pandastealer | 6b9d5ed62bf77ebcf1d9a4ce12eeef6f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6b9d5ed62bf77ebcf1d9a4ce12eeef6f_JaffaCakes118
Size

7.6MB
MD5

6b9d5ed62bf77ebcf1d9a4ce12eeef6f
SHA1

53943e0e880f48cb530838bc0e451dd7d378a5cb
SHA256

84ba766b1f292df812017d9c8549bd1026fbdd12b3eabe0e9ad491774f175ab8
SHA512

cde30092b8fc560351d9284cfc5f3c1dacc61875312562376adc7372c7b877f4c1598777610bcc7d55b1d20b33a58509a52141ba6aaf034e3297e7d6395356ee
SSDEEP

196608:aK4OnILxFKkKUrMlXDnR/CQkrKsYNFWVpCmE3/ot1yORC:ppiFKkv+LRKgj/W+me/s18

Score

10^/10

pandastealer

Malware Config

Signatures

Panda Stealer payload 1 IoCs

resource	yara_rule
static1/unpack001/drvcore.dll	family_pandastealer

Pandastealer family
pandastealer

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
6b9d5ed62bf77ebcf1d9a4ce12eeef6f_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/inetc.dll
unpack002/hdaudbus.sys
unpack001/uninst.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/uninst.exe	nsis_installer_1
static1/unpack001/uninst.exe	nsis_installer_2

Files

6b9d5ed62bf77ebcf1d9a4ce12eeef6f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/inetc.dll
.dll windows:4 windows x86 arch:x86

3f1149a3053980fe6b461521d2b55a2c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_mbschr
_adjust_fdiv
malloc
_initterm
free
_mbsrchr
strtoul
memset
_mbsstr
strtol

kernel32

CloseHandle
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc
LoadLibraryA
GetProcAddress
lstrlenA
WriteFile
ReadFile
lstrcmpA
lstrcpynA
GetLastError
GlobalFree
lstrcmpiA
DeleteFileA
SleepEx
SetFilePointer
GetTickCount
lstrcatA
GetFileSize
CreateFileA

user32

MessageBoxA
GetParent
ShowWindow
PostMessageA
SetWindowTextA
GetWindowTextA
IsWindow
GetDlgItem
SetDlgItemTextA
SendDlgItemMessageA
SetWindowPos
SystemParametersInfoA
GetClientRect
GetWindowRect
SetTimer
LoadIconA
SetWindowLongA
GetWindowLongA
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
IsWindowVisible
EnableWindow
CreateDialogParamA
FindWindowExA
wsprintfA
SendMessageA

wininet

HttpSendRequestA
HttpSendRequestExA
HttpQueryInfoA
FtpCreateDirectoryA
FtpOpenFileA
InternetGetLastResponseInfoA
InternetSetFilePointer
InternetSetOptionA
InternetQueryOptionA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestA
HttpAddRequestHeadersA
HttpEndRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
AutoUpdaterUI.exe
.exe windows:4 windows x86 arch:x86

af92b0d9ff70f638f47a7bb6216e5f2a

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6b:d0:fa:31:11:e1:60:37:0e:59:8f:35:d2:0a:41:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13-09-2010 00:00

Not After

12-11-2011 23:59

Subject

CN=Shenzhen DriveTheLife Software Technology Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen DriveTheLife Software Technology Co.Ltd,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e8:7e:2b:ad:ba:b1:20:47:60:17:61:60:df:a7:7a:d3:6e:25:cc:72
Signer

Actual PE Digest

e8:7e:2b:ad:ba:b1:20:47:60:17:61:60:df:a7:7a:d3:6e:25:cc:72

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\work\DriveTheLife2010\DTL2010\2010Updater\AutoUpdater\release\AutoUpdaterUI.pdb

Imports

kernel32

MulDiv
FreeResource
LocalFree
GetModuleFileNameW
GetVersionExA
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
GlobalFlags
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetThreadLocale
GetVolumeInformationA
GetFullPathNameA
GetCPInfo
GetOEMCP
SetErrorMode
FileTimeToLocalFileTime
GetFileTime
ExitProcess
VirtualProtect
VirtualAlloc
VirtualQuery
TerminateProcess
UnhandledExceptionFilter
GlobalAddAtomA
IsDebuggerPresent
HeapReAlloc
GetSystemTimeAsFileTime
RemoveDirectoryA
CreateThread
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
HeapSize
GetACP
GetStdHandle
HeapDestroy
HeapCreate
VirtualFree
SetHandleCount
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
SetLastError
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
GlobalDeleteAtom
GetModuleHandleA
GetFileSize
DuplicateHandle
GetFileType
CreateDirectoryA
ReadFile
WriteFile
SetFileTime
GetCurrentProcess
SetFilePointer
CreateFileA
DosDateTimeToFileTime
GetProcessHeap
HeapFree
HeapAlloc
GetTickCount
ResetEvent
ExitThread
TerminateThread
FormatMessageA
ReleaseSemaphore
GetCurrentThreadId
GetSystemInfo
CreateFileMappingA
CreateEventA
SetEvent
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
UnmapViewOfFile
MapViewOfFile
GetLocalTime
WritePrivateProfileStringA
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetCurrentDirectoryA
SetCurrentDirectoryA
FindNextFileA
FindClose
FindFirstFileA
LoadLibraryA
GetProcAddress
FreeLibrary
GetModuleFileNameA
CreateSemaphoreA
WaitForSingleObject
GetCurrentProcessId
CloseHandle
CreateToolhelp32Snapshot
Process32Next
FileTimeToSystemTime
OpenProcess
Process32First
SystemTimeToFileTime
DeleteFileA
GetTempFileNameA
SetFileAttributesA
CopyFileA
GetFileAttributesA
MoveFileExA
GlobalFree
GlobalUnlock
GlobalAlloc
GlobalLock
LockResource
SizeofResource
LoadResource
FindResourceA
GetVersion
CompareStringA
GetLastError
InterlockedExchange
MultiByteToWideChar
CompareStringW
Sleep
WideCharToMultiByte
lstrlenA
SetUnhandledExceptionFilter
CreateFileW

user32

RegisterClipboardFormatA
PostThreadMessageA
EqualRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
OffsetRect
IntersectRect
GetWindowPlacement
SystemParametersInfoA
DestroyMenu
UnhookWindowsHookEx
GetWindowTextA
SetFocus
GetMenuItemID
GetMenuItemCount
GetSubMenu
CopyRect
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
SetWindowsHookExA
CallNextHookEx
GetMessageA
GetSysColorBrush
UnregisterClassA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
MessageBoxA
SetCursor
PostMessageA
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
FindWindowExA
SendMessageTimeoutA
GetTopWindow
GetWindowThreadProcessId
GetWindow
GetWindowRect
GetParent
InvalidateRect
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
ShowWindow
IsIconic
SetForegroundWindow
LoadIconA
GetClientRect
SendMessageA
GetDC
ReleaseDC
GetSystemMetrics
EnableWindow
CharUpperA
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
ReleaseCapture
SetCapture
DispatchMessageA
LoadCursorA
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetMessageTime
GetMessagePos
AdjustWindowRectEx
UpdateWindow
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
TranslateMessage
RegisterClassA
MapWindowPoints

gdi32

SetTextColor
SetMapMode
GetClipBox
GetObjectA
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ExtSelectClipRgn
DeleteDC
GetDeviceCaps
CreateRectRgnIndirect
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
SetBkColor
RestoreDC
SaveDC
CreateBitmap
GetStockObject
DeleteObject
SelectObject
ScaleWindowExtEx

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegCloseKey

shell32

ShellExecuteExA

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

CoRegisterMessageFilter
CLSIDFromString
CLSIDFromProgID
CoTaskMemFree
CoTaskMemAlloc
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard

oleaut32

SysStringLen
SysFreeString
SysAllocStringByteLen
VariantClear
VariantChangeType
VariantInit
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocString
VariantCopy
SysAllocStringLen

gdiplus

GdiplusShutdown

ws2_32

WSAStartup
WSACloseEvent
connect
recvfrom
inet_addr
WSAGetLastError
WSAEnumNetworkEvents
htons
WSAEventSelect
gethostbyname
getsockname
setsockopt
sendto
recv
socket
WSACreateEvent
closesocket
send
WSAWaitForMultipleEvents
inet_ntoa
ntohs

Sections

.text
Size: 360KB - Virtual size: 356KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Autoupdater/CheckUpdate.dll
.dll windows:4 windows x86 arch:x86

fec2431f9b8b82a923d82da1a7c27731

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6b:d0:fa:31:11:e1:60:37:0e:59:8f:35:d2:0a:41:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13-09-2010 00:00

Not After

12-11-2011 23:59

Subject

CN=Shenzhen DriveTheLife Software Technology Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen DriveTheLife Software Technology Co.Ltd,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f6:1e:93:34:eb:fb:04:2e:27:2d:c5:52:e2:1e:38:c4:5f:c9:a4:d5
Signer

Actual PE Digest

f6:1e:93:34:eb:fb:04:2e:27:2d:c5:52:e2:1e:38:c4:5f:c9:a4:d5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\work\DriveTheLife2011\DTL2011\2010Updater\AutoUpdater\release\CheckUpdate.pdb

Imports

kernel32

CreateFileA
FindResourceA
LoadResource
WriteFile
SizeofResource
CloseHandle
FindFirstFileA
FindClose
WideCharToMultiByte
MultiByteToWideChar
GetProcAddress
LoadLibraryA
GetModuleFileNameA
GetCurrentDirectoryA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetLocalTime
UnmapViewOfFile
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
InterlockedCompareExchange
SetEvent
CreateEventA
InterlockedExchange
GetSystemInfo
GetCurrentThreadId
CreateSemaphoreA
ReleaseSemaphore
TerminateThread
ExitThread
ResetEvent
GetTickCount
Sleep
HeapAlloc
HeapFree
GetProcessHeap
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetTimeZoneInformation
GetLocaleInfoA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
SetEnvironmentVariableA
FlushFileBuffers
ReadFile
GetConsoleMode
GetConsoleCP
SetStdHandle
SetFilePointer
GetStringTypeW
GetStringTypeA
GetFullPathNameA
GetOEMCP
GetACP
GetLastError
GetFileAttributesA
DeleteFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetDriveTypeA
SetEndOfFile
CreateThread
GetCommandLineA
GetVersionExA
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA

shell32

ShellExecuteExA

ws2_32

inet_ntoa
recvfrom
inet_addr
WSAEnumNetworkEvents
htons
WSAEventSelect
WSAStartup
WSACloseEvent
sendto
socket
WSACreateEvent
closesocket
WSAWaitForMultipleEvents
getsockname
WSACleanup
ntohs

Exports

Exports

HUAutoCheckUpdate
HUManualCheckUpdate
HUSetAct
HUSetPCID
HUSetProcessFileName
HUSetProcessRootPath
HUSetProcessStartParam
HUSetSoftwareMark
HUSetUnionID
HUSetUpdateCfgFileName
HUSetUpdateFileName
HUSetUpdateRootPath
HUSetUpdateServer
HUSetWnd
HUStopCheckUpdate

Sections

.text
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 456KB - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Autoupdater/DTLUpdater.exe
.exe windows:4 windows x86 arch:x86

7f1d0e0da071b5e1cf418ec5d23ceb1e

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6b:d0:fa:31:11:e1:60:37:0e:59:8f:35:d2:0a:41:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13-09-2010 00:00

