fb34557a1f9d7f5116530557d84a966a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fb34557a1f9d7f5116530557d84a966a_JaffaCakes118
Size

10.9MB
MD5

fb34557a1f9d7f5116530557d84a966a
SHA1

690a464912bf02154e90555c3c952e0f77566bac
SHA256

c6bbeb42a31dc408ed91227e51d1e170fcbee1fb4d18854945139028103faa04
SHA512

2456598178104406cdbb84eb92d37fc459e4e620884cbf2775c64b5b89706823b3119677674c9e0b2b8bbe8d6d5f1d58935a269e64fffdc12f10853c4a2cc8b2
SSDEEP

196608:Wr6p6pagJdpiA8/OwFacGvTtfngvblAWlHWilDmJ89ibYIje4opol69NLKmbg2+y:kbw/ON55fUjWiM6CvliLKb2iL/gRY/Un

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Lz0/keymaker.exe
unpack002/$PLUGINSDIR/DcryptDll.dll
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/SimpleSC.dll
unpack002/$PLUGINSDIR/StartMenu.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/nsDialogs.dll
unpack002/$SYSDIR/nlcspro/psapi.dll
unpack002/bin/psapi.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/classroomspypro.exe	nsis_installer_1
static1/unpack001/classroomspypro.exe	nsis_installer_2

Files

fb34557a1f9d7f5116530557d84a966a_JaffaCakes118
.zip
155ɫվ.url
.url
Linezer0.nfo
Lz0/keymaker.exe
.exe windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 138KB - Virtual size: 412KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
classroomspypro.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

81:97:77:54:f9:ce:71:d3:39:8f:4a:28:dd:8e:50:bd
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/08/2010, 00:00

Not After

17/08/2011, 23:59

Subject

CN=EduIQ.com Damjan Kriznik s.p.,O=EduIQ.com Damjan Kriznik s.p.,POSTALCODE=2288,STREET=Slovenja vas 2D,L=HAJDINA,ST=SLOVENIA,C=SI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/DcryptDll.dll
.dll windows:4 windows x86 arch:x86

5e1d3f49e5b7590e18325930cd3084f1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileSize
CreateFileA
lstrlenA
DeleteFileA
WriteFile
ReadFile
lstrcmpA
CloseHandle
GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc

Exports

Exports

Decrypt
HexDecoder
HexEncoder
LoadStr
MD5Hash

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 470B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 730B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InitialDialog.ini
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SimpleSC.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

ContinueService
ExistsService
GetErrorMessage
GetServiceBinaryPath
GetServiceDisplayName
GetServiceLogon
GetServiceName
GetServiceStartType
GetServiceStatus
GrantServiceLogonPrivilege
InstallService
PauseService
RemoveService
RemoveServiceLogonPrivilege
RestartService
ServiceIsPaused
ServiceIsRunning
ServiceIsStopped
SetServiceBinaryPath
SetServiceDescription
SetServiceLogon
SetServiceStartType
StartService
StopService

Sections

CODE
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 716B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

a648aeaa164b592c1e8892a10400b5ae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
lstrcatA
FindClose
FindNextFileA
MulDiv
GlobalFree
lstrcpynA
GlobalAlloc
lstrcmpiA
FindFirstFileA
lstrcpyA

user32

TranslateMessage
GetMessageA
IsDialogMessageA
PostMessageA
DispatchMessageA
GetWindowLongA
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextA
SendMessageA
IsDlgButtonChecked
GetWindowTextA
DestroyWindow
GetDlgItem
CreateDialogParamA
SetWindowLongA
wsprintfA
CallWindowProcA

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

CoTaskMemFree

Exports

Exports

Init
Select
Show

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 518B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
RemovePropA
CharPrevA
GetWindowLongA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/nlcspro/LICENCE_nlvs.txt
$SYSDIR/nlcspro/csagtpro.exe.dat
$SYSDIR/nlcspro/csagtproconfig.exe
.exe windows:4 windows x86 arch:x86

bab798362d5c3056d7c750e101604769

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

81:97:77:54:f9:ce:71:d3:39:8f:4a:28:dd:8e:50:bd
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/08/2010, 00:00

Not After

17/08/2011, 23:59

Subject

CN=EduIQ.com Damjan Kriznik s.p.,O=EduIQ.com Damjan Kriznik s.p.,POSTALCODE=2288,STREET=Slovenja vas 2D,L=HAJDINA,ST=SLOVENIA,C=SI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
CloseServiceHandle
ControlService
DeleteService
EnumServicesStatusA
GetTokenInformation
GetUserNameA
LookupAccountSidA
LookupPrivilegeValueA
OpenProcessToken
OpenSCManagerA
OpenServiceA
QueryServiceStatus
RegCloseKey
RegCreateKeyExA
RegDeleteValueA
RegFlushKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
StartServiceA

kernel32

CloseHandle
CompareStringA
CopyFileA
CreateDirectoryA
CreateEventA
CreateFileA
CreateProcessA
CreateThread
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
EnumCalendarInfoA
ExitProcess
ExitThread
FindClose
FindFirstFileA
FindResourceA
FormatMessageA
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCommandLineA
GetComputerNameA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceA
GetEnvironmentStrings
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileSize
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetSystemDirectoryA
GetSystemTime
GetThreadLocale
GetTickCount
GetUserDefaultLCID
GetVersion
GetVersionExA
GlobalAddAtomA
GlobalDeleteAtom
GlobalFindAtomA
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadResource
LocalAlloc
LocalFree
LockResource
MulDiv
MultiByteToWideChar
OpenProcess
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ReadProcessMemory
ResetEvent
ResumeThread
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
SizeofResource
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
WritePrivateProfileStringA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA

mpr

WNetCloseEnum
WNetEnumResourceA
WNetGetProviderNameA
WNetGetResourceParentA
WNetOpenEnumA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wsock32

WSACleanup
WSAGetLastError
WSAStartup
gethostbyaddr
gethostbyname
gethostname
getservbyname
getservbyport
htonl
htons
ioctlsocket
inet_addr
ntohs

comctl32

ImageList_Add
ImageList_BeginDrag
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_DrawEx
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Read
ImageList_Remove
ImageList_Replace
ImageList_SetBkColor
ImageList_SetIconSize
ImageList_Write
ord17
_TrackMouseEvent
ImageList_Create

gdi32

BitBlt
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateDIBitmap
CreateFontIndirectA
CreateHalftonePalette
CreatePalette
CreatePen
CreatePenIndirect
CreateSolidBrush
DeleteDC
DeleteObject
ExcludeClipRect
GetBitmapBits
GetBrushOrgEx
GetClipBox
GetCurrentPositionEx
GetDCOrgEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetObjectA
GetPaletteEntries
GetPixel
GetRgnBox
GetStockObject
GetSystemPaletteEntries
GetTextExtentPoint32A
GetTextMetricsA
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
MoveToEx
PatBlt
Polyline
RealizePalette
RectVisible
Rectangle
RestoreDC
SaveDC
SelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetPixel
SetROP2
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWindowOrgEx
StretchBlt
UnrealizeObject

shell32

ShellExecuteA

user32

ActivateKeyboardLayout
AdjustWindowRectEx
BeginPaint
CallNextHookEx
CallWindowProcA
CharLowerA
CharLowerBuffA
CharNextA
CharToOemA
CharUpperBuffA
CheckMenuItem
ClientToScreen
CreateIcon
CreateMenu
CreatePopupMenu
CreateWindowExA
DefFrameProcA
DefMDIChildProcA
DefWindowProcA
DeleteMenu
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DispatchMessageW
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextA
EnableMenuItem
EnableScrollBar
EnableWindow
EndPaint
EnumChildWindows
EnumThreadWindows
EnumWindows
EqualRect
ExitWindowsEx
FillRect
FindWindowA
FrameRect
GetActiveWindow
GetCapture
GetClassInfoA
GetClassLongA
GetClassNameA
GetClientRect
GetCursor
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextA
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameA
GetKeyboardState
GetKeyboardType
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoA
GetMenuState
GetMenuStringA
GetMessagePos
GetParent
GetPropA
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetTopWindow
GetWindow
GetWindowDC
GetWindowLongA
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
InflateRect
InsertMenuA
InsertMenuItemA
IntersectRect
InvalidateRect
IsChild
IsDialogMessageA
IsDialogMessageW
IsIconic
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowUnicode
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapA
LoadCursorA
LoadIconA
LoadKeyboardLayoutA
LoadStringA
MapVirtualKeyA
MapWindowPoints
MessageBoxA
MsgWaitForMultipleObjects
OemToCharA
OffsetRect
PeekMessageA
PeekMessageW
PostMessageA
PostQuitMessage
PtInRect
RedrawWindow
RegisterClassA
RegisterClipboardFormatA
RegisterWindowMessageA
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropA
ScreenToClient
ScrollWindow
SendMessageA
SendMessageW
SetActiveWindow
SetCapture
SetClassLongA
SetCursor
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoA
SetParent
SetPropA
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongA
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowTextA
SetWindowsHookExA
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoA
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassA
UpdateWindow
ValidateRect
WaitMessage
WindowFromPoint
wsprintfA
GetSystemMetrics

ole32

CoInitialize
CoUninitialize

Exports

Exports

@$xp$10Hash@THash
@$xp$14Cipher@TCipher
@$xp$14Hash@TChecksum
@$xp$14Hash@THash_MD4
@$xp$14Hash@THash_MD5
@$xp$14Hash@THash_SHA
@$xp$15Hash@THash_SHA1
@$xp$16Decutil@TPAction
@$xp$16Hash@THash_CRC32
@$xp$16Hash@THash_Tiger
@$xp$16Hash@THash_XOR16
@$xp$16Hash@THash_XOR32
@$xp$17Cipher@TSAFERMode
@$xp$17Decutil@TPActions
@$xp$17Hash@THash_Snefru
@$xp$17Hash@THash_Square
@$xp$17Hash@TMAC_RFC2104
@$xp$18Cipher@TCipherMode
@$xp$18Cipher@TCipher_TEA
@$xp$18Libxmlparser@TAttr
@$xp$19Cipher@TCipher_3Way
@$xp$19Cipher@TCipher_Gost
@$xp$19Cipher@TCipher_IDEA
@$xp$19Cipher@TCipher_Q128
@$xp$19Cipher@TCipher_SCOP
@$xp$19Cipher@TCipher_TEAN
@$xp$19Decutil@EProtection
@$xp$19Decutil@TProtection
@$xp$19Hash@THash_Haval128
@$xp$19Hash@THash_Haval160
@$xp$19Hash@THash_Haval192
@$xp$19Hash@THash_Haval224
@$xp$19Hash@THash_Haval256
@$xp$19Hcmngr@THashManager
@$xp$20Cipher@TCipher_SAFER
@$xp$20Cipher@TCipher_Shark
@$xp$20Hash@THash_RipeMD128
@$xp$20Hash@THash_RipeMD160
@$xp$20Hash@THash_RipeMD256
@$xp$20Hash@THash_RipeMD320
@$xp$21Cipher@TCipher_Square
@$xp$21Decutil@EStringFormat
@$xp$21Decutil@TStringFormat
@$xp$21Hcmngr@TCipherManager
@$xp$21Hcmngr@TProgressEvent
@$xp$21Libxmlparser@TAttrDef
@$xp$21Libxmlparser@TCharset
@$xp$21Libxmlparser@TElemDef
@$xp$21Libxmlparser@TNvpList
@$xp$21Libxmlparser@TNvpNode
@$xp$21Libxmlparser@TPIEvent
@$xp$22Cipher@TCipher_Twofish
@$xp$22Decutil@TProgressEvent
@$xp$22Hash@THash_CRC16_CCITT
@$xp$22Hash@THash_Sapphire128
@$xp$22Hash@THash_Sapphire160
@$xp$22Hash@THash_Sapphire192
@$xp$22Hash@THash_Sapphire224
@$xp$22Hash@THash_Sapphire256
@$xp$22Hash@THash_Sapphire288
@$xp$22Hash@THash_Sapphire320
@$xp$22Libxmlparser@TAttrList
@$xp$22Libxmlparser@TAttrType
@$xp$22Libxmlparser@TDtdEvent
@$xp$22Libxmlparser@TElemList
@$xp$22Libxmlparser@TElemType
@$xp$22Libxmlparser@TPartType
@$xp$23Cipher@ECipherException
@$xp$23Cipher@TCipher_Blowfish
@$xp$23Libxmlcomps@TXmlScanner
@$xp$23Libxmlparser@TEntityDef
@$xp$23Libxmlparser@TValueType
@$xp$23Libxmlparser@TXmlParser
@$xp$24Cipher@TCipher_SAFER_K40
@$xp$24Cipher@TCipher_SAFER_K64
@$xp$24Decutil@TStringFormat_UU
@$xp$24Decutil@TStringFormat_XX
@$xp$24Libxmlparser@TErrorEvent
@$xp$24Libxmlparser@TObjectList
@$xp$25Cipher@TCipher_SAFER_K128
@$xp$25Cipher@TCipher_SAFER_SK40
@$xp$25Cipher@TCipher_SAFER_SK64
@$xp$25Decutil@TStringFormat_HEX
@$xp$25Hash@Thash_CRC16_Standard
@$xp$25Libxmlparser@TAttrDefault
@$xp$25Libxmlparser@TDtdElemType
@$xp$25Libxmlparser@TEndTagEvent
@$xp$25Libxmlparser@TEntityEvent
@$xp$25Libxmlparser@TEntityStack
@$xp$25Libxmlparser@TNotationDef
@$xp$26Cipher@TCipher_SAFER_SK128
@$xp$26Decutil@TStringFormat_HEXL
@$xp$26Libxmlparser@TCommentEvent
@$xp$26Libxmlparser@TContentEvent
@$xp$26Libxmlparser@TElementEvent
@$xp$26Processviewer@TProcessInfo
@$xp$27Libxmlcomps@TEasyXmlScanner
@$xp$27Libxmlparser@TEncodingEvent
@$xp$27Libxmlparser@TExternalEvent
@$xp$27Libxmlparser@TNotationEvent
@$xp$27Libxmlparser@TStartTagEvent
@$xp$27Uremotecommand@TCommandType
@$xp$28Decutil@TStringFormat_MIME64
@$xp$28Libxmlparser@TXmlPrologEvent
@$xp$28Processviewer@TProcessViewer
@$xp$29Libxmlparser@LibXmlParser__31
@$xp$29Libxmlparser@LibXmlParser__41
@$xp$29Libxmlparser@LibXmlParser__51
@$xp$29Libxmlparser@LibXmlParser__61
@$xp$29Libxmlparser@LibXmlParser__71
@$xp$29Uremotecommand@TRemoteCommand
@$xp$30Libxmlparser@TCustomXmlScanner
@$xp$30Processviewer@ProcessViewer__2
@$xp$9Hash@TMAC
@@I18n@Finalize
@@I18n@Initialize
@@Nlagtcfg@Finalize
@@Nlagtcfg@Initialize
@@Nlremotelogin@Finalize
@@Nlremotelogin@Initialize
@@Utracing@Finalize
@@Utracing@Initialize
@Cipher@CheckCipherKeySize
@Cipher@CipherList$qqrv
@Cipher@CipherNames$qqrp16Classes@TStrings
@Cipher@DefaultCipherClass$qqrv
@Cipher@ECipherException@
@Cipher@Finalization$qqrv
@Cipher@GetCipherClass$qqrx17System@AnsiString
@Cipher@GetCipherName$qqrp17System@TMetaClass
@Cipher@RaiseCipherException$qqrxix17System@AnsiString
@Cipher@RegisterCipher$qqrpx17System@TMetaClassx17System@AnsiStringt2
@Cipher@SetDefaultCipherClass$qqrp17System@TMetaClass
@Cipher@TCipher@
@Cipher@TCipher@$bctr$qqrx17System@AnsiStringp19Decutil@TProtection
@Cipher@TCipher@$bdtr$qqrv
@Cipher@TCipher@CalcMAC$qqri
@Cipher@TCipher@CodeBuf$qqrpvxi16Decutil@TPAction
@Cipher@TCipher@CodeDone$qqr16Decutil@TPAction
@Cipher@TCipher@CodeInit$qqr16Decutil@TPAction
@Cipher@TCipher@Decode$qqrpv
@Cipher@TCipher@DecodeBuffer$qqrpxvpvi
@Cipher@TCipher@DecodeFile$qqrx17System@AnsiStringt1
@Cipher@TCipher@DecodeStream$qqrpx15Classes@TStreamt1i
@Cipher@TCipher@DecodeString$qqrx17System@AnsiString
@Cipher@TCipher@Done$qqrv
@Cipher@TCipher@Encode$qqrpv
@Cipher@TCipher@EncodeBuffer$qqrpxvpvi
@Cipher@TCipher@EncodeFile$qqrx17System@AnsiStringt1
@Cipher@TCipher@EncodeStream$qqrpx15Classes@TStreamt1i
@Cipher@TCipher@EncodeString$qqrx17System@AnsiString
@Cipher@TCipher@GetContext$qqrp17System@TMetaClassrit2t2
@Cipher@TCipher@GetFlag$qqri
@Cipher@TCipher@GetHash$qqrv
@Cipher@TCipher@Init$qqrpxvipv
@Cipher@TCipher@InitBegin$qqrri
@Cipher@TCipher@InitEnd$qqrpv
@Cipher@TCipher@InitKey$qqrx17System@AnsiStringpv
@Cipher@TCipher@InternalCodeFile$qqrx17System@AnsiStringt1o
@Cipher@TCipher@InternalCodeStream$qqrp15Classes@TStreamt1io
@Cipher@TCipher@MaxKeySize$qqrp17System@TMetaClass
@Cipher@TCipher@Protect$qqrv
@Cipher@TCipher@SelfTest$qqrp17System@TMetaClass
@Cipher@TCipher@SetFlag$qqrio
@Cipher@TCipher@SetHashClass$qqrp17System@TMetaClass
@Cipher@TCipher@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_3Way@
@Cipher@TCipher_3Way@Decode$qqrpv
@Cipher@TCipher_3Way@Encode$qqrpv
@Cipher@TCipher_3Way@GetContext$qqrp17System@TMetaClassrit2t2
@Cipher@TCipher_3Way@Init$qqrpxvipv
@Cipher@TCipher_3Way@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_Blowfish@
@Cipher@TCipher_Blowfish@Decode$qqrpv
@Cipher@TCipher_Blowfish@Decode386$qqrpv
@Cipher@TCipher_Blowfish@Encode$qqrpv
@Cipher@TCipher_Blowfish@Encode386$qqrpv
@Cipher@TCipher_Blowfish@GetContext$qqrp17System@TMetaClassrit2t2
@Cipher@TCipher_Blowfish@Init$qqrpxvipv
@Cipher@TCipher_Blowfish@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_Gost@
@Cipher@TCipher_Gost@Decode$qqrpv
@Cipher@TCipher_Gost@Encode$qqrpv
@Cipher@TCipher_Gost@GetContext$qqrp17System@TMetaClassrit2t2
@Cipher@TCipher_Gost@Init$qqrpxvipv
@Cipher@TCipher_Gost@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_IDEA@
@Cipher@TCipher_IDEA@Cipher$qqrpa16384$ust1
@Cipher@TCipher_IDEA@Decode$qqrpv
@Cipher@TCipher_IDEA@Encode$qqrpv
@Cipher@TCipher_IDEA@GetContext$qqrp17System@TMetaClassrit2t2
@Cipher@TCipher_IDEA@Init$qqrpxvipv
@Cipher@TCipher_IDEA@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_Q128@
@Cipher@TCipher_Q128@Decode$qqrpv
@Cipher@TCipher_Q128@Encode$qqrpv
@Cipher@TCipher_Q128@GetContext$qqrp17System@TMetaClassrit2t2
@Cipher@TCipher_Q128@Init$qqrpxvipv
@Cipher@TCipher_Q128@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_SAFER@
@Cipher@TCipher_SAFER@Decode$qqrpv
@Cipher@TCipher_SAFER@Encode$qqrpv
@Cipher@TCipher_SAFER@GetContext$qqrp17System@TMetaClassrit2t2
@Cipher@TCipher_SAFER@Init$qqrpxvipv
@Cipher@TCipher_SAFER@InitNew$qqrpxvipv17Cipher@TSAFERMode
@Cipher@TCipher_SAFER@SetRounds$qqri
@Cipher@TCipher_SAFER@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_SAFER_K128@
@Cipher@TCipher_SAFER_K128@GetContext$qqrp17System@TMetaClassrit2t2
@Cipher@TCipher_SAFER_K128@Init$qqrpxvipv
@Cipher@TCipher_SAFER_K128@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_SAFER_K40@
@Cipher@TCipher_SAFER_K40@GetContext$qqrp17System@TMetaClassrit2t2
@Cipher@TCipher_SAFER_K40@Init$qqrpxvipv
@Cipher@TCipher_SAFER_K40@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_SAFER_K64@
@Cipher@TCipher_SAFER_K64@GetContext$qqrp17System@TMetaClassrit2t2
@Cipher@TCipher_SAFER_K64@Init$qqrpxvipv
@Cipher@TCipher_SAFER_K64@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_SAFER_SK128@
@Cipher@TCipher_SAFER_SK128@Init$qqrpxvipv
@Cipher@TCipher_SAFER_SK128@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_SAFER_SK40@
@Cipher@TCipher_SAFER_SK40@Init$qqrpxvipv
@Cipher@TCipher_SAFER_SK40@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_SAFER_SK64@
@Cipher@TCipher_SAFER_SK64@Init$qqrpxvipv
@Cipher@TCipher_SAFER_SK64@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_SCOP@
@Cipher@TCipher_SCOP@Decode$qqrpv
@Cipher@TCipher_SCOP@Done$qqrv
@Cipher@TCipher_SCOP@Encode$qqrpv
@Cipher@TCipher_SCOP@GetContext$qqrp17System@TMetaClassrit2t2
@Cipher@TCipher_SCOP@Init$qqrpxvipv
@Cipher@TCipher_SCOP@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_Shark@
@Cipher@TCipher_Shark@Decode$qqrpv
@Cipher@TCipher_Shark@Encode$qqrpv
@Cipher@TCipher_Shark@GetContext$qqrp17System@TMetaClassrit2t2
@Cipher@TCipher_Shark@Init$qqrpxvipv
@Cipher@TCipher_Shark@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_Square@
@Cipher@TCipher_Square@Decode$qqrpv
@Cipher@TCipher_Square@Encode$qqrpv
@Cipher@TCipher_Square@GetContext$qqrp17System@TMetaClassrit2t2
@Cipher@TCipher_Square@Init$qqrpxvipv
@Cipher@TCipher_Square@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_TEA@
@Cipher@TCipher_TEA@Decode$qqrpv
@Cipher@TCipher_TEA@Encode$qqrpv
@Cipher@TCipher_TEA@GetContext$qqrp17System@TMetaClassrit2t2
@Cipher@TCipher_TEA@Init$qqrpxvipv
@Cipher@TCipher_TEA@SetRounds$qqri
@Cipher@TCipher_TEA@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_TEAN@
@Cipher@TCipher_TEAN@Decode$qqrpv
@Cipher@TCipher_TEAN@Encode$qqrpv
@Cipher@TCipher_TEAN@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_Twofish@
@Cipher@TCipher_Twofish@Decode$qqrpv
@Cipher@TCipher_Twofish@Encode$qqrpv
@Cipher@TCipher_Twofish@GetContext$qqrp17System@TMetaClassrit2t2
@Cipher@TCipher_Twofish@Init$qqrpxvipv
@Cipher@TCipher_Twofish@TestVector$qqrp17System@TMetaClass
@Cipher@UnregisterCipher$qqrpx17System@TMetaClass
@Cipher@initialization$qqrv
@Decconst@Finalization$qqrv
@Decconst@_sBBSnotSeekable
@Decconst@_sBigNumAborted
@Decconst@_sBigNumDestroy
@Decconst@_sCalcName
@Decconst@_sCantCalc
@Decconst@_sDivByZero
@Decconst@_sErrAsComp
@Decconst@_sErrAsFloat
@Decconst@_sErrAsInteger
@Decconst@_sErrGeneric
@Decconst@_sExpMod
@Decconst@_sFMT_COPY
@Decconst@_sFMT_HEX
@Decconst@_sFMT_HEXL
@Decconst@_sFMT_MIME64
@Decconst@_sFMT_UU
@Decconst@_sFMT_XX
@Decconst@_sIDOutOfRange
@Decconst@_sIndexOutOfRange
@Decconst@_sInvalidCRC
@Decconst@_sInvalidCalc
@Decconst@_sInvalidChallenge
@Decconst@_sInvalidDictionary
@Decconst@_sInvalidFormatString
@Decconst@_sInvalidKey
@Decconst@_sInvalidKeySize
@Decconst@_sInvalidMACMode
@Decconst@_sInvalidPassword
@Decconst@_sInvalidRandomStream
@Decconst@_sInvalidSeed
@Decconst@_sInvalidState
@Decconst@_sInvalidStringFormat
@Decconst@_sInvalidZIPData
@Decconst@_sJacobi
@Decconst@_sLoadFail
@Decconst@_sNotInitialized
@Decconst@_sNumberFormat
@Decconst@_sOTPExt
@Decconst@_sOTPHex
@Decconst@_sOTPIdent
@Decconst@_sOTPWord
@Decconst@_sParams
@Decconst@_sProtectionCircular
@Decconst@_sRandomDataProtected
@Decconst@_sSKeyIdent
@Decconst@_sSPPrime
@Decconst@_sSetPrime
@Decconst@_sSetPrimeParam
@Decconst@_sSetPrimeSize
@Decconst@_sSqrt
@Decconst@_sStackIndex
@Decconst@_sStringFormatExists
@Decconst@initialization$qqrv
@Decutil@CPUType$qqrv
@Decutil@CRC16$qqruspvui
@Decutil@CRC32$qqruipvui
@Decutil@ConvertFormat$qqrpciii
@Decutil@DefaultStringFormat$qqrv
@Decutil@DeleteCR$qqrx17System@AnsiString
@Decutil@DoProgress$qqrp14System@TObjectii
@Decutil@EProtection@
@Decutil@EStringFormat@
@Decutil@Finalization$qqrv
@Decutil@FormatToStr$qqrpcii
@Decutil@GetShortClassName$qqrp17System@TMetaClass
@Decutil@GetStringFormats$qqrp16Classes@TStrings
@Decutil@GetTestVector$qqrv
@Decutil@IdentityBase
@Decutil@InitTestIsOk
@Decutil@InsertBlocks$qqrx17System@AnsiStringt1t1i
@Decutil@InsertCR$qqrx17System@AnsiStringi
@Decutil@IsObject$qqrpvp17System@TMetaClass
@Decutil@IsValidFormat$qqrpcii
@Decutil@IsValidString$qqrpcii
@Decutil@LSBit$qqri
@Decutil@MSBit$qqri
@Decutil@MemCompare$qqrpvt1i
@Decutil@OneBit$qqri
@Decutil@PerfCounter$qqrv
@Decutil@PerfFreq$qqrv
@Decutil@Progress
@Decutil@ROL$qqruii
@Decutil@ROLADD$qqruiuii
@Decutil@ROLSUB$qqruiuii
@Decutil@ROR$qqruii
@Decutil@RORADD$qqruiuii
@Decutil@RORSUB$qqruiuii
@Decutil@RegisterStringFormats$qqrpxp17System@TMetaClassxi
@Decutil@RemoveBlocks$qqrx17System@AnsiStringt1t1
@Decutil@RndTimeSeed$qqrv
@Decutil@RndXORBuffer$qqripvi
@Decutil@SetDefaultStringFormat$qqri
@Decutil@StrToFormat$qqrpcii
@Decutil@StringFormat$qqri
@Decutil@SwapBits$qqrui
@Decutil@SwapInteger
@Decutil@SwapIntegerBuffer
@Decutil@TProtection@
@Decutil@TProtection@$bctr$qqrp19Decutil@TProtection
@Decutil@TProtection@$bdtr$qqrv
@Decutil@TProtection@AddRef$qqrv
@Decutil@TProtection@CodeBuf$qqrpvxi16Decutil@TPAction
@Decutil@TProtection@CodeBuffer$qqrpvi16Decutil@TPAction
@Decutil@TProtection@CodeDone$qqr16Decutil@TPAction
@Decutil@TProtection@CodeFile$qqrx17System@AnsiStringt116Decutil@TPAction
@Decutil@TProtection@CodeInit$qqr16Decutil@TPAction
@Decutil@TProtection@CodeStream$qqrp15Classes@TStreamt1i16Decutil@TPAction
@Decutil@TProtection@CodeString$qqrx17System@AnsiString16Decutil@TPActioni
@Decutil@TProtection@GetProtection$qqrv
@Decutil@TProtection@Identity$qqrp17System@TMetaClass
@Decutil@TProtection@Release$qqrv
@Decutil@TProtection@SetProtection$qqrp19Decutil@TProtection
@Decutil@TStringFormat@
@Decutil@TStringFormat@Format$qqrp17System@TMetaClass
@Decutil@TStringFormat@IsValid$qqrp17System@TMetaClasspcio
@Decutil@TStringFormat@Name$qqrp17System@TMetaClass
@Decutil@TStringFormat@StrTo$qqrp17System@TMetaClasspci
@Decutil@TStringFormat@ToStr$qqrp17System@TMetaClasspci
@Decutil@TStringFormat_HEX@
@Decutil@TStringFormat_HEX@CharTable$qqrp17System@TMetaClass
@Decutil@TStringFormat_HEX@Format$qqrp17System@TMetaClass
@Decutil@TStringFormat_HEX@IsValid$qqrp17System@TMetaClasspcio
@Decutil@TStringFormat_HEX@Name$qqrp17System@TMetaClass
@Decutil@TStringFormat_HEX@StrTo$qqrp17System@TMetaClasspci
@Decutil@TStringFormat_HEX@ToStr$qqrp17System@TMetaClasspci
@Decutil@TStringFormat_HEXL@
@Decutil@TStringFormat_HEXL@CharTable$qqrp17System@TMetaClass
@Decutil@TStringFormat_HEXL@Format$qqrp17System@TMetaClass
@Decutil@TStringFormat_HEXL@Name$qqrp17System@TMetaClass
@Decutil@TStringFormat_MIME64@
@Decutil@TStringFormat_MIME64@CharTable$qqrp17System@TMetaClass
@Decutil@TStringFormat_MIME64@Format$qqrp17System@TMetaClass
@Decutil@TStringFormat_MIME64@Name$qqrp17System@TMetaClass
@Decutil@TStringFormat_MIME64@StrTo$qqrp17System@TMetaClasspci
@Decutil@TStringFormat_MIME64@ToStr$qqrp17System@TMetaClasspci
@Decutil@TStringFormat_UU@
@Decutil@TStringFormat_UU@CharTable$qqrp17System@TMetaClass
@Decutil@TStringFormat_UU@Format$qqrp17System@TMetaClass
@Decutil@TStringFormat_UU@IsValid$qqrp17System@TMetaClasspcio
@Decutil@TStringFormat_UU@Name$qqrp17System@TMetaClass
@Decutil@TStringFormat_UU@StrTo$qqrp17System@TMetaClasspci
@Decutil@TStringFormat_UU@ToStr$qqrp17System@TMetaClasspci
@Decutil@TStringFormat_XX@
@Decutil@TStringFormat_XX@CharTable$qqrp17System@TMetaClass
@Decutil@TStringFormat_XX@Format$qqrp17System@TMetaClass
@Decutil@TStringFormat_XX@Name$qqrp17System@TMetaClass
@Decutil@XORBuffers$qqrpvt1it1
@Decutil@initialization$qqrv
@Hash@DefaultHashClass$qqrv
@Hash@Finalization$qqrv
@Hash@GetHashClass$qqrx17System@AnsiString
@Hash@GetHashName$qqrp17System@TMetaClass
@Hash@HashList$qqrv
@Hash@HashNames$qqrp16Classes@TStrings
@Hash@RegisterHash$qqrpx17System@TMetaClassx17System@AnsiStringt2
@Hash@SetDefaultHashClass$qqrp17System@TMetaClass
@Hash@TChecksum@
@Hash@THash@
@Hash@THash@$bdtr$qqrv
@Hash@THash@Calc$qqrpxvi
@Hash@THash@CalcBuffer$qqrp17System@TMetaClasspxvip19Decutil@TProtectioni
@Hash@THash@CalcFile$qqrp17System@TMetaClassx17System@AnsiStringp19Decutil@TProtectioni
@Hash@THash@CalcStream$qqrp17System@TMetaClasspx15Classes@TStreamip19Decutil@TProtectioni
@Hash@THash@CalcString$qqrp17System@TMetaClassx17System@AnsiStringp19Decutil@TProtectioni
@Hash@THash@CodeBuf$qqrpvxi16Decutil@TPAction
@Hash@THash@CodeDone$qqr16Decutil@TPAction
@Hash@THash@CodeInit$qqr16Decutil@TPAction
@Hash@THash@DigestKey$qqrv
@Hash@THash@DigestKeySize$qqrp17System@TMetaClass
@Hash@THash@DigestStr$qqri
@Hash@THash@Done$qqrv
@Hash@THash@Init$qqrv
@Hash@THash@Protect$qqro
@Hash@THash@SelfTest$qqrp17System@TMetaClass
@Hash@THash@TestVector$qqrp17System@TMetaClass
@Hash@THash_CRC16_CCITT@
@Hash@THash_CRC16_CCITT@Calc$qqrpxvi
@Hash@THash_CRC16_CCITT@Init$qqrv
@Hash@THash_CRC16_CCITT@TestVector$qqrp17System@TMetaClass
@Hash@THash_CRC32@
@Hash@THash_CRC32@Calc$qqrpxvi
@Hash@THash_CRC32@Done$qqrv
@Hash@THash_CRC32@Init$qqrv
@Hash@THash_CRC32@TestVector$qqrp17System@TMetaClass
@Hash@THash_Haval128@
@Hash@THash_Haval128@DigestKeySize$qqrp17System@TMetaClass
@Hash@THash_Haval128@TestVector$qqrp17System@TMetaClass
@Hash@THash_Haval160@
@Hash@THash_Haval160@DigestKeySize$qqrp17System@TMetaClass
@Hash@THash_Haval160@TestVector$qqrp17System@TMetaClass
@Hash@THash_Haval192@
@Hash@THash_Haval192@DigestKeySize$qqrp17System@TMetaClass
@Hash@THash_Haval192@TestVector$qqrp17System@TMetaClass
@Hash@THash_Haval224@
@Hash@THash_Haval224@DigestKeySize$qqrp17System@TMetaClass
@Hash@THash_Haval224@TestVector$qqrp17System@TMetaClass
@Hash@THash_Haval256@
@Hash@THash_Haval256@Calc$qqrpxvi
@Hash@THash_Haval256@DigestKey$qqrv
@Hash@THash_Haval256@DigestKeySize$qqrp17System@TMetaClass
@Hash@THash_Haval256@Done$qqrv
@Hash@THash_Haval256@Init$qqrv
@Hash@THash_Haval256@SetRounds$qqri
@Hash@THash_Haval256@TestVector$qqrp17System@TMetaClass
@Hash@THash_Haval256@Transform3$qqrpa1024$ui
@Hash@THash_Haval256@Transform4$qqrpa1024$ui
@Hash@THash_Haval256@Transform5$qqrpa1024$ui
@Hash@THash_MD4@
@Hash@THash_MD4@Calc$qqrpxvi
@Hash@THash_MD4@DigestKey$qqrv
@Hash@THash_MD4@DigestKeySize$qqrp17System@TMetaClass
@Hash@THash_MD4@Done$qqrv
@Hash@THash_MD4@Init$qqrv
@Hash@THash_MD4@TestVector$qqrp17System@TMetaClass
@Hash@THash_MD4@Transform$qqrpa1024$ui
@Hash@THash_MD5@
@Hash@THash_MD5@TestVector$qqrp17System@TMetaClass
@Hash@THash_MD5@Transform$qqrpa1024$ui
@Hash@THash_RipeMD128@
@Hash@THash_RipeMD128@TestVector$qqrp17System@TMetaClass
@Hash@THash_RipeMD128@Transform$qqrpa1024$ui
@Hash@THash_RipeMD160@
@Hash@THash_RipeMD160@DigestKeySize$qqrp17System@TMetaClass
@Hash@THash_RipeMD160@TestVector$qqrp17System@TMetaClass
@Hash@THash_RipeMD160@Transform$qqrpa1024$ui
@Hash@THash_RipeMD256@
@Hash@THash_RipeMD256@DigestKeySize$qqrp17System@TMetaClass
@Hash@THash_RipeMD256@Init$qqrv
@Hash@THash_RipeMD256@TestVector$qqrp17System@TMetaClass
@Hash@THash_RipeMD256@Transform$qqrpa1024$ui
@Hash@THash_RipeMD320@
@Hash@THash_RipeMD320@DigestKeySize$qqrp17System@TMetaClass
@Hash@THash_RipeMD320@TestVector$qqrp17System@TMetaClass

