05780188ce004247a8c9cab6907cc0be_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

05780188ce004247a8c9cab6907cc0be_JaffaCakes118
Size

4.5MB
MD5

05780188ce004247a8c9cab6907cc0be
SHA1

0f36d1728a3d0f7c71b37a697b64104a525d4794
SHA256

bb86d29017b1ab54cc29ac0258826e28bf42518220dfb4141bc3e53e8f5bac7c
SHA512

50729acc814cad66561b68a2621f4eb2b09bcbdf58e2a882de71ef075a188dcccf55ac59e128714c6b81edd5578edcdb96079b184de4cbc18c3ed9648a669dbf
SSDEEP

98304:dxDwMjXgyv30CcHVyveQ1b4WcEJAIJIccM2xqXoOqsvuxflBnpo:X1v0CWVydJcEJACIk1uRvn6

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 3 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack003/Gds32.dll	acprotect
static1/unpack003/icudt30.dll	acprotect
static1/unpack003/icuuc30.dll	acprotect

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack003/Gds32.dll	upx
static1/unpack003/icudt30.dll	upx
static1/unpack003/icuuc30.dll	upx

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack002/EPIM Synch keygen.exe
unpack003/$PLUGINSDIR/InstallOptions.dll
unpack003/Gds32.dll
unpack003/icudt30.dll
unpack003/icuuc30.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/epimsync3.exe	nsis_installer_1
static1/unpack001/epimsync3.exe	nsis_installer_2

Files

05780188ce004247a8c9cab6907cc0be_JaffaCakes118
.rar
EPIM Synchronizer.rar
.rar
EPIM Synch keygen.exe
.exe windows:4 windows x86 arch:x86

87bed5a7cba00c7e1f4015f1bdae2183

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress

Sections

kkrunchy
Size: 25KB - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EPIMSync.exe
.exe windows:4 windows x86 arch:x86

dc072b97ab69d9cf474e33b457c157dd

Code Sign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

1a:f7:da:c1:8d:82:fe:56:8d:65:f3:70:cc:7f:88:b2
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

18/05/2009, 00:00

Not After

18/05/2010, 23:59

Subject

CN=Astonsoft,O=Astonsoft,POSTALCODE=10621,STREET=Laki 9A,L=Tallinn,ST=Harjumaa,C=EE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a6:31:b5:fd:b3:84:56:10:10:c3:21:c5:fc:aa:f2:7b:36:cc:5d:7b
Signer

Actual PE Digest

a6:31:b5:fd:b3:84:56:10:10:c3:21:c5:fc:aa:f2:7b:36:cc:5d:7b

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

CreateThread
GlobalUnlock
GlobalLock
GlobalAlloc
GetTickCount
WideCharToMultiByte
IsBadReadPtr
GlobalAddAtomA
GlobalAddAtomW
GetModuleHandleA
GlobalFree
GlobalGetAtomNameA
GlobalDeleteAtom
GlobalGetAtomNameW
FreeConsole
GetEnvironmentVariableA
VirtualProtect
VirtualAlloc
GetProcAddress
GetLastError
LoadLibraryA
SetLastError
SetThreadPriority
GetCurrentThread
CreateProcessA
GetCommandLineA
GetStartupInfoA
SetEnvironmentVariableA
ReleaseMutex
WaitForSingleObject
CreateMutexA
OpenMutexA
GetCurrentThreadId
CreateFileA
FindClose
FindFirstFileA
FindFirstFileW
VirtualQueryEx
GetExitCodeProcess
ReadProcessMemory
UnmapViewOfFile
ContinueDebugEvent
SetThreadContext
GetThreadContext
WaitForDebugEvent
SuspendThread
DebugActiveProcess
ResumeThread
CreateProcessW
GetCommandLineW
GetStartupInfoW
CloseHandle
DuplicateHandle
GetCurrentProcess
CreateFileMappingA
VirtualProtectEx
WriteProcessMemory
ExitProcess
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
HeapSize
HeapReAlloc
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
RtlUnwind
DeleteCriticalSection
GetStdHandle
WriteFile
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
Sleep
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
InitializeCriticalSection
GetCurrentProcessId
GetModuleFileNameW
GetShortPathNameW
GetModuleFileNameA
MapViewOfFile
GetShortPathNameA
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetProcessHeap
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage

user32

GetDesktopWindow
MoveWindow
SetPropA
EnumThreadWindows
GetPropA
GetMessageA
GetSystemMetrics
SetTimer
GetAsyncKeyState
KillTimer
BeginPaint
EndPaint
SetWindowTextA
GetDlgItem
CreateDialogIndirectParamA
ShowWindow
UpdateWindow
LoadStringA
LoadStringW
FindWindowA
WaitForInputIdle
MessageBoxA
InSendMessage
UnpackDDElParam
FreeDDElParam
DefWindowProcA
LoadCursorA
RegisterClassW
CreateWindowExW
RegisterClassA
CreateWindowExA
GetWindowThreadProcessId
SendMessageW
SendMessageA
PeekMessageA
TranslateMessage
DispatchMessageA
EnumWindows
IsWindowUnicode
PackDDElParam
PostMessageW
PostMessageA
IsWindow
DestroyWindow

gdi32

CreateDCA
CreateDIBitmap
CreateCompatibleDC
SelectObject
SelectPalette
RealizePalette
BitBlt
DeleteDC
DeleteObject
CreatePalette

Sections

CODE
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 335KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 232B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 268KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 52KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 44KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc1
Size: 20KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
epimsync3.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

1a:f7:da:c1:8d:82:fe:56:8d:65:f3:70:cc:7f:88:b2
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

18/05/2009, 00:00

Not After

18/05/2010, 23:59

Subject

CN=Astonsoft,O=Astonsoft,POSTALCODE=10621,STREET=Laki 9A,L=Tallinn,ST=Harjumaa,C=EE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

49:a4:e7:c8:7e:ce:17:5d:09:ad:19:c5:b3:13:4b:15:9b:03:26:8f
Signer

Actual PE Digest

49:a4:e7:c8:7e:ce:17:5d:09:ad:19:c5:b3:13:4b:15:9b:03:26:8f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
EPIMSync.chm
.chm
EPIMSync.exe
.exe windows:4 windows x86 arch:x86

dc072b97ab69d9cf474e33b457c157dd

Code Sign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

1a:f7:da:c1:8d:82:fe:56:8d:65:f3:70:cc:7f:88:b2
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

18/05/2009, 00:00

Not After

18/05/2010, 23:59

Subject

CN=Astonsoft,O=Astonsoft,POSTALCODE=10621,STREET=Laki 9A,L=Tallinn,ST=Harjumaa,C=EE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f8:22:84:60:97:ae:5b:bb:5a:5d:f5:2d:fc:55:2f:d1:5b:e1:1a:24
Signer

Actual PE Digest

f8:22:84:60:97:ae:5b:bb:5a:5d:f5:2d:fc:55:2f:d1:5b:e1:1a:24

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

CreateThread
GlobalUnlock
GlobalLock
GlobalAlloc
GetTickCount
WideCharToMultiByte
IsBadReadPtr
GlobalAddAtomA
GlobalAddAtomW
GetModuleHandleA
GlobalFree
GlobalGetAtomNameA
GlobalDeleteAtom
GlobalGetAtomNameW
FreeConsole
GetEnvironmentVariableA
VirtualProtect
VirtualAlloc
GetProcAddress
GetLastError
LoadLibraryA
SetLastError
SetThreadPriority
GetCurrentThread
CreateProcessA
GetCommandLineA
GetStartupInfoA
SetEnvironmentVariableA
ReleaseMutex
WaitForSingleObject
CreateMutexA
OpenMutexA
GetCurrentThreadId
CreateFileA
FindClose
FindFirstFileA
FindFirstFileW
VirtualQueryEx
GetExitCodeProcess
ReadProcessMemory
UnmapViewOfFile
ContinueDebugEvent
SetThreadContext
GetThreadContext
WaitForDebugEvent
SuspendThread
DebugActiveProcess
ResumeThread
CreateProcessW
GetCommandLineW
GetStartupInfoW
CloseHandle
DuplicateHandle
GetCurrentProcess
CreateFileMappingA
VirtualProtectEx
WriteProcessMemory
ExitProcess
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
HeapSize
HeapReAlloc
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
RtlUnwind
DeleteCriticalSection
GetStdHandle
WriteFile
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
Sleep
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
InitializeCriticalSection
GetCurrentProcessId
GetModuleFileNameW
GetShortPathNameW
GetModuleFileNameA
MapViewOfFile
GetShortPathNameA
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetProcessHeap
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage

user32

GetDesktopWindow
MoveWindow
SetPropA
EnumThreadWindows
GetPropA
GetMessageA
GetSystemMetrics
SetTimer
GetAsyncKeyState
KillTimer
BeginPaint
EndPaint
SetWindowTextA
GetDlgItem
CreateDialogIndirectParamA
ShowWindow
UpdateWindow
LoadStringA
LoadStringW
FindWindowA
WaitForInputIdle
MessageBoxA
InSendMessage
UnpackDDElParam
FreeDDElParam
DefWindowProcA
LoadCursorA
RegisterClassW
CreateWindowExW
RegisterClassA
CreateWindowExA
GetWindowThreadProcessId
SendMessageW
SendMessageA
PeekMessageA
TranslateMessage
DispatchMessageA
EnumWindows
IsWindowUnicode
PackDDElParam
PostMessageW
PostMessageA
IsWindow
DestroyWindow

gdi32

CreateDCA
CreateDIBitmap
CreateCompatibleDC
SelectObject
SelectPalette
RealizePalette
BitBlt
DeleteDC
DeleteObject
CreatePalette

Sections

CODE
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 335KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 232B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 268KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 52KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 44KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc1
Size: 20KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Gds32.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

BLOB_close
BLOB_display
BLOB_dump
BLOB_edit
BLOB_get
BLOB_load
BLOB_open
BLOB_put
BLOB_text_dump
BLOB_text_load
Bopen
CVT_move
KEYWORD_getTokens
KEYWORD_stringIsAToken
_isc_event_block
_isc_expand_dpb
_isc_start_transaction
fb_interpret
gds__alloc
gds__alloc_debug
gds__attach_database
gds__blob_info
gds__blob_size
gds__cancel_blob
gds__cancel_events
gds__close
gds__close_blob
gds__commit_retaining
gds__commit_transaction
gds__compile_request
gds__compile_request2
gds__create_blob
gds__create_blob2
gds__create_database
gds__database_cleanup
gds__database_info
gds__ddl
gds__declare
gds__decode
gds__decode_date
gds__default_printer
gds__describe
gds__describe_bind
gds__detach_database
gds__disable_subsystem
gds__dsql_finish
gds__edit
gds__enable_subsystem
gds__encode
gds__encode_date
gds__event_block
gds__event_counts
gds__event_wait
gds__execute
gds__execute_immediate
gds__fetch
gds__free
gds__ftof
gds__get_prefix
gds__get_segment
gds__get_slice
gds__interprete
gds__log
gds__log_status
gds__map_blobs
gds__msg_close
gds__msg_format
gds__msg_lookup
gds__msg_open
gds__msg_put
gds__open
gds__open_blob
gds__open_blob2
gds__parse_bpb
gds__prefix
gds__prefix_lock
gds__prefix_msg
gds__prepare
gds__prepare_transaction
gds__prepare_transaction2
gds__print_blr
gds__print_status
gds__put_error
gds__put_segment
gds__put_slice
gds__qtoq
gds__que_events
gds__receive
gds__reconnect_transaction
gds__register_cleanup
gds__release_request
gds__request_info
gds__rollback_transaction
gds__seek_blob
gds__send
gds__set_debug
gds__sqlcode
gds__start_and_send
gds__start_multiple
gds__start_request
gds__start_transaction
gds__temp_file
gds__thread_enable
gds__thread_enter
gds__thread_exit
gds__thread_start
gds__to_sqlda
gds__transaction_cleanup
gds__transaction_info
gds__unregister_cleanup
gds__unwind_request
gds__validate_lib_path
gds__vax_integer
gds__version
gds__vtof
gds__vtov
gds_alloc_flag_unfreed
gds_alloc_report
isc_add_user
isc_array_gen_sdl
isc_array_get_slice
isc_array_lookup_bounds
isc_array_lookup_desc
isc_array_put_slice
isc_array_set_desc
isc_attach_database
isc_baddress
isc_baddress_s
isc_blob_default_desc
isc_blob_gen_bpb
isc_blob_info
isc_blob_lookup_desc
isc_blob_set_desc
isc_cancel_blob
isc_cancel_events
isc_close
isc_close_blob
isc_commit_retaining
isc_commit_transaction
isc_compile_request
isc_compile_request2
isc_create_blob
isc_create_blob2
isc_create_database
isc_database_info
isc_ddl
isc_declare
isc_decode_date
isc_decode_sql_date
isc_decode_sql_time
isc_decode_timestamp
isc_delete_user
isc_describe
isc_describe_bind
isc_detach_database
isc_drop_database
isc_dsql_alloc_statement2
isc_dsql_allocate_statement
isc_dsql_describe
isc_dsql_describe_bind
isc_dsql_exec_immed2
isc_dsql_exec_immed2_m
isc_dsql_exec_immed3_m
isc_dsql_execute
isc_dsql_execute2
isc_dsql_execute2_m
isc_dsql_execute_immediate
isc_dsql_execute_immediate_m
isc_dsql_execute_m
isc_dsql_fetch
isc_dsql_fetch_a
isc_dsql_fetch_m
isc_dsql_finish
isc_dsql_free_statement
isc_dsql_insert
isc_dsql_insert_m
isc_dsql_prepare
isc_dsql_prepare_m
isc_dsql_release
isc_dsql_set_cursor_name
isc_dsql_sql_info
isc_embed_dsql_close
isc_embed_dsql_declare
isc_embed_dsql_describe
isc_embed_dsql_describe_bind
isc_embed_dsql_exec_immed2
isc_embed_dsql_execute
isc_embed_dsql_execute2
isc_embed_dsql_execute_immed
isc_embed_dsql_fetch
isc_embed_dsql_fetch_a
isc_embed_dsql_insert
isc_embed_dsql_length
isc_embed_dsql_open
isc_embed_dsql_open2
isc_embed_dsql_prepare
isc_embed_dsql_release
isc_encode_date
isc_encode_sql_date
isc_encode_sql_time
isc_encode_timestamp
isc_event_block
isc_event_block_a
isc_event_block_s
isc_event_counts
isc_execute
isc_execute_immediate
isc_expand_dpb
isc_fetch
isc_fetch_a
isc_free
isc_ftof
isc_get_client_major_version
isc_get_client_minor_version
isc_get_client_version
isc_get_segment
isc_get_slice
isc_interprete
isc_modify_dpb
isc_modify_user
isc_open
isc_open_blob
isc_open_blob2
isc_portable_integer
isc_prepare
isc_prepare_transaction
isc_prepare_transaction2
isc_print_blr
isc_print_sqlerror
isc_print_status
isc_put_segment
isc_put_slice
isc_qtoq
isc_que_events
isc_receive
isc_reconnect_transaction
isc_release_request
isc_request_info
isc_reset_fpe
isc_rollback_retaining
isc_rollback_transaction
isc_seek_blob
isc_send
isc_service_attach
isc_service_detach
isc_service_query
isc_service_start
isc_set_debug
isc_sql_interprete
isc_sqlcode
isc_sqlcode_s
isc_start_and_send
isc_start_multiple
isc_start_request
isc_start_transaction
isc_to_sqlda
isc_transact_request
isc_transaction_info
isc_unwind_request
isc_vax_integer
isc_version
isc_vtof
isc_vtov
isc_wait_for_event
perf_format
perf_get_info
perf_report