Not After

12-11-2011 23:59

Subject

CN=Shenzhen DriveTheLife Software Technology Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen DriveTheLife Software Technology Co.Ltd,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ac:15:8c:0f:b4:85:ed:c3:51:c0:0a:b8:fa:c1:08:c0:ae:20:4d:73
Signer

Actual PE Digest

ac:15:8c:0f:b4:85:ed:c3:51:c0:0a:b8:fa:c1:08:c0:ae:20:4d:73

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\work\DriveTheLife2011\DTL2011\2010Updater\AutoUpdater\release\DTLUpdater.pdb

Imports

kernel32

EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
GlobalAddAtomA
FreeResource
GetModuleFileNameW
GetVersionExA
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
DeleteFileA
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetThreadLocale
GetVolumeInformationA
GetFullPathNameA
GetCPInfo
GetOEMCP
SetErrorMode
FileTimeToLocalFileTime
GetFileTime
VirtualProtect
VirtualAlloc
VirtualQuery
HeapReAlloc
ExitProcess
GetLocaleInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RemoveDirectoryA
CreateThread
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
HeapSize
HeapDestroy
HeapCreate
VirtualFree
GetStdHandle
GetACP
SetHandleCount
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
lstrcmpA
GlobalDeleteAtom
GetModuleHandleA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
LocalFree
MulDiv
SetLastError
FileTimeToSystemTime
GetFileSize
DuplicateHandle
GetFileType
CreateDirectoryA
ReadFile
WriteFile
SetFileTime
GetCurrentProcess
SystemTimeToFileTime
SetFilePointer
CreateFileA
DosDateTimeToFileTime
GetProcessHeap
HeapFree
HeapAlloc
GetTickCount
ResetEvent
ExitThread
TerminateThread
FormatMessageA
ReleaseSemaphore
GetCurrentThreadId
GetSystemInfo
CreateFileMappingA
CreateEventA
SetEvent
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
UnmapViewOfFile
MapViewOfFile
GetLocalTime
WritePrivateProfileStringA
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetCurrentDirectoryA
GetModuleFileNameA
SetCurrentDirectoryA
FindNextFileA
FindClose
FindFirstFileA
GetCurrentProcessId
CreateToolhelp32Snapshot
GetProcessId
Process32Next
OpenProcess
Process32First
CloseHandle
CreateSemaphoreA
LockResource
SizeofResource
LoadResource
FindResourceA
Sleep
WaitForSingleObject
LoadLibraryA
GetProcAddress
FreeLibrary
GetVersion
CompareStringA
GetTempFileNameA
SetFileAttributesA
CopyFileA
GetLastError
InterlockedExchange
MultiByteToWideChar
CompareStringW
GetFileAttributesA
WideCharToMultiByte
MoveFileExA
lstrlenA
TerminateProcess

user32

UnregisterClassA
RegisterClipboardFormatA
PostThreadMessageA
SetCapture
LoadCursorA
GetSysColorBrush
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
OffsetRect
IntersectRect
GetWindowPlacement
GetWindowRect
SystemParametersInfoA
DestroyMenu
CopyRect
UnhookWindowsHookEx
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
CharUpperA
EnableWindow
GetSystemMetrics
GetNextDlgTabItem
EndDialog
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
GetWindow
SetWindowContextHelpId
CopyAcceleratorTableA
CharNextA
UpdateWindow
ReleaseCapture
SendMessageA
GetClientRect
LoadIconA
IsIconic
GetWindowThreadProcessId
SendMessageTimeoutA
FindWindowExA
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
CheckMenuItem
EnableMenuItem
ModifyMenuA
GetParent
GetFocus
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
PostQuitMessage
PostMessageA
SetCursor
MessageBoxA
IsWindowEnabled
GetLastActivePopup
GetWindowLongA
MapDialogRect
SetWindowPos

gdi32

GetStockObject
DeleteDC
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
GetDeviceCaps
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
GetObjectA
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
SetViewportOrgEx

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegEnumKeyA
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegCloseKey
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA

shell32

ShellExecuteExA

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

CLSIDFromString
OleFlushClipboard
CoRegisterMessageFilter
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard

oleaut32

SysAllocStringLen
SysStringLen
SysAllocStringByteLen
VariantClear
VariantChangeType
VariantInit
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocString
VariantCopy
SysFreeString

ws2_32

WSACleanup
WSACloseEvent
connect
inet_ntoa
recvfrom
inet_addr
WSAGetLastError
WSAEnumNetworkEvents
htons
WSAEventSelect
ntohs
getsockname
setsockopt
sendto
recv
socket
WSACreateEvent
closesocket
gethostbyname
send
WSAWaitForMultipleEvents
WSAStartup

Sections

.text
Size: 320KB - Virtual size: 316KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bind/AVCheck.dll
.dll windows:4 windows x86 arch:x86

e24a31ff0bca0a5d8b019cad49fecd54

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6b:d0:fa:31:11:e1:60:37:0e:59:8f:35:d2:0a:41:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13-09-2010 00:00

Not After

12-11-2011 23:59

Subject

CN=Shenzhen DriveTheLife Software Technology Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen DriveTheLife Software Technology Co.Ltd,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

cb:d0:dd:30:e7:3e:b7:a4:a3:3f:db:f5:f5:39:f4:0d:a3:35:67:d7
Signer

Actual PE Digest

cb:d0:dd:30:e7:3e:b7:a4:a3:3f:db:f5:f5:39:f4:0d:a3:35:67:d7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LocalFree
GetFileAttributesW
SearchPathW
InterlockedIncrement
InterlockedDecrement
GetPrivateProfileStringW
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
DebugBreak
CloseHandle
LocalAlloc
GetFileSize
CreateFileW
GetSystemDirectoryW
GetWindowsDirectoryW
GetModuleFileNameW
lstrlenW
FindFirstFileW
FindClose
GetVersionExW
ReadFile
OutputDebugStringW
SetEndOfFile
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
FlushFileBuffers
SetStdHandle
CreateFileA
GetStringTypeW
GetStringTypeA
GetCPInfo
LCMapStringW
LCMapStringA
IsBadCodePtr
IsBadReadPtr
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCurrentProcess
TerminateProcess
SetFilePointer
HeapCreate
RtlUnwind
RaiseException
HeapReAlloc
HeapAlloc
HeapFree
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetUnhandledExceptionFilter
VirtualFree
VirtualAlloc
IsBadWritePtr
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy

user32

CharNextW
wvsprintfW
LoadStringW

advapi32

RegEnumKeyW
RegOpenKeyW
RegCloseKey

shell32

SHGetSpecialFolderPathW

ole32

CoInitialize
CoInitializeSecurity
CoCreateInstance
CoUninitialize

oleaut32

VariantClear
SysFreeString
SysAllocString
SysAllocStringLen

shlwapi

PathFindFileNameW
PathStripToRootW
StrCmpIW
StrCmpNIW
StrChrW
SHGetValueW
PathAppendW
StrToIntW
StrDupW
PathFileExistsW
PathIsDirectoryW
StrCpyNW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

msi

ord70
ord45

Exports

Exports

InitAntiVirusScanEng

Sections

.text
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bind/AVLib.dat
Bind/GetAV.exe
.exe windows:4 windows x86 arch:x86

e4208b4b6f65472c30062343404b363d

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6b:d0:fa:31:11:e1:60:37:0e:59:8f:35:d2:0a:41:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13-09-2010 00:00

Not After

12-11-2011 23:59

Subject

CN=Shenzhen DriveTheLife Software Technology Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen DriveTheLife Software Technology Co.Ltd,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c2:f3:39:cd:d8:2e:d0:c1:a1:45:10:72:64:48:99:13:a1:5e:47:7b
Signer

Actual PE Digest

c2:f3:39:cd:d8:2e:d0:c1:a1:45:10:72:64:48:99:13:a1:5e:47:7b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LeaveCriticalSection
EnterCriticalSection
OutputDebugStringW
GetCurrentThreadId
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
lstrlenW
InterlockedDecrement
FreeLibrary
GetProcAddress
LoadLibraryW
GetLongPathNameW
GetModuleFileNameW
InterlockedIncrement
GetOEMCP
GetACP
HeapFree
RtlUnwind
RaiseException
GetModuleHandleA
GetStartupInfoW
GetVersion
ExitProcess
HeapAlloc
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetLastError
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineW
GetCommandLineA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
WriteFile
IsBadReadPtr
IsBadCodePtr
LoadLibraryA
WideCharToMultiByte
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetCPInfo

user32

DefWindowProcW
LoadStringW
DestroyWindow

ole32

CoUninitialize
CoInitialize

shlwapi

PathRemoveFileSpecW
PathAddBackslashW

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bind/HTTPDownloadUI.exe
.exe windows:4 windows x86 arch:x86

4c941524402fd951c61ac7ab6ca450ff

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6b:d0:fa:31:11:e1:60:37:0e:59:8f:35:d2:0a:41:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13-09-2010 00:00

Not After

12-11-2011 23:59

Subject

CN=Shenzhen DriveTheLife Software Technology Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen DriveTheLife Software Technology Co.Ltd,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3b:f3:99:7e:34:bb:b7:24:ce:87:d3:67:b2:bf:3a:6d:47:23:0a:32
Signer

Actual PE Digest

3b:f3:99:7e:34:bb:b7:24:ce:87:d3:67:b2:bf:3a:6d:47:23:0a:32

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\work\FileDownload\release\HTTPDownloadUI.pdb

Imports

kernel32

GetFileAttributesA
GetFileTime
ExitThread
CreateThread
HeapFree
HeapAlloc
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
GetSystemTimeAsFileTime
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
GetCommandLineA
GetStartupInfoA
RtlUnwind
RaiseException
HeapSize
GetConsoleCP
GetConsoleMode
SetStdHandle
GetFileType
GetStdHandle
GetACP
HeapDestroy
HeapCreate
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
SetEnvironmentVariableA
FileTimeToLocalFileTime
GetTickCount
SetErrorMode
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
FileTimeToSystemTime
GetThreadLocale
GetOEMCP
GetCPInfo
InterlockedIncrement
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
InterlockedDecrement
GetModuleFileNameW
GetCurrentProcessId
WritePrivateProfileStringA
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
LocalFree
MulDiv
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FreeLibrary
LoadLibraryA
SetLastError
lstrcmpW
GetModuleHandleA
GetProcAddress
GetVersionExA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetVersion
CompareStringA
GetLastError
InterlockedExchange
MultiByteToWideChar
CompareStringW
lstrlenA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
WaitForSingleObject
CreateProcessA
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
Sleep
SetHandleCount
FormatMessageA

user32

GetNextDlgGroupItem
MessageBeep
UnregisterClassA
RegisterClipboardFormatA
PostThreadMessageA
GetSysColorBrush
DestroyMenu
GetWindowThreadProcessId
SetCursor
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuState
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
InvalidateRgn
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
IsWindow
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
IsWindowVisible
UpdateWindow
GetMenu
PostMessageA
GetSubMenu
GetMenuItemID
GetMenuItemCount
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
CopyRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
PtInRect
ReleaseCapture
SetCapture
IsDialogMessageA
LoadCursorA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetWindowLongA
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
CharUpperA
SetWindowRgn
ReleaseDC
SetForegroundWindow
GetDC
KillTimer
DrawIcon
GetSystemMetrics
IsIconic
SetTimer
AppendMenuA
GetSystemMenu
LoadIconA
EnableWindow
SendMessageA
GetClientRect
GetParent
GetWindowRect
InvalidateRect
GetClassLongA

gdi32

ExtSelectClipRgn
PtVisible
DeleteDC
CreateBitmap
GetDeviceCaps
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
GetWindowExtEx
GetViewportExtEx
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
CreateRectRgnIndirect
BitBlt
SetMapMode
SetBkMode
RestoreDC
SaveDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CombineRgn
GetPixel
CreateRectRgn
SelectObject
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
GetStockObject
RectVisible