Sections

.text
Size: 721KB - Virtual size: 724KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 168KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$SYSDIR/nlcspro/csagtprosvc.exe.dat
$SYSDIR/nlcspro/csprohk.dll
.dll windows:4 windows x86 arch:x86

938b37df516e90cd535c6402d94b80e3

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

81:97:77:54:f9:ce:71:d3:39:8f:4a:28:dd:8e:50:bd
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/08/2010, 00:00

Not After

17/08/2011, 23:59

Subject

CN=EduIQ.com Damjan Kriznik s.p.,O=EduIQ.com Damjan Kriznik s.p.,POSTALCODE=2288,STREET=Slovenja vas 2D,L=HAJDINA,ST=SLOVENIA,C=SI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
UnhookWindowsHookEx
SetWindowsHookExA
MessageBoxA
LoadStringA
GetSystemMetrics
GetAsyncKeyState
CallNextHookEx
CharNextA
CharToOemA

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
WriteFile
VirtualQuery
UnmapViewOfFile
MapViewOfFile
GetVersionExA
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetDiskFreeSpaceA
GetCPInfo
FreeLibrary
EnumCalendarInfoA
CreateFileMappingA
CloseHandle
Sleep

Exports

Exports

STARTKEYBOARDHOOK
STARTMOUSEHOOK
STOPKEYBOARDHOOK
STOPMOUSEHOOK

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 512B - Virtual size: 380B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 12KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$SYSDIR/nlcspro/cspromg.exe
.exe windows:4 windows x86 arch:x86

26ca6b3723c06dc2e9db7e8d14a7a9af

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

81:97:77:54:f9:ce:71:d3:39:8f:4a:28:dd:8e:50:bd
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/08/2010, 00:00

Not After

17/08/2011, 23:59

Subject

CN=EduIQ.com Damjan Kriznik s.p.,O=EduIQ.com Damjan Kriznik s.p.,POSTALCODE=2288,STREET=Slovenja vas 2D,L=HAJDINA,ST=SLOVENIA,C=SI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegFlushKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CompareStringA
CreateEventA
CreateFileA
CreateFileMappingA
CreateMutexA
CreateThread
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
EnumCalendarInfoA
ExitProcess
ExitThread
FindClose
FindFirstFileA
FindResourceA
FormatMessageA
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCommandLineA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceA
GetEnvironmentStrings
GetExitCodeThread
GetFileAttributesA
GetFileSize
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetProfileStringA
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetTempPathA
GetThreadLocale
GetTickCount
GetUserDefaultLCID
GetVersion
GetVersionExA
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadResource
LockResource
MapViewOfFile
MulDiv
MultiByteToWideChar
OpenMutexA
OpenProcess
RaiseException
ReadFile
ReadProcessMemory
ReleaseMutex
ResetEvent
ResumeThread
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
SizeofResource
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcpyA
lstrcpynA
lstrlenA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wsock32

htonl
htons
ntohl
ntohs

winspool.drv

ClosePrinter
DocumentPropertiesA
EnumPrintersA
OpenPrinterA

comctl32

ImageList_Add
ImageList_BeginDrag
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_DrawEx
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Read
ImageList_Remove
ImageList_Replace
ImageList_SetBkColor
ImageList_SetIconSize
ImageList_Write
_TrackMouseEvent
ImageList_Create

gdi32

BitBlt
CopyEnhMetaFileA
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
CreateDIBSection
CreateDIBitmap
CreateFontIndirectA
CreateHalftonePalette
CreateICA
CreatePalette
CreatePenIndirect
CreateSolidBrush
DeleteDC
DeleteEnhMetaFile
DeleteObject
EndDoc
EndPage
ExcludeClipRect
GetBitmapBits
GetBrushOrgEx
GetClipBox
GetCurrentPositionEx
GetDCOrgEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetEnhMetaFileBits
GetEnhMetaFileHeader
GetEnhMetaFilePaletteEntries
GetObjectA
GetPaletteEntries
GetPixel
GetRgnBox
GetStockObject
GetSystemPaletteEntries
GetTextExtentPoint32A
GetTextExtentPointA
GetTextMetricsA
GetWinMetaFileBits
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
MoveToEx
PatBlt
PlayEnhMetaFile
Polyline
RealizePalette
RectVisible
Rectangle
RestoreDC
SaveDC
SelectObject
SelectPalette
SetAbortProc
SetBitmapBits
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetEnhMetaFileBits
SetMapMode
SetPixel
SetROP2
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWinMetaFileBits
SetWindowOrgEx
StartDocA
StartPage
StretchBlt
UnrealizeObject

user32

ActivateKeyboardLayout
AdjustWindowRectEx
BeginPaint
BringWindowToTop
CallNextHookEx
CallWindowProcA
CharLowerA
CharLowerBuffA
CharNextA
CharToOemA
CharUpperBuffA
CheckMenuItem
ClientToScreen
CloseClipboard
CreateIcon
CreateMenu
CreatePopupMenu
CreateWindowExA
DefFrameProcA
DefMDIChildProcA
DefWindowProcA
DeleteMenu
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DispatchMessageW
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextA
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndPaint
EnumChildWindows
EnumThreadWindows
EnumWindows
EqualRect
FillRect
FindWindowA
FrameRect
GetActiveWindow
GetCapture
GetClassInfoA
GetClassLongA
GetClassNameA
GetClientRect
GetClipboardData
GetCursor
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextA
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameA
GetKeyboardState
GetKeyboardType
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoA
GetMenuState
GetMenuStringA
GetMessagePos
GetParent
GetPropA
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetTopWindow
GetUpdateRect
GetWindow
GetWindowDC
GetWindowLongA
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
InflateRect
InsertMenuA
InsertMenuItemA
IntersectRect
InvalidateRect
IsChild
IsDialogMessageA
IsDialogMessageW
IsIconic
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowUnicode
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapA
LoadCursorA
LoadIconA
LoadKeyboardLayoutA
LoadStringA
MapVirtualKeyA
MapWindowPoints
MessageBeep
MessageBoxA
MsgWaitForMultipleObjects
OemToCharA
OffsetRect
OpenClipboard
PeekMessageA
PeekMessageW
PostMessageA
PostQuitMessage
PtInRect
RedrawWindow
RegisterClassA
RegisterClipboardFormatA
RegisterWindowMessageA
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropA
ScreenToClient
ScrollWindow
SendMessageA
SendMessageW
SetActiveWindow
SetCapture
SetClassLongA
SetClipboardData
SetCursor
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoA
SetParent
SetPropA
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongA
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowTextA
SetWindowsHookExA
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoA
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassA
UpdateWindow
WaitMessage
WindowFromDC
WindowFromPoint
wsprintfA
GetSystemMetrics

ole32

CoInitialize
CoUninitialize

oleaut32

GetErrorInfo
SafeArrayCreate
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeType
VariantClear
VariantCopy
VariantInit

csprohk

ord4
ord2
ord3
ord1

Exports

Exports

@$xp$17Zlibex@EZLibError
@$xp$21Zlibex@TCustomZStream
@$xp$24Oneinstance@EOneInstance
@$xp$24Oneinstance@TOneInstance
@$xp$25Zlibex@EZCompressionError
@$xp$25Zlibex@TZCompressionLevel
@$xp$26Processviewer@TProcessInfo
@$xp$26Zlibex@TZCompressionStream
@$xp$27Zlibex@EZDecompressionError
@$xp$28Processviewer@TProcessViewer
@$xp$28Zlibex@TZDecompressionStream
@$xp$30Processviewer@ProcessViewer__2
@$xp$ynpqqri$v
@$xp$ynpqqrii$v
@$xp$ynpqqrp14System@TObject$v
@@I18n@Finalize
@@I18n@Initialize
@@Nlcmdmonthrd@Finalize
@@Nlcmdmonthrd@Initialize
@@Nlmessageguimain@Finalize
@@Nlmessageguimain@Initialize
@@Nlremotedesktopform@Finalize
@@Nlremotedesktopform@Initialize
@@Udatastorage@Finalize
@@Udatastorage@Initialize
@@Uscreendraw@Finalize
@@Uscreendraw@Initialize
@@Usmpipe@Finalize
@@Usmpipe@Initialize
@Oneinstance@EOneInstance@
@Oneinstance@Finalization$qqrv
@Oneinstance@Register$qqrv
@Oneinstance@TOneInstance@
@Oneinstance@TOneInstance@$bctr$qqrp18Classes@TComponent
@Oneinstance@TOneInstance@$bdtr$qqrv
@Oneinstance@TOneInstance@DoRaisePriorInstance$qqrv
@Oneinstance@TOneInstance@FinalizeLock$qqrv
@Oneinstance@TOneInstance@HandleException$qqr17System@AnsiStringp18Sysutils@Exception
@Oneinstance@TOneInstance@HasPriorInstance$qqrv
@Oneinstance@TOneInstance@InitializeLock$qqrv
@Oneinstance@TOneInstance@Loaded$qqrv
@Oneinstance@TOneInstance@RaiseException$qqr17System@AnsiString
@Oneinstance@initialization$qqrv
@Processviewer@Finalization$qqrv
@Processviewer@TProcessViewer@
@Processviewer@TProcessViewer@$bctr$qqro
@Processviewer@TProcessViewer@$bdtr$qqrv
@Processviewer@TProcessViewer@GetFileNameFromHandle$qqrui
@Processviewer@TProcessViewer@GetProcessList$qqrv
@Processviewer@TProcessViewer@GetProcessesWithoutWindowHandle$qqrv
@Processviewer@TProcessViewer@IsFileActive$qqr17System@AnsiString
@Processviewer@TProcessViewer@KillProcessByFileName$qqr17System@AnsiStringo
@Processviewer@TProcessViewer@KillProcessByPID$qqrui
@Processviewer@initialization$qqrv
@Uhooks@Finalization$qqrv
@Uhooks@LockComputer$qqrv
@Uhooks@UnLockComputer$qqrv
@Uhooks@initialization$qqrv
@Zlibex@DeflateInit2_$qqrr18Zlibex@TZStreamReciiiiipci
@Zlibex@EZCompressionError@
@Zlibex@EZDecompressionError@
@Zlibex@EZLibError@
@Zlibex@Finalization$qqrv
@Zlibex@MoveI32$qqrpxvpvi
@Zlibex@TCustomZStream@
@Zlibex@TCustomZStream@$bctr$qqrp15Classes@TStream
@Zlibex@TCustomZStream@DoProgress$qqrv
@Zlibex@TZCompressionStream@
@Zlibex@TZCompressionStream@$bctr$qqrp15Classes@TStream25Zlibex@TZCompressionLevel
@Zlibex@TZCompressionStream@$bdtr$qqrv
@Zlibex@TZCompressionStream@GetCompressionRate$qqrv
@Zlibex@TZCompressionStream@Read$qqrpvi
@Zlibex@TZCompressionStream@Seek$qqrius
@Zlibex@TZCompressionStream@Write$qqrpxvi
@Zlibex@TZDecompressionStream@
@Zlibex@TZDecompressionStream@$bctr$qqrp15Classes@TStream
@Zlibex@TZDecompressionStream@$bdtr$qqrv
@Zlibex@TZDecompressionStream@Read$qqrpvi
@Zlibex@TZDecompressionStream@Seek$qqrius
@Zlibex@TZDecompressionStream@Write$qqrpxvi
@Zlibex@ZCompress$qqrpxvirpvri25Zlibex@TZCompressionLevel
@Zlibex@ZCompressStr$qqrx17System@AnsiString25Zlibex@TZCompressionLevel
@Zlibex@ZCompressStream$qqrp15Classes@TStreamt125Zlibex@TZCompressionLevel
@Zlibex@ZDecompress$qqrpxvirpvrii
@Zlibex@ZDecompressStr$qqrx17System@AnsiString
@Zlibex@ZDecompressStream$qqrp15Classes@TStreamt1
@Zlibex@ZFastCompressString$qqrr17System@AnsiString25Zlibex@TZCompressionLevel
@Zlibex@ZFastDecompressString$qqrr17System@AnsiString
@Zlibex@ZSendToBrowser$qqrr17System@AnsiString
@Zlibex@adler32$qqripxci
@Zlibex@deflate$qqrr18Zlibex@TZStreamReci
@Zlibex@deflateEnd$qqrr18Zlibex@TZStreamRec
@Zlibex@deflateInit_$qqrr18Zlibex@TZStreamRecipci
@Zlibex@inflate$qqrr18Zlibex@TZStreamReci
@Zlibex@inflateEnd$qqrr18Zlibex@TZStreamRec
@Zlibex@inflateInit2_$qqrr18Zlibex@TZStreamRecipci
@Zlibex@inflateInit_$qqrr18Zlibex@TZStreamRecpci
@Zlibex@inflateReset$qqrr18Zlibex@TZStreamRec
@Zlibex@initialization$qqrv
_NLMGMainForm
_RemoteDesktopForm
__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 592KB - Virtual size: 596KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$SYSDIR/nlcspro/mencoder.exe
.exe windows:4 windows x86 arch:x86

957e55ee837deda5785384eea0808691

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/05/2005, 00:00

Not After

16/05/2010, 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c0:fc:b1:5d:fa:7b:8d:76:a4:26:1e:8b:74:ac:82:55
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/07/2009, 00:00

Not After

24/07/2010, 23:59

Subject

CN=EduIQ.com Damjan Kriznik s.p.,O=EduIQ.com Damjan Kriznik s.p.,POSTALCODE=2288,STREET=Zg. Hajdina 83C,L=HAJDINA,ST=SLOVENIA,C=SI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegSetValueExA

kernel32

CloseHandle
CreateEventA
CreateFileA
CreateSemaphoreA
CreateThread
DeleteCriticalSection
DeviceIoControl
DuplicateHandle
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetACP
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDriveTypeA
GetFileAttributesA
GetLastError
GetLogicalDrives
GetModuleFileNameA
GetModuleHandleA
GetNumberOfConsoleInputEvents
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetStdHandle
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetVersion
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedExchangeAdd
InterlockedIncrement
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
OpenProcess
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
ReadConsoleInputA
ReadFile
ReleaseSemaphore
ResetEvent
ResumeThread
SetEnvironmentVariableA
SetEvent
SetFilePointer
SetLastError
SetPriorityClass
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte

msvcrt

_close
_fdopen
_memccpy
_mkdir
_open
_read
_setmode
_stat
_strdup
_swab
_tempnam
_unlink
_write
__getmainargs
__lc_codepage
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_beginthreadex
_cexit
_endthreadex
_errno
_filbuf
_findclose
_findfirst
_findnext
_flsbuf
_fstati64
_ftime
_fullpath
_get_osfhandle
_iob
_isctype
_lseeki64
_onexit
_open_osfhandle
_pctype
_setjmp
_setmode
_snprintf
_stati64
_stricmp
_strnicmp
_telli64
_vsnprintf
abort
acos
asin
atan
atan2
atexit
atof
atoi
atol
calloc
ceil
clearerr
cos
cosh
ctime
exit
exp
fclose
fflush
fgetc
fgets
floor
fopen
fprintf
fputc
fputs
fread
free
frexp
fscanf
fseek
ftell
fwrite
getenv
gmtime
islower
isspace
isupper
localtime
log
log10
longjmp
malloc
memchr
memcmp
memcpy
memmove
memset
mktime
modf
perror
pow
printf
putchar
puts
qsort
rand
realloc
rename
rewind
setbuf
setlocale
signal
sin
sinh
sprintf
sqrt
srand
sscanf
strcat
strchr
strcmp
strcoll
strcpy
strcspn
strerror
strftime
strlen
strncat
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtod
strtok
strtol
strtoul
tan
tanh
time
tolower
toupper
ungetc
vfprintf
vsprintf

ole32

CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize

winmm

timeGetTime

ws2_32

WSACleanup
WSAGetLastError
WSASetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyname
gethostname
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
socket

Sections

.text
Size: 8.9MB - Virtual size: 8.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 376KB - Virtual size: 375KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$SYSDIR/nlcspro/mencoder_Copyright.txt
$SYSDIR/nlcspro/mencoder_LICENSE.txt
$SYSDIR/nlcspro/nlvs.exe
.exe windows:4 windows x86 arch:x86

0355eea2f6a3387bb5343847bae41257

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/05/2005, 00:00

Not After

16/05/2010, 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c0:fc:b1:5d:fa:7b:8d:76:a4:26:1e:8b:74:ac:82:55
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/07/2009, 00:00

Not After

24/07/2010, 23:59

Subject

CN=EduIQ.com Damjan Kriznik s.p.,O=EduIQ.com Damjan Kriznik s.p.,POSTALCODE=2288,STREET=Zg. Hajdina 83C,L=HAJDINA,ST=SLOVENIA,C=SI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

closesocket
WSACleanup
WSAStartup
inet_addr
gethostname
shutdown
bind
WSAGetLastError
socket
gethostbyname
recv
send
getsockname
getpeername
accept
setsockopt
listen
ioctlsocket
connect
htons
htonl

winmm

timeSetEvent
timeGetTime

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

wtsapi32

WTSEnumerateProcessesA
WTSEnumerateSessionsA
WTSFreeMemory

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

kernel32

CreateToolhelp32Snapshot
Sleep
GetExitCodeProcess
SetEvent
CreateEventA
OutputDebugStringA
SetCurrentDirectoryA
GetComputerNameA
ResumeThread
CreateThread
IsBadWritePtr
IsBadReadPtr
GetFileSize
CreateFileA
GetSystemInfo
GetSystemTime
SetFilePointer
ReadFile
CreateDirectoryA
SetErrorMode
MoveFileExA
SetFileTime
SystemTimeToFileTime
FlushFileBuffers
SetEndOfFile
WriteFile
MoveFileA
lstrlenA
GetDriveTypeA
GetLogicalDriveStringsA
FileTimeToSystemTime
GetFileTime
SetThreadPriority
GetCurrentThread
OpenEventA
GlobalUnlock
GlobalLock
GlobalAlloc
TerminateProcess
CreateProcessA
SetProcessShutdownParameters
Process32First
LockResource
GetCurrentProcessId
SizeofResource
FindResourceA
WriteConsoleA
GetStdHandle
FormatMessageA
AllocConsole
GlobalDeleteAtom
GlobalGetAtomNameA
GlobalAddAtomA
ResetEvent
GlobalFree
SearchPathA
ExitThread
HeapReAlloc
GetStartupInfoA
GetProcessHeap
GetCommandLineA
GetFileType
SetStdHandle
ExitProcess
FileTimeToLocalFileTime
HeapFree
HeapAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
TlsAlloc
DuplicateHandle
TlsSetValue
TlsFree
TlsGetValue
CreateSemaphoreA
ReleaseSemaphore
DeleteCriticalSection
InitializeCriticalSection
GetLocalTime
Process32Next
GetVersionExA
SetLastError
GetCurrentProcess
ReleaseMutex
WaitForSingleObject
UnmapViewOfFile
OpenFileMappingA
MapViewOfFile
CreateFileMappingA
WritePrivateProfileSectionA
WritePrivateProfileStructA
InterlockedDecrement
HeapSize
GetCPInfo
GetACP
GetPrivateProfileStructA
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
OpenProcess
CloseHandle
InterlockedIncrement
GetTempPathA
WinExec
CopyFileA
GetLastError
FreeLibrary
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
GetCurrentThreadId
LoadLibraryA
GetProcAddress
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
LCMapStringA
MultiByteToWideChar
LCMapStringW
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
GetFullPathNameA
GetCurrentDirectoryA
SetHandleCount
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetTimeZoneInformation
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
LoadResource
SetEnvironmentVariableA

user32

LoadMenuA
GetSubMenu
SetMenuDefaultItem
TrackPopupMenu
GetMenuItemID
EnableMenuItem
EnableWindow
GetKeyState
VkKeyScanA
ToAscii
GetAsyncKeyState
MapVirtualKeyA
SetRect
PeekMessageA
WaitMessage
IsIconic
RegisterWindowMessageA
GetIconInfo
SetClipboardViewer
EnumWindows
ChangeClipboardChain
DestroyWindow
WaitForInputIdle
WindowFromPoint
GetClipboardOwner
GetClipboardData
IsWindowVisible
OpenClipboard
EmptyClipboard
DestroyMenu
CloseClipboard
GetDlgItemInt
IsWindow
GetWindowTextA
OpenDesktopA
EnumDesktopWindows
GetClassNameA
mouse_event
GetKeyboardState
keybd_event
SetActiveWindow
MessageBeep
FlashWindow
GetDesktopWindow
ChangeDisplaySettingsExA
EnumDisplaySettingsA
DialogBoxParamA
EndDialog
SetWindowTextA
LoadStringA
GetWindowRect
InvalidateRect
GetDlgItemTextA
GetCursorPos
ScreenToClient
SetCursor
SetCapture
GetCaretBlinkTime
SetCaretBlinkTime
SetDlgItemInt
CheckDlgButton
GetProcessWindowStation
SetClipboardData
ExitWindowsEx
ReleaseCapture
MoveWindow
CallWindowProcA
GetParent
DrawIconEx
GetClientRect
GetDC
ReleaseDC
PostMessageA
SetDlgItemTextA
GetScrollInfo
GetDlgItem
SendDlgItemMessageA
SetForegroundWindow
MessageBoxA
wsprintfA
IsDlgButtonChecked
FindWindowA
GetWindowThreadProcessId
SystemParametersInfoA
GetForegroundWindow
SendMessageA
OpenInputDesktop
GetThreadDesktop
GetUserObjectInformationA
SetThreadDesktop
GetMessageA
DispatchMessageA
TranslateMessage
CloseDesktop
LoadIconA
LoadCursorA
RegisterClassExA
GetSystemMetrics
AdjustWindowRect
CreateWindowExA
GetWindowLongA
SetWindowLongA
ShowWindow
KillTimer
PostQuitMessage
SetTimer
DefWindowProcA
SetWindowPos
IsRectEmpty
LoadImageA
SetFocus

gdi32

GetObjectA
GetBitmapBits
GetPixel
GdiFlush
CreateCompatibleBitmap
CreateDIBSection
CreatePalette
SelectPalette
RealizePalette
SetDIBColorTable
GetDeviceCaps
BitBlt
ExtEscape
GetSystemPaletteEntries
SetROP2
MoveToEx
LineTo
SetBkMode
GetStockObject
GetClipBox
CreateCompatibleDC
CreateSolidBrush
SelectObject
PatBlt
StretchBlt
DeleteObject
CreateDCA
DeleteDC
GetDIBits

advapi32

RegOpenKeyExA
FreeSid
RevertToSelf
ImpersonateLoggedOnUser
OpenProcessToken
CreateProcessAsUserA
RegSetValueExA
RegQueryValueExA
RegCloseKey
OpenSCManagerA
EnumServicesStatusA
OpenServiceA
GetUserNameA
LookupAccountSidA
RegCreateKeyA
CreateServiceA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerExA
QueryServiceStatus
DeleteService
RegCreateKeyExA
SetServiceStatus
DuplicateTokenEx
SetTokenInformation
LookupPrivilegeValueA
AdjustTokenPrivileges
GetTokenInformation
AllocateAndInitializeSid
CloseServiceHandle
QueryServiceConfigA
EqualSid

shell32

SHAppBarMessage
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHFileOperationA
ShellExecuteA
ShellExecuteExA
Shell_NotifyIconA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

msvfw32

ord2

avifil32

AVIFileOpenA
AVIFileCreateStreamA
AVISaveOptions
AVISaveOptionsFree
AVIMakeCompressedStream
AVIStreamSetFormat
AVIStreamRelease
AVIFileRelease
AVIFileExit
AVIStreamWrite
AVIFileInit

imm32

ImmGetDefaultIMEWnd

Sections

.text
Size: 448KB - Virtual size: 445KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 336KB - Virtual size: 334KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$SYSDIR/nlcspro/psapi.dll
.dll windows:5 windows x86 arch:x86

976360032e50620712de94538beb6f31

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

psapi.pdb

Imports

kernel32

GetSystemInfo
LoadLibraryA
InterlockedExchange
FreeLibrary
GetProcAddress
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetLastError
DisableThreadLibraryCalls
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
CreateFileA
CloseHandle
GetProcessHeap
LocalFree
LocalAlloc
SetLastError
MultiByteToWideChar
WideCharToMultiByte
ReadProcessMemory
RaiseException
SetProcessWorkingSetSize
GetProcessWorkingSetSize
lstrcpyA
lstrlenA
HeapFree
HeapAlloc

ntdll

RtlUnwind
wcslen
wcschr
_stricmp
atoi
NtStopProfile
sprintf
_chkstk
DbgPrint
RtlUnicodeToOemN
RtlAdjustPrivilege
RtlMultiByteToUnicodeN
NtAllocateVirtualMemory
NtCreateProfile
NtSetIntervalProfile
NtStartProfile
NtWriteFile
NtSetInformationProcess
NtQueryInformationProcess
NtQueryVirtualMemory
NtQuerySystemInformation
RtlNtStatusToDosError

Exports

Exports

EmptyWorkingSet
EnumDeviceDrivers
EnumPageFilesA
EnumPageFilesW
EnumProcessModules
EnumProcesses
GetDeviceDriverBaseNameA
GetDeviceDriverBaseNameW
GetDeviceDriverFileNameA
GetDeviceDriverFileNameW
GetMappedFileNameA
GetMappedFileNameW
GetModuleBaseNameA
GetModuleBaseNameW
GetModuleFileNameExA
GetModuleFileNameExW
GetModuleInformation
GetPerformanceInfo
GetProcessImageFileNameA
GetProcessImageFileNameW
GetProcessMemoryInfo
GetWsChanges
InitializeProcessForWsWatch
QueryWorkingSet

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/nlcspro/sendsas.exe
.exe windows:4 windows x86 arch:x86

5b2a1593890aaadfce594cf5b8f4f63b

Code Sign

04:00:00:00:00:00:f9:7f:aa:2e:1e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

16/12/2003, 13:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign RootSign Partners CA,OU=RootSign Partners CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 12:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:10:92:eb:82:95
Certificate

Issuer

CN=GlobalSign RootSign Partners CA,OU=RootSign Partners CA,O=GlobalSign nv-sa,C=BE

Not Before

05/02/2007, 09:00

Not After

27/01/2014, 09:00

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign,1.2.840.113549.1.9.1=#0c1c74696d657374616d70696e666f40676c6f62616c7369676e2e636f6d

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:1a:58:1b:81:07
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

05/06/2008, 09:42

Not After

05/06/2009, 09:42

Subject

CN=EduIQ.com Damjan Kriznik s.p.,O=EduIQ.com Damjan Kriznik s.p.,C=SI,1.2.840.113549.1.9.1=#0c1864616d6a616e2e6b72697a6e696b4065647569712e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:17:ab:50:b9:15
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 09:00

Not After

27/01/2014, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CompareStringA
CreateFileA
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
EnumCalendarInfoA
ExitProcess
FindClose
FindFirstFileA
FormatMessageA
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceA
GetEnvironmentStrings
GetFileAttributesA
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetThreadLocale
GetUserDefaultLCID
GetVersion
GetVersionExA
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedExchange
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
MultiByteToWideChar
ProcessIdToSessionId
RaiseException
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WideCharToMultiByte
WriteFile
lstrcpynA
lstrlenA

user32

CharNextA
CharToOemA
DestroyWindow
EnumThreadWindows
GetKeyboardType
LoadStringA
MessageBoxA
wsprintfA
GetSystemMetrics

oleaut32

SafeArrayCreate
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeType
VariantClear
VariantCopy
VariantInit

Exports

Exports

__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LICENSE_PRO.TXT
README_PRO.TXT
bin/CSPro.chm
.chm
bin/LICENCE_nlvs.txt
bin/csagtpro.exe.dat
bin/csagtproconfig.exe
.exe windows:4 windows x86 arch:x86

bab798362d5c3056d7c750e101604769

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

81:97:77:54:f9:ce:71:d3:39:8f:4a:28:dd:8e:50:bd
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/08/2010, 00:00

Not After

17/08/2011, 23:59

Subject

CN=EduIQ.com Damjan Kriznik s.p.,O=EduIQ.com Damjan Kriznik s.p.,POSTALCODE=2288,STREET=Slovenja vas 2D,L=HAJDINA,ST=SLOVENIA,C=SI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
CloseServiceHandle
ControlService
DeleteService
EnumServicesStatusA
GetTokenInformation
GetUserNameA
LookupAccountSidA
LookupPrivilegeValueA
OpenProcessToken
OpenSCManagerA
OpenServiceA
QueryServiceStatus
RegCloseKey
RegCreateKeyExA
RegDeleteValueA
RegFlushKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
StartServiceA

kernel32

CloseHandle
CompareStringA
CopyFileA
CreateDirectoryA
CreateEventA
CreateFileA
CreateProcessA
CreateThread
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
EnumCalendarInfoA
ExitProcess
ExitThread
FindClose
FindFirstFileA
FindResourceA
FormatMessageA
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCommandLineA
GetComputerNameA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceA
GetEnvironmentStrings
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileSize
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetSystemDirectoryA
GetSystemTime
GetThreadLocale
GetTickCount
GetUserDefaultLCID
GetVersion
GetVersionExA
GlobalAddAtomA
GlobalDeleteAtom
GlobalFindAtomA
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadResource
LocalAlloc
LocalFree
LockResource
MulDiv
MultiByteToWideChar
OpenProcess
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ReadProcessMemory
ResetEvent
ResumeThread
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
SizeofResource
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
WritePrivateProfileStringA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA

mpr

WNetCloseEnum
WNetEnumResourceA
WNetGetProviderNameA
WNetGetResourceParentA
WNetOpenEnumA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wsock32

WSACleanup
WSAGetLastError
WSAStartup
gethostbyaddr
gethostbyname
gethostname
getservbyname
getservbyport
htonl
htons
ioctlsocket
inet_addr
ntohs

comctl32

ImageList_Add
ImageList_BeginDrag
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_DrawEx
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Read
ImageList_Remove
ImageList_Replace
ImageList_SetBkColor
ImageList_SetIconSize
ImageList_Write
ord17
_TrackMouseEvent
ImageList_Create

gdi32

BitBlt
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateDIBitmap
CreateFontIndirectA
CreateHalftonePalette
CreatePalette
CreatePen
CreatePenIndirect
CreateSolidBrush
DeleteDC
DeleteObject
ExcludeClipRect
GetBitmapBits
GetBrushOrgEx
GetClipBox
GetCurrentPositionEx
GetDCOrgEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetObjectA
GetPaletteEntries
GetPixel
GetRgnBox
GetStockObject
GetSystemPaletteEntries
GetTextExtentPoint32A
GetTextMetricsA
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
MoveToEx
PatBlt
Polyline
RealizePalette
RectVisible
Rectangle
RestoreDC
SaveDC
SelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetPixel
SetROP2
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWindowOrgEx
StretchBlt
UnrealizeObject

shell32

ShellExecuteA

user32

ActivateKeyboardLayout
AdjustWindowRectEx
BeginPaint
CallNextHookEx
CallWindowProcA
CharLowerA
CharLowerBuffA
CharNextA
CharToOemA
CharUpperBuffA
CheckMenuItem
ClientToScreen
CreateIcon
CreateMenu
CreatePopupMenu
CreateWindowExA
DefFrameProcA
DefMDIChildProcA
DefWindowProcA
DeleteMenu
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DispatchMessageW
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextA
EnableMenuItem
EnableScrollBar
EnableWindow
EndPaint
EnumChildWindows
EnumThreadWindows
EnumWindows
EqualRect
ExitWindowsEx
FillRect
FindWindowA
FrameRect
GetActiveWindow
GetCapture
GetClassInfoA
GetClassLongA
GetClassNameA
GetClientRect
GetCursor
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextA
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameA
GetKeyboardState
GetKeyboardType
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoA
GetMenuState
GetMenuStringA
GetMessagePos
GetParent
GetPropA
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetTopWindow
GetWindow
GetWindowDC
GetWindowLongA
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
InflateRect
InsertMenuA
InsertMenuItemA
IntersectRect
InvalidateRect
IsChild
IsDialogMessageA
IsDialogMessageW
IsIconic
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowUnicode
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapA
LoadCursorA
LoadIconA
LoadKeyboardLayoutA
LoadStringA
MapVirtualKeyA
MapWindowPoints
MessageBoxA
MsgWaitForMultipleObjects
OemToCharA
OffsetRect
PeekMessageA
PeekMessageW
PostMessageA
PostQuitMessage
PtInRect
RedrawWindow
RegisterClassA
RegisterClipboardFormatA
RegisterWindowMessageA
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropA
ScreenToClient
ScrollWindow
SendMessageA
SendMessageW
SetActiveWindow
SetCapture
SetClassLongA
SetCursor
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoA
SetParent
SetPropA
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongA
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowTextA
SetWindowsHookExA
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoA
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassA
UpdateWindow
ValidateRect
WaitMessage
WindowFromPoint
wsprintfA
GetSystemMetrics

