7cb82e567707a11259607ba1d889beadaf2e358d36b43024b589ec9c2642a8d9

Sharing

Copy URL Twitter E-mail

General

Target

7cb82e567707a11259607ba1d889beadaf2e358d36b43024b589ec9c2642a8d9
Size

1.8MB
MD5

2135532eef46a9c8ec4e006b3668d2d0
SHA1

a8c8a0b317c7c4a3f0520c774c39de48b74551e8
SHA256

7cb82e567707a11259607ba1d889beadaf2e358d36b43024b589ec9c2642a8d9
SHA512

e5656424c4f8f56b0f5acf700536326817f0e08424439d42db7e1920a98495635e4704d39a8eee8b78818340b5fee992139507ba69a9c8c6f4652efaa1d06ffd
SSDEEP

49152:CWD3Jz+nf5ssEMun2wrMpGq0vtoqs/WWV37/:C452nunRTq0c/jV3j

Score

7^/10

upx aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/SSSAO.exe	aspack_v212_v242

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/SETUP/Setup.exe	upx
static1/unpack001/SETUP/unSetup.exe	upx

Unsigned PE 18 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SETUP/Setup.exe
unpack001/SETUP/Support/ASYCFILT.DLL
unpack001/SETUP/Support/COMCAT.DLL
unpack001/SETUP/Support/GAPI32.DLL
unpack001/SETUP/Support/INETCHS.DLL
unpack001/SETUP/Support/MinHook.x64.dll
unpack001/SETUP/Support/MinHook.x86.dll
unpack001/SETUP/Support/MinWSMon.dll
unpack001/SETUP/Support/OLEAUT32.DLL
unpack001/SETUP/Support/OLEPRO32.DLL
unpack001/SETUP/Support/RCHTXCHS.DLL
unpack001/SETUP/Support/RICHED32.DLL
unpack001/SETUP/Support/STDOLE2.TLB
unpack001/SETUP/Support/VB6CHS.DLL
unpack001/SETUP/Support/VB6STKIT.DLL
unpack001/SETUP/Support/zlibwapi.dll
unpack001/SETUP/unSetup.exe
unpack001/SSSAO.exe

Files

7cb82e567707a11259607ba1d889beadaf2e358d36b43024b589ec9c2642a8d9
.zip
SETUP/Setup.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 34KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SETUP/Support/ASYCFILT.DLL
.dll windows:4 windows x86 arch:x86

28b659576236be75a4bbcbfa9113e470

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

ole32

ReleaseStgMedium

user32

UnionRect

gdi32

CreateSolidBrush
SetDIBits
SetMapMode
DeleteObject
PatBlt
GetCurrentObject
SelectObject
SetStretchBltMode
GetObjectA
GetNearestPaletteIndex
SetDIBColorTable
GetNearestColor
SelectPalette
SetDIBitsToDevice
StretchDIBits

kernel32

SetLastError
GetCPInfo
GetACP
GetStartupInfoA
InterlockedIncrement
InitializeCriticalSection
InterlockedDecrement
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetTickCount
lstrlenA
GlobalDeleteAtom
GlobalAddAtomA
GetCommandLineA
GetProcAddress
GetModuleHandleA
GetVersion
HeapFree
GetModuleFileNameA
RtlUnwind
HeapAlloc
HeapReAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetLocaleInfoA
GetLocaleInfoW
GetOEMCP
FreeEnvironmentStringsA
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WideCharToMultiByte
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
LoadLibraryA
FlushFileBuffers
SetFilePointer
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetStdHandle
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
CloseHandle
ReadFile

Exports

Exports

DllCanUnloadNow
FilterCreateInstance

Sections

.text
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SETUP/Support/COMCAT.DLL
.dll regsvr32 windows:4 windows x86 arch:x86

5316dd1ba7417f578451f902c4b4f845

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

ole32

StringFromCLSID
StringFromGUID2
CoTaskMemAlloc
CLSIDFromString
CoTaskMemFree

kernel32

GetModuleFileNameA
lstrlenA
GlobalAlloc
lstrlenW
GetModuleHandleA
WideCharToMultiByte
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
IsBadReadPtr
GetUserDefaultLCID
IsBadWritePtr
GlobalFree

user32

wsprintfA

advapi32

RegCreateKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyW
RegEnumKeyA
RegOpenKeyA
RegCloseKey
RegDeleteKeyA
RegSetValueExW
RegSetValueExA
RegCreateKeyExW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 906B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SETUP/Support/GAPI32.DLL
.dll windows:4 windows x86 arch:x86

624c84a04948cdb010eaf9695c0efffd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

ole32

StgCreateDocfile

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

GlobalSize
GlobalFree
GlobalHandle
GlobalUnlock
GetACP
GetSystemDefaultLangID
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
GetCPInfo
EnterCriticalSection
GlobalLock
GlobalAlloc
GetWindowsDirectoryA
GetVersionExA
CreateMutexA
CloseHandle
ReleaseMutex
ExitThread
WaitForSingleObject
GetProcAddress
FreeLibrary
LoadLibraryA
MultiByteToWideChar
lstrcatA
lstrcmpA
LockResource
LoadResource
FindResourceA
lstrcpyA
CreateThread
GlobalReAlloc
lstrlenA

user32

SystemParametersInfoA
SendMessageA
RegisterClipboardFormatA
GetWindowLongA
GetKeyboardLayout
DefWindowProcA
ClientToScreen
MessageBoxA
PeekMessageA
PostMessageA
ReleaseDC
GetDC
EnableMenuItem
CreatePopupMenu
LoadStringA
AppendMenuA
DestroyMenu

gdi32

GetObjectA
DeleteObject
GetStockObject
GetDeviceCaps
EnumFontFamiliesA

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

Exports

Exports

??0CHAROP@@QAE@XZ
??0CONV@@QAE@XZ
??0IME@@QAE@PAXP6GH0IIJQAUCOMPOSITIONtag@@0@ZK@Z
??0LANG@@QAE@GG@Z
??0LANG@@QAE@XZ
??0PUNCT@@QAE@XZ
??1CHAROP@@QAE@XZ
??1CONV@@QAE@XZ
??1IME@@QAE@XZ
??1LANG@@QAE@XZ
??1PUNCT@@QAE@XZ
??2CHAROP@@SGPAXI@Z
??2CONV@@SGPAXI@Z
??2IME@@SGPAXI@Z
??2LANG@@SGPAXI@Z
??2PUNCT@@SGPAXI@Z
??3CHAROP@@SGXPAX@Z
??3CONV@@SGXPAX@Z
??3IME@@SGXPAX@Z
??3LANG@@SGXPAX@Z
??3PUNCT@@SGXPAX@Z
?CbSzLen@CHAROP@@QAGKPBD@Z
?CchSzLen@CHAROP@@QAGKPBD@Z
?FAddPunct@PUNCT@@QAGHFPBD@Z
?FAlign@CHAROP@@QAGHPBD0@Z
?FAssociate@IME@@QAGHPAX@Z
?FCheck@LANG@@QAGHGPBD@Z
?FFlushComposition@IME@@QAGHH@Z
?FFree@IME@@QAGHXZ
?FGetActiveStatus@IME@@QAGHXZ
?FGetConversionStatus@IME@@QAGHPAK0@Z
?FGetLangInfo@LANG@@QAGHGPAX@Z
?FGetLangInfo@LANG@@QAGHPAULANGINFOtag@@@Z
?FGetOpenStatus@IME@@QAGHXZ
?FGetOpenStatusWindow@IME@@QAGHXZ
?FInitPunct@PUNCT@@QAGHFPBD@Z
?FLeadByte@CHAROP@@QAGHD@Z
?FLeadByte@CHAROP@@QAGHPBD@Z
?FMessage@IME@@QAGJIIJPAX@Z
?FPunct@PUNCT@@QAGHFPBD@Z
?FRegDecodeProc@CONV@@QAGHGP6GHPBDK@ZP6GK00PAKPADK2@Z0@Z
?FRegDecodeProc@CONV@@QAGHGPBDP6GK00PAKPADK1@Z0@Z
?FRegDecodeProcEx@CONV@@QAGHGPBDP6GH0K@ZP6GK00PAKPADK2@Z0@Z
?FRegEncodeProc@CONV@@QAGHGPAGP6GKPBDPAKPADK2@Z1@Z
?FRemoveDecodeProc@CONV@@QAGHP6GKPBD0PAKPADK1@Z@Z
?FRemoveEncodeProc@CONV@@QAGHP6GKPBDPAKPADK1@Z@Z
?FRemovePunct@PUNCT@@QAGHFPBD@Z
?FSetActiveStatus@IME@@QAGHH@Z
?FSetComposition@IME@@QAGHKPBXK0K@Z
?FSetConversionStatus@IME@@QAGHKK@Z
?FSetFont@IME@@QAGHPAUtagLOGFONTA@@@Z
?FSetFont@IME@@QAGHPAX@Z
?FSetLangInfo@LANG@@QAGHGPAX@Z
?FSetOpenStatus@IME@@QAGHH@Z
?FSetOpenStatusWindow@IME@@QAGHH@Z
?FSetWndProc@IME@@QAGHP6GHPAXIIJQAUCOMPOSITIONtag@@0@Z@Z
?FSetWordBreakProc@PUNCT@@QAGHP6GHXZ@Z
?FValidString@CHAROP@@QAGHPBD@Z
?FWordRegister@IME@@QAGHPBD0@Z
?GetLastError@CONV@@QAGKXZ
?IWordBreakProc@PUNCT@@QAGHPBDHHH@Z
?LpGetComposition@IME@@QAGPAUCOMPOSITIONtag@@XZ
?LpGetCriticalSection@IME@@QAGPAU_RTL_CRITICAL_SECTION@@XZ
?LpGetWndProc@IME@@QAGP6GHPAXIIJQAUCOMPOSITIONtag@@0@ZXZ
?LpGetWordBreakProc@PUNCT@@QAGP6GHXZXZ
?NCheckMessage@IME@@QAGHIIJ@Z
?NGetDecodeProcList@CONV@@QAGHPAUDEODEPROCLISTtag@@H@Z
?NGetDecodeProcNum@CONV@@QAGHXZ
?NGetEncodeProcList@CONV@@QAGHPAUENCODEPROCLISTtag@@H@Z
?NGetEncodeProcNum@CONV@@QAGHXZ
?ResetDecodingStatus@CONV@@QAGXXZ
?ResetEncodingStatus@CONV@@QAGXXZ
?SetCandidatePos@IME@@QAGXUtagPOINT@@PAUtagRECT@@1PAUtagSIZE@@@Z
?SzAlign@CHAROP@@QAGPADPBD0@Z
?SzCombine@CHAROP@@QAGPADPADG@Z
?SzCombine@CHAROP@@QAGPADPADPBD@Z
?SzConvToDBCS@CHAROP@@QAGPADPADPBD@Z
?SzConvToSBCS@CHAROP@@QAGPADPADPBD@Z
?SzCopy@CHAROP@@QAGPADPADG@Z
?SzCopy@CHAROP@@QAGPADPADPBD@Z
?SzDecode@CONV@@QAGPADPADKPBDPAK2@Z
?SzEncode@CONV@@QAGPADPADKPBDPAK2@Z
?SzFind@CHAROP@@QAGPADPBD0@Z
?SzFind@CHAROP@@QAGPADPBDG@Z
?SzFindBack@CHAROP@@QAGPADPBD00@Z
?SzFindBack@CHAROP@@QAGPADPBD0G@Z
?SzLower@CHAROP@@QAGPADPADPBD@Z
?SzNext@CHAROP@@QAGPADPBD@Z
?SzPrev@CHAROP@@QAGPADPBD0@Z
?SzUpper@CHAROP@@QAGPADPADPBD@Z
?UlCharType@CHAROP@@QAGKPBD@Z
?UlGetComposition@IME@@QAGKGPAXK@Z
?UlGetLang@LANG@@QAGKXZ
?UlGetMask@PUNCT@@QAGKH@Z
?UlGetMode@IME@@QAGKXZ
?UlSetLang@LANG@@QAGKGG@Z
?UlSetMask@PUNCT@@QAGKHK@Z
?UlSetMode@IME@@QAGKK@Z
?UsCharSize@CHAROP@@QAGGPBD@Z
?UsDecChar@CHAROP@@QAGGG@Z
?UsGetBreakOption@PUNCT@@QAGGXZ
?UsGetPunct@PUNCT@@QAGGFPADG@Z
?UsIncChar@CHAROP@@QAGGG@Z
?UsPunct@PUNCT@@QAGGPBD@Z
?UsSetBreakOption@PUNCT@@QAGGG@Z
CbGSzLen@4
CbVSzLen@8
CchGSzLen@4
CchVSzLen@8
EntryFunc@12
FDeinitIME@4
FEucCodeE@8
FEucCodeS@8
FFlushIMEComposition@8
FGAddPunct@8
FGAlign@8
FGCheckLang@8
FGGetDefFont@8
FGGetLangInfo@8
FGGetLangInfos@4
FGInitPunct@8
FGLeadByte@4
FGLeadBytep@4
FGPunct@8
FGRemovePunct@8
FGSetLangInfo@8
FGSetWordBreakProc@4
FGSyncSys@0
FGValidString@4
FGetActiveIMEStatus@4
FGetConversionStatus@12
FGetOpenIMEStatus@4
FGetOpenIMEStatusWindow@4
FIMEMessage@20
FIMEWordRegister@12
FInitIME@12
FRedefCommand@8
FRegisterHelpID@12
FSJISCode@8
FSetActiveIMEStatus@8
FSetConversionStatus@12
FSetIMEFont@8
FSetIMEFontH@8
FSetIMEWndProc@8
FSetOpenIMEStatus@8
FSetOpenIMEStatusWindow@8
FTerminatorCode@8
FVAddPunct@12
FVAlign@12
FVCheckLang@12
FVFreeCharObject@4
FVFreeConvObject@4
FVFreeLangObject@4
FVFreePunctObject@4
FVGetLangInfo@12
FVGetLangInfos@8
FVInitPunct@12
FVLeadByte@8
FVLeadBytep@8
FVPunct@12
FVRegDecodeProc@20
FVRegDecodeProcEx@20
FVRegEncodeProc@20
FVRemoveDecodeProc@8
FVRemoveEncodeProc@8
FVRemovePunct@12
FVSetLangInfo@12
FVSetWordBreakProc@8
FVValidString@8
FValidateLogfont@12
FreeAllIMEObject@0
HConvDlg@8
HConvDlgTemplate@4
HFreeDlg@4
HFreeDlgTemplate@4
IGetValidFontSize@8
IVWordBreakProc@20
IWordBreakProc@16
LpConvDlgTemplate@4
LpConvLockDlg@8
LpConvPropSheet@4
LpFreeDlg@4
LpFreeDlgTemplate@4
LpFreePropSheet@4
LpGetIMEComposition@4
LpGetIMECriticalSection@4
LpGetIMEWndProc@4
LpVCreateCharObject@0
LpVCreateConvObject@0
LpVCreateLangObject@0
LpVCreatePunctObject@0
LpVGetWordBreakProc@4
NCheckIMEMessage@16
NDetectCodeFromESC@4
NDetectCodeFromSz@4
NGetFontInfo@12
NGetIMEType@0
NVGetDecodeProcList@12
NVGetDecodeProcNum@4
NVGetEncodeProcList@12
NVGetEncodeProcNum@4
REDEFCALL_New@20
REDEFCALL_Release@4
RedefOnCommand@8
SetIMECandidatePos@24
SzGAlign@8
SzGCombine@8
SzGCombineCh@8
SzGConvToDBCS@8
SzGConvToSBCS@8
SzGCopy@8
SzGCopyCh@8
SzGFind@8
SzGFindBack@12
SzGFindBackCh@12
SzGFindCh@8
SzGLower@8
SzGNext@4
SzGPrev@8
SzGUpper@8
SzVAlign@12
SzVCombine@12
SzVCombineCh@12
SzVConvToDBCS@12
SzVConvToSBCS@12
SzVCopy@12
SzVCopyCh@12
SzVDecode@24
SzVEncode@24
SzVFind@12
SzVFindBack@16
SzVFindBackCh@16
SzVFindCh@12
SzVLower@12
SzVNext@8
SzVPrev@12
SzVUpper@12
UlDecodeEUC_JIS@24
UlDecodeGB2312_1980@24
UlDecodeISO8859_1@24
UlDecodeISO8859_7@24
UlDecodeJISX0201_1976@24
UlDecodeJISX0208_1978@24
UlDecodeJISX0208_1983@24
UlDecodeJISX0208_NEC@24
UlDecodeJISX0212_1990@24
UlDecodeKSC5601_1987@24
UlDecodeTerminator@24
UlEncodeEUC_JIS@20
UlEncodeGB2312_1980@20
UlEncodeISO8859_1@20
UlEncodeISO8859_7@20
UlEncodeJISX0201K_1976@20
UlEncodeJISX0201R_1976@20
UlEncodeJISX0201_1976@20
UlEncodeJISX0208S_1978@20
UlEncodeJISX0208S_1983@20
UlEncodeJISX0208S_NEC@20
UlEncodeJISX0208_1978@20
UlEncodeJISX0208_1983@20
UlEncodeJISX0208_NEC@20
UlEncodeJISX0212S_1990@20
UlEncodeJISX0212_1990@20
UlEncodeKSC5601_1987@20
UlEncodeTerminator@20
UlGCharType@4
UlGGetLang@0
UlGGetPunctMask@4
UlGSetLang@8
UlGSetPunctMask@8
UlGetIMEComposition@16
UlGetIMEMode@4
UlSetIMEMode@8
UlVCharType@8
UlVGetLang@4
UlVGetPunctMask@8
UlVSetLang@12
UlVSetPunctMask@12
UsGCharSize@4
UsGDecChar@4
UsGGetBreakOption@0
UsGGetPunct@12
UsGIncChar@4
UsGPunct@4
UsGSetBreakOption@4
UsVCharSize@8
UsVDecChar@8
UsVGetBreakOption@4
UsVGetPunct@16
UsVIncChar@8
UsVPunct@8
UsVSetBreakOption@8
VGetLastError@4
VResetDecodingStatus@4
VResetEncodingStatus@4

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SETUP/Support/INETCHS.DLL
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SETUP/Support/MSINET.Ocx
.dll regsvr32 windows:4 windows x86 arch:x86

256038c6c089d20e32a574c72c9a55dc

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:27:81:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/10/2008, 21:24

Not After

22/01/2010, 21:34

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

ea:f1:24:6c:e9:5c:7c:1a:35:4a:e1:f1:ee:6f:cb:2a:97:33:e4:13
Signer

Actual PE Digest

ea:f1:24:6c:e9:5c:7c:1a:35:4a:e1:f1:ee:6f:cb:2a:97:33:e4:13

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

wininet

FtpCreateDirectoryA
InternetCreateUrlA
InternetCrackUrlA
InternetSetOptionA
InternetConnectA
InternetSetStatusCallback
InternetOpenA
InternetCloseHandle
InternetFindNextFileA
FtpDeleteFileA
FtpGetFileA
FtpPutFileA
FtpRenameFileA
FtpSetCurrentDirectoryA
InternetGetLastResponseInfoA
FtpGetCurrentDirectoryA
FtpRemoveDirectoryA
FtpFindFirstFileA
InternetReadFile
HttpQueryInfoA
HttpOpenRequestA
HttpSendRequestA
InternetOpenUrlA

kernel32

GetModuleFileNameA
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
HeapAlloc
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
CloseHandle
LocalFree
FormatMessageA
SetEvent
CreateEventA
GetLastError
MultiByteToWideChar
ResetEvent
SetLastError
lstrcpynA
WaitForSingleObject
WaitForMultipleObjects
GetTickCount
IsBadWritePtr
DisableThreadLibraryCalls
GetVersion
GetProcAddress
GetFileAttributesA
lstrlenA
GetWindowsDirectoryA
LoadLibraryA
GetLocaleInfoA
InterlockedIncrement
InterlockedDecrement
HeapReAlloc
lstrcmpiA
LockResource
LoadResource
FindResourceA
lstrcmpA

user32

GetMessageA
SetDlgItemInt
GetDlgItemInt
SendDlgItemMessageA
SendMessageA
SetDlgItemTextA
GetDlgItemTextA
UnregisterClassA
ReleaseDC
GetDC
CharNextA
SetWindowLongA
SetWindowPos
IsWindowVisible
SetParent
EndPaint
GetClientRect
BeginPaint
GetWindowLongA
SetFocus
GetDlgItem
MoveWindow
GetWindow
GetActiveWindow
IsWindow
GetWindowRect
ClientToScreen
GetParent
OffsetRect
EqualRect
IntersectRect
SetWindowRgn
ShowWindow
PtInRect
WinHelpA
IsDialogMessageA
GetNextDlgTabItem
IsWindowEnabled
IsChild
GetKeyState
CreateDialogIndirectParamA
MessageBoxA
MessageBeep
PostQuitMessage
TranslateMessage
DispatchMessageA
SetTimer
PeekMessageA
MsgWaitForMultipleObjects
GetWindowThreadProcessId
PostThreadMessageA
wsprintfA
DefWindowProcA
CreateWindowExA
DialogBoxParamA
EndDialog
LoadIconA
DrawEdge
DrawIcon
LoadCursorA
RegisterClassA
DestroyIcon
KillTimer
DestroyWindow
GetSystemMetrics
LoadStringA
PostMessageA

ole32

CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CreateOleAdviseHolder
CoUninitialize

advapi32

RegDeleteValueA
RegQueryValueA
RegQueryValueExA
RegEnumKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

SafeArrayCreate
LoadRegTypeLi
VariantInit
SysStringLen
SysAllocStringLen
SysFreeString
SysAllocString
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi
LoadTypeLibEx
OleCreatePropertyFrame
SetErrorInfo
CreateErrorInfo
GetErrorInfo
VariantChangeTypeEx
VariantChangeType
VariantClear
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayRedim
SafeArrayDestroy

gdi32

GetViewportExtEx
GetWindowExtEx
GetDeviceCaps
LPtoDP
DeleteDC
SetMapMode
SetViewportExtEx
SetWindowExtEx
SetViewportOrgEx
SetWindowOrgEx
CreateDCA
CreateRectRgnIndirect

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SETUP/Support/MinHook.x64.dll
.dll windows:5 windows x64 arch:x64

1421f4ff18ec2193e24871829e161edf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapCreate
VirtualProtect
HeapFree
GetCurrentProcess
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
Sleep
HeapReAlloc
CloseHandle
HeapAlloc
HeapDestroy
GetThreadContext
GetProcAddress
GetCurrentProcessId
GetModuleHandleW
FlushInstructionCache
SetThreadContext
OpenThread
VirtualFree
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent

Exports

Exports

MH_ApplyQueued
MH_CreateHook
MH_CreateHookApi
MH_CreateHookApiEx
MH_DisableHook
MH_EnableHook
MH_Initialize
MH_QueueDisableHook
MH_QueueEnableHook
MH_RemoveHook
MH_StatusToString
MH_Uninitialize

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SETUP/Support/MinHook.x86.dll
.dll windows:5 windows x86 arch:x86

b566cd04c08347e40614668a3ec5bd76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetThreadContext
HeapReAlloc
SetThreadContext
HeapAlloc
GetCurrentProcess
HeapFree
InterlockedCompareExchange
GetModuleHandleW
Thread32First
Sleep
HeapDestroy
HeapCreate
Thread32Next
FlushInstructionCache
InterlockedExchange
GetProcAddress
OpenThread
VirtualProtect
CreateToolhelp32Snapshot
GetCurrentThreadId
CloseHandle
GetCurrentProcessId
SuspendThread
ResumeThread
VirtualQuery
VirtualFree
VirtualAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess

Exports

Exports

MH_ApplyQueued
MH_CreateHook
MH_CreateHookApi
MH_CreateHookApiEx
MH_DisableHook
MH_EnableHook
MH_Initialize
MH_QueueDisableHook
MH_QueueEnableHook
MH_RemoveHook
MH_StatusToString
MH_Uninitialize
SetHwnd

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

hook
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SETUP/Support/MinWSMon.dll
.dll windows:4 windows x86 arch:x86

4f59718a59157c4c09122ffdc30a314d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

SetWindowsHookExA
SendMessageA
CallNextHookEx
UnhookWindowsHookEx

ws2_32

recv
send

wininet

InternetOpenUrlA
InternetConnectW
InternetConnectA
HttpOpenRequestW
HttpOpenRequestA
HttpEndRequestW
InternetOpenUrlW
HttpSendRequestExW
HttpSendRequestExA
HttpAddRequestHeadersW
HttpAddRequestHeadersA
HttpSendRequestW
HttpSendRequestA
InternetReadFile
InternetOpenA
InternetOpenW
InternetCloseHandle
InternetSetCookieA
HttpEndRequestA

minhook.x86

MH_DisableHook
MH_CreateHook
MH_EnableHook
MH_Initialize
MH_Uninitialize
MH_ApplyQueued
MH_CreateHookApi
MH_CreateHookApiEx
MH_QueueDisableHook
MH_QueueEnableHook
MH_RemoveHook
MH_StatusToString

kernel32

GetFileType
GetCPInfo
RtlUnwind
LeaveCriticalSection
EnterCriticalSection
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
LoadLibraryA
GetProcAddress
GetOEMCP
InitializeCriticalSection
VirtualAlloc
WriteFile
VirtualFree
HeapCreate
GetCommandLineA
GetVersion
HeapFree
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
HeapDestroy
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
GetACP

Exports

Exports

MH_ApplyQueued
MH_CreateHook
MH_CreateHookApi
MH_CreateHookApiEx
MH_DisableHook
MH_EnableHook
MH_Initialize
MH_QueueDisableHook
MH_QueueEnableHook
MH_RemoveHook
MH_StatusToString
MH_Uninitialize
SetHwnd

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

hook
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SETUP/Support/OLEAUT32.DLL
.dll regsvr32 windows:4 windows x86 arch:x86

d7112004d3c345a2ed68d74bba3d37f5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

ole32

StgCreateDocfileOnILockBytes
WriteFmtUserTypeStg
WriteClassStg
ReadClassStg
MkParseDisplayName
StgCreateDocfile
CreateBindCtx
CoCreateInstance
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
CoSetState
ReleaseStgMedium
CoGetClassObject
StringFromGUID2
CreateItemMoniker
GetRunningObjectTable
CoGetMalloc
CLSIDFromString
CoUnmarshalInterface
CoMarshalInterface
CoUnmarshalHresult
CoMarshalHresult

user32

CreateWindowExA
RegisterClipboardFormatA
RegisterClassA
GetClassInfoA
GetWindowLongA
IsWindow
DestroyWindow
DefWindowProcA
GetSysColor
SetWindowLongA
SetFocus
SetActiveWindow
GetActiveWindow
PostQuitMessage
PostMessageA
DispatchMessageA
DispatchMessageW
TranslateMessage
GetMessageW
GetMessageA
SendMessageA
EnableWindow
GetParent
GetFocus
CharNextA
GetWindowTextA
CharLowerA
SendMessageW
GetDlgItem
GetKeyState
ReleaseDC
GetDialogBaseUnits
GetDC
GetClientRect
IsWindowUnicode
GetTopWindow
WinHelpA
wsprintfA
DestroyIcon
CreateIcon
CreateCursor
DrawIcon
GetSystemMetrics
GetIconInfo
CopyIcon
CopyImage

gdi32

GetWindowOrgEx
CreateHalftonePalette
CreateDIBitmap
CreateDIBSection
Escape
SetBitmapBits
SetDIBits
PlayMetaFileRecord
CreatePalette
GetEnhMetaFileBits
GetMetaFileBitsEx
CreateCompatibleDC
BitBlt
DeleteDC
CreateCompatibleBitmap
GetBitmapBits
SetEnhMetaFileBits
SaveDC
IntersectClipRect
GetPaletteEntries
OffsetViewportOrgEx
PlayEnhMetaFile
EnumMetaFile
RestoreDC
SetStretchBltMode
SetBkColor
SetTextColor
SetMapMode
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
GetWinMetaFileBits
GetCurrentObject
GetObjectType
GetStockObject
SelectPalette
RealizePalette
StretchBlt
GetDIBits
StretchDIBits
GetObjectA
GetBitmapDimensionEx
GetEnhMetaFileHeader
SetMetaFileBitsEx
CreateBitmap
PatBlt
DeleteEnhMetaFile
DeleteMetaFile
GetTextExtentPointA
GetDeviceCaps
SelectObject
GetTextMetricsW
GetTextMetricsA
GetTextFaceW
GetTextFaceA
EnumFontFamiliesExA
CreateFontIndirectA
DeleteObject

kernel32

LoadLibraryA
GlobalSize
FreeLibrary
LockResource
FlushFileBuffers
GetTimeZoneInformation
GetStringTypeW
GetStringTypeA
GetCurrentDirectoryA
VirtualAlloc
HeapSize
HeapReAlloc
RaiseException
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
ExitProcess
DeleteFileA
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
HeapFree
HeapAlloc
SetEnvironmentVariableA
SetFilePointer
GetLocalTime
MultiByteToWideChar
GetProcAddress
SetStdHandle
GetLocaleInfoA
GetSystemDefaultLCID
GetUserDefaultLCID
GetVersionExA
TlsGetValue
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
GetModuleHandleA
CompareStringA
CompareStringW
LCMapStringA
LCMapStringW
GetStringTypeExA
GetStringTypeExW
GetLocaleInfoW
GetLastError
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
IsBadWritePtr
IsBadReadPtr
InterlockedExchange
GetVersion
IsDBCSLeadByte
MulDiv
RtlUnwind
GetDriveTypeA
LoadResource
FindResourceA
_lclose
_lread
_lwrite
_llseek
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
MapViewOfFile
GlobalHandle
GlobalReAlloc
GlobalDeleteAtom
GlobalAddAtomA
lstrlenW
GetDriveTypeW
TlsAlloc
_lopen
lstrcmpiA
UnmapViewOfFile
CloseHandle
TlsSetValue
GetSystemInfo
CreateFileMappingA
GetFileSize
SearchPathA
TlsFree
CreateFileA
SetErrorMode
GetFullPathNameA
SetLastError
GetCommandLineA

advapi32

RegOpenKeyW
RegQueryInfoKeyA
RegDeleteKeyA
RegCreateKeyW
RegQueryValueExW
RegSetValueExW
RegQueryValueW
RegEnumKeyW
RegCloseKey
RegFlushKey
RegSetValueA
RegEnumKeyA
RegQueryValueA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegCreateKeyA
RegSetValueExA

Exports

Exports

BSTR_UserFree
BSTR_UserMarshal
BSTR_UserSize
BSTR_UserUnmarshal
BstrFromVector
ClearCustData
CreateDispTypeInfo
CreateErrorInfo
CreateStdDispatch
CreateTypeLib
CreateTypeLib2
DispCallFunc
DispGetIDsOfNames
DispGetParam
DispInvoke
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
DosDateTimeToVariantTime
GetActiveObject
GetAltMonthNames
GetErrorInfo
GetRecordInfoFromGuids
GetRecordInfoFromTypeInfo
LHashValOfNameSys
LHashValOfNameSysA
LPSAFEARRAY_Marshal
LPSAFEARRAY_Size
LPSAFEARRAY_Unmarshal
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserSize
LPSAFEARRAY_UserUnmarshal
LoadRegTypeLib
LoadTypeLib
LoadTypeLibEx
OACreateTypeLib2
OaBuildVersion
OleCreateFontIndirect
OleCreatePictureIndirect
OleCreatePropertyFrame
OleCreatePropertyFrameIndirect
OleIconToCursor
OleLoadPicture
OleLoadPictureEx
OleLoadPictureFile
OleLoadPictureFileEx
OleLoadPicturePath
OleSavePictureFile
OleTranslateColor
QueryPathOfRegTypeLib
RegisterActiveObject
RegisterTypeLib
RevokeActiveObject
SafeArrayAccessData
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayAllocDescriptorEx
SafeArrayCopy
SafeArrayCopyData
SafeArrayCreate
SafeArrayCreateEx
SafeArrayCreateVector
SafeArrayCreateVectorEx
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SafeArrayGetDim
SafeArrayGetElement
SafeArrayGetElemsize
SafeArrayGetIID
SafeArrayGetLBound
SafeArrayGetRecordInfo
SafeArrayGetUBound
SafeArrayGetVartype
SafeArrayLock
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayRedim
SafeArraySetIID
SafeArraySetRecordInfo
SafeArrayUnaccessData
SafeArrayUnlock
SetErrorInfo
SysAllocString
SysAllocStringByteLen
SysAllocStringLen
SysFreeString
SysReAllocString
SysReAllocStringLen
SysStringByteLen
SysStringLen
SystemTimeToVariantTime
UnRegisterTypeLib
UserBSTR_free_inst
UserBSTR_free_local
UserBSTR_from_local
UserBSTR_to_local
UserEXCEPINFO_free_inst
UserEXCEPINFO_free_local
UserEXCEPINFO_from_local
UserEXCEPINFO_to_local
UserHWND_free_inst
UserHWND_free_local
UserHWND_from_local
UserHWND_to_local
UserMSG_free_inst
UserMSG_free_local
UserMSG_from_local
UserMSG_to_local
UserVARIANT_free_inst
UserVARIANT_free_local
UserVARIANT_from_local
UserVARIANT_to_local
VARIANT_UserFree
VARIANT_UserMarshal
VARIANT_UserSize
VARIANT_UserUnmarshal
VarAbs
VarAdd
VarAnd
VarBoolFromCy
VarBoolFromDate
VarBoolFromDec
VarBoolFromDisp
VarBoolFromI1
VarBoolFromI2
VarBoolFromI4
VarBoolFromR4
VarBoolFromR8
VarBoolFromStr
VarBoolFromUI1
VarBoolFromUI2
VarBoolFromUI4
VarBstrCat
VarBstrCmp
VarBstrFromBool
VarBstrFromCy
VarBstrFromDate
VarBstrFromDec
VarBstrFromDisp
VarBstrFromI1
VarBstrFromI2
VarBstrFromI4
VarBstrFromR4
VarBstrFromR8
VarBstrFromUI1
VarBstrFromUI2
VarBstrFromUI4
VarCat
VarCmp
VarCyAbs
VarCyAdd
VarCyCmp
VarCyCmpR8
VarCyFix
VarCyFromBool
VarCyFromDate
VarCyFromDec
VarCyFromDisp
VarCyFromI1
VarCyFromI2
VarCyFromI4
VarCyFromR4
VarCyFromR8
VarCyFromStr
VarCyFromUI1
VarCyFromUI2
VarCyFromUI4
VarCyInt
VarCyMul
VarCyMulI4
VarCyNeg
VarCyRound
VarCySub
VarDateFromBool
VarDateFromCy
VarDateFromDec
VarDateFromDisp
VarDateFromI1
VarDateFromI2
VarDateFromI4
VarDateFromR4
VarDateFromR8
VarDateFromStr
VarDateFromUI1
VarDateFromUI2
VarDateFromUI4
VarDateFromUdate
VarDateFromUdateEx
VarDecAbs
VarDecAdd
VarDecCmp
VarDecCmpR8
VarDecDiv
VarDecFix
VarDecFromBool
VarDecFromCy
VarDecFromDate
VarDecFromDisp
VarDecFromI1
VarDecFromI2
VarDecFromI4
VarDecFromR4
VarDecFromR8
VarDecFromStr
VarDecFromUI1
VarDecFromUI2
VarDecFromUI4
VarDecInt
VarDecMul
VarDecNeg
VarDecRound
VarDecSub
VarDiv
VarEqv
VarFix
VarFormat
VarFormatCurrency
VarFormatDateTime
VarFormatFromTokens
VarFormatNumber
VarFormatPercent
VarI1FromBool
VarI1FromCy
VarI1FromDate
VarI1FromDec
VarI1FromDisp
VarI1FromI2
VarI1FromI4
VarI1FromR4
VarI1FromR8
VarI1FromStr
VarI1FromUI1
VarI1FromUI2
VarI1FromUI4
VarI2FromBool
VarI2FromCy
VarI2FromDate
VarI2FromDec
VarI2FromDisp
VarI2FromI1
VarI2FromI4
VarI2FromR4
VarI2FromR8
VarI2FromStr
VarI2FromUI1
VarI2FromUI2
VarI2FromUI4
VarI4FromBool
VarI4FromCy
VarI4FromDate
VarI4FromDec
VarI4FromDisp
VarI4FromI1
VarI4FromI2
VarI4FromR4
VarI4FromR8
VarI4FromStr
VarI4FromUI1
VarI4FromUI2
VarI4FromUI4
VarIdiv
VarImp
VarInt
VarMod
VarMonthName
VarMul
VarNeg
VarNot
VarNumFromParseNum
VarOr
VarParseNumFromStr
VarPow
VarR4CmpR8
VarR4FromBool
VarR4FromCy
VarR4FromDate
VarR4FromDec
VarR4FromDisp
VarR4FromI1
VarR4FromI2
VarR4FromI4
VarR4FromR8
VarR4FromStr
VarR4FromUI1
VarR4FromUI2
VarR4FromUI4
VarR8FromBool
VarR8FromCy
VarR8FromDate
VarR8FromDec
VarR8FromDisp
VarR8FromI1
VarR8FromI2
VarR8FromI4
VarR8FromR4
VarR8FromStr
VarR8FromUI1
VarR8FromUI2
VarR8FromUI4
VarR8Pow
VarR8Round
VarRound
VarSub
VarTokenizeFormatString
VarUI1FromBool
VarUI1FromCy
VarUI1FromDate
VarUI1FromDec
VarUI1FromDisp
VarUI1FromI1
VarUI1FromI2
VarUI1FromI4
VarUI1FromR4
VarUI1FromR8
VarUI1FromStr
VarUI1FromUI2
VarUI1FromUI4
VarUI2FromBool
VarUI2FromCy
VarUI2FromDate
VarUI2FromDec
VarUI2FromDisp
VarUI2FromI1
VarUI2FromI2
VarUI2FromI4
VarUI2FromR4
VarUI2FromR8
VarUI2FromStr
VarUI2FromUI1
VarUI2FromUI4
VarUI4FromBool
VarUI4FromCy
VarUI4FromDate
VarUI4FromDec
VarUI4FromDisp
VarUI4FromI1
VarUI4FromI2
VarUI4FromI4
VarUI4FromR4
VarUI4FromR8
VarUI4FromStr
VarUI4FromUI1
VarUI4FromUI2
VarUdateFromDate
VarWeekdayName
VarXor
VariantChangeType
VariantChangeTypeEx
VariantClear
VariantCopy
VariantCopyInd
VariantInit
VariantTimeToDosDateTime
VariantTimeToSystemTime
VectorFromBstr

Sections

.text
Size: 520KB - Virtual size: 519KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SETUP/Support/OLEPRO32.DLL
.dll regsvr32 windows:4 windows x86 arch:x86

8f50e2228a97d0224410529663a78a82

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

SetLastError
GetModuleHandleA
InitializeCriticalSection
DeleteCriticalSection
lstrlenW
GlobalAddAtomA
GlobalDeleteAtom
GlobalReAlloc
GlobalHandle
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
FindResourceA
LoadResource
LockResource
FreeLibrary
MulDiv
IsDBCSLeadByte
LoadLibraryA
InterlockedDecrement
HeapDestroy
SetFilePointer
SetStdHandle
CloseHandle
FlushFileBuffers
RaiseException
GetLocaleInfoW
InterlockedIncrement
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetProcAddress
WideCharToMultiByte
VirtualAlloc
LCMapStringW
LCMapStringA
WriteFile
VirtualFree
HeapCreate
GetCommandLineA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
ExitProcess
HeapFree
HeapAlloc
GetVersion
GetLastError
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
InterlockedExchange
RtlUnwind

user32

GetMessageA
SendMessageA
EnableWindow
CopyIcon
GetIconInfo
CopyImage
DrawIcon
CreateCursor
GetSystemMetrics
DestroyIcon
wsprintfA
GetSysColor
SetWindowLongA
GetWindowLongA
DestroyWindow
SetFocus
IsWindow
SetActiveWindow
GetActiveWindow
PostQuitMessage
PostMessageA
DispatchMessageA
DispatchMessageW
TranslateMessage
GetMessageW
RegisterClipboardFormatA
GetDlgItem
CreateIcon
GetParent
GetFocus
CharNextA
GetWindowTextA
CharLowerA
SendMessageW
GetDC
GetKeyState
ReleaseDC
GetDialogBaseUnits
GetClientRect
IsWindowUnicode
GetTopWindow
WinHelpA

gdi32

SetViewportExtEx
SetMapMode
SetTextColor
DeleteDC
CreateCompatibleBitmap
PatBlt
DeleteEnhMetaFile
DeleteMetaFile
GetTextExtentPointA
GetPaletteEntries
DeleteObject
CreateFontIndirectA
EnumFontFamiliesExA
GetTextFaceA
GetTextFaceW
GetTextMetricsA
GetTextMetricsW
SelectObject
GetDeviceCaps
CreateBitmap
SetMetaFileBitsEx
GetEnhMetaFileHeader
GetBitmapDimensionEx
GetObjectA
StretchDIBits
GetDIBits
StretchBlt
RealizePalette
SelectPalette
GetStockObject
GetObjectType
GetCurrentObject
CreateHalftonePalette
CreateDIBitmap
CreateDIBSection
Escape
SetBitmapBits
SetDIBits
PlayMetaFileRecord
CreatePalette
GetEnhMetaFileBits
GetMetaFileBitsEx
CreateCompatibleDC
BitBlt
SetViewportOrgEx
GetWinMetaFileBits
GetBitmapBits
SetEnhMetaFileBits
SaveDC
IntersectClipRect
GetWindowOrgEx
OffsetViewportOrgEx
PlayEnhMetaFile
EnumMetaFile
RestoreDC
SetStretchBltMode
SetBkColor
SetWindowOrgEx
SetWindowExtEx

ole32

ReleaseStgMedium
CreateStreamOnHGlobal
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
StgCreateDocfile
CoCreateInstance
StringFromGUID2
CoGetMalloc

advapi32

RegFlushKey
RegQueryValueA
RegSetValueA
RegCreateKeyA
RegOpenKeyA
RegCloseKey

oleaut32

SysAllocString
VariantClear
VariantChangeType
SysFreeString
VariantInit
LoadTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
OleCreateFontIndirect
OleCreatePictureIndirect
OleCreatePropertyFrame
OleCreatePropertyFrameIndirect
OleIconToCursor
OleLoadPicture
OleTranslateColor

Sections

.text
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SETUP/Support/RCHTXCHS.DLL
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SETUP/Support/RICHED32.DLL
.dll windows:4 windows x86 arch:x86

32c903521d208fd36af5670d0a38a2b9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

ole32

OleCreateFromData
OleSetContainedObject
StringFromCLSID
GetClassFile
ProgIDFromCLSID
CLSIDFromProgID
CoIsOle1Class
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgCreateDocfile
CoTreatAsClass
ReadFmtUserTypeStg
SetConvertStg
WriteFmtUserTypeStg
OleCreateDefaultHandler
OleConvertOLESTREAMToIStorage
OleConvertIStorageToOLESTREAMEx
OleConvertIStorageToOLESTREAM
CoTaskMemFree
OleDuplicateData
OleDraw
CoGetMalloc
OleGetClipboard
CreateBindCtx
CoDisconnectObject
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
OleCreateLinkToFile
GetHGlobalFromStream
OleIsCurrentClipboard
OleLoad
DoDragDrop
OleSave
ReadClassStg
WriteClassStg
OleSetClipboard
CreateStreamOnHGlobal
OleCreateStaticFromData
ReleaseStgMedium
OleCreateLinkFromData

kernel32

MultiByteToWideChar
HeapFree
HeapCreate
HeapSize
HeapReAlloc
CompareStringA
IsBadCodePtr
DeleteCriticalSection
FreeLibrary
DisableThreadLibraryCalls
GetVersionExA
InitializeCriticalSection
LoadLibraryA
GetProcAddress
WideCharToMultiByte
GlobalHandle
GetProfileIntA
GlobalSize
GlobalAlloc
HeapAlloc
GlobalLock
GlobalUnlock
GlobalFree
IsBadReadPtr
GetTickCount
lstrlenA
lstrcmpiA
lstrcatA
lstrcmpA
MulDiv
InterlockedDecrement
GetUserDefaultLangID
lstrcpyA
InterlockedIncrement
GetProfileSectionA
EnterCriticalSection
GetLocaleInfoA
GetACP
LeaveCriticalSection
GetUserDefaultLCID

user32

IntersectRect
TrackPopupMenu
DestroyMenu
SetClipboardData
CopyRect
EmptyClipboard
wsprintfA
DestroyCaret
SetCaretBlinkTime
OpenClipboard
GetKeyState
GetUpdateRect
GetKeyboardLayoutList
GetKeyboardLayout
ReleaseDC
GetDC
DefWindowProcA
LoadCursorA
SetWindowLongA
SetScrollRange
GetWindowLongA
GetParent
GetSysColor
PtInRect
SetFocus
UpdateWindow
SetCapture
PeekMessageA
GetAsyncKeyState
GetSystemMetrics
SetCursor
SendMessageA
GetMessageExtraInfo
GetDoubleClickTime
GetCursorPos
InflateRect
MapWindowPoints
ScreenToClient
ShowCursor
ReleaseCapture
MessageBeep
PostMessageA
GetDlgItem
EndPaint
BeginPaint
GetClientRect
GetWindowRect
GetCursor
IsIconic
LockWindowUpdate
GetCapture
ShowCaret
ValidateRect
HideCaret
GetCaretBlinkTime
CreateCaret
KillTimer
SetTimer
InvalidateRect
RegisterClipboardFormatA
CloseClipboard
wvsprintfA
SetMessageExtraInfo
DestroyWindow
CreateWindowExA
SetWindowWord
LoadBitmapA
SetActiveWindow
SetWindowPos
GetWindowWord
SetScrollPos
OffsetRect
WindowFromPoint
ShowScrollBar
GetScrollRange
SetScrollInfo
GetUpdateRgn
ScrollWindowEx
SystemParametersInfoA
SetCaretPos
EnableScrollBar
CharLowerBuffA
IsWindow
ActivateKeyboardLayout
GetFocus
IsChild
IsWindowVisible
RedrawWindow
RegisterClassA
UnregisterClassA
ClientToScreen
FrameRect
LoadStringA
SetRectEmpty
SetCursorPos
DestroyCursor
GetMessagePos
GetMessageTime
InvertRect

gdi32

SetMapMode
CreateRectRgnIndirect
BitBlt
SelectObject
DeleteObject
GetObjectA
GetStockObject
CreateCompatibleDC
CreateHalftonePalette
DeleteDC
GetMapMode
GetWindowOrgEx
GetWindowExtEx
GetViewportOrgEx
GetViewportExtEx
SetViewportOrgEx
SetViewportExtEx
UpdateColors
ExcludeClipRect
GetBkMode
GetClipBox
GetCharWidthA
CreatePen
CreateBrushIndirect
SetBkColor
SetTextColor
GetDeviceCaps
Rectangle
LineTo
MoveToEx
RectVisible
GetCharABCWidthsA
TranslateCharsetInfo
CombineRgn
RestoreDC
GetTextExtentPoint32A
GetOutlineTextMetricsA
GetTextMetricsA
SaveDC
CreateFontIndirectA
EnumFontFamiliesA
EnumFontFamiliesExA
ExtTextOutA
PtInRegion
SetWindowExtEx
SetWindowOrgEx
SetTextAlign
SetBkMode
RealizePalette
SelectPalette
CloseMetaFile
SetROP2
IntersectClipRect
CreateRectRgn
GetMetaFileBitsEx
InvertRgn
OffsetRgn
EnumMetaFile
CreateBitmap
SetMetaFileBitsEx
DeleteMetaFile
PatBlt
CreatePatternBrush
CreateMetaFileA

shell32

DragQueryFileA
DragQueryPoint
DragAcceptFiles
DragFinish

gapi32

SzGConvToSBCS@8
UlGetIMEMode@4
SetIMECandidatePos@24
FGCheckLang@8
IVWordBreakProc@20
SzGNext@4
NCheckIMEMessage@16
FIMEMessage@20
UsVGetPunct@16
FVInitPunct@12
FSetIMEFont@8
LpGetIMECriticalSection@4
FGAlign@8
FGLeadByte@4
UlSetIMEMode@8
FFlushIMEComposition@8
FDeinitIME@4
FVFreePunctObject@4
UlGGetLang@0
LpVCreatePunctObject@0
UsVGetBreakOption@4
UsVSetBreakOption@8
FInitIME@12
FGGetDefFont@8
SzGAlign@8

Sections

.text
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 677B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mpchwb
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SETUP/Support/STDOLE2.TLB
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SETUP/Support/VB6CHS.DLL
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SETUP/Support/VB6STKIT.DLL
.dll windows:4 windows x86 arch:x86

9f4b76d42cbc350286ec870347345155

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

TranslateMessage
CharNextA
wsprintfA
CharPrevA
LoadStringA
PeekMessageA
MessageBoxA
DispatchMessageA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation

ole32

CoCreateInstance
StringFromGUID2
OleInitialize
OleUninitialize

oleaut32

RegisterTypeLi
LoadTypeLi

kernel32

GetFileAttributesA
CompareStringW
GetStringTypeW
DeleteFileA
GetStringTypeA
GetLocaleInfoA
GetTimeZoneInformation
LCMapStringW
GetEnvironmentStringsW
LCMapStringA
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetEnvironmentStrings
GetACP
GetCPInfo
HeapReAlloc
GetLocaleInfoW
FlushFileBuffers
SetEnvironmentVariableA
GetOEMCP
GetVersion
GetLastError
lstrcatA
lstrcpyA
lstrcmpiA
lstrlenA
CopyFileA
OpenFile
Sleep
lstrcpynA
WriteFile
CloseHandle
SetFilePointer
CreateFileA
FreeLibrary
GetProcAddress
LoadLibraryA
SetCurrentDirectoryA
GetCurrentDirectoryA
SetErrorMode
LocalFree
LocalUnlock
LocalLock
LocalAlloc
SetFileTime
GetFileTime
GetWindowsDirectoryA
MultiByteToWideChar
CompareStringA
WideCharToMultiByte
GetModuleFileNameA
VirtualAlloc
HeapCreate
VirtualFree
TlsSetValue
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
FindClose
FindFirstFileA
GetFileType
SetFileAttributesA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
ExitProcess
TerminateProcess
GetCurrentProcess
HeapAlloc
HeapFree
ReadFile
GetCommandLineA
GetCurrentThreadId
DeleteCriticalSection
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetEndOfFile
SetHandleCount
GetStdHandle
GetStartupInfoA
GetFullPathNameA
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetStdHandle
InterlockedDecrement
InterlockedIncrement
HeapDestroy

Exports

Exports

AbortAction
AddActionNote
ChangeActionKey
CommitAction
DLLSelfRegister
DisableLogging
EnableLogging
ExtractFileFromCab
GetClsidFromActXFile
LogConfig
LogError
LogNote
LogWarning
NewAction
RegisterTLB
SyncShell
_SetTime@8
fCreateShellLink
fRemoveShellLink
fWithinAction

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SETUP/Support/msvbvm60.dll
.dll regsvr32 windows:4 windows x86 arch:x86

ce5958d8adf86078d58c0c6f95621ee9

Code Sign

33:00:00:01:88:af:52:d6:b9:92:6d:e8:f9:00:00:00:00:01:88
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:39

Not After

03/03/2021, 18:39

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2b:42:48:13:df:60:11:57:a5:35:64:9a:12:5e:96:9e:6b:55:53:e6:f6:73:eb:91:38:5c:9b:04:55:a8:91:f4
Signer

Actual PE Digest

2b:42:48:13:df:60:11:57:a5:35:64:9a:12:5e:96:9e:6b:55:53:e6:f6:73:eb:91:38:5c:9b:04:55:a8:91:f4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetTimeZoneInformation
CreateThread
ExitThread
FlushFileBuffers
CreateDirectoryA
RemoveDirectoryA
MoveFileA
LockFile
UnlockFile
TerminateProcess
SetEnvironmentVariableA
GetCPInfo
GetACP
GetOEMCP
SetHandleCount
GetStdHandle
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetStdHandle
GetStringTypeW
RaiseException
LCMapStringW
GetStringTypeA
GetModuleFileNameW
GetUserDefaultLangID
GetComputerNameA
SetFileAttributesA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileTime
SetFileTime
GetLocalTime
SetLocalTime
RtlUnwind
OpenFile
CreateProcessW
IsValidCodePage
FormatMessageW
GetStartupInfoA
UnhandledExceptionFilter
ExitProcess
SetCurrentDirectoryA
GetStringTypeExA
GetVolumeInformationA
FindFirstFileA
FindNextFileA
FindClose
VirtualFree
GetSystemInfo
VirtualAlloc
VirtualProtect
FlushInstructionCache
FindResourceExA
GetShortPathNameA
WinExec
lstrlenW
lstrcpyW
WriteFile
SetEndOfFile
SetFilePointer
GetSystemTime
SystemTimeToFileTime
WaitForMultipleObjects
ReleaseMutex
CreateMutexA
GetCurrentProcess
DuplicateHandle
ResumeThread
GetCommandLineA
TlsSetValue
TlsFree
TlsAlloc
GetVersion
CompareStringW
lstrcmpiW
MulDiv
CreateProcessA
GetExitCodeProcess
LoadLibraryExA
WaitForSingleObject
ResetEvent
SetEvent
CreateEventA
GetTickCount
GetEnvironmentVariableA
FreeResource
GetSystemDefaultLCID
GetPrivateProfileIntA
IsBadCodePtr
GetUserDefaultLCID
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
Sleep
GlobalDeleteAtom
HeapDestroy
SetErrorMode
GlobalAddAtomA
ReleaseSemaphore
LCMapStringA
CreateSemaphoreA
VirtualQuery
GetCurrentProcessId
MultiByteToWideChar
GetProfileStringA
WideCharToMultiByte
HeapReAlloc
GetDriveTypeA
CompareStringA
GetFileAttributesA
GetCurrentDirectoryA
GetModuleFileNameA
SetLastError
GetFullPathNameA
SearchPathA
GetFileType
GlobalUnlock
GlobalFree
FindResourceA
LoadResource
SizeofResource
GlobalAlloc
GlobalSize
GlobalHandle
GlobalReAlloc
GlobalLock
_lwrite
_lread
LockResource
GetTempPathA
GetTempFileNameA
lstrcpynA
_lclose
_llseek
FreeLibrary
GetLocaleInfoA
lstrcmpiA
GetLastError
GetModuleHandleA
GetSystemDefaultLangID
FormatMessageA
HeapCreate
GetWindowsDirectoryA
GetPrivateProfileStringA
lstrcatA
CreateFileA
ReadFile
CloseHandle
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
IsBadReadPtr
TlsGetValue
lstrcpyA
DeleteFileA
lstrcmpA
GetCurrentThreadId
GetVersionExA
HeapAlloc
HeapFree
HeapSize
lstrlenA

user32

DdeClientTransaction
DdeAbandonTransaction
DdeGetData
DdeGetLastError
DdeCreateDataHandle
DdeCmpStringHandles
SetCursorPos
EnumClipboardFormats
DestroyCursor
GetAsyncKeyState
WaitForInputIdle
GetForegroundWindow
VkKeyScanW
SetWindowsHookExW
keybd_event
CharUpperBuffW
CharUpperBuffA
CharLowerBuffW
FindWindowW
FindWindowA
SetActiveWindow
GetClassInfoExA
LoadIconA
LoadImageA
RegisterClassExA
FrameRect
CreateDialogParamA
IsDialogMessageA
EnableMenuItem
ShowCursor
OemToCharA
CharToOemBuffA
GetWindowTextA
EndDialog
DrawTextA
SendDlgItemMessageA
SetDlgItemTextA
GetWindowPlacement
GetSystemMetrics
LoadBitmapA
TranslateMessage
DispatchMessageA
MsgWaitForMultipleObjects
WaitMessage
PostQuitMessage
UnhookWindowsHookEx
RegisterClipboardFormatA
CreateCursor
CreateIcon
PostMessageW
PeekMessageW
EnumWindows
EnumChildWindows
GetPropA
RemovePropA
SetPropA
SetForegroundWindow
ClipCursor
CallWindowProcA
DefFrameProcA
GetKeyState
GetDlgItem
IsWindow
UnregisterClassA
RegisterClassA
AdjustWindowRect
GetTabbedTextExtentA
TabbedTextOutA
FillRect
CharToOemA
MessageBoxA
wsprintfA
WinHelpA
GetDesktopWindow
SetRect
GetWindowDC
DestroyIcon
GetClassInfoA
AdjustWindowRectEx
GetMenuItemCount
RemoveMenu
GetMenuStringA
GetMenuState
DdePostAdvise
GetCaretPos
CharPrevA
CharNextA
GetUpdateRgn
GetUpdateRect
PtInRect
ChildWindowFromPointEx
ReleaseCapture
SetCapture
InflateRect
GetWindowRect
ClientToScreen
MoveWindow
IsWindowEnabled
IsChild
SetParent
IsIconic
IsZoomed
DefMDIChildProcA
MessageBeep
PeekMessageA
PostMessageA
LoadStringA
AppendMenuA
DestroyMenu
CreatePopupMenu
GetMessageTime
GetMessagePos
DrawFocusRect
CopyAcceleratorTableA
GetWindowRgn
CharUpperA
TranslateMDISysAccel
SubtractRect
IsRectEmpty
InvalidateRgn
InvalidateRect
CopyRect
GetDCEx
IntersectRect
LoadAcceleratorsA
BringWindowToTop
GetWindowThreadProcessId
AttachThreadInput
EqualRect
EnableWindow
SetFocus
SendMessageA
SetWindowsHookExA
GetClassNameA
LoadCursorA
SetCursor
SetWindowLongA
GetWindow
GetFocus
GetKeyboardLayout
GetSystemMenu
CallNextHookEx
GetParent
DestroyWindow
SetWindowTextA
SetWindowPos
UpdateWindow
CreateWindowExA
SystemParametersInfoA
GetCapture
WindowFromPoint
ScreenToClient
SetTimer
IsWindowVisible
ShowWindow
KillTimer
GetDC
ReleaseDC
MapWindowPoints
GetCursorPos
GetCursor
OffsetRect
GetIconInfo
DefWindowProcA
BeginPaint
GetClientRect
EndPaint
GetSysColor
GetActiveWindow
GetWindowLongA
DdeDisconnect
DdeConnect
DdeSetUserHandle
DdeNameService
DdeCreateStringHandleA
DdeUninitialize
DdeInitializeA
DdeFreeStringHandle
DdeQueryConvInfo
DdeQueryStringA
DdeFreeDataHandle
SetScrollRange
SetScrollPos
DrawFrameControl
LockWindowUpdate
CharLowerBuffA
IsClipboardFormatAvailable
SetClipboardData
GetClipboardData
OpenClipboard
EmptyClipboard
CloseClipboard
GetCaretBlinkTime
SetCaretPos
GetWindowTextLengthA
CreateCaret
ShowCaret
HideCaret
DestroyCaret
GetScrollPos
GetClipboardFormatNameA
DrawTextExA
SetWindowRgn
ToAscii
CreateAcceleratorTableA
DestroyAcceleratorTable
ShowScrollBar
GetScrollInfo
GetLastActivePopup
GetMenuItemInfoA
SetMenuItemInfoA
SetKeyboardState
GetKeyboardState
GetQueueStatus
GetDoubleClickTime
SetWindowContextHelpId
TrackPopupMenu
SetMenuDefaultItem
DrawMenuBar
DeleteMenu
InsertMenuA
GetSubMenu
GetMenuItemID
GetMenu
SetMenu
CreateMenu
ModifyMenuA
CheckMenuItem
BeginDeferWindowPos
EndDeferWindowPos
DeferWindowPos
PostThreadMessageA
VkKeyScanA
CharLowerA
DrawIcon
MessageBoxIndirectA
DialogBoxParamA
IsCharAlphaA
EnumThreadWindows
SetScrollInfo

gdi32

RestoreDC
RealizePalette
SetROP2
SaveDC
GetClipBox
SetWindowOrgEx
ExcludeClipRect
CreateHalftonePalette
GetTextMetricsA
PatBlt
EnumFontsA
TranslateCharsetInfo
GetROP2
SetBrushOrgEx
GetDeviceCaps
GetObjectType
CreatePenIndirect
CreateBrushIndirect
Rectangle
GetStockObject
Arc
LineTo
MoveToEx
Pie
Ellipse
SetStretchBltMode
GetPixel
GetTextExtentPoint32A
SetPixelV
StretchDIBits
GetCurrentObject
TextOutA
GetBkColor
StretchBlt
CreateDIBitmap
CloseMetaFile
SetWindowExtEx
CreateMetaFileA
EndDoc
AbortDoc
StartPage
CreateCompatibleBitmap
StartDocA
CreateDCA
ResetDCA
Escape
ScaleViewportExtEx
SetViewportExtEx
SetMapMode
DeleteMetaFile
PlayMetaFile
SetAbortProc
DeleteEnhMetaFile
PlayEnhMetaFile
CreateICA
GetEnhMetaFileHeader
ScaleWindowExtEx
GetWindowOrgEx
GetPaletteEntries
CreateDIBSection
CloseEnhMetaFile
CreateEnhMetaFileA
LPtoDP
EqualRgn
ExtCreateRegion
GetDIBits
SetTextAlign
GetWindowExtEx
GetViewportExtEx
CopyMetaFileA
CopyEnhMetaFileA
PathToRegion
EndPath
BeginPath
WidenPath
GetTextColor
GetMapMode
SetDIBColorTable
RoundRect
CreateEllipticRgnIndirect
CreateRoundRectRgn
GetSystemPaletteEntries
GetNearestColor
CreateCompatibleDC
SetViewportOrgEx
BitBlt
DeleteDC
IntersectClipRect
OffsetWindowOrgEx
SelectClipRgn
SelectPalette
CreatePalette
PtInRegion
OffsetRgn
ExtSelectClipRgn
CreateRectRgnIndirect
CreateRectRgn
SetRectRgn
CombineRgn
CreateFontIndirectA
GetTextExtentPointA
GetObjectA
GetBitmapBits
SetBkMode
SelectObject
ExtTextOutA
CreateBitmap
CreatePatternBrush
SetTextColor
SetBkColor
CreatePen
CreateHatchBrush
UnrealizeObject
CreateSolidBrush
EndPage
DeleteObject

advapi32

RegQueryInfoKeyA
RegCreateKeyW
RegQueryValueExW
RegEnumValueA
RegEnumValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyW
RegSetValueExW
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegEnumKeyExA
ReportEventA
DeregisterEventSource
RegisterEventSourceA
RegDeleteValueA
RegSetValueA
RegCreateKeyA
RegSetValueExA
RegEnumKeyA
RegDeleteKeyA
RegQueryValueA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA

ole32

CoTaskMemAlloc
CoTaskMemFree
BindMoniker
RegisterDragDrop
RevokeDragDrop
DoDragDrop
CreateILockBytesOnHGlobal
OleFlushClipboard
OleIsCurrentClipboard
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
CreateDataAdviseHolder
CreateOleAdviseHolder
CoRegisterClassObject
CoRevokeClassObject
CLSIDFromString
OleDoAutoConvert
OleRegGetUserType
OleSaveToStream
ReadClassStg
ReadClassStm
OleConvertIStorageToOLESTREAM
OleConvertOLESTREAMToIStorage
StgIsStorageILockBytes
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
OleCreateFromData
OleCreateLinkFromData
OleGetIconOfClass
OleGetClipboard
OleSetClipboard
OleCreateLink
OleCreateLinkToFile
OleGetAutoConvert
OleCreateFromFile
CoMarshalInterface
CoUnmarshalInterface
CreateStreamOnHGlobal
StringFromCLSID
StringFromGUID2
CLSIDFromProgID
ProgIDFromCLSID
CoGetClassObject
CoCreateInstance
MkParseDisplayName
CoIsOle1Class
OleQueryLinkFromData
OleQueryCreateFromData
GetClassFile
CreateBindCtx
OleDuplicateData
ReleaseStgMedium
OleSetMenuDescriptor
CoRegisterMessageFilter
OleUninitialize
OleInitialize
CoGetMalloc
OleRegGetMiscStatus
CoCreateGuid
IIDFromString
CoFreeUnusedLibraries
CoDisconnectObject
IsAccelerator
OleIsRunning
OleRun
OleLockRunning
StgCreateDocfile
WriteClassStg
OleSave
StgOpenStorage
OleLoad
CoLockObjectExternal

oleaut32

OleTranslateColor
OleCreatePropertyFrame
VariantInit
VariantClear
SysAllocString
SysFreeString
OleCreateFontIndirect
OleCreatePictureIndirect
SysAllocStringByteLen
OaBuildVersion
SysAllocStringLen
VariantChangeType
SetErrorInfo
CreateErrorInfo
GetErrorInfo
DispGetParam
LoadTypeLi
SysStringByteLen
LoadRegTypeLi
RegisterTypeLi
LoadTypeLibEx
UnRegisterTypeLi
LHashValOfNameSys
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
OleLoadPicture
SafeArrayDestroy
VariantCopy
VariantCopyInd
SafeArrayDestroyData
VariantChangeTypeEx
CreateDispTypeInfo
DispGetIDsOfNames
DispInvoke
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElement
SafeArrayPutElement
SafeArrayRedim
SafeArrayCopy
OleIconToCursor
RevokeActiveObject
SafeArrayAllocDescriptor
SafeArrayDestroyDescriptor
SafeArrayAllocData
SafeArrayLock
SafeArrayUnlock
VarDateFromStr
SysReAllocStringLen
GetActiveObject
VarR8FromStr
VarCyFromI4
VarBstrFromI2
VarBstrFromI4
VarBstrFromR4
VarBstrFromR8
VarBstrFromDate
VarBstrFromCy
VarI2FromStr
VarI4FromStr
VarI4FromR8
VarR4FromStr
VarCyFromStr
SysReAllocString
LHashValOfNameSysA
SysStringLen

Exports

Exports

BASIC_CLASS_AddRef
BASIC_CLASS_GetIDsOfNames
BASIC_CLASS_Invoke
BASIC_CLASS_QueryInterface
BASIC_CLASS_Release
BASIC_DISPINTERFACE_GetTICount
BASIC_DISPINTERFACE_GetTypeInfo
CopyRecord
CreateIExprSrvObj
DLLGetDocumentation
DllCanUnloadNow
DllFunctionCall
DllGetClassObject
DllRegisterServer
DllUnregisterServer
EVENT_SINK2_AddRef
EVENT_SINK2_Release
EVENT_SINK_AddRef
EVENT_SINK_GetIDsOfNames
EVENT_SINK_Invoke
EVENT_SINK_QueryInterface
EVENT_SINK_Release
EbCreateContext
EbDestroyContext
EbGetErrorInfo
EbGetHandleOfExecutingProject
EbGetObjConnectionCounts
EbGetVBAObject
EbIsProjectOnStack
EbLibraryLoad
EbLibraryUnload
EbLoadRunTime
EbResetProject
EbResetProjectNormal
EbSetContextWorkerThread
GetMem1
GetMem2
GetMem4
GetMem8
GetMemEvent
GetMemNewObj
GetMemObj
GetMemStr
GetMemVar
IID_IVbaHost
MethCallEngine
ProcCallEngine
PutMem1
PutMem2
PutMem4
PutMem8
PutMemEvent
PutMemNewObj
PutMemObj
PutMemStr
PutMemVar
SetMemEvent
SetMemNewObj
SetMemObj
SetMemVar
ThunRTMain
TipCreateInstanceEx
TipCreateInstanceProject2
TipGetAddressOfPredeclaredInstance
TipInvokeMethod
TipInvokeMethod2
TipSetOption
TipUnloadInstance
TipUnloadProject
UserDllMain
VBDllCanUnloadNow
VBDllGetClassObject
VBDllRegisterServer
VBDllUnRegisterServer
VarPtr
Zombie_AddRef
Zombie_GetIDsOfNames
Zombie_GetTypeInfo
Zombie_GetTypeInfoCount
Zombie_Invoke
Zombie_QueryInterface
Zombie_Release
_CIatan
_CIcos
_CIexp
_CIlog
_CIsin
_CIsqrt
_CItan
__vbaAptOffset
__vbaAryConstruct
__vbaAryConstruct2
__vbaAryCopy
__vbaAryDestruct
__vbaAryLock
__vbaAryMove
__vbaAryRebase1Var
__vbaAryRecCopy
__vbaAryRecMove
__vbaAryUnlock
__vbaAryVar
__vbaAryVarVarg
__vbaBoolErrVar
__vbaBoolStr
__vbaBoolVar
__vbaBoolVarNull
__vbaCVarAryUdt
__vbaCastObj
__vbaCastObjVar
__vbaCheckType
__vbaCheckTypeVar
__vbaChkstk
__vbaCopyBytes
__vbaCopyBytesZero
__vbaCyAbs
__vbaCyAdd
__vbaCyErrVar
__vbaCyFix
__vbaCyForInit
__vbaCyForNext
__vbaCyI2
__vbaCyI4
__vbaCyInt
__vbaCyMul
__vbaCyMulI2
__vbaCySgn
__vbaCyStr
__vbaCySub
__vbaCyUI1
__vbaCyVar
__vbaDateR4
__vbaDateR8
__vbaDateStr
__vbaDateVar
__vbaDerefAry
__vbaDerefAry1
__vbaEnd
__vbaErase
__vbaEraseKeepData
__vbaEraseNoPop
__vbaError
__vbaErrorOverflow
__vbaExceptHandler
__vbaExitEachAry
__vbaExitEachColl
__vbaExitEachVar
__vbaExitProc
__vbaFPException
__vbaFPFix
__vbaFPInt
__vbaFailedFriend
__vbaFileClose
__vbaFileCloseAll
__vbaFileLock
__vbaFileOpen
__vbaFileSeek
__vbaFixstrConstruct
__vbaForEachAry
__vbaForEachCollAd
__vbaForEachCollObj
__vbaForEachCollVar
__vbaForEachVar
__vbaFpCDblR4
__vbaFpCDblR8
__vbaFpCSngR4
__vbaFpCSngR8
__vbaFpCmpCy
__vbaFpCy
__vbaFpI2
__vbaFpI4
__vbaFpR4
__vbaFpR8
__vbaFpUI1
__vbaFreeObj
__vbaFreeObjList
__vbaFreeStr
__vbaFreeStrList
__vbaFreeVar
__vbaFreeVarList
__vbaFreeVarg
__vbaGenerateBoundsError
__vbaGet3
__vbaGet4
__vbaGetFxStr3
__vbaGetFxStr4
__vbaGetOwner3
__vbaGetOwner4
__vbaGosub
__vbaGosubFree
__vbaGosubReturn
__vbaHresultCheck
__vbaHresultCheckNonvirt
__vbaHresultCheckObj
__vbaI2Abs
__vbaI2Cy
__vbaI2ErrVar
__vbaI2ForNextCheck
__vbaI2I4
__vbaI2Sgn
__vbaI2Str
__vbaI2Var
__vbaI4Abs
__vbaI4Cy
__vbaI4ErrVar
__vbaI4ForNextCheck
__vbaI4Sgn
__vbaI4Str
__vbaI4Var
__vbaInStr
__vbaInStrB
__vbaInStrVar
__vbaInStrVarB
__vbaInputFile
__vbaLateIdCall
__vbaLateIdCallLd
__vbaLateIdCallSt
__vbaLateIdNamedCall
__vbaLateIdNamedCallLd
__vbaLateIdNamedCallSt
__vbaLateIdNamedStAd
__vbaLateIdSt
__vbaLateIdStAd
__vbaLateMemCall
__vbaLateMemCallLd
__vbaLateMemCallSt
__vbaLateMemNamedCall
__vbaLateMemNamedCallLd
__vbaLateMemNamedCallSt
__vbaLateMemNamedStAd
__vbaLateMemSt
__vbaLateMemStAd
__vbaLbound
__vbaLdZeroAry
__vbaLenBstr
__vbaLenBstrB
__vbaLenVar
__vbaLenVarB
__vbaLineInputStr
__vbaLineInputVar
__vbaLsetFixstr
__vbaLsetFixstrFree
__vbaMidStmtBstr
__vbaMidStmtBstrB
__vbaMidStmtVar
__vbaMidStmtVarB
__vbaNameFile
__vbaNew
__vbaNew2
__vbaNextEachAry
__vbaNextEachCollAd
__vbaNextEachCollObj
__vbaNextEachCollVar
__vbaNextEachVar
__vbaObjAddref
__vbaObjIs
__vbaObjSet
__vbaObjSetAddref
__vbaObjVar
__vbaOnError
__vbaOnGoCheck
__vbaPowerR8
__vbaPrintFile
__vbaPrintObj
__vbaPut3
__vbaPut4
__vbaPutFxStr3
__vbaPutFxStr4
__vbaPutOwner3
__vbaPutOwner4
__vbaR4Cy
__vbaR4ErrVar
__vbaR4ForNextCheck
__vbaR4Sgn
__vbaR4Str
__vbaR4Var
__vbaR8Cy
__vbaR8ErrVar
__vbaR8FixI2
__vbaR8FixI4
__vbaR8ForNextCheck
__vbaR8IntI2
__vbaR8IntI4
__vbaR8Sgn
__vbaR8Str
__vbaR8Var
__vbaRaiseEvent
__vbaRecAnsiToUni
__vbaRecAssign
__vbaRecDestruct
__vbaRecDestructAnsi
__vbaRecUniToAnsi
__vbaRedim
__vbaRedimPreserve
__vbaRedimPreserveVar
__vbaRedimPreserveVar2
__vbaRedimVar
__vbaRedimVar2
__vbaRefVarAry
__vbaResume
__vbaRsetFixstr
__vbaRsetFixstrFree
__vbaSetSystemError
__vbaStopExe
__vbaStr2Vec
__vbaStrAryToAnsi
__vbaStrAryToUnicode
__vbaStrBool
__vbaStrCat
__vbaStrCmp
__vbaStrComp
__vbaStrCompVar
__vbaStrCopy
__vbaStrCy
__vbaStrDate
__vbaStrErrVarCopy
__vbaStrFixstr
__vbaStrI2
__vbaStrI4
__vbaStrLike
__vbaStrMove
__vbaStrR4
__vbaStrR8
__vbaStrTextCmp
__vbaStrTextLike
__vbaStrToAnsi
__vbaStrToUnicode
__vbaStrUI1
__vbaStrVarCopy
__vbaStrVarMove
__vbaStrVarVal
__vbaUI1Cy
__vbaUI1ErrVar
__vbaUI1I2
__vbaUI1I4
__vbaUI1Sgn
__vbaUI1Str
__vbaUI1Var
__vbaUbound
__vbaUdtVar
__vbaUnkVar
__vbaVar2Vec
__vbaVarAbs
__vbaVarAdd
__vbaVarAnd
__vbaVarCat
__vbaVarCmpEq
__vbaVarCmpGe
__vbaVarCmpGt
__vbaVarCmpLe
__vbaVarCmpLt
__vbaVarCmpNe
__vbaVarCopy
__vbaVarDateVar
__vbaVarDiv
__vbaVarDup
__vbaVarEqv
__vbaVarErrI4
__vbaVarFix
__vbaVarForInit
__vbaVarForNext
__vbaVarIdiv
__vbaVarImp
__vbaVarIndexLoad
__vbaVarIndexLoadRef
__vbaVarIndexLoadRefLock
__vbaVarIndexStore
__vbaVarIndexStoreObj
__vbaVarInt
__vbaVarLateMemCallLd
__vbaVarLateMemCallLdRf
__vbaVarLateMemCallSt
__vbaVarLateMemSt
__vbaVarLateMemStAd
__vbaVarLike
__vbaVarLikeVar
__vbaVarMod
__vbaVarMove
__vbaVarMul
__vbaVarNeg
__vbaVarNot
__vbaVarOr
__vbaVarPow
__vbaVarSetObj
__vbaVarSetObjAddref
__vbaVarSetUnk
__vbaVarSetUnkAddref
__vbaVarSetVar
__vbaVarSetVarAddref
__vbaVarSub
__vbaVarTextCmpEq
__vbaVarTextCmpGe
__vbaVarTextCmpGt
__vbaVarTextCmpLe
__vbaVarTextCmpLt
__vbaVarTextCmpNe
__vbaVarTextLike
__vbaVarTextLikeVar
__vbaVarTextTstEq
__vbaVarTextTstGe
__vbaVarTextTstGt
__vbaVarTextTstLe
__vbaVarTextTstLt
__vbaVarTextTstNe
__vbaVarTstEq
__vbaVarTstGe
__vbaVarTstGt
__vbaVarTstLe
__vbaVarTstLt
__vbaVarTstNe
__vbaVarVargNofree
__vbaVarXor
__vbaVarZero
__vbaVargObj
__vbaVargObjAddref
__vbaVargParmRef
__vbaVargUnk
__vbaVargUnkAddref
__vbaVargVar
__vbaVargVarCopy
__vbaVargVarMove
__vbaVargVarRef
__vbaVerifyVarObj
__vbaWriteFile
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_allmul
rtBoolFromErrVar
rtBstrFromErrVar
rtCyFromErrVar
rtDecFromVar
rtI2FromErrVar
rtI4FromErrVar
rtR4FromErrVar
rtR8FromErrVar
rtUI1FromErrVar
rtcAbsVar
rtcAnsiValueBstr
rtcAppActivate
rtcAppleScript
rtcArray
rtcAtn
rtcBeep
rtcBstrFromAnsi
rtcBstrFromByte
rtcBstrFromChar
rtcBstrFromError
rtcBstrFromFormatVar
rtcByteValueBstr
rtcCVErrFromVar
rtcCallByName
rtcChangeDir
rtcChangeDrive
rtcCharValueBstr
rtcChoose
rtcCommandBstr
rtcCommandVar
rtcCompareBstr
rtcCos
rtcCreateObject
rtcCreateObject2
rtcCurrentDir
rtcCurrentDirBstr
rtcDDB
rtcDateAdd
rtcDateDiff
rtcDateFromVar
rtcDatePart
rtcDeleteSetting
rtcDir
rtcDoEvents
rtcEndOfFile
rtcEnvironBstr
rtcEnvironVar
rtcErrObj
rtcExp
rtcFV
rtcFileAttributes
rtcFileCopy
rtcFileDateTime
rtcFileLen
rtcFileLength
rtcFileLocation
rtcFileReset
rtcFileSeek
rtcFileWidth
rtcFilter
rtcFixVar
rtcFormatCurrency
rtcFormatDateTime

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

ENGINE
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SETUP/Support/richtx32.Ocx
.dll regsvr32 windows:4 windows x86 arch:x86

3d07d7e08d7d8d672e74f30bddea2890

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:27:81:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/10/2008, 21:24

Not After

22/01/2010, 21:34

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d8:88:48:12:33:48:a7:a5:80:2a:bb:48:87:99:e4:a4:1c:8c:dd:e7
Signer

Actual PE Digest

d8:88:48:12:33:48:a7:a5:80:2a:bb:48:87:99:e4:a4:1c:8c:dd:e7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

shell32

DragQueryFileA
DragFinish
DragAcceptFiles

oledlg

ord1

kernel32

lstrcmpA
GetVersionExA
lstrcpyA
GlobalSize
GlobalLock
GlobalUnlock
GlobalAlloc
GlobalFree
FindResourceA
LoadResource
LockResource
GetLocaleInfoA
GetWindowsDirectoryA
HeapReAlloc
GetModuleFileNameA
GetFileAttributesA
GetProcAddress
GetVersion
DisableThreadLibraryCalls
FindAtomA
AddAtomA
GetAtomNameA
DeleteAtom
InterlockedIncrement
IsBadWritePtr
LoadLibraryA
InterlockedDecrement
FreeLibrary
DeleteCriticalSection
InitializeCriticalSection
GetProcessHeap
WriteFile
GetLastError
EnterCriticalSection
LeaveCriticalSection
CreateFileA
ReadFile
lstrcmpiA
SetFilePointer
CloseHandle
IsDBCSLeadByte
lstrlenA
HeapFree
WideCharToMultiByte
lstrlenW
HeapAlloc
MultiByteToWideChar

user32

SetCursorPos
MapWindowPoints
ScreenToClient
GetClipboardFormatNameA
PeekMessageW
PostMessageW
PeekMessageA
RegisterWindowMessageA
DialogBoxParamA
SendMessageA
UpdateWindow
ReleaseDC
GetSystemMetrics
GetDC
CallWindowProcA
MessageBeep
GetKeyState
EndDialog
EnableWindow
GetCursorPos
GetCapture
RegisterClipboardFormatA
LoadStringA
RegisterClassA
GetClassInfoA
InflateRect
GetSysColor
SetRect
ValidateRect
ReleaseCapture
CreateDialogIndirectParamA
IsChild
IsWindowEnabled
GetNextDlgTabItem
IsDialogMessageA
WinHelpA
MoveWindow
SetFocus
BeginPaint
EndPaint
SetParent
IsWindowVisible
CreateWindowExA
GetWindowLongA
ShowWindow
SetWindowRgn
IntersectRect
EqualRect
OffsetRect
ClientToScreen
GetWindowRect
SetWindowLongA
SetWindowPos
GetActiveWindow
UnregisterClassA
DestroyWindow
LoadMenuA
GetSubMenu
RemoveMenu
DestroyMenu
GetMenuItemCount
DeleteMenu
EnableMenuItem
TrackPopupMenu
GetWindow
GetWindowTextA
CharNextA
wsprintfA
MessageBoxA
SendDlgItemMessageA
InvalidateRect
GetClientRect
WindowFromDC
GetDlgItem
PostMessageA
GetDlgItemTextA
GetDlgItemInt
IsDlgButtonChecked
SetDlgItemInt
SetDlgItemTextA
CheckDlgButton
IsWindow
DefWindowProcA
LoadCursorA
SetCursor
GetParent
GetFocus
TranslateMessage
DispatchMessageA
FillRect
PtInRect

ole32

DoDragDrop
RegisterDragDrop
CreateOleAdviseHolder
OleCreateFromFile
CLSIDFromProgID
OleCreate
OleSetContainedObject
StringFromCLSID
OleGetIconOfClass
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleSaveToStream
OleLoadFromStream
RevokeDragDrop
CoTaskMemRealloc
ReleaseStgMedium
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoGetMalloc

advapi32

RegQueryValueA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegEnumKeyExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA

oleaut32

SafeArrayAccessData
SafeArrayUnaccessData
VariantCopyInd
VariantCopy
CreateErrorInfo
SetErrorInfo
OleCreatePropertyFrame
LoadTypeLibEx
UnRegisterTypeLi
LoadTypeLi
RegisterTypeLi
SafeArrayCreate
SafeArrayPutElement
GetErrorInfo
OleCreatePictureIndirect
LoadRegTypeLi
OleLoadPicture
OleCreateFontIndirect
SysAllocStringLen
SysFreeString
OleTranslateColor
SysStringLen
SysAllocString
VariantInit
VariantChangeType
VariantClear
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayDestroy
SafeArrayGetElement
SafeArrayRedim
SafeArrayCopy

comdlg32

GetOpenFileNameA
CommDlgExtendedError

gdi32

GetNearestColor
CreatePalette
DeleteDC
EndDoc
EndPage
StartPage
StartDocA
DPtoLP
SetWindowOrgEx
SetViewportOrgEx
SetMapMode
CreateCompatibleDC
GetMapMode
GetDeviceCaps
CreateICA
GetObjectType
EnumFontFamiliesExA
DeleteObject
StretchBlt
CreateSolidBrush
PatBlt
CreateCompatibleBitmap
SelectObject
SetViewportExtEx
SetWindowExtEx
GetClipBox
SetBkColor
CreateRectRgnIndirect
GetViewportExtEx
GetWindowExtEx
LPtoDP
CreateDCA
CopyMetaFileA
CopyEnhMetaFileA
CreateBitmap
GetStockObject
GetPaletteEntries
GetDIBits
RealizePalette
SelectPalette
GetObjectA
CreateDIBitmap
GetBitmapBits

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
VBFrameworkMapClassObject

Sections

.text
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SETUP/Support/zlibwapi.dll
.dll windows:6 windows x86 arch:x86

e8b4679d36252eb2cf393b62d36e67b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
SetFilePointer
WriteFile
ReadFile
CreateFileW
GetLastError
CloseHandle
IsDebuggerPresent
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
DecodePointer
EncodePointer
IsProcessorFeaturePresent

msvcr120

_errno
_read
_close
_write
_ftelli64
_fseeki64
fopen
fread
ferror
fwrite
memchr
rand
srand
_time64
_vsnprintf
__CppXcptFilter
_amsg_exit
_malloc_crt
_initterm
_initterm_e
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
__clean_type_info_names_internal
_except_handler4_common
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
strerror
wcstombs
_snprintf
malloc
_open
free
_wopen
_lseeki64
fclose
memcpy
memset

Exports

Exports

adler32
adler32_combine
adler32_z
compress
compress2
compressBound
crc32
crc32_combine
crc32_z
deflate
deflateBound
deflateCopy
deflateEnd
deflateGetDictionary
deflateInit2_
deflateInit_
deflateParams
deflatePending
deflatePrime
deflateReset
deflateResetKeep
deflateSetDictionary
deflateSetHeader
deflateTune
fill_win32_filefunc
fill_win32_filefunc64
fill_win32_filefunc64A
fill_win32_filefunc64W
get_crc_table
gzbuffer
gzclearerr
gzclose
gzclose_r
gzclose_w
gzdirect
gzdopen
gzeof
gzerror
gzflush
gzfread
gzfwrite
gzgetc
gzgetc_
gzgets
gzoffset
gzopen
gzopen_w
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzsetparams
gztell
gzungetc
gzvprintf
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCodesUsed
inflateCopy
inflateEnd
inflateGetDictionary
inflateGetHeader
inflateInit2_
inflateInit_
inflateMark
inflatePrime
inflateReset
inflateReset2
inflateResetKeep
inflateSetDictionary
inflateSync
inflateSyncPoint
inflateUndermine
inflateValidate
uncompress
uncompress2
unzClose
unzCloseCurrentFile
unzGetCurrentFileInfo
unzGetCurrentFileInfo64
unzGetCurrentFileZStreamPos64
unzGetFilePos
unzGetFilePos64
unzGetGlobalComment
unzGetGlobalInfo
unzGetGlobalInfo64
unzGetLocalExtrafield
unzGoToFilePos
unzGoToFilePos64
unzGoToFirstFile
unzGoToNextFile
unzLocateFile
unzOpen
unzOpen2
unzOpen2_64
unzOpen64
unzOpenCurrentFile
unzOpenCurrentFile2
unzOpenCurrentFile3
unzOpenCurrentFilePassword
unzReadCurrentFile
unzStringFileNameCompare
unzeof
unztell
unztell64
zError
zipClose
zipCloseFileInZip
zipCloseFileInZipRaw
zipCloseFileInZipRaw64
zipOpen
zipOpen2
zipOpen2_64
zipOpen64
zipOpenNewFileInZip
zipOpenNewFileInZip2
zipOpenNewFileInZip2_64
zipOpenNewFileInZip3
zipOpenNewFileInZip3_64
zipOpenNewFileInZip4_64
zipOpenNewFileInZip64
zipWriteInFileInZip
zlibCompileFlags
zlibVersion

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SETUP/readme.txt
SETUP/unSetup.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 34KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SSSAO.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 53KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 85KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 80KB

UPX1 Size: 34KB - Virtual size: 36KB

.rsrc Size: 25KB - Virtual size: 28KB

28b659576236be75a4bbcbfa9113e470

Headers

File Characteristics

Imports

ole32

user32

gdi32

kernel32

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 100KB

.data Size: 20KB - Virtual size: 25KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 5KB

5316dd1ba7417f578451f902c4b4f845

Headers

File Characteristics

Imports

ole32

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 12KB

.data Size: 3KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 972B

.reloc Size: 1024B - Virtual size: 906B

624c84a04948cdb010eaf9695c0efffd

Headers

File Characteristics

Imports

ole32

version

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 51KB

.data Size: 16KB - Virtual size: 16KB

.idata Size: 2KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 3KB - Virtual size: 3KB

Headers

File Characteristics

Sections

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 512B - Virtual size: 12B

256038c6c089d20e32a574c72c9a55dc

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:06:27:81:00:00:00:00:00:08Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:06:94:2d:00:00:00:00:00:09Certificate

Extended Key Usages

Key Usages

ea:f1:24:6c:e9:5c:7c:1a:35:4a:e1:f1:ee:6f:cb:2a:97:33:e4:13Signer

Headers

UPX0
Size: - Virtual size: 80KB

UPX1
Size: 34KB - Virtual size: 36KB

.rsrc
Size: 25KB - Virtual size: 28KB

.text
Size: 104KB - Virtual size: 100KB

.data
Size: 20KB - Virtual size: 25KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 12KB - Virtual size: 12KB

.data
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 972B

.reloc
Size: 1024B - Virtual size: 906B

.text
Size: 52KB - Virtual size: 51KB

.data
Size: 16KB - Virtual size: 16KB

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 512B - Virtual size: 12B

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:06:27:81:00:00:00:00:00:08
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:06:94:2d:00:00:00:00:00:09
Certificate

ea:f1:24:6c:e9:5c:7c:1a:35:4a:e1:f1:ee:6f:cb:2a:97:33:e4:13
Signer

.text
Size: 72KB - Virtual size: 69KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 36KB - Virtual size: 32KB

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 1024B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 336B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 24B

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 1KB

hook
Size: 512B - Virtual size: 4B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 412B

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 12KB

hook
Size: 4KB - Virtual size: 12B

.reloc
Size: 4KB - Virtual size: 3KB