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

CoRegisterMessageFilter
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard

oleaut32

SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysAllocStringByteLen
SysFreeString
SysStringLen
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear

gdiplus

GdipAlloc
GdipGetImageWidth
GdipGetImageHeight
GdipDisposeImage
GdipCloneImage
GdipFree
GdiplusStartup
GdiplusShutdown
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectI
GdipDrawImageRectRectI
GdipCreateBitmapFromStream

ws2_32

gethostbyname
WSAGetLastError
setsockopt
WSACloseEvent
htons
inet_addr
recv
send
closesocket
connect
socket
WSAStartup
WSACleanup

Sections

.text
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DevCfg.dll
.dll windows:4 windows x86 arch:x86

fe2e049547f14883c92d1b5e516f5c69

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6b:d0:fa:31:11:e1:60:37:0e:59:8f:35:d2:0a:41:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13-09-2010 00:00

Not After

12-11-2011 23:59

Subject

CN=Shenzhen DriveTheLife Software Technology Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen DriveTheLife Software Technology Co.Ltd,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f1:3b:24:35:74:76:1b:34:a4:b2:4d:3e:55:82:bf:0c:04:58:8c:cc
Signer

Actual PE Digest

f1:3b:24:35:74:76:1b:34:a4:b2:4d:3e:55:82:bf:0c:04:58:8c:cc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\work\DriveTheLife2010\DTL2010\2010Driver\DriverCore\release\DevCfg.pdb

Imports

kernel32

WideCharToMultiByte
MultiByteToWideChar
GetProcAddress
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CloseHandle
GetLocalTime
GetModuleFileNameA
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
GetTickCount
CreateFileA
WriteConsoleW
GetConsoleOutputCP
GlobalFree
TerminateProcess
GlobalAlloc
WaitForSingleObject
WriteConsoleA
GetStringTypeW
GetStringTypeA
HeapSize
GetLocaleInfoA
LoadLibraryA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
Sleep
ExitProcess
FlushFileBuffers
ReadFile
GetConsoleMode
GetConsoleCP
SetStdHandle
SetFilePointer
LCMapStringW
LCMapStringA
GetLastError
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetEndOfFile
HeapFree
HeapAlloc
GetProcessHeap
DeleteFileA
GetCommandLineA
GetVersionExA
WriteFile
GetStdHandle
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
RaiseException
GetCPInfo
GetACP
GetOEMCP
SetHandleCount
GetFileType
GetStartupInfoA
RtlUnwind

user32

EnumDisplaySettingsW
EnumDisplayDevicesW
ChangeDisplaySettingsExW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW

shell32

ShellExecuteExA

iphlpapi

GetNetworkParams
GetAdaptersInfo

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW

Exports

Exports

DCFGFreeDevCfg
DCFGIsChanged
DCFGMakeDevCfg
DCFGRevertDevCfg

Sections

.text
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DeviceManuf.db3
DockHelp.dll
.dll windows:4 windows x86 arch:x86

84dbb3fc27f0409d73c26c0cc845219f

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6b:d0:fa:31:11:e1:60:37:0e:59:8f:35:d2:0a:41:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13-09-2010 00:00

Not After

12-11-2011 23:59

Subject

CN=Shenzhen DriveTheLife Software Technology Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen DriveTheLife Software Technology Co.Ltd,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5f:fb:71:ba:d1:e0:b5:ba:fa:a1:d9:6a:2e:96:b8:0e:2a:8a:98:45
Signer

Actual PE Digest

5f:fb:71:ba:d1:e0:b5:ba:fa:a1:d9:6a:2e:96:b8:0e:2a:8a:98:45

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\DriveTheLife2010_Client\检测栏\DockHelp2\release\DockHelp.pdb

Imports

kernel32

CloseHandle
GetProcAddress
LoadLibraryW
OpenFileMappingW
Sleep
GlobalFindAtomW
GlobalAddAtomW
MapViewOfFile
UnmapViewOfFile
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
WriteFile
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
RaiseException

user32

IsWindow
FindWindowW
PostMessageW

shell32

SHLoadInProc

ole32

CoCreateInstance
StringFromGUID2

Exports

Exports

?DockSetValue@@YGXMMMM@Z
?DockSetValueEx@@YGXMMMMM@Z
?InitDock@@YGX_N@Z
?IsDockBandShow@@YG_NXZ
?SetLangID@@YG_NK@Z
?ShowDockBand@@YG_N_N@Z

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DockHelpex.dll
.dll windows:5 windows x86 arch:x86

ea9016a3683962e1bc44cb8280390d13

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6b:d0:fa:31:11:e1:60:37:0e:59:8f:35:d2:0a:41:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13-09-2010 00:00

Not After

12-11-2011 23:59

Subject

CN=Shenzhen DriveTheLife Software Technology Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen DriveTheLife Software Technology Co.Ltd,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b2:a7:33:e1:d1:44:63:5d:87:e8:5a:f6:00:5c:fd:ee:d4:eb:76:ec
Signer

Actual PE Digest

b2:a7:33:e1:d1:44:63:5d:87:e8:5a:f6:00:5c:fd:ee:d4:eb:76:ec

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\DriveTheLife2010_Client\检测栏\DockHelp\Release\DockHelp.pdb

Imports

kernel32

CloseHandle
CreateThread
OpenFileMappingW
lstrcmpW
Sleep
GlobalFindAtomW
GlobalAddAtomW
MapViewOfFile
UnmapViewOfFile
IsProcessorFeaturePresent
HeapSize
GetStringTypeW
MultiByteToWideChar
LCMapStringW
GetModuleFileNameW
WriteFile
LoadLibraryW
GetCurrentThreadId
DecodePointer
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
InterlockedDecrement
GetProcAddress
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc

user32

GetWindowTextW
GetWindow
IsWindow
EnumChildWindows
FindWindowW
PostMessageW

shell32

SHLoadInProc

ole32

CoCreateInstance
StringFromGUID2

Exports

Exports

DockSetValue
DockSetValueEx
InitDock
IsDockBandShow
ShowDockBand

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DriveTheLife.exe
.exe windows:4 windows x86 arch:x86

1ffe32586cd6dbafccd16758e1886c17

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6b:d0:fa:31:11:e1:60:37:0e:59:8f:35:d2:0a:41:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13-09-2010 00:00

Not After

12-11-2011 23:59

Subject

CN=Shenzhen DriveTheLife Software Technology Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen DriveTheLife Software Technology Co.Ltd,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

34:a3:18:78:44:68:0b:7b:af:17:58:9f:9b:df:c6:fb:fe:1d:23:7d
Signer

Actual PE Digest

34:a3:18:78:44:68:0b:7b:af:17:58:9f:9b:df:c6:fb:fe:1d:23:7d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\WORK\DriveTheLife2010_Client\bin\release\DriveTheLife.pdb

Imports

kernel32

HeapCreate
VirtualFree
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetCurrentDirectoryA
GetDriveTypeA
SetEnvironmentVariableA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetFileAttributesA
ExitProcess
GetStartupInfoW
GetProcessHeap
HeapDestroy
CreateThread
HeapFree
SetErrorMode
GetTickCount
GlobalGetAtomNameW
GlobalFlags
GetFileTime
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
lstrlenA
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
GetThreadLocale
GetCurrentProcessId
SuspendThread
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GetStartupInfoA
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
ExitThread
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapSize
GetFileType
SetStdHandle
HeapReAlloc
RaiseException
RtlUnwind
HeapAlloc
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
GetModuleHandleA
FormatMessageW
LocalAlloc
LocalFree
FileTimeToLocalFileTime
FileTimeToSystemTime
InterlockedDecrement
InterlockedIncrement
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExA
GetWindowsDirectoryW
MulDiv
LoadLibraryExW
CreateFileW
TerminateThread
ResetEvent
WriteFile
CreateFileA
OpenSemaphoreW
ReleaseSemaphore
GetSystemDefaultLangID
CreateEventW
WaitForSingleObject
SetEvent
ResumeThread
GetLocalTime
GetCurrentThreadId
lstrcmpW
FindNextFileW
SetFileAttributesW
GetFileAttributesW
GetUserDefaultLangID
CompareStringW
GetPrivateProfileIntW
FreeResource
FindClose
FindFirstFileW
WinExec
SetLastError
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetComputerNameW
lstrcmpiW
GetCurrentProcess
GetModuleHandleW
GetVersionExW
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FreeLibrary
LoadLibraryA
WritePrivateProfileStringW
GetPrivateProfileStringW
GetTempPathW
Sleep
GetProcAddress
LoadLibraryW
lstrcpyW
GetSystemDirectoryW
lstrcatW
GetModuleFileNameA
CreateProcessW
GetModuleFileNameW
GetLastError
CreateMutexW
CreateDirectoryW
SetCurrentDirectoryW
DeleteFileW
FindResourceW
LoadResource
LockResource
SizeofResource
CloseHandle
WriteConsoleA

user32

SendDlgItemMessageA
WinHelpW
GetCapture
SetWindowsHookExW
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
PeekMessageW
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetScrollRange
GetScrollRange
ShowScrollBar
GetMenu
MessageBoxW
CreateWindowExW
GetClassInfoExW
AdjustWindowRectEx
DeferWindowPos
GetScrollInfo
SetScrollInfo
CallWindowProcW
SystemParametersInfoA
GetWindowPlacement
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
EnableMenuItem
CheckMenuItem
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetNextDlgTabItem
EndDialog
GetFocus
CopyAcceleratorTableW
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SendDlgItemMessageW
GetDlgItem
InvalidateRgn
SetCapture
ReleaseCapture
CheckDlgButton
GetWindowTextLengthW
GetScrollPos
SetScrollPos
GetWindow
SetFocus
EqualRect
GetWindowTextW
IsWindowEnabled
ChildWindowFromPoint
GetClassNameW
LoadImageW
DestroyCursor
DestroyIcon
CopyIcon
CreateIconIndirect
GetIconInfo
CallNextHookEx
PostThreadMessageW
DrawIconEx
GetWindowDC
BeginPaint
EndPaint
GetMenuStringW
PostQuitMessage
MapDialogRect
SetWindowContextHelpId
GetNextDlgGroupItem
MessageBeep
ValidateRect
TranslateMessage
GetMessageW
ShowOwnedPopups
SystemParametersInfoW
MoveWindow
IsWindow
GetWindowLongW
SetWindowLongW
SendMessageTimeoutW
GetMessagePos
SetRectEmpty
GetActiveWindow
IsChild
GetWindowThreadProcessId
DestroyMenu
CharNextW
CharUpperW
GetSysColorBrush
RegisterClipboardFormatW
UnregisterClassW
TranslateAcceleratorW
WindowFromPoint
GrayStringW
DrawTextExW
SetMenu
InsertMenuItemW
LoadAcceleratorsW
ReuseDDElParam
UnpackDDElParam
DrawTextW
TabbedTextOutW
IsRectEmpty
ClientToScreen
UpdateWindow
ScreenToClient
GetMenuState
ModifyMenuW
InsertMenuW
CreatePopupMenu
AppendMenuW
GetMenuItemCount
LoadMenuW
CreateMenu
GetMenuItemID
LoadBitmapW
FillRect
DrawStateW
InflateRect
CopyRect
ExitWindowsEx
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ReleaseDC
GetDC
TrackMouseEvent
SetCursor
InvalidateRect
PtInRect
DefWindowProcW
GetClassInfoW
SetRect
FrameRect
SetWindowPos
IsIconic
DeleteMenu
GetSystemMenu
KillTimer
GetCursorPos
GetMenuItemInfoW
GetSubMenu
OffsetRect
DrawIcon
GetSystemMetrics
SetTimer
GetWindowRect
ShowWindow
IsWindowVisible
BringWindowToTop
GetLastActivePopup
FindWindowW
RegisterClassW
GetSysColor
LoadCursorW
LoadIconW
DefDlgProcW
GetWindowRgn
SetForegroundWindow
SetWindowRgn
GetClientRect
GetParent
SendMessageW
RegisterWindowMessageW
EnableWindow
PostMessageW
IntersectRect
UnregisterClassA

gdi32

ExtSelectClipRgn
CreatePatternBrush
GetTextColor
CreateEllipticRgn
Ellipse
CreatePolygonRgn
OffsetRgn
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
ExcludeClipRect
SetMapMode
RestoreDC
SaveDC
GetRgnBox
CreateRectRgnIndirect
GetPixel
SelectClipRgn
GetDeviceCaps
SetTextJustification
SetBkColor
StretchBlt
CreateBitmap
CreateDIBSection
DeleteDC
SetTextColor
SetBkMode
LineTo
MoveToEx
ExtCreatePen
GetTextMetricsW
SetPixel
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetBkColor
DPtoLP
GetViewportExtEx
GetWindowExtEx
GetMapMode
LPtoDP
Rectangle
CreatePen
SetDCPenColor
GetStockObject
GetDIBits
GetObjectW
SelectObject
CreateFontIndirectW
EnumFontFamiliesExW
CombineRgn
CreateRoundRectRgn
CreateRectRgn
CreateSolidBrush
FillRgn
FrameRgn
DeleteObject
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
GetTextExtentPoint32W
GetClipBox

msimg32

GradientFill

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

RegEnumKeyW
RegQueryValueW
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyW

shell32

ShellExecuteExW
Shell_NotifyIconW
ShellExecuteExA
ShellExecuteW
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHBrowseForFolderW
DragFinish
DragQueryFileW

comctl32

InitCommonControlsEx
ImageList_GetIconSize
_TrackMouseEvent
ord17
ImageList_GetImageCount
ImageList_GetIcon

shlwapi

PathFileExistsW
PathRemoveFileSpecW
PathRemoveExtensionW
PathRemoveFileSpecA
UrlUnescapeW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFindExtensionW

oledlg

OleUIBusyW

ole32

CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CLSIDFromProgID
CLSIDFromString
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime
VarUdateFromDate
SysAllocString
VariantInit
SysAllocStringLen
VariantClear
VariantChangeType
SysStringLen
SysFreeString
SafeArrayDestroy
OleCreateFontIndirect
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
VariantCopy

gdiplus

GdipGetDC
GdipSaveImageToFile
GdipDrawCurve
GdipDeletePen
GdipCreatePen1
GdipDrawImageRectI
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipDisposeImage
GdipCloneImage
GdipCreateFontFromDC
GdipGetImageHeight
GdipLoadImageFromFile
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipFree
GdipCloneBrush
GdipAlloc
GdipDeleteBrush
GdipDrawImageRectRectI
GdipDrawImageRectRect
GdipGetImageWidth
GdipDeleteFont
GdipCreateStringFormat
GdipDeleteStringFormat
GdipCreateSolidFill
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipMeasureString
GdipDrawString
GdipDeleteGraphics
GdipCreateFromHDC

resmgr

?Mgr_SkinCtrl@@YAXPAUHWND__@@@Z
?Mgr_InitRes@@YAXXZ
?Mgr_UnInitRes@@YAXXZ
?Mgr_GetImage@@YAPAVImage@Gdiplus@@PB_W@Z

hardwareinfo

HWGetMonitorNumber
HWGetSystemInfos
HWInit
HWGetSensorInfos
HWGetBatteryInfos
HWGetInputInfos
HWGetUAABusDesc
HWGetUAABusNumber
HWGetMediaInfos
HWGetMediaNumber
HWGetNetInfos
HWGetNetNumber
HWGetMonitorInfos
HWGetMemoryModuleInfos
HWGetMemoryInfos
HWGetDisplayInfos
HWGetDisplayNumber
HWGetDiskInfos
HWGetDiskNumber
HWGetMainboardInfos
HWGetCPUInfos
HWClose

statistics

StatisticsRequestSoftURLEx
StatisticsRequestNewsURLEx
StatisticsReportDriverInstallResult
StatisticsReportSoftID
StatisticsReportNewsID
StatisticsReportUserHabit
StatisticsInit
StatisticsClose
_StatisticsInitEx@20
_StatisticsNewPCID@4

dockhelp

?InitDock@@YGX_N@Z
?IsDockBandShow@@YG_NXZ
?ShowDockBand@@YG_N_N@Z
?DockSetValueEx@@YGXMMMMM@Z
?SetLangID@@YG_NK@Z

ws2_32

gethostname
gethostbyname

setupapi

SetupDiGetClassImageIndex
SetupDiGetClassImageList

wininet

InternetCanonicalizeUrlW
InternetSetOptionExW
InternetQueryDataAvailable
HttpQueryInfoW
InternetCloseHandle
InternetGetLastResponseInfoW
InternetOpenW
InternetSetStatusCallbackW
InternetSetFilePointer
InternetWriteFile
InternetReadFile
HttpSendRequestW
InternetConnectW
HttpOpenRequestW
InternetCrackUrlW

Sections

.text
Size: 816KB - Virtual size: 813KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 224KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Drivers/UAA/UAA.zip
.zip
hdaudbus.sys
.sys windows:5 windows x86 arch:x86

a324b0a2d4bbbbe61d86cb047877c722

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\hdaudio\srv03\source\drivers\oem\src\wdm\audio\drivers\hdaudio\hdaudbus\azalia\objfre_wnet_x86\i386\hdaudbus.pdb

Imports

ntoskrnl.exe

KeInsertQueueDpc
READ_REGISTER_UCHAR
READ_REGISTER_ULONG
MmGetPhysicalAddress
WRITE_REGISTER_ULONG
MmAllocatePagesForMdl
MmFreePagesFromMdl
MmAllocateContiguousMemorySpecifyCache
MmFreeContiguousMemorySpecifyCache
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
KeSetTimer
ExInterlockedPushEntrySList
ExInterlockedFlushSList
KeSetEvent
KeCancelTimer
KeInitializeTimer
IoDisconnectInterrupt
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
KeWaitForSingleObject
KeInitializeEvent
IoConnectInterrupt
MmUnmapIoSpace
KeInitializeDpc
KeInitializeSpinLock
MmMapIoSpace
IoIsWdmVersionAvailable
KeTickCount
KeBugCheckEx
WRITE_REGISTER_UCHAR
READ_REGISTER_USHORT
WRITE_REGISTER_USHORT
IoInvalidateDeviceRelations
KeQueryTimeIncrement
KeDelayExecutionThread
swprintf
_allmul
IoWMIWriteEvent
IoWMIRegistrationControl
IoGetDriverObjectExtension
RtlInitUnicodeString
RtlQueryRegistryValues
IoAllocateDriverObjectExtension
DbgPrint
RtlCompareMemory
KeClearEvent
ZwClose
ObfDereferenceObject
ObfReferenceObject
ObReferenceObjectByHandle
IoInvalidateDeviceState
IoDeleteSymbolicLink
ExFreePoolWithTag
PsGetVersion
MmGetSystemRoutineAddress
ZwOpenKey
ExInterlockedPopEntrySList
KeGetCurrentThread
ExAcquireFastMutexUnsafe
KeEnterCriticalRegion
KeLeaveCriticalRegion
ExReleaseFastMutexUnsafe
PoStartNextPowerIrp
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
KdDebuggerNotPresent
KdDebuggerEnabled
DbgBreakPoint
PoCallDriver
IoCancelIrp
ZwQueryValueKey
IoOpenDeviceRegistryKey
ZwSetValueKey
PoSetPowerState
IoFreeWorkItem
PoRequestPowerIrp
IoQueueWorkItem
IoAllocateWorkItem
IoDeleteDevice
IoDetachDevice
IoFreeIrp
IoGetAttachedDeviceReference
IoCreateDevice
IoAllocateIrp
IoAttachDeviceToDeviceStack
IoFreeMdl
IofCallDriver
IoReleaseCancelSpinLock
ZwCreateKey
KeQuerySystemTime
IofCompleteRequest
PsTerminateSystemThread
KeResetEvent
PsCreateSystemThread
KeInitializeTimerEx
IoSetDeviceInterfaceState
RtlFreeUnicodeString
RtlUnwind
RtlUnicodeToMultiByteN
ZwSetSecurityObject
ObOpenObjectByPointer
IoDeviceObjectType
RtlGetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
SeExports
_wcsnicmp
RtlAddAccessAllowedAce
RtlLengthSid
wcschr
RtlAbsoluteToSelfRelativeSD
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
_purecall
ExAllocatePoolWithTag

hal

ExAcquireFastMutex
ExReleaseFastMutex
HalGetBusData
KeGetCurrentIrql
KfRaiseIrql
KfLowerIrql
KfAcquireSpinLock
KfReleaseSpinLock
KeStallExecutionProcessor

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mydtloem.inf
Drivers/wnd7audio/SysFxUI.dll
.dll regsvr32 windows:6 windows x86 arch:x86

57d94cef071923fb905c693e7be8ebb0

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6a:70:22:1d:7d:90:98:4a:40:cc:fd:a9:40:78:aa:46
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

30-09-2009 00:00

Not After

30-09-2010 23:59

Subject

CN=Shenzhen DriveTheLife Software Technology Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen DriveTheLife Software Technology Co.Ltd,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3c:9d:06:49:59:9a:0c:93:70:ac:0e:93:95:79:8d:54:e4:e2:9d:aa
Signer

Actual PE Digest

3c:9d:06:49:59:9a:0c:93:70:ac:0e:93:95:79:8d:54:e4:e2:9d:aa

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

SysFxUi.pdb

Imports

msvcrt

wcsncpy_s
wcscat_s
__CxxFrameHandler3
??_U@YAPAXI@Z
memset
??2@YAPAXI@Z
_purecall
memmove_s
_wcslwr_s
wcsncmp
_wcsnicmp
wcstol
iswdigit
_vsnwprintf
calloc
_CIsqrt
_CIsin
_ftol2_sse
_CIcos
memmove
_itow
_wtoi
memcpy
??3@YAXPAX@Z
_XcptFilter
_initterm
_amsg_exit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_except_handler4_common
realloc
_errno
_unlock
__dllonexit
_lock
_onexit
wcscpy_s
_CxxThrowException
memcpy_s
free
malloc
??_V@YAXPAX@Z
_CIpow

advapi32

RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegEnumKeyExW

kernel32

GetCurrentProcessId
QueryPerformanceCounter
InterlockedCompareExchange
VirtualFree
GetSystemTimeAsFileTime
HeapAlloc
GetProcessHeap
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
OutputDebugStringA
LoadLibraryA
GetTickCount
VirtualAlloc
lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
LoadLibraryW
GetProcAddress
GetModuleHandleW
lstrcmpiW
GetModuleFileNameW
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
SetThreadLocale
GetThreadLocale
LockResource
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
FormatMessageW
CloseHandle
WaitForSingleObject
SetEvent
CreateThread
CreateEventW
Sleep
MulDiv
SetLastError
ExpandEnvironmentStringsW
GetVersionExA
InterlockedExchange

gdi32

DeleteDC
CreateBitmap
CreateCompatibleBitmap
GetObjectW
SetLayout
DeleteObject
SelectObject
CreateCompatibleDC

user32

GetWindowRect
SendDlgItemMessageW
DialogBoxParamW
CallWindowProcW
DestroyWindow
UnregisterClassA
LoadMenuW
GetSubMenu
TrackPopupMenuEx
InsertMenuItemW
LoadImageW
GetDC
GetIconInfo
DrawIconEx
CreateIconIndirect
CharNextW
PostMessageW
ShowWindow
SetWindowLongW
SendMessageW
SetDlgItemTextW
GetParent
GetDlgItem
MessageBoxW
SetWindowTextW
LoadStringW
CreateWindowExW
GetClientRect
EnumChildWindows
EnableWindow
GetSystemMetrics
GetActiveWindow
EndDialog
GetWindowTextW
GetWindowLongW
DefWindowProcW
ReleaseDC

ole32

CoInitialize
CoUninitialize
PropVariantClear
CoCreateInstance
StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

LoadRegTypeLi
SysStringLen
SysAllocString
LoadTypeLi
UnRegisterTypeLi
SysAllocStringLen
SysFreeString
VarUI4FromStr
RegisterTypeLi

shlwapi

PathCombineW
PathRemoveFileSpecW
PathFindFileNameW

comdlg32

GetOpenFileNameW

comctl32

PropertySheetW
CreatePropertySheetPageW
DestroyPropertySheetPage

winmm

mmioOpenW
mmioClose
mmioDescend
mmioRead

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 231KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Drivers/wnd7audio/WMALFXGFXDSP.dll
.dll regsvr32 windows:6 windows x86 arch:x86

ee31c21bc1c0cfb11b1a7e9984c8f185

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6a:70:22:1d:7d:90:98:4a:40:cc:fd:a9:40:78:aa:46
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

30-09-2009 00:00

Not After

30-09-2010 23:59

Subject

CN=Shenzhen DriveTheLife Software Technology Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen DriveTheLife Software Technology Co.Ltd,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d1:13:40:9a:2e:8f:9b:c6:50:eb:cb:06:99:52:b2:b0:e5:c7:70:aa
Signer

Actual PE Digest

d1:13:40:9a:2e:8f:9b:c6:50:eb:cb:06:99:52:b2:b0:e5:c7:70:aa

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

WMALFXGFXDSP.pdb

Imports

msvcrt

??_U@YAPAXI@Z
??_V@YAXPAX@Z
_vsnwprintf
??2@YAPAXI@Z
memmove
_CIpow
_wcsicmp
memcpy
_ftol2
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
_amsg_exit
_initterm
free
malloc
_CIexp
_CIcos
_CIsin
_CIsqrt
floor
_CIacos
_purecall
_XcptFilter
memset
swprintf_s
wcscat_s
_ftol2_sse
??3@YAXPAX@Z

kernel32

DeleteCriticalSection
HeapAlloc
GetProcessHeap
DelayLoadFailureHook
GetProcAddress
GetLastError
FreeLibrary
InterlockedCompareExchange
LoadLibraryExA
InterlockedIncrement
HeapFree
GetModuleFileNameW
InterlockedExchange
Sleep
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LoadLibraryW
GetModuleHandleW
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
MulDiv
SetEvent
InitializeCriticalSection

advapi32

EventWrite
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegCreateKeyW
RegDeleteKeyExW
EventRegister
EventUnregister

ole32

StringFromGUID2
CoCreateInstance
PropVariantClear
CoTaskMemAlloc
CoTaskMemFree

oleaut32

SysAllocString
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 963KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_DATA
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Drivers/wnd7audio/drmk.sys
.dll windows:6 windows x86 arch:x86

4f385b0800c7fd35a736bb49be092b0e

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6a:70:22:1d:7d:90:98:4a:40:cc:fd:a9:40:78:aa:46
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

30-09-2009 00:00

Not After

30-09-2010 23:59

Subject

CN=Shenzhen DriveTheLife Software Technology Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen DriveTheLife Software Technology Co.Ltd,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bf:48:ac:0b:e8:4a:34:a6:02:e7:01:47:b4:a1:39:7a:9e:38:fa:78
Signer

Actual PE Digest

bf:48:ac:0b:e8:4a:34:a6:02:e7:01:47:b4:a1:39:7a:9e:38:fa:78

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

drmk.pdb

Imports

ntoskrnl.exe

KeInitializeEvent
KeBugCheckEx
MmProbeAndLockPages
IoFreeMdl
MmUnlockPages
MmProtectMdlSystemAddress
MmMapLockedPagesSpecifyCache
IoAllocateMdl
ObfDereferenceObject
IoGetLowerDeviceObject
KeWaitForSingleObject
IofCallDriver
ExAllocatePoolWithTag
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
IoFileObjectType
MmIsVerifierEnabled
KeInitializeMutex
KeReleaseMutex
ObfReferenceObject
RtlEqualUnicodeString
RtlInitUnicodeString
RtlUnwind
KeTickCount
memcpy
memset
IoBuildDeviceIoControlRequest
ExFreePool
_aulldiv

hal

ExReleaseFastMutex
ExAcquireFastMutex

ks.sys

KsSynchronousIoControlDevice

Exports

Exports

DllInitialize
DllUnload
DrmAddContentHandlers
DrmCreateContentMixed
DrmDestroyContent
DrmForwardContentToDeviceObject
DrmForwardContentToFileObject
DrmForwardContentToInterface
DrmGetContentRights
DrmGetFilterDescriptor

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 369B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Drivers/wnd7audio/drmkaud.reg
Drivers/wnd7audio/drmkaud.sys
.sys windows:6 windows x86 arch:x86

b74d4eb22616be4fe59a51be7e0d2691

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6a:70:22:1d:7d:90:98:4a:40:cc:fd:a9:40:78:aa:46
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

30-09-2009 00:00

Not After

30-09-2010 23:59

Subject

CN=Shenzhen DriveTheLife Software Technology Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen DriveTheLife Software Technology Co.Ltd,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:76:b2:59:f6:eb:e6:5c:f8:37:d0:c6:c5:fb:58:4c:f5:22:b3:d5
Signer

Actual PE Digest

08:76:b2:59:f6:eb:e6:5c:f8:37:d0:c6:c5:fb:58:4c:f5:22:b3:d5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

DrmkAud.pdb

Imports

ntoskrnl.exe

KeTickCount

ks.sys

KsInitializeDriver

drmk.sys

DrmGetFilterDescriptor

Sections

.text
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 326B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 78B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Drivers/wnd7audio/portcls.sys
.dll windows:6 windows x86 arch:x86

c7b935760a1064c39d1861bbac849f6b

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6a:70:22:1d:7d:90:98:4a:40:cc:fd:a9:40:78:aa:46
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

30-09-2009 00:00

Not After

30-09-2010 23:59

Subject

CN=Shenzhen DriveTheLife Software Technology Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen DriveTheLife Software Technology Co.Ltd,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ee:21:9f:1a:21:ce:d2:03:a8:87:f4:6d:f2:50:0e:f6:b3:90:7e:ea
Signer

Actual PE Digest

ee:21:9f:1a:21:ce:d2:03:a8:87:f4:6d:f2:50:0e:f6:b3:90:7e:ea

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

portcls.pdb

Imports

ntoskrnl.exe

PoCreatePowerRequest
PoRegisterDeviceForIdleDetection
PoStartNextPowerIrp
PoClearPowerRequest
PoSetPowerRequest
ZwClose
ZwQueryValueKey
ZwOpenKey
IoOpenDeviceRegistryKey
PoRequestPowerIrp
ZwCreateKey
IoOpenDeviceInterfaceRegistryKey
ZwQueryKey
ZwEnumerateKey
ZwEnumerateValueKey
ZwSetValueKey
ZwDeleteKey
KeCancelTimer
KeSetTimer
KeInitializeTimer
IoConnectInterrupt
KeQueryGroupAffinity
KeQueryActiveProcessorCountEx
IoDisconnectInterrupt
KeSynchronizeExecution
KeTickCount
KeBugCheckEx
RtlUnwind
KeInitializeEvent
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
KeWaitForSingleObject
KeGetCurrentThread
KeInitializeSpinLock
memcpy
IofCompleteRequest
ProbeForRead
IoFreeMdl
KeInitializeMutex
IoGetDeviceProperty
IoGetDmaAdapter
memset
ExAllocatePoolWithTag
IoAllocateWorkItem
IoInitializeRemoveLockEx
_aulldiv
_allmul
_aulldvrm
ExSetTimerResolution
_alldiv
_purecall
KeGetRecommendedSharedDataAlignment
_aullrem
ObReferenceObjectByHandle
ExGetPreviousMode
KeSetTimerEx
MmUnmapLockedPages
MmBuildMdlForNonPagedPool
IoBuildPartialMdl
IoAllocateMdl
ExEventObjectType
MmAllocatePagesForMdl
qsort
MmFreePagesFromMdl
MmFreeContiguousMemorySpecifyCache
MmGetPhysicalAddress
MmAllocateContiguousMemorySpecifyCache
KeUnstackDetachProcess
KeStackAttachProcess
_vsnwprintf
ZwSetSecurityObject
ObOpenObjectByPointer
IoDeviceObjectType
IoCreateDevice
RtlGetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
SeExports
IoIsWdmVersionAvailable
_wcsnicmp
RtlAddAccessAllowedAce
RtlLengthSid
wcschr
RtlAbsoluteToSelfRelativeSD
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
IoInitializeTimer
IoAttachDeviceToDeviceStack
IoRegisterDeviceInterface
IoReleaseRemoveLockAndWaitEx
PoDeletePowerRequest
IoDetachDevice
IoDeleteDevice
IoStartTimer
IoReleaseRemoveLockEx
IoAcquireRemoveLockEx
RtlCompareUnicodeString
IoStopTimer
PoSetPowerState
IoSetDeviceInterfaceState
PoCallDriver
IoBuildSynchronousFsdRequest
KeReleaseMutex
RtlQueryRegistryValues
RtlFreeUnicodeString
IofCallDriver
RtlCompareMemory
MmGetSystemRoutineAddress
RtlInitUnicodeString
IoWMIWriteEvent
IoWMIRegistrationControl
KeQuerySystemTime
ObfDereferenceObject
ObfReferenceObject
KeWaitForMultipleObjects
KeClearEvent
KeSetEvent
MmMapLockedPagesSpecifyCache
IoQueueWorkItem
IoGetCurrentProcess
InterlockedIncrement
InterlockedDecrement
KeInitializeDpc
KeInsertQueueDpc
IoFreeWorkItem
KeRemoveQueueDpc
ExFreePoolWithTag

hal

KeStallExecutionProcessor
WRITE_PORT_UCHAR
READ_PORT_UCHAR
KeRaiseIrqlToDpcLevel
KeQueryPerformanceCounter
KfLowerIrql
KfRaiseIrql
KfReleaseSpinLock
KfAcquireSpinLock
KeGetCurrentIrql

wmilib.sys

WmiCompleteRequest
WmiSystemControl

drmk.sys

DrmAddContentHandlers
DrmDestroyContent
DrmForwardContentToDeviceObject
DrmForwardContentToFileObject
DrmForwardContentToInterface
DrmGetContentRights
DrmCreateContentMixed

ks.sys

KsValidateClockCreateRequest
KsCreateDefaultAllocator
KsAcquireResetValue
KsTopologyPropertyHandler
KsDispatchInvalidDeviceRequest
KsFreeEventList
KsDefaultDeviceIoCompletion
KsPinDataIntersection
KsPinPropertyHandler
KsPropertyHandler
KsValidateConnectRequest
KsAllocateDeviceHeader
KsSetDevicePnpAndBaseObject
KsSetMajorFunctionHandler
KsFreeDeviceHeader
KsAddObjectCreateItemToDeviceHeader
KsFreeObjectHeader
KsReferenceSoftwareBusObject
KsAllocateObjectHeader
KsDereferenceSoftwareBusObject
KsDispatchIrp
KsRemoveSpecificIrpFromCancelableQueue
KsReleaseIrpOnCancelableQueue
KsProbeStreamIrp
KsAddIrpToCancelableQueue
KsCancelRoutine
KsRemoveIrpFromCancelableQueue
KsCancelIo
KsGenerateEvent
KsDisableEvent
KsEnableEvent
KsSynchronousIoControlDevice

Exports

Exports

DllInitialize
DllUnload
PcAddAdapterDevice
PcAddContentHandlers
PcCompleteIrp
PcCompletePendingPropertyRequest
PcCreateContentMixed
PcDestroyContent
PcDispatchIrp
PcForwardContentToDeviceObject
PcForwardContentToFileObject
PcForwardContentToInterface
PcForwardIrpSynchronous
PcGetContentRights
PcGetDeviceProperty
PcGetTimeInterval
PcInitializeAdapterDriver
PcNewDmaChannel
PcNewInterruptSync
PcNewMiniport
PcNewPort
PcNewRegistryKey
PcNewResourceList
PcNewResourceSublist
PcNewServiceGroup
PcRegisterAdapterPowerManagement
PcRegisterIoTimeout
PcRegisterPhysicalConnection
PcRegisterPhysicalConnectionFromExternal
PcRegisterPhysicalConnectionToExternal
PcRegisterSubdevice
PcRequestNewPowerState
PcUnregisterAdapterPowerManagement
PcUnregisterIoTimeout

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Drivers/wnd7audio/wdmaudio.inf
DtlDock.dll
.dll regsvr32 windows:5 windows x86 arch:x86

c896b60d121f0b07c52c40beefaaad9f

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6b:d0:fa:31:11:e1:60:37:0e:59:8f:35:d2:0a:41:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13-09-2010 00:00

Not After

12-11-2011 23:59

Subject

CN=Shenzhen DriveTheLife Software Technology Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen DriveTheLife Software Technology Co.Ltd,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:eb:04:d4:67:f4:93:9f:da:10:6c:87:22:fd:9e:79:3f:0d:92:1c
Signer

Actual PE Digest

77:eb:04:d4:67:f4:93:9f:da:10:6c:87:22:fd:9e:79:3f:0d:92:1c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\DriveTheLife2010_Client\Bin\Release\DtlDock.pdb

Imports

kernel32

RtlUnwind
HeapFree
HeapAlloc
GetCommandLineA
HeapReAlloc
Sleep
ExitProcess
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStdHandle
GetModuleFileNameA
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
SetFilePointer
WriteFile
LoadLibraryA
GetVersionExA
WritePrivateProfileStringW
lstrlenA
GlobalFlags
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GlobalAddAtomW
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
LoadLibraryW
InterlockedExchange
lstrcmpW
WideCharToMultiByte
GetCurrentProcessId
InterlockedCompareExchange
GetProcessHeap
IsProcessorFeaturePresent
GetModuleHandleA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
LockResource
GetThreadLocale
SetThreadLocale
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetCurrentProcess
FlushInstructionCache
RaiseException
GetCurrentThreadId
GetProcAddress
lstrcmpiW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
GetLastError
lstrlenW
InterlockedDecrement
InterlockedIncrement
SetLastError
InitializeCriticalSection
GetModuleFileNameW
lstrcatW
CreateProcessW
GetVersionExW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
OpenMutexW
GetModuleHandleW
OpenFileMappingW
CloseHandle
GlobalFindAtomW
FreeEnvironmentStringsW
GlobalDeleteAtom

user32

RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
GetMenu
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetClassNameW
PtInRect
GetWindowTextW
SetWindowPos
GetDlgCtrlID
SetWindowTextW
GetDlgItem
GetWindow
GetSysColorBrush
UnregisterClassW
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
UnhookWindowsHookEx
PostQuitMessage
GetSystemMetrics
DestroyMenu
CopyRect
GetWindowThreadProcessId
GetParent
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
GetSysColor
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
TabbedTextOutW
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
CharNextW
InsertMenuW
CreatePopupMenu
RegisterClassExW
LoadCursorW
GetClassInfoExW
CreateWindowExW
CallWindowProcW
GetWindowLongW
SetWindowLongW
DefWindowProcW
DestroyWindow
PostMessageW
GetCursorPos
TrackPopupMenu
SetTimer
FindWindowW
SendMessageW
FindWindowExW
GetWindowRect
EndPaint
BeginPaint
DrawTextW
FrameRect
GetClientRect
InvalidateRect
IsWindow
ShowWindow
UnregisterClassA

gdi32

CreateBitmap
TextOutW
RectVisible
PtVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
DeleteDC
GetClipBox
SetMapMode
SetBkColor
RestoreDC
SaveDC
GetDeviceCaps
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
SetBkMode
SetTextColor
GetStockObject
BitBlt
DeleteObject
ExtTextOutW

msimg32

GradientFill

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
PathFindExtensionW

ole32

StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

VariantInit
VarUI4FromStr
SysFreeString
LoadRegTypeLi
LoadTypeLi
SysStringLen
RegisterTypeLi
SysAllocString
UnRegisterTypeLi
VariantClear
VariantChangeType

gdiplus

GdipDeleteFont
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFontFamilyFromName
GdipCreateFont
GdipDrawString
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipCreateLineBrushFromRectI
GdipAlloc
GdipFree
GdipFillRectangle
GdiplusStartup
GdiplusShutdown
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DtlDock64.dll
.dll regsvr32 windows:5 windows x64 arch:x64

2cc39604338e2200ae275bcac39cc086

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6b:d0:fa:31:11:e1:60:37:0e:59:8f:35:d2:0a:41:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13-09-2010 00:00

Not After

12-11-2011 23:59

Subject

CN=Shenzhen DriveTheLife Software Technology Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen DriveTheLife Software Technology Co.Ltd,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5c:ce:17:d3:8c:71:cf:ec:32:aa:3d:14:a0:9c:08:b8:5e:9c:16:8a
Signer

Actual PE Digest

5c:ce:17:d3:8c:71:cf:ec:32:aa:3d:14:a0:9c:08:b8:5e:9c:16:8a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\DriveTheLife2010_Client\Bin\Release\DtlDock64.pdb

Imports

kernel32

RtlLookupFunctionEntry
RtlUnwindEx
HeapFree
HeapAlloc
FlsSetValue
GetCommandLineA
RtlPcToFileHeader
HeapReAlloc
Sleep
ExitProcess
HeapSize
HeapQueryInformation
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
GetStdHandle
GetModuleFileNameA
HeapSetInformation
HeapCreate
HeapDestroy
SetHandleCount
GetFileType
GetStartupInfoA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
SetFilePointer
WriteFile
LoadLibraryA
GetVersionExA
WritePrivateProfileStringW
lstrlenA
GlobalFlags
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
TlsGetValue
LocalAlloc
InterlockedPushEntrySList
GlobalAddAtomW
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
LoadLibraryW
lstrcmpW
GetProcessHeap
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
WideCharToMultiByte
GetCurrentProcessId
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
LockResource
GetThreadLocale
SetThreadLocale
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetCurrentProcess
FlushInstructionCache
RaiseException
GetCurrentThreadId
GetProcAddress
lstrcmpiW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
GetLastError
lstrlenW
SetLastError
InitializeCriticalSection
GetModuleFileNameW
lstrcatW
CreateProcessW
GetVersionExW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
OpenMutexW
GetModuleHandleW
OpenFileMappingW
CloseHandle
GlobalFindAtomW
FreeEnvironmentStringsA
GlobalDeleteAtom

user32

RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassLongPtrW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
GetMenu
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetClassNameW
PtInRect
GetWindowTextW
SetWindowPos
GetDlgCtrlID
SetWindowTextW
GetWindow
GetSysColorBrush
UnregisterClassW
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
UnhookWindowsHookEx
PostQuitMessage
GetSystemMetrics
DestroyMenu
CopyRect
GetWindowThreadProcessId
GetWindowLongW
GetParent
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
GetSysColor
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
TabbedTextOutW
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
CharNextW
InsertMenuW
CreatePopupMenu
RegisterClassExW
LoadCursorW
GetClassInfoExW
CreateWindowExW
CallWindowProcW
GetWindowLongPtrW
SetWindowLongPtrW
DefWindowProcW
DestroyWindow
PostMessageW
GetCursorPos
TrackPopupMenu
SetTimer
FindWindowW
SendMessageW
FindWindowExW
GetWindowRect
EndPaint
BeginPaint
DrawTextW
FrameRect
GetClientRect
InvalidateRect
IsWindow
ShowWindow
GetDlgItem
UnregisterClassA

gdi32

CreateBitmap
TextOutW
RectVisible
PtVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
DeleteDC
GetClipBox
SetMapMode
SetBkColor
RestoreDC
SaveDC
GetDeviceCaps
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
SetBkMode
SetTextColor
GetStockObject
BitBlt
DeleteObject
ExtTextOutW

msimg32

GradientFill

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
PathFindExtensionW

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2

oleaut32

VariantInit
VarUI4FromStr
SysFreeString
LoadRegTypeLi
LoadTypeLi
SysStringLen
RegisterTypeLi
SysAllocString
UnRegisterTypeLi
VariantClear
VariantChangeType

gdiplus

GdipDeleteFont
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFontFamilyFromName
GdipCreateFont
GdipDrawString
GdipFillRectangle
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipCreateLineBrushFromRectI
GdiplusStartup
GdiplusShutdown
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipFree
GdipAlloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 203KB - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GdiPlus.dll
.dll windows:6 windows x86 arch:x86

ef4c749f5dec4632456950949469f18c

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6b:d0:fa:31:11:e1:60:37:0e:59:8f:35:d2:0a:41:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13-09-2010 00:00

Not After

12-11-2011 23:59

Subject

CN=Shenzhen DriveTheLife Software Technology Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen DriveTheLife Software Technology Co.Ltd,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a2:a6:cc:12:37:a1:26:cf:f3:5f:5a:8f:20:a6:d0:87:fd:44:0f:67
Signer