Sections

UPX0
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 735KB - Virtual size: 736KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Languages/Belarusian.lng
Languages/Bulgarian.lng
Languages/Catalan.lng
Languages/Chinese_Simpl.lng
Languages/Chinese_Trad.lng
Languages/Czech.lng
Languages/Danish.lng
Languages/Dutch.lng
Languages/English.lng
Languages/Estonian.lng
Languages/Finnish.lng
Languages/French.lng
Languages/Galician.lng
Languages/German.lng
Languages/Hebrew.lng
Languages/Hungarian.lng
Languages/Indonesian.lng
Languages/Italian.lng
Languages/Japanese.lng
Languages/Norwegian.lng
Languages/Polish.lng
Languages/PortugueseBR.lng
Languages/Romanian.lng
Languages/Russian.lng
Languages/Serbian.lng
Languages/Slovak.lng
Languages/Slovenian.lng
Languages/Spanish.lng
Languages/Swedish.lng
Languages/Turkish.lng
Languages/Ukrainian.lng
icudt30.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

icudt30_dat

Sections

UPX0
Size: - Virtual size: 904KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 408KB - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
icuuc30.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

??0CanonicalIterator@icu_3_0@@QAE@ABVUnicodeString@1@AAW4UErrorCode@@@Z
??0CharString@icu_3_0@@QAE@ABVUnicodeString@1@PBD@Z
??0CharacterIterator@icu_3_0@@IAE@ABV01@@Z
??0CharacterIterator@icu_3_0@@IAE@H@Z
??0CharacterIterator@icu_3_0@@IAE@HH@Z
??0CharacterIterator@icu_3_0@@IAE@HHHH@Z
??0CharacterIterator@icu_3_0@@IAE@XZ
??0EventListener@icu_3_0@@QAE@ABV01@@Z
??0EventListener@icu_3_0@@QAE@XZ
??0ForwardCharacterIterator@icu_3_0@@IAE@ABV01@@Z
??0ForwardCharacterIterator@icu_3_0@@IAE@XZ
??0Hashtable@icu_3_0@@QAE@C@Z
??0Hashtable@icu_3_0@@QAE@CAAW4UErrorCode@@@Z
??0ICULocaleService@icu_3_0@@QAE@ABV01@@Z
??0ICULocaleService@icu_3_0@@QAE@ABVUnicodeString@1@@Z
??0ICULocaleService@icu_3_0@@QAE@XZ
??0ICUNotifier@icu_3_0@@QAE@ABV01@@Z
??0ICUNotifier@icu_3_0@@QAE@XZ
??0ICUResourceBundleFactory@icu_3_0@@QAE@ABV01@@Z
??0ICUResourceBundleFactory@icu_3_0@@QAE@ABVUnicodeString@1@@Z
??0ICUResourceBundleFactory@icu_3_0@@QAE@XZ
??0ICUService@icu_3_0@@QAE@ABV01@@Z
??0ICUService@icu_3_0@@QAE@ABVUnicodeString@1@@Z
??0ICUService@icu_3_0@@QAE@XZ
??0ICUServiceFactory@icu_3_0@@QAE@ABV01@@Z
??0ICUServiceFactory@icu_3_0@@QAE@XZ
??0ICUServiceKey@icu_3_0@@QAE@ABV01@@Z
??0ICUServiceKey@icu_3_0@@QAE@ABVUnicodeString@1@@Z
??0Locale@icu_3_0@@AAE@W4ELocaleType@01@@Z
??0Locale@icu_3_0@@QAE@ABV01@@Z
??0Locale@icu_3_0@@QAE@PBD000@Z
??0Locale@icu_3_0@@QAE@XZ
??0LocaleBased@icu_3_0@@QAE@PAD0@Z
??0LocaleBased@icu_3_0@@QAE@PBD0@Z
??0LocaleKey@icu_3_0@@IAE@ABVUnicodeString@1@0PBV21@H@Z
??0LocaleKey@icu_3_0@@QAE@ABV01@@Z
??0LocaleKeyFactory@icu_3_0@@IAE@H@Z
??0LocaleKeyFactory@icu_3_0@@IAE@HABVUnicodeString@1@@Z
??0LocaleKeyFactory@icu_3_0@@QAE@ABV01@@Z
??0Mutex@icu_3_0@@QAE@PAPAX@Z
??0Normalizer@icu_3_0@@QAE@ABV01@@Z
??0Normalizer@icu_3_0@@QAE@ABVCharacterIterator@1@W4UNormalizationMode@@@Z
??0Normalizer@icu_3_0@@QAE@ABVUnicodeString@1@W4UNormalizationMode@@@Z
??0Normalizer@icu_3_0@@QAE@PB_WHW4UNormalizationMode@@@Z
??0ParsePosition@icu_3_0@@QAE@ABV01@@Z
??0ParsePosition@icu_3_0@@QAE@H@Z
??0ParsePosition@icu_3_0@@QAE@XZ
??0Replaceable@icu_3_0@@IAE@XZ
??0Replaceable@icu_3_0@@QAE@ABV01@@Z
??0ResourceBundle@icu_3_0@@QAE@AAW4UErrorCode@@@Z
??0ResourceBundle@icu_3_0@@QAE@ABV01@@Z
??0ResourceBundle@icu_3_0@@QAE@ABVUnicodeString@1@AAW4UErrorCode@@@Z
??0ResourceBundle@icu_3_0@@QAE@ABVUnicodeString@1@ABVLocale@1@AAW4UErrorCode@@@Z
??0ResourceBundle@icu_3_0@@QAE@PAUUResourceBundle@@AAW4UErrorCode@@@Z
??0ResourceBundle@icu_3_0@@QAE@PBDABVLocale@1@AAW4UErrorCode@@@Z
??0RuleCharacterIterator@icu_3_0@@QAE@ABVUnicodeString@1@PBVSymbolTable@1@AAVParsePosition@1@@Z
??0ServiceListener@icu_3_0@@QAE@ABV01@@Z
??0ServiceListener@icu_3_0@@QAE@XZ
??0SimpleFactory@icu_3_0@@QAE@ABV01@@Z
??0SimpleFactory@icu_3_0@@QAE@PAVUObject@1@ABVUnicodeString@1@C@Z
??0SimpleLocaleKeyFactory@icu_3_0@@QAE@ABV01@@Z
??0SimpleLocaleKeyFactory@icu_3_0@@QAE@PAVUObject@1@ABVLocale@1@HH@Z
??0SimpleLocaleKeyFactory@icu_3_0@@QAE@PAVUObject@1@ABVUnicodeString@1@HH@Z
??0StringCharacterIterator@icu_3_0@@IAE@XZ
??0StringCharacterIterator@icu_3_0@@QAE@ABV01@@Z
??0StringCharacterIterator@icu_3_0@@QAE@ABVUnicodeString@1@@Z
??0StringCharacterIterator@icu_3_0@@QAE@ABVUnicodeString@1@H@Z
??0StringCharacterIterator@icu_3_0@@QAE@ABVUnicodeString@1@HHH@Z
??0StringEnumeration@icu_3_0@@IAE@XZ
??0StringEnumeration@icu_3_0@@QAE@ABV01@@Z
??0StringPair@icu_3_0@@AAE@ABVUnicodeString@1@0@Z
??0StringPair@icu_3_0@@QAE@ABV01@@Z
??0SymbolTable@icu_3_0@@QAE@ABV01@@Z
??0SymbolTable@icu_3_0@@QAE@XZ
??0UCharCharacterIterator@icu_3_0@@IAE@XZ
??0UCharCharacterIterator@icu_3_0@@QAE@ABV01@@Z
??0UCharCharacterIterator@icu_3_0@@QAE@PB_WH@Z
??0UCharCharacterIterator@icu_3_0@@QAE@PB_WHH@Z
??0UCharCharacterIterator@icu_3_0@@QAE@PB_WHHHH@Z
??0UObject@icu_3_0@@QAE@ABV01@@Z
??0UObject@icu_3_0@@QAE@XZ
??0UStack@icu_3_0@@QAE@AAW4UErrorCode@@@Z
??0UStack@icu_3_0@@QAE@HAAW4UErrorCode@@@Z
??0UStack@icu_3_0@@QAE@P6AXPAX@ZP6ACTUHashTok@@2@ZAAW4UErrorCode@@@Z
??0UStack@icu_3_0@@QAE@P6AXPAX@ZP6ACTUHashTok@@2@ZHAAW4UErrorCode@@@Z
