1126b2b48417ac3e15daf253dd022c24_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1126b2b48417ac3e15daf253dd022c24_JaffaCakes118
Size

2.0MB
MD5

1126b2b48417ac3e15daf253dd022c24
SHA1

f9b7cbb2c99aff6468d0d48e633c5ec9c44bc896
SHA256

9ee3b5bc572ac12cb0f7f9ad606d07b662f377ecb95f43145b96c9fef9494d1d
SHA512

5dc040cd6028d63a8d8c588df118aa883d8cfa66482004dcce7de6148406be0399338780dd3f4823104993cd0fea66ef61c0a7f3f6d4cfcf0619e7e40d021421
SSDEEP

49152:IF83psuZCriEYFaN4alUQrIRQBhQNIGvEmHTXkzXQ0z:hZCrfual7g84VUzQ8

Score

3^/10

Malware Config

Signatures

Unsigned PE 15 IoCs

Checks for missing Authenticode signature.

resource
1126b2b48417ac3e15daf253dd022c24_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/KillProcDLL.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/UAC.dll
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/xml.dll
unpack002/$R5/$R0
unpack003/$PLUGINSDIR/System.dll
unpack003/$PLUGINSDIR/UserInfo.dll
unpack003/$PROGRAMFILES/Mozilla Firefox/plugins/npdnu.dll
unpack003/$PROGRAMFILES/Mozilla Firefox/plugins/npdnupdater2.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsExec.dll

NSIS installer 3 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
static1/unpack001/$PLUGINSDIR/aim_toolbar_ie.exe	nsis_installer_1
static1/unpack001/$PLUGINSDIR/dnupdatersetup.exe	nsis_installer_1

Files

1126b2b48417ac3e15daf253dd022c24_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c47392731eda8da323cadbd08e81dbff

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
MulDiv
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
RegisterClassA
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
EmptyClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetForegroundWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 104KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

153027ec3b10bcea606b777657dd3402

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
TerminateProcess
OpenProcess
LoadLibraryA
CloseHandle
GetProcAddress
FreeLibrary
GlobalFree
lstrcpyA
DisableThreadLibraryCalls

msvcrt

strcmp
_strupr
toupper
strlen
free
_initterm
malloc
_adjust_fdiv
strcpy
_itoa

Exports

Exports

KillProc

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ToolbarDetector.dll
.dll windows:5 windows x86 arch:x86

f49ca187c9bec88b280fb2804687b8c3

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:df:a2:50:00:b6:ed:97:63:bf:ec:89:ab:3f:51:3c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

11/12/2009, 00:00

Not After

25/07/2012, 23:59

Subject

CN=AOL Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AOL Inc.,L=Dulles,ST=Virginia,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a0:5c:d5:3a:c6:f5:ec:56:db:8c:a8:e7:19:98:82:71:90:6c:d2:d0
Signer

Actual PE Digest

a0:5c:d5:3a:c6:f5:ec:56:db:8c:a8:e7:19:98:82:71:90:6c:d2:d0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\cm\build\public\ToolbarDetector.1.3\toolbar\installer\plugins\ToolbarDetector\Release\ToolbarDetector.pdb

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

FindResourceExW
FreeResource
MultiByteToWideChar
lstrlenA
CloseHandle
Process32NextW
GetLastError
TerminateProcess
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
lstrcmpiW
GetPrivateProfileStringW
FindResourceW
WritePrivateProfileStringW
DeleteFileW
lstrlenW
InterlockedIncrement
lstrcpyA
GlobalFree
GlobalAlloc
lstrcpynA
lstrcmpA
WideCharToMultiByte
CompareStringW
CompareStringA
LoadResource
LockResource
SizeofResource
InterlockedDecrement
SetEnvironmentVariableA
LoadLibraryA
SetFilePointer
GetPrivateProfileIntW
DeleteCriticalSection
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringA
SetStdHandle
GetConsoleMode
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
RtlUnwind
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
VirtualFree
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetModuleHandleA
GetConsoleCP

user32

wsprintfW

advapi32

RegQueryInfoKeyW
RegEnumKeyExW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegEnumValueW

shell32

SHGetFolderPathW

ole32

OleRun
CoCreateInstance

oleaut32

SysStringLen
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysAllocStringByteLen
SysStringByteLen
SysAllocString
SysFreeString
GetErrorInfo

shlwapi

ord487
PathFileExistsW

Exports

Exports

DisableToolbars
GetToolbarXML

Sections

.text
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UAC.dll
.dll windows:4 windows x86 arch:x86

2457671c10c5aa708d9619798ec0139c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
SetLastError
CloseHandle
GlobalFree
LocalFree
FormatMessageA
MultiByteToWideChar
GetLastError
CreateProcessA
GlobalAlloc
lstrlenA
GetVersionExA
LoadLibraryA
lstrcatA
GetProcAddress
lstrcpynA
GetExitCodeProcess
WaitForSingleObject
lstrcmpiA
lstrcpyA
GetCurrentProcess
GetCurrentThread
GetCurrentProcessId
Sleep
CreateThread
GetStartupInfoA
GetCommandLineA
GetPrivateProfileIntA
GetPrivateProfileStringA
FreeLibrary
GetModuleHandleA

user32

EnableWindow
GetWindowLongA
DestroyWindow
LoadImageA
SetWindowLongA
EndDialog
MessageBoxA
SendMessageW
DialogBoxParamA
CharNextA
SendMessageTimeoutA
WaitForInputIdle
DefWindowProcA
PostMessageA
GetLastActivePopup
PostQuitMessage
SetForegroundWindow
DispatchMessageA
GetMessageA
CreateWindowExA
RegisterClassA
UnregisterClassA
GetWindowTextA
TranslateMessage
IsDialogMessageA
PeekMessageA
MsgWaitForMultipleObjects
IsWindow
ShowWindow
wsprintfA
GetDlgItem
SendMessageA
LoadStringA
SetWindowTextA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteExA

ole32

CoInitialize
CoUninitialize

Exports

Exports

Exec
ExecCodeSegment
ExecWait
GetElevationType
GetOuterHwnd
IsAdmin
RunElevated
ShellExec
ShellExecWait
StackPush
SupportsUAC
Unload

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/aim_toolbar_ie.exe
.exe windows:4 windows x86 arch:x86

c47392731eda8da323cadbd08e81dbff

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:df:a2:50:00:b6:ed:97:63:bf:ec:89:ab:3f:51:3c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

11/12/2009, 00:00

Not After

25/07/2012, 23:59

Subject

CN=AOL Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AOL Inc.,L=Dulles,ST=Virginia,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f8:8c:3d:6c:db:da:4f:28:4d:e9:84:5a:db:c1:98:a5:3f:8d:7d:0d
Signer

Actual PE Digest

f8:8c:3d:6c:db:da:4f:28:4d:e9:84:5a:db:c1:98:a5:3f:8d:7d:0d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
MulDiv
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
RegisterClassA
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
EmptyClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetForegroundWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/dual.ini
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/upgradeToolbar.exe
.exe windows:4 windows x86 arch:x86

c47392731eda8da323cadbd08e81dbff

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:c2:8d:f2:2b:bc:86:02:e9:f9:0f:3b:4b:9d:79:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

22/07/2009, 00:00

Not After

24/07/2012, 23:59

Subject

CN=AOL LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=WAOL Firewall Trust v1,O=AOL LLC,L=Dulles,ST=Virginia,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b4:5e:6c:89:38:c0:b6:8d:2c:47:67:36:cc:85:0c:17:f7:d0:43:de
Signer

Actual PE Digest

b4:5e:6c:89:38:c0:b6:8d:2c:47:67:36:cc:85:0c:17:f7:d0:43:de

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
MulDiv
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
RegisterClassA
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
EmptyClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetForegroundWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/xml.dll
.dll windows:4 windows x86 arch:x86

b5ed5b3a951d4443ce56e5453702d536

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
lstrcpynA
lstrcmpA
lstrcmpiA
lstrcpyA
RtlUnwind
GetModuleFileNameA
RaiseException
GetCommandLineA
GetVersionExA
HeapFree
HeapAlloc
HeapReAlloc
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
HeapSize
GetLastError
LoadLibraryA
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
CloseHandle
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
VirtualAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
GetCPInfo
FlushFileBuffers
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
CreateFileA
VirtualProtect
GetSystemInfo
VirtualQuery
SetStdHandle
GetLocaleInfoA
InterlockedExchange
SetEndOfFile

Exports

Exports

_CloneNode
_Coordinate
_CreateNode
_CreateText
_CurrentAttribute
_DeclarationEncoding
_DeclarationStandalone
_DeclarationVersion
_ElementPath
_FindCloseElement
_FindNextElement
_FirstAttribute
_FirstChild
_FirstChildElement
_FreeNode
_GetAttribute
_GetNodeValue
_GetText
_GotoHandle
_GotoPath
_InsertAfterNode
_InsertBeforeNode
_InsertEndChild
_IsCDATA
_LastAttribute
_LastChild
_LoadFile
_NextAttribute
_NextSibling
_NextSiblingElement
_NoChildren
_NodeHandle
_NodeType
_Parent
_PreviousAttribute
_PreviousSibling
_RemoveAllChild
_RemoveAttribute
_RemoveNode
_ReplaceNode
_RootElement
_SaveFile
_SetAttribute
_SetAttributeName
_SetAttributeValue
_SetCDATA
_SetCondenseWhiteSpace
_SetEncoding
_SetNodeValue
_SetText
_Unload
_XPathAttribute
_XPathNode
_XPathString

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$R5/$R0
.dll windows:4 windows x86 arch:x86

114d225166e9f7ba6ffd307ffc63b4cd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\cm\build\public\cool_win32_x86_4_6_1b\cool\dist\Win32\release\xprt5.pdb

Imports

msvcrt

_adjust_fdiv
setlocale
_beginthreadex
_vsnwprintf
_vsnprintf
atof
atoi
mktime
gmtime
localtime
srand
malloc
realloc
free
_purecall
time
wcslen
rand
towupper
wcsftime
wcstoul
toupper
strftime
strtoul
strtok
strtol
strstr
strrchr
strchr
_strnicmp
_stricmp
strncmp
sscanf
memchr
iswalpha
iswalnum
isspace
isdigit
isalpha
isalnum
memset
memcmp
strcmp
abs
exp
log
pow
_wcsnicmp
wcsncmp
iswdigit
memmove
iswspace
memcpy
wcsstr
strlen
_wcsrev
_wcslwr
_wcsupr
tolower
towlower
_wcsicmp
wcscmp
wcschr
wcspbrk
wcsrchr
_fdopen
fprintf
clearerr
strerror
strcpy
strcat
fputc
fflush
_errno
fclose
fseek
ftell
fwrite
wcstod
wcstol
_initterm
fread
fopen
sprintf

kernel32

ExitProcess
GetSystemTimeAsFileTime
GetTickCount
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
Sleep
GetCurrentThreadId
GetExitCodeThread
ResumeThread
GetVersionExA
GetSystemInfo
QueryPerformanceFrequency
QueryPerformanceCounter
SetEvent
WaitForSingleObject
CreateEventA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryW
LoadLibraryA
GetProcAddress
FreeLibrary
FindFirstFileW
FindFirstFileA
FindNextFileW
FindNextFileA
FindClose
RemoveDirectoryW
RemoveDirectoryA
GetDriveTypeA
CreateDirectoryW
CreateDirectoryA
DeleteFileW
DeleteFileA
MoveFileW
MoveFileA
SetFileTime
SetFileAttributesW
SetFileAttributesA
CreateFileW
CreateFileA
SetEndOfFile
SetFilePointer
GetLastError
GetTempPathA
FlushFileBuffers
WriteFile
ReadFile
CloseHandle
CompareStringW
MultiByteToWideChar
WideCharToMultiByte
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
DisableThreadLibraryCalls
GetFileSize

user32

DispatchMessageA
KillTimer
SetTimer
RegisterClassA
UnregisterClassA
TranslateMessage
DefWindowProcA
PostMessageA
GetMessageA
PeekMessageA
DestroyWindow
CreateWindowExA

advapi32

RegOpenKeyExA
RegQueryValueExA

ole32

CoTaskMemFree

oleaut32

SysFreeString
SysAllocStringLen

Exports

Exports

??0TAesCipher@XPRT@@QAE@W4ECipherOp@TCipher@1@PBEH@Z
??0TBlockCipher@XPRT@@QAE@W4ECipherOp@TCipher@1@@Z
??0TBstr@XPRT@@QAE@ABV01@@Z
??0TBstr@XPRT@@QAE@GH@Z
??0TBstr@XPRT@@QAE@PBDHPBG@Z
??0TBstr@XPRT@@QAE@PBDPBG@Z
??0TBstr@XPRT@@QAE@PBG@Z
??0TBstr@XPRT@@QAE@PBGH@Z
??0TBstr@XPRT@@QAE@XZ
??0TBufferedFile@XPRT@@QAE@H@Z
??0TCipher@XPRT@@QAE@W4ECipherOp@01@@Z
??0TConvertFromUcs2@XPRT@@QAE@PBG0@Z
??0TConvertFromUcs2@XPRT@@QAE@PBGH0@Z
??0TConvertToUcs2@XPRT@@QAE@PBDHPBG@Z
??0TConvertToUcs2@XPRT@@QAE@PBDPBG@Z
??0TFile@XPRT@@QAE@XZ
??0TFileFinder@XPRT@@QAE@XZ
??0THmac@XPRT@@QAE@AAVTMessageDigest@1@PBEH@Z
??0TInetChecksum@XPRT@@QAE@XZ
??0TLibrary@XPRT@@QAE@XZ
??0TMd4Digest@XPRT@@QAE@H@Z
??0TMd5Digest@XPRT@@QAE@H@Z
??0TMemStream@XPRT@@QAE@PBXH@Z
??0TMemStream@XPRT@@QAE@XZ
??0TMessageDigest@XPRT@@QAE@XZ
??0TPtrArray@XPRT@@QAE@XZ
??0TPtrFromPtrMap@XPRT@@QAE@H@Z
??0TPtrFromPtrMap@XPRT@@QAE@HIMMM@Z
??0TPtrList@XPRT@@QAE@H@Z
??0TSha256Digest@XPRT@@QAE@XZ
??0TShaDigest@XPRT@@QAE@XZ
??0TThread@XPRT@@QAE@XZ
??0TTimer@XPRT@@QAE@XZ
??0TXmlAttributes@XPRT@@QAE@PAPBD@Z
??0TXmlDeserializer@XPRT@@QAE@AAVTStream@1@@Z
??0TXmlParser@XPRT@@QAE@AAVTStream@1@@Z
??0TXmlParser@XPRT@@QAE@ABV01@PBDAAVTStream@1@@Z
??0TXmlWriter@XPRT@@QAE@AAVTStream@1@@Z
??0TZipArchive@XPRT@@QAE@AAVTStream@1@@Z
??1TAesCipher@XPRT@@UAE@XZ
??1TBstr@XPRT@@QAE@XZ
??1TBufferedFile@XPRT@@UAE@XZ
??1TCipher@XPRT@@UAE@XZ
??1TConvertFromUcs2@XPRT@@QAE@XZ
??1TConvertToUcs2@XPRT@@QAE@XZ
??1TFile@XPRT@@UAE@XZ
??1TFileFinder@XPRT@@UAE@XZ
??1TLibrary@XPRT@@UAE@XZ
??1TMemStream@XPRT@@UAE@XZ
??1TPtrArray@XPRT@@QAE@XZ
??1TPtrFromPtrMap@XPRT@@QAE@XZ
??1TPtrList@XPRT@@QAE@XZ
??1TThread@XPRT@@UAE@XZ
??1TTimer@XPRT@@UAE@XZ
??1TXmlDeserializer@XPRT@@UAE@XZ
??1TXmlParser@XPRT@@UAE@XZ
??1TXmlWriter@XPRT@@UAE@XZ
??1TZipArchive@XPRT@@UAE@XZ
??2TXprtAllocated@XPRT@@SAPAXI@Z
??3TXprtAllocated@XPRT@@SAXPAX@Z
??ATPtrFromPtrMap@XPRT@@QAEAAPAXPAX@Z
??_FTBufferedFile@XPRT@@QAEXXZ
??_FTMd4Digest@XPRT@@QAEXXZ
??_FTMd5Digest@XPRT@@QAEXXZ
??_FTPtrFromPtrMap@XPRT@@QAEXXZ
??_FTPtrList@XPRT@@QAEXXZ
??_UTXprtAllocated@XPRT@@SAPAXI@Z
??_VTXprtAllocated@XPRT@@SAXPAX@Z
?Add@TPtrArray@XPRT@@QAEHPAX@Z
?Add@TPtrArray@XPRT@@QAEHXZ
?AddHead@TPtrList@XPRT@@QAEPAU__POSITION@2@PAX@Z
?AddHead@TPtrList@XPRT@@QAEPAU__POSITION@2@XZ
?AddHead@TPtrList@XPRT@@QAEXABV12@@Z
?AddTail@TPtrList@XPRT@@QAEPAU__POSITION@2@PAX@Z
?AddTail@TPtrList@XPRT@@QAEPAU__POSITION@2@XZ
?AddTail@TPtrList@XPRT@@QAEXABV12@@Z
?AddTrailingSeparator@TFile@XPRT@@SA?AVTBstr@2@PBG@Z
?Append@TBstr@XPRT@@QAEAAV12@ABV12@@Z
?Append@TBstr@XPRT@@QAEAAV12@G@Z
?Append@TBstr@XPRT@@QAEAAV12@PBDHPBG@Z
?Append@TBstr@XPRT@@QAEAAV12@PBDPBG@Z
?Append@TBstr@XPRT@@QAEAAV12@PBG@Z
?Append@TBstr@XPRT@@QAEAAV12@PBGH@Z
?Append@TPtrArray@XPRT@@QAEHABV12@@Z
?AppendFileNameToSpec@TFile@XPRT@@SA?AVTBstr@2@PBG0@Z
?AppendFormat@TBstr@XPRT@@QAAXPBGZZ
?Assign@TBstr@XPRT@@QAEAAV12@ABV12@@Z
?Assign@TBstr@XPRT@@QAEAAV12@G@Z
?Assign@TBstr@XPRT@@QAEAAV12@PBDHPBG@Z
?Assign@TBstr@XPRT@@QAEAAV12@PBDPBG@Z
?Assign@TBstr@XPRT@@QAEAAV12@PBG@Z
?Assign@TBstr@XPRT@@QAEAAV12@PBGH@Z
?Attach@TBstr@XPRT@@QAEXPAG@Z
?BerDump@TAesCipher@XPRT@@UAEHPAEH@Z
?BerInit@TAesCipher@XPRT@@UAEHPBEH@Z
?CanonicalizeSpec@TFile@XPRT@@SA?AVTBstr@2@PBG@Z
?Close@TBufferedFile@XPRT@@UAE_NXZ
?Close@TFile@XPRT@@UAE_NXZ
?Close@TFileFinder@XPRT@@QAEXXZ
?Close@TMemStream@XPRT@@UAE_NXZ
?Compare@TBstr@XPRT@@QBEHPBG@Z
?CompareNoCase@TBstr@XPRT@@QBEHPBG@Z
?CompareNormal@TBstr@XPRT@@QBEHPBG@Z
?Copy@TBstr@XPRT@@QBEPAGXZ
?Copy@TPtrArray@XPRT@@QAEXABV12@@Z
?Create@SPlex@XPRT@@SGPAU12@AAPAU12@II@Z
?Create@TThread@XPRT@@QAE_NP6AHPAX@Z0_N@Z
?CreateDirectoryA@TFile@XPRT@@SA_NPBG@Z
?CreatePath@TFile@XPRT@@SA_NPBG@Z
?CreateTempFileSpec@TFile@XPRT@@SA?AVTBstr@2@XZ
?Delete@TBstr@XPRT@@QAEHHH@Z
?Deserialize@TXmlSerializable@XPRT@@QAE_NAAVTXmlDeserializer@2@@Z
?Detach@TBstr@XPRT@@QAEPAGXZ
?DirSpecFromFullSpec@TFile@XPRT@@SA?AVTBstr@2@PBG@Z
?Empty@TBstr@XPRT@@QAEXXZ
?ExtractAt@TZipArchive@XPRT@@UAEPAVTStream@2@PAU__POSITION@2@@Z
?FileNameFromFullSpec@TFile@XPRT@@SA?AVTBstr@2@PBG@Z
?Find@TBstr@XPRT@@QBEHGH@Z
?Find@TBstr@XPRT@@QBEHPBGH@Z
?Find@TFileFinder@XPRT@@QAE_NPBGI@Z
?Find@TPtrArray@XPRT@@QBEHPAXH@Z
?Find@TPtrList@XPRT@@QBEPAU__POSITION@2@PAXPAU32@@Z
?Find@TZipArchive@XPRT@@UAEPAU__POSITION@2@PBG@Z
?FindIndex@TPtrList@XPRT@@QBEPAU__POSITION@2@H@Z
?FindNext@TFileFinder@XPRT@@QAE_NI@Z
?FindOneOf@TBstr@XPRT@@QBEHPBG@Z
?FindValue@TPtrFromPtrMap@XPRT@@QAEPAU__POSITION@2@PAXPAU32@@Z
?Finish@THmac@XPRT@@QAEHPAEH@Z
?Finish@TInetChecksum@XPRT@@QAEGXZ
?Finish@TMdXDigest@XPRT@@UAEHPAEH@Z
?Finish@TSha256Digest@XPRT@@UAEHPAEH@Z
?Finish@TShaDigest@XPRT@@UAEHPAEH@Z
?Flush@TBufferedFile@XPRT@@UAE_NXZ
?Flush@TFile@XPRT@@UAE_NXZ
?Flush@TMemStream@XPRT@@UAE_NXZ
?Format@TBstr@XPRT@@QAAXPBGZZ
?Format@TTime@XPRT@@QBE?AVTBstr@2@PBG0@Z
?Format@TTime@XPRT@@QBE?AVTBstr@2@PBG@Z
?FormatGmt@TTime@XPRT@@QBE?AVTBstr@2@PBG@Z
?FormatV@TBstr@XPRT@@QAEXPBGPAD@Z
?Free@TLibrary@XPRT@@QAE_NXZ
?FreeDataChain@SPlex@XPRT@@QAEXXZ
?FreeExtra@TPtrArray@XPRT@@QAEXXZ
?GetAt@TBstr@XPRT@@QBEGH@Z
?GetAt@TZipArchive@XPRT@@UAE_NPAU__POSITION@2@AAVTFileInfo@2@@Z
?GetAttribute@TXmlAttributes@XPRT@@QBE_NHPADH0H0H@Z
?GetBestEncoding@TBstr@XPRT@@QBE?AV12@XZ
?GetBlockSize@TAesCipher@XPRT@@UBEHXZ
?GetBstrPtr@TBstr@XPRT@@QAEPAPAGXZ
?GetCount@TXmlAttributes@XPRT@@QBEHXZ
?GetCount@TZipArchive@XPRT@@UAEHXZ
?GetCurrent@TInetChecksum@XPRT@@QAEGXZ
?GetCurrentColumn@TXmlParser@XPRT@@QBEHXZ
?GetCurrentId@TThread@XPRT@@SAIXZ
?GetCurrentLine@TXmlParser@XPRT@@QBEHXZ
?GetData@TMemStream@XPRT@@QBEPBXXZ
?GetDay@TTime@XPRT@@QBEHXZ
?GetDayOfWeek@TTime@XPRT@@QBEHXZ
?GetDigestSize@TMdXDigest@XPRT@@UBEHXZ
?GetDigestSize@TSha256Digest@XPRT@@UBEHXZ
?GetDigestSize@TShaDigest@XPRT@@UBEHXZ
?GetEncodedByteLength@TBstr@XPRT@@QBEHPBG@Z
?GetEncodedString@TBstr@XPRT@@QBEPBDPBG@Z
?GetFileSpec@TFile@XPRT@@QBEABVTBstr@2@XZ
?GetFileSpec@TFileFinder@XPRT@@QBE?AVTBstr@2@XZ
?GetFileSpec@TLibrary@XPRT@@QBEABVTBstr@2@XZ
?GetFileTime@TTime@XPRT@@QBEXAAU_FILETIME@@@Z
?GetGmtTm@TTime@XPRT@@QBE_NPAUtm@@@Z
?GetHeadPosition@TZipArchive@XPRT@@UAEPAU__POSITION@2@XZ
?GetHour@TTime@XPRT@@QBEHXZ
?GetId@TThread@XPRT@@QBEIXZ
?GetInfo@TFile@XPRT@@SA_NPBGAAVTFileInfo@2@@Z
?GetLastErrorString@TXmlParser@XPRT@@QBEPBDXZ
?GetLength@TBstr@XPRT@@QBEHXZ
?GetLength@TFile@XPRT@@UBE_JXZ
?GetLength@TMemStream@XPRT@@UBE_JXZ
?GetMinute@TTime@XPRT@@QBEHXZ
?GetMonth@TTime@XPRT@@QBEHXZ
?GetNext@TPtrFromPtrMap@XPRT@@QAEPAVTPair@12@AAPAU__POSITION@2@@Z
?GetNext@TPtrFromPtrMap@XPRT@@QBEPBVTPair@12@AAPAU__POSITION@2@@Z
?GetNext@TZipArchive@XPRT@@UAE_NAAPAU__POSITION@2@AAVTFileInfo@2@@Z
?GetNextAssoc@TPtrFromPtrMap@XPRT@@QBEXAAPAU__POSITION@2@AAPAX1@Z
?GetNextKey@TPtrFromPtrMap@XPRT@@QBEABQAXAAPAU__POSITION@2@@Z
?GetNextValue@TPtrFromPtrMap@XPRT@@QAEAAPAXAAPAU__POSITION@2@@Z
?GetNextValue@TPtrFromPtrMap@XPRT@@QBEABQAXAAPAU__POSITION@2@@Z
?GetPosition@TBufferedFile@XPRT@@UBE_JXZ
?GetPosition@TFile@XPRT@@UBE_JXZ
?GetPosition@TMemStream@XPRT@@UBE_JXZ
?GetProcAddress@TLibrary@XPRT@@QBEP6GHXZPBD@Z
?GetRawBstrPtr@TBstr@XPRT@@QAEPAPAGXZ
?GetSecond@TTime@XPRT@@QBEHXZ
?GetSpecialDirectory@TFile@XPRT@@SA?AVTBstr@2@W4ESpecialDir@12@@Z
?GetStartPosition@TPtrFromPtrMap@XPRT@@QBEPAU__POSITION@2@XZ
?GetString@TBstr@XPRT@@QBEPBGXZ
?GetTempDirectory@TFile@XPRT@@SA?AVTBstr@2@XZ
?GetTickCount@TTime@XPRT@@SA?AV12@XZ
?GetTime64@TTime@XPRT@@QBE_JXZ
?GetTimeZoneOffset@TTime@XPRT@@SA?AVTTimeSpan@2@ABV12@@Z
?GetTm@TTime@XPRT@@QBE_NPAUtm@@@Z
?GetType@TBlockCipher@XPRT@@UAE?AW4ECipherType@TCipher@2@XZ
?GetValue@TXmlAttributes@XPRT@@QBEPBDPBD0@Z
?GetYear@TTime@XPRT@@QBEHXZ
?Go@TXmlDeserializer@XPRT@@QAE_NAAVTXmlSerializable@2@@Z
?Go@TXmlParser@XPRT@@QAE_NXZ
?Init@TCondVar@XPRT@@QAEXXZ
?Init@TCritSec@XPRT@@QAEXXZ
?Init@TFileInfo@XPRT@@IAEXPBGI_JABVTTime@2@22@Z
?InitHashTable@TPtrFromPtrMap@XPRT@@QAE_NI_N@Z
?Insert@TBstr@XPRT@@QAEHHG@Z
?Insert@TBstr@XPRT@@QAEHHPBG@Z
?InsertAfter@TPtrList@XPRT@@QAEPAU__POSITION@2@PAU32@PAX@Z
?InsertAt@TPtrArray@XPRT@@QAEXHABV12@@Z
?InsertAt@TPtrArray@XPRT@@QAEXHPAXH@Z
?InsertBefore@TPtrList@XPRT@@QAEPAU__POSITION@2@PAU32@PAX@Z
?IsEmpty@TBstr@XPRT@@QBE_NXZ
?IsLoaded@TLibrary@XPRT@@QBE_NXZ
?IsOpen@TFile@XPRT@@QBE_NXZ
?IsRunning@TTimer@XPRT@@QBE_NXZ
?IsValid@TTime@XPRT@@QBE_NXZ
?Left@TBstr@XPRT@@QBE?AV12@H@Z
?Load@TLibrary@XPRT@@QAE_NPBG@Z
?Lock@TCritSec@XPRT@@QAEXXZ
?Lock@TSpinLock@XPRT@@QAEXXZ
?Lookup@TPtrFromPtrMap@XPRT@@QAEPAVTPair@12@PAX@Z
?Lookup@TPtrFromPtrMap@XPRT@@QBEPBVTPair@12@PAX@Z
?Lookup@TPtrFromPtrMap@XPRT@@QBE_NPAXAAPAX@Z
?LookupPrefix@TXmlWriter@XPRT@@QAEPBDPBD@Z
?MakeBigEndian@TBstr@XPRT@@QAEAAV12@XZ
?MakeLower@TBstr@XPRT@@QAEAAV12@XZ
?MakeReverse@TBstr@XPRT@@QAEAAV12@XZ
?MakeUpper@TBstr@XPRT@@QAEAAV12@XZ
?MakeValidSpec@TFile@XPRT@@SA?AVTBstr@2@PBG_N@Z
?Mid@TBstr@XPRT@@QBE?AV12@H@Z
?Mid@TBstr@XPRT@@QBE?AV12@HH@Z
?MoveToHead@TPtrList@XPRT@@QAEXPAU__POSITION@2@@Z
?MoveToTail@TPtrList@XPRT@@QAEXPAU__POSITION@2@@Z
?Normalize@TBstr@XPRT@@QAEAAV12@XZ
?OnCharacterData@TXmlParser@XPRT@@MAEXPBDH@Z
?OnComment@TXmlParser@XPRT@@MAEXPBD@Z
?OnDefault@TXmlParser@XPRT@@MAEXPBDH@Z
?OnEndCdataSection@TXmlParser@XPRT@@MAEXXZ
?OnEndElement@TXmlParser@XPRT@@MAEXPBD0@Z
?OnExternalEntityRef@TXmlParser@XPRT@@MAE_NPBD000@Z
?OnProcessingInstruction@TXmlParser@XPRT@@MAEXPBD0@Z
?OnStartCdataSection@TXmlParser@XPRT@@MAEXXZ
?OnStartElement@TXmlParser@XPRT@@MAEXPBD0ABVTXmlAttributes@2@@Z
?Open@TFile@XPRT@@QAE_NPBGI_N@Z
?Pause@TXmlParser@XPRT@@QAEXXZ
?Prepare@TFifoBuffer@XPRT@@QAEPAEH@Z
?ProcessBlock@TAesCipher@XPRT@@UBEXPAE@Z
?ProcessData@TBlockCipher@XPRT@@UAEHPAEH_N@Z
?Read@TBufferedFile@XPRT@@UAEHPAXH@Z
?Read@TFifoBuffer@XPRT@@QAEHPAEH@Z
?Read@TFile@XPRT@@UAEHPAXH@Z
?Read@TMemStream@XPRT@@UAEHPAXH@Z
?Rehash@TPtrFromPtrMap@XPRT@@QAEXI@Z
?Remove@TBstr@XPRT@@QAEHG@Z
?Remove@TFile@XPRT@@SA_NPBG@Z
?RemoveAll@TPtrFromPtrMap@XPRT@@QAEXXZ
?RemoveAll@TPtrList@XPRT@@QAEXXZ
?RemoveAt@TPtrArray@XPRT@@QAEXHH@Z
?RemoveAt@TPtrList@XPRT@@QAEXPAU__POSITION@2@@Z
?RemoveAtPos@TPtrFromPtrMap@XPRT@@QAEXPAU__POSITION@2@@Z
?RemoveDirectoryA@TFile@XPRT@@SA_NPBG@Z
?RemoveHead@TPtrList@XPRT@@QAEPAXXZ
?RemoveHeadNoReturn@TPtrList@XPRT@@QAEXXZ
?RemoveKey@TPtrFromPtrMap@XPRT@@QAE_NPAX@Z
?RemoveTail@TPtrList@XPRT@@QAEPAXXZ
?RemoveTailNoReturn@TPtrList@XPRT@@QAEXXZ
?RemoveTrailingSeparator@TFile@XPRT@@SA?AVTBstr@2@PBG@Z
?Rename@TFile@XPRT@@SA_NPBG0@Z
?Replace@TBstr@XPRT@@QAEHGG@Z
?Replace@TBstr@XPRT@@QAEHPBG0@Z
?Resume@TThread@XPRT@@QAE_NXZ
?Resume@TXmlParser@XPRT@@QAEXXZ
?ReverseFind@TBstr@XPRT@@QBEHG@Z
?Right@TBstr@XPRT@@QBE?AV12@H@Z
?SafeToConvert@TFile@XPRT@@SA_NPBG@Z
?Serialize@TXmlSerializable@XPRT@@QBE_NAAVTXmlWriter@2@@Z
?Set@TTime@XPRT@@QAEXABU_FILETIME@@@Z
?Set@TTime@XPRT@@QAEXHHHHHH@Z
?Set@TTime@XPRT@@QAEXN@Z
?Set@TTime@XPRT@@QAEXPBG@Z
?SetAt@TBstr@XPRT@@QAEXHG@Z
?SetAt@TPtrFromPtrMap@XPRT@@QAEPAU__POSITION@2@PAX0@Z
?SetAtGrow@TPtrArray@XPRT@@QAEXHPAX@Z
?SetAttributes@TFile@XPRT@@SA_NPBGI@Z
?SetCallback@TTimer@XPRT@@QAEXPAVTTimerCallback@2@@Z
?SetCount@TPtrArray@XPRT@@QAE_NHH@Z
?SetCurrent@TInetChecksum@XPRT@@QAEXGH@Z
?SetIndentation@TXmlWriter@XPRT@@QAEX_N@Z
?SetIv@TBlockCipher@XPRT@@QAEXPBE@Z
?SetLastWriteTime@TFile@XPRT@@SA_NPBGABVTTime@2@@Z
?SetLength@TFile@XPRT@@UAE_N_J@Z
?SetLength@TMemStream@XPRT@@UAE_N_J@Z
?SetMode@TBlockCipher@XPRT@@QAEXW4ECipherMode@12@@Z
?SetOp@TCipher@XPRT@@QAEXW4ECipherOp@12@@Z
?SetOptimalLoad@TPtrFromPtrMap@XPRT@@QAEXMMM_N@Z
?SetPosition@TBufferedFile@XPRT@@UAE_N_JH@Z
?SetPosition@TFile@XPRT@@UAE_N_JH@Z
?SetPosition@TMemStream@XPRT@@UAE_N_JH@Z
?SetTime64@TTime@XPRT@@QAEX_J@Z
?SetValueAt@TPtrFromPtrMap@XPRT@@QAEXPAU__POSITION@2@PAX@Z
?Signal@TCondVar@XPRT@@QAEXXZ
?Sleep@TThread@XPRT@@SAXI@Z
?Sort@TPtrArray@XPRT@@QAEXW4ESortOrder@2@@Z
?Sort@TPtrList@XPRT@@QAEXW4ESortOrder@2@@Z
?SpecFromUrl@TFile@XPRT@@SA?AVTBstr@2@PBG@Z
?Start@TTimer@XPRT@@QAE_NH_N@Z
?Stop@TTimer@XPRT@@QAEXXZ
?Stop@TXmlParser@XPRT@@QAEXXZ
?SwapElements@TPtrList@XPRT@@QAEXPAU__POSITION@2@0@Z
?Term@TCondVar@XPRT@@QAEXXZ
?Term@TCritSec@XPRT@@QAEXXZ
?TestAccess@TFile@XPRT@@SA_NPBGI@Z
?ToDouble@TBstr@XPRT@@QBENXZ
?ToInt@TBstr@XPRT@@QBEHH@Z
?Tokenize@TBstr@XPRT@@QBE?AV12@PBGAAH@Z
?Transform@TMd4Digest@XPRT@@EAEXQAIQBE@Z
?Transform@TMd5Digest@XPRT@@EAEXQAIQBE@Z
?Transform@TShaDigest@XPRT@@EAEXQAIQBE@Z
?TrimLeft@TBstr@XPRT@@QAEAAV12@G@Z
?TrimLeft@TBstr@XPRT@@QAEAAV12@XZ
?TrimRight@TBstr@XPRT@@QAEAAV12@G@Z
?TrimRight@TBstr@XPRT@@QAEAAV12@XZ
?Unlock@TCritSec@XPRT@@QAEXXZ
?Unlock@TSpinLock@XPRT@@QAEXXZ
?Update@THmac@XPRT@@QAEXPBEH@Z
?Update@TInetChecksum@XPRT@@QAEXPBEH@Z
?Update@TMessageDigest@XPRT@@QAEXPBEH@Z
?UrlFromSpec@TFile@XPRT@@SA?AVTBstr@2@PBG@Z
?VAdoptKey@TPtrFromGuidMap@XPRT@@MBEPAXPAX@Z
?VCompareKeys@TPtrFromGuidMap@XPRT@@MBEHPBX0@Z
?VHashKey@TPtrFromGuidMap@XPRT@@MBEIPBX@Z
?VOrphanKey@TPtrFromGuidMap@XPRT@@MBEXPAX@Z
?Wait@TCondVar@XPRT@@QAE_NH@Z
?WaitForExit@TThread@XPRT@@QAE_NPAH@Z
?Write@TBufferedFile@XPRT@@UAEHPBXH@Z
?Write@TFifoBuffer@XPRT@@QAEHPBEH@Z
?Write@TFile@XPRT@@UAEHPBXH@Z
?Write@TMemStream@XPRT@@UAEHPBXH@Z
?WriteAttribute@TXmlWriter@XPRT@@QAE_NPBD00@Z
?WriteAttribute@TXmlWriter@XPRT@@QAE_NPBD0@Z
?WriteCharacterData@TXmlWriter@XPRT@@QAE_NPBD@Z
?WriteEndDocument@TXmlWriter@XPRT@@QAE_NXZ
?WriteEndElement@TXmlWriter@XPRT@@QAE_NXZ
?WriteNamespace@TXmlWriter@XPRT@@QAE_NPBD0@Z
?WriteStartDocument@TXmlWriter@XPRT@@QAE_NXZ
?WriteStartElement@TXmlWriter@XPRT@@QAE_NPBD0@Z
?WriteStartElement@TXmlWriter@XPRT@@QAE_NPBD@Z
?kCurrentDirectory@TFileFinder@XPRT@@2QBGB
?kDirectorySeparator@TFile@XPRT@@2GB
?kLibraryExtension@TLibrary@XPRT@@2QBGB
?kParentDirectory@TFileFinder@XPRT@@2QBGB
?kUnsafeConversions@TFile@XPRT@@2QBGB
XML_DefaultCurrent
XML_ErrorString
XML_ExpatVersion
XML_ExpatVersionInfo
XML_ExternalEntityParserCreate
XML_FreeContentModel
XML_GetBase
XML_GetBuffer
XML_GetCurrentByteCount
XML_GetCurrentByteIndex
XML_GetCurrentColumnNumber
XML_GetCurrentLineNumber
XML_GetErrorCode
XML_GetFeatureList
XML_GetIdAttributeIndex
XML_GetInputContext
XML_GetParsingStatus
XML_GetSpecifiedAttributeCount
XML_MemFree
XML_MemMalloc
XML_MemRealloc
XML_Parse
XML_ParseBuffer
XML_ParserCreate
XML_ParserCreateNS
XML_ParserCreate_MM
XML_ParserFree
XML_ParserReset
XML_ResumeParser
XML_SetAttlistDeclHandler
XML_SetBase
XML_SetCdataSectionHandler
XML_SetCharacterDataHandler
XML_SetCommentHandler
XML_SetDefaultHandler
XML_SetDefaultHandlerExpand
XML_SetDoctypeDeclHandler
XML_SetElementDeclHandler
XML_SetElementHandler
XML_SetEncoding
XML_SetEndCdataSectionHandler
XML_SetEndDoctypeDeclHandler
XML_SetEndElementHandler
XML_SetEndNamespaceDeclHandler
XML_SetEntityDeclHandler
XML_SetExternalEntityRefHandler
XML_SetExternalEntityRefHandlerArg
XML_SetNamespaceDeclHandler
XML_SetNotStandaloneHandler
XML_SetNotationDeclHandler
XML_SetParamEntityParsing
XML_SetProcessingInstructionHandler
XML_SetReturnNSTriplet
XML_SetSkippedEntityHandler
XML_SetStartCdataSectionHandler
XML_SetStartDoctypeDeclHandler
XML_SetStartElementHandler
XML_SetStartNamespaceDeclHandler
XML_SetUnknownEncodingHandler
XML_SetUnparsedEntityDeclHandler
XML_SetUserData
XML_SetXmlDeclHandler
XML_StopParser
XML_UseForeignDTD
XML_UseParserAsHandlerArg
XprtTrace
XprtTrace1
XprtTrace2
_XprtAllocString@4
_XprtAllocStringLen@8
_XprtAolToIsoEncoding@8
_XprtAolToIsoLang@8
_XprtAssert@12
_XprtAtomicDecrement@4
_XprtAtomicIncrement@4
_XprtAtomicTestAndSet@4
_XprtBase64ToBin@12
_XprtBinToBase64@16
_XprtBinToHex@16
_XprtCanonicalizeScreenName@8
_XprtCompareLocale@12
_XprtCompareNoCase@8
_XprtCompareNormal@8
_XprtCompareString@8
_XprtCompareVersionsA@8
_XprtCompareWildcard@8
_XprtComputeChecksum@8
_XprtCreateThread@8
_XprtDebugBreak@0
_XprtDestroyThread@8
_XprtDispatchMessages@4
_XprtDumpMem@16
_XprtDumpText@12
_XprtEntityEscape@8
_XprtEntityUnescape@8
_XprtFlipMem@8
_XprtFreeString@4
_XprtGenerateRandom@8
_XprtGetDebugSetting@8
_XprtGetDelayLoadRoot@0
_XprtGetMessage@12
_XprtGetMessageQueue@0
_XprtGetMicroseconds64@0
_XprtGetMicroseconds@0
_XprtGetMilliseconds@0
_XprtGetSystemInfo@0
_XprtGiveMessage@12
_XprtHashFile@16
_XprtHashNoCase@4
_XprtHashNormal@4
_XprtHashString@4
_XprtHexToBin@16
_XprtHtmlToPlain@8
_XprtInetAtoN@12
_XprtInetIsNonroutable@4
_XprtInetIsValid@4
_XprtInetNtoA@8
_XprtInetNtoAEx@12
_XprtInetParse@16
_XprtInitialize@8
_XprtIsValidAddress@8
_XprtIsoToAolEncoding@8
_XprtIsoToAolLang@8
_XprtLookupMessageCallback@4
_XprtMemAlloc@4
_XprtMemDebugAlloc@12
_XprtMemDebugRealloc@16
_XprtMemFree@4
_XprtMemGetTotalSize@0
_XprtMemRealloc@8
_XprtMessageLoop@0
_XprtMultibyteToUnicode@16
_XprtPlainToHtml@8
_XprtPostMessage@16
_XprtPostQuitMessage@8
_XprtRegisterMessageCallback@8
_XprtReleaseMessageId@4
_XprtRequestMessageId@0
_XprtSeedRandom@8
_XprtSetAssertProc@4
_XprtSetDebugStringProc@4
_XprtSetDelayLoadRoot@4
_XprtSetMessageAvailableCallback@8
_XprtSetScreenNameDomains@8
_XprtStringByteLen@8

Sections

.text
Size: 148KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/dnupdatersetup.exe
.exe windows:4 windows x86 arch:x86

c47392731eda8da323cadbd08e81dbff

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:2c:1d:f2
Certificate

Issuer

CN=AOL Member CA,O=America Online Inc.,L=Dulles,ST=Virginia,C=US

Not Before

10/06/2008, 20:22

Not After

10/06/2010, 20:22

Subject

CN=AOL LLC,OU=AOL LLC,O=AOL LLC,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07
Certificate

Issuer

CN=America Online Root Certification Authority 1,O=America Online Inc.,C=US

Not Before

04/06/2004, 17:26

Not After

04/06/2029, 17:26

Subject

CN=AOL Member CA,O=America Online Inc.,L=Dulles,ST=Virginia,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9a:c8:11:73:00:d0:1d:6e:74:00:b4:86:91:bf:bc:3d:3d:dc:94:4d
Signer

Actual PE Digest

9a:c8:11:73:00:d0:1d:6e:74:00:b4:86:91:bf:bc:3d:3d:dc:94:4d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
MulDiv
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
RegisterClassA
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
EmptyClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetForegroundWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$COMMONFILES/Software Update Utility/$COMMONFILES/Software Update Utility/uninstall.exe.nsis
$COMMONFILES/Software Update Utility/dnu.exe
.exe windows:4 windows x86 arch:x86

ab024b7bd0a09f00e35c0fd48824d647

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:2c:1d:f2
Certificate

Issuer

CN=AOL Member CA,O=America Online Inc.,L=Dulles,ST=Virginia,C=US

Not Before

10/06/2008, 20:22

Not After

10/06/2010, 20:22

Subject

CN=AOL LLC,OU=AOL LLC,O=AOL LLC,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07
Certificate

Issuer

CN=America Online Root Certification Authority 1,O=America Online Inc.,C=US

Not Before

04/06/2004, 17:26

Not After

04/06/2029, 17:26

Subject

CN=AOL Member CA,O=America Online Inc.,L=Dulles,ST=Virginia,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c8:27:f3:e4:0a:b1:02:a6:86:1b:7b:ea:34:44:21:74:1f:4c:d4:54
Signer

Actual PE Digest

c8:27:f3:e4:0a:b1:02:a6:86:1b:7b:ea:34:44:21:74:1f:4c:d4:54

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\cm\build\public\dnUpdater_07072009_3\downloadUpdater\Release\dnUpdater.pdb

Imports

wininet

InternetConnectW
InternetOpenW
InternetReadFileExA
InternetCloseHandle
HttpSendRequestW
HttpOpenRequestW
InternetCrackUrlW
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetCanonicalizeUrlW
HttpQueryInfoW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
lstrlenW
lstrcpyW
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetLastError
lstrcmpiW
MultiByteToWideChar
lstrcpynW
InterlockedIncrement
InterlockedDecrement
LeaveCriticalSection
GetModuleFileNameW
EnterCriticalSection
FreeLibrary
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
FlushInstructionCache
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
CloseHandle
WaitForSingleObject
Sleep
CreateThread
CreateEventW
lstrcatW
GetCurrentThreadId
SetEvent
GetCommandLineW
DeleteFileW
GetTempFileNameW
GetTempPathW
GetLocalTime
FormatMessageW
GetProcAddress
LoadLibraryW
OpenProcess
GetCurrentProcessId
LoadLibraryA
FindFirstFileW
WriteFile
SetFilePointer
ReadFile
GetFileSize
CreateFileW
LockResource
LocalFree
OutputDebugStringW
WideCharToMultiByte
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
FlushFileBuffers
HeapSize
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
VirtualQuery
SetUnhandledExceptionFilter
GetModuleFileNameA
GetTickCount
QueryPerformanceCounter
IsBadWritePtr
VirtualAlloc
GetFileType
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoW
GetSystemTimeAsFileTime
TerminateProcess
GetModuleHandleA
GetFileAttributesW
HeapReAlloc
RtlUnwind
ExitProcess
GetVersionExA
GetStartupInfoA
GetStringTypeA
GetStringTypeW
VirtualProtect
GetSystemInfo
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetStdHandle
SetEndOfFile
GetPrivateProfileStringW
IsBadReadPtr
IsBadCodePtr
LCMapStringW
LCMapStringA
GetCPInfo
GetOEMCP

user32

IsWindow
RegisterClassW
LoadBitmapW
UpdateWindow
BeginPaint
EndPaint
SystemParametersInfoW
PostQuitMessage
ShowWindow
SetWindowPos
PostMessageW
MessageBoxW
PeekMessageW
IsWindowUnicode
GetMessageA
DispatchMessageA
GetDesktopWindow
DestroyWindow
CreateWindowExW
RegisterClassExW
LoadCursorW
wsprintfW
GetClassInfoExW
PostThreadMessageW
GetMessageW
DispatchMessageW
TranslateMessage
CharUpperW
CallWindowProcW
GetWindowLongW
DefWindowProcW
SetWindowLongW
UnregisterClassW
CharNextW
GetClientRect
MsgWaitForMultipleObjects

gdi32

CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
DeleteObject

advapi32

RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

shell32

ShellExecuteW

ole32

CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoRevokeClassObject
CoRegisterClassObject
CoInitialize
CoUninitialize
StringFromGUID2
CoCreateInstance
CLSIDFromProgID

oleaut32

SysAllocString
VarBstrCmp
SysStringByteLen
SysFreeString
SysAllocStringLen
VarUI4FromStr
LoadRegTypeLi
LoadTypeLi
SysStringLen
VariantClear
DispCallFunc
VariantInit
SysAllocStringByteLen
UnRegisterTypeLi
RegisterTypeLi

shlwapi

PathFindExtensionW

psapi

EnumProcessModules
GetModuleFileNameExW

Sections

.text
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

6bc108eed3ca99f68adee56e9c99fac6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
GetCurrentProcess
GetModuleHandleA
GetProcAddress
GetLastError
GlobalFree
CloseHandle
lstrcpynA
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA
OpenThreadToken

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 741B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 657B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 85B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/Mozilla Firefox/plugins/npdnu.dll
.dll windows:4 windows x86 arch:x86

e8db3094acef5bcc16fbc67c83a79728

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\dnUpdater\npdnu\Release\npdnu.pdb

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

user32

SetWindowLongA
BeginPaint
EndPaint
DefWindowProcA

kernel32

GetFileType
CloseHandle
GetSystemInfo
VirtualProtect
HeapFree
HeapAlloc
ExitProcess
RtlUnwind
GetCurrentThreadId
GetCommandLineA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
IsBadWritePtr
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
InitializeCriticalSection
InterlockedExchange
VirtualQuery
SetFilePointer
LoadLibraryA
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
GetCPInfo
SetStdHandle
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize
FlushFileBuffers

Exports

Exports

NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/Mozilla Firefox/plugins/npdnu.xpt
$PROGRAMFILES/Mozilla Firefox/plugins/npdnupdater2.dll
.dll windows:4 windows x86 arch:x86

996628b89af7b00fec75ba717a2b85ff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\downloadUpdater\npdnupdater2\Release\npdnupdater2.pdb

Imports

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

wininet

InternetCanonicalizeUrlA
InternetCrackUrlA

kernel32

TerminateProcess
CloseHandle
GetSystemInfo
VirtualProtect
CreateProcessA
GetLastError
FlushFileBuffers
HeapSize
LCMapStringW
LCMapStringA
GetStringTypeW
ExitProcess
HeapFree
HeapAlloc
RtlUnwind
GetCurrentThreadId
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
IsBadWritePtr
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
SetFilePointer
LoadLibraryA
InterlockedExchange
VirtualQuery
InitializeCriticalSection
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
GetCPInfo
SetStdHandle
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar

user32

SetWindowLongA
BeginPaint
EndPaint
DefWindowProcA

Exports

Exports

NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/Mozilla Firefox/plugins/npdnupdater2.xpt
$PLUGINSDIR/dual.ini
$PLUGINSDIR/eula.rtf
.rtf
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

8dc5d8ec83864b4a8d299d8b4d06a888

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
lstrcpyA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetProcessHeap
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc

user32

MapDialogRect
CharPrevA
GetPropA
GetClientRect
CallWindowProcA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
CharNextA
SendMessageA
DestroyWindow

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
GetUserData
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 418B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

238a16a49edf3ab59e2f8c89449c9af7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
lstrcpynA
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
PeekNamedPipe
GetTickCount
CreateProcessA
GetStartupInfoA
CreatePipe
GetVersionExA
GlobalLock
DeleteFileA
TerminateProcess
lstrlenA
lstrcatA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CloseHandle
CopyFileA
GetTempFileNameA
GlobalFree
GlobalAlloc
GetModuleFileNameA
GetCommandLineA
Sleep
lstrcmpiA
GetExitCodeProcess

user32

SendMessageA
OemToCharBuffA
CharNextA
wsprintfA
CharPrevA
FindWindowExA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 362B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$R3/aimToolbarData/install/source.dat
$R3/aimToolbarData/install/upgrade.dat
$R3/extensions/{c2f863cd-0429-48c7-bb54-db756a951760}/META-INF/MANIFEST.MF
$R3/extensions/{c2f863cd-0429-48c7-bb54-db756a951760}/META-INF/ZIGBERT.RSA
$R3/extensions/{c2f863cd-0429-48c7-bb54-db756a951760}/META-INF/ZIGBERT.SF
$R3/extensions/{c2f863cd-0429-48c7-bb54-db756a951760}/chrome.manifest
$R3/extensions/{c2f863cd-0429-48c7-bb54-db756a951760}/chrome/aimtoolbar.jar
.zip
content/XMLConfig.js
.js
content/aboutBox.xul
.xml
content/addbuddy.xul
.js .xml polyglot
content/aimSearchBox.xml
.xml
content/aolPrefs.js
.js
content/aolQAP.js
.js
content/aolXMLIO.js
.js
content/aoltb.js
.js
content/aoltoolbar.xul
.xml
content/aoluninstall.js
.js
content/bookmark.xul
.js .xml polyglot
content/contents.rdf
.xml
content/defaultQap.xul
.xml
content/doubleQap.xul
.xml
content/favplus_sidebar.xul
.xml
content/firsttime.xul
.js .xml polyglot
content/inbox_sidebar.xul
.xml
content/mail.js
.js
content/metrics.js
.js
content/postQAP.xul
.xml
content/postTOP.xul
.xml
content/resetsurf.xul
.xml
content/searchhook.xul
.xml
content/settings.js
.js
content/settings.xul
.xml
content/surfometer.js
.js
content/tbconfig.js
.js
content/ticker/ticker.css
content/ticker/ticker.htm
.html
content/ticker/ticker.js
.js
content/upgrade.js
.js
content/util.js
.js
content/view.js
.js
content/winamp.js
.js
locale/en-US/aoltb.xml
.xml
locale/en-US/config.xml
.xml
locale/en-US/contents.rdf
.xml
locale/en-US/images/icon.png
.png
locale/en-US/images/install_banner_150.png
.png
locale/en-US/images/large_addbtn.png
.png
locale/en-US/images/large_addbtn_over.png
.png
locale/en-US/images/mag_glass.png
.png
locale/en-US/images/photo.png
.png
locale/en-US/images/poweredby.png
.png
locale/en-US/images/search.png
.png
locale/en-US/images/search_over.png
.png
locale/en-US/images/small_addbtn.png
.png
locale/en-US/images/small_addbtn_over.png
.png
locale/en-US/images/sphere.ico
locale/en-US/images/sphere.png
.png
locale/en-US/images/truveo.png
.png
locale/en-US/opensearch.xml
locale/en-US/plugins/bg_toolbar.jpg
.jpg
locale/en-US/plugins/bg_toolbar.png
.png
locale/en-US/plugins/btn_add.jpg
.jpg
locale/en-US/plugins/status.htm
.html .js polyglot
locale/en-US/toolbar_props.properties
.js
locale/en-US/toolbar_text.dtd
skin/about.png
.png
skin/arrow-dn.png
.png
skin/arrow.png
.png
skin/arrow_click.png
.png
skin/arrow_over.png
.png
skin/bg_postqap.png
.png
skin/bg_toolbar.png
.png
skin/chevron.png
.png
skin/chevron_over.png
.png
skin/contents.rdf
.xml
skin/counter.png
.png
skin/down-arrow.gif
.gif
skin/email-icon.gif
.gif
skin/gotoaol.png
.png
skin/help.png
.png
skin/im-icon.gif
.gif
skin/offline.png
.png
skin/online.png
.png
skin/services.png
.png
skin/settings.png
.png
skin/staf.png
.png
skin/styles.css
skin/uninstall.png
.png
skin/up-arrow.gif
.gif
$R3/extensions/{c2f863cd-0429-48c7-bb54-db756a951760}/components/IMailUtil.xpt
$R3/extensions/{c2f863cd-0429-48c7-bb54-db756a951760}/components/IaimUninstallObserver.xpt
$R3/extensions/{c2f863cd-0429-48c7-bb54-db756a951760}/components/MailUtil.dll
.dll windows:4 windows x86 arch:x86

39abe50cd17df1a41deee8a716ea54c1

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:df:a2:50:00:b6:ed:97:63:bf:ec:89:ab:3f:51:3c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

11/12/2009, 00:00

Not After

25/07/2012, 23:59

Subject

CN=AOL Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AOL Inc.,L=Dulles,ST=Virginia,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5b:c1:b2:ee:86:42:0a:d3:78:78:85:ff:e6:4a:a6:4c:1f:89:de:91
Signer

Actual PE Digest

5b:c1:b2:ee:86:42:0a:d3:78:78:85:ff:e6:4a:a6:4c:1f:89:de:91

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\cm\build\public\FirefoxMailCount_1.0.vc7\toolbar\Firefox\components_src\npMailUtil\Release\npMailUtil.pdb

Imports

xpcom

NS_GetMemoryManager
NS_GetServiceManager
NS_Alloc
NS_GetComponentManager
NS_CStringGetData
NS_CStringSetData

wininet

InternetOpenA
InternetCanonicalizeUrlA
InternetReadFile
HttpQueryInfoA
InternetCloseHandle
InternetOpenUrlA

kernel32

TlsFree
CompareStringW
CompareStringA
GetLocaleInfoW
HeapSize
FlushFileBuffers
SetStdHandle
SetConsoleCtrlHandler
LCMapStringW
LCMapStringA
CloseHandle
WaitForSingleObject
CreateThread
WideCharToMultiByte
GetTimeZoneInformation
ReadFile
SetFilePointer
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetOEMCP
ExitProcess
HeapFree
HeapReAlloc
HeapAlloc
GetSystemTimeAsFileTime
RtlUnwind
GetCurrentThreadId
GetCommandLineA
GetVersionExA
RaiseException
GetProcAddress
LoadLibraryA
DebugBreak
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
VirtualAlloc
IsBadWritePtr
TlsAlloc
SetLastError
GetLastError
GetCurrentThread
SetEnvironmentVariableA
TlsSetValue
TlsGetValue
GetModuleHandleA
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
GetProcessHeap
FreeLibrary
InterlockedExchange
VirtualQuery
InitializeCriticalSection
VirtualProtect
GetSystemInfo
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetCPInfo
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetACP

nspr4

PR_AtomicDecrement
PR_AtomicIncrement

Exports

Exports

NSGetModule

Sections

.text
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$R3/extensions/{c2f863cd-0429-48c7-bb54-db756a951760}/components/aimUninstallObserver.js
.js
$R3/extensions/{c2f863cd-0429-48c7-bb54-db756a951760}/install.rdf
.xml

Sharing

General

Malware Config

Signatures

Files

c47392731eda8da323cadbd08e81dbff

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 156KB

.ndata Size: - Virtual size: 104KB

.rsrc Size: 25KB - Virtual size: 25KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 1012B

153027ec3b10bcea606b777657dd3402

Headers

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 172B

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 92B

.reloc Size: 512B - Virtual size: 496B

f49ca187c9bec88b280fb2804687b8c3

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0f:df:a2:50:00:b6:ed:97:63:bf:ec:89:ab:3f:51:3cCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 156KB

.ndata
Size: - Virtual size: 104KB

.rsrc
Size: 25KB - Virtual size: 25KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 172B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 496B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0f:df:a2:50:00:b6:ed:97:63:bf:ec:89:ab:3f:51:3c
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

a0:5c:d5:3a:c6:f5:ec:56:db:8c:a8:e7:19:98:82:71:90:6c:d2:d0
Signer

.text
Size: 117KB - Virtual size: 116KB

.rdata
Size: 21KB - Virtual size: 20KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 9KB - Virtual size: 8KB

.text
Size: 12KB - Virtual size: 11KB

.data
Size: 1024B - Virtual size: 1008B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1KB - Virtual size: 1KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0f:df:a2:50:00:b6:ed:97:63:bf:ec:89:ab:3f:51:3c
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

f8:8c:3d:6c:db:da:4f:28:4d:e9:84:5a:db:c1:98:a5:3f:8d:7d:0d
Signer

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 156KB

.ndata
Size: - Virtual size: 96KB

.rsrc
Size: 25KB - Virtual size: 25KB