Actual PE Digest

a2:a6:cc:12:37:a1:26:cf:f3:5f:5a:8f:20:a6:d0:87:fd:44:0f:67

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

gdiplus.pdb

Imports

msvcrt

_isatty
_write
_lseeki64
_fileno
__pioinfo
__badioinfo
wctomb
_itoa
_snprintf
isleadbyte
memmove
_adjust_fdiv
_amsg_exit
_initterm
free
malloc
_XcptFilter
_CIatan2
_CIsqrt
_CIsin
_CIcos
??3@YAXPAX@Z
_iob
_CIexp
_CIatan
_vsnprintf
_vsnwprintf
_errno
memset
memcpy
_purecall
_CIlog

kernel32

GetFileInformationByHandle
RaiseException
InterlockedIncrement
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
InterlockedCompareExchange
HeapAlloc
InterlockedExchange
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
DisableThreadLibraryCalls
HeapFree
VirtualAlloc
GetProcAddress
GetModuleHandleW
GetSystemInfo
GetVersion
HeapReAlloc
CloseHandle
WaitForSingleObject
SetEvent
lstrcmpiA
IsValidLocale
ConvertDefaultLocale
GetLocaleInfoW
GetModuleFileNameW
GetModuleFileNameA
FindResourceA
LockResource
GetProfileIntA
GetProfileStringA
lstrcmpiW
LocalReAlloc
MulDiv
SetLastError
LocalAlloc
LocalFree
IsDBCSLeadByteEx
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
RtlUnwind
OutputDebugStringA
Sleep
GetFileTime
SearchPathW
SearchPathA
GetOEMCP
SetEndOfFile
WriteFile
SetFilePointer
ReadFile
UnlockFile
LoadResource
LockFile
FlushFileBuffers
CreateSemaphoreA
CreateFileW
LoadLibraryW
GetSystemDirectoryA
CreateFileMappingW
ReleaseSemaphore
GetFileAttributesW
GetProfileSectionA
GetLastError
VirtualFree
GlobalAlloc
CreateFileA
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GlobalLock
GlobalSize
GlobalUnlock
GlobalFree
HeapCreate
GetModuleHandleA
FreeLibrary
HeapDestroy
LoadLibraryA
GetSystemDirectoryW
GetWindowsDirectoryA
GetVersionExA
GetACP
GetSystemDefaultLCID
GetTickCount
MultiByteToWideChar
WideCharToMultiByte
CreateEventA
CreateThread

user32

ReleaseDC
GetDC
GetSysColor
UnregisterClassA
DestroyWindow
GetSystemMetrics
DefWindowProcA
CreateWindowExA
RegisterWindowMessageA
RegisterClassA
DispatchMessageA
TranslateMessage
MsgWaitForMultipleObjects
PeekMessageA
GetClientRect
GetDesktopWindow
GetWindowRect
WindowFromDC
CreateIconIndirect
LoadBitmapW
LoadBitmapA
ClientToScreen
SystemParametersInfoA
GetClassLongA
GetWindowLongA
GetDCEx
GetIconInfo

gdi32

ModifyWorldTransform
GetTextCharsetInfo
TranslateCharsetInfo
GetCurrentPositionEx
ArcTo
SetArcDirection
GetPath
AbortPath
FlattenPath
WidenPath
Ellipse
AngleArc
RoundRect
PolyDraw
Pie
Chord
Arc
OffsetClipRgn
GetRgnBox
CombineRgn
SetPaletteEntries
ResizePalette
ExcludeClipRect
PlayEnhMetaFile
GetWinMetaFileBits
PlgBlt
BitBlt
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CombineTransform
SetMapperFlags
CreateDIBitmap
CreatePen
CreatePatternBrush
GetBkMode
GetTextAlign
ExtCreateRegion
Polyline
PolyPolyline
StrokeAndFillPath
FillPath
SetPolyFillMode
PolyBezier
SelectClipPath
BeginPath
PolylineTo
PolyBezierTo
MoveToEx
CloseFigure
EndPath
StrokePath
ExtSelectClipRgn
GetPixel
ExtTextOutA
CreateSolidBrush
SetMiterLimit
FillRgn
GetDIBColorTable
GetNearestPaletteIndex
StretchBlt
CreateCompatibleBitmap
ExtCreatePen
GetWorldTransform
GetROP2
Rectangle
Polygon
SetBrushOrgEx
GetClipRgn
SelectClipRgn
GetBkColor
GetTextColor
CreatePenIndirect
GetObjectW
DPtoLP
CreateDIBPatternBrushPt
GetNearestColor
SetStretchBltMode
StretchDIBits
SetTextAlign
SetTextJustification
SetROP2
PolyPolygon
IntersectClipRect
PlayMetaFileRecord
ExtTextOutW
SetBitmapBits
SetDIBColorTable
CreateEnhMetaFileW
GdiComment
GetMetaFileW
GetMetaFileA
GetEnhMetaFileW
GetEnhMetaFileA
SaveDC
SetWindowOrgEx
SetViewportOrgEx
SetGraphicsMode
SetWorldTransform
GetEnhMetaFileBits
CopyEnhMetaFileA
CopyMetaFileA
DeleteMetaFile
GetEnhMetaFileHeader
SetMetaFileBitsEx
SetEnhMetaFileBits
CreateEnhMetaFileA
SetMapMode
SetViewportExtEx
SetWindowExtEx
PlayMetaFile
CloseEnhMetaFile
DeleteEnhMetaFile
SetMetaRgn
GetObjectType
GetMetaFileBitsEx
EnumMetaFile
EnumEnhMetaFile
PlayEnhMetaFileRecord
RestoreDC
GetStockObject
CreateBitmap
SetTextColor
SetBkColor
SetBkMode
SetDIBits
CreateBrushIndirect
PatBlt
GdiFlush
GetPaletteEntries
RealizePalette
CreateDIBSection
CreateCompatibleDC
GetDIBits
GetCurrentObject
GetObjectA
GetDCOrgEx
Escape
SetICMMode
GetMapMode
GetViewportOrgEx
GetWindowOrgEx
GetGraphicsMode
GetViewportExtEx
GetWindowExtEx
LPtoDP
GetRandomRgn
ExtEscape
CreateRectRgn
CreateICA
CreateDCA
DeleteDC
GetRegionData
CreateFontIndirectA
CreateFontIndirectW
SelectObject
EnumFontFamiliesExW
EnumFontFamiliesExA
GetTextMetricsW
GetTextFaceW
GetTextMetricsA
GetTextFaceA
SelectPalette
DeleteObject
GetDeviceCaps
GetSystemPaletteUse
GetSystemPaletteEntries
CreatePalette
LineTo

ole32

CoTaskMemAlloc
CoTaskMemFree
CreateStreamOnHGlobal

advapi32

RegDeleteKeyA
RegCreateKeyExW
RegCreateKeyExA
RegEnumKeyExW
RegEnumKeyExA
RegOpenKeyW
RegOpenKeyA
RegQueryValueExW
RegQueryValueExA
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumValueW
RegCloseKey
RegEnumValueA
RegDeleteKeyW
RegSetValueExA
RegSetValueExW