??0UStringEnumeration@@QAE@ABV0@@Z
??0UStringEnumeration@@QAE@PAUUEnumeration@@@Z
??0UVector32@icu_3_0@@QAE@AAW4UErrorCode@@@Z
??0UVector32@icu_3_0@@QAE@HAAW4UErrorCode@@@Z
??0UVector@icu_3_0@@QAE@AAW4UErrorCode@@@Z
??0UVector@icu_3_0@@QAE@HAAW4UErrorCode@@@Z
??0UVector@icu_3_0@@QAE@P6AXPAX@ZP6ACTUHashTok@@2@ZAAW4UErrorCode@@@Z
??0UVector@icu_3_0@@QAE@P6AXPAX@ZP6ACTUHashTok@@2@ZHAAW4UErrorCode@@@Z
??0UnicodeFilter@icu_3_0@@QAE@ABV01@@Z
??0UnicodeFilter@icu_3_0@@QAE@XZ
??0UnicodeFunctor@icu_3_0@@QAE@ABV01@@Z
??0UnicodeFunctor@icu_3_0@@QAE@XZ
??0UnicodeMatcher@icu_3_0@@QAE@ABV01@@Z
??0UnicodeMatcher@icu_3_0@@QAE@XZ
??0UnicodeSet@icu_3_0@@QAE@ABV01@@Z
??0UnicodeSet@icu_3_0@@QAE@ABVUnicodeString@1@AAVParsePosition@1@IPBVSymbolTable@1@AAW4UErrorCode@@@Z
??0UnicodeSet@icu_3_0@@QAE@ABVUnicodeString@1@AAW4UErrorCode@@@Z
??0UnicodeSet@icu_3_0@@QAE@ABVUnicodeString@1@IPBVSymbolTable@1@AAW4UErrorCode@@@Z
??0UnicodeSet@icu_3_0@@QAE@HH@Z
??0UnicodeSet@icu_3_0@@QAE@XZ
??0UnicodeSetIterator@icu_3_0@@QAE@ABVUnicodeSet@1@@Z
??0UnicodeSetIterator@icu_3_0@@QAE@XZ
??0UnicodeString@icu_3_0@@QAE@ABV01@@Z
??0UnicodeString@icu_3_0@@QAE@ABV01@H@Z
??0UnicodeString@icu_3_0@@QAE@ABV01@HH@Z
??0UnicodeString@icu_3_0@@QAE@CPB_WH@Z
??0UnicodeString@icu_3_0@@QAE@H@Z
??0UnicodeString@icu_3_0@@QAE@HHH@Z
??0UnicodeString@icu_3_0@@QAE@PA_WHH@Z
??0UnicodeString@icu_3_0@@QAE@PBD0@Z
??0UnicodeString@icu_3_0@@QAE@PBDH0@Z
??0UnicodeString@icu_3_0@@QAE@PBDHPAUUConverter@@AAW4UErrorCode@@@Z
??0UnicodeString@icu_3_0@@QAE@PB_W@Z
??0UnicodeString@icu_3_0@@QAE@PB_WH@Z
??0UnicodeString@icu_3_0@@QAE@XZ
??0UnicodeString@icu_3_0@@QAE@_W@Z
??1CanonicalIterator@icu_3_0@@UAE@XZ
??1CharString@icu_3_0@@QAE@XZ
??1CharacterIterator@icu_3_0@@UAE@XZ
??1EventListener@icu_3_0@@UAE@XZ
??1ForwardCharacterIterator@icu_3_0@@UAE@XZ
??1Hashtable@icu_3_0@@QAE@XZ
??1ICULocaleService@icu_3_0@@UAE@XZ
??1ICUNotifier@icu_3_0@@UAE@XZ
??1ICUResourceBundleFactory@icu_3_0@@UAE@XZ
??1ICUService@icu_3_0@@UAE@XZ
??1ICUServiceFactory@icu_3_0@@UAE@XZ
??1ICUServiceKey@icu_3_0@@UAE@XZ
??1Locale@icu_3_0@@UAE@XZ
??1LocaleKey@icu_3_0@@UAE@XZ
??1LocaleKeyFactory@icu_3_0@@UAE@XZ
??1Mutex@icu_3_0@@QAE@XZ
??1Normalizer@icu_3_0@@UAE@XZ
??1ParsePosition@icu_3_0@@UAE@XZ
??1Replaceable@icu_3_0@@UAE@XZ
??1ResourceBundle@icu_3_0@@UAE@XZ
??1ServiceListener@icu_3_0@@UAE@XZ
??1SimpleFactory@icu_3_0@@UAE@XZ
??1SimpleLocaleKeyFactory@icu_3_0@@UAE@XZ
??1StringCharacterIterator@icu_3_0@@UAE@XZ
??1StringEnumeration@icu_3_0@@UAE@XZ
??1StringPair@icu_3_0@@QAE@XZ
??1SymbolTable@icu_3_0@@UAE@XZ
??1UCharCharacterIterator@icu_3_0@@UAE@XZ
??1UObject@icu_3_0@@UAE@XZ
??1UStack@icu_3_0@@UAE@XZ
??1UStringEnumeration@@UAE@XZ
??1UVector32@icu_3_0@@UAE@XZ
??1UVector@icu_3_0@@UAE@XZ
??1UnicodeFilter@icu_3_0@@UAE@XZ
??1UnicodeFunctor@icu_3_0@@UAE@XZ
??1UnicodeMatcher@icu_3_0@@UAE@XZ
??1UnicodeSet@icu_3_0@@UAE@XZ
??1UnicodeSetIterator@icu_3_0@@UAE@XZ
??1UnicodeString@icu_3_0@@UAE@XZ
??2UMemory@icu_3_0@@SAPAXI@Z
??2UMemory@icu_3_0@@SAPAXIPAX@Z
??3UMemory@icu_3_0@@SAXPAX0@Z
??3UMemory@icu_3_0@@SAXPAX@Z
??4CharacterIterator@icu_3_0@@IAEAAV01@ABV01@@Z
??4EventListener@icu_3_0@@QAEAAV01@ABV01@@Z
??4ForwardCharacterIterator@icu_3_0@@IAEAAV01@ABV01@@Z
??4ICUNotifier@icu_3_0@@QAEAAV01@ABV01@@Z
??4ICUServiceFactory@icu_3_0@@QAEAAV01@ABV01@@Z
??4ICU_Utility@icu_3_0@@QAEAAV01@ABV01@@Z
??4Locale@icu_3_0@@QAEAAV01@ABV01@@Z
??4LocaleBased@icu_3_0@@QAEAAV01@ABV01@@Z
??4LocaleUtility@icu_3_0@@QAEAAV01@ABV01@@Z
??4ParsePosition@icu_3_0@@QAEAAV01@ABV01@@Z
??4Replaceable@icu_3_0@@QAEAAV01@ABV01@@Z
??4ResourceBundle@icu_3_0@@QAEAAV01@ABV01@@Z
??4ServiceListener@icu_3_0@@QAEAAV01@ABV01@@Z
??4StringCharacterIterator@icu_3_0@@QAEAAV01@ABV01@@Z
??4StringEnumeration@icu_3_0@@QAEAAV01@ABV01@@Z
??4SymbolTable@icu_3_0@@QAEAAV01@ABV01@@Z
??4UCharCharacterIterator@icu_3_0@@QAEAAV01@ABV01@@Z
??4UMemory@icu_3_0@@QAEAAV01@ABV01@@Z
??4UObject@icu_3_0@@QAEAAV01@ABV01@@Z
??4UStringEnumeration@@QAEAAV0@ABV0@@Z
??4UnicodeFilter@icu_3_0@@QAEAAV01@ABV01@@Z
??4UnicodeFunctor@icu_3_0@@QAEAAV01@ABV01@@Z
??4UnicodeMatcher@icu_3_0@@QAEAAV01@ABV01@@Z
??4UnicodeSet@icu_3_0@@QAEAAV01@ABV01@@Z
??4UnicodeString@icu_3_0@@QAEAAV01@ABV01@@Z
??4UnicodeString@icu_3_0@@QAEAAV01@H@Z
??4UnicodeString@icu_3_0@@QAEAAV01@_W@Z
??8Locale@icu_3_0@@QBECABV01@@Z
??8Normalizer@icu_3_0@@QBECABV01@@Z
??8ParsePosition@icu_3_0@@QBECABV01@@Z
??8StringCharacterIterator@icu_3_0@@UBECABVForwardCharacterIterator@1@@Z
??8UCharCharacterIterator@icu_3_0@@UBECABVForwardCharacterIterator@1@@Z
??8UVector32@icu_3_0@@QAECABV01@@Z
??8UVector@icu_3_0@@QAECABV01@@Z
??8UnicodeSet@icu_3_0@@UBECABV01@@Z
??8UnicodeString@icu_3_0@@QBECABV01@@Z
??9ForwardCharacterIterator@icu_3_0@@QBECABV01@@Z
??9Locale@icu_3_0@@QBECABV01@@Z
??9Normalizer@icu_3_0@@QBECABV01@@Z
??9ParsePosition@icu_3_0@@QBECABV01@@Z
??9UVector32@icu_3_0@@QAECABV01@@Z
??9UVector@icu_3_0@@QAECABV01@@Z
??9UnicodeSet@icu_3_0@@QBECABV01@@Z
??9UnicodeString@icu_3_0@@QBECABV01@@Z
??AUVector@icu_3_0@@QBEPAXH@Z
??AUnicodeString@icu_3_0@@QBE_WH@Z
??BCharString@icu_3_0@@QBEPBDXZ
??Hicu_3_0@@YA?AVUnicodeString@0@ABV10@0@Z
??MUnicodeString@icu_3_0@@QBECABV01@@Z
??NUnicodeString@icu_3_0@@QBECABV01@@Z
??OUnicodeString@icu_3_0@@QBECABV01@@Z
??PUnicodeString@icu_3_0@@QBECABV01@@Z
??YUnicodeString@icu_3_0@@QAEAAV01@ABV01@@Z
??YUnicodeString@icu_3_0@@QAEAAV01@H@Z
??YUnicodeString@icu_3_0@@QAEAAV01@_W@Z
??_7CanonicalIterator@icu_3_0@@6B@
??_7CharacterIterator@icu_3_0@@6B@
??_7EventListener@icu_3_0@@6B@
??_7ForwardCharacterIterator@icu_3_0@@6B@
??_7ICULocaleService@icu_3_0@@6B@
??_7ICUNotifier@icu_3_0@@6B@
??_7ICUResourceBundleFactory@icu_3_0@@6B@
??_7ICUService@icu_3_0@@6B@
??_7ICUServiceFactory@icu_3_0@@6B@
??_7ICUServiceKey@icu_3_0@@6B@
??_7Locale@icu_3_0@@6B@
??_7LocaleKey@icu_3_0@@6B@
??_7LocaleKeyFactory@icu_3_0@@6B@
??_7Normalizer@icu_3_0@@6B@
??_7ParsePosition@icu_3_0@@6B@
??_7Replaceable@icu_3_0@@6B@
??_7ResourceBundle@icu_3_0@@6B@
??_7ServiceListener@icu_3_0@@6B@
??_7SimpleFactory@icu_3_0@@6B@
??_7SimpleLocaleKeyFactory@icu_3_0@@6B@
??_7StringCharacterIterator@icu_3_0@@6B@
??_7StringEnumeration@icu_3_0@@6B@
??_7SymbolTable@icu_3_0@@6B@
??_7UCharCharacterIterator@icu_3_0@@6B@
??_7UObject@icu_3_0@@6B@
??_7UStack@icu_3_0@@6B@
??_7UStringEnumeration@@6B@
??_7UVector32@icu_3_0@@6B@
??_7UVector@icu_3_0@@6B@
??_7UnicodeFilter@icu_3_0@@6BUnicodeFunctor@1@@
??_7UnicodeFilter@icu_3_0@@6BUnicodeMatcher@1@@
??_7UnicodeFunctor@icu_3_0@@6B@
??_7UnicodeMatcher@icu_3_0@@6B@
??_7UnicodeSet@icu_3_0@@6BUnicodeFunctor@1@@
??_7UnicodeSet@icu_3_0@@6BUnicodeMatcher@1@@
??_7UnicodeSetIterator@icu_3_0@@6B@
??_7UnicodeString@icu_3_0@@6B@
??_FHashtable@icu_3_0@@QAEXXZ
??_FMutex@icu_3_0@@QAEXXZ
??_UUMemory@icu_3_0@@SAPAXI@Z
??_VUMemory@icu_3_0@@SAXPAX@Z
?KIND_ANY@LocaleKey@icu_3_0@@2HB
?MAX_VALUE@UnicodeSet@icu_3_0@@2HB
?MIN_VALUE@UnicodeSet@icu_3_0@@2HB
?PREFIX_DELIMITER@ICUServiceKey@icu_3_0@@1_WB
?_add@UnicodeSet@icu_3_0@@AAEXABVUnicodeString@2@@Z
?_advance@RuleCharacterIterator@icu_3_0@@AAEXH@Z
?_appendToPat@UnicodeSet@icu_3_0@@CAXAAVUnicodeString@2@ABV32@C@Z
?_appendToPat@UnicodeSet@icu_3_0@@CAXAAVUnicodeString@2@HC@Z
?_current@RuleCharacterIterator@icu_3_0@@ABEHXZ
?_generatePattern@UnicodeSet@icu_3_0@@ABEAAVUnicodeString@2@AAV32@C@Z
?_init@UVector32@icu_3_0@@AAEXHAAW4UErrorCode@@@Z
?_init@UVector@icu_3_0@@AAEXHAAW4UErrorCode@@@Z
?_toPattern@UnicodeSet@icu_3_0@@ABEAAVUnicodeString@2@AAV32@C@Z
?acceptsListener@ICUService@icu_3_0@@MBECABVEventListener@2@@Z
?add@UnicodeSet@icu_3_0@@AAEXPBHHC@Z
?add@UnicodeSet@icu_3_0@@QAEAAV12@ABVUnicodeString@2@@Z
?add@UnicodeSet@icu_3_0@@QAEAAV12@H@Z
?add@UnicodeSet@icu_3_0@@UAEAAV12@HH@Z
?addAll@UnicodeSet@icu_3_0@@QAEAAV12@ABVUnicodeString@2@@Z
?addAll@UnicodeSet@icu_3_0@@UAEAAV12@ABV12@@Z
?addElement@UVector32@icu_3_0@@QAEXHAAW4UErrorCode@@@Z
?addElement@UVector@icu_3_0@@QAEXHAAW4UErrorCode@@@Z
?addElement@UVector@icu_3_0@@QAEXPAXAAW4UErrorCode@@@Z
?addListener@ICUNotifier@icu_3_0@@UAEXPBVEventListener@2@AAW4UErrorCode@@@Z
?addMatchSetTo@UnicodeSet@icu_3_0@@UBEXAAV12@@Z
?addRef@UnicodeString@icu_3_0@@AAEXXZ
?allocate@UnicodeString@icu_3_0@@AAECH@Z
?allocateStrings@UnicodeSet@icu_3_0@@AAECXZ
?append@UnicodeString@icu_3_0@@QAEAAV12@ABV12@@Z
?append@UnicodeString@icu_3_0@@QAEAAV12@ABV12@HH@Z
?append@UnicodeString@icu_3_0@@QAEAAV12@H@Z
?append@UnicodeString@icu_3_0@@QAEAAV12@PB_WH@Z
?append@UnicodeString@icu_3_0@@QAEAAV12@PB_WHH@Z
?append@UnicodeString@icu_3_0@@QAEAAV12@_W@Z
?appendNumber@ICU_Utility@icu_3_0@@SAAAVUnicodeString@2@AAV32@HHH@Z
?appendToRule@ICU_Utility@icu_3_0@@SAXAAVUnicodeString@2@ABV32@CC0@Z
?appendToRule@ICU_Utility@icu_3_0@@SAXAAVUnicodeString@2@HCC0@Z
?appendToRule@ICU_Utility@icu_3_0@@SAXAAVUnicodeString@2@PBVUnicodeMatcher@2@C0@Z
?applyFilter@UnicodeSet@icu_3_0@@AAEXP6ACHPAX@Z0AAW4UErrorCode@@@Z
?applyIntPropertyValue@UnicodeSet@icu_3_0@@QAEAAV12@W4UProperty@@HAAW4UErrorCode@@@Z
?applyPattern@UnicodeSet@icu_3_0@@AAEXAAVRuleCharacterIterator@2@PBVSymbolTable@2@AAVUnicodeString@2@IAAW4UErrorCode@@@Z
?applyPattern@UnicodeSet@icu_3_0@@QAEAAV12@ABVUnicodeString@2@AAVParsePosition@2@IPBVSymbolTable@2@AAW4UErrorCode@@@Z
?applyPattern@UnicodeSet@icu_3_0@@QAEAAV12@ABVUnicodeString@2@IPBVSymbolTable@2@AAW4UErrorCode@@@Z
?applyPattern@UnicodeSet@icu_3_0@@UAEAAV12@ABVUnicodeString@2@AAW4UErrorCode@@@Z
?applyPropertyAlias@UnicodeSet@icu_3_0@@QAEAAV12@ABVUnicodeString@2@0AAW4UErrorCode@@@Z
?applyPropertyPattern@UnicodeSet@icu_3_0@@AAEAAV12@ABVUnicodeString@2@AAVParsePosition@2@AAW4UErrorCode@@@Z
?applyPropertyPattern@UnicodeSet@icu_3_0@@AAEXAAVRuleCharacterIterator@2@AAVUnicodeString@2@AAW4UErrorCode@@@Z
?assign@UVector32@icu_3_0@@QAEXABV12@AAW4UErrorCode@@@Z
?assign@UVector@icu_3_0@@QAEXABV12@P6AXPATUHashTok@@1@ZAAW4UErrorCode@@@Z
?atEnd@RuleCharacterIterator@icu_3_0@@QBECXZ
?canonicalID@ICUServiceKey@icu_3_0@@UBEAAVUnicodeString@2@AAV32@@Z
?canonicalID@LocaleKey@icu_3_0@@UBEAAVUnicodeString@2@AAV32@@Z
?canonicalLocale@LocaleKey@icu_3_0@@UBEAAVLocale@2@AAV32@@Z
?canonicalLocaleString@LocaleUtility@icu_3_0@@SAAAVUnicodeString@2@PBV32@AAV32@@Z
?caseCloseOne@UnicodeSet@icu_3_0@@AAEXABVCaseEquivClass@2@@Z
?caseCloseOne@UnicodeSet@icu_3_0@@AAEXABVUnicodeString@2@@Z
?caseCloseOne@UnicodeSet@icu_3_0@@AAEX_W@Z
?caseCompare@UnicodeString@icu_3_0@@QBECABV12@I@Z
?caseCompare@UnicodeString@icu_3_0@@QBECHHABV12@HHI@Z
?caseCompare@UnicodeString@icu_3_0@@QBECHHABV12@I@Z
?caseCompare@UnicodeString@icu_3_0@@QBECHHPB_WHHI@Z
?caseCompare@UnicodeString@icu_3_0@@QBECHHPB_WI@Z
?caseCompare@UnicodeString@icu_3_0@@QBECPB_WHI@Z
?caseCompareBetween@UnicodeString@icu_3_0@@QBECHHABV12@HHI@Z
?caseMap@UnicodeString@icu_3_0@@AAEAAV12@PAVBreakIterator@2@ABVLocale@2@IH@Z
?char32At@Replaceable@icu_3_0@@QBEHH@Z
?char32At@UnicodeString@icu_3_0@@QBEHH@Z
?charAt@Replaceable@icu_3_0@@QBE_WH@Z
?charAt@UnicodeSet@icu_3_0@@QBEHH@Z
?charAt@UnicodeString@icu_3_0@@QBE_WH@Z
?cleanPieces@CanonicalIterator@icu_3_0@@AAEXXZ
?cleanup@LocaleUtility@icu_3_0@@SACXZ
?clear@UnicodeSet@icu_3_0@@UAEAAV12@XZ
?clearBuffer@Normalizer@icu_3_0@@AAEXXZ
?clearCaches@ICUService@icu_3_0@@MAEXXZ
?clearServiceCache@ICUService@icu_3_0@@IAEXXZ
?clone@Locale@icu_3_0@@QBEPAV12@XZ
?clone@Normalizer@icu_3_0@@QBEPAV12@XZ
?clone@ParsePosition@icu_3_0@@QBEPAV12@XZ
?clone@Replaceable@icu_3_0@@UBEPAV12@XZ
?clone@ResourceBundle@icu_3_0@@QBEPAV12@XZ
?clone@StringCharacterIterator@icu_3_0@@UBEPAVCharacterIterator@2@XZ
?clone@StringEnumeration@icu_3_0@@UBEPAV12@XZ
?clone@UCharCharacterIterator@icu_3_0@@UBEPAVCharacterIterator@2@XZ
?clone@UnicodeSet@icu_3_0@@UBEPAVUnicodeFunctor@2@XZ
?clone@UnicodeString@icu_3_0@@UBEPAVReplaceable@2@XZ
?cloneArrayIfNeeded@UnicodeString@icu_3_0@@AAECHHCPAPAHC@Z
?closeOver@UnicodeSet@icu_3_0@@QAEAAV12@H@Z
?compact@UnicodeSet@icu_3_0@@UAEAAV12@XZ
?compare@Normalizer@icu_3_0@@SAHABVUnicodeString@2@0IAAW4UErrorCode@@@Z
?compare@UnicodeString@icu_3_0@@QBECABV12@@Z
?compare@UnicodeString@icu_3_0@@QBECHHABV12@@Z
?compare@UnicodeString@icu_3_0@@QBECHHABV12@HH@Z
?compare@UnicodeString@icu_3_0@@QBECHHPB_W@Z
?compare@UnicodeString@icu_3_0@@QBECHHPB_WHH@Z
?compare@UnicodeString@icu_3_0@@QBECPB_WH@Z
?compareBetween@UnicodeString@icu_3_0@@QBECHHABV12@HH@Z
?compareCodePointOrder@UnicodeString@icu_3_0@@QBECABV12@@Z
?compareCodePointOrder@UnicodeString@icu_3_0@@QBECHHABV12@@Z
?compareCodePointOrder@UnicodeString@icu_3_0@@QBECHHABV12@HH@Z
?compareCodePointOrder@UnicodeString@icu_3_0@@QBECHHPB_W@Z
?compareCodePointOrder@UnicodeString@icu_3_0@@QBECHHPB_WHH@Z
?compareCodePointOrder@UnicodeString@icu_3_0@@QBECPB_WH@Z
?compareCodePointOrderBetween@UnicodeString@icu_3_0@@QBECHHABV12@HH@Z
?complement@UnicodeSet@icu_3_0@@QAEAAV12@ABVUnicodeString@2@@Z
?complement@UnicodeSet@icu_3_0@@QAEAAV12@H@Z
?complement@UnicodeSet@icu_3_0@@UAEAAV12@HH@Z
?complement@UnicodeSet@icu_3_0@@UAEAAV12@XZ
?complementAll@UnicodeSet@icu_3_0@@QAEAAV12@ABVUnicodeString@2@@Z
?complementAll@UnicodeSet@icu_3_0@@UAEAAV12@ABV12@@Z
?compose@Normalizer@icu_3_0@@SAXABVUnicodeString@2@CHAAV32@AAW4UErrorCode@@@Z
?concatenate@Normalizer@icu_3_0@@SAAAVUnicodeString@2@AAV32@00W4UNormalizationMode@@HAAW4UErrorCode@@@Z
?constructForLocale@ResourceBundle@icu_3_0@@AAEXABVUnicodeString@2@ABVLocale@2@AAW4UErrorCode@@@Z
?contains@UVector32@icu_3_0@@QBECH@Z
?contains@UVector@icu_3_0@@QBECH@Z
?contains@UVector@icu_3_0@@QBECPAX@Z
?contains@UnicodeSet@icu_3_0@@QBECABVUnicodeString@2@@Z
?contains@UnicodeSet@icu_3_0@@UBECH@Z
?contains@UnicodeSet@icu_3_0@@UBECHH@Z
?containsAll@UVector32@icu_3_0@@QBECABV12@@Z
?containsAll@UVector@icu_3_0@@QBECABV12@@Z
?containsAll@UnicodeSet@icu_3_0@@QBECABVUnicodeString@2@@Z
?containsAll@UnicodeSet@icu_3_0@@UBECABV12@@Z
?containsNone@UVector32@icu_3_0@@QBECABV12@@Z
?containsNone@UVector@icu_3_0@@QBECABV12@@Z
?containsNone@UnicodeSet@icu_3_0@@QBECABV12@@Z
?containsNone@UnicodeSet@icu_3_0@@QBECABVUnicodeString@2@@Z
?containsNone@UnicodeSet@icu_3_0@@QBECHH@Z
?containsSome@UnicodeSet@icu_3_0@@QBECABV12@@Z
?containsSome@UnicodeSet@icu_3_0@@QBECABVUnicodeString@2@@Z
?containsSome@UnicodeSet@icu_3_0@@QBECHH@Z
?copy@UnicodeString@icu_3_0@@UAEXHHH@Z
?copyFrom@UnicodeString@icu_3_0@@AAEAAV12@ABV12@C@Z
?count@Hashtable@icu_3_0@@QBEHXZ
?count@UStringEnumeration@@UBEHAAW4UErrorCode@@@Z
?countChar32@UnicodeString@icu_3_0@@QBEHHH@Z
?countFactories@ICUService@icu_3_0@@IBEHXZ
?create@LocaleKeyFactory@icu_3_0@@UBEPAVUObject@2@ABVICUServiceKey@2@PBVICUService@2@AAW4UErrorCode@@@Z
?create@SimpleFactory@icu_3_0@@UBEPAVUObject@2@ABVICUServiceKey@2@PBVICUService@2@AAW4UErrorCode@@@Z
?create@SimpleLocaleKeyFactory@icu_3_0@@UBEPAVUObject@2@ABVICUServiceKey@2@PBVICUService@2@AAW4UErrorCode@@@Z
?create@StringPair@icu_3_0@@SAPAV12@ABVUnicodeString@2@0AAW4UErrorCode@@@Z
?createCanonical@Locale@icu_3_0@@SA?AV12@PBD@Z
?createFrom@UnicodeSet@icu_3_0@@SAPAV12@ABVUnicodeString@2@@Z
?createFromAll@UnicodeSet@icu_3_0@@SAPAV12@ABVUnicodeString@2@@Z
?createFromName@Locale@icu_3_0@@SA?AV12@PBD@Z
?createKey@ICULocaleService@icu_3_0@@MBEPAVICUServiceKey@2@PBVUnicodeString@2@AAW4UErrorCode@@@Z
?createKey@ICULocaleService@icu_3_0@@MBEPAVICUServiceKey@2@PBVUnicodeString@2@HAAW4UErrorCode@@@Z
?createKey@ICUService@icu_3_0@@UBEPAVICUServiceKey@2@PBVUnicodeString@2@AAW4UErrorCode@@@Z
?createKeywords@Locale@icu_3_0@@QBEPAVStringEnumeration@2@AAW4UErrorCode@@@Z
?createSimpleFactory@ICUService@icu_3_0@@MAEPAVICUServiceFactory@2@PAVUObject@2@ABVUnicodeString@2@CAAW4UErrorCode@@@Z
?createWithCanonicalFallback@LocaleKey@icu_3_0@@SAPAV12@PBVUnicodeString@2@0AAW4UErrorCode@@@Z
?createWithCanonicalFallback@LocaleKey@icu_3_0@@SAPAV12@PBVUnicodeString@2@0HAAW4UErrorCode@@@Z
?current32@UCharCharacterIterator@icu_3_0@@UBEHXZ
?current@Normalizer@icu_3_0@@QAEHXZ
?current@UCharCharacterIterator@icu_3_0@@UBE_WXZ
?currentDescriptor@ICUServiceKey@icu_3_0@@UBEAAVUnicodeString@2@AAV32@@Z
?currentDescriptor@LocaleKey@icu_3_0@@UBEAAVUnicodeString@2@AAV32@@Z
?currentID@ICUServiceKey@icu_3_0@@UBEAAVUnicodeString@2@AAV32@@Z
?currentID@LocaleKey@icu_3_0@@UBEAAVUnicodeString@2@AAV32@@Z
?currentLocale@LocaleKey@icu_3_0@@UBEAAVLocale@2@AAV32@@Z
?decompose@Normalizer@icu_3_0@@SAXABVUnicodeString@2@CHAAV32@AAW4UErrorCode@@@Z
?doCaseCompare@UnicodeString@icu_3_0@@ABECHHABV12@HHI@Z
?doCaseCompare@UnicodeString@icu_3_0@@ABECHHPB_WHHI@Z
?doCharAt@UnicodeString@icu_3_0@@ABE_WH@Z
?doCodepageCreate@UnicodeString@icu_3_0@@AAEXPBDH0@Z
?doCodepageCreate@UnicodeString@icu_3_0@@AAEXPBDHPAUUConverter@@AAW4UErrorCode@@@Z
?doCompare@UnicodeString@icu_3_0@@ABECHHABV12@HH@Z
?doCompare@UnicodeString@icu_3_0@@ABECHHPB_WHH@Z
?doCompareCodePointOrder@UnicodeString@icu_3_0@@ABECHHABV12@HH@Z
?doCompareCodePointOrder@UnicodeString@icu_3_0@@ABECHHPB_WHH@Z
?doExtract@UnicodeString@icu_3_0@@ABEHHHPADHPAUUConverter@@AAW4UErrorCode@@@Z
?doExtract@UnicodeString@icu_3_0@@ABEXHHAAV12@@Z
?doExtract@UnicodeString@icu_3_0@@ABEXHHPA_WH@Z
?doHashCode@UnicodeString@icu_3_0@@ABEHXZ
?doIndexOf@UnicodeString@icu_3_0@@ABEHHHH@Z
?doIndexOf@UnicodeString@icu_3_0@@ABEH_WHH@Z
?doLastIndexOf@UnicodeString@icu_3_0@@ABEHHHH@Z
?doLastIndexOf@UnicodeString@icu_3_0@@ABEH_WHH@Z
?doReplace@UnicodeString@icu_3_0@@AAEAAV12@HHABV12@HH@Z
?doReplace@UnicodeString@icu_3_0@@AAEAAV12@HHPB_WHH@Z
?doReverse@UnicodeString@icu_3_0@@AAEAAV12@HH@Z
?elementAt@UVector@icu_3_0@@QBEPAXH@Z
?elementAti@UVector32@icu_3_0@@QBEHH@Z
?elementAti@UVector@icu_3_0@@QBEHH@Z
?empty@UStack@icu_3_0@@QBECXZ
?empty@UVector32@icu_3_0@@QBECXZ
?endIndex@CharacterIterator@icu_3_0@@QBEHXZ
?endIndex@Normalizer@icu_3_0@@QBEHXZ
?endsWith@UnicodeString@icu_3_0@@QBECABV12@@Z
?endsWith@UnicodeString@icu_3_0@@QBECABV12@HH@Z
?endsWith@UnicodeString@icu_3_0@@QBECPB_WH@Z
?endsWith@UnicodeString@icu_3_0@@QBECPB_WHH@Z
?ensureBufferCapacity@UnicodeSet@icu_3_0@@AAEXH@Z
?ensureCapacity@UVector32@icu_3_0@@QAECHAAW4UErrorCode@@@Z
?ensureCapacity@UVector@icu_3_0@@QAECHAAW4UErrorCode@@@Z
?ensureCapacity@UnicodeSet@icu_3_0@@AAEXH@Z
?ensureCharsCapacity@StringEnumeration@icu_3_0@@IAEXHAAW4UErrorCode@@@Z
?equals@UVector32@icu_3_0@@QBECABV12@@Z
?equals@UVector@icu_3_0@@QBECABV12@@Z
?escapeUnprintable@ICU_Utility@icu_3_0@@SACAAVUnicodeString@2@H@Z
?exclusiveOr@UnicodeSet@icu_3_0@@AAEXPBHHC@Z
?expandCapacity@UVector32@icu_3_0@@QAECHAAW4UErrorCode@@@Z
?extract@CanonicalIterator@icu_3_0@@AAEPAVHashtable@2@HPB_WHHAAW4UErrorCode@@@Z
?extract@UnicodeString@icu_3_0@@QBEHHHPADIPBD@Z
?extract@UnicodeString@icu_3_0@@QBEHHHPADPBD@Z
?extract@UnicodeString@icu_3_0@@QBEHPADHPAUUConverter@@AAW4UErrorCode@@@Z
?extract@UnicodeString@icu_3_0@@QBEHPA_WHAAW4UErrorCode@@@Z
?extract@UnicodeString@icu_3_0@@QBEXHHAAV12@@Z
?extract@UnicodeString@icu_3_0@@QBEXHHPA_WH@Z
?extractBetween@UnicodeString@icu_3_0@@QBEXHHPA_WH@Z
?extractBetween@UnicodeString@icu_3_0@@UBEXHHAAV12@@Z
?fallback@ICUServiceKey@icu_3_0@@UAECXZ
?fallback@LocaleKey@icu_3_0@@UAECXZ
?fastCopyFrom@UnicodeString@icu_3_0@@QAEAAV12@ABV12@@Z
?find@Hashtable@icu_3_0@@QBEPBUUHashElement@@ABVUnicodeString@2@@Z
?findAndReplace@UnicodeString@icu_3_0@@QAEAAV12@ABV12@0@Z
?findAndReplace@UnicodeString@icu_3_0@@QAEAAV12@HHABV12@0@Z
?findAndReplace@UnicodeString@icu_3_0@@QAEAAV12@HHABV12@HH0HH@Z
?findCodePoint@UnicodeSet@icu_3_0@@ABEHH@Z
?first32@UCharCharacterIterator@icu_3_0@@UAEHXZ
?first32PostInc@CharacterIterator@icu_3_0@@UAEHXZ
?first32PostInc@UCharCharacterIterator@icu_3_0@@UAEHXZ
?first@Normalizer@icu_3_0@@QAEHXZ
?first@UCharCharacterIterator@icu_3_0@@UAE_WXZ
?firstElement@UVector@icu_3_0@@QBEPAXXZ
?firstPostInc@CharacterIterator@icu_3_0@@UAE_WXZ
?firstPostInc@UCharCharacterIterator@icu_3_0@@UAE_WXZ
?foldCase@UnicodeString@icu_3_0@@QAEAAV12@I@Z
?get@Hashtable@icu_3_0@@QBEPAXABVUnicodeString@2@@Z
?get@ICULocaleService@icu_3_0@@QBEPAVUObject@2@ABVLocale@2@AAW4UErrorCode@@@Z
?get@ICULocaleService@icu_3_0@@QBEPAVUObject@2@ABVLocale@2@HAAW4UErrorCode@@@Z
?get@ICULocaleService@icu_3_0@@QBEPAVUObject@2@ABVLocale@2@HPAV42@AAW4UErrorCode@@@Z
?get@ICULocaleService@icu_3_0@@QBEPAVUObject@2@ABVLocale@2@PAV42@AAW4UErrorCode@@@Z
?get@ICUService@icu_3_0@@QBEPAVUObject@2@ABVUnicodeString@2@AAW4UErrorCode@@@Z
?get@ICUService@icu_3_0@@QBEPAVUObject@2@ABVUnicodeString@2@PAV42@AAW4UErrorCode@@@Z
?get@ResourceBundle@icu_3_0@@QBE?AV12@HAAW4UErrorCode@@@Z
?get@ResourceBundle@icu_3_0@@QBE?AV12@PBDAAW4UErrorCode@@@Z
?getArrayStart@UnicodeString@icu_3_0@@AAEPA_WXZ
?getArrayStart@UnicodeString@icu_3_0@@ABEPB_WXZ
?getAvailableLocaleNames@LocaleUtility@icu_3_0@@SAPBVHashtable@2@ABVUnicodeString@2@@Z

Sections

UPX0
Size: - Virtual size: 448KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 237KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 77KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
uninstall.exe.nsis

Sharing

General

Malware Config

Signatures

Files

87bed5a7cba00c7e1f4015f1bdae2183

Headers

File Characteristics

Imports

kernel32

Sections

kkrunchy Size: 25KB - Virtual size: 5.8MB

dc072b97ab69d9cf474e33b457c157dd

Code Sign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

1a:f7:da:c1:8d:82:fe:56:8d:65:f3:70:cc:7f:88:b2Certificate

Extended Key Usages

Key Usages

a6:31:b5:fd:b3:84:56:10:10:c3:21:c5:fc:aa:f2:7b:36:cc:5d:7bSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Sections

CODE Size: - Virtual size: 1.2MB

DATA Size: - Virtual size: 254KB

BSS Size: - Virtual size: 335KB

.idata Size: - Virtual size: 11KB

.tls Size: - Virtual size: 232B

.rdata Size: 4KB - Virtual size: 24B

.reloc Size: 92KB - Virtual size: 89KB

.text Size: 268KB - Virtual size: 320KB

.adata Size: 52KB - Virtual size: 64KB

.data Size: 44KB - Virtual size: 64KB

.reloc1 Size: 20KB - Virtual size: 64KB

.pdata Size: 1.2MB - Virtual size: 1.2MB

.rsrc Size: 32KB - Virtual size: 360KB

099c0646ea7282d232219f8807883be0

Code Sign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

1a:f7:da:c1:8d:82:fe:56:8d:65:f3:70:cc:7f:88:b2Certificate

Extended Key Usages

Key Usages

49:a4:e7:c8:7e:ce:17:5d:09:ad:19:c5:b3:13:4b:15:9b:03:26:8fSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 9KB - Virtual size: 9KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

kkrunchy
Size: 25KB - Virtual size: 5.8MB

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

1a:f7:da:c1:8d:82:fe:56:8d:65:f3:70:cc:7f:88:b2
Certificate

a6:31:b5:fd:b3:84:56:10:10:c3:21:c5:fc:aa:f2:7b:36:cc:5d:7b
Signer

CODE
Size: - Virtual size: 1.2MB

DATA
Size: - Virtual size: 254KB

BSS
Size: - Virtual size: 335KB

.idata
Size: - Virtual size: 11KB

.tls
Size: - Virtual size: 232B

.rdata
Size: 4KB - Virtual size: 24B

.reloc
Size: 92KB - Virtual size: 89KB

.text
Size: 268KB - Virtual size: 320KB

.adata
Size: 52KB - Virtual size: 64KB

.data
Size: 44KB - Virtual size: 64KB

.reloc1
Size: 20KB - Virtual size: 64KB

.pdata
Size: 1.2MB - Virtual size: 1.2MB

.rsrc
Size: 32KB - Virtual size: 360KB

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

1a:f7:da:c1:8d:82:fe:56:8d:65:f3:70:cc:7f:88:b2
Certificate

49:a4:e7:c8:7e:ce:17:5d:09:ad:19:c5:b3:13:4b:15:9b:03:26:8f
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 9KB - Virtual size: 9KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

1a:f7:da:c1:8d:82:fe:56:8d:65:f3:70:cc:7f:88:b2
Certificate

f8:22:84:60:97:ae:5b:bb:5a:5d:f5:2d:fc:55:2f:d1:5b:e1:1a:24
Signer

CODE
Size: - Virtual size: 1.2MB

DATA
Size: - Virtual size: 254KB

BSS
Size: - Virtual size: 335KB

.idata
Size: - Virtual size: 11KB

.tls
Size: - Virtual size: 232B

.rdata
Size: 4KB - Virtual size: 24B

.reloc
Size: 92KB - Virtual size: 89KB

.text
Size: 268KB - Virtual size: 320KB

.adata
Size: 52KB - Virtual size: 64KB

.data
Size: 44KB - Virtual size: 64KB

.reloc1
Size: 20KB - Virtual size: 64KB

.pdata
Size: 1.2MB - Virtual size: 1.2MB

.rsrc
Size: 32KB - Virtual size: 360KB

UPX0
Size: - Virtual size: 2.0MB

UPX1
Size: 735KB - Virtual size: 736KB

.rsrc
Size: 10KB - Virtual size: 12KB

UPX0
Size: - Virtual size: 904KB

UPX1
Size: 408KB - Virtual size: 412KB

.rsrc
Size: 1KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 448KB

UPX1
Size: 237KB - Virtual size: 240KB

.rsrc
Size: 77KB - Virtual size: 80KB