bandicam[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

bandicam.zip
Size

18.8MB
MD5

d6c491077c183c43dc7483f2de3f0e1b
SHA1

1ad75214cc9ce98f1f1aedf915f4b696c1cedb0e
SHA256

c4b7472d41f5d6be3915177b3c354409b38284b05183618b7ab37544e01602b5
SHA512

9bf51c2ef268f695af57875f984550e589ff76f9008bf568c1e9bbd4266134ef8834db3c6f43dded94f969dfa5146607490931b477de38ef6833c88c4b098fe7
SSDEEP

393216:PRAO7OazgOr4g9htRsw6PF1tbxch1Q4s6jtVu5++Y6Vz+0Ir2FKYXLU9NzQBNNhj:pAO7vq391Nxwfs6jtMX4t9kPWdHrHwXz

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bandicam/Ativador Bandicam.exe
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/System.dll
unpack003/$PLUGINSDIR/InstallOptions.dll
unpack003/$PLUGINSDIR/System.dll
unpack003/$PLUGINSDIR/UserInfo.dll

Files

bandicam.zip
.zip
bandicam/Ativador Bandicam.exe
.exe windows:4 windows x86 arch:x86

820ab24e53af2dbafc74d24f87e40262

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA

comctl32

InitCommonControls

kernel32

LoadLibraryA
GetProcAddress

Sections

.wkt0
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wkt0
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wkt0
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wkt0
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
bandicam/bdcamsetup.exe
.exe windows:4 windows x86 arch:x86

e2a592076b17ef8bfb48b7e03965a3fc

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3f:8d:23:c1:36:ae:9c:be:ea:c7:60:5b:24:ec:03:91
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/12/2017, 00:00

Not After

19/02/2021, 23:59

Subject

CN=Bandicam Company,O=Bandicam Company,L=Yeoungdeungpo-=gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3f:8d:23:c1:36:ae:9c:be:ea:c7:60:5b:24:ec:03:91
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/12/2017, 00:00

Not After

19/02/2021, 23:59

Subject

CN=Bandicam Company,O=Bandicam Company,L=Yeoungdeungpo-=gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19/02/2018, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:8e:ff:00:87:43:e9:d2:81:c7:68:6d:67:e0:a0:50:67:66:25:61:77:10:ab:de:b0:bf:5d:b5:82:48:14:5b
Signer

Actual PE Digest

1b:8e:ff:00:87:43:e9:d2:81:c7:68:6d:67:e0:a0:50:67:66:25:61:77:10:ab:de:b0:bf:5d:b5:82:48:14:5b

Digest Algorithm

sha256

PE Digest Matches

true

ed:c7:89:94:f0:3c:e6:dd:b9:06:28:3b:29:53:9f:57:4a:49:19:21
Signer

Actual PE Digest

ed:c7:89:94:f0:3c:e6:dd:b9:06:28:3b:29:53:9f:57:4a:49:19:21

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetCurrentDirectoryW
GetFileAttributesW
GetFullPathNameW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
MoveFileW
SetFileAttributesW
GetCurrentProcess
ExitProcess
SetEnvironmentVariableW
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
GetVersion
SetErrorMode
lstrlenW
WaitForSingleObject
CopyFileW
CompareFileTime
GlobalLock
CreateThread
GetLastError
CreateDirectoryW
CreateProcessW
RemoveDirectoryW
lstrcmpiA
CreateFileW
GetTempFileNameW
WriteFile
lstrcpyA
lstrcpyW
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GlobalFree
GlobalAlloc
GetShortPathNameW
SearchPathW
lstrcmpiW
SetFileTime
CloseHandle
ExpandEnvironmentStringsW
lstrcmpW
GlobalUnlock
lstrcpynW
GetDiskFreeSpaceW
GetExitCodeProcess
FindFirstFileW
FindNextFileW
DeleteFileW
SetFilePointer
ReadFile
FindClose
MulDiv
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetPrivateProfileStringW
WritePrivateProfileStringW
FreeLibrary
LoadLibraryExW
GetModuleHandleW

user32

GetSystemMenu
SetClassLongW
IsWindowEnabled
EnableMenuItem
SetWindowPos
GetSysColor
GetWindowLongW
SetCursor
LoadCursorW
CheckDlgButton
GetMessagePos
LoadBitmapW
CallWindowProcW
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
wsprintfW
ScreenToClient
GetWindowRect
GetSystemMetrics
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharPrevW
CharNextA
wsprintfA
DispatchMessageW
PeekMessageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
LoadImageW
SetTimer
SetWindowTextW
PostQuitMessage
ShowWindow
GetDlgItem
IsWindow
SetWindowLongW
FindWindowExW
TrackPopupMenu
AppendMenuW
CreatePopupMenu
DrawTextW
EndPaint
CreateDialogParamW
SendMessageTimeoutW
SetForegroundWindow

gdi32

SelectObject
SetBkMode
CreateFontIndirectW
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW

advapi32

RegDeleteKeyW
SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyExW
RegEnumValueW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumKeyW

comctl32

ImageList_AddMasked
ord17
ImageList_Destroy
ImageList_Create

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

4b45b7e00344a87332fbd12653854d1a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentDirectoryW
GlobalUnlock
GlobalLock
GetModuleHandleW
CloseHandle
SetEndOfFile
SetCurrentDirectoryW
GetPrivateProfileStringW
GetPrivateProfileIntW
MultiByteToWideChar
ReadFile
GetFileSize
CreateFileW
lstrcmpiW
lstrcatW
lstrcpynW
WritePrivateProfileStringW
lstrlenW
lstrcpyW
GlobalFree
GlobalAlloc
WriteFile
SetFilePointer

user32

LoadCursorW
SetWindowRgn
GetDlgCtrlID
CloseClipboard
DrawFocusRect
OpenClipboard
DrawTextW
SetCursor
LoadIconW
LoadImageW
SetWindowLongW
CreateWindowExW
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamW
GetClientRect
ShowWindow
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
CallWindowProcW
PostMessageW
MessageBoxW
GetSysColor
CharNextW
wsprintfW
GetWindowTextW
SetWindowTextW
SendMessageW
GetWindowLongW
EnableMenuItem
PtInRect
MapWindowPoints
GetClipboardData

gdi32

SetTextColor
DeleteObject
CombineRgn
CreateRectRgn
GetDIBits
SelectObject
CreateCompatibleDC
GetObjectW

shell32

SHGetDesktopFolder
SHGetPathFromIDListW
ShellExecuteW
SHBrowseForFolderW

comdlg32

GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
make_unicode
show

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 851B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 610B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$SYSDIR/D3DCompiler_47.dll
.dll windows:10 windows x86 arch:x86

323b4a980be6850b6d140bd6363118e2

Code Sign

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:06

Not After

01/01/2016, 18:06

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d4:45:ae:46:71:01:79:2c:15:07:27:3b:5f:19:70:0e:2a:89:38:d2:b9:c2:40:83:d4:02:1c:a3:4b:ee:07:06
Signer

Actual PE Digest

d4:45:ae:46:71:01:79:2c:15:07:27:3b:5f:19:70:0e:2a:89:38:d2:b9:c2:40:83:d4:02:1c:a3:4b:ee:07:06

Digest Algorithm

sha256

PE Digest Matches

true

a3:0a:17:a8:d1:ed:84:90:d1:97:9d:20:6e:4b:59:7c:f5:47:04:fd
Signer

Actual PE Digest

a3:0a:17:a8:d1:ed:84:90:d1:97:9d:20:6e:4b:59:7c:f5:47:04:fd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D3DCompiler_47.pdb

Imports

msvcrt

__dllonexit
_unlock
_lock
??1type_info@@UAE@XZ
_initterm
_amsg_exit
_XcptFilter
_callnewh
_isnan
__isascii
_clearfp
_controlfp
_strdup
_mbstrlen
_purecall
_vsnwprintf
strtoul
isxdigit
atof
strchr
setlocale
strnlen
modf
strrchr
tolower
_finite
_fpclass
memmove
strncmp
strncpy_s
isspace
wcsncmp
wcsncpy_s
_wcsicmp
memcpy
memset
fclose
bsearch
qsort
strcat_s
_onexit
_CxxThrowException
_snwprintf_s
__unDName
fread
fseek
_wfsopen
wcstoul
_fileno
sscanf_s
_filelengthi64
towlower
_wcsnicmp
_wsplitpath_s
wcscpy_s
wcsncat_s
wcsrchr
swprintf_s
_wmakepath_s
time
_wcsdup
_wgetenv
_wfullpath
_chsize_s
_close
_read
_write
_lseeki64
_get_osfhandle
_open_osfhandle
wcscat_s
ftell
_mbscmp
_memicmp
toupper
_atoi64
strtod
_errno
_strtoui64
?terminate@@YAXXZ
_except_handler4_common
strstr
malloc
_strnicmp
atoi
isdigit
isalpha
strcpy_s
memcpy_s
isalnum
getenv
free
_stricmp
sprintf_s
_vsnprintf
_wsopen
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
__CxxFrameHandler3
_ftol2
_ftol2_sse
ceil
floor

advapi32

RegOpenKeyExW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExW

kernel32

MapViewOfFileEx
SetFilePointer
InitializeCriticalSectionAndSpinCount
ExpandEnvironmentStringsW
DeviceIoControl
SetFilePointerEx
SetEndOfFile
GetFileType
DeleteFileW
FlushViewOfFile
SetFileAttributesW
GetFileAttributesW
SetLastError
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
LocalFree
LocalAlloc
LoadLibraryExW
GetProcAddress
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
lstrcmpiA
HeapCreate
GetEnvironmentVariableA
GetModuleFileNameA
LCMapStringW
DisableThreadLibraryCalls
MultiByteToWideChar
WideCharToMultiByte
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringA
HeapAlloc
GetProcessHeap
HeapFree
FreeLibrary
WriteFile
VirtualFree
VirtualAlloc
GetSystemInfo
CreateFileW
GetLastError
GetFileSizeEx
ReadFile
CloseHandle
Sleep
TlsAlloc
TlsSetValue
HeapDestroy
TlsGetValue
TlsFree
GetFullPathNameW
GetFullPathNameA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
CreateFileA

rpcrt4

UuidCreate

Exports

Exports

D3DAssemble
D3DCompile
D3DCompile2
D3DCompileFromFile
D3DCompressShaders
D3DCreateBlob
D3DCreateFunctionLinkingGraph
D3DCreateLinker
D3DDecompressShaders
D3DDisassemble
D3DDisassemble10Effect
D3DDisassemble11Trace
D3DDisassembleRegion
D3DGetBlobPart
D3DGetDebugInfo
D3DGetInputAndOutputSignatureBlob
D3DGetInputSignatureBlob
D3DGetOutputSignatureBlob
D3DGetTraceInstructionOffsets
D3DLoadModule
D3DPreprocess
D3DReadFileToBlob
D3DReflect
D3DReflectLibrary
D3DReturnFailure1
D3DSetBlobPart
D3DStripShader
D3DWriteBlobToFile
DebugSetMute

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/msvcp110.dll
.dll windows:6 windows x86 arch:x86

098e9eddf1a24b3fd9465ee992148a02

Code Sign

33:00:00:00:9d:1e:8d:27:ae:b8:f3:d8:38:00:01:00:00:00:9d
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/09/2012, 21:42

Not After

04/03/2013, 21:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:2b:39:32:48:c1:b2:c9:48:f3:00:00:00:00:00:2b
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/09/2012, 21:12

Not After

04/12/2013, 21:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:08:e2:79:fa:0d:25:58:45:ea:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/07/2012, 00:14

Not After

07/10/2013, 00:14

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bd:da:49:3e:e0:d0:cf:a8:1e:ba:49:76:d1:38:5e:50:ea:b9:84:2f:8b:f8:ee:1c:ee:b6:de:b5:98:7f:ae:bf
Signer

Actual PE Digest

bd:da:49:3e:e0:d0:cf:a8:1e:ba:49:76:d1:38:5e:50:ea:b9:84:2f:8b:f8:ee:1c:ee:b6:de:b5:98:7f:ae:bf

Digest Algorithm

sha256

PE Digest Matches

true

bf:fa:d4:6b:19:62:38:e3:7a:c8:07:80:df:f1:d6:ab:5d:65:be:e9
Signer

Actual PE Digest

bf:fa:d4:6b:19:62:38:e3:7a:c8:07:80:df:f1:d6:ab:5d:65:be:e9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msvcp110.i386.pdb

Imports

msvcr110

fgetpos
fsetpos
_fseeki64
fwrite
setvbuf
ungetc
_lock_file
_unlock_file
memcpy_s
memset
_fsopen
fseek
_wfsopen
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
?_ScheduleTask@_CurrentScheduler@details@Concurrency@@SAXP6AXPAX@Z0@Z
?set@event@Concurrency@@QAEXXZ
ldexp
sprintf_s
strcspn
wcslen
_Strftime
_Wcsftime
strcmp
setlocale
_malloc_crt
_realloc_crt
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
fgetwc
fputwc
ungetwc
__uncaught_exception
towupper
towlower
_errno
memcmp
_wcsdup
___lc_locale_name_func
___lc_collate_cp_func
__crtCompareStringA
__crtLCMapStringA
___lc_codepage_func
_ismbblead
remove
rename
_wremove
_wgetcwd
_wchdir
_wmkdir
_wrmdir
_wrename
_getcwd
_chdir
_mkdir
_rmdir
__crtIsPackagedApp
__crtCreateSymbolicLinkW
calloc
??0_Condition_variable@details@Concurrency@@QAE@XZ
fgetc
?wait@_Condition_variable@details@Concurrency@@QAEXAAVcritical_section@3@@Z
?wait_for@_Condition_variable@details@Concurrency@@QAE_NAAVcritical_section@3@I@Z
?notify_one@_Condition_variable@details@Concurrency@@QAEXXZ
?notify_all@_Condition_variable@details@Concurrency@@QAEXXZ
_beginthreadex
_endthreadex
??0critical_section@Concurrency@@QAE@XZ
??1critical_section@Concurrency@@QAE@XZ
?lock@critical_section@Concurrency@@QAEXXZ
?try_lock@critical_section@Concurrency@@QAE_NXZ
?try_lock_for@critical_section@Concurrency@@QAE_NI@Z
?unlock@critical_section@Concurrency@@QAEXXZ
?terminate@@YAXXZ
__crtFlsAlloc
__crtFlsFree
__crtFlsGetValue
__crtFlsSetValue
??0operation_timed_out@Concurrency@@QAE@XZ
?Alloc@Concurrency@@YAPAXI@Z
?ScheduleTask@CurrentScheduler@Concurrency@@SAXP6AXPAX@Z0@Z
??0invalid_link_target@Concurrency@@QAE@PBD@Z
??0message_not_found@Concurrency@@QAE@XZ
?_Trace_agents@Concurrency@@YAXW4Agents_EventType@1@_JZZ
??0bad_target@Concurrency@@QAE@XZ
??0invalid_operation@Concurrency@@QAE@PBD@Z
?wait@event@Concurrency@@QAEII@Z
??1event@Concurrency@@QAE@XZ
??0event@Concurrency@@QAE@XZ
?Free@Concurrency@@YAXPAX@Z
??1_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QAE@XZ
??0_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QAE@AAV123@@Z
??0_ReentrantPPLLock@details@Concurrency@@QAE@XZ
??1_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QAE@XZ
??0_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QAE@AAV123@@Z
??0_NonReentrantPPLLock@details@Concurrency@@QAE@XZ
?_Yield@_Context@details@Concurrency@@SAXXZ
?_UnderlyingYield@details@Concurrency@@YAXXZ
?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QAE_NXZ
?GetNumberOfVirtualProcessors@CurrentScheduler@Concurrency@@SAIXZ
?IsCurrentTaskCollectionCanceling@Context@Concurrency@@SA_NXZ
??0task_canceled@Concurrency@@QAE@XZ
??1_SpinLock@details@Concurrency@@QAE@XZ
??0_SpinLock@details@Concurrency@@QAE@ACJ@Z
?Log2@details@Concurrency@@YAKI@Z
_lock
_unlock
__pctype_func
isupper
_calloc_crt
__crtGetLocaleInfoEx
islower
__crtLCMapStringW
isspace
tolower
memchr
sqrt
isdigit
isalnum
__crtCompareStringW
__dllonexit
_onexit
??1type_info@@UAE@XZ
__CppXcptFilter
_amsg_exit
_initterm
_initterm_e
_except_handler4_common
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__clean_type_info_names_internal
fflush
fclose
__CxxFrameHandler3
_CxxThrowException
?what@exception@std@@UBEPBDXZ
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
_W_Gettnames
_W_Getmonths
_W_Getdays
_Gettnames
_Getmonths
_Getdays
localeconv
??0bad_cast@std@@QAE@PBD@Z
??_V@YAXPAX@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBDH@Z
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@XZ
memmove
strlen
memcpy
malloc
free
___mb_cur_max_func
_purecall
rand_s
fputs
fputc
__iob_func
abort
log
__crtInitializeCriticalSectionEx
??3@YAXPAX@Z
??1_Condition_variable@details@Concurrency@@QAE@XZ
??2@YAPAXI@Z

kernel32

GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
GetStringTypeW
InterlockedDecrement
InterlockedIncrement
GetSystemTimeAsFileTime
InterlockedExchange
GetExitCodeThread
GetCurrentThreadId
GetCurrentThread
GetCurrentProcess
Sleep
WaitForSingleObject
DuplicateHandle
AreFileApisANSI
CreateHardLinkW
CopyFileW
GetLastError
CloseHandle
SetFileTime
GetFileInformationByHandle
GetFileAttributesExW
GetDiskFreeSpaceExW
FindNextFileW
FindFirstFileExW
FindClose
CreateFileW
WideCharToMultiByte
MultiByteToWideChar
DecodePointer
EncodePointer
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
DisableThreadLibraryCalls

Exports

Exports

??$_Getvals@_W@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IAEX_WABV_Locinfo@1@@Z
??$_Getvals@_W@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IAEX_WABV_Locinfo@1@@Z
??$_Getvals@_W@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IAEX_WABV_Locinfo@1@@Z
??0?$_Yarn@D@std@@QAE@ABV01@@Z
??0?$_Yarn@D@std@@QAE@PBD@Z
??0?$_Yarn@D@std@@QAE@XZ
??0?$_Yarn@_W@std@@QAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N1@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N1@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@ABV01@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@ABV01@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@ABV01@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$codecvt@DDH@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@DDH@std@@QAE@I@Z
??0?$codecvt@GDH@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@GDH@std@@QAE@I@Z
??0?$codecvt@_WDH@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@_WDH@std@@QAE@I@Z
??0?$ctype@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@D@std@@QAE@PBF_NI@Z
??0?$ctype@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@G@std@@QAE@I@Z
??0?$ctype@_W@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@_W@std@@QAE@I@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IAE@PBDI@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IAE@PBDI@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IAE@PBDI@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IAE@PBDI@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IAE@PBDI@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0Init@ios_base@std@@QAE@XZ
??0_Concurrent_queue_base_v4@details@Concurrency@@IAE@I@Z
??0_Concurrent_queue_iterator_base_v4@details@Concurrency@@IAE@ABV_Concurrent_queue_base_v4@12@@Z
??0_Container_base12@std@@QAE@ABU01@@Z
??0_Container_base12@std@@QAE@XZ
??0_Facet_base@std@@QAE@ABV01@@Z
??0_Facet_base@std@@QAE@XZ
??0_Init_locks@std@@QAE@XZ
??0_Locimp@locale@std@@AAE@ABV012@@Z
??0_Locimp@locale@std@@AAE@_N@Z
??0_Locinfo@std@@QAE@HPBD@Z
??0_Locinfo@std@@QAE@PBD@Z
??0_Lockit@std@@QAE@H@Z
??0_Lockit@std@@QAE@XZ
??0_Pad@std@@QAE@ABV01@@Z
??0_Pad@std@@QAE@XZ
??0_Runtime_object@details@Concurrency@@QAE@H@Z
??0_Runtime_object@details@Concurrency@@QAE@XZ
??0_Timevec@std@@QAE@ABV01@@Z
??0_Timevec@std@@QAE@PAX@Z
??0_UShinit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??0agent@Concurrency@@QAE@AAVScheduleGroup@1@@Z
??0agent@Concurrency@@QAE@AAVScheduler@1@@Z
??0agent@Concurrency@@QAE@XZ
??0codecvt_base@std@@QAE@I@Z
??0ctype_base@std@@QAE@I@Z
??0facet@locale@std@@IAE@I@Z
??0id@locale@std@@QAE@I@Z
??0ios_base@std@@IAE@XZ
??0time_base@std@@QAE@I@Z
??1?$_Yarn@D@std@@QAE@XZ
??1?$_Yarn@_W@std@@QAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$codecvt@DDH@std@@MAE@XZ
??1?$codecvt@GDH@std@@MAE@XZ
??1?$codecvt@_WDH@std@@MAE@XZ
??1?$ctype@D@std@@MAE@XZ
??1?$ctype@G@std@@MAE@XZ
??1?$ctype@_W@std@@MAE@XZ
??1?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MAE@XZ
??1?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MAE@XZ
??1?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MAE@XZ
??1?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MAE@XZ
??1?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MAE@XZ
??1?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MAE@XZ
??1?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MAE@XZ
??1?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MAE@XZ
??1?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MAE@XZ
??1?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MAE@XZ
??1?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MAE@XZ
??1?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MAE@XZ
??1Init@ios_base@std@@QAE@XZ
??1_Concurrent_queue_base_v4@details@Concurrency@@MAE@XZ
??1_Concurrent_queue_iterator_base_v4@details@Concurrency@@IAE@XZ
??1_Concurrent_vector_base_v4@details@Concurrency@@IAE@XZ
??1_Container_base12@std@@QAE@XZ
??1_Facet_base@std@@UAE@XZ
??1_Init_locks@std@@QAE@XZ
??1_Locimp@locale@std@@MAE@XZ
??1_Locinfo@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??1_Pad@std@@QAE@XZ
??1_Timevec@std@@QAE@XZ
??1_UShinit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1agent@Concurrency@@UAE@XZ
??1codecvt_base@std@@UAE@XZ
??1ctype_base@std@@UAE@XZ
??1facet@locale@std@@MAE@XZ
??1ios_base@std@@UAE@XZ
??1time_base@std@@UAE@XZ
??4?$_Iosb@H@std@@QAEAAV01@ABV01@@Z
??4?$_Yarn@D@std@@QAEAAV01@ABV01@@Z
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
??4?$_Yarn@_W@std@@QAEAAV01@PB_W@Z
??4?$basic_iostream@DU?$char_traits@D@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_iostream@GU?$char_traits@G@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_istream@DU?$char_traits@D@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_istream@GU?$char_traits@G@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_istream@_WU?$char_traits@_W@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_ostream@DU?$char_traits@D@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_ostream@GU?$char_traits@G@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_ostream@_WU?$char_traits@_W@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEAAV01@ABV01@@Z
??4?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEAAV01@ABV01@@Z
??4?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEAAV01@ABV01@@Z
??4Init@ios_base@std@@QAEAAV012@ABV012@@Z
??4_Container_base0@std@@QAEAAU01@ABU01@@Z
??4_Container_base12@std@@QAEAAU01@ABU01@@Z
??4_Facet_base@std@@QAEAAV01@ABV01@@Z
??4_Init_locks@std@@QAEAAV01@ABV01@@Z
??4_Pad@std@@QAEAAV01@ABV01@@Z
??4_Timevec@std@@QAEAAV01@ABV01@@Z
??4_UShinit@std@@QAEAAV01@ABV01@@Z
??4_Winit@std@@QAEAAV01@ABV01@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAF@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAG@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAJ@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAK@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAM@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAO@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAPAX@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_J@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_K@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@DU?$char_traits@D@std@@@1@AAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAF@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAG@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAI@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAJ@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAK@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAM@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAN@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAO@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAPAX@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AA_J@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AA_K@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AA_N@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@GU?$char_traits@G@std@@@1@AAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAF@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAG@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAI@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAJ@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAK@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAM@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAN@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAO@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAPAX@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AA_J@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AA_K@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AA_N@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AAV21@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@F@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@O@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@DU?$char_traits@D@std@@@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@F@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@O@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@GU?$char_traits@G@std@@@1@AAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@F@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@O@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_N@Z
??7ios_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
??Bios_base@std@@QBEPAXXZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ios@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_ios@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_iostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_iostream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_iostream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_istream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_istream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ostream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_ostream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_streambuf@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$codecvt@DDH@std@@6B@
??_7?$codecvt@GDH@std@@6B@
??_7?$codecvt@_WDH@std@@6B@
??_7?$ctype@D@std@@6B@
??_7?$ctype@G@std@@6B@
??_7?$ctype@_W@std@@6B@
??_7?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7_Facet_base@std@@6B@
??_7_Locimp@locale@std@@6B@
??_7_Pad@std@@6B@
??_7codecvt_base@std@@6B@
??_7ctype_base@std@@6B@
??_7facet@locale@std@@6B@
??_7ios_base@std@@6B@
??_7time_base@std@@6B@
??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_istream@DU?$char_traits@D@std@@@1@@
??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_ostream@DU?$char_traits@D@std@@@1@@
??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_istream@GU?$char_traits@G@std@@@1@@
??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_ostream@GU?$char_traits@G@std@@@1@@
??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_istream@_WU?$char_traits@_W@std@@@1@@
??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_ostream@_WU?$char_traits@_W@std@@@1@@
??_8?$basic_istream@DU?$char_traits@D@std@@@std@@7B@
??_8?$basic_istream@GU?$char_traits@G@std@@@std@@7B@
??_8?$basic_istream@_WU?$char_traits@_W@std@@@std@@7B@
??_8?$basic_ostream@DU?$char_traits@D@std@@@std@@7B@
??_8?$basic_ostream@GU?$char_traits@G@std@@@std@@7B@
??_8?$basic_ostream@_WU?$char_traits@_W@std@@@std@@7B@
??_D?$basic_iostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_iostream@GU?$char_traits@G@std@@@std@@QAEXXZ
??_D?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_istream@GU?$char_traits@G@std@@@std@@QAEXXZ
??_D?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
??_D?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??_F?$codecvt@DDH@std@@QAEXXZ
??_F?$codecvt@GDH@std@@QAEXXZ
??_F?$codecvt@_WDH@std@@QAEXXZ
??_F?$ctype@D@std@@QAEXXZ
??_F?$ctype@G@std@@QAEXXZ
??_F?$ctype@_W@std@@QAEXXZ
??_F?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAEXXZ
??_F?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAEXXZ
??_F?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAEXXZ
??_F?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAEXXZ
??_F?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAEXXZ
??_F?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAEXXZ
??_F?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAEXXZ
??_F?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAEXXZ
??_F?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAEXXZ
??_F?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAEXXZ
??_F?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAEXXZ
??_F?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAEXXZ
??_F_Locinfo@std@@QAEXXZ
??_F_Timevec@std@@QAEXXZ
??_Fcodecvt_base@std@@QAEXXZ
??_Fctype_base@std@@QAEXXZ
??_Ffacet@locale@std@@QAEXXZ
??_Fid@locale@std@@QAEXXZ
??_Ftime_base@std@@QAEXXZ
?NFS_Allocate@details@Concurrency@@YAPAXIIPAX@Z
?NFS_Free@details@Concurrency@@YAXPAX@Z
?NFS_GetLineSize@details@Concurrency@@YAIXZ
?_10@placeholders@std@@3V?$_Ph@$09@2@A
?_11@placeholders@std@@3V?$_Ph@$0L@@2@A
?_12@placeholders@std@@3V?$_Ph@$0M@@2@A
?_13@placeholders@std@@3V?$_Ph@$0N@@2@A
?_14@placeholders@std@@3V?$_Ph@$0O@@2@A
?_15@placeholders@std@@3V?$_Ph@$0P@@2@A
?_16@placeholders@std@@3V?$_Ph@$0BA@@2@A
?_17@placeholders@std@@3V?$_Ph@$0BB@@2@A
?_18@placeholders@std@@3V?$_Ph@$0BC@@2@A
?_19@placeholders@std@@3V?$_Ph@$0BD@@2@A
?_1@placeholders@std@@3V?$_Ph@$00@2@A
?_20@placeholders@std@@3V?$_Ph@$0BE@@2@A
?_2@placeholders@std@@3V?$_Ph@$01@2@A
?_3@placeholders@std@@3V?$_Ph@$02@2@A
?_4@placeholders@std@@3V?$_Ph@$03@2@A
?_5@placeholders@std@@3V?$_Ph@$04@2@A
?_6@placeholders@std@@3V?$_Ph@$05@2@A
?_7@placeholders@std@@3V?$_Ph@$06@2@A
?_8@placeholders@std@@3V?$_Ph@$07@2@A
?_9@placeholders@std@@3V?$_Ph@$08@2@A
?_Add_vtordisp1@?$basic_ios@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Add_vtordisp1@?$basic_ios@GU?$char_traits@G@std@@@std@@UAEXXZ
?_Add_vtordisp1@?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Add_vtordisp1@?$basic_istream@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Add_vtordisp1@?$basic_istream@GU?$char_traits@G@std@@@std@@UAEXXZ
?_Add_vtordisp1@?$basic_istream@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Add_vtordisp2@?$basic_ios@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Add_vtordisp2@?$basic_ios@GU?$char_traits@G@std@@@std@@UAEXXZ
?_Add_vtordisp2@?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Add_vtordisp2@?$basic_ostream@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Add_vtordisp2@?$basic_ostream@GU?$char_traits@G@std@@@std@@UAEXXZ
?_Add_vtordisp2@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Addcats@_Locinfo@std@@QAEAAV12@HPBD@Z
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
?_Addstd@ios_base@std@@SAXPAV12@@Z
?_Advance@_Concurrent_queue_iterator_base_v4@details@Concurrency@@IAEXXZ
?_Assign@_Concurrent_queue_iterator_base_v4@details@Concurrency@@IAEXABV123@@Z
?_Atexit@@YAXP6AXXZ@Z
?_BADOFF@std@@3_JB
?_Byte_reverse_table@details@Concurrency@@3QBEB
?_C_str@?$_Yarn@D@std@@QBEPBDXZ
?_C_str@?$_Yarn@_W@std@@QBEPB_WXZ
?_Callfns@ios_base@std@@AAEXW4event@12@@Z
?_Clocptr@_Locimp@locale@std@@0PAV123@A
?_Close_dir@sys@tr2@std@@YAXPAX@Z
?_Copy_file@sys@tr2@std@@YAHPBD0_N@Z
?_Copy_file@sys@tr2@std@@YAHPB_W0_N@Z
?_Current_get@sys@tr2@std@@YAPADPAD@Z
?_Current_get@sys@tr2@std@@YAPA_WPA_W@Z
?_Current_set@sys@tr2@std@@YA_NPBD@Z
?_Current_set@sys@tr2@std@@YA_NPB_W@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Donarrow@?$ctype@G@std@@IBEDGD@Z
?_Donarrow@?$ctype@_W@std@@IBED_WD@Z
?_Dowiden@?$ctype@G@std@@IBEGD@Z
?_Dowiden@?$ctype@_W@std@@IBE_WD@Z
?_Empty@?$_Yarn@D@std@@QBE_NXZ
?_Empty@?$_Yarn@_W@std@@QBE_NXZ
?_Equivalent@sys@tr2@std@@YAHPBD0@Z
?_Equivalent@sys@tr2@std@@YAHPB_W0@Z
?_Ffmt@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAPADPADDH@Z
?_Ffmt@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAPADPADDH@Z
?_Ffmt@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABAPADPADDH@Z
?_File_size@sys@tr2@std@@YA_KPBD@Z
?_File_size@sys@tr2@std@@YA_KPB_W@Z
?_Findarr@ios_base@std@@AAEAAU_Iosarray@12@H@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Fiopen@std@@YAPAU_iobuf@@PBGHH@Z
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?_Fput@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AAVios_base@2@DPBDIIII@Z
?_Fput@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABA?AV?$ostreambuf_iterator@GU?$char_traits@G@std@@@2@V32@AAVios_base@2@GPBDIIII@Z
?_Fput@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABA?AV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@AAVios_base@2@_WPBDIIII@Z
?_Future_error_map@std@@YAPBDH@Z
?_GetCombinableSize@details@Concurrency@@YAIXZ
?_GetCurrentThreadId@details@Concurrency@@YAKXZ
?_GetNextAsyncId@details@Concurrency@@YAIXZ
?_Get_future_error_what@std@@YAPBDH@Z
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$codecvt@GDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$codecvt@_WDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@facet@locale@std@@SAIPAPBV123@PBV23@@Z
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
?_Getctype@_Locinfo@std@@QBE?AU_Ctypevec@@XZ
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?_Getdateorder@_Locinfo@std@@QBEHXZ
?_Getdays@_Locinfo@std@@QBEPBDXZ
?_Getfalse@_Locinfo@std@@QBEPBDXZ
?_Getffld@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1AAVios_base@2@PAH@Z
?_Getffld@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1AAVios_base@2@PAH@Z

Sections

.text
Size: 390KB - Virtual size: 389KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/msvcr110.dll
.dll windows:6 windows x86 arch:x86

e057a95f8936f77238b048f253956b3b

Code Sign

33:00:00:00:9d:1e:8d:27:ae:b8:f3:d8:38:00:01:00:00:00:9d
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/09/2012, 21:42

Not After

04/03/2013, 21:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:02:92:4a:00:00:00:00:00:20
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

09/01/2012, 22:25

Not After

09/04/2013, 22:25

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:08:e2:79:fa:0d:25:58:45:ea:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/07/2012, 00:14

Not After

07/10/2013, 00:14

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d2:28:17:88:08:cf:56:44:da:80:3e:bc:8d:b4:d0:f7:6f:2b:96:48:b2:24:6c:ee:31:43:70:6e:3a:90:25:9d
Signer

Actual PE Digest

d2:28:17:88:08:cf:56:44:da:80:3e:bc:8d:b4:d0:f7:6f:2b:96:48:b2:24:6c:ee:31:43:70:6e:3a:90:25:9d

Digest Algorithm

sha256

PE Digest Matches

true

7f:48:28:6b:9a:08:17:2f:0b:a1:53:12:4c:43:44:c3:d6:a4:27:be
Signer

Actual PE Digest

7f:48:28:6b:9a:08:17:2f:0b:a1:53:12:4c:43:44:c3:d6:a4:27:be

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msvcr110.i386.pdb

Imports

kernel32

EncodePointer
DecodePointer
RaiseException
GetModuleFileNameA
GetModuleFileNameW
GetLastError
InterlockedDecrement
ExitProcess
GetModuleHandleW
GetModuleHandleExW
GetProcAddress
AreFileApisANSI
MultiByteToWideChar
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CloseHandle
CreateThread
ExitThread
ResumeThread
LoadLibraryExW
SetLastError
InterlockedIncrement
GetCurrentThread
FindClose
FindFirstFileExA
FindNextFileA
FindFirstFileExW
FindNextFileW
IsProcessorFeaturePresent
GetLogicalDrives
GetDiskFreeSpaceA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetErrorMode
Beep
Sleep
SetEnvironmentVariableA
SetCurrentDirectoryA
GetCurrentDirectoryA
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameA
GetDriveTypeW
GetCurrentProcessId
GetFileAttributesExW
SetEnvironmentVariableW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
MoveFileExW
RemoveDirectoryW
FileTimeToLocalFileTime
DeleteFileW
WaitForSingleObject
GetExitCodeProcess
CreateProcessA
FreeLibrary
LoadLibraryExA
CreateProcessW
ReadFile
DuplicateHandle
GetCurrentProcess
GetTempPathA
GetTempPathW
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetLocalTime
WideCharToMultiByte
LocalFileTimeToFileTime
SetFileTime
SystemTimeToFileTime
SetLocalTime
TlsGetValue
TlsSetValue
InterlockedPopEntrySList
InterlockedFlushSList
QueryDepthSList
InterlockedPushEntrySList
CreateTimerQueue
CreateTimerQueueTimer
UnregisterWait
SetEvent
RegisterWaitForSingleObject
CreateEventW
SwitchToThread
SignalObjectAndWait
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
DeleteTimerQueueTimer
TryEnterCriticalSection
SetProcessAffinityMask
GetTickCount
VirtualFree
GetVersionExW
SetThreadPriority
VirtualAlloc
VirtualProtect
InitializeSListHead
ReleaseSemaphore
ChangeTimerQueueTimer
TlsAlloc
UnregisterWaitEx
TlsFree
GetThreadPriority
LoadLibraryW
OutputDebugStringW
FreeLibraryAndExitThread
GetModuleHandleA
GetThreadTimes
DebugBreak
GetStringTypeW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
RtlUnwind
HeapFree
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapSize
HeapQueryInformation
HeapValidate
HeapCompact
HeapWalk
GetSystemInfo
VirtualQuery
GetFileType
GetStartupInfoW
GetFileInformationByHandle
PeekNamedPipe
CreateFileW
GetConsoleMode
ReadConsoleW
GetConsoleCP
SetFilePointerEx
FlushFileBuffers
SetFilePointer
CreatePipe
SetStdHandle
GetNumberOfConsoleInputEvents
PeekConsoleInputA
ReadConsoleInputA
SetConsoleMode
ReadConsoleInputW
WriteConsoleW
SetEndOfFile
InterlockedExchange
LockFileEx
UnlockFileEx
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
CreateSemaphoreW
SetConsoleCtrlHandler
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
OutputDebugStringA

Exports

Exports

$I10_OUTPUT
??0?$_SpinWait@$00@details@Concurrency@@QAE@P6AXXZ@Z
??0?$_SpinWait@$0A@@details@Concurrency@@QAE@P6AXXZ@Z
??0SchedulerPolicy@Concurrency@@QAA@IZZ
??0SchedulerPolicy@Concurrency@@QAE@ABV01@@Z
??0SchedulerPolicy@Concurrency@@QAE@XZ
??0_CancellationTokenState@details@Concurrency@@AAE@XZ
??0_Cancellation_beacon@details@Concurrency@@QAE@XZ
??0_Condition_variable@details@Concurrency@@QAE@XZ
??0_Context@details@Concurrency@@QAE@PAVContext@2@@Z
??0_Interruption_exception@details@Concurrency@@QAE@PBD@Z
??0_Interruption_exception@details@Concurrency@@QAE@XZ
??0_NonReentrantBlockingLock@details@Concurrency@@QAE@XZ
??0_NonReentrantPPLLock@details@Concurrency@@QAE@XZ
??0_ReaderWriterLock@details@Concurrency@@QAE@XZ
??0_ReentrantBlockingLock@details@Concurrency@@QAE@XZ
??0_ReentrantLock@details@Concurrency@@QAE@XZ
??0_ReentrantPPLLock@details@Concurrency@@QAE@XZ
??0_Scheduler@details@Concurrency@@QAE@PAVScheduler@2@@Z
??0_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QAE@AAV123@@Z
??0_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QAE@AAV123@@Z
??0_SpinLock@details@Concurrency@@QAE@ACJ@Z
??0_StructuredTaskCollection@details@Concurrency@@QAE@PAV_CancellationTokenState@12@@Z
??0_TaskCollection@details@Concurrency@@QAE@PAV_CancellationTokenState@12@@Z
??0_TaskCollection@details@Concurrency@@QAE@XZ
??0_Timer@details@Concurrency@@IAE@I_N@Z
??0__non_rtti_object@std@@QAE@ABV01@@Z
??0__non_rtti_object@std@@QAE@PBD@Z
??0bad_cast@std@@AAE@PBQBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
??0bad_target@Concurrency@@QAE@PBD@Z
??0bad_target@Concurrency@@QAE@XZ
??0bad_typeid@std@@QAE@ABV01@@Z
??0bad_typeid@std@@QAE@PBD@Z
??0context_self_unblock@Concurrency@@QAE@PBD@Z
??0context_self_unblock@Concurrency@@QAE@XZ
??0context_unblock_unbalanced@Concurrency@@QAE@PBD@Z
??0context_unblock_unbalanced@Concurrency@@QAE@XZ
??0critical_section@Concurrency@@QAE@XZ
??0default_scheduler_exists@Concurrency@@QAE@PBD@Z
??0default_scheduler_exists@Concurrency@@QAE@XZ
??0event@Concurrency@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABQBDH@Z
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
??0improper_lock@Concurrency@@QAE@PBD@Z
??0improper_lock@Concurrency@@QAE@XZ
??0improper_scheduler_attach@Concurrency@@QAE@PBD@Z
??0improper_scheduler_attach@Concurrency@@QAE@XZ
??0improper_scheduler_detach@Concurrency@@QAE@PBD@Z
??0improper_scheduler_detach@Concurrency@@QAE@XZ
??0improper_scheduler_reference@Concurrency@@QAE@PBD@Z
??0improper_scheduler_reference@Concurrency@@QAE@XZ
??0invalid_link_target@Concurrency@@QAE@PBD@Z
??0invalid_link_target@Concurrency@@QAE@XZ
??0invalid_multiple_scheduling@Concurrency@@QAE@PBD@Z
??0invalid_multiple_scheduling@Concurrency@@QAE@XZ
??0invalid_operation@Concurrency@@QAE@PBD@Z
??0invalid_operation@Concurrency@@QAE@XZ
??0invalid_oversubscribe_operation@Concurrency@@QAE@PBD@Z
??0invalid_oversubscribe_operation@Concurrency@@QAE@XZ
??0invalid_scheduler_policy_key@Concurrency@@QAE@PBD@Z
??0invalid_scheduler_policy_key@Concurrency@@QAE@XZ
??0invalid_scheduler_policy_thread_specification@Concurrency@@QAE@PBD@Z
??0invalid_scheduler_policy_thread_specification@Concurrency@@QAE@XZ
??0invalid_scheduler_policy_value@Concurrency@@QAE@PBD@Z
??0invalid_scheduler_policy_value@Concurrency@@QAE@XZ
??0message_not_found@Concurrency@@QAE@PBD@Z
??0message_not_found@Concurrency@@QAE@XZ
??0missing_wait@Concurrency@@QAE@PBD@Z
??0missing_wait@Concurrency@@QAE@XZ
??0nested_scheduler_missing_detach@Concurrency@@QAE@PBD@Z
??0nested_scheduler_missing_detach@Concurrency@@QAE@XZ
??0operation_timed_out@Concurrency@@QAE@PBD@Z
??0operation_timed_out@Concurrency@@QAE@XZ
??0reader_writer_lock@Concurrency@@QAE@XZ
??0scheduler_not_attached@Concurrency@@QAE@PBD@Z
??0scheduler_not_attached@Concurrency@@QAE@XZ
??0scheduler_resource_allocation_error@Concurrency@@QAE@J@Z
??0scheduler_resource_allocation_error@Concurrency@@QAE@PBDJ@Z
??0scheduler_worker_creation_error@Concurrency@@QAE@J@Z
??0scheduler_worker_creation_error@Concurrency@@QAE@PBDJ@Z
??0scoped_lock@critical_section@Concurrency@@QAE@AAV12@@Z
??0scoped_lock@reader_writer_lock@Concurrency@@QAE@AAV12@@Z
??0scoped_lock_read@reader_writer_lock@Concurrency@@QAE@AAV12@@Z
??0task_canceled@Concurrency@@QAE@PBD@Z
??0task_canceled@Concurrency@@QAE@XZ
??0unsupported_os@Concurrency@@QAE@PBD@Z
??0unsupported_os@Concurrency@@QAE@XZ
??1SchedulerPolicy@Concurrency@@QAE@XZ
??1_CancellationTokenState@details@Concurrency@@UAE@XZ
??1_Cancellation_beacon@details@Concurrency@@QAE@XZ
??1_Condition_variable@details@Concurrency@@QAE@XZ
??1_NonReentrantBlockingLock@details@Concurrency@@QAE@XZ
??1_ReentrantBlockingLock@details@Concurrency@@QAE@XZ
??1_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QAE@XZ
??1_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QAE@XZ
??1_SpinLock@details@Concurrency@@QAE@XZ
??1_TaskCollection@details@Concurrency@@QAE@XZ
??1_Timer@details@Concurrency@@MAE@XZ
??1__non_rtti_object@std@@UAE@XZ
??1bad_cast@std@@UAE@XZ
??1bad_typeid@std@@UAE@XZ
??1critical_section@Concurrency@@QAE@XZ
??1event@Concurrency@@QAE@XZ
??1exception@std@@UAE@XZ
??1reader_writer_lock@Concurrency@@QAE@XZ
??1scoped_lock@critical_section@Concurrency@@QAE@XZ
??1scoped_lock@reader_writer_lock@Concurrency@@QAE@XZ
??1scoped_lock_read@reader_writer_lock@Concurrency@@QAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??2@YAPAXIHPBDH@Z
??3@YAXPAX@Z
??3@YAXPAXHPBDH@Z
??4?$_SpinWait@$00@details@Concurrency@@QAEAAV012@ABV012@@Z
??4?$_SpinWait@$0A@@details@Concurrency@@QAEAAV012@ABV012@@Z
??4SchedulerPolicy@Concurrency@@QAEAAV01@ABV01@@Z
??4__non_rtti_object@std@@QAEAAV01@ABV01@@Z
??4bad_cast@std@@QAEAAV01@ABV01@@Z
??4bad_typeid@std@@QAEAAV01@ABV01@@Z
??4exception@std@@QAEAAV01@ABV01@@Z
??8type_info@@QBE_NABV0@@Z
??9type_info@@QBE_NABV0@@Z
??_7__non_rtti_object@std@@6B@
??_7bad_cast@std@@6B@
??_7bad_typeid@std@@6B@
??_7exception@std@@6B@
??_F?$_SpinWait@$00@details@Concurrency@@QAEXXZ
??_F?$_SpinWait@$0A@@details@Concurrency@@QAEXXZ
??_F_Context@details@Concurrency@@QAEXXZ
??_F_Scheduler@details@Concurrency@@QAEXXZ
??_Fbad_cast@std@@QAEXXZ
??_Fbad_typeid@std@@QAEXXZ
??_U@YAPAXI@Z
??_U@YAPAXIHPBDH@Z
??_V@YAXPAX@Z
??_V@YAXPAXHPBDH@Z
?Alloc@Concurrency@@YAPAXI@Z
?Block@Context@Concurrency@@SAXXZ
?Create@CurrentScheduler@Concurrency@@SAXABVSchedulerPolicy@2@@Z
?Create@Scheduler@Concurrency@@SAPAV12@ABVSchedulerPolicy@2@@Z
?CreateResourceManager@Concurrency@@YAPAUIResourceManager@1@XZ
?CreateScheduleGroup@CurrentScheduler@Concurrency@@SAPAVScheduleGroup@2@AAVlocation@2@@Z
?CreateScheduleGroup@CurrentScheduler@Concurrency@@SAPAVScheduleGroup@2@XZ
?CurrentContext@Context@Concurrency@@SAPAV12@XZ
?Detach@CurrentScheduler@Concurrency@@SAXXZ
?DisableTracing@Concurrency@@YAJXZ
?EnableTracing@Concurrency@@YAJXZ
?Free@Concurrency@@YAXPAX@Z
?Get@CurrentScheduler@Concurrency@@SAPAVScheduler@2@XZ
?GetExecutionContextId@Concurrency@@YAIXZ
?GetNumberOfVirtualProcessors@CurrentScheduler@Concurrency@@SAIXZ
?GetOSVersion@Concurrency@@YA?AW4OSVersion@IResourceManager@1@XZ
?GetPolicy@CurrentScheduler@Concurrency@@SA?AVSchedulerPolicy@2@XZ
?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z
?GetProcessorCount@Concurrency@@YAIXZ
?GetProcessorNodeCount@Concurrency@@YAIXZ
?GetSchedulerId@Concurrency@@YAIXZ
?GetSharedTimerQueue@details@Concurrency@@YAPAXXZ
?Id@Context@Concurrency@@SAIXZ
?Id@CurrentScheduler@Concurrency@@SAIXZ
?IsAvailableLocation@CurrentScheduler@Concurrency@@SA_NABVlocation@2@@Z
?IsCurrentTaskCollectionCanceling@Context@Concurrency@@SA_NXZ
?Log2@details@Concurrency@@YAKI@Z
?Oversubscribe@Context@Concurrency@@SAX_N@Z
?RegisterShutdownEvent@CurrentScheduler@Concurrency@@SAXPAX@Z
?ResetDefaultSchedulerPolicy@Scheduler@Concurrency@@SAXXZ
?ScheduleGroupId@Context@Concurrency@@SAIXZ
?ScheduleTask@CurrentScheduler@Concurrency@@SAXP6AXPAX@Z0@Z
?ScheduleTask@CurrentScheduler@Concurrency@@SAXP6AXPAX@Z0AAVlocation@2@@Z
?SetConcurrencyLimits@SchedulerPolicy@Concurrency@@QAEXII@Z
?SetDefaultSchedulerPolicy@Scheduler@Concurrency@@SAXABVSchedulerPolicy@2@@Z
?SetPolicyValue@SchedulerPolicy@Concurrency@@QAEIW4PolicyElementKey@2@I@Z
?VirtualProcessorId@Context@Concurrency@@SAIXZ
?Yield@Context@Concurrency@@SAXXZ
?_Abort@_StructuredTaskCollection@details@Concurrency@@AAEXXZ
?_Acquire@_NonReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Acquire@_NonReentrantPPLLock@details@Concurrency@@QAEXPAX@Z
?_Acquire@_ReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Acquire@_ReentrantLock@details@Concurrency@@QAEXXZ
?_Acquire@_ReentrantPPLLock@details@Concurrency@@QAEXPAX@Z
?_AcquireRead@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_AcquireWrite@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_Cancel@_CancellationTokenState@details@Concurrency@@QAEXXZ
?_Cancel@_StructuredTaskCollection@details@Concurrency@@QAEXXZ
?_Cancel@_TaskCollection@details@Concurrency@@QAEXXZ
?_CheckTaskCollection@_UnrealizedChore@details@Concurrency@@IAEXXZ
?_CleanupToken@_StructuredTaskCollection@details@Concurrency@@AAEXXZ
?_ConcRT_CoreAssert@details@Concurrency@@YAXPBD0H@Z
?_ConcRT_Trace@details@Concurrency@@YAXHPB_WZZ
?_Confirm_cancel@_Cancellation_beacon@details@Concurrency@@QAE_NXZ
?_Copy_str@exception@std@@AAEXPBD@Z
?_CurrentContext@_Context@details@Concurrency@@SA?AV123@XZ
?_Current_node@location@Concurrency@@SA?AV12@XZ
?_DeregisterCallback@_CancellationTokenState@details@Concurrency@@QAEXPAV_CancellationTokenRegistration@23@@Z
?_Destroy@_AsyncTaskCollection@details@Concurrency@@EAEXXZ
?_Destroy@_CancellationTokenState@details@Concurrency@@EAEXXZ
?_DoYield@?$_SpinWait@$00@details@Concurrency@@IAEXXZ
?_DoYield@?$_SpinWait@$0A@@details@Concurrency@@IAEXXZ
?_Get@_CurrentScheduler@details@Concurrency@@SA?AV_Scheduler@23@XZ
?_GetConcRTTraceInfo@Concurrency@@YAPBU_CONCRT_TRACE_INFO@details@1@XZ
?_GetConcurrency@details@Concurrency@@YAIXZ
?_GetCurrentInlineDepth@_StackGuard@details@Concurrency@@CAAAIXZ
?_GetNumberOfVirtualProcessors@_CurrentScheduler@details@Concurrency@@SAIXZ
?_GetScheduler@_Scheduler@details@Concurrency@@QAEPAVScheduler@3@XZ
?_Id@_CurrentScheduler@details@Concurrency@@SAIXZ
?_Invoke@_CancellationTokenRegistration@details@Concurrency@@AAEXXZ
?_IsCanceling@_StructuredTaskCollection@details@Concurrency@@QAE_NXZ
?_IsCanceling@_TaskCollection@details@Concurrency@@QAE_NXZ
?_IsSynchronouslyBlocked@_Context@details@Concurrency@@QBE_NXZ
?_Name_base@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z
?_Name_base_internal@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z
?_NewCollection@_AsyncTaskCollection@details@Concurrency@@SAPAV123@PAV_CancellationTokenState@23@@Z
?_NewTokenState@_CancellationTokenState@details@Concurrency@@SAPAV123@XZ
?_NumberOfSpins@?$_SpinWait@$00@details@Concurrency@@IAEKXZ
?_NumberOfSpins@?$_SpinWait@$0A@@details@Concurrency@@IAEKXZ
?_Oversubscribe@_Context@details@Concurrency@@SAX_N@Z
?_Reference@_Scheduler@details@Concurrency@@QAEIXZ
?_RegisterCallback@_CancellationTokenState@details@Concurrency@@QAEPAV_CancellationTokenRegistration@23@P6AXPAX@Z0H@Z
?_RegisterCallback@_CancellationTokenState@details@Concurrency@@QAEXPAV_CancellationTokenRegistration@23@@Z
?_Release@_NonReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Release@_NonReentrantPPLLock@details@Concurrency@@QAEXXZ
?_Release@_ReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Release@_ReentrantLock@details@Concurrency@@QAEXXZ
?_Release@_ReentrantPPLLock@details@Concurrency@@QAEXXZ
?_Release@_Scheduler@details@Concurrency@@QAEIXZ
?_ReleaseRead@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_ReleaseWrite@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?_Reset@?$_SpinWait@$00@details@Concurrency@@IAEXXZ
?_Reset@?$_SpinWait@$0A@@details@Concurrency@@IAEXXZ
?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z
?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z
?_Schedule@_StructuredTaskCollection@details@Concurrency@@QAEXPAV_UnrealizedChore@23@@Z
?_Schedule@_StructuredTaskCollection@details@Concurrency@@QAEXPAV_UnrealizedChore@23@PAVlocation@3@@Z
?_Schedule@_TaskCollection@details@Concurrency@@QAEXPAV_UnrealizedChore@23@@Z
?_Schedule@_TaskCollection@details@Concurrency@@QAEXPAV_UnrealizedChore@23@PAVlocation@3@@Z
?_ScheduleTask@_CurrentScheduler@details@Concurrency@@SAXP6AXPAX@Z0@Z
?_SetSpinCount@?$_SpinWait@$00@details@Concurrency@@QAEXI@Z
?_SetSpinCount@?$_SpinWait@$0A@@details@Concurrency@@QAEXI@Z
?_SetUnobservedExceptionHandler@details@Concurrency@@YAXP6AXXZ@Z
?_ShouldSpinAgain@?$_SpinWait@$00@details@Concurrency@@IAE_NXZ
?_ShouldSpinAgain@?$_SpinWait@$0A@@details@Concurrency@@IAE_NXZ
?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QAE_NXZ
?_SpinOnce@?$_SpinWait@$0A@@details@Concurrency@@QAE_NXZ
?_SpinYield@Context@Concurrency@@SAXXZ
?_Start@_Timer@details@Concurrency@@IAEXXZ
?_Stop@_Timer@details@Concurrency@@IAEXXZ
?_Tidy@exception@std@@AAEXXZ
?_Trace_agents@Concurrency@@YAXW4Agents_EventType@1@_JZZ
?_Trace_ppl_function@Concurrency@@YAXABU_GUID@@EW4ConcRT_EventType@1@@Z
?_TryAcquire@_NonReentrantBlockingLock@details@Concurrency@@QAE_NXZ
?_TryAcquire@_ReentrantBlockingLock@details@Concurrency@@QAE_NXZ
?_TryAcquire@_ReentrantLock@details@Concurrency@@QAE_NXZ
?_TryAcquireWrite@_ReaderWriterLock@details@Concurrency@@QAE_NXZ
?_Type_info_dtor@type_info@@CAXPAV1@@Z
?_Type_info_dtor_internal@type_info@@CAXPAV1@@Z
?_UnderlyingYield@details@Concurrency@@YAXXZ
?_ValidateExecute@@YAHP6GHXZ@Z
?_ValidateRead@@YAHPBXI@Z
?_ValidateWrite@@YAHPAXI@Z
?_Value@_SpinCount@details@Concurrency@@SAIXZ
?_Yield@_Context@details@Concurrency@@SAXXZ
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?__ExceptionPtrCompare@@YA_NPBX0@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrCopyException@@YAXPAXPBX1@Z
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
?__ExceptionPtrSwap@@YAXPAX0@Z
?__ExceptionPtrToBool@@YA_NPBX@Z
?_inconsistency@@YAXXZ
?_invalid_parameter@@YAXPBG00II@Z
?_is_exception_typeof@@YAHABVtype_info@@PAU_EXCEPTION_POINTERS@@@Z
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
?_open@@YAHPBDHH@Z
?_query_new_handler@@YAP6AHI@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AHI@ZH@Z
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?_sopen@@YAHPBDHHH@Z
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?_wopen@@YAHPB_WHH@Z
?_wsopen@@YAHPB_WHHH@Z
?before@type_info@@QBE_NABV1@@Z
?current@location@Concurrency@@SA?AV12@XZ
?from_numa_node@location@Concurrency@@SA?AV12@G@Z
?get_error_code@scheduler_resource_allocation_error@Concurrency@@QBEJXZ
?lock@critical_section@Concurrency@@QAEXXZ
?lock@reader_writer_lock@Concurrency@@QAEXXZ
?lock_read@reader_writer_lock@Concurrency@@QAEXXZ
?name@type_info@@QBEPBDPAU__type_info_node@@@Z
?native_handle@critical_section@Concurrency@@QAEAAV12@XZ
?notify_all@_Condition_variable@details@Concurrency@@QAEXXZ
?notify_one@_Condition_variable@details@Concurrency@@QAEXXZ
?raw_name@type_info@@QBEPBDXZ
?reset@event@Concurrency@@QAEXXZ
?set@event@Concurrency@@QAEXXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_task_execution_resources@Concurrency@@YAXGPAU_GROUP_AFFINITY@@@Z
?set_task_execution_resources@Concurrency@@YAXK@Z
?set_terminate@@YAP6AXXZH@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZH@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?swprintf@@YAHPAGIPBGZZ
?swprintf@@YAHPA_WIPB_WZZ
?terminate@@YAXXZ
?try_lock@critical_section@Concurrency@@QAE_NXZ
?try_lock@reader_writer_lock@Concurrency@@QAE_NXZ
?try_lock_for@critical_section@Concurrency@@QAE_NI@Z
?try_lock_read@reader_writer_lock@Concurrency@@QAE_NXZ
?unexpected@@YAXXZ
?unlock@critical_section@Concurrency@@QAEXXZ
?unlock@reader_writer_lock@Concurrency@@QAEXXZ
?vswprintf@@YAHPA_WIPB_WPAD@Z
?wait@Concurrency@@YAXI@Z
?wait@_Condition_variable@details@Concurrency@@QAEXAAVcritical_section@3@@Z
?wait@event@Concurrency@@QAEII@Z
?wait_for@_Condition_variable@details@Concurrency@@QAE_NAAVcritical_section@3@I@Z
?wait_for_multiple@event@Concurrency@@SAIPAPAV12@I_NI@Z
?what@exception@std@@UBEPBDXZ
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CRT_RTC_INIT
_CRT_RTC_INITW
_CreateFrameInfo
_CxxThrowException
_EH_prolog
_FindAndUnlinkFrame
_Getdays
_Getmonths
_Gettnames
_HUGE
_IsExceptionObjectToBeDestroyed
_Lock_shared_ptr_spin_lock
_NLG_Dispatch2
_NLG_Return
_NLG_Return2
_Strftime
_Unlock_shared_ptr_spin_lock
_W_Getdays
_W_Getmonths
_W_Gettnames
_Wcsftime
_XcptFilter
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__CppXcptFilter
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
__STRINGTOLD_L
__TypeMatch
___crtCreateSemaphoreExW@24
___lc_codepage_func
___lc_collate_cp_func
___lc_locale_name_func
___mb_cur_max_func
___mb_cur_max_l_func
___setlc_active_func
___unguarded_readlc_active_add_func
__argc
__argv
__badioinfo
__clean_type_info_names_internal
__control87_2
__create_locale
__crtCompareStringA
__crtCompareStringEx
__crtCompareStringW
__crtCreateSymbolicLinkW
__crtEnumSystemLocalesEx
__crtFlsAlloc
__crtFlsFree
__crtFlsGetValue
__crtFlsSetValue
__crtGetDateFormatEx
__crtGetLocaleInfoEx
__crtGetShowWindowMode
__crtGetTimeFormatEx
__crtGetUserDefaultLocaleName
__crtInitializeCriticalSectionEx
__crtIsPackagedApp
__crtIsValidLocaleName
__crtLCMapStringA
__crtLCMapStringEx
__crtLCMapStringW
__crtSetThreadStackGuarantee
__crtSetUnhandledExceptionFilter
__crtTerminateProcess
__crtUnhandledException
__daylight
__dllonexit
__doserrno
__dstbias
__fpecode
__free_locale
__get_current_locale
__get_flsindex
__get_tlsindex
__getmainargs
__initenv
__iob_func
__isascii
__iscsym
__iscsymf
__iswcsym
__iswcsymf
__lconv
__lconv_init
__libm_sse2_acos
__libm_sse2_acosf
__libm_sse2_asin
__libm_sse2_asinf
__libm_sse2_atan
__libm_sse2_atan2
__libm_sse2_atanf
__libm_sse2_cos
__libm_sse2_cosf
__libm_sse2_exp
__libm_sse2_expf
__libm_sse2_log
__libm_sse2_log10
__libm_sse2_log10f
__libm_sse2_logf
__libm_sse2_pow
__libm_sse2_powf
__libm_sse2_sin
__libm_sse2_sinf
__libm_sse2_tan
__libm_sse2_tanf
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__wpgmptr
__pctype_func
__pioinfo
__pwctype_func
__pxcptinfoptrs
__report_gsfailure
__set_app_type
__setlc_active
__setusermatherr
__strncnt

Sections

.text
Size: 792KB - Virtual size: 791KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/vcomp140.dll
.dll windows:6 windows x86 arch:x86

4e2bdf3570f0309d9d2a75b473cb9395

Code Sign

33:00:00:00:71:b3:2e:8a:6b:82:aa:1f:4e:00:00:00:00:00:71
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:38:8d:23:6d:16:27:a3:26:e0:00:00:00:00:00:38
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:11

Not After

01/01/2016, 18:11

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c2:86:bb:12:47:e6:c0:8a:13:b7:f5:c4:bc:fc:f5:f4:3d:4c:4c:4f:7a:62:43:e2:58:a8:d0:7b:b4:90:5c:6a
Signer

Actual PE Digest

c2:86:bb:12:47:e6:c0:8a:13:b7:f5:c4:bc:fc:f5:f4:3d:4c:4c:4f:7a:62:43:e2:58:a8:d0:7b:b4:90:5c:6a

Digest Algorithm

sha256

PE Digest Matches

true

25:68:3e:e2:be:11:b4:c6:59:5c:0b:ad:83:1b:a3:da:6e:88:4f:11
Signer

Actual PE Digest

25:68:3e:e2:be:11:b4:c6:59:5c:0b:ad:83:1b:a3:da:6e:88:4f:11

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

vcomp140.i386.pdb

Imports

kernel32

FormatMessageW
OutputDebugStringW
LocalAlloc
LocalFree
GetConsoleWindow
GetConsoleScreenBufferInfo
WriteConsoleW
WideCharToMultiByte
WriteFile
GetLastError
GetCurrentThreadId
HeapFree
GetProcessHeap
UnhandledExceptionFilter
CloseHandle
WaitForSingleObjectEx
SetEvent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapAlloc
TryEnterCriticalSection
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetTickCount
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
Sleep
SwitchToThread
ExitProcess
GetStdHandle
CreateThread
QueueUserWorkItem
CreateEventW
GetNativeSystemInfo
QueryPerformanceFrequency
GetSystemTimeAdjustment
GetEnvironmentVariableW
lstrlenW
lstrcmpiW
GetStringTypeExW
ResetEvent
LoadLibraryExW
GetModuleHandleW
GetProcAddress
EncodePointer
DecodePointer
GetUserDefaultUILanguage
FindFirstFileW
FindNextFileW
FindClose
GetModuleFileNameW
FindResourceExW
LoadResource
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
MultiByteToWideChar
GetACP
SetLastError
GetStringTypeW
GetCPInfo
IsValidCodePage
GetOEMCP
FreeLibrary
LCMapStringW
SetStdHandle
GetModuleHandleExW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
RaiseException
CreateFileW
RtlUnwind

user32

MessageBoxW

Exports

Exports

C2VectParallel
_vcomp_atomic_add_i1
_vcomp_atomic_add_i2
_vcomp_atomic_add_i4
_vcomp_atomic_add_i8
_vcomp_atomic_add_r4
_vcomp_atomic_add_r8
_vcomp_atomic_and_i1
_vcomp_atomic_and_i2
_vcomp_atomic_and_i4
_vcomp_atomic_and_i8
_vcomp_atomic_div_i1
_vcomp_atomic_div_i2
_vcomp_atomic_div_i4
_vcomp_atomic_div_i8
_vcomp_atomic_div_r4
_vcomp_atomic_div_r8
_vcomp_atomic_div_ui1
_vcomp_atomic_div_ui2
_vcomp_atomic_div_ui4
_vcomp_atomic_div_ui8
_vcomp_atomic_mul_i1
_vcomp_atomic_mul_i2
_vcomp_atomic_mul_i4
_vcomp_atomic_mul_i8
_vcomp_atomic_mul_r4
_vcomp_atomic_mul_r8
_vcomp_atomic_or_i1
_vcomp_atomic_or_i2
_vcomp_atomic_or_i4
_vcomp_atomic_or_i8
_vcomp_atomic_shl_i1
_vcomp_atomic_shl_i2
_vcomp_atomic_shl_i4
_vcomp_atomic_shl_i8
_vcomp_atomic_shr_i1
_vcomp_atomic_shr_i2
_vcomp_atomic_shr_i4
_vcomp_atomic_shr_i8
_vcomp_atomic_shr_ui1
_vcomp_atomic_shr_ui2
_vcomp_atomic_shr_ui4
_vcomp_atomic_shr_ui8
_vcomp_atomic_sub_i1
_vcomp_atomic_sub_i2
_vcomp_atomic_sub_i4
_vcomp_atomic_sub_i8
_vcomp_atomic_sub_r4
_vcomp_atomic_sub_r8
_vcomp_atomic_xor_i1
_vcomp_atomic_xor_i2
_vcomp_atomic_xor_i4
_vcomp_atomic_xor_i8
_vcomp_barrier
_vcomp_copyprivate_broadcast
_vcomp_copyprivate_receive
_vcomp_enter_critsect
_vcomp_flush
_vcomp_for_dynamic_init
_vcomp_for_dynamic_init_i8
_vcomp_for_dynamic_next
_vcomp_for_dynamic_next_i8
_vcomp_for_static_end
_vcomp_for_static_init
_vcomp_for_static_init_i8
_vcomp_for_static_simple_init
_vcomp_for_static_simple_init_i8
_vcomp_fork
_vcomp_get_thread_num
_vcomp_leave_critsect
_vcomp_master_barrier
_vcomp_master_begin
_vcomp_master_end
_vcomp_ordered_begin
_vcomp_ordered_end
_vcomp_ordered_loop_end
_vcomp_reduction_i1
_vcomp_reduction_i2
_vcomp_reduction_i4
_vcomp_reduction_i8
_vcomp_reduction_r4
_vcomp_reduction_r8
_vcomp_reduction_u1
_vcomp_reduction_u2
_vcomp_reduction_u4
_vcomp_reduction_u8
_vcomp_sections_init
_vcomp_sections_next
_vcomp_set_num_threads
_vcomp_single_begin
_vcomp_single_end
omp_destroy_lock
omp_destroy_nest_lock
omp_get_dynamic
omp_get_max_threads
omp_get_nested
omp_get_num_procs
omp_get_num_threads
omp_get_thread_num
omp_get_wtick
omp_get_wtime
omp_in_parallel
omp_init_lock
omp_init_nest_lock
omp_set_dynamic
omp_set_lock
omp_set_nest_lock
omp_set_nested
omp_set_num_threads
omp_test_lock
omp_test_nest_lock
omp_unset_lock
omp_unset_nest_lock

Sections

.text
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/BDMPEG1SETUP.EXE
.exe windows:5 windows x86 arch:x86

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6b:1d:d3:51:47:33:be:24:c6:cc:e8:81:6d:d7:a4:a0
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/01/2017, 00:00

Not After

04/01/2018, 23:59

Subject

CN=Bandicam Company,O=Bandicam Company,L=Seoul,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:1d:d3:51:47:33:be:24:c6:cc:e8:81:6d:d7:a4:a0
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/01/2017, 00:00

Not After

04/01/2018, 23:59

Subject

CN=Bandicam Company,O=Bandicam Company,L=Seoul,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3e:22:0c:dc:30:70:62:60:03:6c:57:7e:b2:e0:06:b3:05:6f:9e:8a:9b:db:ca:a6:5a:e6:03:4f:ac:3d:0f:88
Signer

Actual PE Digest

3e:22:0c:dc:30:70:62:60:03:6c:57:7e:b2:e0:06:b3:05:6f:9e:8a:9b:db:ca:a6:5a:e6:03:4f:ac:3d:0f:88

Digest Algorithm

sha256

PE Digest Matches

true

94:e1:06:ab:47:e4:ce:9a:06:77:e8:22:7c:b4:25:8c:12:cd:8d:f5
Signer

Actual PE Digest

94:e1:06:ab:47:e4:ce:9a:06:77:e8:22:7c:b4:25:8c:12:cd:8d:f5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 580KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:5 windows x86 arch:x86

cd90e33ffbc335413a25300c682c83df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiW
GetModuleHandleW
GlobalLock
GlobalUnlock
GetCurrentDirectoryW
SetCurrentDirectoryW
GetPrivateProfileIntW
GetPrivateProfileStringW
lstrcatW
WritePrivateProfileStringW
lstrcpynW
lstrlenW
lstrcpyW
GlobalFree
GlobalAlloc

user32

OpenClipboard
DestroyIcon
LoadCursorW
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
SetWindowLongW
GetClientRect
SetWindowRgn
LoadIconW
LoadImageW
CreateWindowExW
MapDialogRect
GetClipboardData
GetWindowRect
CreateDialogParamW
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
SetCursor
DrawTextW
GetWindowLongW
DrawFocusRect
CallWindowProcW
PostMessageW
wsprintfW
CharNextW
MessageBoxW
CloseClipboard
GetDlgCtrlID
MapWindowPoints
SetWindowPos
PtInRect
GetWindowTextW
SetWindowTextW
SendMessageW
DestroyWindow

gdi32

SelectObject
CreateRectRgn
GetObjectW
CombineRgn
DeleteObject
CreateCompatibleDC
GetDIBits
SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
SHGetDesktopFolder

comdlg32

GetOpenFileNameW
CommDlgExtendedError
GetSaveFileNameW

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:5 windows x86 arch:x86

45d25ca52c312b2254c60dbcb30342d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
GetCurrentProcess
GetModuleHandleW
GetProcAddress
GetLastError
GlobalFree
CloseHandle
lstrcpynW
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameW
OpenThreadToken

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 753B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$SYSDIR/bdmjpeg.dll
.dll windows:5 windows x86 arch:x86

bf6c7259ffaa7b3eb59b7d97edcbb647

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6b:1d:d3:51:47:33:be:24:c6:cc:e8:81:6d:d7:a4:a0
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/01/2017, 00:00

Not After

04/01/2018, 23:59

Subject

CN=Bandicam Company,O=Bandicam Company,L=Seoul,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:1d:d3:51:47:33:be:24:c6:cc:e8:81:6d:d7:a4:a0
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/01/2017, 00:00

Not After

04/01/2018, 23:59

Subject

CN=Bandicam Company,O=Bandicam Company,L=Seoul,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

91:22:73:de:ae:18:77:be:c3:52:2a:ee:06:0e:f7:7b:8e:69:ef:e6:5c:7c:e7:05:16:99:a3:7e:9d:ac:02:d9
Signer

Actual PE Digest

91:22:73:de:ae:18:77:be:c3:52:2a:ee:06:0e:f7:7b:8e:69:ef:e6:5c:7c:e7:05:16:99:a3:7e:9d:ac:02:d9

Digest Algorithm

sha256

PE Digest Matches

true

50:b2:66:4f:a9:04:a4:0c:52:53:55:bc:8d:74:ce:17:7c:48:61:32
Signer

Actual PE Digest

50:b2:66:4f:a9:04:a4:0c:52:53:55:bc:8d:74:ce:17:7c:48:61:32

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\w\devel\CAP\bandifilters\bin\bdmjpeg.pdb

Imports

kernel32

GetLastError
WideCharToMultiByte
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcAddress
LoadLibraryW
FreeLibrary
DisableThreadLibraryCalls
LCMapStringW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
VirtualFree
VirtualAlloc
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA

user32

MessageBoxW

advapi32

RegQueryValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW

winmm

DefDriverProc

Exports

Exports

DriverProc

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/bdmjpeg64.dll
.dll windows:5 windows x64 arch:x64

1c3318cf9e21cee7c0d17aa9a319a3c6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6b:1d:d3:51:47:33:be:24:c6:cc:e8:81:6d:d7:a4:a0
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/01/2017, 00:00

Not After

04/01/2018, 23:59

Subject

CN=Bandicam Company,O=Bandicam Company,L=Seoul,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:1d:d3:51:47:33:be:24:c6:cc:e8:81:6d:d7:a4:a0
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/01/2017, 00:00

Not After

04/01/2018, 23:59

Subject

CN=Bandicam Company,O=Bandicam Company,L=Seoul,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:37:2c:12:9d:43:2f:06:cc:61:7e:88:8c:e5:be:f5:bd:66:e4:e0:da:3b:19:d8:fb:39:86:7a:b9:4d:81:07
Signer

Actual PE Digest

07:37:2c:12:9d:43:2f:06:cc:61:7e:88:8c:e5:be:f5:bd:66:e4:e0:da:3b:19:d8:fb:39:86:7a:b9:4d:81:07

Digest Algorithm

sha256

PE Digest Matches

true

e1:c2:d7:2e:05:aa:ac:a4:00:b0:4f:75:47:a6:c1:ad:52:bd:5a:67
Signer

Actual PE Digest

e1:c2:d7:2e:05:aa:ac:a4:00:b0:4f:75:47:a6:c1:ad:52:bd:5a:67

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\w\devel\CAP\bandifilters\bin\bdmjpeg64.pdb

Imports

kernel32

GetLastError
WideCharToMultiByte
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcAddress
LoadLibraryW
FreeLibrary
DisableThreadLibraryCalls
LCMapStringW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RtlUnwindEx
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlPcToFileHeader
HeapSetInformation
HeapCreate
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA

user32

MessageBoxW

advapi32

RegQueryValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW

winmm

DefDriverProc

Exports

Exports

DriverProc

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/bdmpega.acm
.dll windows:5 windows x86 arch:x86

a59629a50eafc3a20d9d62c5f0118409

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6b:1d:d3:51:47:33:be:24:c6:cc:e8:81:6d:d7:a4:a0
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/01/2017, 00:00

Not After

04/01/2018, 23:59

Subject

CN=Bandicam Company,O=Bandicam Company,L=Seoul,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:1d:d3:51:47:33:be:24:c6:cc:e8:81:6d:d7:a4:a0
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/01/2017, 00:00

Not After

04/01/2018, 23:59

Subject

CN=Bandicam Company,O=Bandicam Company,L=Seoul,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:e5:cc:f8:e9:14:2c:16:49:70:ac:c0:70:fb:0f:ea:05:43:cd:b3:be:8b:ca:fa:97:06:00:eb:f4:97:17:a8
Signer

Actual PE Digest

51:e5:cc:f8:e9:14:2c:16:49:70:ac:c0:70:fb:0f:ea:05:43:cd:b3:be:8b:ca:fa:97:06:00:eb:f4:97:17:a8

Digest Algorithm

sha256

PE Digest Matches

true

c6:8a:11:e1:6d:96:de:5e:fe:21:af:77:2a:02:b7:18:d9:e4:40:23
Signer

Actual PE Digest

c6:8a:11:e1:6d:96:de:5e:fe:21:af:77:2a:02:b7:18:d9:e4:40:23

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\w\devel\CAP\bandifilters\bin\bdmpega.pdb

Imports

kernel32

GetLastError
WideCharToMultiByte
lstrcpyW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcAddress
LoadLibraryW
DisableThreadLibraryCalls
LCMapStringW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
VirtualFree
VirtualAlloc
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA

user32

MessageBoxW

advapi32

RegQueryValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW

winmm

DefDriverProc

Exports

Exports

DriverProc

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/bdmpega64.acm
.dll windows:5 windows x64 arch:x64

3259065632343fd95fdf829cba05685c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6b:1d:d3:51:47:33:be:24:c6:cc:e8:81:6d:d7:a4:a0
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/01/2017, 00:00

Not After

04/01/2018, 23:59

Subject

CN=Bandicam Company,O=Bandicam Company,L=Seoul,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:1d:d3:51:47:33:be:24:c6:cc:e8:81:6d:d7:a4:a0
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/01/2017, 00:00

Not After

04/01/2018, 23:59

Subject

CN=Bandicam Company,O=Bandicam Company,L=Seoul,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:e4:37:2a:20:a0:09:b0:e4:cd:95:27:10:50:10:da:92:67:ac:3b:7e:30:69:37:da:71:04:cf:09:d7:1e:06
Signer

Actual PE Digest

7c:e4:37:2a:20:a0:09:b0:e4:cd:95:27:10:50:10:da:92:67:ac:3b:7e:30:69:37:da:71:04:cf:09:d7:1e:06

Digest Algorithm

sha256

PE Digest Matches

true

f8:10:0b:20:a4:44:70:27:a3:54:a9:a3:b6:07:bb:5e:27:e6:a6:ee
Signer

Actual PE Digest

f8:10:0b:20:a4:44:70:27:a3:54:a9:a3:b6:07:bb:5e:27:e6:a6:ee

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\w\devel\CAP\bandifilters\bin\bdmpega64.pdb

Imports

kernel32

GetLastError
WideCharToMultiByte
lstrcpyW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcAddress
LoadLibraryW
DisableThreadLibraryCalls
LCMapStringW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RtlUnwindEx
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlPcToFileHeader
HeapSetInformation
HeapCreate
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA

user32

MessageBoxW

advapi32

RegQueryValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW

winmm

DefDriverProc

Exports

Exports

DriverProc

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/bdmpegv.dll
.dll windows:5 windows x86 arch:x86

bf6c7259ffaa7b3eb59b7d97edcbb647

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6b:1d:d3:51:47:33:be:24:c6:cc:e8:81:6d:d7:a4:a0
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/01/2017, 00:00

Not After

04/01/2018, 23:59

Subject

CN=Bandicam Company,O=Bandicam Company,L=Seoul,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:1d:d3:51:47:33:be:24:c6:cc:e8:81:6d:d7:a4:a0
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/01/2017, 00:00

Not After

04/01/2018, 23:59

Subject

CN=Bandicam Company,O=Bandicam Company,L=Seoul,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fe:d0:d9:59:94:08:43:29:05:1f:11:29:97:d5:f2:71:dc:9e:bb:24:e6:84:e1:79:49:95:1d:c2:4d:d2:36:7a
Signer

Actual PE Digest

fe:d0:d9:59:94:08:43:29:05:1f:11:29:97:d5:f2:71:dc:9e:bb:24:e6:84:e1:79:49:95:1d:c2:4d:d2:36:7a

Digest Algorithm

sha256

PE Digest Matches

true

52:78:a9:31:e7:6b:40:de:39:6d:16:0e:a8:0e:e3:9c:54:16:27:92
Signer

Actual PE Digest

52:78:a9:31:e7:6b:40:de:39:6d:16:0e:a8:0e:e3:9c:54:16:27:92

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\w\devel\CAP\bandifilters\bin\bdmpegv.pdb

Imports

kernel32

GetLastError
WideCharToMultiByte
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcAddress
LoadLibraryW
FreeLibrary
DisableThreadLibraryCalls
LCMapStringW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
VirtualFree
VirtualAlloc
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA

user32

MessageBoxW

advapi32

RegQueryValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW

winmm

DefDriverProc

Exports

Exports

DriverProc

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/bdmpegv64.dll
.dll windows:5 windows x64 arch:x64

1c3318cf9e21cee7c0d17aa9a319a3c6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6b:1d:d3:51:47:33:be:24:c6:cc:e8:81:6d:d7:a4:a0
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/01/2017, 00:00

Not After

04/01/2018, 23:59

Subject

CN=Bandicam Company,O=Bandicam Company,L=Seoul,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:1d:d3:51:47:33:be:24:c6:cc:e8:81:6d:d7:a4:a0
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/01/2017, 00:00

Not After

04/01/2018, 23:59

Subject

CN=Bandicam Company,O=Bandicam Company,L=Seoul,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:d2:c0:56:a5:c4:8b:b2:9d:d5:bf:de:ba:c4:5c:ae:d8:e3:8a:1a:6b:d8:d1:3d:2d:7f:5d:0e:e9:bf:c2:db
Signer

Actual PE Digest

2e:d2:c0:56:a5:c4:8b:b2:9d:d5:bf:de:ba:c4:5c:ae:d8:e3:8a:1a:6b:d8:d1:3d:2d:7f:5d:0e:e9:bf:c2:db

Digest Algorithm

sha256

PE Digest Matches

true

09:d8:ed:32:58:18:4c:25:e6:67:9a:b3:46:74:57:b7:ee:8c:d8:34
Signer

Actual PE Digest

09:d8:ed:32:58:18:4c:25:e6:67:9a:b3:46:74:57:b7:ee:8c:d8:34

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\w\devel\CAP\bandifilters\bin\bdmpegv64.pdb

Imports

kernel32

GetLastError
WideCharToMultiByte
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcAddress
LoadLibraryW
FreeLibrary
DisableThreadLibraryCalls
LCMapStringW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RtlUnwindEx
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlPcToFileHeader
HeapSetInformation
HeapCreate
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA

user32

MessageBoxW

advapi32

RegQueryValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW

winmm

DefDriverProc

Exports

Exports

DriverProc

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/bdfilters.dll
.dll regsvr32 windows:5 windows x86 arch:x86

27f07fb2c76df7e3ac5b98f25b3ec3e4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6b:1d:d3:51:47:33:be:24:c6:cc:e8:81:6d:d7:a4:a0
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/01/2017, 00:00

Not After

04/01/2018, 23:59

Subject

CN=Bandicam Company,O=Bandicam Company,L=Seoul,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:1d:d3:51:47:33:be:24:c6:cc:e8:81:6d:d7:a4:a0
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/01/2017, 00:00

Not After

04/01/2018, 23:59

Subject

CN=Bandicam Company,O=Bandicam Company,L=Seoul,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

45:06:2b:f0:1d:27:89:a9:02:53:7b:c9:d5:f6:5e:18:8a:74:16:c5:67:8a:7d:20:ea:63:3a:79:67:0b:15:c5
Signer

Actual PE Digest

45:06:2b:f0:1d:27:89:a9:02:53:7b:c9:d5:f6:5e:18:8a:74:16:c5:67:8a:7d:20:ea:63:3a:79:67:0b:15:c5

Digest Algorithm

sha256

PE Digest Matches

true

93:f0:9b:79:8a:97:12:82:09:13:a2:12:d6:8a:ac:56:4b:e9:34:4d
Signer

Actual PE Digest

93:f0:9b:79:8a:97:12:82:09:13:a2:12:d6:8a:ac:56:4b:e9:34:4d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\w\devel\CAP\bandifilters\bin\bdfilters.pdb

Imports

comctl32

ord17

kernel32

lstrcmpW
CreateEventA
CloseHandle
WaitForSingleObject
CreateThread
SetEvent
GetProcAddress
GetModuleHandleA
WideCharToMultiByte
GetACP
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
lstrlenW
GetCurrentThreadId
GetTickCount
InterlockedIncrement
FreeLibrary
InterlockedDecrement
GetLastError
lstrcpynW
GetVersionExA
GetSystemInfo
VirtualAlloc
VirtualFree
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
SetFilePointer
MultiByteToWideChar
lstrlenA
DisableThreadLibraryCalls
GetCurrentProcess
GetModuleFileNameA
LoadLibraryA
VirtualQuery
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
HeapSize
HeapReAlloc
IsValidCodePage
GetOEMCP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
WriteFile
GetCurrentProcessId
HeapDestroy
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
ExitProcess
Sleep
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCommandLineA
RtlUnwind
HeapAlloc
HeapFree
ExitThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetModuleHandleW
TlsGetValue
SetLastError

user32

DestroyWindow
DefWindowProcA
wsprintfA
ShowWindow
GetWindowLongA
SetWindowLongA
CreateDialogParamA
MoveWindow
LoadStringA
GetDesktopWindow
GetWindowRect
LoadStringW
InvalidateRect

advapi32

RegSetValueA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
RegDeleteKeyA
RegCreateKeyA

shell32

ShellExecuteA

ole32

StringFromGUID2
CoUninitialize
CoFreeUnusedLibraries
CoCreateInstance
CoInitialize
CoTaskMemFree
CoTaskMemAlloc

Exports

Exports

CreateAudioDecoder
CreateVideoDecoder
CreateVideoDecoder_mjpeg
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 297KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bdfilters.dll
.dll regsvr32 windows:5 windows x86 arch:x86

27f07fb2c76df7e3ac5b98f25b3ec3e4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6b:1d:d3:51:47:33:be:24:c6:cc:e8:81:6d:d7:a4:a0
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/01/2017, 00:00

Not After

04/01/2018, 23:59

Subject

CN=Bandicam Company,O=Bandicam Company,L=Seoul,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:1d:d3:51:47:33:be:24:c6:cc:e8:81:6d:d7:a4:a0
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/01/2017, 00:00

Not After

04/01/2018, 23:59

Subject

CN=Bandicam Company,O=Bandicam Company,L=Seoul,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

45:06:2b:f0:1d:27:89:a9:02:53:7b:c9:d5:f6:5e:18:8a:74:16:c5:67:8a:7d:20:ea:63:3a:79:67:0b:15:c5
Signer

Actual PE Digest

45:06:2b:f0:1d:27:89:a9:02:53:7b:c9:d5:f6:5e:18:8a:74:16:c5:67:8a:7d:20:ea:63:3a:79:67:0b:15:c5

Digest Algorithm

sha256

PE Digest Matches

true

93:f0:9b:79:8a:97:12:82:09:13:a2:12:d6:8a:ac:56:4b:e9:34:4d
Signer

Actual PE Digest

93:f0:9b:79:8a:97:12:82:09:13:a2:12:d6:8a:ac:56:4b:e9:34:4d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\w\devel\CAP\bandifilters\bin\bdfilters.pdb

Imports

comctl32

ord17

kernel32

lstrcmpW
CreateEventA
CloseHandle
WaitForSingleObject
CreateThread
SetEvent
GetProcAddress
GetModuleHandleA
WideCharToMultiByte
GetACP
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
lstrlenW
GetCurrentThreadId
GetTickCount
InterlockedIncrement
FreeLibrary
InterlockedDecrement
GetLastError
lstrcpynW
GetVersionExA
GetSystemInfo
VirtualAlloc
VirtualFree
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
SetFilePointer
MultiByteToWideChar
lstrlenA
DisableThreadLibraryCalls
GetCurrentProcess
GetModuleFileNameA
LoadLibraryA
VirtualQuery
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
HeapSize
HeapReAlloc
IsValidCodePage
GetOEMCP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
WriteFile
GetCurrentProcessId
HeapDestroy
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
ExitProcess
Sleep
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCommandLineA
RtlUnwind
HeapAlloc
HeapFree
ExitThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetModuleHandleW
TlsGetValue
SetLastError

user32

DestroyWindow
DefWindowProcA
wsprintfA
ShowWindow
GetWindowLongA
SetWindowLongA
CreateDialogParamA
MoveWindow
LoadStringA
GetDesktopWindow
GetWindowRect
LoadStringW
InvalidateRect

advapi32

RegSetValueA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
RegDeleteKeyA
RegCreateKeyA

shell32

ShellExecuteA

ole32

StringFromGUID2
CoUninitialize
CoFreeUnusedLibraries
CoCreateInstance
CoInitialize
CoTaskMemFree
CoTaskMemAlloc

Exports

Exports

CreateAudioDecoder
CreateVideoDecoder
CreateVideoDecoder_mjpeg
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 297KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bdfilters64.dll
.dll regsvr32 windows:5 windows x64 arch:x64

03c1aad04c80a2e0fd5bd4c160a3d1d1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6b:1d:d3:51:47:33:be:24:c6:cc:e8:81:6d:d7:a4:a0
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/01/2017, 00:00

Not After

04/01/2018, 23:59

Subject

CN=Bandicam Company,O=Bandicam Company,L=Seoul,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:1d:d3:51:47:33:be:24:c6:cc:e8:81:6d:d7:a4:a0
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/01/2017, 00:00

Not After

04/01/2018, 23:59

Subject

CN=Bandicam Company,O=Bandicam Company,L=Seoul,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

87:cc:f4:3d:1f:52:9c:e7:25:ae:85:aa:7c:79:3e:f6:89:a6:f4:dd:2a:c2:fd:51:df:7f:fa:ae:09:0c:6a:c3
Signer

Actual PE Digest

87:cc:f4:3d:1f:52:9c:e7:25:ae:85:aa:7c:79:3e:f6:89:a6:f4:dd:2a:c2:fd:51:df:7f:fa:ae:09:0c:6a:c3

Digest Algorithm

sha256

PE Digest Matches

true

46:08:7b:2c:86:31:06:6c:62:c5:9b:90:f1:03:7d:a0:95:84:5b:63
Signer

Actual PE Digest

46:08:7b:2c:86:31:06:6c:62:c5:9b:90:f1:03:7d:a0:95:84:5b:63

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\w\devel\CAP\bandifilters\bin\bdfilters64.pdb

Imports

comctl32

ord17

kernel32

lstrcmpW
CreateEventA
CloseHandle
WaitForSingleObject
CreateThread
SetEvent
GetProcAddress
WideCharToMultiByte
GetACP
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
lstrlenW
GetCurrentThreadId
GetTickCount
FreeLibrary
LoadLibraryA
lstrcpynW
GetLastError
GetSystemInfo
GetVersionExA
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
HeapReAlloc
HeapSize
IsValidCodePage
GetOEMCP
GetCPInfo
WriteFile
GetCurrentProcessId
HeapDestroy
HeapCreate
HeapSetInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
MultiByteToWideChar
lstrlenA
DisableThreadLibraryCalls
GetModuleFileNameA
GetStringTypeW
GetCurrentProcess
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
GetStartupInfoA
GetFileType
GetStdHandle
WriteConsoleA
SetStdHandle
SetHandleCount
ExitProcess
GetModuleHandleW
FlsAlloc
SetLastError
FlsFree
FlsGetValue
Sleep
QueryPerformanceCounter
GetSystemTimeAsFileTime
FlsSetValue
GetCommandLineA
RtlLookupFunctionEntry
RtlUnwindEx
HeapAlloc
HeapFree
ExitThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
RaiseException
RtlPcToFileHeader
EncodePointer
DecodePointer

user32

wsprintfA
GetDesktopWindow
GetWindowRect
LoadStringW
LoadStringA
DefWindowProcA
GetWindowLongA
SetWindowLongA
DestroyWindow
ShowWindow
InvalidateRect
MoveWindow
CreateDialogParamA
SetWindowLongPtrA
GetWindowLongPtrA

advapi32

RegCreateKeyA
RegSetValueA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
RegDeleteKeyA

shell32

ShellExecuteA

ole32

CoInitialize
StringFromGUID2
CoUninitialize
CoFreeUnusedLibraries
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc

Exports

Exports

CreateAudioDecoder
CreateVideoDecoder
CreateVideoDecoder_mjpeg
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 193KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 318KB - Virtual size: 327KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninstall.exe.nsis
RegVulkanLayer.bat
UnregVulkanLayer.bat
bandicam.ini
bdcam.dll
.dll windows:6 windows x86 arch:x86

44d4c5d6332d77adb544c2a68471e7f0

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3f:8d:23:c1:36:ae:9c:be:ea:c7:60:5b:24:ec:03:91
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/12/2017, 00:00

Not After

19/02/2021, 23:59

Subject

CN=Bandicam Company,O=Bandicam Company,L=Yeoungdeungpo-=gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3f:8d:23:c1:36:ae:9c:be:ea:c7:60:5b:24:ec:03:91
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/12/2017, 00:00

Not After

19/02/2021, 23:59

Subject

CN=Bandicam Company,O=Bandicam Company,L=Yeoungdeungpo-=gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19/02/2018, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

90:a9:9a:26:d8:79:93:4b:1c:ee:9d:21:11:a1:01:fb:66:61:4f:4d:f7:09:53:d2:55:90:88:ec:b3:94:d6:45
Signer

Actual PE Digest

90:a9:9a:26:d8:79:93:4b:1c:ee:9d:21:11:a1:01:fb:66:61:4f:4d:f7:09:53:d2:55:90:88:ec:b3:94:d6:45

Digest Algorithm

sha256

PE Digest Matches

true

e7:d0:d8:17:4b:94:ef:dd:d9:ba:94:55:ca:ba:56:a2:5b:d6:2a:f8
Signer

Actual PE Digest

e7:d0:d8:17:4b:94:ef:dd:d9:ba:94:55:ca:ba:56:a2:5b:d6:2a:f8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\w\devel\CAP4\bandicam\bin\bdcam.dll.pdb

Imports

kernel32

GetFileAttributesW
GetFileSize
LocalFree
CreateDirectoryW
GetFullPathNameW
WideCharToMultiByte
MultiByteToWideChar
WaitForSingleObject
CreateToolhelp32Snapshot
GetCurrentProcessId
TerminateProcess
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
SizeofResource
LockResource
LoadResource
FindResourceExW
FindResourceW
EnterCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
GetTickCount64
QueryPerformanceFrequency
VirtualProtect
WriteFile
InitializeCriticalSection
DeleteCriticalSection
CreateEventW
SetEvent
VirtualAlloc
VirtualFree
CreateMutexW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
ReleaseMutex
CreateFileMappingW
VirtualQuery
HeapCreate
Thread32Next
Thread32First
GetCurrentThreadId
GetSystemDirectoryW
ResumeThread
Sleep
GetThreadContext
FlushInstructionCache
SetThreadContext
OpenThread
GetLocalTime
FreeLibraryAndExitThread
CreateThread
DisableThreadLibraryCalls
GetTickCount
InitializeCriticalSectionEx
RaiseException
DecodePointer
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetStdHandle
SetFilePointerEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetStringTypeW
GetFileType
GetStdHandle
WriteConsoleW
LCMapStringW
ExitProcess
GetModuleHandleExW
ExitThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
InterlockedFlushSList
RtlUnwind
InitializeSListHead
GetStartupInfoW
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
GetModuleFileNameW
GetCurrentProcess
FreeLibrary
LoadLibraryW
GetProcAddress
GetModuleHandleW
SetLastError
FindClose
FindNextFileW
GetSystemTimeAsFileTime
ReadFile
SetFilePointer
CreateFileW
OutputDebugStringA
OutputDebugStringW
CloseHandle
SuspendThread
GetLastError
UnhandledExceptionFilter
IsDebuggerPresent

user32

FindWindowW
WindowFromDC
GetClientRect
FillRect
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
PostMessageW
wsprintfW
RegisterWindowMessageW
SetForegroundWindow
GetForegroundWindow
GetDesktopWindow
GetParent
IsWindow
GetWindowLongW

gdi32

CreateSolidBrush
DeleteObject

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
SetNamedSecurityInfoW
SetEntriesInAclW
FreeSid
AllocateAndInitializeSid

shlwapi

PathIsDirectoryW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

winmm

PlaySoundW

Exports

Exports

Bdcam_Initialize
Bdcam_SharedData
Bdcam_Uninitialize

Sections

.text
Size: 357KB - Virtual size: 356KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 342KB - Virtual size: 341KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hkshare
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.BANDI0
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bdcam.exe
.exe windows:6 windows x86 arch:x86

63109d9cba3502afc08ff5db2f5f625f

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3f:8d:23:c1:36:ae:9c:be:ea:c7:60:5b:24:ec:03:91
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/12/2017, 00:00

Not After

19/02/2021, 23:59

Subject

CN=Bandicam Company,O=Bandicam Company,L=Yeoungdeungpo-=gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3f:8d:23:c1:36:ae:9c:be:ea:c7:60:5b:24:ec:03:91
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/12/2017, 00:00

Not After

19/02/2021, 23:59

Subject

CN=Bandicam Company,O=Bandicam Company,L=Yeoungdeungpo-=gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19/02/2018, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

68:fb:60:c8:8a:86:20:f2:1e:c1:55:a1:7e:9a:bc:e0:56:7a:45:61:f4:b2:00:75:2c:00:8c:4a:0d:e2:4e:20
Signer

Actual PE Digest

68:fb:60:c8:8a:86:20:f2:1e:c1:55:a1:7e:9a:bc:e0:56:7a:45:61:f4:b2:00:75:2c:00:8c:4a:0d:e2:4e:20

Digest Algorithm

sha256

PE Digest Matches

true

ed:dd:55:56:7b:14:e3:5a:cc:a7:97:17:cc:2a:25:12:27:72:9f:b5
Signer

Actual PE Digest

ed:dd:55:56:7b:14:e3:5a:cc:a7:97:17:cc:2a:25:12:27:72:9f:b5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetACP
IsValidCodePage
FindFirstFileExW
GetDriveTypeW
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetStdHandle
VirtualQuery
GetEnvironmentStringsW
GetCommandLineA
GetFileType
SetStdHandle
FreeLibraryAndExitThread
ExitThread
RtlUnwind
GetStringTypeW
LCMapStringW
GetCPInfo
LoadLibraryExA
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
GetOEMCP
FreeEnvironmentStringsW
SetEnvironmentVariableW
HeapQueryInformation
WriteConsoleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
WaitForSingleObjectEx
IsProcessorFeaturePresent
UnhandledExceptionFilter
GetProfileIntW
SearchPathW
VerifyVersionInfoW
VerSetConditionMask
GetFileAttributesExW
VirtualProtect
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GlobalGetAtomNameW
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
CompareStringA
ResumeThread
UnlockFile
SetEndOfFile
LockFile
GetThreadLocale
GlobalFindAtomW
GlobalAddAtomW
GlobalDeleteAtom
EncodePointer
LoadLibraryA
GetModuleHandleA
CopyFileW
DuplicateHandle
lstrcmpiW
GetThreadPriority
WaitForMultipleObjects
SwitchToThread
LoadLibraryExW
GetModuleHandleExW
SetErrorMode
SetUnhandledExceptionFilter
DecodePointer
FormatMessageW
MoveFileW
CreateThread
ReadDirectoryChangesW
SleepEx
GetLocalTime
GetUserDefaultLCID
LCIDToLocaleName
GetUserDefaultLangID
CompareStringW
QueryFullProcessImageNameW
GetTickCount
GetSystemWow64DirectoryW
RaiseException
GetCurrentThreadId
InitializeCriticalSectionEx
CreateFileMappingW
ReleaseMutex
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CreateMutexW
VirtualFree
VirtualAlloc
GlobalSize
GlobalUnlock
GlobalLock
FlushFileBuffers
ExitProcess
FileTimeToLocalFileTime
lstrcmpA
LocalAlloc
ResetEvent
SetEvent
CreateEventW
GetWindowsDirectoryW
lstrlenA
QueryPerformanceFrequency
GetTickCount64
QueryPerformanceCounter
FindResourceExW
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
MulDiv
lstrcmpW
WriteFile
SetThreadPriority
Sleep
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetVersionExW
GetSystemInfo
TerminateProcess
OpenProcess
Process32NextW
GetCurrentProcessId
Process32FirstW
GetLastError
CreateToolhelp32Snapshot
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
IsDBCSLeadByteEx
MultiByteToWideChar
WideCharToMultiByte
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
LocalFree
GetFileSizeEx
GetFileSize
GetFileAttributesW
DeleteFileW
GetTempFileNameW
GetTempPathW
GetCurrentDirectoryW
GetSystemDirectoryW
GetModuleFileNameW
GetDiskFreeSpaceW
GlobalFree
GlobalAlloc
GetCurrentThread
GetCurrentProcess
FreeLibrary
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetVolumeInformationW
SetLastError
FindClose
FindNextFileW
lstrcpyW
FindFirstFileW
lstrcpynW
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
FileTimeToSystemTime
GetSystemTimeAsFileTime
GetFileTime
FindResourceW
LoadResource
LockResource
SizeofResource
ReadFile
SetFilePointer
CreateFileW
OutputDebugStringA
OutputDebugStringW
lstrlenW
CloseHandle
GetCommandLineW
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

BeginDeferWindowPos
SetWindowPlacement
IsChild
IsMenu
GetMessageTime
GetMessagePos
RemoveMenu
InsertMenuW
GetMenuState
MsgWaitForMultipleObjects
GetQueueStatus
PostThreadMessageW
GetActiveWindow
GetMessageW
SetMenuDefaultItem
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
GetWindow
WindowFromPoint
GetCursor
GetCursorInfo
ShowCursor
FillRect
AppendMenuW
CreatePopupMenu
GetDoubleClickTime
SetCursorPos
GetCapture
EnableMenuItem
UpdateLayeredWindow
SetParent
CheckMenuItem
DeleteMenu
CheckMenuRadioItem
DrawIconEx
LoadImageW
SetClassLongW
GetAsyncKeyState
TranslateAcceleratorW
DrawIcon
LoadAcceleratorsW
GetClassInfoW
EnumDisplayDevicesW
MessageBoxW
EnumDisplayMonitors
GetWindowTextLengthW
GetFocus
IsWindowEnabled
TrackPopupMenuEx
DestroyMenu
LoadMenuW
TrackMouseEvent
SetWindowRgn
GetClassInfoExW
DeferWindowPos
UnregisterClassW
SetFocus
InflateRect
GetCursorPos
GetWindowDC
SetScrollInfo
SetScrollRange
SetScrollPos
CreateWindowExW
EndPaint
BeginPaint
GetSysColor
GetKeyState
DestroyWindow
UnionRect
IsClipboardFormatAvailable
CharUpperW
PostQuitMessage
CloseClipboard
IsZoomed
MessageBeep
SetWindowContextHelpId
CreateDialogIndirectParamW
SendMessageW
GetSystemMetrics
EmptyClipboard
OpenClipboard
KillTimer
SetTimer
ShowWindow
CallWindowProcW
RemovePropW
GetPropW
SetPropW
SetLayeredWindowAttributes
SetActiveWindow
IntersectRect
RegisterClassW
LoadIconW
DefWindowProcW
GetSysColorBrush
InvalidateRect
SetCursor
LoadCursorW
SetCapture
RedrawWindow
ReleaseCapture
PtInRect
GetClientRect
EnableWindow
wsprintfW
GetSubMenu
GetMenuItemInfoW
EndDeferWindowPos
GetDlgItem
GetMenu
SetMenu
TrackPopupMenu
UpdateWindow
ValidateRect
ScrollWindow
GetScrollPos
GetScrollRange
ShowScrollBar
AdjustWindowRectEx
GetTopWindow
GetLastActivePopup
GetScrollInfo
WinHelpW
MonitorFromWindow
CheckDlgButton
ModifyMenuW
GetMenuItemID
IsDialogMessageW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
LoadBitmapW
DrawTextExW
GrayStringW
RegisterClassExW
SystemParametersInfoW
GetWindowRect
MonitorFromRect
GetMonitorInfoW
CopyRect
MonitorFromPoint
OffsetRect
EqualRect
MoveWindow
GetWindowLongW
SetWindowPos
ScreenToClient
ClientToScreen
PeekMessageW
TranslateMessage
DispatchMessageW
IsWindow
GetParent
GetDesktopWindow
FindWindowExW
GetWindowThreadProcessId
IsWindowVisible
IsIconic
GetWindowTextW
GetWindowPlacement
GetForegroundWindow
SetForegroundWindow
BringWindowToTop
GetDC
ReleaseDC
RegisterWindowMessageW
DestroyIcon
DrawTextW
ExitWindowsEx
PostMessageW
IsRectEmpty
MapDialogRect
ShowOwnedPopups
SendDlgItemMessageA
DrawStateW
GetClassNameW
GetClassLongW
GetKeyNameTextW
DrawFocusRect
MapVirtualKeyW
CopyImage
RealChildWindowFromPoint
InsertMenuItemW
TabbedTextOutW
EndDialog
SetRectEmpty
SetRect
GetDlgCtrlID
SetWindowTextW
MapWindowPoints
SetWindowLongW
EnumChildWindows
GetMenuItemCount
GetMenuStringW
GetNextDlgTabItem
UnpackDDElParam
ReuseDDElParam
GetSystemMenu
NotifyWinEvent
WaitMessage
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
CopyAcceleratorTableW
RegisterClipboardFormatW
LockWindowUpdate
CharNextW
InvalidateRgn
GetNextDlgGroupItem
GetMenuDefaultItem
EnableScrollBar
DrawEdge
DrawFrameControl
GetWindowRgn
GetComboBoxInfo
DestroyCursor
CreateMenu
InvertRect
HideCaret
GetIconInfo
GetUpdateRect
SubtractRect
MapVirtualKeyExW
IsCharLowerW
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
FrameRect
CopyIcon
CharUpperBuffW
SetClipboardData

gdi32

CopyMetaFileW
CreateBitmap
CreateHatchBrush
CreatePatternBrush
Escape
GetClipBox
GetObjectType
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
FillRgn
GetMapMode
SetRectRgn
DPtoLP
CreateDIBitmap
GetTextCharsetInfo
GetDIBits
RealizePalette
SetPixel
SetDIBColorTable
CreateRoundRectRgn
GetRgnBox
GetTextColor
GetBkColor
EnumFontFamiliesExW
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
LPtoDP
RoundRect
ExtFloodFill
SetPaletteEntries
GetViewportOrgEx
GetWindowOrgEx
FrameRgn
GetBoundsRect
PtInRegion
GetTextFaceW
SetPixelV
CreateRectRgnIndirect
GetPixel
Rectangle
CreatePen
CreateDCW
CreateSolidBrush
ExtCreateRegion
LineTo
MoveToEx
CombineRgn
OffsetRgn
CreateRectRgn
ExcludeClipRect
SetWindowOrgEx
CreateCompatibleBitmap
TextOutW
SetTextCharacterExtra
AbortPath
GetPath
EndPath
CloseFigure
BeginPath
StretchBlt
BitBlt
CreateDIBSection
CreateFontIndirectW
GetDeviceCaps
SelectObject
SetTextColor
SetBkMode
CreateCompatibleDC
DeleteDC
CreateFontW
DeleteObject
ExtTextOutW
SetBkColor
EnumFontFamiliesW
GetObjectW
GetStockObject
GetTextMetricsW
PatBlt
GetTextExtentPoint32W

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetOpenFileNameW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

SetSecurityDescriptorDacl
OpenProcessToken
AllocateAndInitializeSid
FreeSid
SetEntriesInAclW
SetNamedSecurityInfoW
RegOpenKeyExW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueW
RegEnumKeyW
RegEnumValueW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteKeyW
InitializeSecurityDescriptor
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW

shell32

SHBrowseForFolderW
ord190
SHOpenFolderAndSelectItems
ord155
ShellExecuteW
Shell_NotifyIconW
SHChangeNotify
CommandLineToArgvW
ExtractIconExW
SHGetFileInfoW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetMalloc
SHAppBarMessage
DragFinish
DragQueryFileW
SHGetPathFromIDListW

comctl32

InitCommonControlsEx

shlwapi

StrStrW
PathFindExtensionW
PathIsDirectoryW
PathRemoveFileSpecW
PathIsUNCW
PathStripToRootW
StrFormatKBSizeW
PathFindFileNameW

uxtheme

GetThemeSysColor
IsAppThemed
DrawThemeText
DrawThemeParentBackground
DrawThemeBackground
IsThemeBackgroundPartiallyTransparent
OpenThemeData
CloseThemeData
GetThemePartSize
GetThemeColor
GetCurrentThemeName
GetWindowTheme

ole32

IsAccelerator
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleUninitialize
OleInitialize
OleLockRunning
OleGetClipboard
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CreateStreamOnHGlobal
CoDisconnectObject
CoCreateGuid
CLSIDFromString
CoInitializeEx
ReleaseStgMedium
OleDuplicateData
CoFreeUnusedLibraries
CoTaskMemAlloc
PropVariantClear
CoInitialize
CoTaskMemFree
CoCreateInstance
OleSetContainedObject
OleCreate
CoUninitialize
CoRevokeClassObject
CoRegisterMessageFilter
CLSIDFromProgID

oleaut32

SysFreeString
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantInit
VariantCopy
VarBstrFromDate
LoadTypeLi
OleCreateFontIndirect
VariantClear
SysAllocString
SafeArrayDestroy
OleCreatePropertyFrame
VariantChangeType
SysStringLen
SysAllocStringLen

oledlg

OleUIBusyW

urlmon

CoInternetCombineUrl

gdiplus

GdipSetClipRectI
GdipFillRectangleI
GdipSetSmoothingMode
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipSetPenStartCap
GdipSetPenEndCap
GdipDrawLineI
GdipCreateAdjustableArrowCap
GdipDeleteCustomLineCap
GdipSetPenCustomEndCap
GdipDrawRectangleI
GdipFillEllipse
GdipCloneBrush
GdipCreateFontFromDC
GdipCreateFontFromLogfontW
GdipReleaseDC
GdipCloneStringFormat
GdipStringFormatGetGenericTypographic
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipDrawImageRectRectI
GdipDrawImagePointRectI
GdiplusShutdown
GdipFlush
GdipCreateFromHDC
GdipDrawEllipseI
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreatePath
GdipDeletePath
GdipAddPathEllipseI
GdipSetClipPath
GdipDrawImageI
GdipFillEllipseI
GdipCreateRegion
GdipDeleteRegion
GdipAddPathRectangleI
GdipCreateRegionPath
GdipSetClipRegion
GdipCreateRegionRectI
GdipCombineRegionRectI
GdipFillRegion
GdipSetPenWidth
GdipSetPenDashArray
GdipSetEmpty
GdipCombineRegionRegion
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectI
GdipImageRotateFlip
GdipGetImagePixelFormat
GdipGetImagePalette
GdipDeleteBrush
GdipCreateBitmapFromStream
GdipCreateBitmapFromHBITMAP
GdipSetInterpolationMode
GdipCreateSolidFill
GdipSetTextRenderingHint
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteFont
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipGraphicsClear
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipCloneImage
GdipAlloc
GdipDisposeImage
GdipFree
GdiplusStartup
GdipDrawString
GdipGetDC
GdipGetImagePaletteSize

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

wininet

InternetQueryOptionW
InternetCrackUrlA
InternetSetCookieW
HttpOpenRequestA
HttpEndRequestW
InternetWriteFile
HttpSendRequestExW
HttpAddRequestHeadersW
HttpSendRequestW
InternetCanonicalizeUrlW
InternetOpenW
InternetSetOptionW
HttpOpenRequestW
InternetConnectW
InternetCrackUrlW
InternetCloseHandle
InternetReadFile
InternetQueryDataAvailable
HttpQueryInfoW
InternetOpenUrlW
InternetConnectA

crypt32

CryptMsgGetParam
CertFindCertificateInStore
CertFreeCertificateContext
CertCloseStore
CryptMsgClose
CertGetNameStringW
CryptDecodeObject
CryptQueryObject

psapi

GetModuleFileNameExW
EnumProcessModules

winmm

timeBeginPeriod
timeEndPeriod
PlaySoundW
waveOutSetVolume
timeSetEvent
timeKillEvent

msvfw32

ICInfo
ICOpen
ICClose
ICGetInfo
ICSendMessage

dsound

ord8

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

Exports

Exports

'� + }��T��@��Ą��]��u`Sv��F�$�]��zC��=~X�ک��.�{�P��v;d�m��R) �?�B|��<�, �� ED��"Bu�_�q�:�s� 16K$fd�;�&ݺ2v��G� b�+�-_��bm��w��jk!7F��{5�D�K�`�<,K� /�۳��=A�L��B��2�{s�h�wfgN�l�R��9��̘f��+��@�Wdޱ+��*Q�*ˍ��i) ] .%��6E�5��`5�y�b��˫�ܝ��D��S�V'��t#*�[eQ p��(��}~HGQ��+�`X_U�΅]C�ē����؀��0<�g��W��u>��-j�~]�h;�6ʔ�۝��?��΢fz��*�g�=:��J�=~��(��+j"�/��P��5��7�Px��\רˣ�N�c9:�!�lfO(!��f��A%Ys��-�J��:T�eu�]�%�� g~ܼ�[ ۨf��xV拺��v�7?�� I6��tFC^��ǘK��R'�Y�M�:��wL�Ǟװ�_�j��4Y3ND>{$f�؞�:jF��?v5u�%Y�KR�H�!��r�j�y �Y��/<ߴ]�µ�K��}�bؒai^�R)9�Y��G��L�K� ��:3-�-Cl�:��v�8�Ű�&�xp��ք.|�~��Oi�t�j|<jL{f�^��戳��}�V'�a�,#��hZE�7�B��Q@��.h��$_�ξ$=�{^@�՞�9}V��H��Y �t��I69�nt��C=E-��7��R��H�J�&L6�R�Zo��]̊Nr��?�}��Ic�S�ܞ��~�-��vq��a�`��Z�jc�@��4��`a2��3�/�;�ɾ��]�5��x�Y�eh��.c�H��J�8�*Ş�ፙ�O��H�p��$*�2l��Š��)C:}��`P�p;��+�8��l��j�:-ҋ�я��ٷ�_�Pyov{r|+t�{��p��QT �^:Et{��^?3�B)�B�JC�%�8z��֍9��{^��K��z͵R.��<!7��!�0�p�|��E)G6��e|{� �5{�H�}(�<)G'T�$�Aq|��W��2uؤX��9��d�M��O�c�pk��'OI�M��$Ŋu��` �A��;�c4�j�[�L�� $+}��0�%v�J?Y�fڵCfCj��8��Lۮ��u#��n�V�h�}b&��v�"�Ü��T�ŬD�эX��~��AT?&˦�~K-�� Y�C�\0#ݥR-��)�7�(P��"y�U��1�E&Bz�B��:�m�QjAK��N�� r��+�2�D��'��9Nܓ��/�')� �BJf�J\��(��9=1��d�C��c�1 +��V?PJ�'u�!K*�#�2b��5�H��F��X�2W�f��'f�m�,u�X��M1�}��"`�>͎w􉤤-|� �m��飉3�� j ��ޜ0(��N��=��B{�_�T�d��F��Nx��k1��F�?*W�0��2��ҿv��.�׋b�<�[�3qJ��Kk��s�`�N�%YP��i��pt!ߜT[��=�zM)��2⁤Vm�4��L��E�&�6��ߙq��z��.P��I��w�-L��M�V�2Et��<;,'�-6��K��Gg�LA�� Y��V~ W��\�s=�&'�y@sld1��)�aⷆl�\G�{��t�* ��Ө��Dz�r�$��?}��lG�-ˤMJ��t�T�M��-H�ALo��R��d�5�^l�,Ņ�Ð�T9y��<��E*�Q��0M�Z�/�m�|2��'��w�&Sj�}Ἠ��sK�b��0��w��9�L��:Y�u�Uc �k۩Wq��Z8!Af2��c��q!eo��^��/c+�H}w�8^��\��\g��/BX��Q(�� (��\\�A3��h$�1U��X��MԆ}A�C�(lb�_� ��̸�R�p��a��ٱ=��Y=q��䗓S��&`&:H⹅[%%�Qڊa#=�.c��ƲQ�{ �̇L��(��u̸��p)�o ��r��iǔ��dVK.��mw��?uդ�L�%ݯە5!�)�UW%�; �Pۂ�B��U"T�.�=��K�ϐ�(P��`lwwQ�g��ޭX7�� o�%]�?��腧��b��2��2�-�84�A�'��ǧE��KgJ��:��;^\:i�Sv|n�H��6[�>d��s�(��p��R?(��σ�uW��^i��v��0�|��i��'V\�t��st�RE��ᝪ]+��F��O�?A�β+K6��&1 �5�:� �C;Y3!�9��N��hb�>��<�Q�[��lDq�Xv(��c��\��<;iS��]h�X�ȼ+��eM�m%mA'��ui�"V�`�9�� *&6GWÂy63GpS�TE�a@y�g�M��Sԛ�Pb��g��/U�W�,lŜ��v��6l[a>��;0�l&�x.a �C�L��J4��d��`PtЩ�q�*f{�b`r��Q5�U��N��9!�*Ө�/�}�l�nAL3F�סd��K�x��3,�c��_�{�� fS��;_y�(��*��~�1�`��7$=�0yq4$G5��2�O�]��g��$|]"Ӱ��*�鲾��'}�6� ��H.k�;��Nሕ��j'��0Y۶X¼ui��>f��a�?UƠO� *Ȼ�f�p��[�jzJ[}D6 \X�a$!�p5!��~\�.N\O�� F�9q ��|e��C��

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 656KB - Virtual size: 656KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 242KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.BANDISH
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.BANDI0
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.BANDI1
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 233KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 707KB - Virtual size: 706KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bdcam64.bin
.exe windows:6 windows x64 arch:x64

3706aa9a14bb23d5c17fdfcfab281a5d

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3f:8d:23:c1:36:ae:9c:be:ea:c7:60:5b:24:ec:03:91
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/12/2017, 00:00

Not After

19/02/2021, 23:59

Subject

CN=Bandicam Company,O=Bandicam Company,L=Yeoungdeungpo-=gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3f:8d:23:c1:36:ae:9c:be:ea:c7:60:5b:24:ec:03:91
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/12/2017, 00:00

Not After

19/02/2021, 23:59

Subject

CN=Bandicam Company,O=Bandicam Company,L=Yeoungdeungpo-=gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19/02/2018, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d2:93:0b:a0:80:55:11:fe:4e:c2:1a:5c:3b:15:1c:23:2a:7e:e7:fc:03:ab:09:7e:fc:37:9e:f9:da:9a:2a:49
Signer

Actual PE Digest

d2:93:0b:a0:80:55:11:fe:4e:c2:1a:5c:3b:15:1c:23:2a:7e:e7:fc:03:ab:09:7e:fc:37:9e:f9:da:9a:2a:49

Digest Algorithm

sha256

PE Digest Matches

true

cc:92:c4:6c:7c:dc:60:a8:81:27:62:8f:f8:f4:c3:82:88:4e:d9:34
Signer

Actual PE Digest

cc:92:c4:6c:7c:dc:60:a8:81:27:62:8f:f8:f4:c3:82:88:4e:d9:34

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\w\devel\CAP4\bandicam\bin\bdcam64.pdb

Imports

bdcam64

Bdcam_Uninitialize
Bdcam_Initialize
Bdcam_SharedData

kernel32

FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
GetConsoleMode
GetConsoleCP
SetFilePointerEx
LCMapStringW
GetStartupInfoW
WaitForSingleObjectEx
SetStdHandle
QueryPerformanceFrequency
VirtualQuery
VirtualAlloc
HeapQueryInformation
GetCommandLineW
GetCommandLineA
ExitProcess
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlPcToFileHeader
RtlUnwindEx
SetEnvironmentVariableW
IsDebuggerPresent
InitializeSListHead
GetStdHandle
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SearchPathW
GetProfileIntW
VerifyVersionInfoW
VerSetConditionMask
GetWindowsDirectoryW
FindResourceExW
GetFileAttributesExW
FileTimeToLocalFileTime
SetErrorMode
VirtualProtect
lstrcmpiW
DuplicateHandle
WriteFile
UnlockFile
QueryPerformanceCounter
SetEndOfFile
LockFile
FlushFileBuffers
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GlobalGetAtomNameW
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GlobalFindAtomW
EncodePointer
GlobalAddAtomW
ResumeThread
SetThreadPriority
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
GlobalDeleteAtom
LoadLibraryExW
GetCurrentThreadId
lstrcmpA
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
GetModuleHandleExW
CopyFileW
FormatMessageW
GlobalUnlock
GlobalLock
GlobalSize
GetProcessHeap
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
HeapFree
GetUserDefaultLangID
CompareStringW
QueryFullProcessImageNameW
GetTickCount
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ResetEvent
SetEvent
CreateEventW
MulDiv
lstrcmpW
GetVersionExW
GetSystemInfo
TerminateProcess
OpenProcess
Process32NextW
GetCurrentProcessId
Process32FirstW
CreateToolhelp32Snapshot
WaitForSingleObject
MultiByteToWideChar
WideCharToMultiByte
GetFullPathNameW
CreateDirectoryW
LocalFree
GetFileSizeEx
GetFileSize
GetFileAttributesW
DeleteFileW
GetTempFileNameW
GetTempPathW
GetCurrentDirectoryW
GetSystemDirectoryW
GetModuleFileNameW
GlobalFree
GlobalAlloc
GetCurrentThread
GetCurrentProcess
FreeLibrary
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetVolumeInformationW
SetLastError
FindClose
FindNextFileW
lstrcpyW
FindFirstFileW
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
FileTimeToSystemTime
GetSystemTimeAsFileTime
GetFileTime
FindResourceW
LoadResource
LockResource
SizeofResource
ReadFile
SetFilePointer
CreateFileW
OutputDebugStringA
OutputDebugStringW
CloseHandle
GetLastError
GetStringTypeW
WriteConsoleW
GetFileType

user32

InvalidateRect
KillTimer
RealChildWindowFromPoint
DeleteMenu
CopyImage
WindowFromPoint
ReleaseCapture
SetCapture
WaitMessage
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
GetSysColorBrush
IsDialogMessageW
CheckDlgButton
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
GetWindow
GetTopWindow
GetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
PtInRect
GetSysColor
AdjustWindowRectEx
GetClientRect
GetWindowTextLengthW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
EndPaint
BeginPaint
SetActiveWindow
UpdateWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetDlgItem
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
DestroyWindow
IsChild
DrawTextExW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
CallWindowProcW
GetMessageTime
GetMessagePos
GetLastActivePopup
MessageBoxW
SetCursor
ShowOwnedPopups
CallNextHookEx
SetWindowsHookExW
GetCursorPos
ValidateRect
EnableScrollBar
GetActiveWindow
GetMessageW
LoadBitmapW
SetMenuItemInfoW
DrawIconEx
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
PostQuitMessage
UnhookWindowsHookEx
IsWindowEnabled
GetFocus
SetFocus
HideCaret
InvertRect
NotifyWinEvent
SetLayeredWindowAttributes
OpenClipboard
CloseClipboard
SendMessageW
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuState
UnregisterClassW
EnableWindow
SetTimer
RegisterClassW
LoadCursorW
LoadIconW
DefWindowProcW
ShowWindow
IsRectEmpty
PostMessageW
EnumDisplayMonitors
GetSubMenu
GetMenuItemInfoW
ModifyMenuW
GetMenuItemID
GetMenuStringW
GetMenuItemCount
EnumChildWindows
SetWindowLongW
GetClassNameW
MapWindowPoints
GrayStringW
TabbedTextOutW
GetWindowDC
FillRect
CharUpperW
DestroyMenu
InflateRect
SendDlgItemMessageA
SetRectEmpty
GetAsyncKeyState
MapDialogRect
LoadAcceleratorsW
TranslateAcceleratorW
LoadMenuW
CreatePopupMenu
InsertMenuItemW
IntersectRect
LoadImageW
SetWindowTextW
GetDlgCtrlID
UnpackDDElParam
ReuseDDElParam
TrackMouseEvent
GetMenuDefaultItem
GetKeyNameTextW
MapVirtualKeyW
UnionRect
GetSystemMenu
SetParent
GetNextDlgGroupItem
IsMenu
GetSystemMetrics
SystemParametersInfoW
GetWindowRect
GetMonitorInfoW
CopyRect
MonitorFromPoint
OffsetRect
EqualRect
MoveWindow
GetWindowLongW
SetWindowPos
ScreenToClient
ClientToScreen
PeekMessageW
TranslateMessage
DispatchMessageW
IsWindow
GetParent
GetDesktopWindow
FindWindowExW
GetWindowThreadProcessId
IsWindowVisible
IsIconic
GetWindowTextW
GetWindowPlacement
GetForegroundWindow
SetForegroundWindow
BringWindowToTop
GetDC
ReleaseDC
RegisterWindowMessageW
DestroyIcon
DrawTextW
SetClipboardData
EmptyClipboard
DrawStateW
SetClassLongPtrW
DrawFocusRect
GetIconInfo
GetMenuCheckMarkDimensions
MessageBeep
SetWindowRgn
DrawEdge
DrawFrameControl
IsZoomed
DestroyCursor
GetWindowRgn
CreateMenu
SubtractRect
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
GetUpdateRect
IsClipboardFormatAvailable
CharUpperBuffW
RegisterClipboardFormatW
GetDoubleClickTime
SetMenuDefaultItem
CopyAcceleratorTableW
DestroyAcceleratorTable
CreateAcceleratorTableW
GetKeyboardState
ToUnicodeEx
MapVirtualKeyExW
IsCharLowerW
GetKeyboardLayout
PostThreadMessageW
GetComboBoxInfo
UpdateLayeredWindow
LockWindowUpdate
SetRect
DrawIcon
FrameRect
CopyIcon
GetKeyState
SetCursorPos

gdi32

GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
TextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateFontIndirectW
CreateCompatibleBitmap
CombineRgn
CreateRectRgnIndirect
PatBlt
SetRectRgn
DPtoLP
EnumFontFamiliesExW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetBkColor
CreateDIBitmap
GetTextCharsetInfo
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
GetTextColor
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
Rectangle
GetRgnBox
OffsetRgn
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
GetTextFaceW
GetClipBox
ExcludeClipRect
Escape
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateCompatibleDC
BitBlt
SetTextColor
CreateBitmap
CreateDCW
CopyMetaFileW
DeleteDC
GetDeviceCaps
DeleteObject
ExtTextOutW
SetBkColor
GetObjectW
GetStockObject
GetTextMetricsW
EnumFontFamiliesW
GetTextExtentPoint32W

msimg32

AlphaBlend
TransparentBlt

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegDeleteKeyW
OpenProcessToken
RegEnumValueW
RegQueryValueW
RegEnumKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
SetNamedSecurityInfoW
SetEntriesInAclW
FreeSid
AllocateAndInitializeSid

shell32

SHBrowseForFolderW
ShellExecuteW
SHGetFileInfoW
DragQueryFileW
DragFinish
SHAppBarMessage
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetPathFromIDListW

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionW
PathIsDirectoryW
PathRemoveFileSpecW
PathIsUNCW
PathStripToRootW
StrFormatKBSizeW
PathFindFileNameW

uxtheme

OpenThemeData
CloseThemeData
DrawThemeParentBackground
IsThemeBackgroundPartiallyTransparent
GetThemeSysColor
GetWindowTheme
IsAppThemed
GetThemePartSize
GetCurrentThemeName
DrawThemeText
DrawThemeBackground
GetThemeColor

ole32

OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoInitialize
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CreateStreamOnHGlobal
CoDisconnectObject
CoCreateGuid
CoInitializeEx
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoUninitialize

oleaut32

SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
LoadTypeLi
SysFreeString
VariantCopy
VarBstrFromDate
SysAllocStringLen
SysAllocString
VariantChangeType
VariantInit
VariantClear

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup

psapi

GetModuleFileNameExW
EnumProcessModules

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 666KB - Virtual size: 666KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.BANDISH
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bdcam64.dll
.dll windows:6 windows x64 arch:x64

e8faf9822f253b87081307459689fd19

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3f:8d:23:c1:36:ae:9c:be:ea:c7:60:5b:24:ec:03:91
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/12/2017, 00:00

Not After

19/02/2021, 23:59

Subject

CN=Bandicam Company,O=Bandicam Company,L=Yeoungdeungpo-=gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3f:8d:23:c1:36:ae:9c:be:ea:c7:60:5b:24:ec:03:91
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/12/2017, 00:00

Not After

19/02/2021, 23:59

Subject

CN=Bandicam Company,O=Bandicam Company,L=Yeoungdeungpo-=gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19/02/2018, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:ed:bf:16:99:49:4d:e0:fb:5f:dc:21:d7:c1:a3:fd:a8:f5:8d:2f:0c:44:d7:fd:81:bd:a7:be:8e:1b:07:b8
Signer

Actual PE Digest

16:ed:bf:16:99:49:4d:e0:fb:5f:dc:21:d7:c1:a3:fd:a8:f5:8d:2f:0c:44:d7:fd:81:bd:a7:be:8e:1b:07:b8

Digest Algorithm

sha256

PE Digest Matches

true

b1:a0:e0:15:cf:b5:7e:21:6c:36:ee:3f:d5:24:9a:9e:db:f8:8d:f3
Signer

Actual PE Digest

b1:a0:e0:15:cf:b5:7e:21:6c:36:ee:3f:d5:24:9a:9e:db:f8:8d:f3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\w\devel\CAP4\bandicam\bin\bdcam64.dll.pdb

Imports

kernel32

GetFileAttributesW
GetFileSize
LocalFree
CreateDirectoryW
GetFullPathNameW
WideCharToMultiByte
MultiByteToWideChar
WaitForSingleObject
CreateToolhelp32Snapshot
GetCurrentProcessId
TerminateProcess
GetSystemInfo
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
SizeofResource
LockResource
LoadResource
FindResourceExW
FindResourceW
EnterCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
GetTickCount64
QueryPerformanceFrequency
VirtualProtect
WriteProcessMemory
WriteFile
InitializeCriticalSection
DeleteCriticalSection
CreateEventW
SetEvent
VirtualAlloc
VirtualFree
CreateMutexW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
ReleaseMutex
CreateFileMappingW
VirtualQuery
HeapCreate
Thread32Next
Thread32First
GetCurrentThreadId
GetSystemDirectoryW
ResumeThread
Sleep
GetThreadContext
FlushInstructionCache
SetThreadContext
OpenThread
GetLocalTime
FreeLibraryAndExitThread
CreateThread
DisableThreadLibraryCalls
GetTickCount
InitializeCriticalSectionEx
RaiseException
WriteConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetStdHandle
SetFilePointerEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetStringTypeW
GetFileType
GetStdHandle
LCMapStringW
ExitProcess
GetModuleHandleExW
ExitThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
InterlockedFlushSList
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
GetCurrentProcess
FreeLibrary
LoadLibraryW
GetProcAddress
GetModuleHandleW
SetLastError
FindClose
FindNextFileW
GetSystemTimeAsFileTime
ReadFile
SetFilePointer
CreateFileW
OutputDebugStringA
OutputDebugStringW
CloseHandle
SuspendThread
GetLastError
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
IsDebuggerPresent

user32

FindWindowW
WindowFromDC
GetClientRect
FillRect
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
PostMessageW
wsprintfW
RegisterWindowMessageW
SetForegroundWindow
GetForegroundWindow
GetDesktopWindow
GetParent
IsWindow
GetWindowLongW

gdi32

CreateSolidBrush
DeleteObject

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
SetNamedSecurityInfoW
SetEntriesInAclW
FreeSid
AllocateAndInitializeSid

shlwapi

PathIsDirectoryW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

winmm

PlaySoundW

Exports

Exports

Bdcam_Initialize
Bdcam_SharedData
Bdcam_Uninitialize

Sections

.text
Size: 398KB - Virtual size: 398KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 415KB - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hkshare
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.BANDI0
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bdcam_nonadmin.exe
.exe windows:6 windows x86 arch:x86

07e994a8cd12707e559210264cc6d8e3

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3f:8d:23:c1:36:ae:9c:be:ea:c7:60:5b:24:ec:03:91
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/12/2017, 00:00

Not After

19/02/2021, 23:59

Subject

CN=Bandicam Company,O=Bandicam Company,L=Yeoungdeungpo-=gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3f:8d:23:c1:36:ae:9c:be:ea:c7:60:5b:24:ec:03:91
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/12/2017, 00:00

Not After

19/02/2021, 23:59

Subject

CN=Bandicam Company,O=Bandicam Company,L=Yeoungdeungpo-=gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19/02/2018, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1e:6e:10:ee:39:0f:f5:ee:d8:a0:30:5d:0d:82:2f:e3:9e:b5:68:f9:32:61:33:da:a7:fb:c0:e9:20:80:28:9b
Signer

Actual PE Digest

1e:6e:10:ee:39:0f:f5:ee:d8:a0:30:5d:0d:82:2f:e3:9e:b5:68:f9:32:61:33:da:a7:fb:c0:e9:20:80:28:9b

Digest Algorithm

sha256

PE Digest Matches

true

ba:14:e3:79:e6:ec:8e:7f:da:e5:13:40:b5:3c:b2:f4:22:62:34:27
Signer

Actual PE Digest

ba:14:e3:79:e6:ec:8e:7f:da:e5:13:40:b5:3c:b2:f4:22:62:34:27

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\w\devel\CAP4\bandicam\bin\bdcam_nonadmin.pdb

Imports

shell32

ShellExecuteW

kernel32

CreateFileW
GetModuleFileNameW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
CloseHandle
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
HeapAlloc
WriteConsoleW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
LCMapStringW
GetProcessHeap
SetFilePointerEx
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
DecodePointer

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bdcamih.dll
.dll windows:6 windows x86 arch:x86

1caa855f44777ec680a53d1f64d0612a

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3f:8d:23:c1:36:ae:9c:be:ea:c7:60:5b:24:ec:03:91
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/12/2017, 00:00

Not After

19/02/2021, 23:59

Subject

CN=Bandicam Company,O=Bandicam Company,L=Yeoungdeungpo-=gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3f:8d:23:c1:36:ae:9c:be:ea:c7:60:5b:24:ec:03:91
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/12/2017, 00:00

Not After

19/02/2021, 23:59

Subject

CN=Bandicam Company,O=Bandicam Company,L=Yeoungdeungpo-=gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19/02/2018, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ce:17:fe:96:89:e1:04:c7:ec:f2:c8:6b:4f:fc:10:fb:99:b0:be:36:29:16:07:33:72:e2:eb:5e:8d:90:88:96
Signer

Actual PE Digest

ce:17:fe:96:89:e1:04:c7:ec:f2:c8:6b:4f:fc:10:fb:99:b0:be:36:29:16:07:33:72:e2:eb:5e:8d:90:88:96

Digest Algorithm

sha256

PE Digest Matches

true

2c:2d:2d:54:51:3c:21:1e:40:11:07:d2:cf:66:62:f8:42:fa:5a:a2
Signer

Actual PE Digest

2c:2d:2d:54:51:3c:21:1e:40:11:07:d2:cf:66:62:f8:42:fa:5a:a2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\w\devel\CAP4\bandicam\bin\bdcamih.pdb

Imports

kernel32

DisableThreadLibraryCalls
LoadLibraryW
GetProcAddress
FreeLibrary
HeapFree
InitializeCriticalSectionEx
HeapSize
GetLastError
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
DeleteCriticalSection
GetProcessHeap
CreateFileW
SetFilePointerEx
GetConsoleMode
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
CloseHandle
InitializeCriticalSectionAndSpinCount
CreateEventW
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
InterlockedFlushSList
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetStdHandle
GetFileType
GetStringTypeW
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
WriteConsoleW

user32

CallNextHookEx
PostMessageW
UnhookWindowsHookEx

Exports

Exports

Bdcamih_Initialize
Bdcamih_Uninitialize

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ihkshar
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bdcamvk32.dll
.dll windows:6 windows x86 arch:x86

af61660618d170ae74b45ff580caf070

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3f:8d:23:c1:36:ae:9c:be:ea:c7:60:5b:24:ec:03:91
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/12/2017, 00:00

Not After

19/02/2021, 23:59

Subject

CN=Bandicam Company,O=Bandicam Company,L=Yeoungdeungpo-=gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3f:8d:23:c1:36:ae:9c:be:ea:c7:60:5b:24:ec:03:91
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/12/2017, 00:00

Not After

19/02/2021, 23:59

Subject

CN=Bandicam Company,O=Bandicam Company,L=Yeoungdeungpo-=gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19/02/2018, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

95:c6:f6:42:55:e4:dc:68:bc:c1:ba:88:77:f5:13:68:89:be:57:b5:6e:89:00:b4:56:86:4e:c4:9b:c2:5a:1c
Signer

Actual PE Digest

95:c6:f6:42:55:e4:dc:68:bc:c1:ba:88:77:f5:13:68:89:be:57:b5:6e:89:00:b4:56:86:4e:c4:9b:c2:5a:1c

Digest Algorithm

sha256

PE Digest Matches

true

15:bf:07:34:7c:fa:4b:69:f1:e4:b5:82:60:7a:10:eb:be:e2:92:fc
Signer

Actual PE Digest

15:bf:07:34:7c:fa:4b:69:f1:e4:b5:82:60:7a:10:eb:be:e2:92:fc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\w\devel\CAP4\bandicam\bin\bdcamvk32.pdb

Imports

kernel32

FindResourceExW
FindResourceW
WideCharToMultiByte
InitializeCriticalSection
GetModuleFileNameA
InitializeCriticalSectionEx
LoadResource
RaiseException
DecodePointer
DeleteCriticalSection
CreateFileW
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
GetLastError
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
CloseHandle
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
InterlockedFlushSList
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetStdHandle
GetFileType
GetStringTypeW
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW

advapi32

RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA

Exports

Exports

GetLayerVersion
RegDll
SetLayerCallback
UnregDll
vkGetDeviceProcAddr
vkGetInstanceProcAddr

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bdcamvk32.json
bdcamvk64.dll
.dll windows:6 windows x64 arch:x64

9123a3109eae4ccd0bd0cf385bc409d6

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3f:8d:23:c1:36:ae:9c:be:ea:c7:60:5b:24:ec:03:91
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/12/2017, 00:00

Not After

19/02/2021, 23:59

Subject

CN=Bandicam Company,O=Bandicam Company,L=Yeoungdeungpo-=gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3f:8d:23:c1:36:ae:9c:be:ea:c7:60:5b:24:ec:03:91
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/12/2017, 00:00

Not After

19/02/2021, 23:59

Subject

CN=Bandicam Company,O=Bandicam Company,L=Yeoungdeungpo-=gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19/02/2018, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d5:8c:f0:31:b3:56:46:b2:d3:77:39:58:34:33:4f:7e:ce:52:54:c5:b4:93:5b:dd:fc:92:da:94:6d:f8:4b:a7
Signer

Actual PE Digest

d5:8c:f0:31:b3:56:46:b2:d3:77:39:58:34:33:4f:7e:ce:52:54:c5:b4:93:5b:dd:fc:92:da:94:6d:f8:4b:a7

Digest Algorithm

sha256

PE Digest Matches

true

34:f0:a2:aa:28:42:35:5f:39:f9:dd:1f:ba:76:55:23:55:87:cb:9f
Signer

Actual PE Digest

34:f0:a2:aa:28:42:35:5f:39:f9:dd:1f:ba:76:55:23:55:87:cb:9f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\w\devel\CAP4\bandicam\bin\bdcamvk64.pdb

Imports

kernel32

FindResourceExW
FindResourceW
WideCharToMultiByte
InitializeCriticalSection
GetModuleFileNameA
InitializeCriticalSectionEx
LoadResource
RaiseException
DeleteCriticalSection
WriteConsoleW
CreateFileW
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
GetLastError
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
CloseHandle
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
InterlockedFlushSList
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetStdHandle
GetFileType
GetStringTypeW
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx

advapi32

RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA

Exports

Exports

GetLayerVersion
RegDll
SetLayerCallback
UnregDll
vkGetDeviceProcAddr
vkGetInstanceProcAddr

Sections

.text
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bdcamvk64.json
bdcap32.dll
.dll windows:6 windows x86 arch:x86

843877c0a663b2db6c389e5367bf2451

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3f:8d:23:c1:36:ae:9c:be:ea:c7:60:5b:24:ec:03:91
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/12/2017, 00:00

Not After

19/02/2021, 23:59

Subject

CN=Bandicam Company,O=Bandicam Company,L=Yeoungdeungpo-=gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3f:8d:23:c1:36:ae:9c:be:ea:c7:60:5b:24:ec:03:91
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/12/2017, 00:00

Not After

19/02/2021, 23:59

Subject

CN=Bandicam Company,O=Bandicam Company,L=Yeoungdeungpo-=gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19/02/2018, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:57:56:42:55:7b:08:39:eb:a9:e8:9e:3f:d4:ac:62:91:c1:bc:bc:c4:21:a4:6e:f8:60:fc:e7:4d:33:f6:4e
Signer

Actual PE Digest

5a:57:56:42:55:7b:08:39:eb:a9:e8:9e:3f:d4:ac:62:91:c1:bc:bc:c4:21:a4:6e:f8:60:fc:e7:4d:33:f6:4e

Digest Algorithm

sha256

PE Digest Matches

true

5a:12:b2:8a:ba:48:66:e9:59:56:c9:61:db:4b:b4:bc:95:27:3c:ec
Signer

Actual PE Digest

5a:12:b2:8a:ba:48:66:e9:59:56:c9:61:db:4b:b4:bc:95:27:3c:ec

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\w\devel\CAP4\bandicam\bin\bdcap32.pdb

Imports

dsound

ord7
ord6

kernel32

WaitForSingleObject
GetCurrentProcessId
TerminateProcess
GetSystemInfo
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
SizeofResource
LockResource
LoadResource
FindResourceExW
FindResourceW
GetVersionExA
EnterCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
GetTickCount64
QueryPerformanceFrequency
CreateEventA
SetEvent
ResetEvent
InitializeCriticalSection
DeleteCriticalSection
CreateFileW
WriteFile
CreateMutexA
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
ReleaseMutex
SetThreadPriority
Sleep
MulDiv
DisableThreadLibraryCalls
GetSystemTime
GetDiskFreeSpaceExA
DeleteFileW
GetThreadPriority
CreateSemaphoreA
ReleaseSemaphore
InitializeCriticalSectionEx
RaiseException
DecodePointer
VirtualProtect
WaitForSingleObjectEx
CreateThread
WaitForMultipleObjectsEx
GlobalLock
GlobalUnlock
FlushFileBuffers
GetFileAttributesExA
FindClose
CreateEventW
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetModuleFileNameW
SetErrorMode
GetModuleHandleExW
LoadLibraryExW
GetLastError
CloseHandle
lstrlenA
VirtualQuery
LoadLibraryExA
IsDebuggerPresent
OutputDebugStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
GetCurrentThreadId
InitializeSListHead
RtlUnwind
InterlockedFlushSList
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitThread
FreeLibraryAndExitThread
FindFirstFileExW
ExitProcess
LCMapStringW
GetStdHandle
GetFileType
GetCPInfo
HeapQueryInformation
GetStringTypeW
IsValidCodePage
GetACP
GetOEMCP
GetConsoleMode
ReadConsoleW
GetConsoleCP
SetFilePointerEx
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
SetEndOfFile
WriteConsoleW
MultiByteToWideChar
WideCharToMultiByte
GetFileSizeEx
GetFileSize
GetFileAttributesA
DeleteFileA
GetSystemDirectoryA
GetModuleFileNameA
GlobalFree
GlobalAlloc
GetCurrentProcess
GetModuleHandleA
FreeLibrary
LoadLibraryA
GetProcAddress
GetModuleHandleW
GetVolumeInformationA
LoadLibraryW
SetLastError
GetSystemTimeAsFileTime
ReadFile
SetFilePointer
CreateFileA
SwitchToThread

user32

OpenClipboard
CloseDesktop
SetThreadDesktop
FillRect
PtInRect
GetCursorPos
GetAsyncKeyState
IsRectEmpty
SetClipboardData
CloseClipboard
OpenInputDesktop
EmptyClipboard
EnumDisplayDevicesA
MsgWaitForMultipleObjects
GetClientRect
UnionRect
SetRectEmpty
SetRect
IntersectRect
DrawIconEx
GetIconInfo
GetCursorInfo
RegisterWindowMessageA
ReleaseDC
GetDC
GetForegroundWindow
DispatchMessageA
TranslateMessage
PeekMessageA
ClientToScreen
ScreenToClient
EqualRect
OffsetRect
CopyRect
GetWindowRect
WindowFromDC
GetSystemMetrics
FindWindowA

gdi32

GetDIBits
CreateCompatibleBitmap
CreateDCA
SetBkMode
TextOutW
GetTextExtentPoint32W
SetTextCharacterExtra
CreateFontW
AbortPath
GetPath
EndPath
CloseFigure
BeginPath
StretchBlt
SetStretchBltMode
DeleteDC
SelectObject
CreateCompatibleDC
CreateDIBSection
DeleteObject
SetBkColor
GetObjectA
CreateSolidBrush

advapi32

RegQueryValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW

shell32

SHGetFolderPathW

ole32

CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

vcomp140

_vcomp_master_end
_vcomp_master_begin
_vcomp_fork
_vcomp_for_static_simple_init
_vcomp_for_static_end
_vcomp_reduction_i4
_vcomp_set_num_threads
omp_destroy_lock
omp_get_num_threads
omp_set_dynamic
omp_init_lock
omp_set_lock
omp_unset_lock
omp_get_thread_num
omp_get_max_threads

winmm

mixerOpen
mixerGetID
waveInMessage
waveInGetErrorTextA
waveInReset
mixerGetControlDetailsA
waveInClose
waveInUnprepareHeader
waveInStart
waveInPrepareHeader
waveInOpen
waveInGetDevCapsA
mixerGetLineInfoA
waveInAddBuffer
mmioWrite
mmioCreateChunk
mmioClose
mmioSeek
mmioAscend
mmioOpenW
mixerGetLineControlsA
timeBeginPeriod
PlaySoundW
mixerGetDevCapsA
mixerClose
waveInGetNumDevs
mixerSetControlDetails
waveInStop

d3d9

Direct3DCreate9Ex

dxva2

DXVA2CreateDirect3DDeviceManager9

Exports

Exports

CreateBandiCapture
CreateCoreInterface
CreateDrawEffect

Sections

.text
Size: 6.8MB - Virtual size: 6.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

IPPCODE
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 989KB - Virtual size: 988KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 421KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

IPPDATA
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.BANDI0
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bdcap64.dll
.dll windows:6 windows x64 arch:x64

b9bdb034d4966504e795eb7c91fef36b

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3f:8d:23:c1:36:ae:9c:be:ea:c7:60:5b:24:ec:03:91
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/12/2017, 00:00

Not After

19/02/2021, 23:59

Subject

CN=Bandicam Company,O=Bandicam Company,L=Yeoungdeungpo-=gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3f:8d:23:c1:36:ae:9c:be:ea:c7:60:5b:24:ec:03:91
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/12/2017, 00:00

Not After

19/02/2021, 23:59

Subject

CN=Bandicam Company,O=Bandicam Company,L=Yeoungdeungpo-=gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19/02/2018, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

dd:fb:1d:09:a4:19:d1:e5:8c:54:a6:dc:ca:e0:36:bd:ca:0e:d0:cf:17:96:c7:e5:aa:c6:fa:87:f0:47:be:cd
Signer

Actual PE Digest

dd:fb:1d:09:a4:19:d1:e5:8c:54:a6:dc:ca:e0:36:bd:ca:0e:d0:cf:17:96:c7:e5:aa:c6:fa:87:f0:47:be:cd

Digest Algorithm

sha256

PE Digest Matches

true

5d:5d:1d:87:7c:83:6e:76:4b:cc:94:fd:97:d3:aa:87:55:bc:ba:54
Signer

Actual PE Digest

5d:5d:1d:87:7c:83:6e:76:4b:cc:94:fd:97:d3:aa:87:55:bc:ba:54

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

dsound

ord7
ord6

kernel32

WaitForSingleObject
GetCurrentProcessId
TerminateProcess
GetSystemInfo
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
SizeofResource
LockResource
LoadResource
FindResourceExW
FindResourceW
GetVersionExA
EnterCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
GetTickCount64
QueryPerformanceFrequency
CreateEventA
SetEvent
ResetEvent
InitializeCriticalSection
DeleteCriticalSection
CreateFileW
WriteFile
CreateMutexA
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
ReleaseMutex
SetThreadPriority
Sleep
MulDiv
DisableThreadLibraryCalls
GetSystemTime
GetDiskFreeSpaceExA
DeleteFileW
GetThreadPriority
CreateSemaphoreA
ReleaseSemaphore
InitializeCriticalSectionEx
RaiseException
VirtualProtect
WaitForSingleObjectEx
CreateThread
WaitForMultipleObjectsEx
GlobalLock
GlobalUnlock
FlushFileBuffers
GetFileAttributesExA
SwitchToThread
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetModuleFileNameW
SetErrorMode
GetModuleHandleExW
LoadLibraryExW
GetLastError
CloseHandle
lstrlenA
VirtualQuery
LoadLibraryExA
IsDebuggerPresent
OutputDebugStringW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
GetCurrentThreadId
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
InterlockedFlushSList
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitThread
FreeLibraryAndExitThread
FindFirstFileExW
ExitProcess
LCMapStringW
GetStdHandle
GetFileType
GetCPInfo
HeapQueryInformation
GetStringTypeW
IsValidCodePage
GetACP
GetOEMCP
GetConsoleMode
ReadConsoleW
GetConsoleCP
SetFilePointerEx
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
SetEndOfFile
WriteConsoleW
MultiByteToWideChar
WideCharToMultiByte
GetFileSizeEx
GetFileSize
GetFileAttributesA
DeleteFileA
GetSystemDirectoryA
GetModuleFileNameA
GlobalFree
GlobalAlloc
GetCurrentProcess
GetModuleHandleA
FreeLibrary
LoadLibraryA
GetProcAddress
GetModuleHandleW
GetVolumeInformationA
LoadLibraryW
SetLastError
GetSystemTimeAsFileTime
ReadFile
SetFilePointer
CreateFileA
CreateEventW

user32

CloseDesktop
SetThreadDesktop
EmptyClipboard
CloseClipboard
SetClipboardData
FillRect
IsRectEmpty
OpenClipboard
OpenInputDesktop
PtInRect
GetCursorPos
GetAsyncKeyState
EnumDisplayDevicesA
MsgWaitForMultipleObjects
GetClientRect
UnionRect
SetRectEmpty
SetRect
IntersectRect
DrawIconEx
GetIconInfo
GetCursorInfo
RegisterWindowMessageA
ReleaseDC
GetDC
GetForegroundWindow
DispatchMessageA
TranslateMessage
PeekMessageA
ClientToScreen
ScreenToClient
EqualRect
OffsetRect
CopyRect
GetWindowRect
WindowFromDC
GetSystemMetrics
FindWindowA

gdi32

GetDIBits
CreateCompatibleBitmap
CreateDCA
SetBkMode
TextOutW
GetTextExtentPoint32W
SetTextCharacterExtra
CreateFontW
AbortPath
GetPath
EndPath
CloseFigure
BeginPath
StretchBlt
SetStretchBltMode
DeleteDC
SelectObject
CreateCompatibleDC
CreateDIBSection
DeleteObject
SetBkColor
GetObjectA
CreateSolidBrush

advapi32

RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey

shell32

SHGetFolderPathW

ole32

CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

vcomp140

_vcomp_master_end
_vcomp_master_begin
_vcomp_fork
_vcomp_for_static_simple_init
_vcomp_for_static_end
_vcomp_reduction_i4
_vcomp_set_num_threads
omp_destroy_lock
omp_get_num_threads
omp_set_dynamic
omp_init_lock
omp_set_lock
omp_unset_lock
omp_get_thread_num
omp_get_max_threads

winmm

mixerOpen
mixerGetID
waveInMessage
waveInGetErrorTextA
waveInReset
mixerGetControlDetailsA
waveInClose
waveInUnprepareHeader
waveInStart
waveInPrepareHeader
waveInOpen
waveInGetDevCapsA
mixerGetLineInfoA
waveInAddBuffer
mmioWrite
mmioCreateChunk
mmioClose
mmioSeek
mmioAscend
mmioOpenW
mixerGetLineControlsA
timeBeginPeriod
PlaySoundW
mixerGetDevCapsA
mixerClose
waveInGetNumDevs
mixerSetControlDetails
waveInStop

d3d9

Direct3DCreate9Ex

dxva2

DXVA2CreateDirect3DDeviceManager9

Exports

Exports

CreateBandiCapture
CreateCoreInterface
CreateDrawEffect

Sections

.text
Size: 10.0MB - Virtual size: 10.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

IPPCODE
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 465KB - Virtual size: 574KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 252KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

IPPDATA
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.BANDI0
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bdfix.exe
.exe windows:6 windows x86 arch:x86

53107799a6060b7273e98d79c05ad649

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3f:8d:23:c1:36:ae:9c:be:ea:c7:60:5b:24:ec:03:91
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/12/2017, 00:00

Not After

19/02/2021, 23:59

Subject

CN=Bandicam Company,O=Bandicam Company,L=Yeoungdeungpo-=gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3f:8d:23:c1:36:ae:9c:be:ea:c7:60:5b:24:ec:03:91
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/12/2017, 00:00

Not After

19/02/2021, 23:59

Subject

CN=Bandicam Company,O=Bandicam Company,L=Yeoungdeungpo-=gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19/02/2018, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:88:2c:41:87:1f:71:4c:55:3d:99:d4:7f:47:a0:b1:b8:bd:9d:73:07:5c:e9:76:da:ec:19:c7:2a:7f:15:c1
Signer

Actual PE Digest

2a:88:2c:41:87:1f:71:4c:55:3d:99:d4:7f:47:a0:b1:b8:bd:9d:73:07:5c:e9:76:da:ec:19:c7:2a:7f:15:c1

Digest Algorithm

sha256

PE Digest Matches

true

13:14:5e:ca:60:b5:a0:5e:7c:20:fc:02:a5:62:a1:91:86:13:d0:d8
Signer

Actual PE Digest

13:14:5e:ca:60:b5:a0:5e:7c:20:fc:02:a5:62:a1:91:86:13:d0:d8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\w\devel\CAP4\bandicam\bin\bdfix.pdb

Imports

kernel32

LCMapStringW
GetStdHandle
GetFileType
SetStdHandle
QueryPerformanceFrequency
VirtualQuery
HeapQueryInformation
GetCommandLineW
GetCommandLineA
ReadConsoleW
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlUnwind
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
SetFilePointerEx
GetConsoleCP
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetStringTypeW
WriteConsoleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
QueryPerformanceCounter
WaitForSingleObjectEx
IsProcessorFeaturePresent
UnhandledExceptionFilter
SearchPathW
GetProfileIntW
VerifyVersionInfoW
VerSetConditionMask
GetWindowsDirectoryW
GetTickCount
GetConsoleMode
GetFileAttributesExW
FileTimeToLocalFileTime
SetErrorMode
VirtualProtect
lstrcmpiW
DuplicateHandle
UnlockFile
SetEndOfFile
LockFile
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GetThreadLocale
GlobalGetAtomNameW
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
CompareStringW
GlobalFindAtomW
EncodePointer
GlobalAddAtomW
ResumeThread
SetThreadPriority
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcmpA
GlobalDeleteAtom
LoadLibraryExW
LoadLibraryA
GetModuleHandleA
CopyFileW
FormatMessageW
DecodePointer
CreateFileA
GetCurrentThreadId
Sleep
InitializeCriticalSectionEx
RaiseException
GlobalSize
GlobalUnlock
GlobalLock
FlushFileBuffers
ExitProcess
SetUnhandledExceptionFilter
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ResetEvent
SetEvent
CreateEventW
WriteFile
FindResourceExW
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
MulDiv
lstrcmpW
GetVersionExW
GetSystemInfo
TerminateProcess
GetCurrentProcessId
WaitForSingleObject
MultiByteToWideChar
WideCharToMultiByte
GetFullPathNameW
LocalFree
GetFileSizeEx
GetFileSize
GetFileAttributesW
DeleteFileW
GetTempFileNameW
GetTempPathW
GetCurrentDirectoryW
GetSystemDirectoryW
GetModuleFileNameW
GetDiskFreeSpaceW
GlobalFree
GlobalAlloc
GetCurrentThread
GetCurrentProcess
FreeLibrary
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetVolumeInformationW
SetLastError
FindClose
FindNextFileW
lstrcpyW
FindFirstFileW
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
FileTimeToSystemTime
GetSystemTimeAsFileTime
GetFileTime
FindResourceW
GetLastError
LoadResource
LockResource
SizeofResource
ReadFile
SetFilePointer
CreateFileW
OutputDebugStringA
OutputDebugStringW
lstrlenW
CloseHandle
GetModuleHandleExW

user32

MonitorFromWindow
WinHelpW
GetScrollInfo
GetTopWindow
AdjustWindowRectEx
ShowScrollBar
GetScrollRange
GetScrollPos
ScrollWindow
RedrawWindow
UpdateWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
IsChild
IsMenu
GetClassInfoW
GetMessageTime
GetMessagePos
UnhookWindowsHookEx
GetLastActivePopup
MessageBoxW
ShowOwnedPopups
CallNextHookEx
SetWindowsHookExW
ValidateRect
GetMessageW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
SetActiveWindow
GetActiveWindow
GetNextDlgTabItem
GetDlgItem
EndDialog
CreateDialogIndirectParamW
MapDialogRect
GetWindow
SetWindowContextHelpId
PostQuitMessage
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuState
DrawIcon
SetClassLongW
LoadIconW
GetFocus
IsWindowEnabled
GetWindowTextLengthW
RemovePropW
GetPropW
RegisterClassW
DestroyMenu
LoadMenuW
TrackMouseEvent
UnionRect
SetPropW
ReleaseCapture
SetWindowRgn
SetCapture
KillTimer
SetTimer
CallWindowProcW
InflateRect
GetCursorPos
RegisterClassExW
GetClassInfoExW
DefWindowProcW
GetSysColor
SetScrollInfo
SetScrollRange
SetScrollPos
SetFocus
EnableWindow
ShowWindow
InvalidateRect
GetWindowDC
CheckDlgButton
EndPaint
BeginPaint
PostMessageW
UnpackDDElParam
ReuseDDElParam
SendMessageW
CreateWindowExW
GetKeyState
LoadCursorW
DestroyWindow
PtInRect
SetCursor
UnregisterClassW
GetClientRect
IsClipboardFormatAvailable
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
IntersectRect
GetSubMenu
GetMenuItemInfoW
ModifyMenuW
GetMenuItemID
GetMenuStringW
GetMenuItemCount
SetWindowLongW
MapWindowPoints
IsDialogMessageW
DrawTextExW
GrayStringW
TabbedTextOutW
FillRect
GetSysColorBrush
CopyImage
DeleteMenu
RealChildWindowFromPoint
CharNextW
CopyAcceleratorTableW
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
SendDlgItemMessageA
CharUpperW
SetWindowTextW
GetDlgCtrlID
GetAsyncKeyState
RegisterClipboardFormatW
CreatePopupMenu
GetMenuDefaultItem
LoadImageW
PostThreadMessageW
WindowFromPoint
DrawFocusRect
DrawIconEx
GetIconInfo
EnableScrollBar
GetSystemMetrics
SystemParametersInfoW
GetWindowRect
MonitorFromRect
GetMonitorInfoW
CopyRect
MonitorFromPoint
OffsetRect
EqualRect
MoveWindow
GetWindowLongW
SetWindowPos
ScreenToClient
ClientToScreen
PeekMessageW
TranslateMessage
DispatchMessageW
IsWindow
GetParent
GetDesktopWindow
GetWindowThreadProcessId
IsWindowVisible
IsIconic
GetWindowTextW
GetWindowPlacement
GetForegroundWindow
SetForegroundWindow
BringWindowToTop
InsertMenuItemW
GetDC
ReleaseDC
RegisterWindowMessageW
DestroyIcon
DrawTextW
IsRectEmpty
GetClassNameW
GetClassLongW
SetRectEmpty
SetRect
GetComboBoxInfo
WaitMessage
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
LockWindowUpdate
SetMenuDefaultItem
GetDoubleClickTime
CharUpperBuffW
GetUpdateRect
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
SubtractRect
CreateMenu
GetWindowRgn
DestroyCursor
TranslateAcceleratorW
LoadAcceleratorsW
UpdateLayeredWindow
FrameRect
CopyIcon
SetCursorPos
GetSystemMenu
IsZoomed
DrawFrameControl
DrawEdge
SetParent
DrawStateW
EnumDisplayMonitors
SetLayeredWindowAttributes
GetKeyNameTextW
MapVirtualKeyW
NotifyWinEvent
InvertRect
HideCaret

gdi32

CopyMetaFileW
CreateDCW
CreateBitmap
CreateHatchBrush
CreatePen
CreatePatternBrush
Escape
GetClipBox
GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
TextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
OffsetWindowOrgEx
CreateSolidBrush
ScaleWindowExtEx
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
PatBlt
SetRectRgn
DPtoLP
EnumFontFamiliesExW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateDIBitmap
GetTextCharsetInfo
SetPixel
SetDIBColorTable
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
Rectangle
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
GetTextFaceW
ExtCreateRegion
MoveToEx
LineTo
CombineRgn
OffsetRgn
CreateRectRgn
ExcludeClipRect
SetWindowOrgEx
CreateCompatibleBitmap
CreateFontIndirectW
StretchBlt
BitBlt
CreateDIBSection
GetDeviceCaps
SelectObject
SetTextColor
SetBkMode
DeleteDC
CreateFontW
DeleteObject
ExtTextOutW
SetBkColor
EnumFontFamiliesW
GetObjectW
GetStockObject
GetTextMetricsW
ScaleViewportExtEx
CreateCompatibleDC
GetTextExtentPoint32W

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetSaveFileNameW
GetOpenFileNameW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
ord190
SHOpenFolderAndSelectItems
ord155
ShellExecuteW
DragQueryFileW
SHAppBarMessage
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetFileInfoW
DragFinish

comctl32

InitCommonControlsEx

shlwapi

PathIsDirectoryW
StrStrW
PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
StrFormatKBSizeW
PathIsUNCW
PathStripToRootW

uxtheme

GetThemePartSize
GetThemeSysColor
DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
GetWindowTheme
IsAppThemed
IsThemeBackgroundPartiallyTransparent

ole32

CoRegisterMessageFilter
CreateStreamOnHGlobal
DoDragDrop
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleLockRunning
OleIsCurrentClipboard
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoRevokeClassObject
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoInitializeEx
ReleaseStgMedium
OleDuplicateData
CoInitialize
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
OleFlushClipboard
CoCreateGuid

oleaut32

OleCreateFontIndirect
VarBstrFromDate
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
LoadTypeLi
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysAllocString
SysStringLen
SysFreeString

oledlg

OleUIBusyW

gdiplus

GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdipDrawImageRectI
GdipSetInterpolationMode
GdiplusShutdown
GdipBitmapLockBits

winmm

PlaySoundW

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

imm32

ImmGetContext
ImmReleaseContext
ImmGetOpenStatus

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 439KB - Virtual size: 438KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/camera.wav
data/effects/effects10.dat
data/effects/effects15.dat
data/effects/effects20.dat
data/effects/effects30.dat
data/effects/highlight10.dat
data/effects/highlight15.dat
data/effects/highlight20.dat
data/effects/highlight30.dat
data/language.dat
data/language_bdfix.dat
data/lclick.wav
data/rclick.wav
data/sample.png
.png
data/skin.dat
.zip
bandifix/bandifix.xml
.xml
bandifix/bandifix_logo.png
.png
bandifix/btn_click.png
.png
bandifix/btn_click2.png
.png
bandifix/btn_close.png
.png
bandifix/btn_help.png
.png
bandifix/line.png
.png
bandifix/prog_process_1.png
.png
bandifix/prog_process_2.png
.png
bandifix/prog_process_over.png
.png
bdcam_info.png
.png
beta_icon.png
.png
body_bg.png
.png
btn_back_s.png
.png
btn_bandicut.png
.png
btn_capture.png
.png
btn_capture_2.png
.png
btn_check.png
.png
btn_click.png
.png
btn_click2.png
.png
btn_clock.png
.png
btn_close.png
.png
btn_device.png
.png
btn_device_2.png
.png
btn_device_s.png
.png
btn_directx.png
.png
btn_directx_2.png
.png
btn_folder.png
.png
btn_fps_check.png
.png
btn_fps_uncheck.png
.png
btn_full_s.png
.png
btn_game_s.png
.png
btn_help.png
.png
btn_home_select.png
.png
btn_image_tab.png
.png
btn_key.png
.png
btn_microphone_settings_off.png
.png
btn_microphone_settings_on.png
.png
btn_minimize.png
.png
btn_mouse_s.png
.png
btn_mouse_settings_all.png
.png
btn_mouse_settings_cursor.png
.png
btn_mouse_settings_effect.png
.png
btn_mouse_settings_off.png
.png
btn_page_frame_setting.png
.png
btn_page_frame_setting2.png
.png
btn_page_general_setting.png
.png
btn_page_general_setting2.png
.png
btn_page_home.png
.png
btn_page_home2.png
.png
btn_page_image_setting.png
.png
btn_page_image_setting2.png
.png
btn_page_info.png
.png
btn_page_info2.png
.png
btn_page_video_setting.png
.png
btn_page_video_setting2.png
.png
btn_pause.png
.png
btn_pause_2.png
.png
btn_radio_check.png
.png
btn_radio_uncheck.png
.png
btn_record.png
.png
btn_record_2.png
.png
btn_record_2_small.png
.png
btn_record_small.png
.png
btn_rect_s.png
.png
btn_schedule.png
.png
btn_screen_exp.png
.png
btn_screen_exp_2.png
.png
btn_screen_full.png
.png
btn_screen_full_2.png
.png
btn_screen_mouse.png
.png
btn_screen_mouse_2.png
.png
btn_screen_rectangle.png
.png
btn_screen_rectangle_2.png
.png
btn_setting.png
.png
btn_setting_2.png
.png
btn_sort.png
.png
btn_start_tab.png
.png
btn_tips.png
.png
btn_tray.png
.png
btn_uncheck.png
.png
btn_video_tab.png
.png
btn_webcam_screen_off.png
.png
btn_webcam_screen_on.png
.png
device.png
.png
device/btn_close.png
.png
device/btn_fullscreen.png
.png
device/btn_img_start.png
.png
device/btn_img_stop.png
.png
device/btn_menu.png
.png
device/btn_rec_pause.png
.png
device/btn_rec_paused.png
.png
device/btn_rec_start.png
.png
device/btn_rec_stop.png
.png
device/btn_restore.png
.png
device/btn_settings.png
.png
device/btn_volume_0.png
.png
device/btn_volume_1.png
.png
device/btn_volume_2.png
.png
device/btn_volume_3.png
.png
device/client.png
.png
device/client2.png
.png
device/client_big.png
.png
device/device.xml
device/device_bg.png
.png
device/device_btn.png
.png
device/device_connect2.png
.png
device/device_full.xml
device/device_intro_2.png
.png
device/side_l.png
.png
device/side_l_bg.png
.png
device/side_r.png
.png
device/side_r_bg.png
.png
device/video.xml
device/volume_knob.png
.png
device/volume_slider_off.png
.png
device/volume_slider_on.png
.png
device_b.png
.png
dialog/bandicut.jpg
.jpg
dialog/btn_click.png
.png
dialog/btn_close.png
.png
dialog/prog_download_1.png
.png
dialog/prog_download_2.png
.png
dialog/update_progress.xml
folder.png
.png
fps_bg.png
.png
full.png
.png
full_b.png
.png
game.png
.png
game_b.png
.png
help_b.png
.png
hotkey_icon.png
.png
line.png
.png
logo.png
.png
logo_cn.png
.png
mouse.png
.png
mouse_b.png
.png
num_0.png
.png
num_1.png
.png
num_2.png
.png
num_3.png
.png
num_4.png
.png
num_5.png
.png
num_6.png
.png
num_7.png
.png
num_8.png
.png
num_9.png
.png
num_colon.png
.png
num_dot.png
.png
page_about.xml
page_fps.xml
page_general.xml
page_image.xml
page_outputs.xml
page_video.xml
popup/btn_check_off_popup.png
.png
popup/btn_check_off_popup_sel.png
.png
popup/btn_check_on.png
.png
popup/btn_check_on_popup.png
.png
popup/btn_check_on_popup_sel.png
.png
popup/btn_menu.png
.png
popup/btn_radio.png
.png
popup/btn_radio_off.png
.png
popup/btn_radio_on.png
.png
popup/btn_select_area_menu.png
.png
popup/full.png
.png
popup/mouse.png
.png
popup/rect.png
.png
popup/screen_mode.xml
popup/screen_mode_fullscreen.xml
popup/screen_mode_mouse.xml
popup/screen_mode_rectangle.xml
popup/select.png
.png
prog_volume.png
.png
prog_volume_bg.png
.png
rec_bg.png
.png
rect.png
.png
rect_b.png
.png
safemode.png
.png
skin.xml
slider_bkgnd_tile.png
.png
slider_var_knob.png
.png
target/btn_close.png
.png
target/btn_findwindow.png
.png
target/btn_fullscreen.png
.png
target/btn_img_start.png
.png
target/btn_img_stop.png
.png
target/btn_menu.png
.png
target/btn_pen_start.png
.png
target/btn_pen_stop.png
.png
target/btn_pin_off.png
.png
target/btn_pin_on.png
.png
target/btn_rec_pause.png
.png
target/btn_rec_paused.png
.png
target/btn_rec_start.png
.png
target/btn_rec_stop.png
.png
target/btn_restore.png
.png
target/btn_sel_color.png
.png
target/btn_sel_line.png
.png
target/btn_targetsize.png
.png
target/btn_tools_arrow.png
.png
target/btn_tools_box.png
.png
target/btn_tools_eraser.png
.png
target/btn_tools_eraser_2.png
.png
target/btn_tools_exit.png
.png
target/btn_tools_line.png
.png
target/btn_tools_none.png
.png
target/btn_tools_number.png
.png
target/btn_tools_pen.png
.png
target/btn_tools_pen_hl.png
.png
target/btn_tools_redo.png
.png
target/btn_tools_text.png
.png
target/btn_tools_undo.png
.png
target/client.png
.png
target/client2.png
.png
target/client_big.png
.png
target/drawing_tools.xml
target/fullscreen.xml
target/rect.xml
target/side_l.png
.png
target/side_l_bg.png
.png
target/side_r.png
.png
target/side_r_bg.png
.png
target/space.png
.png
target/tool_bg.png
.png
target/tool_bg2.png
.png
target_glass.png
.png
target_rect.png
.png
target_webcam.png
.png
unregistered_icon.png
.png
vip_icon.png
.png
data/start.wav
data/stop.wav
lang/Arabic.ini
lang/Armenian.ini
lang/Azerbaijani.ini
lang/Belarusian.ini
lang/Bosnian.ini
lang/Bulgarian.ini
lang/Burmese.ini
lang/Croatian.ini
lang/Czech.ini
lang/Danish.ini
lang/Dutch.ini
lang/English.ini
lang/Farsi.ini
lang/Finnish.ini
lang/French.ini
lang/Georgian.ini
lang/German.ini
lang/Greek.ini
lang/Hebrew.ini
lang/Hungarian.ini
lang/Indonesian.ini
lang/Italian.ini
lang/Japanese.ini
.ps1
lang/Kazakh.ini
lang/Kurdish.ini
lang/Latvian.ini
lang/Lithuanian.ini
lang/Luxembourgish.ini
lang/Malay.ini
lang/Norwegian.ini
lang/Polish.ini
lang/Portuguese(BR).ini
lang/Portuguese.ini
lang/Romanian.ini
lang/Russian.ini
lang/Serbian(Cyrillic).ini
lang/Serbian.ini
lang/Simplified_Chinese.ini
lang/Sinhala.ini
lang/Slovak.ini
lang/Slovenian.ini
lang/Spanish.ini
lang/Swedish.ini
lang/Thai.ini
lang/Traditional_Chinese.ini
lang/Turkish.ini
lang/Ukrainian.ini
lang/Urdu.ini
lang/Uzbek.ini
lang/Vietnamese.ini
lang/khmer.ini
translators.txt

Sharing

General

Malware Config

Signatures

Files

820ab24e53af2dbafc74d24f87e40262

Headers

File Characteristics

Imports

user32

comctl32

kernel32

Sections

.wkt0 Size: 3KB - Virtual size: 8KB

.wkt0 Size: 1024B - Virtual size: 4KB

.wkt0 Size: 5KB - Virtual size: 12KB

.rsrc Size: 21KB - Virtual size: 36KB

.wkt0 Size: 38KB - Virtual size: 37KB

e2a592076b17ef8bfb48b7e03965a3fc

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

3f:8d:23:c1:36:ae:9c:be:ea:c7:60:5b:24:ec:03:91Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

3f:8d:23:c1:36:ae:9c:be:ea:c7:60:5b:24:ec:03:91Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3aCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

1b:8e:ff:00:87:43:e9:d2:81:c7:68:6d:67:e0:a0:50:67:66:25:61:77:10:ab:de:b0:bf:5d:b5:82:48:14:5bSigner

ed:c7:89:94:f0:3c:e6:dd:b9:06:28:3b:29:53:9f:57:4a:49:19:21Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 128KB

.ndata Size: - Virtual size: 92KB

.rsrc Size: 102KB - Virtual size: 102KB

4b45b7e00344a87332fbd12653854d1a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 19KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

fc0224e99e736751432961db63a41b76

.wkt0
Size: 3KB - Virtual size: 8KB

.wkt0
Size: 1024B - Virtual size: 4KB

.wkt0
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 21KB - Virtual size: 36KB

.wkt0
Size: 38KB - Virtual size: 37KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

3f:8d:23:c1:36:ae:9c:be:ea:c7:60:5b:24:ec:03:91
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

3f:8d:23:c1:36:ae:9c:be:ea:c7:60:5b:24:ec:03:91
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

1b:8e:ff:00:87:43:e9:d2:81:c7:68:6d:67:e0:a0:50:67:66:25:61:77:10:ab:de:b0:bf:5d:b5:82:48:14:5b
Signer

ed:c7:89:94:f0:3c:e6:dd:b9:06:28:3b:29:53:9f:57:4a:49:19:21
Signer

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 128KB

.ndata
Size: - Virtual size: 92KB

.rsrc
Size: 102KB - Virtual size: 102KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 19KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 851B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 610B

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

d4:45:ae:46:71:01:79:2c:15:07:27:3b:5f:19:70:0e:2a:89:38:d2:b9:c2:40:83:d4:02:1c:a3:4b:ee:07:06
Signer

a3:0a:17:a8:d1:ed:84:90:d1:97:9d:20:6e:4b:59:7c:f5:47:04:fd
Signer

.text
Size: 3.4MB - Virtual size: 3.4MB

.data
Size: 25KB - Virtual size: 57KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 120KB - Virtual size: 119KB

33:00:00:00:9d:1e:8d:27:ae:b8:f3:d8:38:00:01:00:00:00:9d
Certificate

33:00:00:00:2b:39:32:48:c1:b2:c9:48:f3:00:00:00:00:00:2b
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:08:e2:79:fa:0d:25:58:45:ea:00:00:00:00:00:08
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

bd:da:49:3e:e0:d0:cf:a8:1e:ba:49:76:d1:38:5e:50:ea:b9:84:2f:8b:f8:ee:1c:ee:b6:de:b5:98:7f:ae:bf
Signer

bf:fa:d4:6b:19:62:38:e3:7a:c8:07:80:df:f1:d6:ab:5d:65:be:e9
Signer