append
lzma_index_hash_decode
lzma_index_hash_end
lzma_index_hash_init
lzma_index_hash_size
lzma_index_init
lzma_index_iter_init
lzma_index_iter_locate
lzma_index_iter_next
lzma_index_iter_rewind
lzma_index_memusage
lzma_index_memused
lzma_index_size
lzma_index_stream_count
lzma_index_stream_flags
lzma_index_stream_padding
lzma_index_stream_size
lzma_index_total_size
lzma_index_uncompressed_size
lzma_lzma_preset
lzma_memlimit_get
lzma_memlimit_set
lzma_memusage
lzma_mf_is_supported
lzma_mode_is_supported
lzma_physmem
lzma_properties_decode
lzma_properties_encode
lzma_properties_size
lzma_raw_buffer_decode
lzma_raw_buffer_encode
lzma_raw_decoder
lzma_raw_decoder_memusage
lzma_raw_encoder
lzma_raw_encoder_memusage
lzma_stream_buffer_bound
lzma_stream_buffer_decode
lzma_stream_buffer_encode
lzma_stream_decoder
lzma_stream_encoder
lzma_stream_encoder_mt
lzma_stream_encoder_mt_memusage
lzma_stream_flags_compare
lzma_stream_footer_decode
lzma_stream_footer_encode
lzma_stream_header_decode
lzma_stream_header_encode
lzma_version_number
lzma_version_string
lzma_vli_decode
lzma_vli_encode
lzma_vli_size

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 964B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$LOCALAPPDATA/BeAnywhere Support Express/GetSupport/License.rtf
.rtf
$LOCALAPPDATA/BeAnywhere Support Express/GetSupport/SILK.dll
.dll windows:5 windows x86 arch:x86

ced0e029a9100e299c10c789b8507b6b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\BeAnywhere_CT\Devel\SILK\SILK_DLL\SILK\Release\SILK.pdb

Imports

msvcr90

__dllonexit
_lock
_unlock
_except_handler4_common
__clean_type_info_names_internal
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer
_onexit
memmove
memcpy
memset
_CIpow

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

Exports

Exports

fnSKP_Silk_SDK_Decode
fnSKP_Silk_SDK_Encode
fnSKP_Silk_SDK_Get_Decoder_Size
fnSKP_Silk_SDK_Get_Encoder_Size
fnSKP_Silk_SDK_InitDecoder
fnSKP_Silk_SDK_InitEncoder
fnSKP_Silk_SDK_QueryEncoder
fnSKP_Silk_SDK_get_TOC
fnSKP_Silk_SDK_search_for_LBRR
fnSKP_Slik_SDK_get_version

Sections

.text
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$LOCALAPPDATA/BeAnywhere Support Express/GetSupport/TurboJPEG.dll
.dll windows:4 windows x86 arch:x86

ec1cc687a9eca9beb4e22c69d5966238

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetLastError
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
InterlockedExchange
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

_putenv
__dllonexit
__mb_cur_max
_errno
_iob
_setjmp
abort
atoi
calloc
exit
fflush
fprintf
fputc
free
fwrite
getenv
localeconv
longjmp
malloc
setlocale
sprintf
sscanf
strchr
vfprintf
wcslen

Exports

Exports

Java_org_libjpegturbo_turbojpeg_TJCompressor_compress___3BIIIIII_3BIII
Java_org_libjpegturbo_turbojpeg_TJCompressor_compress___3BIIII_3BIII
Java_org_libjpegturbo_turbojpeg_TJCompressor_compress___3IIIIIII_3BIII
Java_org_libjpegturbo_turbojpeg_TJCompressor_compress___3IIIII_3BIII
Java_org_libjpegturbo_turbojpeg_TJCompressor_destroy
Java_org_libjpegturbo_turbojpeg_TJCompressor_encodeYUV___3BIIII_3BII
Java_org_libjpegturbo_turbojpeg_TJCompressor_encodeYUV___3IIIII_3BII
Java_org_libjpegturbo_turbojpeg_TJCompressor_init
Java_org_libjpegturbo_turbojpeg_TJDecompressor_decompressHeader
Java_org_libjpegturbo_turbojpeg_TJDecompressor_decompressToYUV
Java_org_libjpegturbo_turbojpeg_TJDecompressor_decompress___3BI_3BIIIII
Java_org_libjpegturbo_turbojpeg_TJDecompressor_decompress___3BI_3BIIIIIII
Java_org_libjpegturbo_turbojpeg_TJDecompressor_decompress___3BI_3IIIIII
Java_org_libjpegturbo_turbojpeg_TJDecompressor_decompress___3BI_3IIIIIIII
Java_org_libjpegturbo_turbojpeg_TJDecompressor_destroy
Java_org_libjpegturbo_turbojpeg_TJDecompressor_init
Java_org_libjpegturbo_turbojpeg_TJTransformer_init
Java_org_libjpegturbo_turbojpeg_TJTransformer_transform
Java_org_libjpegturbo_turbojpeg_TJ_bufSize
Java_org_libjpegturbo_turbojpeg_TJ_bufSizeYUV
Java_org_libjpegturbo_turbojpeg_TJ_getScalingFactors
TJBUFSIZE
TJBUFSIZEYUV
tjAlloc
tjBufSize
tjBufSizeYUV
tjCompress
tjCompress2
tjDecompress
tjDecompress2
tjDecompressHeader
tjDecompressHeader2
tjDecompressToYUV
tjDestroy
tjEncodeYUV
tjEncodeYUV2
tjFree
tjGetErrorStr
tjGetScalingFactors
tjInitCompress
tjInitDecompress
tjInitTransform
tjTransform

Sections

.text
Size: 337KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 66KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/14
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/61
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/73
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/87
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/99
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/112
Size: 512B - Virtual size: 393B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/123
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/134
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$LOCALAPPDATA/BeAnywhere Support Express/GetSupport/borlndmm.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

@Borlndmm@HeapAddRef$qqrv
@Borlndmm@HeapRelease$qqrv
@Borlndmm@SysFreeMem$qqrpv
@Borlndmm@SysGetMem$qqri
@Borlndmm@SysReallocMem$qqrpvi
DumpBlocks
FreeMemory
GetAllocMemCount
GetAllocMemSize
GetHeapStatus
GetMemory
ReallocMemory

Sections

CODE
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 402B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$LOCALAPPDATA/BeAnywhere Support Express/GetSupport/libeay32.dll
.dll windows:4 windows x86 arch:x86

dcb5fe6c1711708c6032811192f5253f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

DeregisterEventSource
RegisterEventSourceA
ReportEventA

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
DeleteDC
DeleteObject
GetBitmapBits
GetDeviceCaps
GetObjectA
SelectObject

kernel32

AddAtomA
CloseHandle
FindAtomA
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetAtomNameA
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetFileType
GetLastError
GetProcAddress
GetStdHandle
GetThreadTimes
GetTickCount
GetVersion
GetVersionExA
GlobalMemoryStatus
LoadLibraryA
QueryPerformanceCounter
SetLastError

msvcrt

_close
_lseek
_read
_write
__dllonexit
__mb_cur_max
_assert
_chmod
_errno
_getch
_getpid
_iob
_isctype
_pctype
_read
_setmode
_stat
_vsnprintf
_write
abort
atoi
exit
fclose
fflush
fgets
fopen
fprintf
fputc
fputs
fread
free
fseek
ftell
fwrite
getenv
gmtime
localtime
malloc
memchr
memcpy
memmove
memset
perror
printf
qsort
realloc
setvbuf
signal
sprintf
sscanf
strcat
strchr
strcmp
strcpy
strerror
strlen
strncmp
strncpy
strrchr
strtol
strtoul
time
tolower
vfprintf
wcsstr

user32

GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA

wsock32

WSACancelBlockingCall
WSACleanup
WSAGetLastError
WSASetLastError
WSAStartup
accept
bind
closesocket
connect
gethostbyname
getservbyname
getsockopt
htonl
htons
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
send
sendto
setsockopt
shutdown
socket

Exports

Exports

ACCESS_DESCRIPTION_free
ACCESS_DESCRIPTION_it
ACCESS_DESCRIPTION_new
AES_bi_ige_encrypt
AES_cbc_encrypt
AES_cfb128_encrypt
AES_cfb1_encrypt
AES_cfb8_encrypt
AES_cfbr_encrypt_block
AES_ctr128_encrypt
AES_decrypt
AES_ecb_encrypt
AES_encrypt
AES_ige_encrypt
AES_ofb128_encrypt
AES_options
AES_set_decrypt_key
AES_set_encrypt_key
AES_unwrap_key
AES_wrap_key
ASN1_ANY_it
ASN1_BIT_STRING_asn1_meth
ASN1_BIT_STRING_free
ASN1_BIT_STRING_get_bit
ASN1_BIT_STRING_it
ASN1_BIT_STRING_name_print
ASN1_BIT_STRING_new
ASN1_BIT_STRING_num_asc
ASN1_BIT_STRING_set
ASN1_BIT_STRING_set_asc
ASN1_BIT_STRING_set_bit
ASN1_BMPSTRING_free
ASN1_BMPSTRING_it
ASN1_BMPSTRING_new
ASN1_BOOLEAN_it
ASN1_ENUMERATED_free
ASN1_ENUMERATED_get
ASN1_ENUMERATED_it
ASN1_ENUMERATED_new
ASN1_ENUMERATED_set
ASN1_ENUMERATED_to_BN
ASN1_FBOOLEAN_it
ASN1_GENERALIZEDTIME_check
ASN1_GENERALIZEDTIME_free
ASN1_GENERALIZEDTIME_it
ASN1_GENERALIZEDTIME_new
ASN1_GENERALIZEDTIME_print
ASN1_GENERALIZEDTIME_set
ASN1_GENERALIZEDTIME_set_string
ASN1_GENERALSTRING_free
ASN1_GENERALSTRING_it
ASN1_GENERALSTRING_new
ASN1_HEADER_free
ASN1_HEADER_new
ASN1_IA5STRING_asn1_meth
ASN1_IA5STRING_free
ASN1_IA5STRING_it
ASN1_IA5STRING_new
ASN1_INTEGER_cmp
ASN1_INTEGER_dup
ASN1_INTEGER_free
ASN1_INTEGER_get
ASN1_INTEGER_it
ASN1_INTEGER_new
ASN1_INTEGER_set
ASN1_INTEGER_to_BN
ASN1_NULL_free
ASN1_NULL_it
ASN1_NULL_new
ASN1_OBJECT_create
ASN1_OBJECT_free
ASN1_OBJECT_it
ASN1_OBJECT_new
ASN1_OCTET_STRING_NDEF_it
ASN1_OCTET_STRING_cmp
ASN1_OCTET_STRING_dup
ASN1_OCTET_STRING_free
ASN1_OCTET_STRING_it
ASN1_OCTET_STRING_new
ASN1_OCTET_STRING_set
ASN1_PRINTABLESTRING_free
ASN1_PRINTABLESTRING_it
ASN1_PRINTABLESTRING_new
ASN1_PRINTABLE_free
ASN1_PRINTABLE_it
ASN1_PRINTABLE_new
ASN1_PRINTABLE_type
ASN1_SEQUENCE_it
ASN1_STRING_TABLE_add
ASN1_STRING_TABLE_cleanup
ASN1_STRING_TABLE_get
ASN1_STRING_cmp
ASN1_STRING_data
ASN1_STRING_dup
ASN1_STRING_encode
ASN1_STRING_free
ASN1_STRING_get_default_mask
ASN1_STRING_length
ASN1_STRING_length_set
ASN1_STRING_new
ASN1_STRING_print
ASN1_STRING_print_ex
ASN1_STRING_print_ex_fp
ASN1_STRING_set
ASN1_STRING_set0
ASN1_STRING_set_by_NID
ASN1_STRING_set_default_mask
ASN1_STRING_set_default_mask_asc
ASN1_STRING_to_UTF8
ASN1_STRING_type
ASN1_STRING_type_new
ASN1_T61STRING_free
ASN1_T61STRING_it
ASN1_T61STRING_new
ASN1_TBOOLEAN_it
ASN1_TIME_check
ASN1_TIME_free
ASN1_TIME_it
ASN1_TIME_new
ASN1_TIME_print
ASN1_TIME_set
ASN1_TIME_to_generalizedtime
ASN1_TYPE_free
ASN1_TYPE_get
ASN1_TYPE_get_int_octetstring
ASN1_TYPE_get_octetstring
ASN1_TYPE_new
ASN1_TYPE_set
ASN1_TYPE_set1
ASN1_TYPE_set_int_octetstring
ASN1_TYPE_set_octetstring
ASN1_UNIVERSALSTRING_free
ASN1_UNIVERSALSTRING_it
ASN1_UNIVERSALSTRING_new
ASN1_UNIVERSALSTRING_to_string
ASN1_UTCTIME_check
ASN1_UTCTIME_cmp_time_t
ASN1_UTCTIME_free
ASN1_UTCTIME_it
ASN1_UTCTIME_new
ASN1_UTCTIME_print
ASN1_UTCTIME_set
ASN1_UTCTIME_set_string
ASN1_UTF8STRING_free
ASN1_UTF8STRING_it
ASN1_UTF8STRING_new
ASN1_VISIBLESTRING_free
ASN1_VISIBLESTRING_it
ASN1_VISIBLESTRING_new
ASN1_add_oid_module
ASN1_check_infinite_end
ASN1_const_check_infinite_end
ASN1_d2i_bio
ASN1_d2i_fp
ASN1_digest
ASN1_dup
ASN1_generate_nconf
ASN1_generate_v3
ASN1_get_object
ASN1_i2d_bio
ASN1_i2d_fp
ASN1_item_d2i
ASN1_item_d2i_bio
ASN1_item_d2i_fp
ASN1_item_digest
ASN1_item_dup
ASN1_item_ex_d2i
ASN1_item_ex_free
ASN1_item_ex_i2d
ASN1_item_ex_new
ASN1_item_free
ASN1_item_i2d
ASN1_item_i2d_bio
ASN1_item_i2d_fp
ASN1_item_ndef_i2d
ASN1_item_new
ASN1_item_pack
ASN1_item_sign
ASN1_item_unpack
ASN1_item_verify
ASN1_mbstring_copy
ASN1_mbstring_ncopy
ASN1_object_size
ASN1_pack_string
ASN1_parse
ASN1_parse_dump
ASN1_primitive_free
ASN1_primitive_new
ASN1_put_eoc
ASN1_put_object
ASN1_seq_pack
ASN1_seq_unpack
ASN1_sign
ASN1_tag2bit
ASN1_tag2str
ASN1_template_d2i
ASN1_template_free
ASN1_template_i2d
ASN1_template_new
ASN1_unpack_string
ASN1_verify
AUTHORITY_INFO_ACCESS_free
AUTHORITY_INFO_ACCESS_it
AUTHORITY_INFO_ACCESS_new
AUTHORITY_KEYID_free
AUTHORITY_KEYID_it
AUTHORITY_KEYID_new
BASIC_CONSTRAINTS_free
BASIC_CONSTRAINTS_it
BASIC_CONSTRAINTS_new
BF_cbc_encrypt
BF_cfb64_encrypt
BF_decrypt
BF_ecb_encrypt
BF_encrypt
BF_ofb64_encrypt
BF_options
BF_set_key
BIGNUM_it
BIO_accept
BIO_callback_ctrl
BIO_clear_flags
BIO_copy_next_retry
BIO_ctrl
BIO_ctrl_get_read_request
BIO_ctrl_get_write_guarantee
BIO_ctrl_pending
BIO_ctrl_reset_read_request
BIO_ctrl_wpending
BIO_debug_callback
BIO_dgram_non_fatal_error
BIO_dump
BIO_dump_cb
BIO_dump_fp
BIO_dump_indent
BIO_dump_indent_cb
BIO_dump_indent_fp
BIO_dup_chain
BIO_f_base64
BIO_f_buffer
BIO_f_cipher
BIO_f_md
BIO_f_nbio_test
BIO_f_null
BIO_f_reliable
BIO_fd_non_fatal_error
BIO_fd_should_retry
BIO_find_type
BIO_free
BIO_free_all
BIO_get_accept_socket
BIO_get_callback
BIO_get_callback_arg
BIO_get_ex_data
BIO_get_ex_new_index
BIO_get_host_ip
BIO_get_port
BIO_get_retry_BIO
BIO_get_retry_reason
BIO_gethostbyname
BIO_gets
BIO_indent
BIO_int_ctrl
BIO_method_name
BIO_method_type
BIO_new
BIO_new_accept
BIO_new_bio_pair
BIO_new_connect
BIO_new_dgram
BIO_new_fd
BIO_new_file
BIO_new_fp
BIO_new_mem_buf
BIO_new_socket
BIO_next
BIO_nread
BIO_nread0
BIO_number_read
BIO_number_written
BIO_nwrite
BIO_nwrite0
BIO_pop
BIO_printf
BIO_ptr_ctrl
BIO_push
BIO_puts
BIO_read
BIO_s_accept
BIO_s_bio
BIO_s_connect
BIO_s_datagram
BIO_s_fd
BIO_s_file
BIO_s_mem
BIO_s_null
BIO_s_socket
BIO_set
BIO_set_callback
BIO_set_callback_arg
BIO_set_cipher
BIO_set_ex_data
BIO_set_flags
BIO_set_tcp_ndelay
BIO_snprintf
BIO_sock_cleanup
BIO_sock_error
BIO_sock_init
BIO_sock_non_fatal_error
BIO_sock_should_retry
BIO_socket_ioctl
BIO_socket_nbio
BIO_test_flags
BIO_vfree
BIO_vprintf
BIO_vsnprintf
BIO_write
BN_BLINDING_convert
BN_BLINDING_convert_ex
BN_BLINDING_create_param
BN_BLINDING_free
BN_BLINDING_get_flags
BN_BLINDING_get_thread_id
BN_BLINDING_invert
BN_BLINDING_invert_ex
BN_BLINDING_new
BN_BLINDING_set_flags
BN_BLINDING_set_thread_id
BN_BLINDING_update
BN_CTX_end
BN_CTX_free
BN_CTX_get
BN_CTX_init
BN_CTX_new
BN_CTX_start
BN_GENCB_call
BN_GF2m_add
BN_GF2m_arr2poly
BN_GF2m_mod
BN_GF2m_mod_arr
BN_GF2m_mod_div
BN_GF2m_mod_div_arr
BN_GF2m_mod_exp
BN_GF2m_mod_exp_arr
BN_GF2m_mod_inv
BN_GF2m_mod_inv_arr
BN_GF2m_mod_mul
BN_GF2m_mod_mul_arr
BN_GF2m_mod_solve_quad
BN_GF2m_mod_solve_quad_arr
BN_GF2m_mod_sqr
BN_GF2m_mod_sqr_arr
BN_GF2m_mod_sqrt
BN_GF2m_mod_sqrt_arr
BN_GF2m_poly2arr
BN_MONT_CTX_copy
BN_MONT_CTX_free
BN_MONT_CTX_init
BN_MONT_CTX_new
BN_MONT_CTX_set
BN_MONT_CTX_set_locked
BN_RECP_CTX_free
BN_RECP_CTX_init
BN_RECP_CTX_new
BN_RECP_CTX_set
BN_X931_derive_prime_ex
BN_X931_generate_Xpq
BN_X931_generate_prime_ex
BN_add
BN_add_word
BN_bin2bn
BN_bn2bin
BN_bn2dec
BN_bn2hex
BN_bn2mpi
BN_bntest_rand
BN_clear
BN_clear_bit
BN_clear_free
BN_cmp
BN_copy
BN_dec2bn
BN_div
BN_div_recp
BN_div_word
BN_dup
BN_exp
BN_free
BN_from_montgomery
BN_gcd
BN_generate_prime
BN_generate_prime_ex
BN_get0_nist_prime_192
BN_get0_nist_prime_224
BN_get0_nist_prime_256
BN_get0_nist_prime_384
BN_get0_nist_prime_521
BN_get_params
BN_get_word
BN_hex2bn
BN_init
BN_is_bit_set
BN_is_prime
BN_is_prime_ex
BN_is_prime_fasttest
BN_is_prime_fasttest_ex
BN_kronecker
BN_lshift
BN_lshift1
BN_mask_bits
BN_mod_add
BN_mod_add_quick
BN_mod_exp
BN_mod_exp2_mont
BN_mod_exp_mont
BN_mod_exp_mont_consttime
BN_mod_exp_mont_word
BN_mod_exp_recp
BN_mod_exp_simple
BN_mod_inverse
BN_mod_lshift
BN_mod_lshift1
BN_mod_lshift1_quick
BN_mod_lshift_quick
BN_mod_mul
BN_mod_mul_montgomery
BN_mod_mul_reciprocal
BN_mod_sqr
BN_mod_sqrt
BN_mod_sub
BN_mod_sub_quick
BN_mod_word
BN_mpi2bn
BN_mul
BN_mul_word
BN_new
BN_nist_mod_192
BN_nist_mod_224
BN_nist_mod_256
BN_nist_mod_384
BN_nist_mod_521
BN_nnmod
BN_num_bits
BN_num_bits_word
BN_options
BN_print
BN_print_fp
BN_pseudo_rand
BN_pseudo_rand_range
BN_rand
BN_rand_range
BN_reciprocal
BN_rshift
BN_rshift1
BN_set_bit
BN_set_negative
BN_set_params
BN_set_word
BN_sqr
BN_sub
BN_sub_word
BN_swap
BN_to_ASN1_ENUMERATED
BN_to_ASN1_INTEGER
BN_uadd
BN_ucmp
BN_usub
BN_value_one
BUF_MEM_free
BUF_MEM_grow
BUF_MEM_grow_clean
BUF_MEM_new
BUF_memdup
BUF_strdup
BUF_strlcat
BUF_strlcpy
BUF_strndup
CAST_cbc_encrypt
CAST_cfb64_encrypt
CAST_decrypt
CAST_ecb_encrypt
CAST_encrypt
CAST_ofb64_encrypt
CAST_set_key
CBIGNUM_it
CERTIFICATEPOLICIES_free
CERTIFICATEPOLICIES_it
CERTIFICATEPOLICIES_new
COMP_CTX_free
COMP_CTX_new
COMP_compress_block
COMP_expand_block
COMP_rle
COMP_zlib
COMP_zlib_cleanup
CONF_dump_bio
CONF_dump_fp
CONF_free
CONF_get1_default_config_file
CONF_get_number

Sections

.text
Size: 778KB - Virtual size: 777KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$LOCALAPPDATA/BeAnywhere Support Express/GetSupport/ssleay32.dll
.dll windows:4 windows x86 arch:x86

db975bcad8a56d927c258e88cd803151

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AddAtomA
FindAtomA
GetAtomNameA
GetLastError
SetLastError

msvcrt

__dllonexit
_assert
_errno
_iob
abort
fflush
fprintf
free
fwrite
malloc
memcpy
memmove
memset
strcpy
strlen
strncmp
time

libeay32

ASN1_INTEGER_get
ASN1_INTEGER_set
ASN1_const_check_infinite_end
ASN1_dup
ASN1_get_object
ASN1_object_size
ASN1_put_object
BIO_callback_ctrl
BIO_clear_flags
BIO_copy_next_retry
BIO_ctrl
BIO_dump_indent
BIO_f_buffer
BIO_find_type
BIO_free
BIO_free_all
BIO_get_retry_reason
BIO_int_ctrl
BIO_method_type
BIO_new
BIO_pop
BIO_printf
BIO_push
BIO_puts
BIO_read
BIO_s_connect
BIO_s_file
BIO_s_socket
BIO_set_flags
BIO_snprintf
BIO_test_flags
BIO_write
BN_CTX_free
BN_CTX_new
BN_bin2bn
BN_bn2bin
BN_clear_free
BN_dup
BN_num_bits
BUF_MEM_free
BUF_MEM_grow
BUF_MEM_grow_clean
BUF_MEM_new
BUF_memdup
BUF_strdup
BUF_strndup
COMP_CTX_free
COMP_CTX_new
COMP_compress_block
COMP_expand_block
COMP_zlib
CRYPTO_add_lock
CRYPTO_dup_ex_data
CRYPTO_free
CRYPTO_free_ex_data
CRYPTO_get_ex_data
CRYPTO_get_ex_new_index
CRYPTO_lock
CRYPTO_malloc
CRYPTO_mem_ctrl
CRYPTO_new_ex_data
CRYPTO_set_ex_data
DH_compute_key
DH_free
DH_generate_key
DH_new
DH_size
DSA_sign
DSA_verify
ECDH_compute_key
ECDSA_sign
ECDSA_verify
EC_GROUP_free
EC_GROUP_get_curve_name
EC_GROUP_get_degree
EC_GROUP_new_by_curve_name
EC_KEY_dup
EC_KEY_free
EC_KEY_generate_key
EC_KEY_get0_group
EC_KEY_get0_private_key
EC_KEY_get0_public_key
EC_KEY_new
EC_KEY_set_group
EC_KEY_set_private_key
EC_KEY_set_public_key
EC_KEY_up_ref
EC_POINT_copy
EC_POINT_free
EC_POINT_new
EC_POINT_oct2point
EC_POINT_point2oct
ENGINE_finish
ENGINE_get_ssl_client_cert_function
ENGINE_init
ENGINE_load_ssl_client_cert
ERR_add_error_data
ERR_clear_error
ERR_func_error_string
ERR_load_crypto_strings
ERR_load_strings
ERR_peek_error
ERR_peek_last_error
ERR_put_error
EVP_CIPHER_CTX_block_size
EVP_CIPHER_CTX_cipher
EVP_CIPHER_CTX_cleanup
EVP_CIPHER_CTX_init
EVP_CIPHER_CTX_iv_length
EVP_CIPHER_CTX_key_length
EVP_CIPHER_block_size
EVP_CIPHER_flags
EVP_CIPHER_iv_length
EVP_CIPHER_key_length
EVP_Cipher
EVP_CipherInit_ex
EVP_DecryptFinal
EVP_DecryptInit_ex
EVP_DecryptUpdate
EVP_DigestFinal_ex
EVP_DigestInit_ex
EVP_DigestUpdate
EVP_EncryptFinal
EVP_EncryptInit_ex
EVP_EncryptUpdate
EVP_MD_CTX_cleanup
EVP_MD_CTX_copy_ex
EVP_MD_CTX_init
EVP_MD_CTX_md
EVP_MD_CTX_set_flags
EVP_MD_size
EVP_PKEY_assign
EVP_PKEY_bits
EVP_PKEY_copy_parameters
EVP_PKEY_free
EVP_PKEY_missing_parameters
EVP_PKEY_new
EVP_PKEY_size
EVP_SignFinal
EVP_VerifyFinal
EVP_add_cipher
EVP_add_digest
EVP_aes_128_cbc
EVP_aes_192_cbc
EVP_aes_256_cbc
EVP_des_cbc
EVP_des_ede3_cbc
EVP_dss1
EVP_ecdsa
EVP_enc_null
EVP_get_cipherbyname
EVP_get_digestbyname
EVP_idea_cbc
EVP_md2
EVP_md5
EVP_rc2_cbc
EVP_rc4
EVP_sha1
EVP_sha256
HMAC_CTX_cleanup
HMAC_CTX_init
HMAC_CTX_set_flags
HMAC_Final
HMAC_Init_ex
HMAC_Update
OBJ_NAME_add
OBJ_bsearch
OBJ_obj2nid
OCSP_RESPID_free
OPENSSL_DIR_end
OPENSSL_DIR_read
OPENSSL_cleanse
OpenSSLDie
PEM_read_bio_PrivateKey
PEM_read_bio_RSAPrivateKey
PEM_read_bio_X509
RAND_add
RAND_bytes
RAND_pseudo_bytes
RSAPrivateKey_dup
RSA_flags
RSA_free
RSA_new
RSA_private_decrypt
RSA_public_encrypt
RSA_sign
RSA_size
RSA_up_ref
RSA_verify
X509_EXTENSION_free
X509_NAME_cmp
X509_NAME_dup
X509_NAME_free
X509_STORE_CTX_cleanup
X509_STORE_CTX_get0_param
X509_STORE_CTX_get_ex_data
X509_STORE_CTX_get_ex_new_index
X509_STORE_CTX_init
X509_STORE_CTX_set_default
X509_STORE_CTX_set_ex_data
X509_STORE_CTX_set_verify_cb
X509_STORE_free
X509_STORE_get_by_subject
X509_STORE_load_locations
X509_STORE_new
X509_STORE_set_default_paths
X509_VERIFY_PARAM_free
X509_VERIFY_PARAM_get_depth
X509_VERIFY_PARAM_inherit
X509_VERIFY_PARAM_new
X509_VERIFY_PARAM_set_depth
X509_VERIFY_PARAM_set_purpose
X509_VERIFY_PARAM_set_trust
X509_certificate_type
X509_check_private_key
X509_check_purpose
X509_free
X509_get_issuer_name
X509_get_pubkey
X509_get_subject_name
X509_verify_cert
X509_verify_cert_error_string
asn1_GetSequence
asn1_add_error
asn1_const_Finish
d2i_ASN1_INTEGER
d2i_ASN1_OCTET_STRING
d2i_DHparams
d2i_OCSP_RESPID
d2i_PrivateKey
d2i_PrivateKey_bio
d2i_RSAPrivateKey
d2i_RSAPrivateKey_bio
d2i_X509
d2i_X509_EXTENSIONS
d2i_X509_NAME
d2i_X509_bio
i2d_ASN1_INTEGER
i2d_ASN1_OCTET_STRING
i2d_DHparams
i2d_OCSP_RESPID
i2d_X509
i2d_X509_EXTENSIONS
i2d_X509_NAME
lh_delete
lh_doall_arg
lh_free
lh_insert
lh_new
lh_retrieve
pitem_free
pitem_new
pqueue_find
pqueue_free
pqueue_insert
pqueue_iterator
pqueue_new
pqueue_next
pqueue_peek
pqueue_pop
sk_delete
sk_dup
sk_find
sk_free
sk_new
sk_new_null
sk_num
sk_pop_free
sk_push
sk_set
sk_set_cmp_func
sk_shift
sk_value
sk_zero

Exports

Exports

BIO_f_ssl
BIO_new_buffer_ssl_connect
BIO_new_ssl
BIO_new_ssl_connect
BIO_ssl_copy_session_id
BIO_ssl_shutdown
DTLSv1_client_method
DTLSv1_method
DTLSv1_server_method
ERR_load_SSL_strings
SSL_CIPHER_description
SSL_CIPHER_get_bits
SSL_CIPHER_get_name
SSL_CIPHER_get_version
SSL_COMP_add_compression_method
SSL_COMP_get_compression_methods
SSL_COMP_get_name
SSL_CTX_add_client_CA
SSL_CTX_add_session
SSL_CTX_callback_ctrl
SSL_CTX_check_private_key
SSL_CTX_ctrl
SSL_CTX_flush_sessions
SSL_CTX_free
SSL_CTX_get_cert_store
SSL_CTX_get_client_CA_list
SSL_CTX_get_client_cert_cb
SSL_CTX_get_ex_data
SSL_CTX_get_ex_new_index
SSL_CTX_get_info_callback
SSL_CTX_get_quiet_shutdown
SSL_CTX_get_timeout
SSL_CTX_get_verify_callback
SSL_CTX_get_verify_depth
SSL_CTX_get_verify_mode
SSL_CTX_get_version_indy
SSL_CTX_load_verify_locations
SSL_CTX_new
SSL_CTX_remove_session
SSL_CTX_sess_get_get_cb
SSL_CTX_sess_get_new_cb
SSL_CTX_sess_get_remove_cb
SSL_CTX_sess_set_get_cb
SSL_CTX_sess_set_new_cb
SSL_CTX_sess_set_remove_cb
SSL_CTX_sessions
SSL_CTX_set_cert_store
SSL_CTX_set_cert_verify_callback
SSL_CTX_set_cipher_list
SSL_CTX_set_client_CA_list
SSL_CTX_set_client_cert_cb
SSL_CTX_set_client_cert_engine
SSL_CTX_set_cookie_generate_cb
SSL_CTX_set_cookie_verify_cb
SSL_CTX_set_default_passwd_cb
SSL_CTX_set_default_passwd_cb_userdata
SSL_CTX_set_default_verify_paths
SSL_CTX_set_ex_data
SSL_CTX_set_generate_session_id
SSL_CTX_set_info_callback
SSL_CTX_set_info_callback_indy
SSL_CTX_set_msg_callback
SSL_CTX_set_options_indy
SSL_CTX_set_purpose
SSL_CTX_set_quiet_shutdown
SSL_CTX_set_session_id_context
SSL_CTX_set_ssl_version
SSL_CTX_set_timeout
SSL_CTX_set_tmp_dh_callback
SSL_CTX_set_tmp_ecdh_callback
SSL_CTX_set_tmp_rsa_callback
SSL_CTX_set_trust
SSL_CTX_set_verify
SSL_CTX_set_verify_depth
SSL_CTX_use_PrivateKey
SSL_CTX_use_PrivateKey_ASN1
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_RSAPrivateKey
SSL_CTX_use_RSAPrivateKey_ASN1
SSL_CTX_use_RSAPrivateKey_file
SSL_CTX_use_certificate
SSL_CTX_use_certificate_ASN1
SSL_CTX_use_certificate_chain_file
SSL_CTX_use_certificate_file
SSL_SESSION_cmp
SSL_SESSION_free
SSL_SESSION_get_ex_data
SSL_SESSION_get_ex_new_index
SSL_SESSION_get_id
SSL_SESSION_get_id_ctx_indy
SSL_SESSION_get_id_indy
SSL_SESSION_get_time
SSL_SESSION_get_timeout
SSL_SESSION_hash
SSL_SESSION_new
SSL_SESSION_print
SSL_SESSION_print_fp
SSL_SESSION_set_ex_data
SSL_SESSION_set_time
SSL_SESSION_set_timeout
SSL_accept
SSL_add_client_CA
SSL_add_dir_cert_subjects_to_stack
SSL_add_file_cert_subjects_to_stack
SSL_alert_desc_string
SSL_alert_desc_string_long
SSL_alert_type_string
SSL_alert_type_string_long
SSL_callback_ctrl
SSL_check_private_key
SSL_clear
SSL_connect
SSL_copy_session_id
SSL_ctrl
SSL_do_handshake
SSL_dup
SSL_dup_CA_list
SSL_free
SSL_get1_session
SSL_get_SSL_CTX
SSL_get_certificate
SSL_get_cipher_list
SSL_get_ciphers
SSL_get_client_CA_list
SSL_get_current_cipher
SSL_get_current_compression
SSL_get_current_expansion
SSL_get_default_timeout
SSL_get_error
SSL_get_ex_data
SSL_get_ex_data_X509_STORE_CTX_idx
SSL_get_ex_new_index
SSL_get_fd
SSL_get_finished
SSL_get_info_callback
SSL_get_peer_cert_chain
SSL_get_peer_certificate
SSL_get_peer_finished
SSL_get_privatekey
SSL_get_quiet_shutdown
SSL_get_rbio
SSL_get_read_ahead
SSL_get_rfd
SSL_get_servername
SSL_get_servername_type
SSL_get_session
SSL_get_shared_ciphers
SSL_get_shutdown
SSL_get_ssl_method
SSL_get_verify_callback
SSL_get_verify_depth
SSL_get_verify_mode
SSL_get_verify_result
SSL_get_version
SSL_get_wbio
SSL_get_wfd
SSL_has_matching_session_id
SSL_library_init
SSL_load_client_CA_file
SSL_load_error_strings
SSL_new
SSL_peek
SSL_pending
SSL_read
SSL_renegotiate
SSL_renegotiate_pending
SSL_rstate_string
SSL_rstate_string_long
SSL_set_SSL_CTX
SSL_set_accept_state
SSL_set_bio
SSL_set_cipher_list
SSL_set_client_CA_list
SSL_set_connect_state
SSL_set_ex_data
SSL_set_fd
SSL_set_generate_session_id
SSL_set_info_callback
SSL_set_msg_callback
SSL_set_purpose
SSL_set_quiet_shutdown
SSL_set_read_ahead
SSL_set_rfd
SSL_set_session
SSL_set_session_id_context
SSL_set_shutdown
SSL_set_ssl_method
SSL_set_tmp_dh_callback
SSL_set_tmp_ecdh_callback
SSL_set_tmp_rsa_callback
SSL_set_trust
SSL_set_verify
SSL_set_verify_depth
SSL_set_verify_result
SSL_set_wfd
SSL_shutdown
SSL_state
SSL_state_string
SSL_state_string_long
SSL_use_PrivateKey
SSL_use_PrivateKey_ASN1
SSL_use_PrivateKey_file
SSL_use_RSAPrivateKey
SSL_use_RSAPrivateKey_ASN1
SSL_use_RSAPrivateKey_file
SSL_use_certificate
SSL_use_certificate_ASN1
SSL_use_certificate_file
SSL_version
SSL_want
SSL_write
SSLv23_client_method
SSLv23_method
SSLv23_server_method
SSLv2_client_method
SSLv2_method
SSLv2_server_method
SSLv3_client_method
SSLv3_method
SSLv3_server_method
TLSv1_client_method
TLSv1_method
TLSv1_server_method
X509_STORE_CTX_get_app_data_indy
X509_get_notAfter_indy
X509_get_notBefore_indy
d2i_SSL_SESSION
i2d_SSL_SESSION

Sections

.text
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 288B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$LOCALAPPDATA/BeAnywhere Support Express/GetSupport/zlib1.dll
.dll windows:4 windows x86 arch:x86

fd348b107c9a12537c4d666dc366ec5f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryW
MultiByteToWideChar
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

_close
_open
_read
_write
__dllonexit
__mb_cur_max
_amsg_exit
_errno
_initterm
_iob
_lock
_lseeki64
_onexit
_unlock
_vsnprintf
_wopen
abort
atoi
calloc
fputc
free
getenv
localeconv
malloc
memchr
memcpy
memset
setlocale
strchr
strerror
strlen
strncmp
wcslen
wcstombs

Exports

Exports

adler32
adler32_combine
adler32_combine64
compress
compress2
compressBound
crc32
crc32_combine
crc32_combine64
deflate
deflateBound
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflatePending
deflatePrime
deflateReset
deflateResetKeep
deflateSetDictionary
deflateSetHeader
deflateTune
get_crc_table
gzbuffer
gzclearerr
gzclose
gzclose_r
gzclose_w
gzdirect
gzdopen
gzeof
gzerror
gzflush
gzgetc
gzgetc_
gzgets
gzoffset
gzoffset64
gzopen
gzopen64
gzopen_w
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzseek64
gzsetparams
gztell
gztell64
gzungetc
gzvprintf
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCopy
inflateEnd
inflateGetDictionary
inflateGetHeader
inflateInit2_
inflateInit_
inflateMark
inflatePrime
inflateReset
inflateReset2
inflateResetKeep
inflateSetDictionary
inflateSync
inflateSyncPoint
inflateUndermine
uncompress
zError
zlibCompileFlags
zlibVersion

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/WinVersion.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

IsUACEnabled
IsVistaOrLater
IsWindowsNT

Sections

CODE
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 125B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/XMLConfigPlugIn.dll
.dll windows:4 windows x86 arch:x86

b8eaefdefbf76c74db760ac9d5fa4f9d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
MessageBoxA
LoadStringA
GetSystemMetrics
CharNextA
CharToOemA

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
lstrcpynA
WriteFile
VirtualQuery
SetFilePointer
ReadFile
GlobalFree
GlobalAlloc
GetVersionExA
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetFileSize
GetFileAttributesA
GetDiskFreeSpaceA
GetCPInfo
FreeLibrary
EnumCalendarInfoA
CreateFileA
CreateDirectoryA
CloseHandle

Exports

Exports

ExtractConfigurationFiles

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 512B - Virtual size: 332B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 18KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Code Sign

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

5d:9e:c1:e5:a7:3d:de:54:8f:59:ff:64:c8:dd:1d:6aCertificate

Extended Key Usages

Key Usages

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

a4:2a:0f:fc:75:51:da:b9:c9:39:a4:d2:d3:bd:82:2c:d2:b5:06:6dSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 32KB

.rsrc Size: 289KB - Virtual size: 289KB

bf9c84c3a3257624ea75aefc55b86e9d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

5e:01:0f:ac:4a:4f:67:ea:f6:79:d1:6c:51:20:1c:3dCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

wininet

sensapi

iphlpapi

zlib1

userenv

turbojpeg

liblzma-5

basuplib

secur32

crypt32

advapi32

kernel32

netapi32

version

wsock32

winspool.drv

comctl32

comdlg32

gdi32

shell32

shfolder

user32

winmm

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

5d:9e:c1:e5:a7:3d:de:54:8f:59:ff:64:c8:dd:1d:6a
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

a4:2a:0f:fc:75:51:da:b9:c9:39:a4:d2:d3:bd:82:2c:d2:b5:06:6d
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 289KB - Virtual size: 289KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

5e:01:0f:ac:4a:4f:67:ea:f6:79:d1:6c:51:20:1c:3d
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

.text
Size: 2.7MB - Virtual size: 2.7MB

.data
Size: 990KB - Virtual size: 1020KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 18KB - Virtual size: 20KB

.edata
Size: 36KB - Virtual size: 40KB

.rsrc
Size: 2.7MB - Virtual size: 2.7MB

.reloc
Size: 190KB - Virtual size: 192KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

5e:01:0f:ac:4a:4f:67:ea:f6:79:d1:6c:51:20:1c:3d
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

.text
Size: 190KB - Virtual size: 192KB

.data
Size: 45KB - Virtual size: 64KB

.tls
Size: 512B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 6KB - Virtual size: 8KB

.reloc
Size: 14KB - Virtual size: 16KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

5e:01:0f:ac:4a:4f:67:ea:f6:79:d1:6c:51:20:1c:3d
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate