2bf745db13c64eb42622db432a6ec81a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2bf745db13c64eb42622db432a6ec81a_JaffaCakes118
Size

1.3MB
MD5

2bf745db13c64eb42622db432a6ec81a
SHA1

35e2e0675f9d1e33e130d254f5a994bea42839c1
SHA256

0f3ce1157baa7e4d4e24ad473e52f58965a837de504b361ab40afe050e2940bc
SHA512

4b990dda76bef276c26f85dc29d4b2bc6c769c87e303f079c2225c45d4fcac26f9a280329e453dbe753ecf736b5a0e716f02aaf47e3e75ebf3dc88ef99bad212
SSDEEP

24576:/c9H2ovMWPFTb2xsC79fvvNeTWuWMk/TS:/GjvtTb2KclMkbS

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
2bf745db13c64eb42622db432a6ec81a_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/gpyapi.dll
unpack001/CBux.dll

Files

2bf745db13c64eb42622db432a6ec81a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b729b61eb1515fcf7b3e511e4e66258b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 358KB - Virtual size: 358KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/GoogleFinish_unicode.ini
$PLUGINSDIR/GoogleInput_unicode.ini
$PLUGINSDIR/GooglePinyinDownloader.exe
.exe windows:4 windows x86 arch:x86

9063064264c2770830dd93aad3fff57a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

31:44:c0:6a:6c:fb:50:76:c1:5d:39:95:72:c6:94:21
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

19/06/2007, 00:00

Not After

18/06/2010, 23:59

Subject

CN=Google Inc,OU=Digital ID Class 3 - Netscape Object Signing,O=Google Inc,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bf:19:d4:5c:a5:5e:8f:74:e3:6c:ec:96:d0:9f:93:10:90:be:ea:10
Signer

Actual PE Digest

bf:19:d4:5c:a5:5e:8f:74:e3:6c:ec:96:d0:9f:93:10:90:be:ea:10

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\pulse\recipes\368778698\base\branches\goopy2_release_branch\googleclient\ime\goopy\scons-out\opt\obj\downloader\downloader_unsigned.pdb

Imports

advapi32

RegQueryInfoKeyW
RegEnumKeyExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
AllocateAndInitializeSid
EqualSid
GetTokenInformation
OpenProcessToken
FreeSid

kernel32

GetModuleHandleW
GetTempFileNameW
FindResourceExW
GetTickCount
DeleteFileW
InitializeCriticalSection
InterlockedDecrement
lstrlenW
GetCurrentThreadId
FlushInstructionCache
GetModuleFileNameW
GetTempPathW
GetCurrentProcess
FindResourceW
EnterCriticalSection
lstrcmpiW
LeaveCriticalSection
LoadLibraryExW
RaiseException
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
SetLastError
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
SetFilePointer
RtlUnwind
IsValidCodePage
GetOEMCP
GetCPInfo
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LockResource
MultiByteToWideChar
DeleteCriticalSection
WaitForSingleObject
GetLastError
LoadResource
CloseHandle
CreateMutexW
ExitProcess
RemoveDirectoryW
InterlockedIncrement
SizeofResource
CreateDirectoryW
FreeLibrary
LoadLibraryW
GetProcAddress
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
GetVersionExA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
HeapDestroy
HeapReAlloc
HeapSize
GetStartupInfoW
HeapCreate
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleA
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
Sleep

shell32

ShellExecuteExW

shlwapi

PathCombineW
StrFormatByteSizeW
StrFromTimeIntervalW

urlmon

URLDownloadToFileW

user32

GetWindow
PeekMessageW
SetDlgItemTextW
DefWindowProcW
CharNextW
SetWindowLongW
DestroyWindow
MessageBoxW
CreateDialogParamW
GetParent
ShowWindow
GetWindowRect
LoadStringW
MapWindowPoints
EnableWindow
DispatchMessageW
SetWindowPos
GetClientRect
GetWindowLongW
GetDlgItem
SystemParametersInfoW
SendMessageW
UnregisterClassA

ole32

CoCreateInstance
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoUninitialize

oleaut32

VarUI4FromStr

comctl32

InitCommonControlsEx

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/GoogleToolbar_unicode.ini
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

8fbbf807b5bf33729f0092d4b8c483c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryW
GetCurrentDirectoryW
GlobalUnlock
GetPrivateProfileIntW
lstrcmpiW
GetModuleHandleW
GetPrivateProfileStringW
lstrcatW
WritePrivateProfileStringW
lstrlenW
lstrcpyW
GlobalFree
GlobalAlloc
GlobalLock
lstrcpynW

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
SetWindowLongW
GetClientRect
SetWindowRgn
LoadIconW
LoadImageW
CreateWindowExW
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamW
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
LoadCursorW
SetCursor
DrawTextW
GetWindowLongW
DrawFocusRect
CallWindowProcW
PostMessageW
CharNextW
wsprintfW
MessageBoxW
GetWindowTextW
SetWindowTextW
SendMessageW
DestroyIcon

gdi32

SetTextColor
CreateCompatibleDC
GetObjectW
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderW
SHGetDesktopFolder
SHGetPathFromIDListW
ShellExecuteW

comdlg32

GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

bd0c5e2173fde31d22cb05fc3c2a33dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
GetLastError
VirtualAlloc
VirtualProtect
lstrlenW
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 502B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/finish_with_wizzard
$PLUGINSDIR/gpyapi.dll
.dll windows:4 windows x86 arch:x86

0e847e00fc5cfbcab0596704d0caad9a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\pulse\recipes\368778698\base\branches\goopy2_release_branch\googleclient\ime\goopy\scons-out\opt\obj\gpyapi\gpyapi.pdb

Imports

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW
AllocateAndInitializeSid
FreeSid
OpenProcessToken
GetTokenInformation
EqualSid

kernel32

GetVersionExW
GetProcAddress
CloseHandle
GetCurrentProcess
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteFile
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
VirtualAlloc
HeapReAlloc
HeapSize
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

shell32

SHGetFolderPathW

shlwapi

PathFileExistsW
PathCombineW

Exports

Exports

GoopyCompatibilityCheck

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ime.bmp
$PLUGINSDIR/ime2.bmp
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
CBDBCoreplus.dll
.dll windows:4 windows x86 arch:x86

bfefe484f7d62961f555e4f41feafffd

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

22/06/2009, 00:00

Not After

21/06/2012, 23:59

Subject

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Zhuhai Kingsoft Software Co.\,Ltd,L=Zhuhai,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Source\PWPEV20\branches\ProtoType\products\Release_pdb\CBDBCoreplus.pdb

Imports

kernel32

GetFileAttributesW
lstrlenW
WideCharToMultiByte
CreateFileW
CloseHandle
ReadFile
WriteFile
SetFilePointer
SetEndOfFile
GetFileSize
GetTickCount
GetVersionExW
GetSystemDefaultLCID
CompareStringA
CompareStringW
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetSystemTimeAsFileTime

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

msvcr80

malloc
free
wcsncpy
wcsstr
_ultow
qsort
srand
rand
memcpy
memset
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
strncpy
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
__CxxFrameHandler3
_wcsicmp
??2@YAPAXI@Z
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
memmove_s
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
??3@YAXPAX@Z
memmove
_vswprintf
strtoul
_encoded_null
??_V@YAXPAX@Z
wcschr
_CxxThrowException

ws2_32

WSACleanup
gethostbyname
WSAStartup
ntohl

Exports

Exports

GetService
Initialize
Uninitialize

Sections

.text
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CBGrabConnect_x64.exe
.exe windows:4 windows x64 arch:x64

5786b87660442d4e34797574f5482277

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

22/06/2009, 00:00

Not After

21/06/2012, 23:59

Subject

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Zhuhai Kingsoft Software Co.\,Ltd,L=Zhuhai,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\cb20\XGrab\trunk\XGrab64\Bin\release_x64\CBGrabConnect_x64.pdb

Imports

kernel32

HeapAlloc
GetProcessHeap
GetStartupInfoW
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
ExitThread
CreateThread
RtlLookupFunctionEntry
RtlUnwindEx
RtlPcToFileHeader
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
HeapFree
HeapCreate
QueryPerformanceCounter
GetSystemTimeAsFileTime
RtlVirtualUnwind
Sleep
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
GetFileTime
GetFileAttributesW
FileTimeToLocalFileTime
SetErrorMode
FileTimeToSystemTime
CreateFileW
GetShortPathNameW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetThreadLocale
TlsFree
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
TlsGetValue
LocalAlloc
GlobalFlags
lstrlenA
GetModuleHandleA
GlobalFindAtomW
GetVersionExA
GlobalAddAtomW
WritePrivateProfileStringW
FreeResource
GlobalFree
GlobalUnlock
FormatMessageW
LocalFree
MulDiv
CompareStringW
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
GetVersion
InterlockedPushEntrySList
VirtualFree
InterlockedPopEntrySList
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
WideCharToMultiByte
CompareStringA
GlobalLock
lstrcmpW
GlobalAlloc
LoadLibraryW
GetCurrentProcessId
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
EnterCriticalSection
ExitProcess
GetCurrentThreadId
SetLastError
GetTickCount
GetProcAddress
LoadLibraryA
ConnectNamedPipe
CreateNamedPipeW
WriteFile
ReadFile
DisconnectNamedPipe
WaitForSingleObject
SetEvent
TerminateThread
LockResource
WaitForMultipleObjects
lstrcmpiW
LoadLibraryExW
GetModuleFileNameW
SizeofResource
MultiByteToWideChar
RaiseException
FreeLibrary
LoadResource
lstrlenW
FindResourceW
GetModuleHandleW
GetLastError
InitializeCriticalSection
CreateEventW
DeleteCriticalSection
HeapSetInformation
CloseHandle

user32

UnregisterClassW
ReleaseCapture
SetCapture
GetSysColorBrush
CharUpperW
DestroyIcon
DestroyMenu
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassNameW
GetClassLongPtrW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
SetActiveWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
EqualRect
CopyRect
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowTextW
SetFocus
ShowWindow
MoveWindow
SetWindowLongW
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SendDlgItemMessageW
GetDlgItem
SetCursor
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetLastActivePopup
IsWindowEnabled
MessageBoxW
RegisterClipboardFormatW
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
GetKeyState
ValidateRect
UnhookWindowsHookEx
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetMenuState
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableW
PostThreadMessageW
GetMenuItemID
GetMenuItemCount
GetSubMenu
PostQuitMessage
GetWindowLongW
GetWindowThreadProcessId
GetDesktopWindow
GetClassNameA
GetParent
IsWindowVisible
IsWindow
PtInRect
GetWindowRect
GetWindow
SetWindowLongPtrW
DefWindowProcW
GetWindowLongPtrW
DestroyWindow
CreateWindowExW
RegisterClassExW
CallWindowProcW
LoadCursorW
GetClassInfoExW
PeekMessageW
GetAsyncKeyState
KillTimer
SetTimer
WindowFromPoint
GetCursorPos
SendMessageW
PostMessageW
DrawIcon
GetSystemMetrics
LoadIconW
GetClientRect
EnableWindow
IsIconic
GetSystemMenu
AppendMenuW
CharNextW
GetWindowPlacement
UnregisterClassA

gdi32

SelectObject
GetBkColor
GetTextColor
GetStockObject
GetRgnBox
GetMapMode
Escape
ExtTextOutW
TextOutW
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
CreateRectRgnIndirect
GetDeviceCaps
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetObjectW
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
SetViewportOrgEx

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegSetValueExW
RegQueryValueW
RegSetValueW
RegOpenKeyW
RegEnumKeyW
RegQueryValueExW
RegCloseKey
InitializeSecurityDescriptor
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegEnumKeyExW
RegOpenKeyExW
SetSecurityDescriptorDacl
RegQueryInfoKeyW

shell32

ExtractIconW

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameW
PathStripToRootW
PathFindExtensionW
PathIsUNCW

oledlg

OleUIBusyW

ole32

OleFlushClipboard
OleIsCurrentClipboard
CoGetClassObject
CoDisconnectObject
CLSIDFromString
CLSIDFromProgID
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CoRegisterMessageFilter
StringFromCLSID
CoRegisterClassObject
CoTaskMemFree
StringFromGUID2
CoTaskMemRealloc
CoInitialize
CoUninitialize
CoCreateInstance
CoRevokeClassObject
CoTaskMemAlloc
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal

oleaut32

SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreateFontIndirect
VariantCopy
VariantInit
VariantChangeType
VariantClear
LoadRegTypeLi
SysAllocStringLen
SysStringByteLen
SysAllocString
SysStringLen
LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi
VarUI4FromStr
SysFreeString

Sections

.text
Size: 332KB - Virtual size: 332KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CBGrabModule_x64.dll
.dll windows:4 windows x64 arch:x64

b95eed2e6e8cab8da16e06e83b2611bd

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

22/06/2009, 00:00

Not After

21/06/2012, 23:59

Subject

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Zhuhai Kingsoft Software Co.\,Ltd,L=Zhuhai,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\cb20\XGrab\trunk\XGrab64\Bin\release_x64\CBGrabModule_x64.pdb

Imports

kernel32

GetStringTypeW
GetStringTypeA
LCMapStringW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
HeapReAlloc
CreateFileA
FlushFileBuffers
HeapAlloc
HeapFree
GetProcessHeap
Sleep
OpenProcess
GetLastError
CreateEventW
CloseHandle
GetModuleHandleW
GetProcAddress
VirtualFree
VirtualAlloc
GetCurrentProcess
FlushInstructionCache
GlobalAlloc
VirtualProtect
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LCMapStringA
GlobalFree
GetLocaleInfoA
LoadLibraryA
GetCurrentThreadId
FlsSetValue
GetCommandLineA
GetVersionExA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RaiseException
RtlPcToFileHeader
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleHandleA
FlsGetValue
TlsFree
FlsFree
SetLastError
TlsSetValue
FlsAlloc
ExitProcess
HeapSetInformation
HeapCreate
HeapDestroy
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
RtlUnwindEx
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar

user32

ScreenToClient
WindowFromPoint
IsWindowVisible
GetWindow
GetWindowRect
GetDesktopWindow
SendMessageW
IsWindow
UnhookWindowsHookEx
GetWindowThreadProcessId
GetCursorPos
CallNextHookEx
IsRectEmpty
PtInRect
GetParent
GetDC
RedrawWindow
ReleaseDC
WindowFromDC
SetWindowsHookExW

gdi32

GetTextMetricsW
GetCurrentPositionEx
GetTextAlign
GetTextExtentExPointW
GetTextExtentPoint32W
GetGlyphIndicesW
LPtoDP
BitBlt
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
GetDIBits
GetObjectW
DeleteObject
SelectObject
GetMapMode
GetDeviceCaps
GetDCOrgEx

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

oleaut32

SysFreeString
SysAllocString

Exports

Exports

?myHookWndProc@CBGrabHookHandle_WinHookImp@@KA_JH_K_J@Z
CBGrab_DoGrab
CBGrab_Init
CBGrab_UnInit
DllMain

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

ShareDat
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CBGrabProxy.dll
.dll regsvr32 windows:4 windows x86 arch:x86

1697e4a580884215b2c394ad01f38180

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

22/06/2009, 00:00

Not After

21/06/2012, 23:59

Subject

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Zhuhai Kingsoft Software Co.\,Ltd,L=Zhuhai,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Source\PWPEV2010\branches\ProtoType\branches\ProtoType\srcs\XGrab\XGrab\bin\release\CBGrabProxy.pdb

Imports

kernel32

CreateRemoteThread
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
VirtualFree
VirtualAlloc
Sleep
SetThreadContext
GetThreadContext
SuspendThread
ResumeThread
VirtualProtectEx
IsBadReadPtr
SetPriorityClass
VirtualProtect
GetVersionExW
lstrcpyW
LoadLibraryW
OutputDebugStringW
ReadConsoleOutputCharacterW
GetConsoleScreenBufferInfo
GetStdHandle
HeapFree
HeapAlloc
GetProcessHeap
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetVersionExA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetCPInfo
WriteFile
ExitProcess
HeapSize
VirtualQuery
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
WaitForSingleObject
ReadProcessMemory
lstrcmpiA
LoadLibraryA
GetProcAddress
GetModuleFileNameA
GetVersion
OpenProcess
CloseHandle
GetCurrentProcessId
GetThreadLocale
SetThreadLocale
SetLastError
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
lstrlenW
lstrcmpiW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
RaiseException
GetLastError
GetModuleFileNameW
GetModuleHandleW
GetModuleHandleA
HeapCreate
HeapDestroy
GetCommandLineA
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
IsProcessorFeaturePresent
InterlockedCompareExchange
GetLocaleInfoA
GetACP
InterlockedExchange

user32

DefWindowProcW
PeekMessageW
GetAsyncKeyState
IsRectEmpty
CharNextW
UnregisterClassA
CharNextExA
WindowFromDC
GetClassNameW
RedrawWindow
GetClientRect
GetDC
ReleaseDC
ClientToScreen
GetMenu
GetWindowTextW
GetMenuBarInfo
MenuItemFromPoint
GetMenuStringW
GetMenuItemRect
GetSystemMetrics
MessageBoxA
ScreenToClient
GetWindow
IsWindow
IsWindowVisible
GetDesktopWindow
GetWindowRect
PtInRect
SendMessageW
GetClassNameA
WindowFromPoint
GetWindowThreadProcessId
GetParent
CreateWindowExW
CallWindowProcW
GetWindowLongW
SetWindowLongW
GetClassInfoExW
LoadCursorW
RegisterClassExW
KillTimer
DestroyWindow
SetTimer
GetCursorPos
GetWindowDC

gdi32

CreateCompatibleDC
DeleteDC
GetObjectW
GetDIBits
TextOutA
TextOutW
ExtTextOutA
ExtTextOutW
BitBlt
StretchBlt
LPtoDP
GetDeviceCaps
GetTextExtentExPointW
GetTextAlign
GetCurrentPositionEx
GetTextMetricsW
GetDCOrgEx
GetMapMode
GetTextExtentPoint32W
GetStockObject
SelectObject
CreateFontIndirectW
DeleteObject
GetGlyphIndicesW
CreateCompatibleBitmap

advapi32

RegQueryValueExW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

ole32

StringFromGUID2
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree

oleaut32

UnRegisterTypeLi
VARIANT_UserFree
VARIANT_UserUnmarshal
VARIANT_UserMarshal
VARIANT_UserSize
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
VarUI4FromStr
RegisterActiveObject
GetActiveObject
RevokeActiveObject
SysFreeString
LoadRegTypeLi
LoadTypeLi
SysStringLen
RegisterTypeLi
SysAllocString

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

psapi

EnumProcessModules
GetModuleFileNameExW
GetModuleBaseNameA
GetModuleBaseNameW

rpcrt4

NdrDllUnregisterProxy
NdrOleAllocate
NdrOleFree
NdrDllRegisterProxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
NdrStubForwardingFunction
NdrStubCall2
NdrCStdStubBuffer2_Release
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
IUnknown_QueryInterface_Proxy
NdrDllGetClassObject

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 172KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 4KB - Virtual size: 259B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CBParser.dll
.dll windows:4 windows x86 arch:x86

0f570d42b2dd15daa69582e153f8d039

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

22/06/2009, 00:00

Not After

21/06/2012, 23:59

Subject

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Zhuhai Kingsoft Software Co.\,Ltd,L=Zhuhai,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Source\PWPEV20\branches\ProtoType\products\Release_pdb\CBParser.pdb

Imports

mfc80u

ord1176
ord1178
ord266
ord2311
ord2121
ord860
ord1479
ord896
ord282
ord899
ord1906
ord1182
ord6700
ord5484
ord1472
ord5485
ord2460
ord2261
ord280
ord6172
ord4100
ord293
ord4101
ord776
ord3990
ord764
ord283
ord577
ord774
ord762
ord773

msvcr80

memmove_s
wcscpy_s
wcscat_s
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
_invalid_parameter_noinfo
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_adjust_fdiv
__CppXcptFilter
?terminate@@YAXXZ
_crt_debugger_hook
__clean_type_info_names_internal
_except_handler4_common
fgetws
??0exception@std@@QAE@XZ
clock
memcpy_s
_purecall
_wcsdup
malloc
wcsncpy_s
_wfopen_s
free
memset
_CxxThrowException
__CxxFrameHandler3

kernel32

MultiByteToWideChar
LockResource
SizeofResource
FindResourceW
lstrlenW
InterlockedDecrement
GetLastError
lstrlenA
InterlockedExchange
Sleep
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapFree
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetVersionExA
LoadResource

msvcp80

?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@V32@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

ole32

CLSIDFromProgID
OleRun
CoCreateInstance
CoInitialize
CLSIDFromString
CoUninitialize

oleaut32

SysStringByteLen
VarBstrCmp
VariantClear
SysStringLen
GetErrorInfo
VariantCopy
VariantInit
SysAllocStringByteLen
SysAllocString
SysAllocStringLen
SysFreeString

user32

UnregisterClassA

Exports

Exports

GetService
Initialize
Uninitialize

Sections

.text
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CBSelectText.dll
.dll windows:4 windows x86 arch:x86

85732e45b709d74446cee4bcac9843aa

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

22/06/2009, 00:00

Not After

21/06/2012, 23:59

Subject

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Zhuhai Kingsoft Software Co.\,Ltd,L=Zhuhai,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Source\PWPEV20\branches\ProtoType\XGrab\trunk\bin\release\CBSelectText.pdb

Imports

kernel32

GetCurrentThread
OpenProcess
GetCurrentProcessId
RaiseException
lstrcmpiA
SetLastError
GetCurrentThreadId
FlushInstructionCache
EnterCriticalSection
GetCurrentProcess
LeaveCriticalSection
CloseHandle
GetVersionExW
GetModuleFileNameW
GetModuleHandleW
GlobalLock
GlobalUnlock
MultiByteToWideChar
GetTickCount
GlobalFree
FreeLibrary
LoadResource
LockResource
SizeofResource
FindResourceW
FindResourceExW
GetProcAddress
LoadLibraryW
GetLastError
ResumeThread
VirtualQuery
VirtualProtect
VirtualAlloc
InterlockedCompareExchange
GetThreadContext
SetThreadContext
SuspendThread
WriteFile
SetFilePointer
LoadLibraryA
IsProcessorFeaturePresent
CreateFileA
ReadFile
SetEndOfFile
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
CreateFileW
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
InterlockedExchange
InitializeCriticalSection
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetThreadLocale
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
LCMapStringW
WideCharToMultiByte
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
ExitProcess
Sleep
HeapReAlloc
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
HeapFree
GetVersionExA
GetProcessHeap
RtlUnwind
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
HeapSize
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement

user32

GetClassNameW
SendMessageTimeoutW
RegisterWindowMessageW
GetClipboardData
EnumClipboardFormats
SetTimer
keybd_event
KillTimer
TrackMouseEvent
ClientToScreen
GetCaretPos
GetFocus
GetAsyncKeyState
IsWindow
GetCursorPos
UnhookWindowsHookEx
SendMessageW
FindWindowW
SetWindowsHookExW
GetWindowThreadProcessId
GetClassNameA
RegisterClassExW
LoadCursorW
GetClassInfoExW
CallNextHookEx
DefWindowProcW
DestroyWindow
CreateWindowExW
CallWindowProcW
GetWindowLongW
SetWindowLongW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
UnregisterClassA

oleaut32

VariantClear
SysAllocString
SysStringByteLen
SysAllocStringByteLen
VarBstrCmp
SysFreeString
VariantInit

psapi

GetModuleBaseNameA
GetModuleBaseNameW
GetModuleFileNameExW
EnumProcessModules

Exports

Exports

DllAddHookWnd
DllAddOneSelelctType
DllEnableAllSelectType
DllEnumSelectType
DllIniSelectText
DllIsSelectingText
DllRemoveAllSelectType
DllRemoveOneSelectType
DllStartSelectText
DllStopSelectText
DllUnIniSelectText

Sections

.text
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ShareDat
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CBSelectText_x64.dll
.dll windows:4 windows x64 arch:x64

06c543f4904391d5d9055484228de311

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

22/06/2009, 00:00

Not After

21/06/2012, 23:59

Subject

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Zhuhai Kingsoft Software Co.\,Ltd,L=Zhuhai,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\cb20\XGrab\trunk\XGrab64\bin\release\CBSelectText_x64.pdb

Imports

kernel32

GetCurrentProcessId
LeaveCriticalSection
CloseHandle
OpenProcess
SetLastError
lstrcmpiA
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
RaiseException
EnterCriticalSection
GetVersionExW
GetModuleHandleA
GetModuleFileNameW
GlobalUnlock
GlobalLock
MultiByteToWideChar
GlobalFree
GetTickCount
GetProcAddress
LockResource
SizeofResource
FindResourceExW
FindResourceW
FreeLibrary
LoadResource
LoadLibraryW
GetLastError
LoadLibraryA
Module32FirstW
LoadLibraryExA
VirtualQuery
VirtualProtect
CreateToolhelp32Snapshot
LoadLibraryExW
Module32NextW
WriteProcessMemory
GetThreadLocale
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
InterlockedPushEntrySList
CreateFileA
SetEndOfFile
ReadFile
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
CreateFileW
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
InitializeCriticalSection
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
WriteFile
LCMapStringW
WideCharToMultiByte
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
FlsSetValue
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
HeapSetInformation
HeapCreate
HeapDestroy
HeapSize
FlsGetValue
TlsFree
FlsFree
TlsSetValue
FlsAlloc
Sleep
ExitProcess
DeleteCriticalSection

user32

FindWindowW
SetClipboardData
SendMessageTimeoutW
GetClassNameW
RegisterWindowMessageW
EnumClipboardFormats
KillTimer
SetTimer
GetClipboardData
keybd_event
TrackMouseEvent
GetFocus
GetAsyncKeyState
GetCaretPos
ClientToScreen
IsWindow
SendMessageW
GetCursorPos
UnhookWindowsHookEx
UnregisterClassA
GetClassNameA
GetWindowThreadProcessId
GetWindowLongW
SetWindowsHookExW
GetWindowLongPtrW
DestroyWindow
GetClassInfoExW
CreateWindowExW
SetWindowLongPtrW
LoadCursorW
CallWindowProcW
CallNextHookEx
DefWindowProcW
RegisterClassExW
OpenClipboard
CloseClipboard
EmptyClipboard

oleaut32

SysFreeString
SysAllocStringByteLen
VariantClear
VariantInit
SysStringByteLen
SysAllocString
VarBstrCmp

psapi

EnumProcessModules
GetModuleFileNameExW
GetModuleBaseNameW
GetModuleBaseNameA

imagehlp

ImageDirectoryEntryToData

Exports

Exports

DllAddHookWnd
DllAddOneSelelctType
DllEnableAllSelectType
DllEnumSelectType
DllIniSelectText
DllIsSelectingText
DllRemoveAllSelectType
DllRemoveOneSelectType
DllStartSelectText
DllStopSelectText
DllUnIniSelectText

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

ShareDat
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CBTray.exe
.exe windows:4 windows x86 arch:x86

f51def7049472172e811d981f972531e

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

22/06/2009, 00:00

Not After

21/06/2012, 23:59

Subject

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Zhuhai Kingsoft Software Co.\,Ltd,L=Zhuhai,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Source\PWPEV2010\branches\ProtoType\branches\ProtoType\products\Release_pdb\CBTray.pdb

Imports

mfc80u

ord2986
ord5352
ord940
ord4898
ord2933
ord3642
ord4129
ord4303
ord5006
ord5003
ord1155
ord2609
ord1183
ord1904
ord1548
ord395
ord2237
ord635
ord283
ord280
ord4244
ord416
ord651
ord1921
ord4293
ord4013
ord5161
ord4259
ord4074
ord2261
ord4439
ord1058
ord899
ord277
ord1079
ord5705
ord2311
ord900
ord896
ord2461
ord4120
ord350
ord604
ord2366
ord567
ord758
ord347
ord602
ord1271
ord1270
ord3155
ord776
ord5633
ord4573
ord5844
ord5884
ord6061
ord6279
ord1894
ord3175
ord2254
ord1118
ord2709
ord1920
ord1609
ord1476
ord1355
ord4193
ord501
ord4664
ord709
ord3930
ord2793
ord3785
ord6253
ord2139
ord4361
ord1925
ord4494
ord5511
ord6147
ord3058
ord2674
ord3204
ord6157
ord2257
ord774
ord1384
ord985
ord3634
ord5388
ord3706
ord3698
ord2812
ord3894
ord1975
ord2632
ord3198
ord3590
ord572
ord760
ord5638
ord5727
ord6033
ord3678
ord1959
ord2361
ord4119
ord2255
ord4347
ord2362
ord5210
ord3249
ord6293
ord5327
ord1571
ord2340
ord1176
ord6282
ord1172
ord5316
ord3157
ord6050
ord5604
ord6056
ord5607
ord2521
ord1156
ord326
ord3174
ord5715
ord5917
ord5397
ord5410
ord5584
ord5519
ord5643
ord5723
ord6053
ord4155
ord1720
ord1274
ord3990
ord5558
ord5524
ord1946
ord4094
ord2932
ord2085
ord6140
ord3238
ord5636
ord3158
ord4226
ord1536
ord3756
ord2077
ord2985
ord587
ord563
ord753
ord2419
ord2418
ord6721
ord5911
ord3939
ord2365
ord3460
ord764
ord1393
ord5144
ord5201
ord2164
ord1297
ord4271
ord1178
ord4026
ord577
ord293
ord1182
ord4884
ord1646
ord4574
ord1590
ord5209
ord1662
ord5196
ord1661
ord2856
ord3635
ord1542
ord4480
ord4256
ord6720
ord3176
ord5908
ord605
ord1611
ord4032
ord354
ord1608
ord4008
ord3940
ord6272
ord1392
ord3795
ord4238
ord6274
ord266
ord5148
ord4320
ord1899
ord2054
ord6086
ord5067
ord2009
ord6271
ord5579
ord4179
ord3800
ord5199
ord1007
ord1198
ord5096
ord6215
ord5378
ord3826
ord265
ord1911
ord2925
ord5971
ord3397
ord5220
ord1049
ord4716
ord5222
ord1117
ord4276
ord3942
ord1121
ord1591
ord4562
ord3824
ord5956
ord5226
ord5231
ord5562
ord5229
ord2531
ord920
ord2725
ord925
ord2829
ord929
ord4301
ord927
ord2708
ord931
ord2832
ord757
ord2384
ord2534
ord566
ord2404
ord2640
ord2388
ord2527
ord2394
ord3712
ord2392
ord3713
ord2390
ord3703
ord2407
ord2638
ord762
ord2402
ord3943
ord3677
ord2386
ord4475
ord2409
ord4255
ord2397
ord2379
ord2381
ord2399
ord2169
ord2163
ord1513
ord6273
ord3327
ord3796
ord6275
ord3339
ord4961
ord1353
ord5178
ord5171
ord4206
ord1955
ord2011
ord4729
ord1647
ord2723

msvcr80

_CxxThrowException
memset
_crt_debugger_hook
isalnum
_itow_s
strstr
atol
_wtoi
memcpy_s
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
isalpha
isspace
tolower
strchr
strncmp
sscanf
_vsnprintf_s
fprintf
realloc
malloc
_snprintf
memmove
toupper
strncpy
memmove_s
swprintf_s
_invalid_parameter_noinfo
_vswprintf
??0exception@std@@QAE@XZ
exit
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
wcsncpy_s
wcstol
_stricmp
sprintf
free
_recalloc
calloc
_beginthreadex
_wstat64i32
_purecall
_wcsicmp
wcsrchr
strcpy_s
_wsplitpath_s
_wmakepath_s
wcschr
?terminate@@YAXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__CxxFrameHandler3
_wcsupr_s
wcscpy_s
wcscat_s
memcpy

kernel32

HeapAlloc
GetProcessHeap
HeapFree
LoadLibraryA
LocalFree
lstrcpynW
OutputDebugStringW
InterlockedCompareExchange
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetSystemTimeAsFileTime
UnhandledExceptionFilter
IsDebuggerPresent
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetVolumeInformationA
CloseHandle
GetVersionExW
FreeLibrary
CreateMutexW
GetLastError
GetModuleHandleW
GetCommandLineW
GetModuleFileNameW
LoadLibraryW
GetProcAddress
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WaitForSingleObject
TerminateThread
GetTickCount
CreateEventW
SetEvent
Sleep
WaitForMultipleObjects
ResetEvent
InterlockedExchange
WideCharToMultiByte
lstrlenW
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
GetVersion
GetCurrentProcess
InitializeCriticalSection
DeleteCriticalSection
TerminateProcess
GetFileAttributesW
CreateThread
OpenProcess
GetCurrentProcessId
IsBadWritePtr
CreateFileA
DeviceIoControl
lstrcpynA
GetSystemDirectoryA

user32

DrawFocusRect
DrawEdge
SetCursor
LoadImageW
ReleaseCapture
GetCapture
ClientToScreen
DestroyCursor
EnableMenuItem
AppendMenuW
InsertMenuW
CreatePopupMenu
IsMenu
LoadMenuW
InvalidateRect
FillRect
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
UnhookWindowsHookEx
SetWindowsHookExW
RemovePropW
SetWindowLongW
GetPropW
GetSysColor
SystemParametersInfoW
OffsetRect
GetMenuState
CallNextHookEx
SetPropW
GetWindowLongW
FrameRect
SetClassLongW
GetClassLongW
GetClassNameW
FindWindowW
AnimateWindow
RegisterClassW
IsWindow
GetDC
LoadBitmapW
PtInRect
GetAsyncKeyState
GetClientRect
GetSystemMetrics
CopyRect
GetParent
DispatchMessageW
TranslateMessage
GetMessageW
GetMenuItemRect
GetMenuItemID
RegisterWindowMessageW
GetMenuItemCount
SendInput
GetKeyState
LoadIconW
GetForegroundWindow
LoadStringW
PostMessageW
SetTimer
UnregisterHotKey
RegisterHotKey
KillTimer
DestroyIcon
ReplyMessage
LoadCursorW
DefWindowProcW
CheckMenuItem
IsWindowVisible
GetClassInfoW
GetMenuItemInfoW
SetMenuDefaultItem
SetForegroundWindow
DeleteMenu
EnumWindows
GetSubMenu
GetWindowThreadProcessId
UpdateWindow
EnableWindow
CallWindowProcW
WindowFromPoint
GetWindowRect
GetCursorPos
GetDesktopWindow
SendMessageW

gdi32

DeleteDC
StretchBlt
GetTextMetricsW
DeleteObject
GetTextExtentPoint32W
CreateICW
Ellipse
Polyline
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
CreateSolidBrush
GetCurrentObject
SelectObject
GetObjectW
BitBlt
CreateFontIndirectW
GetMapMode
CreateCompatibleDC
CreateCompatibleBitmap
GetStockObject

advapi32

GetSecurityInfo
GetTokenInformation
RevertToSelf
ImpersonateLoggedOnUser
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
SetSecurityInfo
SetEntriesInAclW
OpenProcessToken
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegCreateKeyA
RegOpenKeyExA
RegOpenKeyExW
RegDeleteValueA
FreeSid
EqualSid
AllocateAndInitializeSid

shell32

Shell_NotifyIconW
SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteExW

comctl32

InitCommonControlsEx
_TrackMouseEvent

ole32

CLSIDFromProgID
OleRun
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoInitialize

oleaut32

VariantClear
GetErrorInfo
SysFreeString
SysAllocStringLen
SysAllocString
GetActiveObject

msvcp80

?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXID@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHPB_W@Z
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?find_first_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?find_last_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z

psapi

GetModuleFileNameExW
EnumProcessModules
EnumProcesses

iphlpapi

GetAdaptersInfo

wininet

InternetQueryOptionW

ws2_32

gethostbyname
gethostname
WSAStartup
WSACleanup

Sections

.text
Size: 128KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 404KB - Virtual size: 402KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CBUpdate.exe
.exe windows:4 windows x86 arch:x86

e1cc02bd1f495995eb3986753f4adae1

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

22/06/2009, 00:00

Not After

21/06/2012, 23:59

Subject

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Zhuhai Kingsoft Software Co.\,Ltd,L=Zhuhai,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Source\PWPEV2010\branches\ProtoType\branches\ProtoType\products\Release_pdb\CBUpdate.pdb

Imports

kernel32

CreateToolhelp32Snapshot
DeleteFileW
CopyFileW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
MultiByteToWideChar
MoveFileExW
CreateFileW
MoveFileW
OpenProcess
OutputDebugStringW
WriteFile
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
RemoveDirectoryW
CreateDirectoryW
GetFileSizeEx
GetCurrentProcessId
TerminateProcess
WaitForSingleObject
CreateProcessW
GetSystemTime
ReadFile
SetFilePointer
Process32FirstW
FileTimeToLocalFileTime
FindFirstFileA
GetPrivateProfileSectionNamesW
GetPrivateProfileStringW
WritePrivateProfileStringW
InterlockedDecrement
DeviceIoControl
CreateFileA
GetVersionExW
HeapFree
HeapAlloc
GetProcessHeap
lstrcpynA
GetVersion
GetVolumeInformationA
GetSystemDirectoryA
GetFileSize
LoadLibraryA
LocalFree
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
DeleteCriticalSection
Process32NextW
GetCurrentThreadId
Sleep
CreateMutexW
ReleaseMutex
OpenMutexW
GetCurrentProcess
CloseHandle
lstrlenW
WideCharToMultiByte
FreeLibrary
GetModuleHandleW
LoadLibraryW
GetLastError
GetProcAddress
FileTimeToDosDateTime
GetModuleFileNameW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

user32

WindowFromPoint
PostThreadMessageW
GetCursorPos
ExitWindowsEx
GetWindowRect
GetWindowThreadProcessId
MessageBoxW
UnregisterClassA
GetDesktopWindow

advapi32

GetSecurityInfo
SetEntriesInAclW
SetSecurityInfo
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
InitializeSecurityDescriptor
ImpersonateLoggedOnUser
RevertToSelf
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExA

shell32

ShellExecuteExW
SHGetFolderPathA

ole32

OleRun
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
CoUninitialize
CoInitialize

oleaut32

SysStringByteLen
SysFreeString
SysAllocStringByteLen
SetErrorInfo
VariantInit
VariantClear
VariantChangeType
GetErrorInfo
SysAllocString
CreateErrorInfo

msvcp80

?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXID@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?insert@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IABV12@@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
??7ios_base@std@@QBE_NXZ
?open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXPB_WHH@Z
??1locale@std@@QAE@XZ
?global@locale@std@@SA?AV12@ABV12@@Z
??0locale@std@@QAE@PBDH@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?push_back@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEX_W@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??Bios_base@std@@QBEPAXXZ
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEPADXZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z

msvcr80

_encode_pointer
_invoke_watson
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
??3@YAXPAX@Z
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
__CxxFrameHandler3
_wmakepath_s
_wsplitpath_s
strcpy_s
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
??2@YAPAXI@Z
free
calloc
_recalloc
memset
??_V@YAXPAX@Z
wcscpy_s
_wstat64i32
_wcsicmp
_purecall
atol
memcpy_s
swprintf_s
_stat64i32
_wtol
memmove_s
wcsncpy_s
wcsrchr
wcscat_s
strstr
_itow_s
malloc
wcsncat_s
wcschr
realloc
memcpy
fprintf
wcsstr
fopen
fclose
sprintf
fread
fwrite
ftell
fseek
ferror
printf
feof
exit
scanf
strncpy
remove
_time64
rand
srand
_wtoi
memmove
_snprintf
toupper
_vscwprintf
vswprintf_s
sprintf_s
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_except_handler4_common
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp_s

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

psapi

GetModuleFileNameExW
EnumProcesses
EnumProcessModules

wininet

InternetQueryOptionW

iphlpapi

GetAdaptersInfo

ws2_32

WSAStartup
gethostname
gethostbyname
WSACleanup

Sections

.text
Size: 196KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CBUpdateself.exe
.exe windows:4 windows x86 arch:x86

df6d7babd7b734d51d8093ed03273e16

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

22/06/2009, 00:00

Not After

21/06/2012, 23:59

Subject

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Zhuhai Kingsoft Software Co.\,Ltd,L=Zhuhai,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Source\PWPEV2010\branches\ProtoType\branches\ProtoType\products\Release_pdb\CBUpdateself.pdb

Imports

kernel32

FindFirstFileW
FindClose
DeleteFileW
CreateDirectoryW
CopyFileW
GetFileAttributesW
OpenProcess
GetCurrentProcessId
TerminateProcess
CreateProcessW
WaitForSingleObject
GetSystemTime
WideCharToMultiByte
GetModuleFileNameW
ReleaseMutex
Sleep
CloseHandle
OpenMutexW
GetLastError
CreateMutexW
GetSystemTimeAsFileTime
GetCurrentThreadId
InterlockedCompareExchange
GetCurrentProcess
InterlockedExchange
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
InitializeSecurityDescriptor

shell32

ShellExecuteExW

msvcp80

??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z

msvcr80

_wcsicmp
??3@YAXPAX@Z
free
malloc
realloc
fprintf
wcsstr
??_V@YAXPAX@Z
fopen
fclose
_wrename
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
__winitenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_crt_debugger_hook
_except_handler4_common
_invoke_watson
_controlfp_s
__CxxFrameHandler3
??2@YAPAXI@Z
wcscpy_s
wcscat_s
wcsncat_s
wcschr
swprintf_s
wcsncpy_s
wcsrchr
memset

psapi

GetModuleFileNameExW
EnumProcesses
EnumProcessModules

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CBux.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 300KB - Virtual size: 296KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b729b61eb1515fcf7b3e511e4e66258b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 129KB

.ndata Size: - Virtual size: 80KB

.rsrc Size: 358KB - Virtual size: 358KB

9063064264c2770830dd93aad3fff57a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

31:44:c0:6a:6c:fb:50:76:c1:5d:39:95:72:c6:94:21Certificate

Extended Key Usages

Key Usages

bf:19:d4:5c:a5:5e:8f:74:e3:6c:ec:96:d0:9f:93:10:90:be:ea:10Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

shell32

shlwapi

urlmon

user32

ole32

oleaut32

comctl32

Sections

.text Size: 61KB - Virtual size: 61KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 8KB - Virtual size: 7KB

8fbbf807b5bf33729f0092d4b8c483c4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 17KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

bd0c5e2173fde31d22cb05fc3c2a33dc

Headers

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 129KB

.ndata
Size: - Virtual size: 80KB

.rsrc
Size: 358KB - Virtual size: 358KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

31:44:c0:6a:6c:fb:50:76:c1:5d:39:95:72:c6:94:21
Certificate

bf:19:d4:5c:a5:5e:8f:74:e3:6c:ec:96:d0:9f:93:10:90:be:ea:10
Signer

.text
Size: 61KB - Virtual size: 61KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 17KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 848B

.data
Size: - Virtual size: 56B

.reloc
Size: 512B - Virtual size: 502B

.text
Size: 35KB - Virtual size: 35KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 3KB - Virtual size: 6KB

.reloc
Size: 5KB - Virtual size: 5KB

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

.text
Size: 56KB - Virtual size: 52KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 2KB

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate