391a1230683739f559da27fac557159c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

391a1230683739f559da27fac557159c_JaffaCakes118
Size

2.6MB
MD5

391a1230683739f559da27fac557159c
SHA1

08643f3ca27febeafcc116275e5e3a37eeae2a77
SHA256

a24db4ab3b7eb7d0cef09189b1709fd948a85da91c29df8daa28aabc33fb3c83
SHA512

86f3fb84e394a3d48682551bb0253d1bba5e7c3f4a2caea31e308ca18688ce17da0147867405ca59acf0d7c537a99e85fc15151f07157803668b7b204de8c706
SSDEEP

49152:zf0Pieu3TwEzvsbfB5lGBlYhtOKSC4SkoZllcGjNLxnYO3DDSq4WC4H3/n:QKeu3TPwTB5QBCrIC4Lel2GjNVnYO3DP

Score

3^/10

Malware Config

Signatures

Unsigned PE 23 IoCs

Checks for missing Authenticode signature.

resource
391a1230683739f559da27fac557159c_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$TEMP/WebThunder_SetupHelper.dll
unpack001/DownAndPlay/StreamCtrl.dll
unpack001/DownAndPlay/WebDownAndPlay.dll
unpack001/DownAndPlay/npDapCtrlFirefox.dll
unpack001/KanKan/Codecs/Real/Codecs/atrc.dll
unpack001/KanKan/Codecs/Real/Codecs/cook.dll
unpack001/KanKan/Codecs/Real/Codecs/drv1.dll
unpack001/KanKan/Codecs/Real/Codecs/drv2.dll
unpack001/KanKan/Codecs/Real/Codecs/drvc.dll
unpack001/KanKan/Codecs/Real/Codecs/raac.dll
unpack001/KanKan/Codecs/Real/Codecs/rv10.dll
unpack001/KanKan/Codecs/Real/Codecs/rv20.dll
unpack001/KanKan/Codecs/Real/Codecs/rv30.dll
unpack001/KanKan/Codecs/Real/Codecs/rv40.dll
unpack001/KanKan/Codecs/Real/Codecs/sipr.dll
unpack001/KanKan/Codecs/RealMediaSplitter.ax
unpack001/KanKan/Codecs/pncrt.dll
unpack001/KanKan/TSF.dll
unpack001/KanKan/XPlayer.dll
unpack001/stream.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

391a1230683739f559da27fac557159c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$TEMP/WebThunder_SetupHelper.dll
.dll windows:4 windows x86 arch:x86

cb15c4ce4f27454ccf6f64d3e8a9ffaf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
OutputDebugStringA
CloseHandle
Process32Next
Process32First
GetCurrentProcessId
CreateToolhelp32Snapshot
TerminateProcess
OpenProcess
WriteFile
HeapFree
GetCommandLineA
GetVersion
ExitProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
Sleep
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

user32

SendMessageA
FindWindowA

Exports

Exports

QuitWebThunder

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DownAndPlay/DapCtrl.dll
.dll regsvr32 windows:4 windows x86 arch:x86

1bf75379396a33ec7d52341f90b38937

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:c3:09:c2:ed:0e:e4:35:09:fc:8b:d8:68:bc:4c:fd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

26/04/2006, 00:00

Not After

31/05/2009, 23:59

Subject

CN=ShenZhen Thunder Networking Technologies Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Department of System Engineering,O=ShenZhen Thunder Networking Technologies Ltd.,L=ShenZhen,ST=GuangDong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Projects\DapCtrl\trunk\DllLogRel\DapCtrl.pdb

Imports

kernel32

GetProcAddress
LoadLibraryA
ExpandEnvironmentStringsA
GetModuleHandleA
VerifyVersionInfoA
VerSetConditionMask
CopyFileA
GetSystemDirectoryA
LocalFree
FormatMessageA
GetFileAttributesExA
MoveFileA
FreeResource
SizeofResource
IsBadCodePtr
WaitForMultipleObjects
GetFileSize
ResetEvent
SetEvent
GetDiskFreeSpaceExA
GetVolumeInformationA
Sleep
LoadLibraryW
lstrcpynA
MulDiv
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
SetStdHandle
IsBadReadPtr
GetStringTypeW
FreeLibrary
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetTimeZoneInformation
ReadFile
HeapSize
TerminateProcess
GetCurrentDirectoryA
GetFullPathNameA
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
QueryPerformanceCounter
LCMapStringW
LCMapStringA
GetCPInfo
GetOEMCP
GetCommandLineA
GetFileAttributesW
HeapReAlloc
GetSystemInfo
VirtualAlloc
VirtualProtect
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
RtlUnwind
GetSystemTimeAsFileTime
RaiseException
TerminateThread
GetModuleFileNameW
FindResourceA
LoadResource
LockResource
SetLastError
lstrlenW
lstrlenA
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentProcess
FlushInstructionCache
WideCharToMultiByte
MultiByteToWideChar
InterlockedIncrement
WinExec
CreateThread
CreateToolhelp32Snapshot
Process32First
Module32First
Module32Next
Process32Next
CreateEventA
OpenMutexA
TlsAlloc
GetLocalTime
GetCurrentThreadId
TlsGetValue
OutputDebugStringA
FindFirstChangeNotificationA
ExitThread
CreateMutexA
CreateFileMappingA
MapViewOfFile
ExitProcess
InitializeCriticalSection
GetPrivateProfileStringA
GetPrivateProfileIntA
FindFirstFileA
FindNextFileA
FindClose
CreateFileA
GetTempPathA
GetLastError
WriteFile
SetFilePointer
WritePrivateProfileStringA
FlushFileBuffers
DeleteFileA
InterlockedExchangeAdd
DeleteCriticalSection
TlsFree
InterlockedExchange
WaitForSingleObject
InterlockedDecrement
FindCloseChangeNotification
UnmapViewOfFile
ReleaseMutex
TlsSetValue
GetCurrentProcessId
CloseHandle
GetFileAttributesA
CreateDirectoryA
GetModuleFileNameA
GlobalUnlock
GlobalFree
GlobalAlloc
GlobalLock
LeaveCriticalSection
EnterCriticalSection
VirtualQuery
GetTickCount
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetStringTypeA

user32

IsWindowVisible
ShowWindow
ScreenToClient
SetWindowPos
CopyAcceleratorTableA
IsDialogMessageA
GetDlgItem
GetSysColor
GetDialogBaseUnits
DestroyCursor
UpdateWindow
MonitorFromRect
GetMonitorInfoA
CharLowerBuffA
SetActiveWindow
ReleaseCapture
FillRect
DrawTextA
LoadBitmapA
GetCursorPos
SystemParametersInfoA
MapWindowPoints
SetCapture
RedrawWindow
ReleaseDC
GetDC
MoveWindow
SetWindowTextA
BeginPaint
GetClientRect
EndPaint
GetFocus
IsChild
GetKeyState
InvalidateRect
CallWindowProcA
PostMessageA
SendMessageA
SetWindowLongA
FindWindowA
SendMessageTimeoutA
MessageBoxA
GetNextDlgTabItem
SetWindowContextHelpId
MapDialogRect
GetWindow
SetForegroundWindow
GetAncestor
GetForegroundWindow
SetWindowsHookExA
UnhookWindowsHookEx
PostThreadMessageA
GetActiveWindow
PtInRect
UnionRect
SetWindowRgn
OffsetRect
EqualRect
SetTimer
KillTimer
SetFocus
GetClassInfoExA
GetWindowInfo
GetSystemMetrics
SetParent
GetWindowLongA
GetWindowRect
GetClassNameW
GetParent
IsWindow
FindWindowExW
GetWindowThreadProcessId
CallNextHookEx
GetClassNameA
DispatchMessageA
TranslateMessage
GetMessageA
EndDialog
DestroyWindow
CreateWindowExA
ShowCursor
SetCursor
LoadCursorA
DefWindowProcA
CharUpperBuffA
wsprintfA
EnumChildWindows
IntersectRect
SendDlgItemMessageA

gdi32

RestoreDC
DeleteDC
SetViewportOrgEx
SetWindowOrgEx
SaveDC
LPtoDP
GetDeviceCaps
CreateRectRgnIndirect
DeleteObject
GetObjectA
SelectObject
CreateCompatibleDC
CombineRgn
GetPixel
CreateRectRgn
BitBlt
TextOutA
SetTextColor
CreateFontA
StretchBlt
CreateSolidBrush
Rectangle
CreateCompatibleBitmap
GetStockObject
SetBkColor
LineTo
MoveToEx
CreatePen
GetTextExtentPointA
GetTextMetricsA
CreateFontIndirectA
SetMapMode
SetBkMode

comdlg32

GetSaveFileNameA

advapi32

RegDeleteValueA
RegOpenKeyA
RegEnumKeyExA
RegSetValueExA
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
RegCreateKeyA

shell32

SHGetFolderPathA
ShellExecuteW
SHFileOperationA
ShellExecuteA

ole32

OleRegGetMiscStatus
CreateOleAdviseHolder
OleRegGetUserType
OleRegEnumVerbs
CoCreateGuid
StringFromIID
CoTaskMemFree
CoInitialize
CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal

oleaut32

OleCreatePropertyFrame
LoadTypeLi
LoadRegTypeLi
SysAllocStringLen
VariantChangeType
VariantCopy
GetErrorInfo
VariantClear
VariantInit
VarBstrCmp
SysStringByteLen
SysAllocStringByteLen
SysStringLen
SysFreeString
SysAllocString
OleTranslateColor
DispCallFunc
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayAccessData
SafeArrayCreateVector
OleLoadPicture

atl71

ord38
ord28
ord40
ord47
ord53
ord52
ord64
ord22
ord18
ord15
ord31
ord54
ord51
ord50
ord27
ord26
ord48
ord60
ord42
ord30
ord61
ord23
ord36
ord46
ord44
ord43
ord10
ord32
ord11
ord65
ord66
ord58

shlwapi

PathFindExtensionA
AssocQueryStringW
PathFileExistsW
PathFileExistsA
PathRemoveFileSpecA
PathCombineA
PathFindFileNameA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wininet

InternetConnectA
InternetCloseHandle
InternetOpenA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
InternetCombineUrlA
InternetCreateUrlA
InternetCrackUrlA
HttpOpenRequestA

ws2_32

closesocket
inet_addr
setsockopt
recvfrom
ntohs
select
ioctlsocket
sendto
shutdown
send
WSAGetLastError
connect
socket
htons
bind
listen
accept
inet_ntoa
WSACleanup
WSAStartup
gethostname
gethostbyname
recv

iphlpapi

GetAdaptersInfo

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
RegisterServerDirect
Repair_realplayer11
UnregisterServerDirect

Sections

.text
Size: 424KB - Virtual size: 422KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 196KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DownAndPlay/StreamCtrl.dll
.dll regsvr32 windows:4 windows x86 arch:x86

b55eaf5a443c3d59779e26063b11de19

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Projects\DShowCtrl\trunk\StreamCtrl2G\Release\StreamCtrl.pdb

Imports

ws2_32

closesocket
ioctlsocket
WSAStartup
WSACleanup
WSAGetLastError
connect
setsockopt
shutdown
select
__WSAFDIsSet
recv
send
socket
inet_addr
htons

kernel32

GetStringTypeW
GetStringTypeA
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetLastError
GetCurrentThread
SetLastError
TlsSetValue
TlsGetValue
InterlockedIncrement
TlsAlloc
TlsFree
InitializeCriticalSection
CloseHandle
CreateFileA
WriteFile
CreateFileW
GetFileSize
SetFilePointer
ReadFile
ReadFileEx
GetFileInformationByHandle
LockFile
LockFileEx
UnlockFile
UnlockFileEx
OpenFile
FlushFileBuffers
WaitNamedPipeW
SetNamedPipeHandleState
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapAlloc
GetModuleFileNameW
GetModuleFileNameA
CreateProcessW
DeleteCriticalSection
WaitForSingleObject
GetVersionExA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
RaiseException
FreeLibrary
GetProcAddress
LoadLibraryA
FindClose
DeleteFileA
FindFirstFileA
CopyFileA
GetSystemDirectoryA
GetFileAttributesA
CreateDirectoryA
GetFileAttributesExA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetCurrentProcess
GetModuleHandleA
Sleep
DisableThreadLibraryCalls
MoveFileA
FreeResource
LoadResource
SizeofResource
FindResourceA
VirtualQuery
IsBadCodePtr
lstrlenA
lstrlenW
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
lstrcpyA
lstrcatA
InterlockedDecrement
CreateEventA
ResetEvent
SetEvent
GetCurrentThreadId
VirtualQueryEx
ReadProcessMemory
ResumeThread
WriteProcessMemory
VirtualAllocEx
InterlockedCompareExchange
VirtualProtect
FlushInstructionCache
GetThreadContext
SetThreadContext
SuspendThread
VirtualAlloc
LocalFree
IsBadReadPtr
UnhandledExceptionFilter
GetEnvironmentStringsW
SetStdHandle
SetEndOfFile
FindNextFileA
VirtualProtectEx
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
GetCPInfo
GetOEMCP
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
HeapSize
TerminateProcess
SetUnhandledExceptionFilter
GetTickCount
QueryPerformanceCounter
GetCommandLineA
HeapReAlloc
GetSystemInfo
HeapFree
ExitProcess
RtlUnwind

user32

CharNextA

advapi32

RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCloseKey
RegOpenKeyA
RegQueryValueExA
RegQueryInfoKeyA

shell32

SHGetFolderPathA

ole32

CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
CoCreateInstance
CoTaskMemFree

oleaut32

LoadRegTypeLi
SysAllocString
LoadTypeLi
UnRegisterTypeLi
SysFreeString
VarUI4FromStr
SysStringLen
VariantClear
RegisterTypeLi

shlwapi

PathRemoveFileSpecA
PathCombineA
PathFileExistsA
PathFindFileNameA
PathFindExtensionA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Exports

Exports

?fnHookStream@@YAHXZ
?nHookStream@@3HA
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
RegisterServerDirect
UnregisterServerDirect

Sections

.text
Size: 184KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DownAndPlay/WebDownAndPlay.dll
.dll windows:4 windows x86 arch:x86

1123b0e3211d2ed95e75f54b2a2a4b0e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
OutputDebugStringA
CloseHandle
WaitForSingleObject
DeleteFileA
InterlockedIncrement
GetProcAddress
GetModuleHandleA
RemoveDirectoryA
GetModuleFileNameA
WideCharToMultiByte
lstrlenW
MultiByteToWideChar
lstrlenA
GetLongPathNameA
GetTempPathA
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateEventA
SetEvent
ResetEvent
CompareStringW
CompareStringA
GetLocaleInfoW
GetTimeZoneInformation
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
FlushFileBuffers
LCMapStringW
LCMapStringA
Sleep
SetStdHandle
SetConsoleCtrlHandler
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
SetFilePointer
GetStringTypeW
GetStringTypeA
UnhandledExceptionFilter
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
RtlUnwind
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
RaiseException
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
GetCurrentThread
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
FatalAppExitA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
SetEnvironmentVariableA

user32

DefWindowProcA
SendMessageTimeoutA
IsWindow
LoadStringA
DestroyWindow
CreateDialogParamA
ShowWindow
PostMessageA

oleaut32

SysAllocString
SysAllocStringLen
SysFreeString

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

ws2_32

WSAStartup
WSACleanup
closesocket
accept
listen
bind
inet_addr
htons
socket
connect
recv
send

Exports

Exports

OnConnection
OnDisconnection

Sections

.text
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DownAndPlay/np-mswmp.dll
.dll windows:6 windows x86 arch:x86

6248bec906df433624b546a90f44da2b

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:55

Not After

16/09/2011, 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

26:1e:cf:d6:29:79:85:bf:29:37:b7:99:a6:d1:c8:fd:22:5c:65:e3
Signer

Actual PE Digest

26:1e:cf:d6:29:79:85:bf:29:37:b7:99:a6:d1:c8:fd:22:5c:65:e3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

np-mswmp.pdb

Imports

msvcrt

??_U@YAPAXI@Z
iswspace
wcsspn
wcscspn
_wtoi
atoi
atof
memcpy
wcsstr
__CxxFrameHandler
_errno
_XcptFilter
_initterm
_amsg_exit
_adjust_fdiv
??1type_info@@UAE@XZ
?terminate@@YAXXZ
realloc
_unlock
__dllonexit
_lock
_onexit
memmove
mbtowc
__mb_cur_max
isleadbyte
_iob
_snprintf
_itoa
ferror
__badioinfo
__pioinfo
_fileno
_lseeki64
_write
_isatty
??2@YAPAXI@Z
_CxxThrowException
_vsnwprintf
??_V@YAXPAX@Z
memset
_CIpow
free
_mbsicmp
_wcsicmp
malloc
??3@YAXPAX@Z

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
RtlUnwind
OutputDebugStringA
InterlockedCompareExchange
Sleep
VirtualAlloc
VirtualFree
LoadLibraryA
GetProcAddress
GetVersion
InterlockedExchange
GetVersionExA
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExW
MultiByteToWideChar
GetCurrentThreadId
GetModuleFileNameW
MulDiv
lstrcmpW
GetCurrentProcess
FlushInstructionCache
InterlockedDecrement
InterlockedIncrement
HeapSetInformation
GlobalAlloc
GlobalLock
GlobalUnlock
SetLastError
GetLastError
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
RaiseException
FormatMessageW
lstrlenW
LocalFree

user32

UnregisterClassA
CreateAcceleratorTableW
GetFocus
GetWindow
SetFocus
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
CallWindowProcW
FillRect
ReleaseCapture
GetClassNameW
GetDlgItem
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
GetClientRect
SetWindowPos
CharNextW
GetSysColor
RegisterWindowMessageW
GetClassInfoExW
LoadCursorW
RegisterClassExW
GetWindowTextLengthW
SetWindowTextW
DefWindowProcW
MapWindowPoints
IsWindow
GetParent
ShowWindow
GetWindowRect
MoveWindow
PostMessageW
SendMessageW
SetWindowLongW
GetWindowLongW
CreateWindowExW
DestroyWindow
GetWindowTextW

oleaut32

VarBstrFromDate
VariantChangeType
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysStringByteLen
SysAllocStringByteLen
VariantClear
VariantInit
VarBstrCmp
SysAllocString
SysAllocStringLen
SysStringLen
SysFreeString

ole32

CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoCreateGuid
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc

gdi32

GetStockObject
GetObjectW
CreateSolidBrush
GetDeviceCaps
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
DeleteObject

Exports

Exports

NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DownAndPlay/npDapCtrlFirefox.dll
.dll regsvr32 windows:4 windows x86 arch:x86

2ab0e211916076da0bbaf6074ad9d325

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\项目\SVN\DapCtrlFirefox\Release\DapCtrlFirefox.pdb

Imports

kernel32

DeleteFileW
CopyFileW
GetModuleFileNameW
VirtualQuery
EnterCriticalSection
LeaveCriticalSection
HeapFree
GetProcessHeap
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
lstrcpyW
MulDiv
FlushInstructionCache
GetCurrentProcess
HeapAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcmpW
FindFirstFileW
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcmpiW
lstrcpynW
GetCurrentThreadId
GetModuleFileNameA
LoadLibraryExA
ExpandEnvironmentStringsA
FindNextFileW
FindClose
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
ExitProcess
GetVersionExA
LoadLibraryW
GetProcAddress
FreeLibrary
GetPrivateProfileStringW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetSystemDirectoryW
WideCharToMultiByte
GetFileAttributesExW
CreateDirectoryW
GetFileAttributesW
lstrlenW
DeleteCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
InterlockedExchange
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
GetModuleHandleW

user32

SetWindowPos
UnregisterClassW
SetWindowLongW
GetWindowLongW
CreateWindowExW
SendMessageW
DefWindowProcW
GetSysColor
ReleaseCapture
SetCapture
FillRect
GetClientRect
GetDC
ReleaseDC
InvalidateRect
InvalidateRgn
GetDesktopWindow
RegisterWindowMessageW
GetWindowTextLengthW
CallWindowProcW
SetWindowTextW
GetClassInfoExW
LoadCursorW
wsprintfW
RegisterClassExW
CreateAcceleratorTableW
CharNextW
GetParent
GetClassNameW
GetWindowTextW
DestroyWindow
RedrawWindow
IsWindow
GetDlgItem
SetFocus
GetFocus
IsChild
GetWindow
DestroyAcceleratorTable
BeginPaint
EndPaint

gdi32

CreateSolidBrush
GetStockObject
GetObjectW
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
BitBlt
DeleteObject

advapi32

RegCreateKeyExW
RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW

shell32

SHGetFolderPathW

ole32

CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
OleLockRunning
CreateStreamOnHGlobal
CoUninitialize
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree
CoTaskMemRealloc
OleInitialize
OleUninitialize
CoInitialize
CoGetClassObject

oleaut32

VariantInit
VariantClear
SysAllocString
SysAllocStringLen
SysStringLen
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysStringByteLen
SysFreeString

shlwapi

PathRemoveFileSpecW
PathFindFileNameW
PathFindExtensionW
PathFileExistsW

msvcp71

??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?find_first_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Nomemory@std@@YAXXZ
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
?find_first_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z
?find_first_not_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

msvcr71

_strdup
_CxxThrowException
_except_handler3
??1exception@@UAE@XZ
??0exception@@QAE@XZ
__CxxFrameHandler
??3@YAXPAX@Z
wcslen
free
malloc
??0exception@@QAE@ABV0@@Z
wcsncat
wcsncpy
fclose
fopen
_wcsicmp
_access
_stat
__CppXcptFilter
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
__security_error_handler
_callnewh
strchr
strtol
strpbrk
getenv
_fullpath
_mbsrchr
strcpy
strcmp
sprintf
fgets
strlen
_snwprintf
rand
srand
time
??_V@YAXPAX@Z
strncmp
strncpy
memmove
realloc
memset
_snprintf

Exports

Exports

DllRegisterServer
NP_GetEntryPoints
NP_Initialize
NP_Shutdown
RegisterServerDirect

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KanKan/Codecs/Real/Codecs/atrc.dll
.dll windows:4 windows x86 arch:x86

5132cde9ac8899a69f40dfaacc320c4d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

_ftol
??3@YAXPAX@Z
memmove
calloc
free
malloc
_CIpow
floor
??2@YAPAXI@Z
_assert
_except_handler3
_purecall
_initterm
_adjust_fdiv
__dllonexit
_onexit

Exports

Exports

RACloseCodec
RACreateEncoderInstance
RADecode
RAEncode
RAFlush
RAFreeDecoder
RAFreeEncoder
RAGetBackend
RAGetDecoderBackendGUID
RAGetFlavorProperty
RAGetGUID
RAGetNumberOfFlavors
RAGetNumberOfFlavors2
RAInitDecoder
RAInitEncoder
RAOpenCodec
RAOpenCodec2
RASetComMode
RASetFlavor
_RASetPwd@8

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KanKan/Codecs/Real/Codecs/cook.dll
.dll windows:4 windows x86 arch:x86

7186ef18b8145b9efacd73914d40cee0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

free
??3@YAXPAX@Z
memmove
_purecall
_CIpow
malloc
??2@YAPAXI@Z
_ftol
_initterm
_adjust_fdiv

Exports

Exports

RACloseCodec
RACreateEncoderInstance
RADecode
RAEncode
RAFlush
RAFreeDecoder
RAFreeEncoder
RAGetBackend
RAGetDecoderBackendGUID
RAGetFlavorProperty
RAGetGUID
RAGetNumberOfFlavors
RAGetNumberOfFlavors2
RAInitDecoder
RAInitEncoder
RAOpenCodec
RAOpenCodec2
RASetComMode
RASetFlavor
_RASetPwd@8

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KanKan/Codecs/Real/Codecs/drv1.dll
.dll windows:4 windows x86 arch:x86

232d11e71e9db2c13e39696149eba4f6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

printf
putchar
free
_ftol
_iob
calloc
malloc
_initterm
_adjust_fdiv
fprintf

kernel32

DisableThreadLibraryCalls

Exports

Exports

GetGUID
GetRV10DecParams
RV10toRGB3Alloc
RV10toRGB3Free
RV10toRGB3Init
RV10toRGB3Transform
RV10toYUVPostMove
RV10toYUVPostfilter
RV10toYUVTemporalInterp
RV10toYUVTemporalSetup
RV10toYUVTransform
SetRV10DecParams

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 797B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KanKan/Codecs/Real/Codecs/drv2.dll
.dll windows:4 windows x86 arch:x86

44586b56c5dcc55b19268bed59258786

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

_initterm
_ftol
free
__CxxFrameHandler
malloc
_purecall
??2@YAPAXI@Z
??3@YAXPAX@Z
_adjust_fdiv

kernel32

DisableThreadLibraryCalls
GetSystemInfo

advapi32

RegOpenKeyExA
RegCloseKey

Exports

Exports

GetGUID
RV20toYUV420CustomMessage
RV20toYUV420Free
RV20toYUV420HiveMessage
RV20toYUV420Init
RV20toYUV420Transform
RV20toYUV420_RN_FRU_Free
RV20toYUV420_RN_FRU_GetFrame
RV20toYUV420_RN_FRU_Init
RV20toYUV420_RN_FRU_Setup

Sections

.text
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

IACODE2
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

IACODE1
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

MMXCODE1
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

MMXDATA1
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KanKan/Codecs/Real/Codecs/drvc.dll
.dll windows:4 windows x86 arch:x86

5d841dc9603dda4e7058b842c1dedbfc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

__CxxFrameHandler
memmove
_ftol
_purecall
malloc
free
??3@YAXPAX@Z
_initterm
_adjust_fdiv
_beginthreadex
??2@YAPAXI@Z

kernel32

WaitForMultipleObjects
CreateThread
LeaveCriticalSection
EnterCriticalSection
GetPrivateProfileIntA
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
WaitForSingleObject
GetSystemInfo
CreateEventA
QueryPerformanceCounter
SetEvent
QueryPerformanceFrequency
ResetEvent

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

Exports

Exports

?GetGUID@@YGJPAE@Z
RV40toYUV420CustomMessage
RV40toYUV420Free
RV40toYUV420HiveMessage
RV40toYUV420Init
RV40toYUV420Transform

Sections

.text
Size: 192KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KanKan/Codecs/Real/Codecs/raac.dll
.dll windows:4 windows x86 arch:x86

2569b16af6a5e82c06ef6aed87f5e148

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

??2@YAPAXI@Z
memmove
_CxxThrowException
calloc
free
malloc
exp
fputs
printf
pow
??3@YAXPAX@Z
__CxxFrameHandler
strncpy
log10
atan
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
?terminate@@YAXXZ
_iob
log
_purecall
_except_handler3

kernel32

DisableThreadLibraryCalls
IsBadReadPtr

Exports

Exports

RACloseCodec
RACreateDecoderInstance
RACreateEncoderInstance
RADecode
RAFlush
RAFreeDecoder
RAGetBackend
RAGetFlavorProperty
RAGetGUID
RAInitDecoder
RAOpenCodec2
RASetComMode

Sections

.text
Size: 364KB - Virtual size: 363KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KanKan/Codecs/Real/Codecs/rv10.dll
.dll windows:4 windows x86 arch:x86

7d0bbca4dd169c4c1a33b2513aa5069d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

rand
tolower
isupper
fprintf
strncpy
_stricmp
strchr
fread
fopen
__dllonexit
_onexit
free
_initterm
malloc
_adjust_fdiv
srand
memmove
fclose
_purecall
_ftol
??2@YAPAXI@Z
??3@YAXPAX@Z
_putenv

kernel32

DisableThreadLibraryCalls
GetProcAddress
FreeLibrary
SetErrorMode
LoadLibraryA
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount

Exports

Exports

PNCodec_Close
PNCodec_GetMediaFormats
PNCodec_GetUIName
PNCodec_GetVersion
PNCodec_Input
PNCodec_Open
PNCodec_PreferredMediaFormat
PNCodec_QueryMediaFormat
PNCodec_StreamOpen
PNStream_Close
PNStream_GetIPNUnknown
PNStream_GetInputBufferSize
PNStream_GetProperty
PNStream_GetStreamHeader
PNStream_GetStreamHeaderSize
PNStream_Input
PNStream_OpenSettingsBox
PNStream_PostProcess
PNStream_ReleaseFrame
PNStream_SetDataCallback
PNStream_SetOutputPacketSize
PNStream_SetProperty
SetDLLAccessPath
_PNCodec_GetIPNUnknown@4

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KanKan/Codecs/Real/Codecs/rv20.dll
.dll windows:4 windows x86 arch:x86

de93a6d25a8e8a4317757a0f9e71593a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

_stricmp
strchr
memmove
_purecall
_ftol
tolower
isupper
_initterm
_adjust_fdiv
strncpy
malloc
free
_putenv
??2@YAPAXI@Z
??3@YAXPAX@Z
__dllonexit
_onexit

kernel32

GetProcAddress
FreeLibrary
SetErrorMode
LoadLibraryA
DisableThreadLibraryCalls
QueryPerformanceFrequency
QueryPerformanceCounter

Exports

Exports

PNCodec_Close
PNCodec_GetMediaFormats
PNCodec_GetUIName
PNCodec_GetVersion
PNCodec_Input
PNCodec_Open
PNCodec_PreferredMediaFormat
PNCodec_QueryMediaFormat
PNCodec_StreamOpen
PNStream_Close
PNStream_GetIPNUnknown
PNStream_GetInputBufferSize
PNStream_GetProperty
PNStream_GetStreamHeader
PNStream_GetStreamHeaderSize
PNStream_Input
PNStream_OpenSettingsBox
PNStream_PostProcess
PNStream_ReleaseFrame
PNStream_SetDataCallback
PNStream_SetOutputPacketSize
PNStream_SetProperty
SetDLLAccessPath
_PNCodec_GetIPNUnknown@4

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KanKan/Codecs/Real/Codecs/rv30.dll
.dll windows:4 windows x86 arch:x86

a5049b84d47d09c19faafd0e69f94d06

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

tolower
isupper
strncpy
_stricmp
__dllonexit
_onexit
_initterm
_adjust_fdiv
_ftol
memmove
_purecall
malloc
??2@YAPAXI@Z
free
??3@YAXPAX@Z
strchr
_putenv

kernel32

DisableThreadLibraryCalls
GetProcAddress
FreeLibrary
SetErrorMode
LoadLibraryA
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemInfo

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Exports

Exports

PNCodec_Close
PNCodec_GetMediaFormats
PNCodec_GetUIName
PNCodec_GetVersion
PNCodec_Input
PNCodec_Open
PNCodec_PreferredMediaFormat
PNCodec_QueryMediaFormat
PNCodec_StreamOpen
PNStream_Close
PNStream_GetIPNUnknown
PNStream_GetInputBufferSize
PNStream_GetProperty
PNStream_GetStreamHeader
PNStream_GetStreamHeaderSize
PNStream_Input
PNStream_OpenSettingsBox
PNStream_PostProcess
PNStream_ReleaseFrame
PNStream_SetDataCallback
PNStream_SetOutputPacketSize
PNStream_SetProperty
SetDLLAccessPath
_PNCodec_GetIPNUnknown@4

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KanKan/Codecs/Real/Codecs/rv40.dll
.dll windows:4 windows x86 arch:x86

a5049b84d47d09c19faafd0e69f94d06

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

tolower
isupper
strncpy
_stricmp
__dllonexit
_onexit
_initterm
_adjust_fdiv
_ftol
memmove
_purecall
malloc
??2@YAPAXI@Z
free
??3@YAXPAX@Z
strchr
_putenv

kernel32

DisableThreadLibraryCalls
GetProcAddress
FreeLibrary
SetErrorMode
LoadLibraryA
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemInfo

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Exports

Exports

PNCodec_Close
PNCodec_GetMediaFormats
PNCodec_GetUIName
PNCodec_GetVersion
PNCodec_Input
PNCodec_Open
PNCodec_PreferredMediaFormat
PNCodec_QueryMediaFormat
PNCodec_StreamOpen
PNStream_Close
PNStream_GetIPNUnknown
PNStream_GetInputBufferSize
PNStream_GetProperty
PNStream_GetStreamHeader
PNStream_GetStreamHeaderSize
PNStream_Input
PNStream_OpenSettingsBox
PNStream_PostProcess
PNStream_ReleaseFrame
PNStream_SetDataCallback
PNStream_SetOutputPacketSize
PNStream_SetProperty
SetDLLAccessPath
_PNCodec_GetIPNUnknown@4

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 930B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KanKan/Codecs/Real/Codecs/sipr.dll
.dll windows:4 windows x86 arch:x86

ab44f666347fdcd438ddb88f10cba053

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

frexp
??3@YAXPAX@Z
strncpy
_purecall
_ftol
rand
_CIpow
ldexp
??2@YAPAXI@Z
_CIacos
free
_initterm
malloc
_adjust_fdiv
__dllonexit
_onexit

Exports

Exports

RACloseCodec
RACreateEncoderInstance
RADecode
RAEncode
RAFlush
RAFreeDecoder
RAFreeEncoder
RAGetBackend
RAGetDecoderBackendGUID
RAGetFlavorProperty
RAGetGUID
RAGetNumberOfFlavors
RAInitDecoder
RAInitEncoder
RAOpenCodec
RAOpenCodec2
RASetComMode
RASetFlavor
RASetPwd
_RAGetNumberOfFlavors2@4

Sections

.text
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KanKan/Codecs/RealMediaSplitter.ax
.dll regsvr32 windows:4 windows x86 arch:x86

2892897bcf065b24c61eeffcc554a57a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Projects\rmsplt\guliverkli\src\filters\parser\realmediasplitter\Release\RealMediaSplitter.pdb

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

GetCurrentThread
GetTickCount
CreateThread
GetVolumeInformationA
GetDriveTypeA
Sleep
lstrcpyA
EnumResourceLanguagesA
ConvertDefaultLocale
lstrcmpA
GlobalDeleteAtom
GlobalAddAtomA
LocalFree
lstrcpynA
FormatMessageA
SetLastError
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileSize
GetFileTime
ReadFile
LockFile
UnlockFile
SetEndOfFile
GetFullPathNameA
LocalAlloc
GlobalReAlloc
SetThreadPriority
LocalReAlloc
lstrcatA
SetErrorMode
GetCurrentDirectoryA
GlobalFlags
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
GetCPInfo
GetOEMCP
RtlUnwind
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
VirtualProtect
GetCommandLineA
HeapReAlloc
TerminateProcess
SetStdHandle
GetFileType
HeapSize
LCMapStringA
LCMapStringW
QueryPerformanceCounter
HeapDestroy
HeapCreate
IsBadWritePtr
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
GetModuleHandleA
VirtualAlloc
CreateSemaphoreA
GetCurrentProcess
DuplicateHandle
VirtualFree
GetSystemInfo
ReleaseSemaphore
ResetEvent
SetEvent
CreateEventA
InterlockedIncrement
DisableThreadLibraryCalls
CompareStringW
CompareStringA
lstrcmpiA
GetVersion
CopyFileA
LoadLibraryA
GetProcAddress
GetFileAttributesExA
GetLocalTime
GetCurrentThreadId
TlsGetValue
OutputDebugStringA
FindFirstChangeNotificationA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetSystemDirectoryA
FindFirstFileA
FindNextFileA
FindClose
FreeLibrary
TlsAlloc
CreateFileA
GetTempPathA
WriteFile
SetFilePointer
FlushFileBuffers
DeleteFileA
ExitThread
CreateMutexA
ExitProcess
GetLastError
CreateFileMappingA
MapViewOfFile
InterlockedExchangeAdd
TlsFree
WaitForSingleObject
InterlockedDecrement
CloseHandle
FindCloseChangeNotification
UnmapViewOfFile
ReleaseMutex
lstrlenA
WideCharToMultiByte
TlsSetValue
GetCurrentProcessId
GetFileAttributesA
CreateDirectoryA
GetModuleFileNameA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
LeaveCriticalSection
EnterCriticalSection
VirtualQuery
MultiByteToWideChar
FindResourceA
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GlobalHandle

user32

DestroyMenu
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
LoadIconA
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
SetWindowPos
ShowWindow
SetWindowLongA
GetDlgItem
LoadCursorA
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetWindowTextA
SetWindowTextA
GetClassNameA
GetSystemMetrics
GetMenuItemID
GetMenuItemCount
GetSubMenu
UnhookWindowsHookEx
SetMenuItemBitmaps
GetFocus
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
WinHelpA
GetCapture
GetParent
GetWindowLongA
CreateWindowExA
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetLastActivePopup
IsWindowEnabled
EnableWindow
SendMessageA
SetCursor
PostMessageA
PostQuitMessage
SetRect
DispatchMessageA
RegisterWindowMessageA
PeekMessageA
wsprintfA
CharUpperA
MessageBoxA
UnregisterClassA

gdi32

ScaleWindowExtEx
DeleteDC
GetStockObject
SetWindowExtEx
TextOutA
RectVisible
PtVisible
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
RestoreDC
SaveDC
DeleteObject
GetDeviceCaps
CreateBitmap
GetClipBox
SetMapMode
SetTextColor
SetBkColor
ExtTextOutA

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCloseKey
RegQueryValueExA
RegDeleteKeyA
RegEnumKeyExA
RegSetValueExA
RegSetValueA
RegCreateKeyA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyExA
RegOpenKeyA
RegEnumKeyA

shell32

SHGetFolderPathA

comctl32

ord17

shlwapi

PathFindFileNameA
PathFindExtensionA
PathStripToRootA
StrStrIA
PathRemoveFileSpecA
PathAddBackslashA
PathIsUNCA
PathFileExistsA

ole32

StringFromGUID2
CoUninitialize
CoFreeUnusedLibraries
CoCreateInstance
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromString

oleaut32

SysAllocStringLen
SysAllocString
VariantChangeType
SysFreeString
VariantInit
VariantClear

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
RegisterServerDirect
UnregisterServerDirect

Sections

.text
Size: 268KB - Virtual size: 266KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT64
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KanKan/Codecs/pncrt.dll
.dll windows:4 windows x86 arch:x86

828907b7a8ec04c9c4031e40ef2f76ec

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetFilePointer
RtlUnwind
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
SetUnhandledExceptionFilter
GetModuleFileNameA
GetModuleFileNameW
ExitProcess
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
ResumeThread
CreateThread
TlsSetValue
ExitThread
CloseHandle
GetCurrentThreadId
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
FindNextFileA
FindFirstFileA
FindClose
FindNextFileW
FindFirstFileW
HeapFree
HeapAlloc
HeapReAlloc
HeapValidate
HeapSize
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
SetHandleCount
GetFileType
GetStartupInfoA
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
MultiByteToWideChar
GetCommandLineW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WideCharToMultiByte
UnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetConsoleCtrlHandler
SetEnvironmentVariableW
InterlockedDecrement
InterlockedIncrement
FlushFileBuffers
RaiseException
SetStdHandle
Sleep
CompareStringA
CompareStringW
GetLocaleInfoA
GetLocaleInfoW
IsValidLocale
IsValidCodePage
EnumSystemLocalesA
GetUserDefaultLCID
GetVersionExA
GetTimeZoneInformation
SetEnvironmentVariableA
Beep
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDiskFreeSpaceA
GetLogicalDrives
SetErrorMode
GetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetFileAttributesA
GetFullPathNameA
GetDriveTypeA
GetCurrentProcessId
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
DeleteFileW
MoveFileW
RemoveDirectoryW
GetDriveTypeW
MoveFileA
GetExitCodeProcess
WaitForSingleObject
FreeLibrary
CreateProcessA
CreateProcessW
HeapCompact
HeapWalk
ReadConsoleA
SetConsoleMode
GetConsoleMode
SetEndOfFile
WriteConsoleA
DuplicateHandle
GetFileInformationByHandle
PeekNamedPipe
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
LockFile
UnlockFile
CreateFileA
CreatePipe
ReadFile
CreateFileW
GetLocalTime
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetLocalTime
GetSystemTime
GetModuleHandleA

Exports

Exports

$I10_OUTPUT
??0__non_rtti_object@@QAE@ABV0@@Z
??0__non_rtti_object@@QAE@PBD@Z
??0bad_cast@@QAE@ABQBD@Z
??0bad_cast@@QAE@ABV0@@Z
??0bad_typeid@@QAE@ABV0@@Z
??0bad_typeid@@QAE@PBD@Z
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1__non_rtti_object@@UAE@XZ
??1bad_cast@@UAE@XZ
??1bad_typeid@@UAE@XZ
??1exception@@UAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??3@YAXPAX@Z
??4__non_rtti_object@@QAEAAV0@ABV0@@Z
??4bad_cast@@QAEAAV0@ABV0@@Z
??4bad_typeid@@QAEAAV0@ABV0@@Z
??4exception@@QAEAAV0@ABV0@@Z
??8type_info@@QBEHABV0@@Z
??9type_info@@QBEHABV0@@Z
??_7__non_rtti_object@@6B@
??_7bad_cast@@6B@
??_7bad_typeid@@6B@
??_7exception@@6B@
??_E__non_rtti_object@@UAEPAXI@Z
??_Ebad_cast@@UAEPAXI@Z
??_Ebad_typeid@@UAEPAXI@Z
??_Eexception@@UAEPAXI@Z
??_G__non_rtti_object@@UAEPAXI@Z
??_Gbad_cast@@UAEPAXI@Z
??_Gbad_typeid@@UAEPAXI@Z
??_Gexception@@UAEPAXI@Z
?_query_new_handler@@YAP6AHI@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?before@type_info@@QBEHABV1@@Z
?name@type_info@@QBEPBDXZ
?raw_name@type_info@@QBEPBDXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?terminate@@YAXXZ
?unexpected@@YAXXZ
?what@exception@@UBEPBDXZ
SetUserHeapAlloc
SetUserHeapCalloc
SetUserHeapFree
SetUserHeapReAlloc
SetUserHeapSize
SetUserHeapValidate
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CrtHeapAlloc
_CrtHeapCalloc
_CrtHeapFree
_CrtHeapReAlloc
_CrtHeapSize
_CrtHeapValidate
_CxxThrowException
_EH_prolog
_Getdays
_Getmonths
_Gettnames
_HUGE
_Strftime
_XcptFilter
__CxxFrameHandler
__CxxLongjmpUnwind
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
__argc
__argv
__badioinfo
__crtCompareStringA
__crtGetLocaleInfoW
__crtLCMapStringA
__dllonexit
__doserrno
__fpecode
__getmainargs
__initenv
__isascii
__iscsym
__iscsymf
__lc_codepage
__lc_handle
__lconv_init
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__amblksiz
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fileinfo
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__osver
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__winmajor
__p__winminor
__p__winver
__p__wpgmptr
__pioinfo
__pxcptinfoptrs
__set_app_type
__setlc_active
__setusermatherr
__threadhandle
__threadid
__toascii
__unDName
__unguarded_readlc_active
__wargv
__wgetmainargs
__winitenv
_abnormal_termination
_access
_acmdln
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_adjust_fdiv
_aexit_rtn
_amsg_exit
_assert
_atodbl
_atoi64
_atoldbl
_beep
_beginthread
_beginthreadex
_c_exit
_cabs
_callnewh
_cexit
_cgets
_chdir
_chdrive
_chgsign
_chmod
_chsize
_clearfp
_close
_commit
_commode
_control87
_controlfp
_copysign
_cprintf
_cputs
_creat
_cscanf
_ctype
_cwait
_daylight
_dstbias
_dup
_dup2
_ecvt
_endthread
_endthreadex
_environ
_eof
_errno
_except_handler2
_except_handler3
_execl
_execle
_execlp
_execlpe
_execv
_execve
_execvp
_execvpe
_exit
_expand
_fcloseall
_fcvt
_fdopen
_fgetchar
_fgetwchar
_filbuf
_fileinfo
_filelength
_filelengthi64
_fileno
_findclose
_findfirst
_findfirsti64
_findnext
_findnexti64
_finite
_flsbuf
_flushall
_fmode
_fpclass
_fpieee_flt
_fpreset
_fputchar
_fputwchar
_fsopen
_fstat
_fstati64
_ftime
_ftol
_fullpath
_futime
_gcvt
_get_osfhandle
_get_sbh_threshold
_getch
_getche
_getcwd
_getdcwd
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp
_getpid
_getsystime
_getw
_getws
_global_unwind2
_heapadd
_heapchk
_heapmin
_heapset
_heapused
_heapwalk
_hypot
_i64toa
_i64tow
_initterm
_inp
_inpd
_inpw
_iob
_isatty
_isctype
_ismbbalnum
_ismbbalpha
_ismbbgraph
_ismbbkalnum
_ismbbkana
_ismbbkprint
_ismbbkpunct
_ismbblead
_ismbbprint
_ismbbpunct
_ismbbtrail
_ismbcalnum
_ismbcalpha
_ismbcdigit
_ismbcgraph
_ismbchira
_ismbckata
_ismbcl0
_ismbcl1
_ismbcl2
_ismbclegal
_ismbclower
_ismbcprint
_ismbcpunct
_ismbcspace
_ismbcsymbol
_ismbcupper
_ismbslead
_ismbstrail
_isnan
_itoa
_itow
_j0
_j1
_jn
_kbhit
_lfind
_loaddll
_local_unwind2
_lock
_locking
_logb
_longjmpex
_lrotl
_lrotr
_lsearch
_lseek
_lseeki64
_ltoa
_ltow
_makepath
_mbbtombc
_mbbtype
_mbcasemap
_mbccpy
_mbcjistojms
_mbcjmstojis
_mbclen
_mbctohira
_mbctokata
_mbctolower
_mbctombb
_mbctoupper
_mbctype
_mbsbtype
_mbscat
_mbschr
_mbscmp
_mbscoll
_mbscpy
_mbscspn
_mbsdec
_mbsdup
_mbsicmp
_mbsicoll
_mbsinc
_mbslen
_mbslwr
_mbsnbcat
_mbsnbcmp
_mbsnbcnt
_mbsnbcoll
_mbsnbcpy
_mbsnbicmp
_mbsnbicoll
_mbsnbset
_mbsncat
_mbsnccnt
_mbsncmp
_mbsncoll
_mbsncpy
_mbsnextc
_mbsnicmp
_mbsnicoll
_mbsninc
_mbsnset
_mbspbrk
_mbsrchr
_mbsrev
_mbsset
_mbsspn
_mbsspnp
_mbsstr
_mbstok
_mbstrlen
_mbsupr
_memccpy
_memicmp
_mkdir
_mktemp
_msize
_nextafter
_onexit
_open
_open_osfhandle
_osver
_outp
_outpd
_outpw
_pclose
_pctype
_pgmptr
_pipe
_popen
_purecall
_putch
_putenv
_putw
_putws
_pwctype
_read
_rmdir
_rmtmp
_rotl
_rotr
_safe_fdiv
_safe_fdivr
_safe_fprem
_safe_fprem1
_scalb
_searchenv
_seh_longjmp_unwind
_set_error_mode
_set_sbh_threshold
_seterrormode
_setjmp
_setjmp3
_setmaxstdio
_setmbcp
_setmode
_setsystime
_sleep
_snprintf
_snwprintf
_sopen
_spawnl
_spawnle
_spawnlp
_spawnlpe
_spawnv
_spawnve
_spawnvp
_spawnvpe
_splitpath
_stat
_stati64
_statusfp
_strcmpi
_strdate
_strdup
_strerror
_stricmp
_stricoll
_strlwr
_strncoll
_strnicmp
_strnicoll
_strnset
_strrev
_strset
_strtime
_strupr
_swab
_sys_errlist
_sys_nerr
_tell
_telli64
_tempnam
_timezone
_tolower
_toupper
_tzname
_tzset
_ui64toa
_ui64tow
_ultoa
_ultow
_umask
_ungetch
_unlink
_unloaddll
_unlock
_utime
_vsnprintf
_vsnwprintf
_waccess
_wasctime
_wchdir
_wchmod
_wcmdln
_wcreat
_wcsdup
_wcsicmp

Sections

.text
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KanKan/PPlayer.dll
.dll regsvr32 windows:4 windows x86 arch:x86

b6fcbadc94565bd2a9645402ba927142

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:c3:09:c2:ed:0e:e4:35:09:fc:8b:d8:68:bc:4c:fd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

26/04/2006, 00:00

Not After

31/05/2009, 23:59

Subject

CN=ShenZhen Thunder Networking Technologies Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Department of System Engineering,O=ShenZhen Thunder Networking Technologies Ltd.,L=ShenZhen,ST=GuangDong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\work\PPlayer2_SVN\Thunder5Release\PPlayer.pdb

Imports

kernel32

SetFilePointer
GetTempPathA
CreateFileW
WritePrivateProfileStringA
GetPrivateProfileIntW
GetPrivateProfileStringA
GetPrivateProfileStringW
ExitProcess
MapViewOfFile
CreateFileMappingW
CreateMutexW
ExitThread
FindFirstChangeNotificationW
OutputDebugStringW
TlsGetValue
GetLocalTime
TlsAlloc
TerminateThread
CreateThread
lstrlenW
lstrcpyW
lstrcmpiW
MulDiv
lstrcpynW
LoadLibraryExW
InterlockedIncrement
FreeLibrary
SizeofResource
LoadResource
FindResourceW
lstrlenA
LockResource
lstrcmpW
GlobalHandle
Sleep
CreateEventW
SetEvent
ResetEvent
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
VerifyVersionInfoW
VerSetConditionMask
FindResourceExW
SetCurrentDirectoryW
GetCurrentDirectoryW
GlobalDeleteAtom
GlobalAddAtomW
CreateFileA
ReadFile
GetFileSize
ExpandEnvironmentStringsW
GetTempPathW
GetDriveTypeW
GetLogicalDriveStringsW
GetDiskFreeSpaceExW
lstrcatW
CopyFileW
GetSystemDirectoryW
WriteFile
WritePrivateProfileStringW
FlushFileBuffers
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
GetDriveTypeA
SetStdHandle
GetOEMCP
LoadLibraryA
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCurrentDirectoryA
GetFullPathNameW
TerminateProcess
IsBadWritePtr
VirtualFree
HeapCreate
SetUnhandledExceptionFilter
GetModuleFileNameA
QueryPerformanceCounter
GetCPInfo
LCMapStringW
LCMapStringA
GetCommandLineA
MoveFileW
GetSystemTimeAsFileTime
GetSystemInfo
VirtualAlloc
VirtualProtect
FileTimeToLocalFileTime
FileTimeToSystemTime
RtlUnwind
LocalFree
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
GlobalAlloc
GlobalLock
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
GetCurrentProcessId
MultiByteToWideChar
WideCharToMultiByte
GetCurrentThreadId
InterlockedExchangeAdd
TlsFree
WaitForSingleObject
InterlockedDecrement
CloseHandle
FindCloseChangeNotification
UnmapViewOfFile
ReleaseMutex
OutputDebugStringA
SetLastError
GetLastError
LoadLibraryW
TlsSetValue
CreateDirectoryW
GetFileAttributesA
CreateDirectoryA
GetModuleFileNameW
GlobalUnlock
GlobalFree
VirtualQuery
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentProcess
FlushInstructionCache
GetTickCount
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetFileAttributesExW
GetModuleHandleA

user32

SetDlgItemTextW
GetDlgItemTextW
MoveWindow
DispatchMessageW
PeekMessageW
GetDialogBaseUnits
PostThreadMessageW
CharUpperBuffW
SetWindowsHookExW
FindWindowExW
SetCursorPos
mouse_event
UnregisterHotKey
RegisterHotKey
GetAsyncKeyState
CallNextHookEx
SetParent
MonitorFromRect
GetMonitorInfoW
UnhookWindowsHookEx
SetActiveWindow
SetForegroundWindow
IsWindowVisible
GetMenuItemID
DeleteMenu
AppendMenuW
ModifyMenuW
ShowCursor
ScreenToClient
GetDlgCtrlID
IsWindowEnabled
EnableWindow
GetDlgItemInt
SetDlgItemInt
SetWindowLongW
ShowWindow
GetScrollPos
wsprintfW
LoadCursorW
UnregisterClassW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
DefWindowProcW
GetWindowLongW
CallWindowProcW
SetTimer
LoadBitmapW
MessageBoxW
DrawTextW
FillRect
GetClientRect
ReleaseDC
GetDC
EndPaint
BeginPaint
PostMessageW
GetParent
ClientToScreen
TrackMouseEvent
GetCursor
SetCursor
SetClassLongW
LoadMenuW
GetSubMenu
EnableMenuItem
GetCursorPos
TrackPopupMenu
DestroyMenu
DestroyCursor
FindWindowW
LoadStringW
GetActiveWindow
EndDialog
DialogBoxParamW
KillTimer
GetWindowRect
CreateDialogIndirectParamW
EnumChildWindows
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
GetSystemMetrics
GetMessageW
CharNextW
PtInRect
UnionRect
GetSysColor
SetWindowPos
SetWindowRgn
OffsetRect
EqualRect
IntersectRect
DestroyWindow
IsWindow
InvalidateRect
GetKeyState
IsDialogMessageW
CopyAcceleratorTableW
GetNextDlgTabItem
GetWindow
SendMessageW
IsChild
GetFocus
GetDlgItem
SetFocus
SendDlgItemMessageW
SystemParametersInfoW
SetWindowContextHelpId
MapDialogRect
DestroyAcceleratorTable
GetDesktopWindow
ReleaseCapture
SetCapture
InvalidateRgn
RedrawWindow
GetClassNameW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
RegisterWindowMessageW
CreateAcceleratorTableW

gdi32

PathToRegion
GetTextMetricsW
BeginPath
GetTextExtentPoint32W
CreatePen
MoveToEx
LineTo
GetTextExtentPointW
TextOutW
CreateFontW
CloseMetaFile
CreateSolidBrush
SetBkColor
CreateMetaFileW
EndPath
Rectangle
DeleteMetaFile
CreateRectRgnIndirect
CreateDCW
GetDeviceCaps
LPtoDP
SaveDC
SetMapMode
SetWindowOrgEx
SetViewportOrgEx
RestoreDC
CreateFontIndirectW
DeleteObject
SelectObject
GetStockObject
DeleteDC
SetBkMode
SetTextColor
CreateBrushIndirect
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetObjectW
StretchBlt
SetWindowExtEx

advapi32

RegQueryValueW
RegOpenKeyW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyW

shell32

ShellExecuteW
SHBrowseForFolderW
SHGetFolderPathW
SHGetPathFromIDListW

ole32

CreateStreamOnHGlobal
CoInitialize
CoUninitialize
StringFromIID
OleUninitialize
OleInitialize
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoTaskMemFree
OleSaveToStream
WriteClassStm
OleLoadFromStream
CreateDataAdviseHolder
OleRegGetMiscStatus
CreateOleAdviseHolder
OleRegGetUserType
OleRegEnumVerbs
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

SysFreeString
SysAllocString
VarUI4FromStr
VariantClear
VariantInit
SysAllocStringByteLen
VariantChangeType
SysStringByteLen
OleCreatePropertyFrame
LoadRegTypeLi
LoadTypeLi
SysStringLen
SysAllocStringLen
OleCreateFontIndirect
OleTranslateColor
DispCallFunc
VarBstrCat
VarBstrCmp
UnRegisterTypeLi
RegisterTypeLi
GetErrorInfo

shlwapi

PathFindExtensionW
PathFileExistsW
PathFindFileNameW

urlmon

URLDownloadToFileW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

ws2_32

setsockopt
closesocket
recvfrom
recv
connect
ntohs
socket
ntohl
htons
inet_addr
WSAGetLastError
select
WSAStartup
WSACleanup
ioctlsocket
htonl
gethostbyname
inet_ntoa
send
sendto

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
RegisterServerDirect
UnregisterServerDirect

Sections

.text
Size: 448KB - Virtual size: 447KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 412KB - Virtual size: 411KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KanKan/TSF.dll
.dll regsvr32 windows:4 windows x86 arch:x86

38181b2e0d570e2ade1a01d13aa84318

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

AssocQueryStringW
PathFileExistsA
PathFindFileNameA
PathFindExtensionA
PathAddBackslashA
PathRemoveFileSpecA
PathFileExistsW

ws2_32

send
ioctlsocket
closesocket
WSAGetLastError
connect
setsockopt
shutdown
select
__WSAFDIsSet
recv
htons
socket
inet_addr

kernel32

GetLastError
CreateThread
InterlockedDecrement
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
GetEnvironmentVariableA
Sleep
FreeLibrary
OutputDebugStringA
GetProcAddress
LoadLibraryA
GetModuleFileNameA
lstrcmpiW
FindResourceExA
SizeofResource
LockResource
LoadResource
FindResourceA
GetFileAttributesA
SetThreadPriority
GetFileAttributesExA
GetTickCount
InterlockedIncrement
GetSystemDirectoryA
CreateDirectoryA
CopyFileA
MoveFileA
DeleteFileA
FindClose
FindNextFileA
FindFirstFileA
TerminateThread
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
VirtualQuery
GetFileSize
CreateFileA
GetStringTypeA
ReadFile
CreateEventA
IsBadWritePtr
IsBadReadPtr
ExpandEnvironmentStringsA
HeapFree
GetProcessHeap
lstrcpyA
GetModuleHandleA
FlushInstructionCache
WaitForMultipleObjects
HeapAlloc
GetCurrentThreadId
GetStringTypeW
CreateSemaphoreA
ReleaseSemaphore
GetSystemInfo
VirtualFree
VirtualAlloc
RaiseException
DisableThreadLibraryCalls
IsBadCodePtr
GetCurrentProcessId
QueryPerformanceCounter
WriteFile
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
GetCPInfo
GetOEMCP
SetUnhandledExceptionFilter
TerminateProcess
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
HeapCreate
ExitProcess
GetCommandLineA
GetSystemTimeAsFileTime
VirtualProtect
RtlUnwind
HeapSize
HeapReAlloc
SetStdHandle
HeapDestroy
FlushFileBuffers
SetEndOfFile
CloseHandle
ResetEvent
WaitForSingleObject
SetEvent
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetCurrentProcess
InterlockedExchange
LocalFree
SetFilePointer

user32

DefWindowProcA
SetRect
DispatchMessageA
TranslateMessage
PeekMessageA
PostMessageA
CreateWindowExA
IsWindow
CreateDialogParamA
ShowWindow
GetDlgItem
IsWindowVisible
FindWindowA
RegisterWindowMessageA
MessageBoxA
CharUpperBuffA
wsprintfA
SendMessageTimeoutA
GetParent
EnumChildWindows
ReleaseCapture
keybd_event
SetForegroundWindow
SetCapture
SendMessageA
CallWindowProcA
GetWindowLongA
SetWindowLongA
EndPaint
BeginPaint
GetClientRect
DrawTextA
UpdateWindow
InvalidateRect
DestroyWindow
GetForegroundWindow

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SetViewportOrgEx
DeleteDC
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject
CreatePen
MoveToEx
LineTo
DeleteObject
BitBlt

advapi32

RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegSetValueA
RegEnumKeyExA
RegDeleteKeyA
RegOpenKeyA
RegQueryValueW
RegCreateKeyA
RegDeleteValueA
RegOpenKeyExA
RegCloseKey

shell32

SHGetFolderPathA

ole32

CoInitialize
CLSIDFromString
StringFromGUID2
CLSIDFromProgID
CoTaskMemFree
CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CoFreeUnusedLibraries

oleaut32

VariantInit
VariantClear
SysFreeString
SafeArrayUnlock
SafeArrayLock
SysAllocStringByteLen
VarBstrCat
SafeArrayGetDim
SysStringLen
SysAllocStringLen
SysStringByteLen
SysAllocString

atl71

ord30
ord22
ord64
ord49
ord23
ord61
ord32
ord43
ord46
ord44
ord65
ord18
ord66

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

wininet

InternetOpenA
InternetQueryDataAvailable
HttpQueryInfoA
InternetCloseHandle
InternetCrackUrlA
InternetReadFile
InternetOpenUrlA
InternetSetFilePointer

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
RegisterServerDirect
UnregisterServerDirect

Sections

.text
Size: 304KB - Virtual size: 301KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT64
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KanKan/XPlayer.dll
.dll regsvr32 windows:4 windows x86 arch:x86

04c0e313fca20b29f2aa49090ec5a2fc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

atl71

ord30
ord26
ord27
ord38
ord43
ord44
ord11
ord10
ord54
ord48
ord60
ord50
ord51
ord58
ord31
ord15
ord18
ord64
ord46
ord32
ord28
ord61
ord23
ord36
ord65
ord42
ord47
ord66

kernel32

EnterCriticalSection
SetLastError
HeapAlloc
FlushInstructionCache
GetCurrentProcess
GlobalAlloc
OutputDebugStringA
FindClose
FindNextFileA
DeleteFileA
FindFirstFileA
CopyFileA
CreateDirectoryA
CreateProcessA
TerminateThread
WaitForSingleObject
WriteFile
SizeofResource
GetACP
GetLocaleInfoA
InterlockedIncrement
GetLocalTime
GlobalMemoryStatus
GetDiskFreeSpaceA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
DeviceIoControl
GetModuleHandleW
IsProcessorFeaturePresent
InterlockedCompareExchange
HeapSize
LocalFree
GetSystemTimeAsFileTime
QueryPerformanceCounter
ExitProcess
LeaveCriticalSection
LockResource
FindResourceA
LoadResource
lstrlenW
MulDiv
lstrcpynA
GetProcessHeap
HeapFree
DeleteCriticalSection
InitializeCriticalSection
WideCharToMultiByte
GetLastError
GetFileAttributesA
GetTickCount
GlobalLock
GlobalUnlock
LoadLibraryA
GetProcAddress
CreateThread
Sleep
GetModuleFileNameA
GlobalFree
FreeLibrary
InterlockedDecrement
GetFileSize
ReadFile
SetFilePointer
CloseHandle
CreateFileA
GetCurrentProcessId
GetThreadLocale
GetVersionExA
MultiByteToWideChar
lstrlenA
GetCurrentThreadId
InterlockedExchange

user32

MoveWindow
GetClassLongA
SetClassLongA
MessageBoxA
GetMessageA
TranslateMessage
DispatchMessageA
LoadCursorA
RegisterClassExA
SetTimer
KillTimer
FindWindowExA
DefWindowProcA
CallWindowProcA
SetCursor
InvalidateRect
SendMessageA
GetNextDlgTabItem
CopyAcceleratorTableA
IsDialogMessageA
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
UnionRect
PtInRect
SetWindowContextHelpId
SetWindowPos
EnumChildWindows
ShowWindow
GetKeyState
IsWindow
GetWindow
SetFocus
GetFocus
GetParent
GetForegroundWindow
EnableWindow
GetDlgItem
wvsprintfA
CallNextHookEx
MapDialogRect
DestroyWindow
CreateWindowExA
GetClientRect
PostMessageA
SetWindowsHookExA
EndDialog
IsWindowEnabled
UnhookWindowsHookEx
wsprintfA
GetDialogBaseUnits
ReleaseDC
IsChild
SystemParametersInfoA
SendDlgItemMessageA
GetSysColor
DrawTextA
GetWindowLongA
SetWindowLongA
LoadBitmapA
BeginPaint
EndPaint
FillRect
GetDC

advapi32

RegQueryValueExA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegCreateKeyA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueA

ole32

OleRegGetUserType
OleRegEnumVerbs
CreateStreamOnHGlobal
OleRegGetMiscStatus
CoInitialize
CoCreateInstance
GetRunningObjectTable
CreateItemMoniker
CoTaskMemAlloc
CreateDataAdviseHolder
CoTaskMemFree
CLSIDFromString
CreateOleAdviseHolder
CoUninitialize
CoFreeUnusedLibraries

shell32

SHGetFolderPathA

oleaut32

GetErrorInfo
SysAllocStringByteLen
BSTR_UserSize
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserFree
OleCreatePropertyFrame
LoadTypeLi
LoadRegTypeLi
VariantChangeType
SysStringByteLen
SysStringLen
SysAllocStringLen
OleTranslateColor
VariantClear
SysAllocString
VariantInit
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SysFreeString
SafeArrayDestroy

shlwapi

StrCmpW

msvcr71

??_U@YAPAXI@Z
??2@YAPAXI@Z
strcat
??1exception@@UAE@XZ
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
_CxxThrowException
strstr
??_V@YAXPAX@Z
strcmp
_mbsnbcpy
malloc
_resetstkoflw
_except_handler3
realloc
memcmp
vsprintf
sprintf
_mbscmp
_mbslwr
wcscpy
wcslen
swprintf
wcsncpy
wcspbrk
wcsstr
strncpy
strchr
sqrt
log10
atoi
memmove
__security_error_handler
__dllonexit
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_initterm
_adjust_fdiv
__CppXcptFilter
free
__CxxFrameHandler
strlen
memcpy
??3@YAXPAX@Z
memset
_CIpow
_strlwr
_stricmp
strcpy

msvcp71

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

gdi32

DeleteObject
GetTextMetricsA
SelectObject
CreateFontIndirectA
GetDeviceCaps
DeleteDC
StretchBlt
SetStretchBltMode
BitBlt
GetStockObject
CreateCompatibleBitmap
CreateCompatibleDC
GetObjectA
SetBkMode
SetTextColor
Rectangle
RestoreDC
SetViewportOrgEx
SetWindowOrgEx
SetMapMode
SaveDC
LPtoDP
SetBkColor
CreateSolidBrush
CreateRectRgnIndirect
DeleteMetaFile
CloseMetaFile
SetWindowExtEx
CreateMetaFileA
GetTextExtentPointA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

rpcrt4

NdrDllCanUnloadNow
NdrStubForwardingFunction
IUnknown_Release_Proxy
NdrDllRegisterProxy
NdrCStdStubBuffer2_Release
NdrStubCall2
NdrDllGetClassObject
NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy

winmm

waveOutGetVolume
waveOutSetVolume

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 152KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 4KB - Virtual size: 150B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 200KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
stream.dll
.dll regsvr32 windows:4 windows x86 arch:x86

4f88c2631e10704b1df920f199adffdb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathFindExtensionA

mp

mp_gt
mp_gv
mp_ms

kernel32

lstrlenA
lstrcmpiA
lstrcpyA
GetModuleFileNameA
lstrcatA
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
lstrcpynA
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetProcAddress
LoadLibraryA
CreateThread
TerminateThread
GetPrivateProfileSectionA
GetPrivateProfileSectionNamesA
WritePrivateProfileStringA
VirtualQuery
IsBadCodePtr
CreateDirectoryA
GetFileAttributesA
LeaveCriticalSection
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
RemoveDirectoryA
GetVolumeInformationA
GetPrivateProfileStringA
GetSystemDirectoryA
LocalFree
GetTempPathA
SetFileAttributesA
QueryPerformanceFrequency
QueryPerformanceCounter
CreateEventA
SetEvent
FreeResource
GetLogicalDriveStringsA
GetDriveTypeA
GetDiskFreeSpaceExA
EnterCriticalSection
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
CreateMutexA
GetLastError
GetTickCount
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetWindowsDirectoryA
ExitProcess
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime

user32

wsprintfA
CharNextA

advapi32

FreeSid
RegOpenKeyA
RegQueryValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
SetEntriesInAclA
AllocateAndInitializeSid
SetNamedSecurityInfoA

shell32

SHGetSpecialFolderPathA

ole32

CoTaskMemFree
CoTaskMemRealloc
StringFromGUID2
CoCreateInstance
CoUninitialize
CoInitialize
CLSIDFromString
CoTaskMemAlloc

oleaut32

VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
VariantClear

msvcp71

?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Xran@_String_base@std@@QBEXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?_Unlock@_Mutex@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ
??1_Lockit@std@@QAE@XZ
?_Register@facet@locale@std@@QAEXXZ
?_Incref@facet@locale@std@@QAEXXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
??Bid@locale@std@@QAEIXZ
?id@?$ctype@D@std@@2V0locale@2@A
??0_Lockit@std@@QAE@H@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?clear@ios_base@std@@QAEXH_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1locale@std@@QAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@V312@D@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?rbegin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$reverse_iterator@Vconst_iterator@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@II@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AVconst_iterator@12@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?rbegin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$reverse_iterator@Viterator@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@XZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z

msvcr71

_itoa
_stricmp
strchr
sscanf
strrchr
strncmp
fclose
fread
ftell
fseek
fopen
strncpy
??1type_info@@UAE@XZ
__security_error_handler
?terminate@@YAXXZ
__dllonexit
_onexit
_initterm
_adjust_fdiv
__CppXcptFilter
strstr
__CxxFrameHandler
free
memset
_except_handler3
??0exception@@QAE@ABV0@@Z
??0bad_cast@@QAE@ABV0@@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@PBD@Z
_CxxThrowException
_assert
_purecall
memcmp
??1exception@@UAE@XZ
??0exception@@QAE@XZ
__RTDynamicCast
gmtime
time
malloc
_resetstkoflw
memcpy
wcsncpy
realloc
atoi
_snprintf
_mbsnbcmp
strlen
sprintf
_ultoa
_ui64toa
atol
_atoi64
??0exception@@QAE@ABQBD@Z
strcmp
_localtime64
_time64
memmove
_errno
strtoul
isspace
_strlwr
rand
srand
?what@exception@@UBEPBDXZ

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

ws2_32

inet_ntoa
gethostbyname
WSAGetLastError
gethostname
ntohs
htonl
ntohl
inet_addr

iphlpapi

GetAdaptersInfo

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
_msize

Sections

.text
Size: 1008KB - Virtual size: 1006KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 232KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 120KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 21KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 27KB - Virtual size: 26KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 1012B

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 92B

.reloc Size: 512B - Virtual size: 496B

cb15c4ce4f27454ccf6f64d3e8a9ffaf

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 16KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 12KB

.reloc Size: 4KB - Virtual size: 3KB

1bf75379396a33ec7d52341f90b38937

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

3d:c3:09:c2:ed:0e:e4:35:09:fc:8b:d8:68:bc:4c:fdCertificate

.text
Size: 22KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 27KB - Virtual size: 26KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 496B

.text
Size: 20KB - Virtual size: 16KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 12KB

.reloc
Size: 4KB - Virtual size: 3KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

3d:c3:09:c2:ed:0e:e4:35:09:fc:8b:d8:68:bc:4c:fd
Certificate

.text
Size: 424KB - Virtual size: 422KB

.rdata
Size: 136KB - Virtual size: 133KB

.data
Size: 12KB - Virtual size: 39KB

.rsrc
Size: 196KB - Virtual size: 192KB

.reloc
Size: 36KB - Virtual size: 35KB

.text
Size: 184KB - Virtual size: 182KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 12KB - Virtual size: 11KB

.text
Size: 84KB - Virtual size: 80KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 16KB - Virtual size: 21KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 5KB