ole32

CoInitialize
CoUninitialize

Exports

Exports

@$xp$10Hash@THash
@$xp$14Cipher@TCipher
@$xp$14Hash@TChecksum
@$xp$14Hash@THash_MD4
@$xp$14Hash@THash_MD5
@$xp$14Hash@THash_SHA
@$xp$15Hash@THash_SHA1
@$xp$16Decutil@TPAction
@$xp$16Hash@THash_CRC32
@$xp$16Hash@THash_Tiger
@$xp$16Hash@THash_XOR16
@$xp$16Hash@THash_XOR32
@$xp$17Cipher@TSAFERMode
@$xp$17Decutil@TPActions
@$xp$17Hash@THash_Snefru
@$xp$17Hash@THash_Square
@$xp$17Hash@TMAC_RFC2104
@$xp$18Cipher@TCipherMode
@$xp$18Cipher@TCipher_TEA
@$xp$18Libxmlparser@TAttr
@$xp$19Cipher@TCipher_3Way
@$xp$19Cipher@TCipher_Gost
@$xp$19Cipher@TCipher_IDEA
@$xp$19Cipher@TCipher_Q128
@$xp$19Cipher@TCipher_SCOP
@$xp$19Cipher@TCipher_TEAN
@$xp$19Decutil@EProtection
@$xp$19Decutil@TProtection
@$xp$19Hash@THash_Haval128
@$xp$19Hash@THash_Haval160
@$xp$19Hash@THash_Haval192
@$xp$19Hash@THash_Haval224
@$xp$19Hash@THash_Haval256
@$xp$19Hcmngr@THashManager
@$xp$20Cipher@TCipher_SAFER
@$xp$20Cipher@TCipher_Shark
@$xp$20Hash@THash_RipeMD128
@$xp$20Hash@THash_RipeMD160
@$xp$20Hash@THash_RipeMD256
@$xp$20Hash@THash_RipeMD320
@$xp$21Cipher@TCipher_Square
@$xp$21Decutil@EStringFormat
@$xp$21Decutil@TStringFormat
@$xp$21Hcmngr@TCipherManager
@$xp$21Hcmngr@TProgressEvent
@$xp$21Libxmlparser@TAttrDef
@$xp$21Libxmlparser@TCharset
@$xp$21Libxmlparser@TElemDef
@$xp$21Libxmlparser@TNvpList
@$xp$21Libxmlparser@TNvpNode
@$xp$21Libxmlparser@TPIEvent
@$xp$22Cipher@TCipher_Twofish
@$xp$22Decutil@TProgressEvent
@$xp$22Hash@THash_CRC16_CCITT
@$xp$22Hash@THash_Sapphire128
@$xp$22Hash@THash_Sapphire160
@$xp$22Hash@THash_Sapphire192
@$xp$22Hash@THash_Sapphire224
@$xp$22Hash@THash_Sapphire256
@$xp$22Hash@THash_Sapphire288
@$xp$22Hash@THash_Sapphire320
@$xp$22Libxmlparser@TAttrList
@$xp$22Libxmlparser@TAttrType
@$xp$22Libxmlparser@TDtdEvent
@$xp$22Libxmlparser@TElemList
@$xp$22Libxmlparser@TElemType
@$xp$22Libxmlparser@TPartType
@$xp$23Cipher@ECipherException
@$xp$23Cipher@TCipher_Blowfish
@$xp$23Libxmlcomps@TXmlScanner
@$xp$23Libxmlparser@TEntityDef
@$xp$23Libxmlparser@TValueType
@$xp$23Libxmlparser@TXmlParser
@$xp$24Cipher@TCipher_SAFER_K40
@$xp$24Cipher@TCipher_SAFER_K64
@$xp$24Decutil@TStringFormat_UU
@$xp$24Decutil@TStringFormat_XX
@$xp$24Libxmlparser@TErrorEvent
@$xp$24Libxmlparser@TObjectList
@$xp$25Cipher@TCipher_SAFER_K128
@$xp$25Cipher@TCipher_SAFER_SK40
@$xp$25Cipher@TCipher_SAFER_SK64
@$xp$25Decutil@TStringFormat_HEX
@$xp$25Hash@Thash_CRC16_Standard
@$xp$25Libxmlparser@TAttrDefault
@$xp$25Libxmlparser@TDtdElemType
@$xp$25Libxmlparser@TEndTagEvent
@$xp$25Libxmlparser@TEntityEvent
@$xp$25Libxmlparser@TEntityStack
@$xp$25Libxmlparser@TNotationDef
@$xp$26Cipher@TCipher_SAFER_SK128
@$xp$26Decutil@TStringFormat_HEXL
@$xp$26Libxmlparser@TCommentEvent
@$xp$26Libxmlparser@TContentEvent
@$xp$26Libxmlparser@TElementEvent
@$xp$26Processviewer@TProcessInfo
@$xp$27Libxmlcomps@TEasyXmlScanner
@$xp$27Libxmlparser@TEncodingEvent
@$xp$27Libxmlparser@TExternalEvent
@$xp$27Libxmlparser@TNotationEvent
@$xp$27Libxmlparser@TStartTagEvent
@$xp$27Uremotecommand@TCommandType
@$xp$28Decutil@TStringFormat_MIME64
@$xp$28Libxmlparser@TXmlPrologEvent
@$xp$28Processviewer@TProcessViewer
@$xp$29Libxmlparser@LibXmlParser__31
@$xp$29Libxmlparser@LibXmlParser__41
@$xp$29Libxmlparser@LibXmlParser__51
@$xp$29Libxmlparser@LibXmlParser__61
@$xp$29Libxmlparser@LibXmlParser__71
@$xp$29Uremotecommand@TRemoteCommand
@$xp$30Libxmlparser@TCustomXmlScanner
@$xp$30Processviewer@ProcessViewer__2
@$xp$9Hash@TMAC
@@I18n@Finalize
@@I18n@Initialize
@@Nlagtcfg@Finalize
@@Nlagtcfg@Initialize
@@Nlremotelogin@Finalize
@@Nlremotelogin@Initialize
@@Utracing@Finalize
@@Utracing@Initialize
@Cipher@CheckCipherKeySize
@Cipher@CipherList$qqrv
@Cipher@CipherNames$qqrp16Classes@TStrings
@Cipher@DefaultCipherClass$qqrv
@Cipher@ECipherException@
@Cipher@Finalization$qqrv
@Cipher@GetCipherClass$qqrx17System@AnsiString
@Cipher@GetCipherName$qqrp17System@TMetaClass
@Cipher@RaiseCipherException$qqrxix17System@AnsiString
@Cipher@RegisterCipher$qqrpx17System@TMetaClassx17System@AnsiStringt2
@Cipher@SetDefaultCipherClass$qqrp17System@TMetaClass
@Cipher@TCipher@
@Cipher@TCipher@$bctr$qqrx17System@AnsiStringp19Decutil@TProtection
@Cipher@TCipher@$bdtr$qqrv
@Cipher@TCipher@CalcMAC$qqri
@Cipher@TCipher@CodeBuf$qqrpvxi16Decutil@TPAction
@Cipher@TCipher@CodeDone$qqr16Decutil@TPAction
@Cipher@TCipher@CodeInit$qqr16Decutil@TPAction
@Cipher@TCipher@Decode$qqrpv
@Cipher@TCipher@DecodeBuffer$qqrpxvpvi
@Cipher@TCipher@DecodeFile$qqrx17System@AnsiStringt1
@Cipher@TCipher@DecodeStream$qqrpx15Classes@TStreamt1i
@Cipher@TCipher@DecodeString$qqrx17System@AnsiString
@Cipher@TCipher@Done$qqrv
@Cipher@TCipher@Encode$qqrpv
@Cipher@TCipher@EncodeBuffer$qqrpxvpvi
@Cipher@TCipher@EncodeFile$qqrx17System@AnsiStringt1
@Cipher@TCipher@EncodeStream$qqrpx15Classes@TStreamt1i
@Cipher@TCipher@EncodeString$qqrx17System@AnsiString
@Cipher@TCipher@GetContext$qqrp17System@TMetaClassrit2t2
@Cipher@TCipher@GetFlag$qqri
@Cipher@TCipher@GetHash$qqrv
@Cipher@TCipher@Init$qqrpxvipv
@Cipher@TCipher@InitBegin$qqrri
@Cipher@TCipher@InitEnd$qqrpv
@Cipher@TCipher@InitKey$qqrx17System@AnsiStringpv
@Cipher@TCipher@InternalCodeFile$qqrx17System@AnsiStringt1o
@Cipher@TCipher@InternalCodeStream$qqrp15Classes@TStreamt1io
@Cipher@TCipher@MaxKeySize$qqrp17System@TMetaClass
@Cipher@TCipher@Protect$qqrv
@Cipher@TCipher@SelfTest$qqrp17System@TMetaClass
@Cipher@TCipher@SetFlag$qqrio
@Cipher@TCipher@SetHashClass$qqrp17System@TMetaClass
@Cipher@TCipher@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_3Way@
@Cipher@TCipher_3Way@Decode$qqrpv
@Cipher@TCipher_3Way@Encode$qqrpv
@Cipher@TCipher_3Way@GetContext$qqrp17System@TMetaClassrit2t2
@Cipher@TCipher_3Way@Init$qqrpxvipv
@Cipher@TCipher_3Way@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_Blowfish@
@Cipher@TCipher_Blowfish@Decode$qqrpv
@Cipher@TCipher_Blowfish@Decode386$qqrpv
@Cipher@TCipher_Blowfish@Encode$qqrpv
@Cipher@TCipher_Blowfish@Encode386$qqrpv
@Cipher@TCipher_Blowfish@GetContext$qqrp17System@TMetaClassrit2t2
@Cipher@TCipher_Blowfish@Init$qqrpxvipv
@Cipher@TCipher_Blowfish@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_Gost@
@Cipher@TCipher_Gost@Decode$qqrpv
@Cipher@TCipher_Gost@Encode$qqrpv
@Cipher@TCipher_Gost@GetContext$qqrp17System@TMetaClassrit2t2
@Cipher@TCipher_Gost@Init$qqrpxvipv
@Cipher@TCipher_Gost@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_IDEA@
@Cipher@TCipher_IDEA@Cipher$qqrpa16384$ust1
@Cipher@TCipher_IDEA@Decode$qqrpv
@Cipher@TCipher_IDEA@Encode$qqrpv
@Cipher@TCipher_IDEA@GetContext$qqrp17System@TMetaClassrit2t2
@Cipher@TCipher_IDEA@Init$qqrpxvipv
@Cipher@TCipher_IDEA@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_Q128@
@Cipher@TCipher_Q128@Decode$qqrpv
@Cipher@TCipher_Q128@Encode$qqrpv
@Cipher@TCipher_Q128@GetContext$qqrp17System@TMetaClassrit2t2
@Cipher@TCipher_Q128@Init$qqrpxvipv
@Cipher@TCipher_Q128@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_SAFER@
@Cipher@TCipher_SAFER@Decode$qqrpv
@Cipher@TCipher_SAFER@Encode$qqrpv
@Cipher@TCipher_SAFER@GetContext$qqrp17System@TMetaClassrit2t2
@Cipher@TCipher_SAFER@Init$qqrpxvipv
@Cipher@TCipher_SAFER@InitNew$qqrpxvipv17Cipher@TSAFERMode
@Cipher@TCipher_SAFER@SetRounds$qqri
@Cipher@TCipher_SAFER@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_SAFER_K128@
@Cipher@TCipher_SAFER_K128@GetContext$qqrp17System@TMetaClassrit2t2
@Cipher@TCipher_SAFER_K128@Init$qqrpxvipv
@Cipher@TCipher_SAFER_K128@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_SAFER_K40@
@Cipher@TCipher_SAFER_K40@GetContext$qqrp17System@TMetaClassrit2t2
@Cipher@TCipher_SAFER_K40@Init$qqrpxvipv
@Cipher@TCipher_SAFER_K40@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_SAFER_K64@
@Cipher@TCipher_SAFER_K64@GetContext$qqrp17System@TMetaClassrit2t2
@Cipher@TCipher_SAFER_K64@Init$qqrpxvipv
@Cipher@TCipher_SAFER_K64@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_SAFER_SK128@
@Cipher@TCipher_SAFER_SK128@Init$qqrpxvipv
@Cipher@TCipher_SAFER_SK128@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_SAFER_SK40@
@Cipher@TCipher_SAFER_SK40@Init$qqrpxvipv
@Cipher@TCipher_SAFER_SK40@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_SAFER_SK64@
@Cipher@TCipher_SAFER_SK64@Init$qqrpxvipv
@Cipher@TCipher_SAFER_SK64@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_SCOP@
@Cipher@TCipher_SCOP@Decode$qqrpv
@Cipher@TCipher_SCOP@Done$qqrv
@Cipher@TCipher_SCOP@Encode$qqrpv
@Cipher@TCipher_SCOP@GetContext$qqrp17System@TMetaClassrit2t2
@Cipher@TCipher_SCOP@Init$qqrpxvipv
@Cipher@TCipher_SCOP@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_Shark@
@Cipher@TCipher_Shark@Decode$qqrpv
@Cipher@TCipher_Shark@Encode$qqrpv
@Cipher@TCipher_Shark@GetContext$qqrp17System@TMetaClassrit2t2
@Cipher@TCipher_Shark@Init$qqrpxvipv
@Cipher@TCipher_Shark@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_Square@
@Cipher@TCipher_Square@Decode$qqrpv
@Cipher@TCipher_Square@Encode$qqrpv
@Cipher@TCipher_Square@GetContext$qqrp17System@TMetaClassrit2t2
@Cipher@TCipher_Square@Init$qqrpxvipv
@Cipher@TCipher_Square@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_TEA@
@Cipher@TCipher_TEA@Decode$qqrpv
@Cipher@TCipher_TEA@Encode$qqrpv
@Cipher@TCipher_TEA@GetContext$qqrp17System@TMetaClassrit2t2
@Cipher@TCipher_TEA@Init$qqrpxvipv
@Cipher@TCipher_TEA@SetRounds$qqri
@Cipher@TCipher_TEA@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_TEAN@
@Cipher@TCipher_TEAN@Decode$qqrpv
@Cipher@TCipher_TEAN@Encode$qqrpv
@Cipher@TCipher_TEAN@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_Twofish@
@Cipher@TCipher_Twofish@Decode$qqrpv
@Cipher@TCipher_Twofish@Encode$qqrpv
@Cipher@TCipher_Twofish@GetContext$qqrp17System@TMetaClassrit2t2
@Cipher@TCipher_Twofish@Init$qqrpxvipv
@Cipher@TCipher_Twofish@TestVector$qqrp17System@TMetaClass
@Cipher@UnregisterCipher$qqrpx17System@TMetaClass
@Cipher@initialization$qqrv
@Decconst@Finalization$qqrv
@Decconst@_sBBSnotSeekable
@Decconst@_sBigNumAborted
@Decconst@_sBigNumDestroy
@Decconst@_sCalcName
@Decconst@_sCantCalc
@Decconst@_sDivByZero
@Decconst@_sErrAsComp
@Decconst@_sErrAsFloat
@Decconst@_sErrAsInteger
@Decconst@_sErrGeneric
@Decconst@_sExpMod
@Decconst@_sFMT_COPY
@Decconst@_sFMT_HEX
@Decconst@_sFMT_HEXL
@Decconst@_sFMT_MIME64
@Decconst@_sFMT_UU
@Decconst@_sFMT_XX
@Decconst@_sIDOutOfRange
@Decconst@_sIndexOutOfRange
@Decconst@_sInvalidCRC
@Decconst@_sInvalidCalc
@Decconst@_sInvalidChallenge
@Decconst@_sInvalidDictionary
@Decconst@_sInvalidFormatString
@Decconst@_sInvalidKey
@Decconst@_sInvalidKeySize
@Decconst@_sInvalidMACMode
@Decconst@_sInvalidPassword
@Decconst@_sInvalidRandomStream
@Decconst@_sInvalidSeed
@Decconst@_sInvalidState
@Decconst@_sInvalidStringFormat
@Decconst@_sInvalidZIPData
@Decconst@_sJacobi
@Decconst@_sLoadFail
@Decconst@_sNotInitialized
@Decconst@_sNumberFormat
@Decconst@_sOTPExt
@Decconst@_sOTPHex
@Decconst@_sOTPIdent
@Decconst@_sOTPWord
@Decconst@_sParams
@Decconst@_sProtectionCircular
@Decconst@_sRandomDataProtected
@Decconst@_sSKeyIdent
@Decconst@_sSPPrime
@Decconst@_sSetPrime
@Decconst@_sSetPrimeParam
@Decconst@_sSetPrimeSize
@Decconst@_sSqrt
@Decconst@_sStackIndex
@Decconst@_sStringFormatExists
@Decconst@initialization$qqrv
@Decutil@CPUType$qqrv
@Decutil@CRC16$qqruspvui
@Decutil@CRC32$qqruipvui
@Decutil@ConvertFormat$qqrpciii
@Decutil@DefaultStringFormat$qqrv
@Decutil@DeleteCR$qqrx17System@AnsiString
@Decutil@DoProgress$qqrp14System@TObjectii
@Decutil@EProtection@
@Decutil@EStringFormat@
@Decutil@Finalization$qqrv
@Decutil@FormatToStr$qqrpcii
@Decutil@GetShortClassName$qqrp17System@TMetaClass
@Decutil@GetStringFormats$qqrp16Classes@TStrings
@Decutil@GetTestVector$qqrv
@Decutil@IdentityBase
@Decutil@InitTestIsOk
@Decutil@InsertBlocks$qqrx17System@AnsiStringt1t1i
@Decutil@InsertCR$qqrx17System@AnsiStringi
@Decutil@IsObject$qqrpvp17System@TMetaClass
@Decutil@IsValidFormat$qqrpcii
@Decutil@IsValidString$qqrpcii
@Decutil@LSBit$qqri
@Decutil@MSBit$qqri
@Decutil@MemCompare$qqrpvt1i
@Decutil@OneBit$qqri
@Decutil@PerfCounter$qqrv
@Decutil@PerfFreq$qqrv
@Decutil@Progress
@Decutil@ROL$qqruii
@Decutil@ROLADD$qqruiuii
@Decutil@ROLSUB$qqruiuii
@Decutil@ROR$qqruii
@Decutil@RORADD$qqruiuii
@Decutil@RORSUB$qqruiuii
@Decutil@RegisterStringFormats$qqrpxp17System@TMetaClassxi
@Decutil@RemoveBlocks$qqrx17System@AnsiStringt1t1
@Decutil@RndTimeSeed$qqrv
@Decutil@RndXORBuffer$qqripvi
@Decutil@SetDefaultStringFormat$qqri
@Decutil@StrToFormat$qqrpcii
@Decutil@StringFormat$qqri
@Decutil@SwapBits$qqrui
@Decutil@SwapInteger
@Decutil@SwapIntegerBuffer
@Decutil@TProtection@
@Decutil@TProtection@$bctr$qqrp19Decutil@TProtection
@Decutil@TProtection@$bdtr$qqrv
@Decutil@TProtection@AddRef$qqrv
@Decutil@TProtection@CodeBuf$qqrpvxi16Decutil@TPAction
@Decutil@TProtection@CodeBuffer$qqrpvi16Decutil@TPAction
@Decutil@TProtection@CodeDone$qqr16Decutil@TPAction
@Decutil@TProtection@CodeFile$qqrx17System@AnsiStringt116Decutil@TPAction
@Decutil@TProtection@CodeInit$qqr16Decutil@TPAction
@Decutil@TProtection@CodeStream$qqrp15Classes@TStreamt1i16Decutil@TPAction
@Decutil@TProtection@CodeString$qqrx17System@AnsiString16Decutil@TPActioni
@Decutil@TProtection@GetProtection$qqrv
@Decutil@TProtection@Identity$qqrp17System@TMetaClass
@Decutil@TProtection@Release$qqrv
@Decutil@TProtection@SetProtection$qqrp19Decutil@TProtection
@Decutil@TStringFormat@
@Decutil@TStringFormat@Format$qqrp17System@TMetaClass
@Decutil@TStringFormat@IsValid$qqrp17System@TMetaClasspcio
@Decutil@TStringFormat@Name$qqrp17System@TMetaClass
@Decutil@TStringFormat@StrTo$qqrp17System@TMetaClasspci
@Decutil@TStringFormat@ToStr$qqrp17System@TMetaClasspci
@Decutil@TStringFormat_HEX@
@Decutil@TStringFormat_HEX@CharTable$qqrp17System@TMetaClass
@Decutil@TStringFormat_HEX@Format$qqrp17System@TMetaClass
@Decutil@TStringFormat_HEX@IsValid$qqrp17System@TMetaClasspcio
@Decutil@TStringFormat_HEX@Name$qqrp17System@TMetaClass
@Decutil@TStringFormat_HEX@StrTo$qqrp17System@TMetaClasspci
@Decutil@TStringFormat_HEX@ToStr$qqrp17System@TMetaClasspci
@Decutil@TStringFormat_HEXL@
@Decutil@TStringFormat_HEXL@CharTable$qqrp17System@TMetaClass
@Decutil@TStringFormat_HEXL@Format$qqrp17System@TMetaClass
@Decutil@TStringFormat_HEXL@Name$qqrp17System@TMetaClass
@Decutil@TStringFormat_MIME64@
@Decutil@TStringFormat_MIME64@CharTable$qqrp17System@TMetaClass
@Decutil@TStringFormat_MIME64@Format$qqrp17System@TMetaClass
@Decutil@TStringFormat_MIME64@Name$qqrp17System@TMetaClass
@Decutil@TStringFormat_MIME64@StrTo$qqrp17System@TMetaClasspci
@Decutil@TStringFormat_MIME64@ToStr$qqrp17System@TMetaClasspci
@Decutil@TStringFormat_UU@
@Decutil@TStringFormat_UU@CharTable$qqrp17System@TMetaClass
@Decutil@TStringFormat_UU@Format$qqrp17System@TMetaClass
@Decutil@TStringFormat_UU@IsValid$qqrp17System@TMetaClasspcio
@Decutil@TStringFormat_UU@Name$qqrp17System@TMetaClass
@Decutil@TStringFormat_UU@StrTo$qqrp17System@TMetaClasspci
@Decutil@TStringFormat_UU@ToStr$qqrp17System@TMetaClasspci
@Decutil@TStringFormat_XX@
@Decutil@TStringFormat_XX@CharTable$qqrp17System@TMetaClass
@Decutil@TStringFormat_XX@Format$qqrp17System@TMetaClass
@Decutil@TStringFormat_XX@Name$qqrp17System@TMetaClass
@Decutil@XORBuffers$qqrpvt1it1
@Decutil@initialization$qqrv
@Hash@DefaultHashClass$qqrv
@Hash@Finalization$qqrv
@Hash@GetHashClass$qqrx17System@AnsiString
@Hash@GetHashName$qqrp17System@TMetaClass
@Hash@HashList$qqrv
@Hash@HashNames$qqrp16Classes@TStrings
@Hash@RegisterHash$qqrpx17System@TMetaClassx17System@AnsiStringt2
@Hash@SetDefaultHashClass$qqrp17System@TMetaClass
@Hash@TChecksum@
@Hash@THash@
@Hash@THash@$bdtr$qqrv
@Hash@THash@Calc$qqrpxvi
@Hash@THash@CalcBuffer$qqrp17System@TMetaClasspxvip19Decutil@TProtectioni
@Hash@THash@CalcFile$qqrp17System@TMetaClassx17System@AnsiStringp19Decutil@TProtectioni
@Hash@THash@CalcStream$qqrp17System@TMetaClasspx15Classes@TStreamip19Decutil@TProtectioni
@Hash@THash@CalcString$qqrp17System@TMetaClassx17System@AnsiStringp19Decutil@TProtectioni
@Hash@THash@CodeBuf$qqrpvxi16Decutil@TPAction
@Hash@THash@CodeDone$qqr16Decutil@TPAction
@Hash@THash@CodeInit$qqr16Decutil@TPAction
@Hash@THash@DigestKey$qqrv
@Hash@THash@DigestKeySize$qqrp17System@TMetaClass
@Hash@THash@DigestStr$qqri
@Hash@THash@Done$qqrv
@Hash@THash@Init$qqrv
@Hash@THash@Protect$qqro
@Hash@THash@SelfTest$qqrp17System@TMetaClass
@Hash@THash@TestVector$qqrp17System@TMetaClass
@Hash@THash_CRC16_CCITT@
@Hash@THash_CRC16_CCITT@Calc$qqrpxvi
@Hash@THash_CRC16_CCITT@Init$qqrv
@Hash@THash_CRC16_CCITT@TestVector$qqrp17System@TMetaClass
@Hash@THash_CRC32@
@Hash@THash_CRC32@Calc$qqrpxvi
@Hash@THash_CRC32@Done$qqrv
@Hash@THash_CRC32@Init$qqrv
@Hash@THash_CRC32@TestVector$qqrp17System@TMetaClass
@Hash@THash_Haval128@
@Hash@THash_Haval128@DigestKeySize$qqrp17System@TMetaClass
@Hash@THash_Haval128@TestVector$qqrp17System@TMetaClass
@Hash@THash_Haval160@
@Hash@THash_Haval160@DigestKeySize$qqrp17System@TMetaClass
@Hash@THash_Haval160@TestVector$qqrp17System@TMetaClass
@Hash@THash_Haval192@
@Hash@THash_Haval192@DigestKeySize$qqrp17System@TMetaClass
@Hash@THash_Haval192@TestVector$qqrp17System@TMetaClass
@Hash@THash_Haval224@
@Hash@THash_Haval224@DigestKeySize$qqrp17System@TMetaClass
@Hash@THash_Haval224@TestVector$qqrp17System@TMetaClass
@Hash@THash_Haval256@
@Hash@THash_Haval256@Calc$qqrpxvi
@Hash@THash_Haval256@DigestKey$qqrv
@Hash@THash_Haval256@DigestKeySize$qqrp17System@TMetaClass
@Hash@THash_Haval256@Done$qqrv
@Hash@THash_Haval256@Init$qqrv
@Hash@THash_Haval256@SetRounds$qqri
@Hash@THash_Haval256@TestVector$qqrp17System@TMetaClass
@Hash@THash_Haval256@Transform3$qqrpa1024$ui
@Hash@THash_Haval256@Transform4$qqrpa1024$ui
@Hash@THash_Haval256@Transform5$qqrpa1024$ui
@Hash@THash_MD4@
@Hash@THash_MD4@Calc$qqrpxvi
@Hash@THash_MD4@DigestKey$qqrv
@Hash@THash_MD4@DigestKeySize$qqrp17System@TMetaClass
@Hash@THash_MD4@Done$qqrv
@Hash@THash_MD4@Init$qqrv
@Hash@THash_MD4@TestVector$qqrp17System@TMetaClass
@Hash@THash_MD4@Transform$qqrpa1024$ui
@Hash@THash_MD5@
@Hash@THash_MD5@TestVector$qqrp17System@TMetaClass
@Hash@THash_MD5@Transform$qqrpa1024$ui
@Hash@THash_RipeMD128@
@Hash@THash_RipeMD128@TestVector$qqrp17System@TMetaClass
@Hash@THash_RipeMD128@Transform$qqrpa1024$ui
@Hash@THash_RipeMD160@
@Hash@THash_RipeMD160@DigestKeySize$qqrp17System@TMetaClass
@Hash@THash_RipeMD160@TestVector$qqrp17System@TMetaClass
@Hash@THash_RipeMD160@Transform$qqrpa1024$ui
@Hash@THash_RipeMD256@
@Hash@THash_RipeMD256@DigestKeySize$qqrp17System@TMetaClass
@Hash@THash_RipeMD256@Init$qqrv
@Hash@THash_RipeMD256@TestVector$qqrp17System@TMetaClass
@Hash@THash_RipeMD256@Transform$qqrpa1024$ui
@Hash@THash_RipeMD320@
@Hash@THash_RipeMD320@DigestKeySize$qqrp17System@TMetaClass
@Hash@THash_RipeMD320@TestVector$qqrp17System@TMetaClass

Sections

.text
Size: 721KB - Virtual size: 724KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 168KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bin/csagtprosvc.exe.dat
bin/cspro.exe
.exe windows:4 windows x86 arch:x86

0cf4ea28b2e8dd60b8d3c3bdc8b429de

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

81:97:77:54:f9:ce:71:d3:39:8f:4a:28:dd:8e:50:bd
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/08/2010, 00:00

Not After

17/08/2011, 23:59

Subject

CN=EduIQ.com Damjan Kriznik s.p.,O=EduIQ.com Damjan Kriznik s.p.,POSTALCODE=2288,STREET=Slovenja vas 2D,L=HAJDINA,ST=SLOVENIA,C=SI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
CloseServiceHandle
ControlService
DeleteService
EnumServicesStatusA
GetTokenInformation
GetUserNameA
LookupAccountSidA
LookupPrivilegeValueA
OpenProcessToken
OpenSCManagerA
OpenServiceA
QueryServiceStatus
RegCloseKey
RegCreateKeyExA
RegDeleteValueA
RegFlushKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
StartServiceA

kernel32

CloseHandle
CompareStringA
CopyFileA
CreateDirectoryA
CreateEventA
CreateFileA
CreateMutexA
CreateProcessA
CreateThread
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
EnumCalendarInfoA
ExitProcess
ExitThread
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
FlushFileBuffers
FormatMessageA
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCommandLineA
GetComputerNameA
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceA
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentVariableA
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileSize
GetFileTime
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
GetProfileStringA
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetSystemDirectoryA
GetSystemTime
GetTempFileNameA
GetTempPathA
GetThreadLocale
GetTickCount
GetUserDefaultLCID
GetVersion
GetVersionExA
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadResource
LocalAlloc
LocalFree
LockResource
MoveFileA
MulDiv
MultiByteToWideChar
OpenProcess
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ReadProcessMemory
ReleaseMutex
ResetEvent
ResumeThread
RtlUnwind
SetConsoleCtrlHandler
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetErrorMode
SetEvent
SetFileAttributesA
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
SetThreadPriority
SizeofResource
Sleep
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
WritePrivateProfileStringA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA

mpr

WNetCloseEnum
WNetEnumResourceA
WNetGetProviderNameA
WNetGetResourceParentA
WNetOpenEnumA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wsock32

WSACleanup
WSAGetLastError
WSASetLastError
WSAStartup
gethostbyaddr
gethostbyname
gethostname
getservbyname
getservbyport
htonl
htons
ioctlsocket
inet_addr
ntohl
ntohs
setsockopt

winspool.drv

ClosePrinter
DocumentPropertiesA
EnumPrintersA
OpenPrinterA

comctl32

ImageList_Add
ImageList_BeginDrag
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_DrawEx
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Read
ImageList_Remove
ImageList_Replace
ImageList_SetBkColor
ImageList_SetIconSize
ImageList_Write
ord17
_TrackMouseEvent
ImageList_Create

comdlg32

GetOpenFileNameA
GetSaveFileNameA

gdi32

BitBlt
CombineRgn
CopyEnhMetaFileA
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
CreateDIBSection
CreateDIBitmap
CreateFontIndirectA
CreateHalftonePalette
CreateICA
CreatePalette
CreatePen
CreatePenIndirect
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteEnhMetaFile
DeleteObject
Ellipse
EndDoc
EndPage
ExcludeClipRect
ExtCreatePen
ExtTextOutA
GdiFlush
GetBitmapBits
GetBrushOrgEx
GetClipBox
GetClipRgn
GetCurrentPositionEx
GetDCOrgEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetEnhMetaFileBits
GetEnhMetaFileHeader
GetEnhMetaFilePaletteEntries
GetObjectA
GetPaletteEntries
GetPixel
GetRgnBox
GetStockObject
GetSystemPaletteEntries
GetTextExtentPoint32A
GetTextExtentPointA
GetTextMetricsA
GetWinMetaFileBits
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
MoveToEx
PatBlt
Pie
PlayEnhMetaFile
PolyPolyline
Polygon
Polyline
RealizePalette
RectVisible
Rectangle
RestoreDC
SaveDC
SelectClipRgn
SelectObject
SelectPalette
SetAbortProc
SetBitmapBits
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetEnhMetaFileBits
SetMapMode
SetPixel
SetPixelV
SetROP2
SetStretchBltMode
SetTextColor
SetViewportExtEx
SetViewportOrgEx
SetWinMetaFileBits
SetWindowExtEx
SetWindowOrgEx
StartDocA
StartPage
StretchBlt
UnrealizeObject

msimg32

GradientFill

shell32

SHFileOperationA
ShellExecuteA

shfolder

SHGetFolderPathA

user32

ActivateKeyboardLayout
AdjustWindowRectEx
BeginDeferWindowPos
BeginPaint
CallNextHookEx
CallWindowProcA
CharLowerA
CharLowerBuffA
CharNextA
CharToOemA
CharUpperBuffA
CheckMenuItem
ChildWindowFromPoint
ClientToScreen
CloseClipboard
CloseDesktop
CopyIcon
CreateCaret
CreateIcon
CreateIconIndirect
CreateMenu
CreatePopupMenu
CreateWindowExA
DefFrameProcA
DefMDIChildProcA
DefWindowProcA
DeferWindowPos
DeleteMenu
DestroyCaret
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DispatchMessageW
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextA
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndDeferWindowPos
EndPaint
EnumChildWindows
EnumClipboardFormats
EnumThreadWindows
EnumWindows
EqualRect
ExitWindowsEx
FillRect
FindWindowA
FrameRect
GetActiveWindow
GetCapture
GetCaretPos
GetClassInfoA
GetClassLongA
GetClassNameA
GetClientRect
GetClipboardData
GetCursor
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetDlgItem
GetDoubleClickTime
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextA
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameA
GetKeyboardState
GetKeyboardType
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoA
GetMenuState
GetMenuStringA
GetMessagePos
GetMessageTime
GetParent
GetProcessWindowStation
GetPropA
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetThreadDesktop
GetTopWindow
GetUpdateRect
GetUserObjectInformationA
GetWindow
GetWindowDC
GetWindowLongA
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
InflateRect
InsertMenuA
InsertMenuItemA
IntersectRect
InvalidateRect
IsCharAlphaA
IsCharAlphaNumericA
IsChild
IsDialogMessageA
IsDialogMessageW
IsIconic
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowUnicode
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
LoadKeyboardLayoutA
LoadStringA
LockWindowUpdate
MapVirtualKeyA
MapWindowPoints
MessageBeep
MessageBoxA
MsgWaitForMultipleObjects
OemToCharA
OffsetRect
OpenClipboard
OpenDesktopA
OpenInputDesktop
PeekMessageA
PeekMessageW
PostMessageA
PostQuitMessage
PtInRect
RedrawWindow
RegisterClassA
RegisterClipboardFormatA
RegisterWindowMessageA
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropA
ScreenToClient
ScrollWindow
ScrollWindowEx
SendMessageA
SendMessageW
SetActiveWindow
SetCapture
SetCaretPos
SetClassLongA
SetClipboardData
SetCursor
SetFocus
SetForegroundWindow
SetKeyboardState
SetMenu
SetMenuItemInfoA
SetParent
SetPropA
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetThreadDesktop
SetTimer
SetWindowLongA
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowTextA
SetWindowsHookExA
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoA
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnionRect
UnregisterClassA
UpdateWindow
ValidateRect
WaitMessage
WindowFromDC
WindowFromPoint
wsprintfA
GetSystemMetrics

ole32

CoCreateGuid
CoCreateInstance
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
StringFromCLSID

Exports

Exports

@$xp$10Hash@THash
@$xp$10TCCalendar
@$xp$12Kazip@TBytes
@$xp$12Kazip@TKAZip
@$xp$14Cipher@TCipher
@$xp$14Hash@TChecksum
@$xp$14Hash@THash_MD4
@$xp$14Hash@THash_MD5
@$xp$14Hash@THash_SHA
@$xp$14Kazip@KAZip__4
@$xp$15Hash@THash_SHA1
@$xp$15Ulicsystem@SKey
@$xp$16Decutil@TPAction
@$xp$16Hash@THash_CRC32
@$xp$16Hash@THash_Tiger
@$xp$16Hash@THash_XOR16
@$xp$16Hash@THash_XOR32
@$xp$16Kazip@TLocalFile
@$xp$16Kazip@TOnAddItem
@$xp$16Kazip@TOnZipOpen
@$xp$16Paszlib@z_stream
@$xp$17Cipher@TSAFERMode
@$xp$17Decutil@TPActions
@$xp$17Hash@THash_Snefru
@$xp$17Hash@THash_Square
@$xp$17Hash@TMAC_RFC2104
@$xp$17TPerformanceGraph
@$xp$17Zlibex@EZLibError
@$xp$18Cipher@TCipherMode
@$xp$18Cipher@TCipher_TEA
@$xp$18Kazip@TOnZipChange
@$xp$18Libxmlparser@TAttr
@$xp$18Paszlib@EZlibError
@$xp$18Vncviewer@TDirItem
@$xp$19Cipher@TCipher_3Way
@$xp$19Cipher@TCipher_Gost
@$xp$19Cipher@TCipher_IDEA
@$xp$19Cipher@TCipher_Q128
@$xp$19Cipher@TCipher_SCOP
@$xp$19Cipher@TCipher_TEAN
@$xp$19Decutil@EProtection
@$xp$19Decutil@TProtection
@$xp$19Hash@THash_Haval128
@$xp$19Hash@THash_Haval160
@$xp$19Hash@THash_Haval192
@$xp$19Hash@THash_Haval224
@$xp$19Hash@THash_Haval256
@$xp$19Hcmngr@THashManager
@$xp$19Kazip@TKAZipEntries
@$xp$19Kazip@TOnRebuildZip
@$xp$19Vncstream@TInStream
@$xp$19Vncviewer@TDirItems
@$xp$19Vncviewer@TVNCCodec
@$xp$20Cipher@TCipher_SAFER
@$xp$20Cipher@TCipher_Shark
@$xp$20Hash@THash_RipeMD128
@$xp$20Hash@THash_RipeMD160
@$xp$20Hash@THash_RipeMD256
@$xp$20Hash@THash_RipeMD320
@$xp$20Kazip@TOnRemoveItems
@$xp$20Kazip@TZipSaveMethod
@$xp$20Paszlib@inflate_mode
@$xp$20Stringcommon@CharSet
@$xp$20Vncstream@TOutStream
@$xp$20Vncviewer@TDSMPlugin
@$xp$20Vncviewer@TRREStatus
@$xp$20Vncviewer@TTextEvent
@$xp$21Cipher@TCipher_Square
@$xp$21Decutil@EStringFormat
@$xp$21Decutil@TStringFormat
@$xp$21Hcmngr@TCipherManager
@$xp$21Hcmngr@TProgressEvent
@$xp$21Kazip@TOnCompressFile
@$xp$21Libxmlparser@TAttrDef
@$xp$21Libxmlparser@TCharset
@$xp$21Libxmlparser@TElemDef
@$xp$21Libxmlparser@TNvpList
@$xp$21Libxmlparser@TNvpNode
@$xp$21Libxmlparser@TPIEvent
@$xp$21Zlibex@TCustomZStream
@$xp$22Cipher@TCipher_Twofish
@$xp$22Decutil@TProgressEvent
@$xp$22Hash@THash_CRC16_CCITT
@$xp$22Hash@THash_Sapphire128
@$xp$22Hash@THash_Sapphire160
@$xp$22Hash@THash_Sapphire192
@$xp$22Hash@THash_Sapphire224
@$xp$22Hash@THash_Sapphire256
@$xp$22Hash@THash_Sapphire288
@$xp$22Hash@THash_Sapphire320
@$xp$22Kazip@TOnOverwriteFile
@$xp$22Kazip@TOverwriteAction
@$xp$22Libxmlparser@TAttrList
@$xp$22Libxmlparser@TAttrType
@$xp$22Libxmlparser@TDtdEvent
@$xp$22Libxmlparser@TElemList
@$xp$22Libxmlparser@TElemType
@$xp$22Libxmlparser@TPartType
@$xp$22Vncstream@TMemInStream
@$xp$22Vncviewer@TemuPixelFmt
@$xp$22Vncviewer@VNCViewer__7
@$xp$22Vncviewer@VNCViewer__8
@$xp$23Cipher@ECipherException
@$xp$23Cipher@TCipher_Blowfish
@$xp$23Kazip@TOnDecompressFile
@$xp$23Libxmlcomps@TXmlScanner
@$xp$23Libxmlparser@TEntityDef
@$xp$23Libxmlparser@TValueType
@$xp$23Libxmlparser@TXmlParser
@$xp$23Vncstream@TMemOutStream
@$xp$23Vncstream@TZlibInStream
@$xp$23Vncviewer@TFileTransfer
@$xp$24Cipher@TCipher_SAFER_K40
@$xp$24Cipher@TCipher_SAFER_K64
@$xp$24Decutil@TStringFormat_UU
@$xp$24Decutil@TStringFormat_XX
@$xp$24Kazip@TKAZipEntriesEntry
@$xp$24Libxmlparser@TErrorEvent
@$xp$24Libxmlparser@TObjectList
@$xp$24Stringcommon@StringArray
@$xp$24Stringcommon@TuMSNStatus
@$xp$24Vncstream@TZlibOutStream
@$xp$24Vncviewer@THextileStatus
@$xp$24Vncviewer@TProgressEvent
@$xp$25Cipher@TCipher_SAFER_K128
@$xp$25Cipher@TCipher_SAFER_SK40
@$xp$25Cipher@TCipher_SAFER_SK64
@$xp$25Decutil@TStringFormat_HEX
@$xp$25Hash@Thash_CRC16_Standard
@$xp$25Kazip@TZipCompressionType
@$xp$25Libxmlparser@TAttrDefault
@$xp$25Libxmlparser@TDtdElemType
@$xp$25Libxmlparser@TEndTagEvent
@$xp$25Libxmlparser@TEntityEvent
@$xp$25Libxmlparser@TEntityStack
@$xp$25Libxmlparser@TNotationDef
@$xp$25Paszlib@ECompressionError
@$xp$25Paszlib@TCompressionLevel
@$xp$25Paszlib@TCustomZlibStream
@$xp$25Stringcommon@CharSetArray
@$xp$25Ubufferqueue@EBufferQueue
@$xp$25Ubufferqueue@TBufferQueue
@$xp$25Vncviewer@TFrameSizeEvent
@$xp$25Zlibex@EZCompressionError
@$xp$25Zlibex@TZCompressionLevel
@$xp$26Cipher@TCipher_SAFER_SK128
@$xp$26Decutil@TStringFormat_HEXL
@$xp$26Libxmlparser@TCommentEvent
@$xp$26Libxmlparser@TContentEvent
@$xp$26Libxmlparser@TElementEvent
@$xp$26Paszlib@TCompressionStream
@$xp$26Paszlib@inflate_block_mode
@$xp$26Paszlib@inflate_codes_mode
@$xp$26Processviewer@TProcessInfo
@$xp$26Vncviewer@TDelphiVNCViewer
@$xp$26Vncviewer@TVNCClientThread
@$xp$26Zlibex@TZCompressionStream
@$xp$27Cdiroutl@TCDirectoryOutline
@$xp$27Kazip@TCentralDirectoryFile
@$xp$27Kazip@TZipCompressionMethod
@$xp$27Libxmlcomps@TEasyXmlScanner
@$xp$27Libxmlparser@TEncodingEvent
@$xp$27Libxmlparser@TExternalEvent
@$xp$27Libxmlparser@TNotationEvent
@$xp$27Libxmlparser@TStartTagEvent
@$xp$27Paszlib@EDecompressionError
@$xp$27Ulicsystem@TLicensingSystem
@$xp$27Uremotecommand@TCommandType
@$xp$27Virtualsock@TTCPBlockSocket
@$xp$27Vncviewer@TReceiveFileStart
@$xp$27Vncviewer@TVNCConnectStatus
@$xp$27Vncviewer@TVNCSessionStatus
@$xp$27Zlibex@EZDecompressionError
@$xp$28Decutil@TStringFormat_MIME64
@$xp$28Libxmlparser@TXmlPrologEvent
@$xp$28Paszlib@TDecompressionStream
@$xp$28Processviewer@TProcessViewer
@$xp$28Vncviewer@TOnVNCConnectError
@$xp$28Zlibex@TZDecompressionStream
@$xp$29Libxmlparser@LibXmlParser__31
@$xp$29Libxmlparser@LibXmlParser__41
@$xp$29Libxmlparser@LibXmlParser__51
@$xp$29Libxmlparser@LibXmlParser__61
@$xp$29Libxmlparser@LibXmlParser__71
@$xp$29Uremotecommand@TRemoteCommand
@$xp$29Virtualsock@TVSOnConnectEvent
@$xp$30Libxmlparser@TCustomXmlScanner
@$xp$30Processviewer@ProcessViewer__2
@$xp$32Virtualsock@TVSOnRecvBufferEvent
@$xp$32Virtualsock@TVSOnSendBufferEvent
@$xp$7TCGauge
@$xp$9Hash@TMAC
@$xp$ynpqqri$v
@$xp$ynpqqrii$v
@$xp$ynpqqrp14System@TObject$v
@$xp$ynpqqrp14System@TObjecti$v
@@Ccalendr@Finalize
@@Ccalendr@Initialize
@@Cdiroutl@Finalize
@@Cdiroutl@Initialize
@@Cgauges@Finalize
@@Cgauges@Initialize
@@I18n@Finalize
@@I18n@Initialize
@@Nlacthread@Finalize
@@Nlacthread@Initialize
@@Nladdgroupofcomputers@Finalize
@@Nladdgroupofcomputers@Initialize
@@Nlcommonclientselectiondialog@Finalize
@@Nlcommonclientselectiondialog@Initialize
@@Nlcomputerproperties@Finalize
@@Nlcomputerproperties@Initialize
@@Nlconnectedclients@Finalize
@@Nlconnectedclients@Initialize
@@Nldesktopplayernavigation@Finalize
@@Nldesktopplayernavigation@Initialize
@@Nlgroupagentinstall@Finalize
@@Nlgroupagentinstall@Initialize
@@Nllicensingsystem@Finalize
@@Nllicensingsystem@Initialize
@@Nlmainform@Finalize
@@Nlmainform@Initialize
@@Nlmanagelicenses@Finalize
@@Nlmanagelicenses@Initialize
@@Nlremotescreenform@Finalize
@@Nlremotescreenform@Initialize
@@Nlscreenstable@Finalize
@@Nlscreenstable@Initialize
@@Nltrialdialog@Finalize
@@Nltrialdialog@Initialize
@@Perfgrap@Finalize
@@Perfgrap@Initialize
@@Udatastorage@Finalize
@@Udatastorage@Initialize
@@Udesktopplayergui@Finalize
@@Udesktopplayergui@Initialize
@@Udesktoprecorderplayercommon@Finalize
@@Udesktoprecorderplayercommon@Initialize
@@Ufifostream@Finalize
@@Ufifostream@Initialize
@@Uhandshakemessage@Finalize
@@Uhandshakemessage@Initialize
@@Umonitors@Finalize
@@Umonitors@Initialize
@@Unetwork@Finalize
@@Unetwork@Initialize
@@Urecordingslistdisplay@Finalize
@@Urecordingslistdisplay@Initialize
@@Uscheduledtask@Finalize
@@Uscheduledtask@Initialize
@@Uscheduler@Finalize
@@Uscheduler@Initialize
@@Uscreencapture@Finalize
@@Uscreencapture@Initialize
@@Uscreendraw@Finalize
@@Uscreendraw@Initialize
@@Ustreamer@Finalize
@@Ustreamer@Initialize
@@Utracing@Finalize
@@Utracing@Initialize
@@Utreeviewmanager@Finalize
@@Utreeviewmanager@Initialize
@Cdiroutl@TCDirectoryOutline@
@Cdiroutl@TCDirectoryOutline@$bctr$qqrp18Classes@TComponent
@Cdiroutl@TCDirectoryOutline@APointer
@Cdiroutl@TCDirectoryOutline@AssignCaseProc$qqrv
@Cdiroutl@TCDirectoryOutline@BuildOneLevel$qqrl
@Cdiroutl@TCDirectoryOutline@BuildSubTree$qqrl
@Cdiroutl@TCDirectoryOutline@BuildTree$qqrv
@Cdiroutl@TCDirectoryOutline@Change$qqrv
@Cdiroutl@TCDirectoryOutline@Click$qqrv
@Cdiroutl@TCDirectoryOutline@CreateWnd$qqrv
@Cdiroutl@TCDirectoryOutline@CurDir$qv
@Cdiroutl@TCDirectoryOutline@DriveToInt$qqrc
@Cdiroutl@TCDirectoryOutline@Expand$qqri
@Cdiroutl@TCDirectoryOutline@ForceCase$qqrrx17System@AnsiString
@Cdiroutl@TCDirectoryOutline@GetChildNamed$qqrrx17System@AnsiStringl
@Cdiroutl@TCDirectoryOutline@InvalidIndex
@Cdiroutl@TCDirectoryOutline@Loaded$qqrv
@Cdiroutl@TCDirectoryOutline@RootIndex
@Cdiroutl@TCDirectoryOutline@SetDirectory$qqr17System@AnsiString
@Cdiroutl@TCDirectoryOutline@SetDrive$qqrc
@Cdiroutl@TCDirectoryOutline@SetTextCase$qqr18Cdiroutl@TTextCase
@Cdiroutl@TCDirectoryOutline@WalkTree$qqrrx17System@AnsiString
@Cipher@CheckCipherKeySize
@Cipher@CipherList$qqrv
@Cipher@CipherNames$qqrp16Classes@TStrings
@Cipher@DefaultCipherClass$qqrv
@Cipher@ECipherException@
@Cipher@Finalization$qqrv
@Cipher@GetCipherClass$qqrx17System@AnsiString
@Cipher@GetCipherName$qqrp17System@TMetaClass
@Cipher@RaiseCipherException$qqrxix17System@AnsiString
@Cipher@RegisterCipher$qqrpx17System@TMetaClassx17System@AnsiStringt2
@Cipher@SetDefaultCipherClass$qqrp17System@TMetaClass
@Cipher@TCipher@
@Cipher@TCipher@$bctr$qqrx17System@AnsiStringp19Decutil@TProtection
@Cipher@TCipher@$bdtr$qqrv
@Cipher@TCipher@CalcMAC$qqri
@Cipher@TCipher@CodeBuf$qqrpvxi16Decutil@TPAction
@Cipher@TCipher@CodeDone$qqr16Decutil@TPAction
@Cipher@TCipher@CodeInit$qqr16Decutil@TPAction
@Cipher@TCipher@Decode$qqrpv
@Cipher@TCipher@DecodeBuffer$qqrpxvpvi
@Cipher@TCipher@DecodeFile$qqrx17System@AnsiStringt1
@Cipher@TCipher@DecodeStream$qqrpx15Classes@TStreamt1i
@Cipher@TCipher@DecodeString$qqrx17System@AnsiString
@Cipher@TCipher@Done$qqrv
@Cipher@TCipher@Encode$qqrpv
@Cipher@TCipher@EncodeBuffer$qqrpxvpvi
@Cipher@TCipher@EncodeFile$qqrx17System@AnsiStringt1
@Cipher@TCipher@EncodeStream$qqrpx15Classes@TStreamt1i
@Cipher@TCipher@EncodeString$qqrx17System@AnsiString
@Cipher@TCipher@GetContext$qqrp17System@TMetaClassrit2t2
@Cipher@TCipher@GetFlag$qqri
@Cipher@TCipher@GetHash$qqrv
@Cipher@TCipher@Init$qqrpxvipv
@Cipher@TCipher@InitBegin$qqrri
@Cipher@TCipher@InitEnd$qqrpv
@Cipher@TCipher@InitKey$qqrx17System@AnsiStringpv
@Cipher@TCipher@InternalCodeFile$qqrx17System@AnsiStringt1o
@Cipher@TCipher@InternalCodeStream$qqrp15Classes@TStreamt1io
@Cipher@TCipher@MaxKeySize$qqrp17System@TMetaClass
@Cipher@TCipher@Protect$qqrv
@Cipher@TCipher@SelfTest$qqrp17System@TMetaClass
@Cipher@TCipher@SetFlag$qqrio
@Cipher@TCipher@SetHashClass$qqrp17System@TMetaClass
@Cipher@TCipher@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_3Way@
@Cipher@TCipher_3Way@Decode$qqrpv
@Cipher@TCipher_3Way@Encode$qqrpv
@Cipher@TCipher_3Way@GetContext$qqrp17System@TMetaClassrit2t2
@Cipher@TCipher_3Way@Init$qqrpxvipv
@Cipher@TCipher_3Way@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_Blowfish@
@Cipher@TCipher_Blowfish@Decode$qqrpv
@Cipher@TCipher_Blowfish@Decode386$qqrpv
@Cipher@TCipher_Blowfish@Encode$qqrpv
@Cipher@TCipher_Blowfish@Encode386$qqrpv
@Cipher@TCipher_Blowfish@GetContext$qqrp17System@TMetaClassrit2t2
@Cipher@TCipher_Blowfish@Init$qqrpxvipv
@Cipher@TCipher_Blowfish@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_Gost@
@Cipher@TCipher_Gost@Decode$qqrpv
@Cipher@TCipher_Gost@Encode$qqrpv
@Cipher@TCipher_Gost@GetContext$qqrp17System@TMetaClassrit2t2
@Cipher@TCipher_Gost@Init$qqrpxvipv
@Cipher@TCipher_Gost@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_IDEA@
@Cipher@TCipher_IDEA@Cipher$qqrpa16384$ust1
@Cipher@TCipher_IDEA@Decode$qqrpv
@Cipher@TCipher_IDEA@Encode$qqrpv
@Cipher@TCipher_IDEA@GetContext$qqrp17System@TMetaClassrit2t2
@Cipher@TCipher_IDEA@Init$qqrpxvipv
@Cipher@TCipher_IDEA@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_Q128@
@Cipher@TCipher_Q128@Decode$qqrpv
@Cipher@TCipher_Q128@Encode$qqrpv
@Cipher@TCipher_Q128@GetContext$qqrp17System@TMetaClassrit2t2
@Cipher@TCipher_Q128@Init$qqrpxvipv
@Cipher@TCipher_Q128@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_SAFER@
@Cipher@TCipher_SAFER@Decode$qqrpv
@Cipher@TCipher_SAFER@Encode$qqrpv
@Cipher@TCipher_SAFER@GetContext$qqrp17System@TMetaClassrit2t2
@Cipher@TCipher_SAFER@Init$qqrpxvipv
@Cipher@TCipher_SAFER@InitNew$qqrpxvipv17Cipher@TSAFERMode
@Cipher@TCipher_SAFER@SetRounds$qqri
@Cipher@TCipher_SAFER@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_SAFER_K128@
@Cipher@TCipher_SAFER_K128@GetContext$qqrp17System@TMetaClassrit2t2
@Cipher@TCipher_SAFER_K128@Init$qqrpxvipv
@Cipher@TCipher_SAFER_K128@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_SAFER_K40@
@Cipher@TCipher_SAFER_K40@GetContext$qqrp17System@TMetaClassrit2t2
@Cipher@TCipher_SAFER_K40@Init$qqrpxvipv
@Cipher@TCipher_SAFER_K40@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_SAFER_K64@
@Cipher@TCipher_SAFER_K64@GetContext$qqrp17System@TMetaClassrit2t2
@Cipher@TCipher_SAFER_K64@Init$qqrpxvipv
@Cipher@TCipher_SAFER_K64@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_SAFER_SK128@
@Cipher@TCipher_SAFER_SK128@Init$qqrpxvipv
@Cipher@TCipher_SAFER_SK128@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_SAFER_SK40@
@Cipher@TCipher_SAFER_SK40@Init$qqrpxvipv
@Cipher@TCipher_SAFER_SK40@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_SAFER_SK64@
@Cipher@TCipher_SAFER_SK64@Init$qqrpxvipv
@Cipher@TCipher_SAFER_SK64@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_SCOP@
@Cipher@TCipher_SCOP@Decode$qqrpv
@Cipher@TCipher_SCOP@Done$qqrv
@Cipher@TCipher_SCOP@Encode$qqrpv
@Cipher@TCipher_SCOP@GetContext$qqrp17System@TMetaClassrit2t2
@Cipher@TCipher_SCOP@Init$qqrpxvipv
@Cipher@TCipher_SCOP@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_Shark@
@Cipher@TCipher_Shark@Decode$qqrpv
@Cipher@TCipher_Shark@Encode$qqrpv
@Cipher@TCipher_Shark@GetContext$qqrp17System@TMetaClassrit2t2
@Cipher@TCipher_Shark@Init$qqrpxvipv
@Cipher@TCipher_Shark@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_Square@
@Cipher@TCipher_Square@Decode$qqrpv
@Cipher@TCipher_Square@Encode$qqrpv
@Cipher@TCipher_Square@GetContext$qqrp17System@TMetaClassrit2t2
@Cipher@TCipher_Square@Init$qqrpxvipv
@Cipher@TCipher_Square@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_TEA@
@Cipher@TCipher_TEA@Decode$qqrpv
@Cipher@TCipher_TEA@Encode$qqrpv
@Cipher@TCipher_TEA@GetContext$qqrp17System@TMetaClassrit2t2
@Cipher@TCipher_TEA@Init$qqrpxvipv
@Cipher@TCipher_TEA@SetRounds$qqri
@Cipher@TCipher_TEA@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_TEAN@
@Cipher@TCipher_TEAN@Decode$qqrpv
@Cipher@TCipher_TEAN@Encode$qqrpv
@Cipher@TCipher_TEAN@TestVector$qqrp17System@TMetaClass
@Cipher@TCipher_Twofish@
@Cipher@TCipher_Twofish@Decode$qqrpv
@Cipher@TCipher_Twofish@Encode$qqrpv
@Cipher@TCipher_Twofish@GetContext$qqrp17System@TMetaClassrit2t2
@Cipher@TCipher_Twofish@Init$qqrpxvipv
@Cipher@TCipher_Twofish@TestVector$qqrp17System@TMetaClass
@Cipher@UnregisterCipher$qqrpx17System@TMetaClass
@Cipher@initialization$qqrv
@Decconst@Finalization$qqrv
@Decconst@_sBBSnotSeekable
@Decconst@_sBigNumAborted
@Decconst@_sBigNumDestroy
@Decconst@_sCalcName
@Decconst@_sCantCalc
@Decconst@_sDivByZero
@Decconst@_sErrAsComp
@Decconst@_sErrAsFloat
@Decconst@_sErrAsInteger
@Decconst@_sErrGeneric
@Decconst@_sExpMod
@Decconst@_sFMT_COPY
@Decconst@_sFMT_HEX
@Decconst@_sFMT_HEXL
@Decconst@_sFMT_MIME64
@Decconst@_sFMT_UU
@Decconst@_sFMT_XX
@Decconst@_sIDOutOfRange
@Decconst@_sIndexOutOfRange
@Decconst@_sInvalidCRC
@Decconst@_sInvalidCalc
@Decconst@_sInvalidChallenge
@Decconst@_sInvalidDictionary
@Decconst@_sInvalidFormatString
@Decconst@_sInvalidKey
@Decconst@_sInvalidKeySize
@Decconst@_sInvalidMACMode
@Decconst@_sInvalidPassword
@Decconst@_sInvalidRandomStream
@Decconst@_sInvalidSeed
@Decconst@_sInvalidState
@Decconst@_sInvalidStringFormat
@Decconst@_sInvalidZIPData
@Decconst@_sJacobi
@Decconst@_sLoadFail
@Decconst@_sNotInitialized
@Decconst@_sNumberFormat
@Decconst@_sOTPExt
@Decconst@_sOTPHex
@Decconst@_sOTPIdent
@Decconst@_sOTPWord
@Decconst@_sParams
@Decconst@_sProtectionCircular
@Decconst@_sRandomDataProtected
@Decconst@_sSKeyIdent
@Decconst@_sSPPrime
@Decconst@_sSetPrime
@Decconst@_sSetPrimeParam
@Decconst@_sSetPrimeSize
@Decconst@_sSqrt
@Decconst@_sStackIndex
@Decconst@_sStringFormatExists
@Decconst@initialization$qqrv
@Decutil@CPUType$qqrv
@Decutil@CRC16$qqruspvui
@Decutil@CRC32$qqruipvui
@Decutil@ConvertFormat$qqrpciii
@Decutil@DefaultStringFormat$qqrv
@Decutil@DeleteCR$qqrx17System@AnsiString
@Decutil@DoProgress$qqrp14System@TObjectii
@Decutil@EProtection@
@Decutil@EStringFormat@
@Decutil@Finalization$qqrv
@Decutil@FormatToStr$qqrpcii
@Decutil@GetShortClassName$qqrp17System@TMetaClass
@Decutil@GetStringFormats$qqrp16Classes@TStrings
@Decutil@GetTestVector$qqrv
@Decutil@IdentityBase
@Decutil@InitTestIsOk
@Decutil@InsertBlocks$qqrx17System@AnsiStringt1t1i
@Decutil@InsertCR$qqrx17System@AnsiStringi

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 277KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 80KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 99KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bin/csprohk.dll
.dll windows:4 windows x86 arch:x86

938b37df516e90cd535c6402d94b80e3

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

81:97:77:54:f9:ce:71:d3:39:8f:4a:28:dd:8e:50:bd
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/08/2010, 00:00

Not After

17/08/2011, 23:59

Subject

CN=EduIQ.com Damjan Kriznik s.p.,O=EduIQ.com Damjan Kriznik s.p.,POSTALCODE=2288,STREET=Slovenja vas 2D,L=HAJDINA,ST=SLOVENIA,C=SI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
UnhookWindowsHookEx
SetWindowsHookExA
MessageBoxA
LoadStringA
GetSystemMetrics
GetAsyncKeyState
CallNextHookEx
CharNextA
CharToOemA

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
WriteFile
VirtualQuery
UnmapViewOfFile
MapViewOfFile
GetVersionExA
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetDiskFreeSpaceA
GetCPInfo
FreeLibrary
EnumCalendarInfoA
CreateFileMappingA
CloseHandle
Sleep

Exports

Exports

STARTKEYBOARDHOOK
STARTMOUSEHOOK
STOPKEYBOARDHOOK
STOPMOUSEHOOK

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 512B - Virtual size: 380B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 12KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bin/cspromg.exe
.exe windows:4 windows x86 arch:x86

26ca6b3723c06dc2e9db7e8d14a7a9af

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

81:97:77:54:f9:ce:71:d3:39:8f:4a:28:dd:8e:50:bd
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/08/2010, 00:00

Not After

17/08/2011, 23:59

Subject

CN=EduIQ.com Damjan Kriznik s.p.,O=EduIQ.com Damjan Kriznik s.p.,POSTALCODE=2288,STREET=Slovenja vas 2D,L=HAJDINA,ST=SLOVENIA,C=SI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegFlushKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CompareStringA
CreateEventA
CreateFileA
CreateFileMappingA
CreateMutexA
CreateThread
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
EnumCalendarInfoA
ExitProcess
ExitThread
FindClose
FindFirstFileA
FindResourceA
FormatMessageA
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCommandLineA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceA
GetEnvironmentStrings
GetExitCodeThread
GetFileAttributesA
GetFileSize
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetProfileStringA
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetTempPathA
GetThreadLocale
GetTickCount
GetUserDefaultLCID
GetVersion
GetVersionExA
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadResource
LockResource
MapViewOfFile
MulDiv
MultiByteToWideChar
OpenMutexA
OpenProcess
RaiseException
ReadFile
ReadProcessMemory
ReleaseMutex
ResetEvent
ResumeThread
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
SizeofResource
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcpyA
lstrcpynA
lstrlenA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wsock32

htonl
htons
ntohl
ntohs

winspool.drv

ClosePrinter
DocumentPropertiesA
EnumPrintersA
OpenPrinterA

comctl32

ImageList_Add
ImageList_BeginDrag
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_DrawEx
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Read
ImageList_Remove
ImageList_Replace
ImageList_SetBkColor
ImageList_SetIconSize
ImageList_Write
_TrackMouseEvent
ImageList_Create

gdi32

BitBlt
CopyEnhMetaFileA
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
CreateDIBSection
CreateDIBitmap
CreateFontIndirectA
CreateHalftonePalette
CreateICA
CreatePalette
CreatePenIndirect
CreateSolidBrush
DeleteDC
DeleteEnhMetaFile
DeleteObject
EndDoc
EndPage
ExcludeClipRect
GetBitmapBits
GetBrushOrgEx
GetClipBox
GetCurrentPositionEx
GetDCOrgEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetEnhMetaFileBits
GetEnhMetaFileHeader
GetEnhMetaFilePaletteEntries
GetObjectA
GetPaletteEntries
GetPixel
GetRgnBox
GetStockObject
GetSystemPaletteEntries
GetTextExtentPoint32A
GetTextExtentPointA
GetTextMetricsA
GetWinMetaFileBits
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
MoveToEx
PatBlt
PlayEnhMetaFile
Polyline
RealizePalette
RectVisible
Rectangle
RestoreDC
SaveDC
SelectObject
SelectPalette
SetAbortProc
SetBitmapBits
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetEnhMetaFileBits
SetMapMode
SetPixel
SetROP2
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWinMetaFileBits
SetWindowOrgEx
StartDocA
StartPage
StretchBlt
UnrealizeObject

user32

ActivateKeyboardLayout
AdjustWindowRectEx
BeginPaint
BringWindowToTop
CallNextHookEx
CallWindowProcA
CharLowerA
CharLowerBuffA
CharNextA
CharToOemA
CharUpperBuffA
CheckMenuItem
ClientToScreen
CloseClipboard
CreateIcon
CreateMenu
CreatePopupMenu
CreateWindowExA
DefFrameProcA
DefMDIChildProcA
DefWindowProcA
DeleteMenu
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DispatchMessageW
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextA
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndPaint
EnumChildWindows
EnumThreadWindows
EnumWindows
EqualRect
FillRect
FindWindowA
FrameRect
GetActiveWindow
GetCapture
GetClassInfoA
GetClassLongA
GetClassNameA
GetClientRect
GetClipboardData
GetCursor
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextA
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameA
GetKeyboardState
GetKeyboardType
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoA
GetMenuState
GetMenuStringA
GetMessagePos
GetParent
GetPropA
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetTopWindow
GetUpdateRect
GetWindow
GetWindowDC
GetWindowLongA
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
InflateRect
InsertMenuA
InsertMenuItemA
IntersectRect
InvalidateRect
IsChild
IsDialogMessageA
IsDialogMessageW
IsIconic
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowUnicode
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapA
LoadCursorA
LoadIconA
LoadKeyboardLayoutA
LoadStringA
MapVirtualKeyA
MapWindowPoints
MessageBeep
MessageBoxA
MsgWaitForMultipleObjects
OemToCharA
OffsetRect
OpenClipboard
PeekMessageA
PeekMessageW
PostMessageA
PostQuitMessage
PtInRect
RedrawWindow
RegisterClassA
RegisterClipboardFormatA
RegisterWindowMessageA
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropA
ScreenToClient
ScrollWindow
SendMessageA
SendMessageW
SetActiveWindow
SetCapture
SetClassLongA
SetClipboardData
SetCursor
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoA
SetParent
SetPropA
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongA
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowTextA
SetWindowsHookExA
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoA
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassA
UpdateWindow
WaitMessage
WindowFromDC
WindowFromPoint
wsprintfA
GetSystemMetrics

ole32

CoInitialize
CoUninitialize

oleaut32

GetErrorInfo
SafeArrayCreate
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeType
VariantClear
VariantCopy
VariantInit

csprohk

ord4
ord2
ord3
ord1

Exports

Exports

@$xp$17Zlibex@EZLibError
@$xp$21Zlibex@TCustomZStream
@$xp$24Oneinstance@EOneInstance
@$xp$24Oneinstance@TOneInstance
@$xp$25Zlibex@EZCompressionError
@$xp$25Zlibex@TZCompressionLevel
@$xp$26Processviewer@TProcessInfo
@$xp$26Zlibex@TZCompressionStream
@$xp$27Zlibex@EZDecompressionError
@$xp$28Processviewer@TProcessViewer
@$xp$28Zlibex@TZDecompressionStream
@$xp$30Processviewer@ProcessViewer__2
@$xp$ynpqqri$v
@$xp$ynpqqrii$v
@$xp$ynpqqrp14System@TObject$v
@@I18n@Finalize
@@I18n@Initialize
@@Nlcmdmonthrd@Finalize
@@Nlcmdmonthrd@Initialize
@@Nlmessageguimain@Finalize
@@Nlmessageguimain@Initialize
@@Nlremotedesktopform@Finalize
@@Nlremotedesktopform@Initialize
@@Udatastorage@Finalize
@@Udatastorage@Initialize
@@Uscreendraw@Finalize
@@Uscreendraw@Initialize
@@Usmpipe@Finalize
@@Usmpipe@Initialize
@Oneinstance@EOneInstance@
@Oneinstance@Finalization$qqrv
@Oneinstance@Register$qqrv
@Oneinstance@TOneInstance@
@Oneinstance@TOneInstance@$bctr$qqrp18Classes@TComponent
@Oneinstance@TOneInstance@$bdtr$qqrv
@Oneinstance@TOneInstance@DoRaisePriorInstance$qqrv
@Oneinstance@TOneInstance@FinalizeLock$qqrv
@Oneinstance@TOneInstance@HandleException$qqr17System@AnsiStringp18Sysutils@Exception
@Oneinstance@TOneInstance@HasPriorInstance$qqrv
@Oneinstance@TOneInstance@InitializeLock$qqrv
@Oneinstance@TOneInstance@Loaded$qqrv
@Oneinstance@TOneInstance@RaiseException$qqr17System@AnsiString
@Oneinstance@initialization$qqrv
@Processviewer@Finalization$qqrv
@Processviewer@TProcessViewer@
@Processviewer@TProcessViewer@$bctr$qqro
@Processviewer@TProcessViewer@$bdtr$qqrv
@Processviewer@TProcessViewer@GetFileNameFromHandle$qqrui
@Processviewer@TProcessViewer@GetProcessList$qqrv
@Processviewer@TProcessViewer@GetProcessesWithoutWindowHandle$qqrv
@Processviewer@TProcessViewer@IsFileActive$qqr17System@AnsiString
@Processviewer@TProcessViewer@KillProcessByFileName$qqr17System@AnsiStringo
@Processviewer@TProcessViewer@KillProcessByPID$qqrui
@Processviewer@initialization$qqrv
@Uhooks@Finalization$qqrv
@Uhooks@LockComputer$qqrv
@Uhooks@UnLockComputer$qqrv
@Uhooks@initialization$qqrv
@Zlibex@DeflateInit2_$qqrr18Zlibex@TZStreamReciiiiipci
@Zlibex@EZCompressionError@
@Zlibex@EZDecompressionError@
@Zlibex@EZLibError@
@Zlibex@Finalization$qqrv
@Zlibex@MoveI32$qqrpxvpvi
@Zlibex@TCustomZStream@
@Zlibex@TCustomZStream@$bctr$qqrp15Classes@TStream
@Zlibex@TCustomZStream@DoProgress$qqrv
@Zlibex@TZCompressionStream@
@Zlibex@TZCompressionStream@$bctr$qqrp15Classes@TStream25Zlibex@TZCompressionLevel
@Zlibex@TZCompressionStream@$bdtr$qqrv
@Zlibex@TZCompressionStream@GetCompressionRate$qqrv
@Zlibex@TZCompressionStream@Read$qqrpvi
@Zlibex@TZCompressionStream@Seek$qqrius
@Zlibex@TZCompressionStream@Write$qqrpxvi
@Zlibex@TZDecompressionStream@
@Zlibex@TZDecompressionStream@$bctr$qqrp15Classes@TStream
@Zlibex@TZDecompressionStream@$bdtr$qqrv
@Zlibex@TZDecompressionStream@Read$qqrpvi
@Zlibex@TZDecompressionStream@Seek$qqrius
@Zlibex@TZDecompressionStream@Write$qqrpxvi
@Zlibex@ZCompress$qqrpxvirpvri25Zlibex@TZCompressionLevel
@Zlibex@ZCompressStr$qqrx17System@AnsiString25Zlibex@TZCompressionLevel
@Zlibex@ZCompressStream$qqrp15Classes@TStreamt125Zlibex@TZCompressionLevel
@Zlibex@ZDecompress$qqrpxvirpvrii
@Zlibex@ZDecompressStr$qqrx17System@AnsiString
@Zlibex@ZDecompressStream$qqrp15Classes@TStreamt1
@Zlibex@ZFastCompressString$qqrr17System@AnsiString25Zlibex@TZCompressionLevel
@Zlibex@ZFastDecompressString$qqrr17System@AnsiString
@Zlibex@ZSendToBrowser$qqrr17System@AnsiString
@Zlibex@adler32$qqripxci
@Zlibex@deflate$qqrr18Zlibex@TZStreamReci
@Zlibex@deflateEnd$qqrr18Zlibex@TZStreamRec
@Zlibex@deflateInit_$qqrr18Zlibex@TZStreamRecipci
@Zlibex@inflate$qqrr18Zlibex@TZStreamReci
@Zlibex@inflateEnd$qqrr18Zlibex@TZStreamRec
@Zlibex@inflateInit2_$qqrr18Zlibex@TZStreamRecipci
@Zlibex@inflateInit_$qqrr18Zlibex@TZStreamRecpci
@Zlibex@inflateReset$qqrr18Zlibex@TZStreamRec
@Zlibex@initialization$qqrv
_NLMGMainForm
_RemoteDesktopForm
__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 592KB - Virtual size: 596KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bin/csprorc.exe
.exe windows:4 windows x86 arch:x86

dc1e0895ee86708cc02ce2e62bbf0b71

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

81:97:77:54:f9:ce:71:d3:39:8f:4a:28:dd:8e:50:bd
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/08/2010, 00:00

Not After

17/08/2011, 23:59

Subject

CN=EduIQ.com Damjan Kriznik s.p.,O=EduIQ.com Damjan Kriznik s.p.,POSTALCODE=2288,STREET=Slovenja vas 2D,L=HAJDINA,ST=SLOVENIA,C=SI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CloseServiceHandle
CreateServiceA
InitializeSecurityDescriptor
OpenSCManagerA
OpenServiceA
SetSecurityDescriptorDacl
StartServiceA

kernel32

CloseHandle
CopyFileA
CreateFileA
CreateThread
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
ExitProcess
ExitThread
FillConsoleOutputCharacterA
FindResourceA
FormatMessageA
GetACP
GetCPInfo
GetCommandLineA
GetComputerNameA
GetConsoleScreenBufferInfo
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStrings
GetFileAttributesA
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetUserDefaultLCID
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedExchange
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadResource
LocalFree
LockResource
MultiByteToWideChar
RaiseException
ReadConsoleA
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetConsoleCursorPosition
SetConsoleTitleA
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
SizeofResource
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitNamedPipeA
WideCharToMultiByte
WriteFile

mpr

WNetAddConnection2A
WNetCancelConnection2A

user32

EnumThreadWindows
MessageBoxA
wsprintfA

Exports

Exports

__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 98KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 148KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bin/mencoder.exe
.exe windows:4 windows x86 arch:x86

957e55ee837deda5785384eea0808691

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/05/2005, 00:00

Not After

16/05/2010, 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c0:fc:b1:5d:fa:7b:8d:76:a4:26:1e:8b:74:ac:82:55
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/07/2009, 00:00

Not After

24/07/2010, 23:59

Subject

CN=EduIQ.com Damjan Kriznik s.p.,O=EduIQ.com Damjan Kriznik s.p.,POSTALCODE=2288,STREET=Zg. Hajdina 83C,L=HAJDINA,ST=SLOVENIA,C=SI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegSetValueExA

kernel32

CloseHandle
CreateEventA
CreateFileA
CreateSemaphoreA
CreateThread
DeleteCriticalSection
DeviceIoControl
DuplicateHandle
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetACP
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDriveTypeA
GetFileAttributesA
GetLastError
GetLogicalDrives
GetModuleFileNameA
GetModuleHandleA
GetNumberOfConsoleInputEvents
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetStdHandle
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetVersion
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedExchangeAdd
InterlockedIncrement
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
OpenProcess
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
ReadConsoleInputA
ReadFile
ReleaseSemaphore
ResetEvent
ResumeThread
SetEnvironmentVariableA
SetEvent
SetFilePointer
SetLastError
SetPriorityClass
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte

msvcrt

_close
_fdopen
_memccpy
_mkdir
_open
_read
_setmode
_stat
_strdup
_swab
_tempnam
_unlink
_write
__getmainargs
__lc_codepage
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_beginthreadex
_cexit
_endthreadex
_errno
_filbuf
_findclose
_findfirst
_findnext
_flsbuf
_fstati64
_ftime
_fullpath
_get_osfhandle
_iob
_isctype
_lseeki64
_onexit
_open_osfhandle
_pctype
_setjmp
_setmode
_snprintf
_stati64
_stricmp
_strnicmp
_telli64
_vsnprintf
abort
acos
asin
atan
atan2
atexit
atof
atoi
atol
calloc
ceil
clearerr
cos
cosh
ctime
exit
exp
fclose
fflush
fgetc
fgets
floor
fopen
fprintf
fputc
fputs
fread
free
frexp
fscanf
fseek
ftell
fwrite
getenv
gmtime
islower
isspace
isupper
localtime
log
log10
longjmp
malloc
memchr
memcmp
memcpy
memmove
memset
mktime
modf
perror
pow
printf
putchar
puts
qsort
rand
realloc
rename
rewind
setbuf
setlocale
signal
sin
sinh
sprintf
sqrt
srand
sscanf
strcat
strchr
strcmp
strcoll
strcpy
strcspn
strerror
strftime
strlen
strncat
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtod
strtok
strtol
strtoul
tan
tanh
time
tolower
toupper
ungetc
vfprintf
vsprintf

ole32

CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize

winmm

timeGetTime

ws2_32

WSACleanup
WSAGetLastError
WSASetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyname
gethostname
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
socket

Sections

.text
Size: 8.9MB - Virtual size: 8.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 376KB - Virtual size: 375KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
bin/mencoder_Copyright.txt
bin/mencoder_LICENSE.txt
bin/nlcspro/LICENCE_nlvs.txt
bin/nlcspro/csagtpro.exe.dat
bin/nlcspro/csagtprosvc.exe.dat
bin/nlcspro/csprohk.dll
.dll windows:4 windows x86 arch:x86

938b37df516e90cd535c6402d94b80e3

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

81:97:77:54:f9:ce:71:d3:39:8f:4a:28:dd:8e:50:bd
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/08/2010, 00:00

Not After

17/08/2011, 23:59

Subject

CN=EduIQ.com Damjan Kriznik s.p.,O=EduIQ.com Damjan Kriznik s.p.,POSTALCODE=2288,STREET=Slovenja vas 2D,L=HAJDINA,ST=SLOVENIA,C=SI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
UnhookWindowsHookEx
SetWindowsHookExA
MessageBoxA
LoadStringA
GetSystemMetrics
GetAsyncKeyState
CallNextHookEx
CharNextA
CharToOemA

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
WriteFile
VirtualQuery
UnmapViewOfFile
MapViewOfFile
GetVersionExA
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetDiskFreeSpaceA
GetCPInfo
FreeLibrary
EnumCalendarInfoA
CreateFileMappingA
CloseHandle
Sleep

Exports

Exports

STARTKEYBOARDHOOK
STARTMOUSEHOOK
STOPKEYBOARDHOOK
STOPMOUSEHOOK

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 512B - Virtual size: 380B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 12KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bin/nlcspro/cspromg.exe
.exe windows:4 windows x86 arch:x86

26ca6b3723c06dc2e9db7e8d14a7a9af

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

81:97:77:54:f9:ce:71:d3:39:8f:4a:28:dd:8e:50:bd
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/08/2010, 00:00

Not After

17/08/2011, 23:59

Subject

CN=EduIQ.com Damjan Kriznik s.p.,O=EduIQ.com Damjan Kriznik s.p.,POSTALCODE=2288,STREET=Slovenja vas 2D,L=HAJDINA,ST=SLOVENIA,C=SI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegFlushKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CompareStringA
CreateEventA
CreateFileA
CreateFileMappingA
CreateMutexA
CreateThread
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
EnumCalendarInfoA
ExitProcess
ExitThread
FindClose
FindFirstFileA
FindResourceA
FormatMessageA
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCommandLineA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceA
GetEnvironmentStrings
GetExitCodeThread
GetFileAttributesA
GetFileSize
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetProfileStringA
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetTempPathA
GetThreadLocale
GetTickCount
GetUserDefaultLCID
GetVersion
GetVersionExA
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadResource
LockResource
MapViewOfFile
MulDiv
MultiByteToWideChar
OpenMutexA
OpenProcess
RaiseException
ReadFile
ReadProcessMemory
ReleaseMutex
ResetEvent
ResumeThread
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
SizeofResource
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcpyA
lstrcpynA
lstrlenA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wsock32

htonl
htons
ntohl
ntohs

winspool.drv

ClosePrinter
DocumentPropertiesA
EnumPrintersA
OpenPrinterA

comctl32

ImageList_Add
ImageList_BeginDrag
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_DrawEx
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Read
ImageList_Remove
ImageList_Replace
ImageList_SetBkColor
ImageList_SetIconSize
ImageList_Write
_TrackMouseEvent
ImageList_Create

gdi32

BitBlt
CopyEnhMetaFileA
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
CreateDIBSection
CreateDIBitmap
CreateFontIndirectA
CreateHalftonePalette
CreateICA
CreatePalette
CreatePenIndirect
CreateSolidBrush
DeleteDC
DeleteEnhMetaFile
DeleteObject
EndDoc
EndPage
ExcludeClipRect
GetBitmapBits
GetBrushOrgEx
GetClipBox
GetCurrentPositionEx
GetDCOrgEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetEnhMetaFileBits
GetEnhMetaFileHeader
GetEnhMetaFilePaletteEntries
GetObjectA
GetPaletteEntries
GetPixel
GetRgnBox
GetStockObject
GetSystemPaletteEntries
GetTextExtentPoint32A
GetTextExtentPointA
GetTextMetricsA
GetWinMetaFileBits
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
MoveToEx
PatBlt
PlayEnhMetaFile
Polyline
RealizePalette
RectVisible
Rectangle
RestoreDC
SaveDC
SelectObject
SelectPalette
SetAbortProc
SetBitmapBits
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetEnhMetaFileBits
SetMapMode
SetPixel
SetROP2
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWinMetaFileBits
SetWindowOrgEx
StartDocA
StartPage
StretchBlt
UnrealizeObject

user32

ActivateKeyboardLayout
AdjustWindowRectEx
BeginPaint
BringWindowToTop
CallNextHookEx
CallWindowProcA
CharLowerA
CharLowerBuffA
CharNextA
CharToOemA
CharUpperBuffA
CheckMenuItem
ClientToScreen
CloseClipboard
CreateIcon
CreateMenu
CreatePopupMenu
CreateWindowExA
DefFrameProcA
DefMDIChildProcA
DefWindowProcA
DeleteMenu
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DispatchMessageW
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextA
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndPaint
EnumChildWindows
EnumThreadWindows
EnumWindows
EqualRect
FillRect
FindWindowA
FrameRect
GetActiveWindow
GetCapture
GetClassInfoA
GetClassLongA
GetClassNameA
GetClientRect
GetClipboardData
GetCursor
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextA
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameA
GetKeyboardState
GetKeyboardType
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoA
GetMenuState
GetMenuStringA
GetMessagePos
GetParent
GetPropA
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetTopWindow
GetUpdateRect
GetWindow
GetWindowDC
GetWindowLongA
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
InflateRect
InsertMenuA
InsertMenuItemA
IntersectRect
InvalidateRect
IsChild
IsDialogMessageA
IsDialogMessageW
IsIconic
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowUnicode
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapA
LoadCursorA
LoadIconA
LoadKeyboardLayoutA
LoadStringA
MapVirtualKeyA
MapWindowPoints
MessageBeep
MessageBoxA
MsgWaitForMultipleObjects
OemToCharA
OffsetRect
OpenClipboard
PeekMessageA
PeekMessageW
PostMessageA
PostQuitMessage
PtInRect
RedrawWindow
RegisterClassA
RegisterClipboardFormatA
RegisterWindowMessageA
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropA
ScreenToClient
ScrollWindow
SendMessageA
SendMessageW
SetActiveWindow
SetCapture
SetClassLongA
SetClipboardData
SetCursor
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoA
SetParent
SetPropA
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongA
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowTextA
SetWindowsHookExA
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoA
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassA
UpdateWindow
WaitMessage
WindowFromDC
WindowFromPoint
wsprintfA
GetSystemMetrics

ole32

CoInitialize
CoUninitialize

oleaut32

GetErrorInfo
SafeArrayCreate
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeType
VariantClear
VariantCopy
VariantInit

csprohk

ord4
ord2
ord3
ord1

Exports

Exports

@$xp$17Zlibex@EZLibError
@$xp$21Zlibex@TCustomZStream
@$xp$24Oneinstance@EOneInstance
@$xp$24Oneinstance@TOneInstance
@$xp$25Zlibex@EZCompressionError
@$xp$25Zlibex@TZCompressionLevel
@$xp$26Processviewer@TProcessInfo
@$xp$26Zlibex@TZCompressionStream
@$xp$27Zlibex@EZDecompressionError
@$xp$28Processviewer@TProcessViewer
@$xp$28Zlibex@TZDecompressionStream
@$xp$30Processviewer@ProcessViewer__2
@$xp$ynpqqri$v
@$xp$ynpqqrii$v
@$xp$ynpqqrp14System@TObject$v
@@I18n@Finalize
@@I18n@Initialize
@@Nlcmdmonthrd@Finalize
@@Nlcmdmonthrd@Initialize
@@Nlmessageguimain@Finalize
@@Nlmessageguimain@Initialize
@@Nlremotedesktopform@Finalize
@@Nlremotedesktopform@Initialize
@@Udatastorage@Finalize
@@Udatastorage@Initialize
@@Uscreendraw@Finalize
@@Uscreendraw@Initialize
@@Usmpipe@Finalize
@@Usmpipe@Initialize
@Oneinstance@EOneInstance@
@Oneinstance@Finalization$qqrv
@Oneinstance@Register$qqrv
@Oneinstance@TOneInstance@
@Oneinstance@TOneInstance@$bctr$qqrp18Classes@TComponent
@Oneinstance@TOneInstance@$bdtr$qqrv
@Oneinstance@TOneInstance@DoRaisePriorInstance$qqrv
@Oneinstance@TOneInstance@FinalizeLock$qqrv
@Oneinstance@TOneInstance@HandleException$qqr17System@AnsiStringp18Sysutils@Exception
@Oneinstance@TOneInstance@HasPriorInstance$qqrv
@Oneinstance@TOneInstance@InitializeLock$qqrv
@Oneinstance@TOneInstance@Loaded$qqrv
@Oneinstance@TOneInstance@RaiseException$qqr17System@AnsiString
@Oneinstance@initialization$qqrv
@Processviewer@Finalization$qqrv
@Processviewer@TProcessViewer@
@Processviewer@TProcessViewer@$bctr$qqro
@Processviewer@TProcessViewer@$bdtr$qqrv
@Processviewer@TProcessViewer@GetFileNameFromHandle$qqrui
@Processviewer@TProcessViewer@GetProcessList$qqrv
@Processviewer@TProcessViewer@GetProcessesWithoutWindowHandle$qqrv
@Processviewer@TProcessViewer@IsFileActive$qqr17System@AnsiString
@Processviewer@TProcessViewer@KillProcessByFileName$qqr17System@AnsiStringo
@Processviewer@TProcessViewer@KillProcessByPID$qqrui
@Processviewer@initialization$qqrv
@Uhooks@Finalization$qqrv
@Uhooks@LockComputer$qqrv
@Uhooks@UnLockComputer$qqrv
@Uhooks@initialization$qqrv
@Zlibex@DeflateInit2_$qqrr18Zlibex@TZStreamReciiiiipci
@Zlibex@EZCompressionError@
@Zlibex@EZDecompressionError@
@Zlibex@EZLibError@
@Zlibex@Finalization$qqrv
@Zlibex@MoveI32$qqrpxvpvi
@Zlibex@TCustomZStream@
@Zlibex@TCustomZStream@$bctr$qqrp15Classes@TStream
@Zlibex@TCustomZStream@DoProgress$qqrv
@Zlibex@TZCompressionStream@
@Zlibex@TZCompressionStream@$bctr$qqrp15Classes@TStream25Zlibex@TZCompressionLevel
@Zlibex@TZCompressionStream@$bdtr$qqrv
@Zlibex@TZCompressionStream@GetCompressionRate$qqrv
@Zlibex@TZCompressionStream@Read$qqrpvi
@Zlibex@TZCompressionStream@Seek$qqrius
@Zlibex@TZCompressionStream@Write$qqrpxvi
@Zlibex@TZDecompressionStream@
@Zlibex@TZDecompressionStream@$bctr$qqrp15Classes@TStream
@Zlibex@TZDecompressionStream@$bdtr$qqrv
@Zlibex@TZDecompressionStream@Read$qqrpvi
@Zlibex@TZDecompressionStream@Seek$qqrius
@Zlibex@TZDecompressionStream@Write$qqrpxvi
@Zlibex@ZCompress$qqrpxvirpvri25Zlibex@TZCompressionLevel
@Zlibex@ZCompressStr$qqrx17System@AnsiString25Zlibex@TZCompressionLevel
@Zlibex@ZCompressStream$qqrp15Classes@TStreamt125Zlibex@TZCompressionLevel
@Zlibex@ZDecompress$qqrpxvirpvrii
@Zlibex@ZDecompressStr$qqrx17System@AnsiString
@Zlibex@ZDecompressStream$qqrp15Classes@TStreamt1
@Zlibex@ZFastCompressString$qqrr17System@AnsiString25Zlibex@TZCompressionLevel
@Zlibex@ZFastDecompressString$qqrr17System@AnsiString
@Zlibex@ZSendToBrowser$qqrr17System@AnsiString
@Zlibex@adler32$qqripxci
@Zlibex@deflate$qqrr18Zlibex@TZStreamReci
@Zlibex@deflateEnd$qqrr18Zlibex@TZStreamRec
@Zlibex@deflateInit_$qqrr18Zlibex@TZStreamRecipci
@Zlibex@inflate$qqrr18Zlibex@TZStreamReci
@Zlibex@inflateEnd$qqrr18Zlibex@TZStreamRec
@Zlibex@inflateInit2_$qqrr18Zlibex@TZStreamRecipci
@Zlibex@inflateInit_$qqrr18Zlibex@TZStreamRecpci
@Zlibex@inflateReset$qqrr18Zlibex@TZStreamRec
@Zlibex@initialization$qqrv
_NLMGMainForm
_RemoteDesktopForm
__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 592KB - Virtual size: 596KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bin/nlcspro/mencoder.exe
.exe windows:4 windows x86 arch:x86

957e55ee837deda5785384eea0808691

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/05/2005, 00:00

Not After

16/05/2010, 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c0:fc:b1:5d:fa:7b:8d:76:a4:26:1e:8b:74:ac:82:55
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/07/2009, 00:00

Not After

24/07/2010, 23:59

Subject

CN=EduIQ.com Damjan Kriznik s.p.,O=EduIQ.com Damjan Kriznik s.p.,POSTALCODE=2288,STREET=Zg. Hajdina 83C,L=HAJDINA,ST=SLOVENIA,C=SI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegSetValueExA

kernel32

CloseHandle
CreateEventA
CreateFileA
CreateSemaphoreA
CreateThread
DeleteCriticalSection
DeviceIoControl
DuplicateHandle
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetACP
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDriveTypeA
GetFileAttributesA
GetLastError
GetLogicalDrives
GetModuleFileNameA
GetModuleHandleA
GetNumberOfConsoleInputEvents
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetStdHandle
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetVersion
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedExchangeAdd
InterlockedIncrement
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
OpenProcess
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
ReadConsoleInputA
ReadFile
ReleaseSemaphore
ResetEvent
ResumeThread
SetEnvironmentVariableA
SetEvent
SetFilePointer
SetLastError
SetPriorityClass
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte

msvcrt

_close
_fdopen
_memccpy
_mkdir
_open
_read
_setmode
_stat
_strdup
_swab
_tempnam
_unlink
_write
__getmainargs
__lc_codepage
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_beginthreadex
_cexit
_endthreadex
_errno
_filbuf
_findclose
_findfirst
_findnext
_flsbuf
_fstati64
_ftime
_fullpath
_get_osfhandle
_iob
_isctype
_lseeki64
_onexit
_open_osfhandle
_pctype
_setjmp
_setmode
_snprintf
_stati64
_stricmp
_strnicmp
_telli64
_vsnprintf
abort
acos
asin
atan
atan2
atexit
atof
atoi
atol
calloc
ceil
clearerr
cos
cosh
ctime
exit
exp
fclose
fflush
fgetc
fgets
floor
fopen
fprintf
fputc
fputs
fread
free
frexp
fscanf
fseek
ftell
fwrite
getenv
gmtime
islower
isspace
isupper
localtime
log
log10
longjmp
malloc
memchr
memcmp
memcpy
memmove
memset
mktime
modf
perror
pow
printf
putchar
puts
qsort
rand
realloc
rename
rewind
setbuf
setlocale
signal
sin
sinh
sprintf
sqrt
srand
sscanf
strcat
strchr
strcmp
strcoll
strcpy
strcspn
strerror
strftime
strlen
strncat
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtod
strtok
strtol
strtoul
tan
tanh
time
tolower
toupper
ungetc
vfprintf
vsprintf

ole32

CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize

winmm

timeGetTime

ws2_32

WSACleanup
WSAGetLastError
WSASetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyname
gethostname
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
socket

Sections

.text
Size: 8.9MB - Virtual size: 8.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 376KB - Virtual size: 375KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
bin/nlcspro/mencoder_Copyright.txt
bin/nlcspro/mencoder_LICENSE.txt
bin/nlcspro/nlvs.exe
.exe windows:4 windows x86 arch:x86

0355eea2f6a3387bb5343847bae41257

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/05/2005, 00:00

Not After

16/05/2010, 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c0:fc:b1:5d:fa:7b:8d:76:a4:26:1e:8b:74:ac:82:55
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/07/2009, 00:00

Not After

24/07/2010, 23:59

Subject

CN=EduIQ.com Damjan Kriznik s.p.,O=EduIQ.com Damjan Kriznik s.p.,POSTALCODE=2288,STREET=Zg. Hajdina 83C,L=HAJDINA,ST=SLOVENIA,C=SI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

closesocket
WSACleanup
WSAStartup
inet_addr
gethostname
shutdown
bind
WSAGetLastError
socket
gethostbyname
recv
send
getsockname
getpeername
accept
setsockopt
listen
ioctlsocket
connect
htons
htonl

winmm

timeSetEvent
timeGetTime

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

wtsapi32

WTSEnumerateProcessesA
WTSEnumerateSessionsA
WTSFreeMemory

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

kernel32

CreateToolhelp32Snapshot
Sleep
GetExitCodeProcess
SetEvent
CreateEventA
OutputDebugStringA
SetCurrentDirectoryA
GetComputerNameA
ResumeThread
CreateThread
IsBadWritePtr
IsBadReadPtr
GetFileSize
CreateFileA
GetSystemInfo
GetSystemTime
SetFilePointer
ReadFile
CreateDirectoryA
SetErrorMode
MoveFileExA
SetFileTime
SystemTimeToFileTime
FlushFileBuffers
SetEndOfFile
WriteFile
MoveFileA
lstrlenA
GetDriveTypeA
GetLogicalDriveStringsA
FileTimeToSystemTime
GetFileTime
SetThreadPriority
GetCurrentThread
OpenEventA
GlobalUnlock
GlobalLock
GlobalAlloc
TerminateProcess
CreateProcessA
SetProcessShutdownParameters
Process32First
LockResource
GetCurrentProcessId
SizeofResource
FindResourceA
WriteConsoleA
GetStdHandle
FormatMessageA
AllocConsole
GlobalDeleteAtom
GlobalGetAtomNameA
GlobalAddAtomA
ResetEvent
GlobalFree
SearchPathA
ExitThread
HeapReAlloc
GetStartupInfoA
GetProcessHeap
GetCommandLineA
GetFileType
SetStdHandle
ExitProcess
FileTimeToLocalFileTime
HeapFree
HeapAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
TlsAlloc
DuplicateHandle
TlsSetValue
TlsFree
TlsGetValue
CreateSemaphoreA
ReleaseSemaphore
DeleteCriticalSection
InitializeCriticalSection
GetLocalTime
Process32Next
GetVersionExA
SetLastError
GetCurrentProcess
ReleaseMutex
WaitForSingleObject
UnmapViewOfFile
OpenFileMappingA
MapViewOfFile
CreateFileMappingA
WritePrivateProfileSectionA
WritePrivateProfileStructA
InterlockedDecrement
HeapSize
GetCPInfo
GetACP
GetPrivateProfileStructA
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
OpenProcess
CloseHandle
InterlockedIncrement
GetTempPathA
WinExec
CopyFileA
GetLastError
FreeLibrary
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
GetCurrentThreadId
LoadLibraryA
GetProcAddress
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
LCMapStringA
MultiByteToWideChar
LCMapStringW
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
GetFullPathNameA
GetCurrentDirectoryA
SetHandleCount
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetTimeZoneInformation
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
LoadResource
SetEnvironmentVariableA

user32

LoadMenuA
GetSubMenu
SetMenuDefaultItem
TrackPopupMenu
GetMenuItemID
EnableMenuItem
EnableWindow
GetKeyState
VkKeyScanA
ToAscii
GetAsyncKeyState
MapVirtualKeyA
SetRect
PeekMessageA
WaitMessage
IsIconic
RegisterWindowMessageA
GetIconInfo
SetClipboardViewer
EnumWindows
ChangeClipboardChain
DestroyWindow
WaitForInputIdle
WindowFromPoint
GetClipboardOwner
GetClipboardData
IsWindowVisible
OpenClipboard
EmptyClipboard
DestroyMenu
CloseClipboard
GetDlgItemInt
IsWindow
GetWindowTextA
OpenDesktopA
EnumDesktopWindows
GetClassNameA
mouse_event
GetKeyboardState
keybd_event
SetActiveWindow
MessageBeep
FlashWindow
GetDesktopWindow
ChangeDisplaySettingsExA
EnumDisplaySettingsA
DialogBoxParamA
EndDialog
SetWindowTextA
LoadStringA
GetWindowRect
InvalidateRect
GetDlgItemTextA
GetCursorPos
ScreenToClient
SetCursor
SetCapture
GetCaretBlinkTime
SetCaretBlinkTime
SetDlgItemInt
CheckDlgButton
GetProcessWindowStation
SetClipboardData
ExitWindowsEx
ReleaseCapture
MoveWindow
CallWindowProcA
GetParent
DrawIconEx
GetClientRect
GetDC
ReleaseDC
PostMessageA
SetDlgItemTextA
GetScrollInfo
GetDlgItem
SendDlgItemMessageA
SetForegroundWindow
MessageBoxA
wsprintfA
IsDlgButtonChecked
FindWindowA
GetWindowThreadProcessId
SystemParametersInfoA
GetForegroundWindow
SendMessageA
OpenInputDesktop
GetThreadDesktop
GetUserObjectInformationA
SetThreadDesktop
GetMessageA
DispatchMessageA
TranslateMessage
CloseDesktop
LoadIconA
LoadCursorA
RegisterClassExA
GetSystemMetrics
AdjustWindowRect
CreateWindowExA
GetWindowLongA
SetWindowLongA
ShowWindow
KillTimer
PostQuitMessage
SetTimer
DefWindowProcA
SetWindowPos
IsRectEmpty
LoadImageA
SetFocus

gdi32

GetObjectA
GetBitmapBits
GetPixel
GdiFlush
CreateCompatibleBitmap
CreateDIBSection
CreatePalette
SelectPalette
RealizePalette
SetDIBColorTable
GetDeviceCaps
BitBlt
ExtEscape
GetSystemPaletteEntries
SetROP2
MoveToEx
LineTo
SetBkMode
GetStockObject
GetClipBox
CreateCompatibleDC
CreateSolidBrush
SelectObject
PatBlt
StretchBlt
DeleteObject
CreateDCA
DeleteDC
GetDIBits

advapi32

RegOpenKeyExA
FreeSid
RevertToSelf
ImpersonateLoggedOnUser
OpenProcessToken
CreateProcessAsUserA
RegSetValueExA
RegQueryValueExA
RegCloseKey
OpenSCManagerA
EnumServicesStatusA
OpenServiceA
GetUserNameA
LookupAccountSidA
RegCreateKeyA
CreateServiceA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerExA
QueryServiceStatus
DeleteService
RegCreateKeyExA
SetServiceStatus
DuplicateTokenEx
SetTokenInformation
LookupPrivilegeValueA
AdjustTokenPrivileges
GetTokenInformation
AllocateAndInitializeSid
CloseServiceHandle
QueryServiceConfigA
EqualSid

shell32

SHAppBarMessage
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHFileOperationA
ShellExecuteA
ShellExecuteExA
Shell_NotifyIconA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

msvfw32

ord2

avifil32

AVIFileOpenA
AVIFileCreateStreamA
AVISaveOptions
AVISaveOptionsFree
AVIMakeCompressedStream
AVIStreamSetFormat
AVIStreamRelease
AVIFileRelease
AVIFileExit
AVIStreamWrite
AVIFileInit

imm32

ImmGetDefaultIMEWnd

Sections

.text
Size: 448KB - Virtual size: 445KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 336KB - Virtual size: 334KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bin/nlcspro/sendsas.exe
.exe windows:4 windows x86 arch:x86

5b2a1593890aaadfce594cf5b8f4f63b

Code Sign

04:00:00:00:00:00:f9:7f:aa:2e:1e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

16/12/2003, 13:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign RootSign Partners CA,OU=RootSign Partners CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 12:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:10:92:eb:82:95
Certificate

Issuer

CN=GlobalSign RootSign Partners CA,OU=RootSign Partners CA,O=GlobalSign nv-sa,C=BE

Not Before

05/02/2007, 09:00

Not After

27/01/2014, 09:00

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign,1.2.840.113549.1.9.1=#0c1c74696d657374616d70696e666f40676c6f62616c7369676e2e636f6d

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:1a:58:1b:81:07
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

05/06/2008, 09:42

Not After

05/06/2009, 09:42

Subject

CN=EduIQ.com Damjan Kriznik s.p.,O=EduIQ.com Damjan Kriznik s.p.,C=SI,1.2.840.113549.1.9.1=#0c1864616d6a616e2e6b72697a6e696b4065647569712e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:17:ab:50:b9:15
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 09:00

Not After

27/01/2014, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CompareStringA
CreateFileA
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
EnumCalendarInfoA
ExitProcess
FindClose
FindFirstFileA
FormatMessageA
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceA
GetEnvironmentStrings
GetFileAttributesA
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetThreadLocale
GetUserDefaultLCID
GetVersion
GetVersionExA
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedExchange
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
MultiByteToWideChar
ProcessIdToSessionId
RaiseException
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WideCharToMultiByte
WriteFile
lstrcpynA
lstrlenA

user32

CharNextA
CharToOemA
DestroyWindow
EnumThreadWindows
GetKeyboardType
LoadStringA
MessageBoxA
wsprintfA
GetSystemMetrics

oleaut32

SafeArrayCreate
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeType
VariantClear
VariantCopy
VariantInit

Exports

Exports

__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bin/nlvs.exe
.exe windows:4 windows x86 arch:x86

0355eea2f6a3387bb5343847bae41257

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/05/2005, 00:00

Not After

16/05/2010, 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c0:fc:b1:5d:fa:7b:8d:76:a4:26:1e:8b:74:ac:82:55
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/07/2009, 00:00

Not After

24/07/2010, 23:59

Subject

CN=EduIQ.com Damjan Kriznik s.p.,O=EduIQ.com Damjan Kriznik s.p.,POSTALCODE=2288,STREET=Zg. Hajdina 83C,L=HAJDINA,ST=SLOVENIA,C=SI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

closesocket
WSACleanup
WSAStartup
inet_addr
gethostname
shutdown
bind
WSAGetLastError
socket
gethostbyname
recv
send
getsockname
getpeername
accept
setsockopt
listen
ioctlsocket
connect
htons
htonl

winmm

timeSetEvent
timeGetTime

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

wtsapi32

WTSEnumerateProcessesA
WTSEnumerateSessionsA
WTSFreeMemory

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

kernel32

CreateToolhelp32Snapshot
Sleep
GetExitCodeProcess
SetEvent
CreateEventA
OutputDebugStringA
SetCurrentDirectoryA
GetComputerNameA
ResumeThread
CreateThread
IsBadWritePtr
IsBadReadPtr
GetFileSize
CreateFileA
GetSystemInfo
GetSystemTime
SetFilePointer
ReadFile
CreateDirectoryA
SetErrorMode
MoveFileExA
SetFileTime
SystemTimeToFileTime
FlushFileBuffers
SetEndOfFile
WriteFile
MoveFileA
lstrlenA
GetDriveTypeA
GetLogicalDriveStringsA
FileTimeToSystemTime
GetFileTime
SetThreadPriority
GetCurrentThread
OpenEventA
GlobalUnlock
GlobalLock
GlobalAlloc
TerminateProcess
CreateProcessA
SetProcessShutdownParameters
Process32First
LockResource
GetCurrentProcessId
SizeofResource
FindResourceA
WriteConsoleA
GetStdHandle
FormatMessageA
AllocConsole
GlobalDeleteAtom
GlobalGetAtomNameA
GlobalAddAtomA
ResetEvent
GlobalFree
SearchPathA
ExitThread
HeapReAlloc
GetStartupInfoA
GetProcessHeap
GetCommandLineA
GetFileType
SetStdHandle
ExitProcess
FileTimeToLocalFileTime
HeapFree
HeapAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
TlsAlloc
DuplicateHandle
TlsSetValue
TlsFree
TlsGetValue
CreateSemaphoreA
ReleaseSemaphore
DeleteCriticalSection
InitializeCriticalSection
GetLocalTime
Process32Next
GetVersionExA
SetLastError
GetCurrentProcess
ReleaseMutex
WaitForSingleObject
UnmapViewOfFile
OpenFileMappingA
MapViewOfFile
CreateFileMappingA
WritePrivateProfileSectionA
WritePrivateProfileStructA
InterlockedDecrement
HeapSize
GetCPInfo
GetACP
GetPrivateProfileStructA
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
OpenProcess
CloseHandle
InterlockedIncrement
GetTempPathA
WinExec
CopyFileA
GetLastError
FreeLibrary
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
GetCurrentThreadId
LoadLibraryA
GetProcAddress
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
LCMapStringA
MultiByteToWideChar
LCMapStringW
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
GetFullPathNameA
GetCurrentDirectoryA
SetHandleCount
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetTimeZoneInformation
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
LoadResource
SetEnvironmentVariableA

user32

LoadMenuA
GetSubMenu
SetMenuDefaultItem
TrackPopupMenu
GetMenuItemID
EnableMenuItem
EnableWindow
GetKeyState
VkKeyScanA
ToAscii
GetAsyncKeyState
MapVirtualKeyA
SetRect
PeekMessageA
WaitMessage
IsIconic
RegisterWindowMessageA
GetIconInfo
SetClipboardViewer
EnumWindows
ChangeClipboardChain
DestroyWindow
WaitForInputIdle
WindowFromPoint
GetClipboardOwner
GetClipboardData
IsWindowVisible
OpenClipboard
EmptyClipboard
DestroyMenu
CloseClipboard
GetDlgItemInt
IsWindow
GetWindowTextA
OpenDesktopA
EnumDesktopWindows
GetClassNameA
mouse_event
GetKeyboardState
keybd_event
SetActiveWindow
MessageBeep
FlashWindow
GetDesktopWindow
ChangeDisplaySettingsExA
EnumDisplaySettingsA
DialogBoxParamA
EndDialog
SetWindowTextA
LoadStringA
GetWindowRect
InvalidateRect
GetDlgItemTextA
GetCursorPos
ScreenToClient
SetCursor
SetCapture
GetCaretBlinkTime
SetCaretBlinkTime
SetDlgItemInt
CheckDlgButton
GetProcessWindowStation
SetClipboardData
ExitWindowsEx
ReleaseCapture
MoveWindow
CallWindowProcA
GetParent
DrawIconEx
GetClientRect
GetDC
ReleaseDC
PostMessageA
SetDlgItemTextA
GetScrollInfo
GetDlgItem
SendDlgItemMessageA
SetForegroundWindow
MessageBoxA
wsprintfA
IsDlgButtonChecked
FindWindowA
GetWindowThreadProcessId
SystemParametersInfoA
GetForegroundWindow
SendMessageA
OpenInputDesktop
GetThreadDesktop
GetUserObjectInformationA
SetThreadDesktop
GetMessageA
DispatchMessageA
TranslateMessage
CloseDesktop
LoadIconA
LoadCursorA
RegisterClassExA
GetSystemMetrics
AdjustWindowRect
CreateWindowExA
GetWindowLongA
SetWindowLongA
ShowWindow
KillTimer
PostQuitMessage
SetTimer
DefWindowProcA
SetWindowPos
IsRectEmpty
LoadImageA
SetFocus

gdi32

GetObjectA
GetBitmapBits
GetPixel
GdiFlush
CreateCompatibleBitmap
CreateDIBSection
CreatePalette
SelectPalette
RealizePalette
SetDIBColorTable
GetDeviceCaps
BitBlt
ExtEscape
GetSystemPaletteEntries
SetROP2
MoveToEx
LineTo
SetBkMode
GetStockObject
GetClipBox
CreateCompatibleDC
CreateSolidBrush
SelectObject
PatBlt
StretchBlt
DeleteObject
CreateDCA
DeleteDC
GetDIBits

advapi32

RegOpenKeyExA
FreeSid
RevertToSelf
ImpersonateLoggedOnUser
OpenProcessToken
CreateProcessAsUserA
RegSetValueExA
RegQueryValueExA
RegCloseKey
OpenSCManagerA
EnumServicesStatusA
OpenServiceA
GetUserNameA
LookupAccountSidA
RegCreateKeyA
CreateServiceA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerExA
QueryServiceStatus
DeleteService
RegCreateKeyExA
SetServiceStatus
DuplicateTokenEx
SetTokenInformation
LookupPrivilegeValueA
AdjustTokenPrivileges
GetTokenInformation
AllocateAndInitializeSid
CloseServiceHandle
QueryServiceConfigA
EqualSid

shell32

SHAppBarMessage
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHFileOperationA
ShellExecuteA
ShellExecuteExA
Shell_NotifyIconA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

msvfw32

ord2

avifil32

AVIFileOpenA
AVIFileCreateStreamA
AVISaveOptions
AVISaveOptionsFree
AVIMakeCompressedStream
AVIStreamSetFormat
AVIStreamRelease
AVIFileRelease
AVIFileExit
AVIStreamWrite
AVIFileInit

imm32

ImmGetDefaultIMEWnd

Sections

.text
Size: 448KB - Virtual size: 445KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 336KB - Virtual size: 334KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bin/psapi.dll
.dll windows:5 windows x86 arch:x86

976360032e50620712de94538beb6f31

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

psapi.pdb

Imports

kernel32

GetSystemInfo
LoadLibraryA
InterlockedExchange
FreeLibrary
GetProcAddress
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetLastError
DisableThreadLibraryCalls
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
CreateFileA
CloseHandle
GetProcessHeap
LocalFree
LocalAlloc
SetLastError
MultiByteToWideChar
WideCharToMultiByte
ReadProcessMemory
RaiseException
SetProcessWorkingSetSize
GetProcessWorkingSetSize
lstrcpyA
lstrlenA
HeapFree
HeapAlloc

ntdll

RtlUnwind
wcslen
wcschr
_stricmp
atoi
NtStopProfile
sprintf
_chkstk
DbgPrint
RtlUnicodeToOemN
RtlAdjustPrivilege
RtlMultiByteToUnicodeN
NtAllocateVirtualMemory
NtCreateProfile
NtSetIntervalProfile
NtStartProfile
NtWriteFile
NtSetInformationProcess
NtQueryInformationProcess
NtQueryVirtualMemory
NtQuerySystemInformation
RtlNtStatusToDosError

Exports

Exports

EmptyWorkingSet
EnumDeviceDrivers
EnumPageFilesA
EnumPageFilesW
EnumProcessModules
EnumProcesses
GetDeviceDriverBaseNameA
GetDeviceDriverBaseNameW
GetDeviceDriverFileNameA
GetDeviceDriverFileNameW
GetMappedFileNameA
GetMappedFileNameW
GetModuleBaseNameA
GetModuleBaseNameW
GetModuleFileNameExA
GetModuleFileNameExW
GetModuleInformation
GetPerformanceInfo
GetProcessImageFileNameA
GetProcessImageFileNameW
GetProcessMemoryInfo
GetWsChanges
InitializeProcessForWsWatch
QueryWorkingSet

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/sendsas.exe
.exe windows:4 windows x86 arch:x86

5b2a1593890aaadfce594cf5b8f4f63b

Code Sign

04:00:00:00:00:00:f9:7f:aa:2e:1e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

16/12/2003, 13:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign RootSign Partners CA,OU=RootSign Partners CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 12:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:10:92:eb:82:95
Certificate

Issuer

CN=GlobalSign RootSign Partners CA,OU=RootSign Partners CA,O=GlobalSign nv-sa,C=BE

Not Before

05/02/2007, 09:00

Not After

27/01/2014, 09:00

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign,1.2.840.113549.1.9.1=#0c1c74696d657374616d70696e666f40676c6f62616c7369676e2e636f6d

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:1a:58:1b:81:07
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

05/06/2008, 09:42

Not After

05/06/2009, 09:42

Subject

CN=EduIQ.com Damjan Kriznik s.p.,O=EduIQ.com Damjan Kriznik s.p.,C=SI,1.2.840.113549.1.9.1=#0c1864616d6a616e2e6b72697a6e696b4065647569712e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:17:ab:50:b9:15
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 09:00

Not After

27/01/2014, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CompareStringA
CreateFileA
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
EnumCalendarInfoA
ExitProcess
FindClose
FindFirstFileA
FormatMessageA
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceA
GetEnvironmentStrings
GetFileAttributesA
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetThreadLocale
GetUserDefaultLCID
GetVersion
GetVersionExA
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedExchange
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
MultiByteToWideChar
ProcessIdToSessionId
RaiseException
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WideCharToMultiByte
WriteFile
lstrcpynA
lstrlenA

user32

CharNextA
CharToOemA
DestroyWindow
EnumThreadWindows
GetKeyboardType
LoadStringA
MessageBoxA
wsprintfA
GetSystemMetrics

oleaut32

SafeArrayCreate
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeType
VariantClear
VariantCopy
VariantInit

Exports

Exports

__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
uninstall.exe.nsis
file_id.diz

Sharing

General

Malware Config

Signatures

Files

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 138KB - Virtual size: 412KB

.rsrc Size: 11KB - Virtual size: 12KB

7fa974366048f9c551ef45714595665e

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

81:97:77:54:f9:ce:71:d3:39:8f:4a:28:dd:8e:50:bdCertificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 80KB

.rsrc Size: 27KB - Virtual size: 27KB

5e1d3f49e5b7590e18325930cd3084f1

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 9KB

.rdata Size: 512B - Virtual size: 470B

.data Size: 2KB - Virtual size: 7KB

.reloc Size: 1024B - Virtual size: 730B

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 40KB - Virtual size: 40KB

DATA Size: 1KB - Virtual size: 1KB

BSS Size: - Virtual size: 2KB

.idata Size: 2KB - Virtual size: 2KB

.edata Size: 1024B - Virtual size: 716B

.text
Size: 138KB - Virtual size: 412KB

.rsrc
Size: 11KB - Virtual size: 12KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

81:97:77:54:f9:ce:71:d3:39:8f:4a:28:dd:8e:50:bd
Certificate

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 80KB

.rsrc
Size: 27KB - Virtual size: 27KB

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 512B - Virtual size: 470B

.data
Size: 2KB - Virtual size: 7KB

.reloc
Size: 1024B - Virtual size: 730B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

CODE
Size: 40KB - Virtual size: 40KB

DATA
Size: 1KB - Virtual size: 1KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 2KB - Virtual size: 2KB

.edata
Size: 1024B - Virtual size: 716B

.reloc
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 3KB - Virtual size: 3KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 1024B - Virtual size: 518B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 572B

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

81:97:77:54:f9:ce:71:d3:39:8f:4a:28:dd:8e:50:bd
Certificate