d03545f404e7b4168b1b71525aecd996aac6e97d67f032e9558dd502c2b0873a[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

d03545f404e7b4168b1b71525aecd996aac6e97d67f032e9558dd502c2b0873a.zip
Size

45.9MB
MD5

66ba60f82418873698fb0f7462959288
SHA1

5c7517a27a0c272443a9b8b1cf6bcac6e5b84773
SHA256

d03545f404e7b4168b1b71525aecd996aac6e97d67f032e9558dd502c2b0873a
SHA512

af36128969d51f4660d3d6e0d4c32a1dda085c52c8b016773b9acf269f50e4e6784f81457f34bafbebfca63512461296485f09892632acb69120c896dff8575f
SSDEEP

786432:GxZyxxWaP8NbAsvnSQLcKQ+gwkZZqlK2QH6XM+TR217UHDtRCrpfKffBB8DzmoKY:GcWPbAs7Lch3wkZZqI2QaXPRWUarpfK6

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PluginHelper.dll
unpack001/ProductNews2.dll

Files

d03545f404e7b4168b1b71525aecd996aac6e97d67f032e9558dd502c2b0873a.zip
.zip
IObitUninstaler.exe
.exe windows:5 windows x86 arch:x86

aeaab8287340d4c62e1d3b5230c09916

Code Sign

8b:a1:f1:72:fd:50:ba:8d:4c:11:b7:4f:fa:c8:a2:82
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/03/2021, 00:00

Not After

24/03/2024, 23:59

Subject

CN=IObit CO.\, LTD,O=IObit CO.\, LTD,POSTALCODE=610042,STREET=No. 605\, 6th Floor\, Unit 1\, Building 1+STREET=45 Renmin South Road,L=Chengdu Shi,ST=Sichuan Sheng,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

8b:a1:f1:72:fd:50:ba:8d:4c:11:b7:4f:fa:c8:a2:82
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/03/2021, 00:00

Not After

24/03/2024, 23:59

Subject

CN=IObit CO.\, LTD,O=IObit CO.\, LTD,POSTALCODE=610042,STREET=No. 605\, 6th Floor\, Unit 1\, Building 1+STREET=45 Renmin South Road,L=Chengdu Shi,ST=Sichuan Sheng,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8a:56:91:34:01:f5:bd:b9:5f:3b:62:e4:39:36:6c:db:83:1d:30:7b:59:74:16:38:0c:c5:f7:00:e4:aa:f5:81
Signer

Actual PE Digest

8a:56:91:34:01:f5:bd:b9:5f:3b:62:e4:39:36:6c:db:83:1d:30:7b:59:74:16:38:0c:c5:f7:00:e4:aa:f5:81

Digest Algorithm

sha256

PE Digest Matches

true

db:dc:1b:cb:f8:35:e4:8f:f0:53:9e:76:41:1e:c5:99:09:55:c8:89
Signer

Actual PE Digest

db:dc:1b:cb:f8:35:e4:8f:f0:53:9e:76:41:1e:c5:99:09:55:c8:89

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
CreateErrorInfo
GetErrorInfo
SetErrorInfo
GetActiveObject
SysFreeString
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SetSecurityDescriptorDacl
RegSetValueExA
RegSetValueExW
RegQueryValueExA
RegQueryValueExW
RegQueryInfoKeyA
RegQueryInfoKeyW
RegOpenKeyExA
RegOpenKeyExW
RegFlushKey
RegEnumValueW
RegEnumKeyA
RegEnumKeyExW
RegDeleteValueA
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExA
RegCreateKeyExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
LookupAccountSidW
LookupAccountNameW
InitializeSecurityDescriptor
GetUserNameA
GetUserNameW
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
FreeSid
DuplicateTokenEx
AllocateAndInitializeSid
AdjustTokenPrivileges
UnlockServiceDatabase
StartServiceW
QueryServiceStatus
QueryServiceLockStatusW
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
LockServiceDatabase
EnumServicesStatusW
DeleteService
ControlService
CloseServiceHandle
ChangeServiceConfigW
ConvertSidToStringSidW
SetNamedSecurityInfoW
SetEntriesInAclW
BuildExplicitAccessWithNameW
QueryServiceConfig2W
ConvertStringSidToSidW

user32

GetKeyboardType
LoadStringW
MessageBoxA
CharNextW
CreateWindowExA
CreateWindowExW
WindowFromPoint
WindowFromDC
WaitMessage
WaitForInputIdle
UpdateLayeredWindow
UpdateWindow
UnregisterHotKey
UnregisterClassA
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoW
AnimateWindow
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCaret
SetWindowRgn
SetWindowsHookExW
SetWindowTextA
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetWindowLongA
SetWindowLongW
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClipboardData
SetClassLongW
SetCaretPos
SetCapture
SetActiveWindow
SendMessageTimeoutA
SendMessageA
SendMessageW
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterHotKey
RegisterClipboardFormatW
RegisterClassA
RegisterClassW
RedrawWindow
PtInRect
PostThreadMessageA
PostThreadMessageW
PostQuitMessage
PostMessageA
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
OffsetRect
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxA
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LockWindowUpdate
LoadStringW
LoadKeyboardLayoutW
LoadImageA
LoadImageW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageA
IsDialogMessageW
IsClipboardFormatAvailable
IsChild
InvalidateRect
IntersectRect
InsertMenuItemW
InsertMenuW
InflateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextA
GetWindowTextW
GetWindowRgn
GetWindowRect
GetWindowPlacement
GetWindowLongA
GetWindowLongW
GetWindowDC
GetUpdateRect
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetScrollBarInfo
GetPropW
GetParent
GetWindow
GetMessageTime
GetMessagePos
GetMessageA
GetMessageW
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDlgItem
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardFormatNameW
GetClipboardData
GetClientRect
GetClassNameA
GetClassNameW
GetClassLongW
GetClassInfoW
GetCaretPos
GetCapture
GetAsyncKeyState
GetActiveWindow
FrameRect
FindWindowExW
FindWindowA
FindWindowW
FillRect
ExitWindowsEx
EqualRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextA
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DestroyCaret
DeleteMenu
DefWindowProcA
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIconIndirect
CreateIcon
CreateCaret
CloseClipboard
ClientToScreen
ChildWindowFromPoint
CheckMenuItem
CharUpperBuffW
CharToOemW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcA
CallWindowProcW
CallNextHookEx
BringWindowToTop
BeginPaint
AttachThreadInput
CharUpperA
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
SetCurrentDirectoryW
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLastError
GetCurrentDirectoryW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringW
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileW
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
lstrlenW
lstrcpynA
lstrcpyW
lstrcmpiA
lstrcmpiW
lstrcmpA
lstrcmpW
WriteProcessMemory
WritePrivateProfileStringW
WriteFile
WinExec
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFreeEx
VirtualFree
VirtualAllocEx
VirtualAlloc
UnmapViewOfFile
TryEnterCriticalSection
TerminateThread
TerminateProcess
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
SwitchToThread
SuspendThread
Sleep
SizeofResource
SignalObjectAndWait
SetUnhandledExceptionFilter
SetThreadPriority
SetThreadLocale
SetLastError
SetFilePointer
SetFileAttributesA
SetFileAttributesW
SetEvent
SetErrorMode
SetEndOfFile
SearchPathW
ResumeThread
ResetEvent
RemoveDirectoryA
RemoveDirectoryW
ReleaseMutex
ReadProcessMemory
ReadFile
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
QueryDosDeviceW
PeekNamedPipe
OutputDebugStringW
OpenProcess
OpenFileMappingA
OpenFileMappingW
MultiByteToWideChar
MulDiv
MoveFileExW
MoveFileW
MapViewOfFile
LockResource
LocalSize
LocalFree
LocalAlloc
LoadResource
LoadLibraryExA
LoadLibraryA
LoadLibraryW
LeaveCriticalSection
IsValidLocale
IsBadReadPtr
IsBadCodePtr
InitializeCriticalSection
HeapFree
HeapDestroy
HeapAlloc
GlobalUnlock
GlobalSize
GlobalMemoryStatusEx
GlobalMemoryStatus
GlobalHandle
GlobalLock
GlobalGetAtomNameW
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetWindowsDirectoryA
GetWindowsDirectoryW
GetVolumeInformationW
GetVersionExA
GetVersionExW
GetVersion
GetUserDefaultLCID
GetTimeZoneInformation
GetTickCount
GetThreadPriority
GetThreadLocale
GetThreadContext
GetTempPathA
GetTempPathW
GetTempFileNameW
GetSystemTimeAsFileTime
GetSystemTime
GetSystemInfo
GetSystemDirectoryW
GetSystemDefaultLangID
GetStdHandle
GetShortPathNameW
GetProfileStringW
GetProcessTimes
GetProcAddress
GetPrivateProfileStringW
GetPriorityClass
GetModuleHandleA
GetModuleHandleW
GetModuleFileNameA
GetModuleFileNameW
GetLogicalDriveStringsW
GetLocaleInfoA
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileTime
GetFileSize
GetFileAttributesExW
GetFileAttributesA
GetFileAttributesW
GetExitCodeThread
GetEnvironmentVariableW
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryA
GetCurrentDirectoryW
GetComputerNameA
GetComputerNameW
GetCommandLineA
GetCommandLineW
GetCPInfo
FreeResource
InterlockedIncrement
InterlockedExchangeAdd
InterlockedExchange
InterlockedDecrement
InterlockedCompareExchange
FreeLibrary
FormatMessageA
FormatMessageW
FlushInstructionCache
FlushFileBuffers
FindResourceA
FindResourceW
FindNextFileA
FindNextFileW
FindFirstFileA
FindFirstFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
ExitThread
ExitProcess
EnumCalendarInfoA
EnterCriticalSection
DuplicateHandle
DeleteFileA
DeleteFileW
DeleteCriticalSection
CreateThread
CreateProcessA
CreateProcessW
CreatePipe
CreateMutexA
CreateMutexW
CreateFileMappingA
CreateFileMappingW
CreateFileA
CreateFileW
CreateEventA
CreateEventW
CreateDirectoryA
CreateDirectoryW
CopyFileA
CopyFileW
CompareStringA
CompareStringW
CloseHandle
Beep
RtlUnwind
GetLongPathNameW
Sleep
GetUserDefaultUILanguage
ProcessIdToSessionId
VerSetConditionMask
VerifyVersionInfoW
GetUserDefaultUILanguage
ProcessIdToSessionId
QueryInformationJobObject
AssignProcessToJobObject
CreateJobObjectW
GetSystemDefaultLangID
GetLongPathNameW

msimg32

TransparentBlt
AlphaBlend

gdi32

UnrealizeObject
TextOutA
TextOutW
StretchDIBits
StretchBlt
StartPage
StartDocA
StartDocW
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixelV
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBitsToDevice
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RoundRect
RestoreDC
ResizePalette
Rectangle
RectVisible
RealizePalette
PtInRegion
Polyline
PlgBlt
PlayEnhMetaFile
Pie
PatBlt
OffsetViewportOrgEx
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetViewportOrgEx
GetTextMetricsW
GetTextFaceA
GetTextExtentPointW
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextExtentExPointW
GetTextColor
GetTextAlign
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetROP2
GetPixel
GetPaletteEntries
GetObjectType
GetObjectA
GetObjectW
GetNearestPaletteIndex
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetCurrentObject
GetClipRgn
GetClipBox
GetBrushOrgEx
GetBkMode
GetBkColor
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExtSelectClipRgn
ExcludeClipRect
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRoundRectRgn
CreateRectRgnIndirect
CreateRectRgn
CreatePolygonRgn
CreatePenIndirect
CreatePen
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateFontA
CreateFontW
CreateEnhMetaFileW
CreateEllipticRgn
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CombineRgn
CloseEnhMetaFile
BitBlt

version

VerQueryValueA
VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoA
GetFileVersionInfoW

wsock32

WSACleanup
WSAStartup
WSAGetLastError
gethostbyname
socket
setsockopt
sendto
send
select
recvfrom
recv
ioctlsocket
inet_addr
htons
connect
closesocket
bind

shell32

ShellExecuteExA
ShellExecuteExW
ShellExecuteA
ShellExecuteW
SHGetFileInfoW
SHFileOperationW
SHAppBarMessage
ExtractIconExW
DragQueryFileW
DragFinish
DragAcceptFiles
CommandLineToArgvW
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc
SHGetDesktopFolder
SHChangeNotify
SHBrowseForFolderW
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc

ole32

CreateStreamOnHGlobal
IsAccelerator
OleDraw
OleSetMenuDescriptor
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateGuid
CLSIDFromProgID
ProgIDFromCLSID
CLSIDFromString
StringFromCLSID
CoCreateInstance
CoInitializeSecurity
CoGetClassObject
CoUninitialize
CoInitializeEx
CoInitialize
IsEqualGUID
IsEqualGUID
CLSIDFromString
CoTaskMemFree
StringFromCLSID
CoCreateGuid

wininet

InternetQueryOptionW

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls
ImageList_GetIconSize

comdlg32

PrintDlgW
GetSaveFileNameA
GetSaveFileNameW
GetOpenFileNameW

winspool.drv

OpenPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter

crypt32

CryptMsgClose
CertCloseStore
CertFreeCertificateContext
CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

sqlite3

sqlite3_bind_parameter_index
sqlite3_bind_null
sqlite3_bind_int64
sqlite3_bind_int
sqlite3_bind_double
sqlite3_bind_text
sqlite3_bind_blob
sqlite3_open_v2
sqlite3_vfs_unregister
sqlite3_vfs_register
sqlite3_vfs_find
sqlite3_mutex_free
sqlite3_mutex_alloc
sqlite3_mutex_leave
sqlite3_mutex_enter
sqlite3_backup_finish
sqlite3_backup_step
sqlite3_backup_init
sqlite3_reset
sqlite3_finalize
sqlite3_column_int64
sqlite3_column_type
sqlite3_column_text
sqlite3_column_double
sqlite3_column_bytes
sqlite3_column_blob
sqlite3_step
sqlite3_column_decltype
sqlite3_column_name
sqlite3_column_count
sqlite3_prepare_v2
sqlite3_free
sqlite3_errcode
sqlite3_errmsg
sqlite3_exec
sqlite3_close
sqlite3_open

pluginhelper

GenerateHMac

msvcrt

free
malloc
strchr
isxdigit
isupper
isspace
ispunct
isprint
islower
isgraph
isdigit
iscntrl
isalpha
isalnum
toupper
tolower
strlen
memcmp
strncmp
memset
memmove
memcpy
_gcvt

sysrest

IsSREnable
EnableSR
CloseEnum
EnumNextPoint
EnumFirstPoint
RestoreSystem
DeleteRestorePoint
CreateRestorePoint

winmm

timeGetTime

productnews2

CheckIsVerUpdate
FreeData
DoNewsShowStat
DoNewsClickStat
GetNextNews
StartGetNews
UpdateParams

wintrust

WinVerifyTrust
CryptCATAdminReleaseCatalogContext
CryptCATCatalogInfoFromContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminAcquireContext

netapi32

NetApiBufferFree
NetUserEnum

Exports

Exports

madTraceProcess

Sections

.text
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 289KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 86B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 596B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 318KB - Virtual size: 317KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PluginHelper.dll
.dll windows:5 windows x86 arch:x86

5bf3fa5909a3b7b703e861cca9272295

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetDefaultPrinterW
EnumPrintersW

comctl32

ImageList_GetImageInfo
FlatSB_SetScrollInfo
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
ImageList_Copy
FlatSB_GetScrollInfo
ImageList_Write
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Replace
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_LoadImageW
ImageList_Draw
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetOverlayImage

shell32

Shell_NotifyIconW

user32

DdeSetUserHandle
CopyImage
SetMenuItemInfoW
GetMenuItemInfoW
DefFrameProcW
GetDlgCtrlID
FrameRect
RegisterWindowMessageW
GetMenuStringW
FillRect
SendMessageA
DdeCmpStringHandles
IsClipboardFormatAvailable
EnumWindows
ShowOwnedPopups
GetClassInfoExW
GetClassInfoW
GetScrollRange
SetActiveWindow
GetActiveWindow
DrawEdge
GetKeyboardLayoutList
LoadBitmapW
EnumChildWindows
UnhookWindowsHookEx
SetCapture
GetCapture
ShowCaret
CreatePopupMenu
GetMenuItemID
CharLowerBuffW
PostMessageW
SetWindowLongW
IsZoomed
SetParent
DrawMenuBar
GetClientRect
IsChild
IsIconic
CallNextHookEx
DdeDisconnect
ShowWindow
GetWindowTextW
SetForegroundWindow
IsDialogMessageW
DestroyWindow
RegisterClassW
EndMenu
CharNextW
GetFocus
GetDC
SetFocus
ReleaseDC
GetClassLongW
SetScrollRange
DrawTextW
PeekMessageA
MessageBeep
SetClassLongW
RemovePropW
GetSubMenu
DestroyIcon
IsWindowVisible
DispatchMessageA
UnregisterClassW
GetTopWindow
SendMessageW
DdeNameService
DdeAccessData
LoadStringW
CreateMenu
CharLowerW
SetWindowPos
SetWindowRgn
GetMenuItemCount
GetSysColorBrush
GetWindowDC
DdeQueryConvInfo
DrawTextExW
EnumClipboardFormats
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
GetSysColor
EnableScrollBar
TrackPopupMenu
DrawIconEx
DdePostAdvise
GetClassNameW
DdeCreateDataHandle
GetMessagePos
GetIconInfo
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
SetCursorPos
GetCursorPos
SetMenu
GetMenuState
GetMenu
SetRect
GetKeyState
GetCursor
KillTimer
WaitMessage
TranslateMDISysAccel
GetWindowPlacement
CreateWindowExW
GetMessageW
GetDCEx
PeekMessageW
MonitorFromWindow
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
DdeUnaccessData
MapVirtualKeyW
IsWindowUnicode
DispatchMessageW
CreateAcceleratorTableW
DefMDIChildProcW
GetSystemMenu
GetScrollPos
SetScrollPos
DdeClientTransaction
DrawFocusRect
ReleaseCapture
LoadCursorW
DdeConnect
ScrollWindow
GetLastActivePopup
DdeUninitialize
GetSystemMetrics
CharUpperBuffW
SetClipboardData
GetClipboardData
ClientToScreen
SetWindowPlacement
DdeFreeStringHandle
GetMonitorInfoW
CheckMenuItem
CharUpperW
DefWindowProcW
GetForegroundWindow
EnableWindow
GetWindowThreadProcessId
RedrawWindow
EndPaint
MsgWaitForMultipleObjectsEx
LoadKeyboardLayoutW
ActivateKeyboardLayout
GetParent
InsertMenuItemW
MonitorFromRect
DdeQueryStringA
GetPropW
MessageBoxW
SetPropW
UpdateWindow
MsgWaitForMultipleObjects
DestroyMenu
SetWindowsHookExW
EmptyClipboard
AdjustWindowRectEx
IsWindow
DrawIcon
EnumThreadWindows
InvalidateRect
GetKeyboardState
ScreenToClient
DrawFrameControl
DdeFreeDataHandle
SetCursor
CreateIcon
DdeInitializeA
RemoveMenu
DdeCreateStringHandleA
GetKeyboardLayoutNameW
OpenClipboard
TranslateMessage
MapWindowPoints
EnumDisplayMonitors
CountClipboardFormats
CallWindowProcW
CloseClipboard
DestroyCursor
CopyIcon
PostQuitMessage
DdeGetLastError
ShowScrollBar
EnableMenuItem
HideCaret
FindWindowExW
LoadIconW
SystemParametersInfoW
MonitorFromPoint
GetWindow
GetWindowRect
GetWindowLongW
InsertMenuW
IsWindowEnabled
IsDialogMessageA
FindWindowW
GetKeyboardLayout
DeleteMenu

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleaut32

SafeArrayPutElement
GetErrorInfo
VariantInit
VariantClear
SysFreeString
SafeArrayAccessData
SysReAllocStringLen
SafeArrayCreate
SafeArrayGetElement
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopyInd
VariantChangeType

advapi32

RegSetValueExW
RegConnectRegistryW
RegEnumKeyExW
RegLoadKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegUnLoadKeyW
RegSaveKeyW
RegDeleteValueW
RegReplaceKeyW
RegFlushKey
RegQueryValueExW
RegEnumValueW
RegCloseKey
RegCreateKeyExW
RegRestoreKeyW

netapi32

NetWkstaGetInfo
NetApiBufferFree

msvcrt

memcpy

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetTimeouts
WinHttpConnect
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpWriteData
WinHttpSetCredentials
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpSendRequest
WinHttpQueryOption

kernel32

GetACP
CloseHandle
LocalFree
GetCurrentProcessId
SizeofResource
VirtualProtect
TlsAlloc
TerminateThread
QueryPerformanceFrequency
IsDebuggerPresent
GetFullPathNameW
VirtualFree
ExitProcess
HeapAlloc
GetCPInfoExW
GlobalSize
RtlUnwind
GetCPInfo
EnumSystemLocalesW
GetStdHandle
GetTimeZoneInformation
GetModuleHandleW
FreeLibrary
TryEnterCriticalSection
HeapDestroy
ReadFile
HeapSize
GetLastError
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalUnlock
FindResourceW
CreateThread
CompareStringW
LoadLibraryA
ResetEvent
MulDiv
FreeResource
GetVersion
RaiseException
GlobalAddAtomW
FormatMessageW
SwitchToThread
GetExitCodeThread
OutputDebugStringW
GetCurrentThread
LoadLibraryExW
LockResource
FileTimeToSystemTime
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
GlobalFindAtomW
VirtualQueryEx
GlobalFree
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetFileSize
GetStartupInfoW
GlobalDeleteAtom
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
SetThreadPriority
GlobalLock
VirtualAlloc
GetSystemInfo
GetCommandLineW
GetTempPathW
LeaveCriticalSection
GetProcAddress
ResumeThread
WinExec
GetVersionExW
VerifyVersionInfoW
HeapCreate
LCMapStringW
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
TlsFree
lstrlenW
CompareStringA
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
EnumResourceNamesW
GetLocalTime
WaitForSingleObject
WriteFile
ExitThread
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
IsValidLocale
TlsSetValue
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
CreateEventW
WaitForMultipleObjectsEx
SetThreadLocale
GetThreadLocale

ole32

IsEqualGUID
OleInitialize
CoGetMalloc
OleUninitialize
CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc

gdi32

Pie
SetBkMode
CreateCompatibleBitmap
GetEnhMetaFileHeader
RectVisible
AngleArc
SetAbortProc
SetTextColor
StretchBlt
RoundRect
RestoreDC
SetRectRgn
GetTextMetricsW
GetWindowOrgEx
CreatePalette
PolyBezierTo
CreateICW
CreateDCW
GetStockObject
CreateSolidBrush
Polygon
MoveToEx
PlayEnhMetaFile
Ellipse
StartPage
GetBitmapBits
StartDocW
GetSystemPaletteEntries
GetEnhMetaFileBits
AbortDoc
GetEnhMetaFilePaletteEntries
CreatePenIndirect
CreateFontIndirectW
PolyBezier
EndDoc
GetObjectW
GetWinMetaFileBits
SetROP2
GetEnhMetaFileDescriptionW
ArcTo
Arc
SelectPalette
ExcludeClipRect
MaskBlt
SetWindowOrgEx
EndPage
DeleteEnhMetaFile
Chord
SetDIBits
SetViewportOrgEx
CreateRectRgn
RealizePalette
SetDIBColorTable
GetDIBColorTable
CreateBrushIndirect
PatBlt
SetEnhMetaFileBits
Rectangle
SaveDC
DeleteDC
FrameRgn
BitBlt
GetDeviceCaps
GetTextExtentPoint32W
GetClipBox
IntersectClipRect
Polyline
CreateBitmap
SetWinMetaFileBits
GetStretchBltMode
CreateDIBitmap
SetStretchBltMode
GetDIBits
CreateDIBSection
LineTo
GetRgnBox
EnumFontsW
CreateHalftonePalette
SelectObject
DeleteObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
SetBkColor
CreateCompatibleDC
GetBrushOrgEx
GetCurrentPositionEx
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
GdiFlush
SetPixel
EnumFontFamiliesExW
StretchDIBits
GetPaletteEntries

Exports

Exports

GenerateHMac
GenerateHMacEx
GetMachineIDStr
TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 25KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 226B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 416KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug
Size: 22.1MB - Virtual size: 22.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ProductNews2.dll
.dll windows:5 windows x86 arch:x86

00e34e866b2d7f5f9a7f8f3399ebe12a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

EnterCriticalSection
SetFilePointer
GetACP
CloseHandle
LocalFree
SuspendThread
VirtualProtect
TlsAlloc
GetTickCount
IsDebuggerPresent
GetFullPathNameW
VirtualFree
HeapAlloc
GetStartupInfoW
ExitProcess
InitializeCriticalSection
GetCPInfoExW
GetThreadPriority
GetCurrentProcess
SetThreadPriority
VirtualAlloc
RtlUnwind
GetCPInfo
GetCommandLineW
GetSystemInfo
ResumeThread
GetProcAddress
LeaveCriticalSection
EnumSystemLocalesW
GetStdHandle
GetVersionExW
VerifyVersionInfoW
GetModuleHandleW
FreeLibrary
HeapCreate
HeapDestroy
ReadFile
GetDiskFreeSpaceW
VerSetConditionMask
GetUserDefaultUILanguage
FindFirstFileW
TlsFree
HeapSize
GetModuleFileNameW
GetLastError
lstrlenW
SetEndOfFile
CompareStringW
CreateThread
HeapFree
WideCharToMultiByte
MultiByteToWideChar
FindClose
LoadLibraryA
ResetEvent
SetEvent
CreateFileW
GetLocaleInfoW
GetVersion
RaiseException
FormatMessageW
SwitchToThread
GetExitCodeThread
GetLocalTime
WaitForSingleObject
GetCurrentThread
WriteFile
ExitThread
DeleteCriticalSection
GetDateFormatW
TlsGetValue
IsValidLocale
TlsSetValue
LoadLibraryExW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
CreateEventW
VirtualQueryEx
GetThreadLocale
Sleep
SetThreadLocale

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

user32

CharUpperBuffW
CharNextW
MsgWaitForMultipleObjects
CharLowerBuffW
LoadStringW
CharUpperW
PeekMessageW
GetSystemMetrics
MessageBoxW

oleaut32

SysAllocStringLen
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
VariantClear
SysFreeString
SysReAllocStringLen
VariantChangeType
SafeArrayCreate

netapi32

NetWkstaGetInfo
NetApiBufferFree

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

Exports

Exports

CheckIsVerUpdate
DoNewsClickStat
DoNewsShowStat
ExtractResData
FreeData
GetFirstNews
GetNewsContent
GetNewsContentLanList
GetNewsCount
GetNextNews
SetProxyParams
StartGetNews
TMethodImplementationIntercept
UpdateParams
UpdateParamsEx
__dbk_fcall_wrapper
dbkFCallWrapperAddr
madTraceProcess

Sections

.text
Size: 839KB - Virtual size: 838KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 23KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 490B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 527B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SysRest.dll
.dll windows:4 windows x86 arch:x86

9f03da84a288b0530bba6c93d00df89a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5c:d0:50:29:20:c2:7e:ea:ec:2a:18:4d:04:52:e5:3a
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16/01/2018, 00:00

Not After

30/03/2021, 23:59

Subject

CN=IObit Information Technology,O=IObit Information Technology,L=Chengdu,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5c:d0:50:29:20:c2:7e:ea:ec:2a:18:4d:04:52:e5:3a
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16/01/2018, 00:00

Not After

30/03/2021, 23:59

Subject

CN=IObit Information Technology,O=IObit Information Technology,L=Chengdu,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

36:a8:ac:e8:67:a7:d4:e8:57:97:aa:6e:59:96:79:89:f0:b1:0c:cf:9e:a0:d4:be:8f:f2:5b:f8:a6:70:30:0d
Signer

Actual PE Digest

36:a8:ac:e8:67:a7:d4:e8:57:97:aa:6e:59:96:79:89:f0:b1:0c:cf:9e:a0:d4:be:8f:f2:5b:f8:a6:70:30:0d

Digest Algorithm

sha256

PE Digest Matches

true

18:76:90:8c:bc:dd:83:c8:af:9e:0a:44:0f:05:21:52:f1:5b:79:57
Signer

Actual PE Digest

18:76:90:8c:bc:dd:83:c8:af:9e:0a:44:0f:05:21:52:f1:5b:79:57

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\git-repositories\DriverBoosterMoudle\RestoreFunc\release\SysRest.pdb

Imports

kernel32

GetVersionExW
Sleep
GetTickCount
FreeLibrary
GetProcAddress
LoadLibraryW
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
HeapSize
GetLocaleInfoA
GetLastError
HeapFree
HeapAlloc
MultiByteToWideChar
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
VirtualFree
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
LoadLibraryA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

advapi32

RegCreateKeyExW
RegQueryValueExW
QueryServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
RegDeleteValueW
RegCloseKey
RegSetValueExW

ole32

CoCreateInstance
CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoSetProxyBlanket

oleaut32

VariantInit
SysFreeString
SysAllocString
VariantClear
SysStringLen

Exports

Exports

CloseEnum
CreateRestorePoint
DeleteRestorePoint
DisableSR
EnableSR
EnumFirstPoint
EnumNextPoint
IsSREnable
RestoreSystem

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
get
installapk.ico
lang.dat
madbasic_.bpl
.dll windows:5 windows x86 arch:x86

ae5a6a29d3cea5a63ad958cfb1a5fb0c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5c:d0:50:29:20:c2:7e:ea:ec:2a:18:4d:04:52:e5:3a
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16/01/2018, 00:00

Not After

30/03/2021, 23:59

Subject

CN=IObit Information Technology,O=IObit Information Technology,L=Chengdu,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5c:d0:50:29:20:c2:7e:ea:ec:2a:18:4d:04:52:e5:3a
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16/01/2018, 00:00

Not After

30/03/2021, 23:59

Subject

CN=IObit Information Technology,O=IObit Information Technology,L=Chengdu,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3c:84:2a:e3:37:a9:9f:25:14:45:02:2b:54:0d:d9:c7:b5:d9:a5:cb:3e:61:ba:2c:3b:69:4a:d3:c1:00:d7:71
Signer

Actual PE Digest

3c:84:2a:e3:37:a9:9f:25:14:45:02:2b:54:0d:d9:c7:b5:d9:a5:cb:3e:61:ba:2c:3b:69:4a:d3:c1:00:d7:71

Digest Algorithm

sha256

PE Digest Matches

true

f0:61:17:94:aa:8f:fc:7b:a6:41:14:52:28:8d:c8:db:fa:d1:c6:cb
Signer

Actual PE Digest

f0:61:17:94:aa:8f:fc:7b:a6:41:14:52:28:8d:c8:db:fa:d1:c6:cb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

rtl120.bpl

@System@initialization$qqrv
@System@Finalization$qqrv
@System@@IntfAddRef$qqrx45System@%DelphiInterface$t17System@IInterface%
@System@@IntfCopy$qqrr45System@%DelphiInterface$t17System@IInterface%x45System@%DelphiInterface$t17System@IInterface%
@System@@IntfClear$qqrr45System@%DelphiInterface$t17System@IInterface%
@System@UnregisterModule$qqrp17System@TLibModule
@System@RegisterModule$qqrp17System@TLibModule
@System@@DynArrayAsg$qqrv
@System@@DynArrayClear$qqrrpvpv
@System@@DynArrayCopy$qqrpvt1rpv
@System@@DynArraySetLength$qqrv
@System@@DynArrayHigh$qqrv
@System@@DynArrayLength$qqrv
@System@@_llmod$qqrv
@System@@_lldiv$qqrv
@System@@_llmul$qqrv
@System@@Dispose$qqrpvt1
@System@@New$qqripv
@System@@CopyRecord$qqrv
@System@@FinalizeArray$qqrpvt1ui
@System@@FinalizeRecord$qqrpvt1
@System@@UniqueStringU$qqrr20System@UnicodeString
@System@UniqueString$qqrr20System@UnicodeString
@System@@UStrInsert$qqrx20System@UnicodeStringr20System@UnicodeStringi
@System@@UStrDelete$qqrr20System@UnicodeStringii
@System@@UStrCopy$qqrx20System@UnicodeStringii
@System@@UStrEqual$qqrv
@System@@UStrCatN$qqrv
@System@@UStrCat3$qqrr20System@UnicodeStringx20System@UnicodeStringt2
@System@@UStrCat$qqrr20System@UnicodeStringx20System@UnicodeString
@System@@UStrSetLength$qqrr20System@UnicodeStringi
@System@@UStrLen$qqrx20System@UnicodeString
@System@@WStrFromUStr$qqrr17System@WideStringx20System@UnicodeString
@System@@LStrFromUStr$qqrr27System@%AnsiStringT$us$i0$%x20System@UnicodeStringus
@System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%
@System@@UStrFromWArray$qqrr20System@UnicodeStringpbi
@System@@UStrFromPWChar$qqrr20System@UnicodeStringpb
@System@@UStrFromPChar$qqrr20System@UnicodeStringpc
@System@@UStrFromWChar$qqrr20System@UnicodeStringb
@System@@UStrToPWChar$qqrx20System@UnicodeString
@System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString
@System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString
@System@@UStrArrayClr$qqrpvi
@System@@UStrClr$qqrpv
@System@@UStrAddRef$qqrpv
@System@@WStrToPWChar$qqrx17System@WideString
@System@@WStrClr$qqrpv
@System@@LStrSetLength$qqrv
@System@@LStrInsert$qqrv
@System@@LStrDelete$qqrv
@System@@LStrCopy$qqrv
@System@@UniqueStringA$qqrr27System@%AnsiStringT$us$i0$%
@System@UniqueString$qqrr27System@%AnsiStringT$us$i0$%
@System@@LStrToPChar$qqrx27System@%AnsiStringT$us$i0$%
@System@@LStrAddRef$qqrpv
@System@@LStrEqual$qqrv
@System@@LStrCatN$qqrv
@System@@LStrCat3$qqrv
@System@@LStrCat$qqrv
@System@@LStrLen$qqrx27System@%AnsiStringT$us$i0$%
@System@@LStrFromArray$qqrr27System@%AnsiStringT$us$i0$%pcius
@System@@LStrFromPWChar$qqrr27System@%AnsiStringT$us$i0$%pbus
@System@@LStrFromPChar$qqrr27System@%AnsiStringT$us$i0$%pcus
@System@@LStrFromChar$qqrr27System@%AnsiStringT$us$i0$%cus
@System@@EnsureAnsiString$qqrr27System@%AnsiStringT$us$i0$%us
@System@@EnsureUnicodeString$qqrr20System@UnicodeString
@System@@LStrFromPCharLen$qqrr27System@%AnsiStringT$us$i0$%pcius
@System@@LStrLAsg$qqrpvpxv
@System@@LStrAsg$qqrpvpxv
@System@@LStrArrayClr$qqrpvi
@System@@LStrClr$qqrpv
@System@@RunError$qqruc
@System@@PackageUnload$qqrpx23System@PackageInfoTablep17System@TLibModule
@System@@PackageLoad$qqrpx23System@PackageInfoTablep17System@TLibModule
@System@@TryFinallyExit$qqrv
@System@@DoneExcept$qqrv
@System@@RaiseAgain$qqrv
@System@@RaiseExcept$qqrv
@System@@HandleFinally$qqrv
@System@@HandleAnyException$qqrv
@System@@BeforeDestruction$qqrp14System@TObjectzc
@System@@AfterConstruction$qqrp14System@TObject
@System@@ClassDestroy$qqrp14System@TObject
@System@@ClassCreate$qqrp17System@TMetaClasso
@System@TObject@Dispatch$qqrpv
@System@TObject@BeforeDestruction$qqrv
@System@TObject@AfterConstruction$qqrv
@System@TObject@DefaultHandler$qqrpv
@System@TObject@ToString$qqrv
@System@TObject@SafeCallException$qqrp14System@TObjectpv
@System@TObject@GetInterface$qqrrx5_GUIDpv
@System@TObject@GetHashCode$qqrv
@System@TObject@Equals$qqrp14System@TObject
@System@TObject@Free$qqrv
@System@TObject@$bdtr$qqrv
@System@TObject@$bctr$qqrv
@System@TObject@FreeInstance$qqrv
@System@TObject@NewInstance$qqrv
@System@@SetSub$qqrv
@System@@SetUnion$qqrv
@System@@FillChar$qqrpvib
@System@@AbstractError$qqrv
@System@@ROUND$qqrv
@System@Sin$qqrxg
@System@Get8087CW$qqrv
@System@Set8087CW$qqrus
@System@Move$qqrpxvpvi
@System@@FreeMem$qqrpv
@System@@GetMem$qqri
@System@AllocMem$qqrui
@System@ExceptionClass
@System@ExceptObjProc
@$xp$17System@IInterface
@$xp$14System@TObject
@System@TObject@
@$xp$17System@AnsiString
@$xp$17System@WideString
@$xp$13System@string
@$xp$6Double
@$xp$5Int64
@$xp$8Cardinal
@$xp$11System@Word
@$xp$11System@Byte
@$xp$7Integer
@$xp$8SmallInt
@$xp$15System@ShortInt
@$xp$11System@Char
@$xp$8AnsiChar
@$xp$7Boolean
@Classes@initialization$qqrv
@Classes@Finalization$qqrv
@Classes@Rect$qqriiii
@Typinfo@initialization$qqrv
@Typinfo@Finalization$qqrv
@Sysutils@initialization$qqrv
@Sysutils@Finalization$qqrv
@Math@Min$qqrxixi
@Math@Ceil$qqrxg
@Variants@initialization$qqrv
@Variants@Finalization$qqrv
@Varutils@initialization$qqrv
@Varutils@Finalization$qqrv
@Registry@initialization$qqrv
@Registry@Finalization$qqrv
@Inifiles@initialization$qqrv
@Inifiles@Finalization$qqrv

kernel32

TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
FreeLibrary
lstrlenW
lstrcmpA
WriteFile
WaitForSingleObject
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
UnmapViewOfFile
SizeofResource
SetLastError
SetFileTime
SetFilePointer
SetFileAttributesA
SetFileAttributesW
SetEndOfFile
ReleaseMutex
ReadFile
MapViewOfFile
LockResource
LocalFree
LocalAlloc
LoadResource
LoadLibraryExA
LeaveCriticalSection
InitializeCriticalSection
GetVersionExA
GetVersionExW
GetVersion
GetTickCount
GetThreadLocale
GetTempPathA
GetTempPathW
GetProcAddress
GetModuleHandleA
GetModuleHandleW
GetModuleFileNameA
GetModuleFileNameW
GetLocaleInfoA
GetLocaleInfoW
GetLastError
GetFileTime
GetFileSize
GetFileAttributesA
GetFileAttributesW
GetCurrentThreadId
GetCurrentProcessId
FreeResource
InterlockedIncrement
InterlockedDecrement
FreeLibrary
FormatMessageA
FormatMessageW
FindResourceA
FindResourceW
FindFirstFileA
FindFirstFileW
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnterCriticalSection
DeleteFileA
DeleteFileW
DeleteCriticalSection
CreateMutexA
CreateFileMappingA
CreateFileMappingW
CreateFileA
CreateFileW
CloseHandle

user32

CreateWindowExA
UnregisterClassA
RegisterClassA
PostMessageW
IsWindowUnicode
IsWindow
GetSystemMetrics
DestroyWindow
DefWindowProcA
DefWindowProcW

gdi32

GetObjectW

version

VerQueryValueA
VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoA
GetFileVersionInfoW

vcl120.bpl

@Graphics@initialization$qqrv
@Graphics@Finalization$qqrv
@Graphics@TBitmap@SetPixelFormat$qqr21Graphics@TPixelFormat
@Graphics@TBitmap@GetScanline$qqri
@Graphics@TBitmap@GetPixelFormat$qqrv
@Graphics@TBitmap@GetCanvas$qqrv
@Graphics@TBitmap@$bctr$qqrv
@Graphics@TCanvas@GetHandle$qqrv
@Graphics@TCanvas@StretchDraw$qqrrx11Types@TRectp17Graphics@TGraphic
@Graphics@TBitmap@

comctl32

ImageList_GetImageInfo
ImageList_Draw

Exports

Exports

@$xp$12Madtools@TOS
@$xp$14Madbasic@IList
@$xp$15Madbasic@IBasic
@$xp$15Madbasic@TIList
@$xp$15Madtypes@TSByte
@$xp$15Madtypes@TSChar
@$xp$16Madbasic@TIBasic
@$xp$16Madtools@TOsEnum
@$xp$16Madtypes@TDAByte
@$xp$16Madtypes@TDAChar
@$xp$16Madtypes@TDAWord
@$xp$17Madbasic@TDABasic
@$xp$17Madtypes@TAString
@$xp$17Madtypes@TDAInt64
@$xp$17Madtypes@TExtBool
@$xp$18Madtypes@TDAString
@$xp$18Madtypes@TSBoolean
@$xp$18Madtypes@TSExtBool
@$xp$19Madlists@IBasicList
@$xp$19Madtypes@TAIUnknown
@$xp$19Madtypes@TDABoolean
@$xp$19Madtypes@TDAExtBool
@$xp$19Madtypes@TDAInteger
@$xp$19Madtypes@TDAPointer
@$xp$20Madbasic@TChangeType
@$xp$20Madbasic@_TIBasic@_1
@$xp$20Madtypes@TDAAnsiChar
@$xp$20Madtypes@TDACardinal
@$xp$20Madtypes@TDAIUnknown
@$xp$20Madtypes@TDAShortInt
@$xp$20Madtypes@TDASmallInt
@$xp$20Madtypes@TDAWideChar
@$xp$21Madlists@IPointerList
@$xp$21Madtypes@MadException
@$xp$21Madtypes@TAAnsiString
@$xp$21Madtypes@TAWideString
@$xp$21Madtypes@TDANativeInt
@$xp$22Madtools@TMsgHandlerOO
@$xp$22Madtypes@TDAAnsiString
@$xp$22Madtypes@TDANativeUInt
@$xp$22Madtypes@TDAWideString
@$xp$23Madlists@IInterfaceList
@$xp$24Madgraphics@TGrayPercent
@$xp$24Madtypes@TAUnicodeString
@$xp$25Madbasic@ICriticalSection
@$xp$25Madbasic@ICustomBasicList
@$xp$25Madtypes@TDAUnicodeString
@$xp$26Madbasic@TICustomBasicList
@$xp$27Madbasic@TDataDestroyProcOO
@$xp$27Madgraphics@TStretchQuality
@$xp$28Madbasic@IBasicListSelection
@$xp$28Madbasic@TIListChangeEventOO
@$xp$29Madbasic@TIBasicListSelection
@$xp$30Madbasic@_TICustomBasicList@_1
@$xp$30Madbasic@_TICustomBasicList@_2
@$xp$30Madbasic@_TICustomBasicList@_3
@$xp$30Madbasic@_TICustomBasicList@_4
@GetPackageInfoTable
@Madbasic@CErrorStr_AmInvalid
@Madbasic@CErrorStr_IndexOutOfRange
@Madbasic@CErrorStr_InvalidClass
@Madbasic@CErrorStr_InvalidIndex
@Madbasic@CErrorStr_SectionBlocked
@Madbasic@CErrorStr_SectionLeaveError
@Madbasic@CErrorStr_Unknown
@Madbasic@Finalization$qqrv
@Madbasic@NewCriticalSection$qqrv
@Madbasic@TIBasic@
@Madbasic@TIBasic@$bctr$qqrouix20System@UnicodeString
@Madbasic@TIBasic@$bdtr$qqrv
@Madbasic@TIBasic@AddParent$qqrp26Madbasic@TICustomBasicList
@Madbasic@TIBasic@AfterConstruction$qqrv
@Madbasic@TIBasic@BeforeDestruction$qqrv
@Madbasic@TIBasic@CheckValid$qqrv
@Madbasic@TIBasic@DelParent$qqrp26Madbasic@TICustomBasicList
@Madbasic@TIBasic@GetChecked$qqrx53System@%DelphiInterface$t25Madbasic@ICustomBasicList%
@Madbasic@TIBasic@GetData$qqrv
@Madbasic@TIBasic@GetFocused$qqrx53System@%DelphiInterface$t25Madbasic@ICustomBasicList%
@Madbasic@TIBasic@GetIndex$qqrx53System@%DelphiInterface$t25Madbasic@ICustomBasicList%
@Madbasic@TIBasic@GetLastChangeType$qqrx53System@%DelphiInterface$t25Madbasic@ICustomBasicList%
@Madbasic@TIBasic@GetLastErrorNo$qqrv
@Madbasic@TIBasic@GetLastErrorStr$qqrv
@Madbasic@TIBasic@GetOldIndex$qqrx53System@%DelphiInterface$t25Madbasic@ICustomBasicList%
@Madbasic@TIBasic@GetSelected$qqrx53System@%DelphiInterface$t25Madbasic@ICustomBasicList%
@Madbasic@TIBasic@GetStrBuf$qqrv
@Madbasic@TIBasic@GetStrBufA$qqrv
@Madbasic@TIBasic@GetStrBufW$qqrv
@Madbasic@TIBasic@IsValid$qqrv
@Madbasic@TIBasic@NewInstance$qqrv
@Madbasic@TIBasic@QueryInterface$qqsrx5_GUIDpv
@Madbasic@TIBasic@SelfAsTObject$qqrv
@Madbasic@TIBasic@SetChecked$qqrx53System@%DelphiInterface$t25Madbasic@ICustomBasicList%17Madtypes@TExtBool
@Madbasic@TIBasic@SetData$qqrpv
@Madbasic@TIBasic@SetData$qqrpvpqqrrpv$v
@Madbasic@TIBasic@SetData$qqrpvynpqqrrpv$v
@Madbasic@TIBasic@SetFocused$qqrx53System@%DelphiInterface$t25Madbasic@ICustomBasicList%o
@Madbasic@TIBasic@SetLastChangeType$qqrx53System@%DelphiInterface$t25Madbasic@ICustomBasicList%20Madbasic@TChangeType
@Madbasic@TIBasic@SetLastError$qqruix20System@UnicodeString
@Madbasic@TIBasic@SetLastErrorNo$qqrui
@Madbasic@TIBasic@SetLastErrorStr$qqrx20System@UnicodeString
@Madbasic@TIBasic@SetSelected$qqrx53System@%DelphiInterface$t25Madbasic@ICustomBasicList%o
@Madbasic@TIBasic@SetStrBuf$qqrx20System@UnicodeString
@Madbasic@TIBasic@SetStrBuf$qqrx27System@%AnsiStringT$us$i0$%
@Madbasic@TIBasic@SetStrBufA$qqrx27System@%AnsiStringT$us$i0$%
@Madbasic@TIBasic@SetStrBufW$qqrx20System@UnicodeString
@Madbasic@TIBasic@Success$qqrv
@Madbasic@TIBasic@Supports$qqrrx5_GUID
@Madbasic@TIBasic@_AddRef$qqsv
@Madbasic@TIBasic@_Release$qqsv
@Madbasic@TIBasicListSelection@
@Madbasic@TIBasicListSelection@$bctr$qqrouix20System@UnicodeStringx53System@%DelphiInterface$t25Madbasic@ICustomBasicList%o
@Madbasic@TIBasicListSelection@$bdtr$qqrv
@Madbasic@TIBasicListSelection@GetParentList$qqrv
@Madbasic@TIBasicListSelection@ParentListChanged$qqrx53System@%DelphiInterface$t25Madbasic@ICustomBasicList%x43System@%DelphiInterface$t15Madbasic@IBasic%o20Madbasic@TChangeTypeii
@Madbasic@TICustomBasicList@
@Madbasic@TICustomBasicList@$bdtr$qqrv
@Madbasic@TICustomBasicList@AddItem$qqrx43System@%DelphiInterface$t15Madbasic@IBasic%
@Madbasic@TICustomBasicList@AddItems$qqrpx43System@%DelphiInterface$t15Madbasic@IBasic%xi
@Madbasic@TICustomBasicList@BasicItem$qqri
@Madbasic@TICustomBasicList@BeginRefresh$qqrv
@Madbasic@TICustomBasicList@Change$qqrx43System@%DelphiInterface$t15Madbasic@IBasic%o20Madbasic@TChangeTypeii
@Madbasic@TICustomBasicList@DeleteItem$qqri
@Madbasic@TICustomBasicList@EndRefresh$qqrv
@Madbasic@TICustomBasicList@GetSortDown$qqrv
@Madbasic@TICustomBasicList@GetSortInfo$qqrv
@Madbasic@TICustomBasicList@GetSortParams$qqrrpqqrx42System@%DelphiInterface$t14Madbasic@IList%x43System@%DelphiInterface$t15Madbasic@IBasic%t2i$irori
@Madbasic@TICustomBasicList@GetSortProc$qqrv
@Madbasic@TICustomBasicList@InsertItem$qqrx43System@%DelphiInterface$t15Madbasic@IBasic%i
@Madbasic@TICustomBasicList@Pack$qqrv
@Madbasic@TICustomBasicList@RegisterChangeEvent$qqrpqqrx53System@%DelphiInterface$t25Madbasic@ICustomBasicList%x43System@%DelphiInterface$t15Madbasic@IBasic%o20Madbasic@TChangeTypeii$v
@Madbasic@TICustomBasicList@RegisterChangeEvent$qqrynpqqrx53System@%DelphiInterface$t25Madbasic@ICustomBasicList%x43System@%DelphiInterface$t15Madbasic@IBasic%o20Madbasic@TChangeTypeii$v
@Madbasic@TICustomBasicList@SetCapacity$qqri
@Madbasic@TICustomBasicList@SetSortDown$qqro
@Madbasic@TICustomBasicList@SetSortInfo$qqri
@Madbasic@TICustomBasicList@SetSortParams$qqrpqqrx42System@%DelphiInterface$t14Madbasic@IList%x43System@%DelphiInterface$t15Madbasic@IBasic%t2i$ioi
@Madbasic@TICustomBasicList@SetSortProc$qqrpqqrx42System@%DelphiInterface$t14Madbasic@IList%x43System@%DelphiInterface$t15Madbasic@IBasic%t2i$i
@Madbasic@TICustomBasicList@SortItem$qqri
@Madbasic@TICustomBasicList@UnregisterChangeEvent$qqrpqqrx53System@%DelphiInterface$t25Madbasic@ICustomBasicList%x43System@%DelphiInterface$t15Madbasic@IBasic%o20Madbasic@TChangeTypeii$v
@Madbasic@TICustomBasicList@UnregisterChangeEvent$qqrynpqqrx53System@%DelphiInterface$t25Madbasic@ICustomBasicList%x43System@%DelphiInterface$t15Madbasic@IBasic%o20Madbasic@TChangeTypeii$v
@Madbasic@TIList@
@Madbasic@TIList@$bctr$qqrouix20System@UnicodeString
@Madbasic@TIList@$bdtr$qqrv
@Madbasic@TIList@Clear$qqrv
@Madbasic@TIList@GetCapacity$qqrv
@Madbasic@TIList@GetFocusedItem$qqrv
@Madbasic@TIList@GetItemCount$qqrv
@Madbasic@TIList@GetLastFocusedItem$qqrv
@Madbasic@TIList@GetSelectedCount$qqrv
@Madbasic@TIList@Grow$qqrv
@Madbasic@TIList@Lock$qqrv
@Madbasic@TIList@QuickSort$qqrpvt1iit1oi
@Madbasic@TIList@SetLastFocusedItem$qqr43System@%DelphiInterface$t15Madbasic@IBasic%
@Madbasic@TIList@Unlock$qqrv
@Madbasic@initialization$qqrv
@Madbasic_@@GetPackageInfoTable$qqrv
@Madbasic_@@PackageLoad$qqrv
@Madbasic_@@PackageUnload$qqrv
@Madbasic_@initialization$qqrv
@Madcrypt@Decode$qqrpvi
@Madcrypt@Decode$qqrx27System@%AnsiStringT$us$i0$%
@Madcrypt@DecodeA
@Madcrypt@DecodeW$qqrpvi
@Madcrypt@DecodeW$qqrx27System@%AnsiStringT$us$i0$%
@Madcrypt@Decrypt$qqrpvuix27System@%AnsiStringT$us$i0$%j
@Madcrypt@Decrypt$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%j
@Madcrypt@Decrypt$qqrr27System@%AnsiStringT$us$i0$%x27System@%AnsiStringT$us$i0$%j
@Madcrypt@DecryptA
@Madcrypt@DecryptW
@Madcrypt@Encode$qqrpvi
@Madcrypt@Encode$qqrx20System@UnicodeString
@Madcrypt@Encode$qqrx27System@%AnsiStringT$us$i0$%
@Madcrypt@EncodeA
@Madcrypt@EncodeW
@Madcrypt@Encrypt$qqrpvuix27System@%AnsiStringT$us$i0$%j
@Madcrypt@Encrypt$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%j
@Madcrypt@Encrypt$qqrr27System@%AnsiStringT$us$i0$%x27System@%AnsiStringT$us$i0$%j
@Madcrypt@EncryptA
@Madcrypt@EncryptW
@Madcrypt@Finalization$qqrv
@Madcrypt@OldDecrypt$qqrpvuix27System@%AnsiStringT$us$i0$%
@Madcrypt@OldDecrypt$qqrr27System@%AnsiStringT$us$i0$%x27System@%AnsiStringT$us$i0$%
@Madcrypt@OldEncrypt$qqrpvuix27System@%AnsiStringT$us$i0$%
@Madcrypt@OldEncrypt$qqrr27System@%AnsiStringT$us$i0$%x27System@%AnsiStringT$us$i0$%
@Madcrypt@initialization$qqrv
@Madgraphics@AlphaBlend$qqrp16Graphics@TBitmapt1t1ui
@Madgraphics@AlphaBlend$qqrp16Graphics@TBitmapt1uit1ii
@Madgraphics@Draw$qqrp16Graphics@TBitmapt1t1iiii24Madgraphics@TGrayPercentui27Madgraphics@TStretchQuality
@Madgraphics@Draw$qqruiuip16Graphics@TBitmapiiii24Madgraphics@TGrayPercentui27Madgraphics@TStretchQuality
@Madgraphics@Finalization$qqrv
@Madgraphics@GrayScale$qqrp16Graphics@TBitmap24Madgraphics@TGrayPercent
@Madgraphics@StretchBitmap$qqrp16Graphics@TBitmapt1ii27Madgraphics@TStretchQuality
@Madgraphics@StretchBitmap$qqrp16Graphics@TBitmapt1t1t127Madgraphics@TStretchQuality
@Madgraphics@initialization$qqrv
@Madlists@Finalization$qqrv
@Madlists@NewBasicList$qqrpx43System@%DelphiInterface$t15Madbasic@IBasic%xi
@Madlists@NewBasicList$qqrv
@Madlists@NewInterfaceList$qqrpx45System@%DelphiInterface$t17System@IInterface%xi
@Madlists@NewInterfaceList$qqrv
@Madlists@NewPointerList$qqrpxpvxipqqrrpv$v
@Madlists@NewPointerList$qqrv
@Madlists@initialization$qqrv
@Madres@BeginUpdateResourceExW$qqsuip9_FILETIMEi
@Madres@BeginUpdateResourceW$qqspbi
@Madres@DeleteIconGroupResourceW$qqsuipbus
@Madres@DontShrinkResourceSection
@Madres@EndUpdateResourceW$qqsuii
@Madres@Finalization$qqrv
@Madres@GetIconGroupResourceW$qqsuipbusrp17Madres@TIconGroup
@Madres@GetResourceW$qqsuipbt2usrpvrui
@Madres@LoadBitmapResourceW$qqsuipbust2
@Madres@LoadIconGroupResourceW$qqsuipbust2
@Madres@SaveBitmapResourceW$qqsuipbust2
@Madres@SaveIconGroupResourceW$qqsuipbust2
@Madres@UpdateResourceW$qqsuipbt2uspvui
@Madres@initialization$qqrv
@Madstrings@AnsiToWideEx$qqrx27System@%AnsiStringT$us$i0$%o
@Madstrings@BooleanToChar$qqro
@Madstrings@BooleanToCharA
@Madstrings@BooleanToCharW$qqro
@Madstrings@CNtDll
@Madstrings@CompareStr$qqrx20System@UnicodeStringt1
@Madstrings@CompareStr$qqrx27System@%AnsiStringT$us$i0$%t1
@Madstrings@CompareStrA
@Madstrings@CompareStrW
@Madstrings@CompareText$qqrx20System@UnicodeStringt1
@Madstrings@CompareText$qqrx27System@%AnsiStringT$us$i0$%t1
@Madstrings@CompareTextA
@Madstrings@CompareTextW
@Madstrings@CopyR$qqrx20System@UnicodeStringui
@Madstrings@CopyR$qqrx27System@%AnsiStringT$us$i0$%ui
@Madstrings@CopyRA
@Madstrings@CopyRW
@Madstrings@DecodeUtf8$qqrx27System@%AnsiStringT$us$i0$%
@Madstrings@DecryptStr$qqrx27System@%AnsiStringT$us$i0$%
@Madstrings@DeleteR$qqrr20System@UnicodeStringui
@Madstrings@DeleteR$qqrr27System@%AnsiStringT$us$i0$%ui
@Madstrings@DeleteRA
@Madstrings@DeleteRW
@Madstrings@EncodeUtf8$qqrx20System@UnicodeString
@Madstrings@ErrorCodeToStr$qqrui
@Madstrings@ErrorCodeToStrA
@Madstrings@ErrorCodeToStrW$qqrui
@Madstrings@ExtractFileDriveW$qqrx20System@UnicodeString
@Madstrings@ExtractFileExtW$qqrx20System@UnicodeString
@Madstrings@ExtractFileNameW$qqrx20System@UnicodeString
@Madstrings@ExtractFilePathW$qqrx20System@UnicodeString
@Madstrings@FileMatch$qqrx20System@UnicodeStringt1
@Madstrings@FileMatch$qqrx27System@%AnsiStringT$us$i0$%t1
@Madstrings@FileMatchA
@Madstrings@FileMatchW
@Madstrings@FillStr$qqrx20System@UnicodeStringib
@Madstrings@FillStr$qqrx27System@%AnsiStringT$us$i0$%ic
@Madstrings@FillStrA
@Madstrings@FillStrW
@Madstrings@Finalization$qqrv
@Madstrings@FormatSubStrs$qqrr20System@UnicodeStringc
@Madstrings@FormatSubStrs$qqrr27System@%AnsiStringT$us$i0$%c
@Madstrings@FormatSubStrsA
@Madstrings@FormatSubStrsW
@Madstrings@IntToHexEx$qqriic
@Madstrings@IntToHexEx$qqrjic
@Madstrings@IntToHexEx$qqruiic
@Madstrings@IntToHexExA$qqriic
@Madstrings@IntToHexExA$qqrjic
@Madstrings@IntToHexExA$qqruiic
@Madstrings@IntToHexExW$qqriib
@Madstrings@IntToHexExW$qqrjib
@Madstrings@IntToHexExW$qqruiib
@Madstrings@IntToStrEx$qqriic
@Madstrings@IntToStrEx$qqrjic
@Madstrings@IntToStrEx$qqruiic
@Madstrings@IntToStrExA$qqriic
@Madstrings@IntToStrExA$qqrjic
@Madstrings@IntToStrExA$qqruiic
@Madstrings@IntToStrExW$qqriib
@Madstrings@IntToStrExW$qqrjib
@Madstrings@IntToStrExW$qqruiib
@Madstrings@InternalStrMatchW$qqrx20System@UnicodeStringt1o
@Madstrings@IsTextEqual$qqrx20System@UnicodeStringt1
@Madstrings@IsTextEqual$qqrx27System@%AnsiStringT$us$i0$%t1
@Madstrings@IsTextEqualA
@Madstrings@IsTextEqualW
@Madstrings@IsValidIdentW$qqrx20System@UnicodeStringo
@Madstrings@Keep$qqrr20System@UnicodeStringuiui
@Madstrings@Keep$qqrr27System@%AnsiStringT$us$i0$%uiui
@Madstrings@KeepA
@Madstrings@KeepR$qqrr20System@UnicodeStringui
@Madstrings@KeepR$qqrr27System@%AnsiStringT$us$i0$%ui
@Madstrings@KeepRA
@Madstrings@KeepRW
@Madstrings@KeepW
@Madstrings@KillChar$qqrr20System@UnicodeStringb
@Madstrings@KillChar$qqrr27System@%AnsiStringT$us$i0$%c
@Madstrings@KillCharA
@Madstrings@KillCharW
@Madstrings@KillChars$qqrr20System@UnicodeStringrx29System@%Set$tc$iuc$0$iuc$255%
@Madstrings@KillChars$qqrr27System@%AnsiStringT$us$i0$%rx29System@%Set$tc$iuc$0$iuc$255%
@Madstrings@KillCharsA
@Madstrings@KillCharsW
@Madstrings@KillStr$qqrr20System@UnicodeStringx20System@UnicodeString
@Madstrings@KillStr$qqrr27System@%AnsiStringT$us$i0$%x27System@%AnsiStringT$us$i0$%
@Madstrings@KillStrA
@Madstrings@KillStrW
@Madstrings@LowChar$qqrxb
@Madstrings@LowChar$qqrxc
@Madstrings@LowCharA
@Madstrings@LowCharW
@Madstrings@LowStr$qqrx20System@UnicodeString
@Madstrings@LowStr$qqrx27System@%AnsiStringT$us$i0$%
@Madstrings@LowStrA
@Madstrings@LowStrW
@Madstrings@MsToStr$qqrui
@Madstrings@MsToStrA
@Madstrings@MsToStrW$qqrui
@Madstrings@PosChars$qqrrx29System@%Set$tc$iuc$0$iuc$255%x20System@UnicodeStringuiui
@Madstrings@PosChars$qqrrx29System@%Set$tc$iuc$0$iuc$255%x27System@%AnsiStringT$us$i0$%uiui
@Madstrings@PosCharsA
@Madstrings@PosCharsW
@Madstrings@PosNotCharsW$qqrrx29System@%Set$tc$iuc$0$iuc$255%x20System@UnicodeStringuiui
@Madstrings@PosPChar$qqrpbt1uiuiouiui
@Madstrings@PosPChar$qqrpct1uiuiouiui
@Madstrings@PosPCharA
@Madstrings@PosPCharW
@Madstrings@PosStr$qqrx20System@UnicodeStringt1uiui
@Madstrings@PosStr$qqrx27System@%AnsiStringT$us$i0$%t1uiui
@Madstrings@PosStrA
@Madstrings@PosStrIs1$qqrx20System@UnicodeStringt1
@Madstrings@PosStrIs1$qqrx27System@%AnsiStringT$us$i0$%t1
@Madstrings@PosStrIs1A
@Madstrings@PosStrIs1W
@Madstrings@PosStrW
@Madstrings@PosText$qqrx20System@UnicodeStringt1uiui
@Madstrings@PosText$qqrx27System@%AnsiStringT$us$i0$%t1uiui
@Madstrings@PosTextA
@Madstrings@PosTextIs1$qqrx20System@UnicodeStringt1
@Madstrings@PosTextIs1$qqrx27System@%AnsiStringT$us$i0$%t1
@Madstrings@PosTextIs1A
@Madstrings@PosTextIs1W
@Madstrings@PosTextW
@Madstrings@ReplaceStr$qqrr20System@UnicodeStringx20System@UnicodeStringt2o
@Madstrings@ReplaceStr$qqrr27System@%AnsiStringT$us$i0$%x27System@%AnsiStringT$us$i0$%t2o
@Madstrings@ReplaceStrA
@Madstrings@ReplaceStrW
@Madstrings@ReplaceText$qqrr20System@UnicodeStringx20System@UnicodeStringt2o
@Madstrings@ReplaceText$qqrr27System@%AnsiStringT$us$i0$%x27System@%AnsiStringT$us$i0$%t2o
@Madstrings@ReplaceTextA
@Madstrings@ReplaceTextW
@Madstrings@RetDelete$qqrx20System@UnicodeStringuiui
@Madstrings@RetDelete$qqrx27System@%AnsiStringT$us$i0$%uiui
@Madstrings@RetDeleteA
@Madstrings@RetDeleteR$qqrx20System@UnicodeStringui
@Madstrings@RetDeleteR$qqrx27System@%AnsiStringT$us$i0$%ui
@Madstrings@RetDeleteRA
@Madstrings@RetDeleteRW
@Madstrings@RetDeleteW
@Madstrings@RetTrimStr$qqrx20System@UnicodeString
@Madstrings@RetTrimStr$qqrx27System@%AnsiStringT$us$i0$%
@Madstrings@RetTrimStrA
@Madstrings@RetTrimStrW
@Madstrings@SizeToStr$qqrj
@Madstrings@SizeToStrA
@Madstrings@SizeToStrW$qqrj
@Madstrings@StrMatch$qqrx20System@UnicodeStringt1
@Madstrings@StrMatch$qqrx27System@%AnsiStringT$us$i0$%t1
@Madstrings@StrMatchA
@Madstrings@StrMatchEx$qqrx27System@%AnsiStringT$us$i0$%t1
@Madstrings@StrMatchExA
@Madstrings@StrMatchW
@Madstrings@StrToIntEx$qqropbi
@Madstrings@StrToIntEx$qqropci
@Madstrings@StrToIntExA
@Madstrings@StrToIntExW
@Madstrings@SubStr$qqrx20System@UnicodeStringuic
@Madstrings@SubStr$qqrx27System@%AnsiStringT$us$i0$%uic
@Madstrings@SubStrA
@Madstrings@SubStrCount$qqrx20System@UnicodeStringc
@Madstrings@SubStrCount$qqrx27System@%AnsiStringT$us$i0$%c
@Madstrings@SubStrCountA
@Madstrings@SubStrCountW
@Madstrings@SubStrExists$qqrx20System@UnicodeStringt1c
@Madstrings@SubStrExists$qqrx27System@%AnsiStringT$us$i0$%t1c
@Madstrings@SubStrExistsA
@Madstrings@SubStrExistsW
@Madstrings@SubStrW
@Madstrings@SubTextExists$qqrx20System@UnicodeStringt1c
@Madstrings@SubTextExists$qqrx27System@%AnsiStringT$us$i0$%t1c
@Madstrings@SubTextExistsA
@Madstrings@SubTextExistsW
@Madstrings@TextMatch$qqrx20System@UnicodeStringt1
@Madstrings@TextMatch$qqrx27System@%AnsiStringT$us$i0$%t1
@Madstrings@TextMatchA
@Madstrings@TextMatchEx$qqrx27System@%AnsiStringT$us$i0$%t1
@Madstrings@TextMatchExA
@Madstrings@TextMatchW
@Madstrings@TrimStr$qqrr20System@UnicodeString
@Madstrings@TrimStr$qqrr27System@%AnsiStringT$us$i0$%
@Madstrings@TrimStrA
@Madstrings@TrimStrW
@Madstrings@UpChar$qqrxb
@Madstrings@UpChar$qqrxc
@Madstrings@UpCharA
@Madstrings@UpCharW
@Madstrings@UpStr$qqrx20System@UnicodeString
@Madstrings@UpStr$qqrx27System@%AnsiStringT$us$i0$%
@Madstrings@UpStrA
@Madstrings@UpStrW
@Madstrings@WideToAnsiEx$qqrpb
@Madstrings@initialization$qqrv
@Madtools@AddMsgHandler$qqrpqqrp6HWND__uiiiri$vuiui
@Madtools@AddMsgHandler$qqrynpqqrp6HWND__uiiiri$vuiui
@Madtools@COsDescr
@Madtools@CheckProcAddress
@Madtools@DelMsgHandler$qqrpqqrp6HWND__uiiiri$vuiui
@Madtools@DelMsgHandler$qqrynpqqrp6HWND__uiiiri$vuiui
@Madtools@FileVersionToStr$qqrj
@Madtools@FileVersionToStrA
@Madtools@FileVersionToStrW$qqrj
@Madtools@Finalization$qqrv
@Madtools@FindModule$qqrpvruir20System@UnicodeString
@Madtools@FindModule$qqrpvruir27System@%AnsiStringT$us$i0$%
@Madtools@FindModuleA
@Madtools@FindModuleW
@Madtools@GetFileVersion$qqrx20System@UnicodeString
@Madtools@GetFileVersion$qqrx27System@%AnsiStringT$us$i0$%
@Madtools@GetFileVersionA
@Madtools@GetFileVersionStr$qqrx20System@UnicodeString
@Madtools@GetFileVersionStr$qqrx27System@%AnsiStringT$us$i0$%
@Madtools@GetFileVersionStrA
@Madtools@GetFileVersionStrW
@Madtools@GetFileVersionW
@Madtools@GetFreeSystemResources$qqrus
@Madtools@GetImageExportDirectory$qqrui
@Madtools@GetImageImportDirectory$qqrui
@Madtools@GetImageNtHeaders$qqrui
@Madtools@GetImageProcAddress$qqruii
@Madtools@GetImageProcAddress$qqruix27System@%AnsiStringT$us$i0$%o
@Madtools@GetImageProcName$qqruipvo
@Madtools@GetImageProcNameA
@Madtools@GetImageProcNameW$qqruipvo
@Madtools@GetLongFileName$qqr20System@UnicodeString
@Madtools@GetLongFileName$qqr27System@%AnsiStringT$us$i0$%
@Madtools@GetLongFileNameA
@Madtools@GetLongFileNameW
@Madtools@GetShortFileName$qqr20System@UnicodeString
@Madtools@GetShortFileName$qqr27System@%AnsiStringT$us$i0$%
@Madtools@GetShortFileNameA
@Madtools@GetShortFileNameW
@Madtools@GetSizeOfImage$qqrp17_IMAGE_NT_HEADERS
@Madtools@HideLeak_
@Madtools@InitTryExceptFinally$qqrv
@Madtools@Is64bitModule$qqspb
@Madtools@IsBadReadPtr2$qqrpvui
@Madtools@IsBadWritePtr2$qqrpvui
@Madtools@IsWine
@Madtools@MethodToProcedure$qqrp14System@TObjectpvi
@Madtools@MethodToProcedure$qqrrx16Madtypes@TMethodi
@Madtools@MsgHandlerWindow$qqrui
@Madtools@NeedModuleFileMap$qqrui
@Madtools@NeedModuleFileMapEx
@Madtools@OS$qqrv
@Madtools@ProcedureToMethod$qqrp14System@TObjectpv
@Madtools@ResToStr$qqruipbx20System@UnicodeString
@Madtools@TickDif$qqrui
@Madtools@UnmangleA$qqrr27System@%AnsiStringT$us$i0$%t1
@Madtools@UnmangleW$qqrr20System@UnicodeStringt1
@Madtools@VirtualToRaw$qqrp17_IMAGE_NT_HEADERSui
@Madtools@initialization$qqrv
@Madtypes@Finalization$qqrv
@Madtypes@MadException@
@Madtypes@MadException@$bdtr$qqrv
@Madtypes@MadException@CleanUpStackInfoProc
@Madtypes@MadException@Create$qqrx20System@UnicodeString
@Madtypes@initialization$qqrv
@Madzip@Compress$qqrpvt1ii
@Madzip@Compress$qqrx20System@UnicodeStringt1o
@Madzip@Compress$qqrx27System@%AnsiStringT$us$i0$%o
@Madzip@Finalization$qqrv
@Madzip@GetCompressedFileInfo$qqrx20System@UnicodeStringrjrui
@Madzip@GetUncompressedFileInfo$qqrx20System@UnicodeStringrjrui
@Madzip@IsCompressedFileEqual$qqrx20System@UnicodeStringt1
@Madzip@Uncompress$qqrpvt1ii
@Madzip@Uncompress$qqrx20System@UnicodeStringt1jui
@Madzip@Uncompress$qqrx27System@%AnsiStringT$us$i0$%
@Madzip@UpdateCrc32$qqruipxvi
@Madzip@Zip$qqrx20System@UnicodeStringpx20System@UnicodeStringxix45System@%DynamicArray$t20System@UnicodeString%
@Madzip@initialization$qqrv
Finalize
Initialize

Sections

.text
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 35KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 34B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
maddisAsm_.bpl
.dll windows:5 windows x86 arch:x86

22531f752b354d949452fbdf15d6da72

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5c:d0:50:29:20:c2:7e:ea:ec:2a:18:4d:04:52:e5:3a
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16/01/2018, 00:00

Not After

30/03/2021, 23:59

Subject

CN=IObit Information Technology,O=IObit Information Technology,L=Chengdu,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5c:d0:50:29:20:c2:7e:ea:ec:2a:18:4d:04:52:e5:3a
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16/01/2018, 00:00

Not After

30/03/2021, 23:59

Subject

CN=IObit Information Technology,O=IObit Information Technology,L=Chengdu,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

97:54:65:bc:6d:2d:fe:cd:12:15:a8:43:26:3e:63:d6:0e:1b:86:0f:3b:97:8e:c8:5f:ff:f5:fa:00:3e:4e:f3
Signer

Actual PE Digest

97:54:65:bc:6d:2d:fe:cd:12:15:a8:43:26:3e:63:d6:0e:1b:86:0f:3b:97:8e:c8:5f:ff:f5:fa:00:3e:4e:f3

Digest Algorithm

sha256

PE Digest Matches

true

86:63:ac:7d:5b:62:b0:c2:2d:7d:9a:db:47:eb:76:77:23:b6:90:72
Signer

Actual PE Digest

86:63:ac:7d:5b:62:b0:c2:2d:7d:9a:db:47:eb:76:77:23:b6:90:72

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

rtl120.bpl

@System@initialization$qqrv
@System@Finalization$qqrv
@System@UnregisterModule$qqrp17System@TLibModule
@System@RegisterModule$qqrp17System@TLibModule
@System@@DynArrayClear$qqrrpvpv
@System@@DynArraySetLength$qqrv
@System@@DynArrayHigh$qqrv
@System@@DynArrayLength$qqrv
@System@@Dispose$qqrpvt1
@System@@New$qqripv
@System@@CopyRecord$qqrv
@System@@Finalize$qqrpvt1
@System@@FinalizeRecord$qqrpvt1
@System@@UStrLen$qqrx20System@UnicodeString
@System@@LStrFromUStr$qqrr27System@%AnsiStringT$us$i0$%x20System@UnicodeStringus
@System@@UStrArrayClr$qqrpvi
@System@@UStrClr$qqrpv
@System@@LStrSetLength$qqrv
@System@@LStrInsert$qqrv
@System@@LStrDelete$qqrv
@System@@UniqueStringA$qqrr27System@%AnsiStringT$us$i0$%
@System@@LStrToPChar$qqrx27System@%AnsiStringT$us$i0$%
@System@@LStrAddRef$qqrpv
@System@@LStrCatN$qqrv
@System@@LStrCat3$qqrv
@System@@LStrCat$qqrv
@System@@PCharLen$qqrpc
@System@@LStrLen$qqrx27System@%AnsiStringT$us$i0$%
@System@@LStrFromString$qqrr27System@%AnsiStringT$us$i0$%rx28System@%SmallString$iuc$255%us
@System@@LStrFromPWChar$qqrr27System@%AnsiStringT$us$i0$%pbus
@System@@LStrFromPChar$qqrr27System@%AnsiStringT$us$i0$%pcus
@System@@EnsureAnsiString$qqrr27System@%AnsiStringT$us$i0$%us
@System@@LStrFromPCharLen$qqrr27System@%AnsiStringT$us$i0$%pcius
@System@@LStrLAsg$qqrpvpxv
@System@@LStrAsg$qqrpvpxv
@System@@LStrArrayClr$qqrpvi
@System@@LStrClr$qqrpv
@System@@RunError$qqruc
@System@@Halt0$qqrv
@System@@PackageUnload$qqrpx23System@PackageInfoTablep17System@TLibModule
@System@@PackageLoad$qqrpx23System@PackageInfoTablep17System@TLibModule
@System@@DoneExcept$qqrv
@System@@HandleAutoException$qqrv
@System@@HandleFinally$qqrv
@System@@HandleOnException$qqrv
@System@@HandleAnyException$qqrv
@System@TObject@ClassName$qqrv
@System@@_CToPasStr$qqrp28System@%SmallString$iuc$255%pxc
@System@@FillChar$qqrpvib
@System@Move$qqrpxvpvi
@$xp$17System@AnsiString
@$xp$7Integer

kernel32

TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
FreeLibrary
VirtualQuery
VirtualProtect
GetVersion
GetProcAddress
GetModuleHandleA
GetModuleHandleW
GetModuleFileNameA
GetCurrentThreadId
GetCurrentProcessId
FreeLibrary

madbasic_.bpl

@Madtools@initialization$qqrv
@Madtools@Finalization$qqrv
@Madtools@GetImageProcName$qqruipvo
@Madtools@GetImageProcAddress$qqruix27System@%AnsiStringT$us$i0$%o
@Madtools@GetSizeOfImage$qqrp17_IMAGE_NT_HEADERS
@Madtools@GetImageNtHeaders$qqrui
@Madtools@FindModule$qqrpvruir27System@%AnsiStringT$us$i0$%
@Madtools@FindModuleA
@Madstrings@initialization$qqrv
@Madstrings@Finalization$qqrv
@Madstrings@AnsiToWideEx$qqrx27System@%AnsiStringT$us$i0$%o
@Madstrings@DecryptStr$qqrx27System@%AnsiStringT$us$i0$%
@Madstrings@IntToHexExA$qqrjic
@Madstrings@IntToHexExA$qqruiic
@Madstrings@IntToStrExA$qqrjic
@Madstrings@IntToStrExA$qqruiic
@Madstrings@IntToHexExA$qqriic
@Madstrings@IntToStrExA$qqriic
@Madstrings@CNtDll
@Madstrings@ErrorCodeToStrA
@Madstrings@SubStrA
@Madstrings@SubStrCountA
@Madstrings@FillStrA
@Madstrings@PosStrA
@Madstrings@ReplaceStrA

Exports

Exports

@$xp$23Maddisasm@TFunctionInfo
@$xp$27Maddisasm@_TFunctionInfo@_1
@$xp$27Maddisasm@_TFunctionInfo@_2
@$xp$27Maddisasm@_TFunctionInfo@_3
@$xp$27Maddisasm@_TFunctionInfo@_4
@GetPackageInfoTable
@Maddisasm@BcbInitExceptBlockLDTC
@Maddisasm@CErrorStr_BadFunction
@Maddisasm@CErrorStr_CodeNotInterceptable
@Maddisasm@CErrorStr_DoubleHook
@Maddisasm@CErrorStr_InvalidCode
@Maddisasm@CErrorStr_UnknownTarget
@Maddisasm@CKernel32
@Maddisasm@CKernelbase
@Maddisasm@CReadProcessMemory
@Maddisasm@CWriteProcessMemory
@Maddisasm@EndTryRead$qqrui
@Maddisasm@Finalization$qqrv
@Maddisasm@GetExportDirectory$qqrpvruirp30Madtools@TImageExportDirectory
@Maddisasm@GetLineNumber
@Maddisasm@GetProcNameFromMapFile
@Maddisasm@IsBadReadPtrEx$qqrpvuiui
@Maddisasm@KernelProc$qqrx27System@%AnsiStringT$us$i0$%o
@Maddisasm@Magic$qqrv
@Maddisasm@Magic95$qqrv
@Maddisasm@NtProc$qqrx27System@%AnsiStringT$us$i0$%o
@Maddisasm@ParseCode$qqrpv
@Maddisasm@ParseCode$qqrpvr27System@%AnsiStringT$us$i0$%
@Maddisasm@ParseCode_$qqrpvui
@Maddisasm@ParseFunction$qqrpv
@Maddisasm@ParseFunction$qqrpvr27System@%AnsiStringT$us$i0$%
@Maddisasm@ParseFunctionEx$qqrpvr27System@%AnsiStringT$us$i0$%t1io
@Maddisasm@ParseFunction_$qqrpvuit1t1t1t1t1
@Maddisasm@SolveW9xDebugMode$qqrpv
@Maddisasm@StartTryRead$qqrv
@Maddisasm@TryRead$qqrpvt1uiui
@Maddisasm@TryWrite$qqrpvt1ui
@Maddisasm@initialization$qqrv
@Maddisasm@kernel32handle$qqrv
@Maddisasm@ntdllhandle$qqrv
@Maddisasm_@@GetPackageInfoTable$qqrv
@Maddisasm_@@PackageLoad$qqrv
@Maddisasm_@@PackageUnload$qqrv
@Maddisasm_@initialization$qqrv
Finalize
Initialize

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 28B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 35B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
madexcept_.bpl
.dll windows:5 windows x86 arch:x86

2a873ab64f922b5d3d6841d9d0c267c9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5c:d0:50:29:20:c2:7e:ea:ec:2a:18:4d:04:52:e5:3a
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16/01/2018, 00:00

Not After

30/03/2021, 23:59

Subject

CN=IObit Information Technology,O=IObit Information Technology,L=Chengdu,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5c:d0:50:29:20:c2:7e:ea:ec:2a:18:4d:04:52:e5:3a
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16/01/2018, 00:00

Not After

30/03/2021, 23:59

Subject

CN=IObit Information Technology,O=IObit Information Technology,L=Chengdu,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:4b:76:4e:2b:41:cb:1b:95:70:54:99:38:8d:f2:a8:cc:5c:4d:40:25:65:05:6f:f0:03:9d:90:17:ce:d8:12
Signer

Actual PE Digest

11:4b:76:4e:2b:41:cb:1b:95:70:54:99:38:8d:f2:a8:cc:5c:4d:40:25:65:05:6f:f0:03:9d:90:17:ce:d8:12

Digest Algorithm

sha256

PE Digest Matches

true

51:74:ae:ed:65:ef:35:43:6d:9a:4d:f2:bf:a2:f3:d7:2c:39:12:67
Signer

Actual PE Digest

51:74:ae:ed:65:ef:35:43:6d:9a:4d:f2:bf:a2:f3:d7:2c:39:12:67

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

rtl120.bpl

@System@initialization$qqrv
@System@Finalization$qqrv
@System@LoadResString$qqrp20System@TResStringRec
@System@FreeMemory$qpv
@System@TInterfacedObject@_Release$qqsv
@System@TInterfacedObject@_AddRef$qqsv
@System@TInterfacedObject@QueryInterface$qqsrx5_GUIDpv
@System@TInterfacedObject@NewInstance$qqrv
@System@TInterfacedObject@BeforeDestruction$qqrv
@System@TInterfacedObject@AfterConstruction$qqrv
@System@@IntfAddRef$qqrx45System@%DelphiInterface$t17System@IInterface%
@System@@IntfCast$qqrr45System@%DelphiInterface$t17System@IInterface%x45System@%DelphiInterface$t17System@IInterface%rx5_GUID
@System@@IntfCopy$qqrr45System@%DelphiInterface$t17System@IInterface%x45System@%DelphiInterface$t17System@IInterface%
@System@@IntfClear$qqrr45System@%DelphiInterface$t17System@IInterface%
@System@UnregisterModule$qqrp17System@TLibModule
@System@RegisterModule$qqrp17System@TLibModule
@System@FindResourceHInstance$qqrui
@System@@DynArrayAddRef$qqrv
@System@@DynArrayAsg$qqrv
@System@@DynArrayClear$qqrrpvpv
@System@@DynArrayCopyRange$qqrpvt1iirpv
@System@@DynArrayCopy$qqrpvt1rpv
@System@@DynArraySetLength$qqrv
@System@@DynArrayHigh$qqrv
@System@@DynArrayLength$qqrv
@System@@_llshl$qqrv
@System@@_llmod$qqrv
@System@@_lldiv$qqrv
@System@@_llmul$qqrv
@System@@CopyRecord$qqrv
@System@@Finalize$qqrpvt1
@System@@FinalizeArray$qqrpvt1ui
@System@@FinalizeRecord$qqrpvt1
@System@@InitializeRecord$qqrpvt1
@System@@UniqueStringU$qqrr20System@UnicodeString
@System@@Write0UString$qqrr15System@TTextRecx20System@UnicodeString
@System@@UStrInsert$qqrx20System@UnicodeStringr20System@UnicodeStringi
@System@@UStrDelete$qqrr20System@UnicodeStringii
@System@@UStrCopy$qqrx20System@UnicodeStringii
@System@@UStrEqual$qqrv
@System@@UStrCatN$qqrv
@System@@UStrCat3$qqrr20System@UnicodeStringx20System@UnicodeStringt2
@System@@UStrCat$qqrr20System@UnicodeStringx20System@UnicodeString
@System@@UStrSetLength$qqrr20System@UnicodeStringi
@System@@UStrLen$qqrx20System@UnicodeString
@System@@UStrFromString$qqrr20System@UnicodeStringrx28System@%SmallString$iuc$255%
@System@@WStrFromUStr$qqrr17System@WideStringx20System@UnicodeString
@System@@UStrFromWStr$qqrr20System@UnicodeStringx17System@WideString
@System@@LStrFromUStr$qqrr27System@%AnsiStringT$us$i0$%x20System@UnicodeStringus
@System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%
@System@@UStrFromWArray$qqrr20System@UnicodeStringpbi
@System@@UStrFromArray$qqrr20System@UnicodeStringpci
@System@@UStrFromPWChar$qqrr20System@UnicodeStringpb
@System@@UStrFromWChar$qqrr20System@UnicodeStringb
@System@@UStrFromPWCharLen$qqrr20System@UnicodeStringpbi
@System@@UStrToPWChar$qqrx20System@UnicodeString
@System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString
@System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString
@System@@UStrArrayClr$qqrpvi
@System@@UStrClr$qqrpv
@System@@UStrAddRef$qqrpv
@System@@WStrClr$qqrpv
@System@@Write0LString$qqrr15System@TTextRecx27System@%AnsiStringT$us$i0$%
@System@@LStrSetLength$qqrv
@System@@LStrInsert$qqrv
@System@@LStrDelete$qqrv
@System@@LStrCopy$qqrv
@System@@UniqueStringA$qqrr27System@%AnsiStringT$us$i0$%
@System@@LStrToPChar$qqrx27System@%AnsiStringT$us$i0$%
@System@@LStrAddRef$qqrpv
@System@@LStrEqual$qqrv
@System@@LStrCatN$qqrv
@System@@LStrCat3$qqrv
@System@@LStrCat$qqrv
@System@@PCharLen$qqrpc
@System@@LStrLen$qqrx27System@%AnsiStringT$us$i0$%
@System@@LStrFromArray$qqrr27System@%AnsiStringT$us$i0$%pcius
@System@@LStrFromString$qqrr27System@%AnsiStringT$us$i0$%rx28System@%SmallString$iuc$255%us
@System@@LStrFromPWChar$qqrr27System@%AnsiStringT$us$i0$%pbus
@System@@LStrFromPChar$qqrr27System@%AnsiStringT$us$i0$%pcus
@System@@LStrFromChar$qqrr27System@%AnsiStringT$us$i0$%cus
@System@@EnsureAnsiString$qqrr27System@%AnsiStringT$us$i0$%us
@System@@EnsureUnicodeString$qqrr20System@UnicodeString
@System@@LStrFromPCharLen$qqrr27System@%AnsiStringT$us$i0$%pcius
@System@@LStrLAsg$qqrpvpxv
@System@@LStrAsg$qqrpvpxv
@System@@LStrArrayClr$qqrpvi
@System@@LStrClr$qqrpv
@System@BeginThread$qqrpvuipqqrpv$it1uirui
@System@@RunError$qqruc
@System@@Halt$qqri
@System@@Halt0$qqrv
@System@@PackageUnload$qqrpx23System@PackageInfoTablep17System@TLibModule
@System@@PackageLoad$qqrpx23System@PackageInfoTablep17System@TLibModule
@System@@TryFinallyExit$qqrv
@System@@DoneExcept$qqrv
@System@@RaiseAgain$qqrv
@System@@RaiseExcept$qqrv
@System@@HandleAutoException$qqrv
@System@@HandleFinally$qqrv
@System@@HandleOnException$qqrv
@System@@HandleAnyException$qqrv
@System@@BeforeDestruction$qqrp14System@TObjectzc
@System@@AfterConstruction$qqrp14System@TObject
@System@@ClassDestroy$qqrp14System@TObject
@System@@ClassCreate$qqrp17System@TMetaClasso
@System@TObject@Dispatch$qqrpv
@System@TObject@BeforeDestruction$qqrv
@System@TObject@AfterConstruction$qqrv
@System@TObject@DefaultHandler$qqrpv
@System@TObject@ToString$qqrv
@System@TObject@SafeCallException$qqrp14System@TObjectpv
@System@TObject@ClassInfo$qqrv
@System@@IsClass$qqrp14System@TObjectp17System@TMetaClass
@System@TObject@GetHashCode$qqrv
@System@TObject@Equals$qqrp14System@TObject
@System@TObject@Free$qqrv
@System@TObject@$bdtr$qqrv
@System@TObject@$bctr$qqrv
@System@TObject@InstanceSize$qqrv
@System@TObject@FreeInstance$qqrv
@System@TObject@NewInstance$qqrv
@System@TObject@ClassName$qqrv
@System@TObject@ClassType$qqrv
@System@@WriteLn$qqrr15System@TTextRec
@System@@FillChar$qqrpvib
@System@@ROUND$qqrv
@System@Get8087CW$qqrv
@System@Set8087CW$qqrus
@System@ParamCount$qqrv
@System@Move$qqrpxvpvi
@System@@_IOTest$qqrv
@System@RaiseList$qqrv
@System@AcquireExceptionObject$qqrv
@System@ExceptObject$qqrv
@System@GetMemoryManager$qqrr23System@TMemoryManagerEx
@System@GetMemoryManager$qqrr21System@TMemoryManager
@System@@ReallocMem$qqrrpvi
@System@@FreeMem$qqrpv
@System@@GetMem$qqri
@System@DebugHook
@System@Output
@System@IsMultiThread
@System@IsConsole
@System@ErrorAddr
@System@IsLibrary
@System@MainThreadID
@System@RaiseExceptionProc
@System@ExceptObjProc
@System@TInterfacedObject@
@$xp$17System@IInterface
@$xp$14System@TObject
@System@TObject@
@$xp$17System@AnsiString
@$xp$13System@string
@$xp$8Cardinal
@$xp$7Integer
@$xp$7Boolean
@Activex@Succeeded$qqrl
@Sysconst@_SModuleAccessViolation
@Sysconst@_SExternalException
@Sysconst@_SWriteAccess
@Sysconst@_SReadAccess
@Sysconst@_SPrivilege
@Sysconst@_SControlC
@Sysconst@_SStackOverflow
@Sysconst@_SUnderflow
@Sysconst@_SOverflow
@Sysconst@_SZeroDivide
@Sysconst@_SInvalidOp
@Sysconst@_SIntOverflow
@Sysconst@_SRangeError
@Sysconst@_SDivByZero
@Typinfo@initialization$qqrv
@Typinfo@Finalization$qqrv
@Typinfo@GetInt64Prop$qqrp14System@TObjectp17Typinfo@TPropInfo
@Typinfo@GetVariantProp$qqrp14System@TObjectp17Typinfo@TPropInfo
@Typinfo@GetFloatProp$qqrp14System@TObjectp17Typinfo@TPropInfo
@Typinfo@GetUnicodeStrProp$qqrp14System@TObjectp17Typinfo@TPropInfo
@Typinfo@GetWideStrProp$qqrp14System@TObjectp17Typinfo@TPropInfo
@Typinfo@GetStrProp$qqrp14System@TObjectp17Typinfo@TPropInfo
@Typinfo@GetOrdProp$qqrp14System@TObjectp17Typinfo@TPropInfo
@Typinfo@GetPropList$qqrp17Typinfo@TTypeInfo46System@%Set$t17Typinfo@TTypeKind$iuc$0$iuc$18%p50System@%StaticArray$p17Typinfo@TPropInfoi$i16380$%o
@Typinfo@GetEnumName$qqrp17Typinfo@TTypeInfoi
@Typinfo@GetTypeData$qqrp17Typinfo@TTypeInfo
@Sysutils@initialization$qqrv
@Sysutils@Finalization$qqrv
@Sysutils@FloatToStr$qqrg
@Variants@initialization$qqrv
@Variants@Finalization$qqrv
@Variants@@VarAdd$qqrr8TVarDatarx8TVarData
@Variants@@VarFromUStr$qqrr8TVarDatax20System@UnicodeString
@Variants@@VarToUStr$qqrr20System@UnicodeStringrx8TVarData
@Variants@@VarClr$qqrr8TVarData
@Varutils@initialization$qqrv
@Varutils@Finalization$qqrv

kernel32

TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
FreeLibrary
lstrcmpiW
WriteFile
WaitForSingleObject
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
UnmapViewOfFile
TerminateThread
TerminateProcess
SystemTimeToFileTime
SuspendThread
Sleep
SizeofResource
SetUnhandledExceptionFilter
SetThreadPriority
SetLastError
SetFilePointer
SetFileAttributesA
SetFileAttributesW
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
RemoveDirectoryA
RemoveDirectoryW
ReleaseMutex
ReadProcessMemory
ReadFile
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
OpenProcess
OpenFileMappingA
OpenFileMappingW
MapViewOfFile
LockResource
LocalSize
LocalFree
LocalAlloc
LoadResource
LoadLibraryA
LoadLibraryW
LeaveCriticalSection
IsBadReadPtr
InitializeCriticalSection
GlobalUnlock
GlobalMemoryStatus
GlobalLock
GlobalFree
GlobalAlloc
GetWindowsDirectoryA
GetVersion
GetTickCount
GetThreadPriority
GetThreadContext
GetTempPathA
GetTempPathW
GetSystemTime
GetSystemDirectoryW
GetProcAddress
GetPriorityClass
GetModuleHandleA
GetModuleHandleW
GetModuleFileNameA
GetModuleFileNameW
GetLocaleInfoA
GetLocaleInfoW
GetLocalTime
GetLastError
GetFileSize
GetFileAttributesA
GetFileAttributesW
GetDiskFreeSpaceA
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryA
GetCurrentDirectoryW
GetComputerNameA
GetComputerNameW
GetCommandLineA
GetCommandLineW
FreeResource
InterlockedIncrement
InterlockedDecrement
FreeLibrary
FlushInstructionCache
FindResourceA
FindResourceW
FindNextFileA
FindNextFileW
FindFirstFileA
FindFirstFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
ExitThread
ExitProcess
EnterCriticalSection
DuplicateHandle
DeleteFileA
DeleteFileW
DeleteCriticalSection
CreateThread
CreateProcessA
CreateProcessW
CreatePipe
CreateMutexA
CreateMutexW
CreateFileMappingA
CreateFileMappingW
CreateFileA
CreateFileW
CreateEventA
CreateEventW
CreateDirectoryA
CreateDirectoryW
CopyFileA
CopyFileW
CloseHandle
Beep
RtlUnwind

user32

CreateWindowExA
CreateWindowExW
WindowFromPoint
TranslateMessage
SystemParametersInfoW
ShowWindow
SetWindowTextA
SetWindowTextW
SetWindowPos
SetWindowLongA
SetWindowLongW
SetTimer
SetRect
SetForegroundWindow
SetFocus
SetCursor
SetClipboardData
SetCapture
SetActiveWindow
SendMessageTimeoutA
SendMessageA
SendMessageW
ScreenToClient
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClassA
RegisterClassW
PostThreadMessageA
PostThreadMessageW
PostQuitMessage
PostMessageA
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
OffsetRect
MessageBoxA
MessageBoxW
MessageBeep
LoadImageA
LoadImageW
LoadCursorW
KillTimer
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsIconic
IsDialogMessageW
InvalidateRect
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowLongA
GetWindowLongW
GetWindowDC
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetWindow
GetMessageA
GetMessageW
GetKeyState
GetIconInfo
GetFocus
GetDC
GetCursorPos
GetCursor
GetClientRect
GetClassNameA
GetCapture
FrameRect
FindWindowA
FillRect
EnumWindows
EndPaint
EnableWindow
EmptyClipboard
DrawTextA
DrawTextW
DrawIconEx
DrawFrameControl
DrawFocusRect
DispatchMessageW
DestroyWindow
DefWindowProcA
DefWindowProcW
CloseClipboard
CallWindowProcA
CallWindowProcW
BringWindowToTop
BeginPaint
AttachThreadInput

gdi32

TextOutA
TextOutW
StartPage
StartDocA
StartDocW
SetTextColor
SetMapMode
SetBkMode
SetBkColor
SelectObject
SelectClipRgn
MoveToEx
LineTo
GetTextMetricsW
GetTextFaceA
GetTextExtentPoint32A
GetTextExtentPoint32W
GetStockObject
GetRgnBox
GetObjectW
GetDeviceCaps
GdiFlush
EndPage
EndDoc
DeleteObject
DeleteDC
CreateSolidBrush
CreateRectRgnIndirect
CreatePen
CreateFontA
CreateFontW
CreateDIBSection
CreateDCW
CreateCompatibleDC
CombineRgn
BitBlt

advapi32

SetSecurityDescriptorDacl
RegSetValueExA
RegSetValueExW
RegQueryValueExA
RegQueryValueExW
RegQueryInfoKeyA
RegOpenKeyExA
RegOpenKeyExW
RegEnumKeyA
RegDeleteValueA
RegDeleteValueW
RegCreateKeyExA
RegCreateKeyExW
RegCloseKey
OpenProcessToken
InitializeSecurityDescriptor
GetUserNameA
GetUserNameW
GetTokenInformation
FreeSid
AllocateAndInitializeSid

madbasic_.bpl

@Madtypes@MadException@$bdtr$qqrv
@Madtypes@MadException@Create$qqrx20System@UnicodeString
@$xp$21Madtypes@MadException
@Madtypes@MadException@
@Madtypes@MadException@CleanUpStackInfoProc
@$xp$25Madtypes@TDAUnicodeString
@$xp$22Madtypes@TDAAnsiString
@$xp$22Madtypes@TDANativeUInt
@$xp$19Madtypes@TDAInteger
@$xp$20Madtypes@TDACardinal
@$xp$20Madtypes@TDASmallInt
@Madstrings@initialization$qqrv
@Madstrings@Finalization$qqrv
@Madstrings@ExtractFileExtW$qqrx20System@UnicodeString
@Madstrings@ExtractFileDriveW$qqrx20System@UnicodeString
@Madstrings@ExtractFilePathW$qqrx20System@UnicodeString
@Madstrings@ExtractFileNameW$qqrx20System@UnicodeString
@Madstrings@IsValidIdentW$qqrx20System@UnicodeStringo
@Madstrings@EncodeUtf8$qqrx20System@UnicodeString
@Madstrings@DecodeUtf8$qqrx27System@%AnsiStringT$us$i0$%
@Madstrings@ErrorCodeToStrW$qqrui
@Madstrings@SizeToStrW$qqrj
@Madstrings@IntToHexExW$qqruiib
@Madstrings@IntToStrExW$qqrjib
@Madstrings@IntToStrExW$qqruiib
@Madstrings@IntToHexExW$qqriib
@Madstrings@IntToStrExW$qqriib
@Madstrings@IntToHexExA$qqrjic
@Madstrings@IntToHexExA$qqruiic
@Madstrings@IntToStrExA$qqruiic
@Madstrings@IntToHexExA$qqriic
@Madstrings@IntToStrExA$qqriic
@Madstrings@PosNotCharsW$qqrrx29System@%Set$tc$iuc$0$iuc$255%x20System@UnicodeStringuiui
@Madstrings@PosText$qqrx20System@UnicodeStringt1uiui
@Madstrings@PosStr$qqrx20System@UnicodeStringt1uiui
@Madstrings@BooleanToCharW$qqro
@Madstrings@CopyR$qqrx20System@UnicodeStringui
@Madstrings@RetDelete$qqrx20System@UnicodeStringuiui
@Madstrings@SubTextExistsW
@Madstrings@SubStrExistsW
@Madstrings@SubStrW
@Madstrings@SubStrCountW
@Madstrings@FormatSubStrsW
@Madstrings@StrToIntExW
@Madstrings@FillStrW
@Madstrings@PosCharsW
@Madstrings@PosTextIs1W
@Madstrings@PosStrIs1W
@Madstrings@PosTextW
@Madstrings@PosStrW
@Madstrings@CompareTextW
@Madstrings@IsTextEqualW
@Madstrings@LowStrW
@Madstrings@LowCharW
@Madstrings@UpStrW
@Madstrings@KeepW
@Madstrings@RetDeleteW
@Madstrings@ReplaceTextW
@Madstrings@ReplaceStrW
@Madstrings@KillStrW
@Madstrings@KillCharsW
@Madstrings@KillCharW
@Madstrings@RetTrimStrW
@Madstrings@TrimStrW
@Madstrings@SubStrA
@Madstrings@SubStrCountA
@Madstrings@StrToIntExA
@Madstrings@PosStrIs1A
@Madstrings@PosPCharA
@Madstrings@PosTextA
@Madstrings@PosStrA
@Madstrings@IsTextEqualA
@Madstrings@UpStrA
@Madstrings@UpCharA
@Madstrings@ReplaceTextA
@Madstrings@ReplaceStrA
@Madstrings@RetTrimStrA
@Madstrings@TrimStrA
@Madtools@initialization$qqrv
@Madtools@Finalization$qqrv
@Madtools@InitTryExceptFinally$qqrv
@Madtools@TickDif$qqrui
@Madtools@IsBadReadPtr2$qqrpvui
@Madtools@UnmangleW$qqrr20System@UnicodeStringt1
@Madtools@ResToStr$qqruipbx20System@UnicodeString
@Madtools@GetImageProcNameW$qqruipvo
@Madtools@GetImageProcAddress$qqruix27System@%AnsiStringT$us$i0$%o
@Madtools@GetImageExportDirectory$qqrui
@Madtools@GetImageNtHeaders$qqrui
@Madtools@DelMsgHandler$qqrpqqrp6HWND__uiiiri$vuiui
@Madtools@AddMsgHandler$qqrpqqrp6HWND__uiiiri$vuiui
@Madtools@MsgHandlerWindow$qqrui
@Madtools@MethodToProcedure$qqrp14System@TObjectpvi
@Madtools@GetFileVersionStr$qqrx20System@UnicodeString
@Madtools@GetFreeSystemResources$qqrus
@Madtools@OS$qqrv
@Madtools@HideLeak_
@Madtools@FindModuleA
@Madtools@GetFileVersionStrW
@Madtools@GetLongFileNameW
@Madtools@GetShortFileNameW
@Madtools@GetLongFileNameA
@$xp$12Madtools@TOS
@Madzip@Zip$qqrx20System@UnicodeStringpx20System@UnicodeStringxix45System@%DynamicArray$t20System@UnicodeString%
@Madzip@UpdateCrc32$qqruipxvi
@Madzip@Uncompress$qqrx27System@%AnsiStringT$us$i0$%
@Madzip@Compress$qqrx27System@%AnsiStringT$us$i0$%o
@Madzip@Compress$qqrpvt1ii
@Madcrypt@Encode$qqrx27System@%AnsiStringT$us$i0$%
@Madcrypt@Encode$qqrpvi
@Madcrypt@OldDecrypt$qqrr27System@%AnsiStringT$us$i0$%x27System@%AnsiStringT$us$i0$%
@Madcrypt@OldEncrypt$qqrr27System@%AnsiStringT$us$i0$%x27System@%AnsiStringT$us$i0$%
@Madcrypt@Decrypt$qqrr27System@%AnsiStringT$us$i0$%x27System@%AnsiStringT$us$i0$%j
@Madcrypt@DecodeA

maddisasm_.bpl

@Maddisasm@initialization$qqrv
@Maddisasm@Finalization$qqrv
@Maddisasm@TryRead$qqrpvt1uiui
@Maddisasm@EndTryRead$qqrui
@Maddisasm@StartTryRead$qqrv
@Maddisasm@Magic95$qqrv
@Maddisasm@Magic$qqrv
@Maddisasm@ParseFunctionEx$qqrpvr27System@%AnsiStringT$us$i0$%t1io
@Maddisasm@ParseFunction$qqrpv
@Maddisasm@ParseFunction_$qqrpvuit1t1t1t1t1
@Maddisasm@ParseCode_$qqrpvui
@Maddisasm@ParseCode$qqrpv
@Maddisasm@BcbInitExceptBlockLDTC
@Maddisasm@GetLineNumber
@Maddisasm@GetProcNameFromMapFile
@$xp$23Maddisasm@TFunctionInfo
@$xp$27Maddisasm@_TFunctionInfo@_3

comctl32

ImageList_Destroy
ImageList_Create
InitCommonControls

comdlg32

PrintDlgW
GetSaveFileNameA
GetSaveFileNameW

shell32

ShellExecuteExA
ShellExecuteA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc

wsock32

WSACleanup
WSAStartup
WSAGetLastError
gethostbyname
socket
setsockopt
sendto
send
select
recvfrom
recv
ioctlsocket
inet_addr
htons
connect
closesocket
bind

Exports

Exports

@$xp$19Madexcept@IMEFields
@$xp$19Madexcept@TMEButton
@$xp$19Madexcept@TMEDupDef
@$xp$19Madexcept@TSyncType
@$xp$19Madmapfile@TMapFile
@$xp$20Madmapfile@TMfPublic
@$xp$21Madexcept@IMESettings
@$xp$21Madexcept@TExceptType
@$xp$21Madmapfile@TMfSegment
@$xp$21Madnvbitmap@INVBitmap
@$xp$22Madexcept@IMEException
@$xp$22Madexcept@Madexcept__1
@$xp$22Madexcept@Madexcept__2
@$xp$22Madexcept@TExceptPhase
@$xp$22Madmapfile@TSymTagEnum
@$xp$22Madnvassistant@INVEdit
@$xp$22Madnvassistant@INVForm
@$xp$22Madnvassistant@INVItem
@$xp$22Madnvbitmap@TPngFormat
@$xp$23Madexcept@TExceptAction
@$xp$23Madexcept@TExceptSource
@$xp$23Madmapfile@_TMapFile@_1
@$xp$23Madmapfile@_TMapFile@_2
@$xp$23Madmapfile@_TMapFile@_3
@$xp$23Madnvassistant@INVImage
@$xp$23Madnvassistant@INVLabel
@$xp$24Madexcept@IMEAttachments
@$xp$24Madexcept@TExceptEventOO
@$xp$24Madexcept@TMEShowSetting
@$xp$24Madnvassistant@INVButton
@$xp$24Madnvassistant@TNVAction
@$xp$24Madstacktrace@TStackItem
@$xp$25Madstacktrace@TStackTrace
@$xp$26Madnvassistant@INVCheckBox
@$xp$26Madnvassistant@TOutputType
@$xp$27Madexcept@IMEModuleSettings
@$xp$27Madnvassistant@INVAssistant
@$xp$28Madstacktrace@BcbTermination
@$xp$29Madnvassistant@TNVModalResult
@$xp$29Madnvprgralert@IProgressAlert
@$xp$30Madexcept@TBugReportCallbackOO
@$xp$30Madexcept@TExceptActionEventOO
@GetPackageInfoTable
@Maddumpobj@DumpObj$qqrp14System@TObject
@Maddumpobj@Finalization$qqrv
@Maddumpobj@initialization$qqrv
@Madexcept@AddCmdLineToBugRep
@Madexcept@AmHttpServer
@Madexcept@AmOnline$qqro
@Madexcept@AutoSaveBugReport$qqrx20System@UnicodeStringx49System@%DelphiInterface$t21Madexcept@IMESettings%
@Madexcept@AutoSendBugReport$qqrx20System@UnicodeStringx49System@%DelphiInterface$t21Madnvbitmap@INVBitmap%x49System@%DelphiInterface$t21Madexcept@IMESettings%o
@Madexcept@BcbCallTerminate
@Madexcept@BcbExceptionHandler
@Madexcept@BcbHelper_GetIntraWebVersion$qqrpv
@Madexcept@BcbInitExceptBlockLDTC
@Madexcept@BcbOrgMalloc
@Madexcept@BcbPTerminate
@Madexcept@BcbThrowExceptionLDTC
@Madexcept@BcbVclClearEH
@Madexcept@BugReportHtml
@Madexcept@BugZillaUpload$qqrx27System@%AnsiStringT$us$i0$%ouix20System@UnicodeStringt4t4t4t4t4t4t4t4t4t4t4x52System@%DelphiInterface$t24Madexcept@IMEAttachments%p6HWND__oox49System@%DelphiInterface$t21Madexcept@IMESettings%
@Madexcept@CGIApp_TCGIApplication_CGIHandleException
@Madexcept@CMadExceptVersionString
@Madexcept@CalibrateCode$qqrv
@Madexcept@CalibrateData
@Madexcept@CheckBugTracker$qqri27System@%AnsiStringT$us$i0$%ouix20System@UnicodeStringt5t5t5t5rotatatatar45System@%DynamicArray$t20System@UnicodeString%tftftftf
@Madexcept@CheckExceptParams$qqrrp14System@TObjectrpvr27System@%AnsiStringT$us$i0$%rp8_CONTEXT
@Madexcept@CheckHttpUpload$qqrx27System@%AnsiStringT$us$i0$%ouix20System@UnicodeStringt4rot6t6
@Madexcept@CheckSmtpClient$qqrx27System@%AnsiStringT$us$i0$%oouix20System@UnicodeStringt5rot7t7t7t7t7r20System@UnicodeString
@Madexcept@Classes_CheckSynchronize
@Madexcept@ClearLeaks$qqroo
@Madexcept@CloseAntiFreeze$qqrv
@Madexcept@CloseAppExitCode
@Madexcept@CloseApplication$qqrv
@Madexcept@CloseExceptionView$qqrp14System@TObject
@Madexcept@CrashOnOverrun
@Madexcept@CreateBugReport$qqr21Madexcept@TExceptTypep14System@TObjectpvuiuiuip8_CONTEXTox55System@%DelphiInterface$t27Madexcept@IMEModuleSettings%23Madexcept@TExceptSourcet2uix27System@%AnsiStringT$us$i0$%p25Madtypes@TExceptionRecord
@Madexcept@CreateExceptionView$qqrp6HWND__rx11Types@TRectrp6HWND__
@Madexcept@CustomizeSimpleMsgBox
@Madexcept@DecryptPassword$qqrx20System@UnicodeStringt1x27System@%AnsiStringT$us$i0$%
@Madexcept@DefaultBugReportHtml$qqrx20System@UnicodeStringx49System@%DelphiInterface$t21Madexcept@IMESettings%
@Madexcept@DelphiDebugMm
@Madexcept@DetectConsole
@Madexcept@DisAsmFunc
@Madexcept@DontAddDots
@Madexcept@DontHookThreads$qqrv
@Madexcept@DontPrettifyExceptMsg
@Madexcept@DontReformatExcMsg
@Madexcept@DontUseProxy
@Madexcept@DumbStackTrace
@Madexcept@Ebp$qqrv
@Madexcept@EnableRedirection
@Madexcept@Esp$qqrv
@Madexcept@ExceptionBoxHeight
@Madexcept@ExceptionBoxWidth
@Madexcept@ExpandVars$qqruir20System@UnicodeStringx20System@UnicodeStringt3t3t3
@Madexcept@ExtractBugReportHeaderField$qqrx20System@UnicodeStringt1
@Madexcept@FMX_TApplication_HandleException
@Madexcept@FMX_TApplication_ShowException
@Madexcept@FillClipboard$qqrx20System@UnicodeString
@Madexcept@Finalization$qqrv
@Madexcept@FinalizeMadExcept$qqrv
@Madexcept@FogBugzUpload$qqrx27System@%AnsiStringT$us$i0$%ouix20System@UnicodeStringt4t4t4t4t4t4t4t4t4t4t4t4x52System@%DelphiInterface$t24Madexcept@IMEAttachments%x47System@%DelphiInterface$t19Madexcept@IMEFields%p6HWND__oox49SystevH6auFUwE84qPbye8egXAw
@Madexcept@FollowRedirect
@Madexcept@ForceUtf8
@Madexcept@FormatExceptMessage$qqrx20System@UnicodeString
@Madexcept@Forms_TApplication_HandleException
@Madexcept@Forms_TApplication_ShowException
@Madexcept@Get9xResourceReport$qqrv
@Madexcept@GetAllocatedMemory$qqrv
@Madexcept@GetAttachments$qqrx52System@%DelphiInterface$t24Madexcept@IMEAttachments%p6HWND__oox49System@%DelphiInterface$t21Madexcept@IMESettings%
@Madexcept@GetCpuCount$qqrv
@Madexcept@GetCpuName$qqrv
@Madexcept@GetCrashStackTrace$qqrooop49System@%DynamicArray$t24Madstacktrace@TStackItem%x57System@%DelphiInterface$t29Madnvprgralert@IProgressAlert%opuit7pop45System@%DynamicArray$t20System@UnicodeString%
@Madexcept@GetDisplayModeString$qqrv
@Madexcept@GetExceptBoxHandle$qqrv
@Madexcept@GetLargestFreeBlock$qqrv
@Madexcept@GetLeakCallstack$qqrj
@Madexcept@GetLeakReport$qqrooo
@Madexcept@GetMemoryStatus$qqrv
@Madexcept@GetOsLanguageString$qqrv
@Madexcept@GetOsVersionString$qqrv
@Madexcept@GetProgramUpTime$qqrv
@Madexcept@GetSpecialFolderW$qqrio
@Madexcept@GetSystemUpTime$qqrv
@Madexcept@GetTSClientName$qqrv
@Madexcept@GetThreadCreatorAddr$qqrui
@Madexcept@GetThreadInfos$qqruiruit2t2t2r8_CONTEXTriro
@Madexcept@GetThreadList$qqrv
@Madexcept@GetThreadName$qqrui
@Madexcept@GetThreadStackTrace$qqruiooop49System@%DynamicArray$t24Madstacktrace@TStackItem%x57System@%DelphiInterface$t29Madnvprgralert@IProgressAlert%opuit8pop45System@%DynamicArray$t20System@UnicodeString%
@Madexcept@HandleContactForm$qqr50System@%DelphiInterface$t22Madnvassistant@INVForm%24Madnvassistant@TNVAction50System@%DelphiInterface$t22Madnvassistant@INVItem%50System@%DelphiInterface$t22Madexcept@IMEException%
@Madexcept@HandleException$qqr21Madexcept@TExceptTypep14System@TObjectpvouiuip8_CONTEXT23Madexcept@TExceptSourcet2uip20System@UnicodeString
@Madexcept@HandleScreenshotForm$qqr50System@%DelphiInterface$t22Madnvassistant@INVForm%24Madnvassistant@TNVAction50System@%DelphiInterface$t22Madnvassistant@INVItem%50System@%DelphiInterface$t22Madexcept@IMEException%
@Madexcept@HiddenAutoMailing
@Madexcept@HideInitializationLeaks$qqrv
@Madexcept@HideLeak$qqrp17System@TMetaClassi
@Madexcept@HideLeak$qqrpv
@Madexcept@HideLeak$qqrui
@Madexcept@HideLeak$qqrx20System@UnicodeString
@Madexcept@HookThreads$qqrv
@Madexcept@HttpExtensionProcNext
@Madexcept@HttpUpload$qqrx27System@%AnsiStringT$us$i0$%ouix20System@UnicodeStringt4x52System@%DelphiInterface$t24Madexcept@IMEAttachments%x47System@%DelphiInterface$t19Madexcept@IMEFields%t4p6HWND__oox49System@%DelphiInterface$t21Madexcept@IMESettings%
@Madexcept@HttpUploadTimeout
@Madexcept@HyperJumpCallstack$qqrx20System@UnicodeString
@Madexcept@ISAPIApp_TISAPIApplication_ISAPIHandleException
@Madexcept@IgnoreSmtpCert
@Madexcept@ImNotFrozen$qqrv
@Madexcept@ImportBugReport$qqrx20System@UnicodeString
@Madexcept@InitAntiFreeze$qqrv
@Madexcept@InstallUnhandledExceptionFilter$qqrv
@Madexcept@IsThreadSuspended$qqruiui
@Madexcept@IsTrueUnicodeString$qqrx20System@UnicodeString
@Madexcept@IsUserAdmin$qqrv
@Madexcept@LastHttpErrorNo
@Madexcept@LastHttpErrorStr
@Madexcept@LastHttpPostReply
@Madexcept@LastMantisIssueId
@Madexcept@LastRedirectURL
@Madexcept@MESettings$qqrpv
@Madexcept@MESettings$qqrui
@Madexcept@MESettings$qqrv
@Madexcept@MantisUpload$qqrx27System@%AnsiStringT$us$i0$%ouix20System@UnicodeStringt4t4t4t4t4t4t4t4t4t4t4x52System@%DelphiInterface$t24Madexcept@IMEAttachments%p6HWND__oox49System@%DelphiInterface$t21Madexcept@IMESettings%
@Madexcept@MxLookup$qqr27System@%AnsiStringT$us$i0$%
@Madexcept@NameThread$qqruix20System@UnicodeString
@Madexcept@NewAttachments$qqrv
@Madexcept@NewException$qqr21Madexcept@TExceptTypep14System@TObjectpvouiuiuip8_CONTEXTx55System@%DelphiInterface$t27Madexcept@IMEModuleSettings%23Madexcept@TExceptSourcet2uix27System@%AnsiStringT$us$i0$%op25Madtypes@TExceptionRecord
@Madexcept@NewFields$qqrv
@Madexcept@NoOnlineCheck
@Madexcept@OnExceptBoxCreate
@Madexcept@OnExceptBoxDestroy
@Madexcept@OpenThread$qqruiui
@Madexcept@PatchAPI$qqrx27System@%AnsiStringT$us$i0$%t1pvrpvt3o
@Madexcept@PatchInt$qqrpvi
@Madexcept@PatchJmp$qqrpvt1
@Madexcept@PatchPtr$qqrpvt1t1
@Madexcept@PauseFreezeCheck$qqro
@Madexcept@PauseMadExcept$qqro
@Madexcept@PauseMeEventually$qqrv
@Madexcept@Ping$qqrx27System@%AnsiStringT$us$i0$%
@Madexcept@Plugins
@Madexcept@PrintBugReport$qqrx20System@UnicodeStringp6HWND__x49System@%DelphiInterface$t21Madexcept@IMESettings%
@Madexcept@ProcessMainThreadId
@Madexcept@ProxyBypass
@Madexcept@ProxyPassword
@Madexcept@ProxyServer
@Madexcept@ProxyUserName
@Madexcept@PutAssisIntoBugReport$qqrx55System@%DelphiInterface$t27Madnvassistant@INVAssistant%x50System@%DelphiInterface$t22Madexcept@IMEException%
@Madexcept@Qforms_TApplication_HandleException
@Madexcept@Qforms_TApplication_ShowException
@Madexcept@RegDelVal$qqrp6HKEY__x20System@UnicodeStringt2
@Madexcept@RegReadStr$qqrp6HKEY__x20System@UnicodeStringt2
@Madexcept@RegWriteStr$qqrp6HKEY__x20System@UnicodeStringt2t2
@Madexcept@RegisterBugReportPlugin$qqrx20System@UnicodeStringt1pqqrv$20System@UnicodeStringo
@Madexcept@RegisterBugReportPlugin$qqrx20System@UnicodeStringt1pqqrv$27System@%AnsiStringT$us$i0$%o
@Madexcept@RegisterBugReportPlugin$qqrx20System@UnicodeStringt1pqqrx50System@%DelphiInterface$t22Madexcept@IMEException%$20System@UnicodeStringo
@Madexcept@RegisterBugReportPlugin$qqrx20System@UnicodeStringt1pqqrx50System@%DelphiInterface$t22Madexcept@IMEException%$27System@%AnsiStringT$us$i0$%o
@Madexcept@RegisterExceptActionHandler$qqrpqqr23Madexcept@TExceptActionx50System@%DelphiInterface$t22Madexcept@IMEException%ro$v19Madexcept@TSyncType
@Madexcept@RegisterExceptActionHandler$qqrynpqqr23Madexcept@TExceptActionx50System@%DelphiInterface$t22Madexcept@IMEException%ro$v19Madexcept@TSyncType
@Madexcept@RegisterExceptionHandler$qqrpqqrx50System@%DelphiInterface$t22Madexcept@IMEException%ro$v19Madexcept@TSyncType22Madexcept@TExceptPhase
@Madexcept@RegisterExceptionHandler$qqrynpqqrx50System@%DelphiInterface$t22Madexcept@IMEException%ro$v19Madexcept@TSyncType22Madexcept@TExceptPhase
@Madexcept@RegisterHiddenExceptionHandler$qqrpqqrx50System@%DelphiInterface$t22Madexcept@IMEException%ro$v19Madexcept@TSyncType
@Madexcept@RegisterHiddenExceptionHandler$qqrynpqqrx50System@%DelphiInterface$t22Madexcept@IMEException%ro$v19Madexcept@TSyncType
@Madexcept@RelativeToAbsolute$qqrx20System@UnicodeString
@Madexcept@ReportLeaks
@Madexcept@ReportLeaksNow$qqro
@Madexcept@RequireAuthenticSsl
@Madexcept@ResetFpuMode
@Madexcept@RestartApplication$qqrx20System@UnicodeStringo
@Madexcept@SaveBugReport$qqrx20System@UnicodeStringp6HWND__x49System@%DelphiInterface$t21Madexcept@IMESettings%
@Madexcept@SendBugReport$qqrx20System@UnicodeStringx49System@%DelphiInterface$t21Madnvbitmap@INVBitmap%p6HWND__x49System@%DelphiInterface$t21Madexcept@IMESettings%
@Madexcept@SendMapiMail$qqrx20System@UnicodeStringt1t1x52System@%DelphiInterface$t24Madexcept@IMEAttachments%p6HWND__oox49System@%DelphiInterface$t21Madexcept@IMESettings%
@Madexcept@SendShellMail$qqrx20System@UnicodeStringt1t1
@Madexcept@SendSmtpMail$qqrx20System@UnicodeStringt1t1t1t1x52System@%DelphiInterface$t24Madexcept@IMEAttachments%x27System@%AnsiStringT$us$i0$%t1t1uioop6HWND__oox49System@%DelphiInterface$t21Madexcept@IMESettings%
@Madexcept@SetDebugMmAlignment$qqri
@Madexcept@SetFreezeTimeout$qqrui
@Madexcept@SetLeakReportFile$qqrx20System@UnicodeString
@Madexcept@SetTopmost$qqrp6HWND__o
@Madexcept@ShowBugReportKey
@Madexcept@ShowLeakProgressWindow$qqro
@Madexcept@ShowLeakReport$qqrx20System@UnicodeString
@Madexcept@ShowNoLeaksWindow$qqro
@Madexcept@ShowOuterExceptDetails
@Madexcept@SmtpComputerName
@Madexcept@SmtpMailFrom
@Madexcept@SmtpReplyTo
@Madexcept@SmtpServerPort
@Madexcept@SmtpTimeout
@Madexcept@StartLeakChecking$qqro
@Madexcept@StopLeakChecking$qqro
@Madexcept@SysUtils_AnsiStrAlloc
@Madexcept@SysUtils_Exception_Destroy
@Madexcept@SysUtils_Exception_GetStackTrace
@Madexcept@SysUtils_Exception_RaisingException
@Madexcept@SysUtils_InitializePackage
@Madexcept@SysUtils_LoadPackage
@Madexcept@SysUtils_ShowException
@Madexcept@SysUtils_WideStrAlloc
@Madexcept@System_ExceptionHandler
@Madexcept@System_FinalizeUnits
@Madexcept@System_InitUnits
@Madexcept@System_runErrMsg
@Madexcept@ThisIsNoLeak$qqrpv
@Madexcept@ThisIsNoLeak$qqrui
@Madexcept@UnpatchAPI$qqrpvt1t1o
@Madexcept@UnregisterBugReportPlugin$qqrx20System@UnicodeString
@Madexcept@UnregisterExceptActionHandler$qqrpqqr23Madexcept@TExceptActionx50System@%DelphiInterface$t22Madexcept@IMEException%ro$v
@Madexcept@UnregisterExceptActionHandler$qqrynpqqr23Madexcept@TExceptActionx50System@%DelphiInterface$t22Madexcept@IMEException%ro$v
@Madexcept@UnregisterExceptionHandler$qqrpqqrx50System@%DelphiInterface$t22Madexcept@IMEException%ro$v
@Madexcept@UnregisterExceptionHandler$qqrynpqqrx50System@%DelphiInterface$t22Madexcept@IMEException%ro$v
@Madexcept@UnregisterHiddenExceptionHandler$qqrpqqrx50System@%DelphiInterface$t22Madexcept@IMEException%ro$v
@Madexcept@UnregisterHiddenExceptionHandler$qqrynpqqrx50System@%DelphiInterface$t22Madexcept@IMEException%ro$v
@Madexcept@UpdateExceptionView$qqrp14System@TObjectx50System@%DelphiInterface$t22Madexcept@IMEException%
@Madexcept@WasRestarted
@Madexcept@initialization$qqrv
@Madexcept@madTraceProcess$qqsi
@Madexcept_@@GetPackageInfoTable$qqrv
@Madexcept_@@PackageLoad$qqrv
@Madexcept_@@PackageUnload$qqrv
@Madexcept_@initialization$qqrv
@Madlinkdisasm@Finalization$qqrv
@Madlinkdisasm@initialization$qqrv
@Madlisthardware@Finalization$qqrv
@Madlisthardware@GetHardwareList$qqrv
@Madlisthardware@initialization$qqrv
@Madlistmodules@Finalization$qqrv
@Madlistmodules@GetModuleList$qqrv
@Madlistmodules@initialization$qqrv
@Madlistprocesses@Finalization$qqrv
@Madlistprocesses@GetProcessList$qqrv
@Madlistprocesses@initialization$qqrv
@Madmapfile@CMapFileStreamDescriptor
@Madmapfile@Finalization$qqrv
@Madmapfile@FindMapFile$qqrpv
@Madmapfile@GetMapFileAddress$qqrx20System@UnicodeStringt1t1
@Madmapfile@GetMapFileInfos$qqrpvr20System@UnicodeStringt2t2rpvri
@Madmapfile@GetMyProcName$qqro
@Madmapfile@ImportMapFile$qqrx27System@%AnsiStringT$us$i0$%
@Madmapfile@LoadMapFile$qqrx20System@UnicodeStringo
@Madmapfile@LoadMapFileEx$qqrx20System@UnicodeStringo
@Madmapfile@SymCleanup
@Madmapfile@SymEnumLines
@Madmapfile@SymEnumSymbols
@Madmapfile@SymGetModuleInfo64
@Madmapfile@SymInitialize
@Madmapfile@SymLoadModuleEx
@Madmapfile@SymUnloadModule64
@Madmapfile@TMapFile@
@Madmapfile@TMapFile@$bctr$qqrox27System@%AnsiStringT$us$i0$%x20System@UnicodeStringuioo
@Madmapfile@TMapFile@Export$qqrooo
@Madmapfile@TMapFile@FindAddress$qqrx20System@UnicodeStringt1
@Madmapfile@TMapFile@FindLine$qqrpv
@Madmapfile@TMapFile@FindLine$qqrpvrpv
@Madmapfile@TMapFile@FindPublic$qqri
@Madmapfile@TMapFile@FindPublic$qqrox20System@UnicodeStringt2o
@Madmapfile@TMapFile@FindPublic$qqrpv
@Madmapfile@TMapFile@FindSegment$qqri
@Madmapfile@TMapFile@FindSegment$qqropv
@Madmapfile@TMapFile@Line_NewItem$qqripvo
@Madmapfile@TMapFile@Public_NewItem$qqro20System@UnicodeStringuio
@Madmapfile@TMapFile@Segment_NewItem$qqroouiui20System@UnicodeStringoo
@Madmapfile@initialization$qqrv
@Madnvassistant@CreateAssistant$qqrx20System@UnicodeStringpx27System@%AnsiStringT$us$i0$%xix45System@%DelphiInterface$t17System@IInterface%
@Madnvassistant@Finalization$qqrv
@Madnvassistant@HandleContactFormProc
@Madnvassistant@HandleExceptionHelper
@Madnvassistant@HandleScreenshotFormProc
@Madnvassistant@LoadAssistant$qqruix20System@UnicodeStringpx20System@UnicodeStringxix45System@%DelphiInterface$t17System@IInterface%
@Madnvassistant@OnAssistantCreate
@Madnvassistant@initialization$qqrv
@Madnvbitmap@Finalization$qqrv
@Madnvbitmap@LoadBitmap$qqrx20System@UnicodeString
@Madnvbitmap@ScreenShot$qqro
@Madnvbitmap@initialization$qqrv
@Madnvprgralert@Finalization$qqrv
@Madnvprgralert@NewProgressAlert$qqrx20System@UnicodeStringuit1
@Madnvprgralert@initialization$qqrv
@Madstacktrace@BcbTermination@
@Madstacktrace@BcbTermination@$bctr$qqrx20System@UnicodeString
@Madstacktrace@FastMM_LogStackTrace$qqrpvipcoooo
@Madstacktrace@Finalization$qqrv
@Madstacktrace@InternalError$qqrx20System@UnicodeStringoo
@Madstacktrace@PrepareStackTrace$qqruiuiuip8_CONTEXTpvo
@Madstacktrace@StackAddrToStr$qqrpvoo
@Madstacktrace@StackTrace$qqrooop49System@%DynamicArray$t24Madstacktrace@TStackItem%p8_CONTEXTpvoouiuit6ppvtctc57System@%DelphiInterface$t29Madnvprgralert@IProgressAlert%uioo27System@%AnsiStringT$us$i0$%popuitltkp45System@%DynamicASKuXo+q15gvF0I9owRkH7g
@Madstacktrace@initialization$qqrv
Finalize
Initialize
madTraceProcess

Sections

.text
Size: 337KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 328B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
sqlite3.dll
.dll windows:4 windows x86 arch:x86

953394ee44f1817f72dbbc6e791bce8b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5c:d0:50:29:20:c2:7e:ea:ec:2a:18:4d:04:52:e5:3a
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16/01/2018, 00:00

Not After

30/03/2021, 23:59

Subject

CN=IObit Information Technology,O=IObit Information Technology,L=Chengdu,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5c:d0:50:29:20:c2:7e:ea:ec:2a:18:4d:04:52:e5:3a
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16/01/2018, 00:00

Not After

30/03/2021, 23:59

Subject

CN=IObit Information Technology,O=IObit Information Technology,L=Chengdu,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

13:4f:b1:e3:48:f5:80:9c:c7:11:97:f7:98:ba:b1:40:7b:c5:69:d9:9c:e6:1f:79:26:54:d3:eb:45:aa:3b:de
Signer

Actual PE Digest

13:4f:b1:e3:48:f5:80:9c:c7:11:97:f7:98:ba:b1:40:7b:c5:69:d9:9c:e6:1f:79:26:54:d3:eb:45:aa:3b:de

Digest Algorithm

sha256

PE Digest Matches

true

de:a6:9e:a9:0c:6b:07:42:49:bd:1c:59:36:b9:7b:6e:79:6b:1f:77
Signer

Actual PE Digest

de:a6:9e:a9:0c:6b:07:42:49:bd:1c:59:36:b9:7b:6e:79:6b:1f:77

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

AreFileApisANSI
CloseHandle
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateMutexW
DeleteCriticalSection
DeleteFileA
DeleteFileW
EnterCriticalSection
FlushFileBuffers
FlushViewOfFile
FormatMessageA
FormatMessageW
FreeLibrary
GetCurrentProcessId
GetCurrentThreadId
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileSize
GetFullPathNameA
GetFullPathNameW
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetTickCount
GetVersionExA
GetVersionExW
HeapAlloc
HeapCompact
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
HeapValidate
InitializeCriticalSection
InterlockedCompareExchange
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
LockFile
LockFileEx
MapViewOfFile
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
QueryPerformanceCounter
ReadFile
SetEndOfFile
SetFilePointer
Sleep
SystemTimeToFileTime
TlsGetValue
TryEnterCriticalSection
UnlockFile
UnlockFileEx
UnmapViewOfFile
VirtualProtect
VirtualQuery
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteFile

msvcrt

__dllonexit
_beginthreadex
_endthreadex
_errno
_iob
_winmajor
abort
calloc
fflush
free
fwrite
localtime
malloc
memcmp
memmove
memset
qsort
realloc
strcmp
strncmp
vfprintf

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_blob64
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_text64
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_bind_zeroblob64
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_reopen
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_cancel_auto_extension
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_close_v2
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_database_name16
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_origin_name
sqlite3_column_origin_name16
sqlite3_column_table_name
sqlite3_column_table_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_function_v2
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_data_directory
sqlite3_db_config
sqlite3_db_filename
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_readonly
sqlite3_db_release_memory
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_errstr
sqlite3_exec
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_initialize
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_log
sqlite3_malloc
sqlite3_malloc64
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_msize
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_realloc64
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_blob64
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_text64
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_result_zeroblob64
sqlite3_rollback_hook
sqlite3_rtree_geometry_callback
sqlite3_rtree_query_callback
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_soft_heap_limit64
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_status64
sqlite3_step
sqlite3_stmt_busy
sqlite3_stmt_readonly
sqlite3_stmt_status
sqlite3_strglob
sqlite3_stricmp
sqlite3_strnicmp
sqlite3_table_column_metadata
sqlite3_temp_directory
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_uri_boolean
sqlite3_uri_int64
sqlite3_uri_parameter
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_dup
sqlite3_value_free
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_vsnprintf
sqlite3_vtab_config
sqlite3_vtab_on_conflict
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint
sqlite3_wal_checkpoint_v2
sqlite3_wal_hook
sqlite3_win32_is_nt
sqlite3_win32_mbcs_to_utf8
sqlite3_win32_set_directory
sqlite3_win32_sleep
sqlite3_win32_utf8_to_mbcs
sqlite3_win32_write_debug

Sections

.text
Size: 462KB - Virtual size: 461KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/35
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/51
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/63
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/77
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/89
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/102
Size: 512B - Virtual size: 269B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/113
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/124
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
unins000.msg

Sharing

General

Malware Config

Signatures

Files

aeaab8287340d4c62e1d3b5230c09916

Code Sign

8b:a1:f1:72:fd:50:ba:8d:4c:11:b7:4f:fa:c8:a2:82Certificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

8b:a1:f1:72:fd:50:ba:8d:4c:11:b7:4f:fa:c8:a2:82Certificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

8a:56:91:34:01:f5:bd:b9:5f:3b:62:e4:39:36:6c:db:83:1d:30:7b:59:74:16:38:0c:c5:f7:00:e4:aa:f5:81Signer

db:dc:1b:cb:f8:35:e4:8f:f0:53:9e:76:41:1e:c5:99:09:55:c8:89Signer

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

msimg32

gdi32

version

wsock32

shell32

ole32

wininet

comctl32

comdlg32

winspool.drv

crypt32

userenv

wtsapi32

sqlite3

pluginhelper

msvcrt

sysrest

winmm

productnews2

wintrust

netapi32

Exports

Exports

Sections

.text Size: 5.4MB - Virtual size: 5.4MB

.itext Size: 15KB - Virtual size: 14KB

.data Size: 172KB - Virtual size: 171KB

.bss Size: - Virtual size: 289KB

.idata Size: 25KB - Virtual size: 24KB

.edata Size: 512B - Virtual size: 86B

.tls Size: - Virtual size: 596B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 318KB - Virtual size: 317KB

.rsrc Size: 3.1MB - Virtual size: 3.1MB

5bf3fa5909a3b7b703e861cca9272295

Headers

8b:a1:f1:72:fd:50:ba:8d:4c:11:b7:4f:fa:c8:a2:82
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

8b:a1:f1:72:fd:50:ba:8d:4c:11:b7:4f:fa:c8:a2:82
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8a:56:91:34:01:f5:bd:b9:5f:3b:62:e4:39:36:6c:db:83:1d:30:7b:59:74:16:38:0c:c5:f7:00:e4:aa:f5:81
Signer

db:dc:1b:cb:f8:35:e4:8f:f0:53:9e:76:41:1e:c5:99:09:55:c8:89
Signer

.text
Size: 5.4MB - Virtual size: 5.4MB

.itext
Size: 15KB - Virtual size: 14KB

.data
Size: 172KB - Virtual size: 171KB

.bss
Size: - Virtual size: 289KB

.idata
Size: 25KB - Virtual size: 24KB

.edata
Size: 512B - Virtual size: 86B

.tls
Size: - Virtual size: 596B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 318KB - Virtual size: 317KB

.rsrc
Size: 3.1MB - Virtual size: 3.1MB

.text
Size: 4.2MB - Virtual size: 4.2MB

.itext
Size: 10KB - Virtual size: 10KB

.data
Size: 39KB - Virtual size: 38KB

.bss
Size: - Virtual size: 25KB

.idata
Size: 14KB - Virtual size: 13KB

.didata
Size: 3KB - Virtual size: 3KB

.edata
Size: 512B - Virtual size: 226B

.rdata
Size: 512B - Virtual size: 69B

.reloc
Size: 416KB - Virtual size: 416KB

.rsrc
Size: 113KB - Virtual size: 113KB

.debug
Size: 22.1MB - Virtual size: 22.1MB

.text
Size: 839KB - Virtual size: 838KB

.itext
Size: 2KB - Virtual size: 2KB

.data
Size: 15KB - Virtual size: 14KB

.bss
Size: - Virtual size: 23KB

.idata
Size: 3KB - Virtual size: 3KB

.didata
Size: 512B - Virtual size: 490B

.edata
Size: 1024B - Virtual size: 527B

.rdata
Size: 512B - Virtual size: 69B

.reloc
Size: 80KB - Virtual size: 80KB

.rsrc
Size: 11KB - Virtual size: 11KB

.debug
Size: 3.2MB - Virtual size: 3.2MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

5c:d0:50:29:20:c2:7e:ea:ec:2a:18:4d:04:52:e5:3a
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

5c:d0:50:29:20:c2:7e:ea:ec:2a:18:4d:04:52:e5:3a
Certificate