Exports

Exports

GdipAddPathArc
GdipAddPathArcI
GdipAddPathBezier
GdipAddPathBezierI
GdipAddPathBeziers
GdipAddPathBeziersI
GdipAddPathClosedCurve
GdipAddPathClosedCurve2
GdipAddPathClosedCurve2I
GdipAddPathClosedCurveI
GdipAddPathCurve
GdipAddPathCurve2
GdipAddPathCurve2I
GdipAddPathCurve3
GdipAddPathCurve3I
GdipAddPathCurveI
GdipAddPathEllipse
GdipAddPathEllipseI
GdipAddPathLine
GdipAddPathLine2
GdipAddPathLine2I
GdipAddPathLineI
GdipAddPathPath
GdipAddPathPie
GdipAddPathPieI
GdipAddPathPolygon
GdipAddPathPolygonI
GdipAddPathRectangle
GdipAddPathRectangleI
GdipAddPathRectangles
GdipAddPathRectanglesI
GdipAddPathString
GdipAddPathStringI
GdipAlloc
GdipBeginContainer
GdipBeginContainer2
GdipBeginContainerI
GdipBitmapGetPixel
GdipBitmapLockBits
GdipBitmapSetPixel
GdipBitmapSetResolution
GdipBitmapUnlockBits
GdipClearPathMarkers
GdipCloneBitmapArea
GdipCloneBitmapAreaI
GdipCloneBrush
GdipCloneCustomLineCap
GdipCloneFont
GdipCloneFontFamily
GdipCloneImage
GdipCloneImageAttributes
GdipCloneMatrix
GdipClonePath
GdipClonePen
GdipCloneRegion
GdipCloneStringFormat
GdipClosePathFigure
GdipClosePathFigures
GdipCombineRegionPath
GdipCombineRegionRect
GdipCombineRegionRectI
GdipCombineRegionRegion
GdipComment
GdipCreateAdjustableArrowCap
GdipCreateBitmapFromDirectDrawSurface
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromGdiDib
GdipCreateBitmapFromGraphics
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromHICON
GdipCreateBitmapFromResource
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateCachedBitmap
GdipCreateCustomLineCap
GdipCreateFont
GdipCreateFontFamilyFromName
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipCreateFontFromLogfontW
GdipCreateFromHDC
GdipCreateFromHDC2
GdipCreateFromHWND
GdipCreateFromHWNDICM
GdipCreateHBITMAPFromBitmap
GdipCreateHICONFromBitmap
GdipCreateHalftonePalette
GdipCreateHatchBrush
GdipCreateImageAttributes
GdipCreateLineBrush
GdipCreateLineBrushFromRect
GdipCreateLineBrushFromRectI
GdipCreateLineBrushFromRectWithAngle
GdipCreateLineBrushFromRectWithAngleI
GdipCreateLineBrushI
GdipCreateMatrix
GdipCreateMatrix2
GdipCreateMatrix3
GdipCreateMatrix3I
GdipCreateMetafileFromEmf
GdipCreateMetafileFromFile
GdipCreateMetafileFromStream
GdipCreateMetafileFromWmf
GdipCreateMetafileFromWmfFile
GdipCreatePath
GdipCreatePath2
GdipCreatePath2I
GdipCreatePathGradient
GdipCreatePathGradientFromPath
GdipCreatePathGradientI
GdipCreatePathIter
GdipCreatePen1
GdipCreatePen2
GdipCreateRegion
GdipCreateRegionHrgn
GdipCreateRegionPath
GdipCreateRegionRect
GdipCreateRegionRectI
GdipCreateRegionRgnData
GdipCreateSolidFill
GdipCreateStreamOnFile
GdipCreateStringFormat
GdipCreateTexture
GdipCreateTexture2
GdipCreateTexture2I
GdipCreateTextureIA
GdipCreateTextureIAI
GdipDeleteBrush
GdipDeleteCachedBitmap
GdipDeleteCustomLineCap
GdipDeleteFont
GdipDeleteFontFamily
GdipDeleteGraphics
GdipDeleteMatrix
GdipDeletePath
GdipDeletePathIter
GdipDeletePen
GdipDeletePrivateFontCollection
GdipDeleteRegion
GdipDeleteStringFormat
GdipDisposeImage
GdipDisposeImageAttributes
GdipDrawArc
GdipDrawArcI
GdipDrawBezier
GdipDrawBezierI
GdipDrawBeziers
GdipDrawBeziersI
GdipDrawCachedBitmap
GdipDrawClosedCurve
GdipDrawClosedCurve2
GdipDrawClosedCurve2I
GdipDrawClosedCurveI
GdipDrawCurve
GdipDrawCurve2
GdipDrawCurve2I
GdipDrawCurve3
GdipDrawCurve3I
GdipDrawCurveI
GdipDrawDriverString
GdipDrawEllipse
GdipDrawEllipseI
GdipDrawImage
GdipDrawImageI
GdipDrawImagePointRect
GdipDrawImagePointRectI
GdipDrawImagePoints
GdipDrawImagePointsI
GdipDrawImagePointsRect
GdipDrawImagePointsRectI
GdipDrawImageRect
GdipDrawImageRectI
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipDrawLine
GdipDrawLineI
GdipDrawLines
GdipDrawLinesI
GdipDrawPath
GdipDrawPie
GdipDrawPieI
GdipDrawPolygon
GdipDrawPolygonI
GdipDrawRectangle
GdipDrawRectangleI
GdipDrawRectangles
GdipDrawRectanglesI
GdipDrawString
GdipEmfToWmfBits
GdipEndContainer
GdipEnumerateMetafileDestPoint
GdipEnumerateMetafileDestPointI
GdipEnumerateMetafileDestPoints
GdipEnumerateMetafileDestPointsI
GdipEnumerateMetafileDestRect
GdipEnumerateMetafileDestRectI
GdipEnumerateMetafileSrcRectDestPoint
GdipEnumerateMetafileSrcRectDestPointI
GdipEnumerateMetafileSrcRectDestPoints
GdipEnumerateMetafileSrcRectDestPointsI
GdipEnumerateMetafileSrcRectDestRect
GdipEnumerateMetafileSrcRectDestRectI
GdipFillClosedCurve
GdipFillClosedCurve2
GdipFillClosedCurve2I
GdipFillClosedCurveI
GdipFillEllipse
GdipFillEllipseI
GdipFillPath
GdipFillPie
GdipFillPieI
GdipFillPolygon
GdipFillPolygon2
GdipFillPolygon2I
GdipFillPolygonI
GdipFillRectangle
GdipFillRectangleI
GdipFillRectangles
GdipFillRectanglesI
GdipFillRegion
GdipFlattenPath
GdipFlush
GdipFree
GdipGetAdjustableArrowCapFillState
GdipGetAdjustableArrowCapHeight
GdipGetAdjustableArrowCapMiddleInset
GdipGetAdjustableArrowCapWidth
GdipGetAllPropertyItems
GdipGetBrushType
GdipGetCellAscent
GdipGetCellDescent
GdipGetClip
GdipGetClipBounds
GdipGetClipBoundsI
GdipGetCompositingMode
GdipGetCompositingQuality
GdipGetCustomLineCapBaseCap
GdipGetCustomLineCapBaseInset
GdipGetCustomLineCapStrokeCaps
GdipGetCustomLineCapStrokeJoin
GdipGetCustomLineCapType
GdipGetCustomLineCapWidthScale
GdipGetDC
GdipGetDpiX
GdipGetDpiY
GdipGetEmHeight
GdipGetEncoderParameterList
GdipGetEncoderParameterListSize
GdipGetFamily
GdipGetFamilyName
GdipGetFontCollectionFamilyCount
GdipGetFontCollectionFamilyList
GdipGetFontHeight
GdipGetFontHeightGivenDPI
GdipGetFontSize
GdipGetFontStyle
GdipGetFontUnit
GdipGetGenericFontFamilyMonospace
GdipGetGenericFontFamilySansSerif
GdipGetGenericFontFamilySerif
GdipGetHatchBackgroundColor
GdipGetHatchForegroundColor
GdipGetHatchStyle
GdipGetHemfFromMetafile
GdipGetImageAttributesAdjustedPalette
GdipGetImageBounds
GdipGetImageDecoders
GdipGetImageDecodersSize
GdipGetImageDimension
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipGetImageFlags
GdipGetImageGraphicsContext
GdipGetImageHeight
GdipGetImageHorizontalResolution
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageRawFormat
GdipGetImageThumbnail
GdipGetImageType
GdipGetImageVerticalResolution
GdipGetImageWidth
GdipGetInterpolationMode
GdipGetLineBlend
GdipGetLineBlendCount
GdipGetLineColors
GdipGetLineGammaCorrection
GdipGetLinePresetBlend
GdipGetLinePresetBlendCount
GdipGetLineRect
GdipGetLineRectI
GdipGetLineSpacing
GdipGetLineTransform
GdipGetLineWrapMode
GdipGetLogFontA
GdipGetLogFontW
GdipGetMatrixElements
GdipGetMetafileDownLevelRasterizationLimit
GdipGetMetafileHeaderFromEmf
GdipGetMetafileHeaderFromFile
GdipGetMetafileHeaderFromMetafile
GdipGetMetafileHeaderFromStream
GdipGetMetafileHeaderFromWmf
GdipGetNearestColor
GdipGetPageScale
GdipGetPageUnit
GdipGetPathData
GdipGetPathFillMode
GdipGetPathGradientBlend
GdipGetPathGradientBlendCount
GdipGetPathGradientCenterColor
GdipGetPathGradientCenterPoint
GdipGetPathGradientCenterPointI
GdipGetPathGradientFocusScales
GdipGetPathGradientGammaCorrection
GdipGetPathGradientPath
GdipGetPathGradientPointCount
GdipGetPathGradientPresetBlend
GdipGetPathGradientPresetBlendCount
GdipGetPathGradientRect
GdipGetPathGradientRectI
GdipGetPathGradientSurroundColorCount
GdipGetPathGradientSurroundColorsWithCount
GdipGetPathGradientTransform
GdipGetPathGradientWrapMode
GdipGetPathLastPoint
GdipGetPathPoints
GdipGetPathPointsI
GdipGetPathTypes
GdipGetPathWorldBounds
GdipGetPathWorldBoundsI
GdipGetPenBrushFill
GdipGetPenColor
GdipGetPenCompoundArray
GdipGetPenCompoundCount
GdipGetPenCustomEndCap
GdipGetPenCustomStartCap
GdipGetPenDashArray
GdipGetPenDashCap197819
GdipGetPenDashCount
GdipGetPenDashOffset
GdipGetPenDashStyle
GdipGetPenEndCap
GdipGetPenFillType
GdipGetPenLineJoin
GdipGetPenMiterLimit
GdipGetPenMode
GdipGetPenStartCap
GdipGetPenTransform
GdipGetPenUnit
GdipGetPenWidth
GdipGetPixelOffsetMode
GdipGetPointCount
GdipGetPropertyCount
GdipGetPropertyIdList
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipGetPropertySize
GdipGetRegionBounds
GdipGetRegionBoundsI
GdipGetRegionData
GdipGetRegionDataSize
GdipGetRegionHRgn
GdipGetRegionScans
GdipGetRegionScansCount
GdipGetRegionScansI
GdipGetRenderingOrigin
GdipGetSmoothingMode
GdipGetSolidFillColor
GdipGetStringFormatAlign
GdipGetStringFormatDigitSubstitution
GdipGetStringFormatFlags
GdipGetStringFormatHotkeyPrefix
GdipGetStringFormatLineAlign
GdipGetStringFormatMeasurableCharacterRangeCount
GdipGetStringFormatTabStopCount
GdipGetStringFormatTabStops
GdipGetStringFormatTrimming
GdipGetTextContrast
GdipGetTextRenderingHint
GdipGetTextureImage
GdipGetTextureTransform
GdipGetTextureWrapMode
GdipGetVisibleClipBounds
GdipGetVisibleClipBoundsI
GdipGetWorldTransform
GdipGraphicsClear
GdipImageForceValidation
GdipImageGetFrameCount
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageRotateFlip
GdipImageSelectActiveFrame
GdipInvertMatrix
GdipIsClipEmpty
GdipIsEmptyRegion
GdipIsEqualRegion
GdipIsInfiniteRegion
GdipIsMatrixEqual
GdipIsMatrixIdentity
GdipIsMatrixInvertible
GdipIsOutlineVisiblePathPoint
GdipIsOutlineVisiblePathPointI
GdipIsStyleAvailable
GdipIsVisibleClipEmpty
GdipIsVisiblePathPoint
GdipIsVisiblePathPointI
GdipIsVisiblePoint
GdipIsVisiblePointI
GdipIsVisibleRect
GdipIsVisibleRectI
GdipIsVisibleRegionPoint
GdipIsVisibleRegionPointI
GdipIsVisibleRegionRect
GdipIsVisibleRegionRectI
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipMeasureCharacterRanges
GdipMeasureDriverString
GdipMeasureString
GdipMultiplyLineTransform
GdipMultiplyMatrix
GdipMultiplyPathGradientTransform
GdipMultiplyPenTransform
GdipMultiplyTextureTransform
GdipMultiplyWorldTransform
GdipNewInstalledFontCollection
GdipNewPrivateFontCollection
GdipPathIterCopyData
GdipPathIterEnumerate
GdipPathIterGetCount
GdipPathIterGetSubpathCount
GdipPathIterHasCurve
GdipPathIterIsValid
GdipPathIterNextMarker
GdipPathIterNextMarkerPath
GdipPathIterNextPathType
GdipPathIterNextSubpath
GdipPathIterNextSubpathPath
GdipPathIterRewind
GdipPlayMetafileRecord
GdipPrivateAddFontFile
GdipPrivateAddMemoryFont
GdipRecordMetafile
GdipRecordMetafileFileName
GdipRecordMetafileFileNameI
GdipRecordMetafileI
GdipRecordMetafileStream
GdipRecordMetafileStreamI
GdipReleaseDC
GdipRemovePropertyItem
GdipResetClip
GdipResetImageAttributes
GdipResetLineTransform
GdipResetPageTransform
GdipResetPath
GdipResetPathGradientTransform
GdipResetPenTransform
GdipResetTextureTransform
GdipResetWorldTransform
GdipRestoreGraphics
GdipReversePath
GdipRotateLineTransform
GdipRotateMatrix
GdipRotatePathGradientTransform
GdipRotatePenTransform
GdipRotateTextureTransform
GdipRotateWorldTransform
GdipSaveAdd
GdipSaveAddImage
GdipSaveGraphics
GdipSaveImageToFile
GdipSaveImageToStream
GdipScaleLineTransform
GdipScaleMatrix
GdipScalePathGradientTransform
GdipScalePenTransform
GdipScaleTextureTransform
GdipScaleWorldTransform
GdipSetAdjustableArrowCapFillState
GdipSetAdjustableArrowCapHeight
GdipSetAdjustableArrowCapMiddleInset
GdipSetAdjustableArrowCapWidth
GdipSetClipGraphics
GdipSetClipHrgn
GdipSetClipPath
GdipSetClipRect
GdipSetClipRectI
GdipSetClipRegion
GdipSetCompositingMode
GdipSetCompositingQuality
GdipSetCustomLineCapBaseCap
GdipSetCustomLineCapBaseInset
GdipSetCustomLineCapStrokeCaps
GdipSetCustomLineCapStrokeJoin

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HardwareInfo.dll
.dll windows:5 windows x86 arch:x86

cc56a372f38d28c61b1234b4269977f7

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6b:d0:fa:31:11:e1:60:37:0e:59:8f:35:d2:0a:41:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13-09-2010 00:00

Not After

12-11-2011 23:59

Subject

CN=Shenzhen DriveTheLife Software Technology Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen DriveTheLife Software Technology Co.Ltd,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b6:41:8f:12:ba:03:aa:80:d4:8e:07:7d:ea:3e:bd:76:39:01:29:6d
Signer

Actual PE Digest

b6:41:8f:12:ba:03:aa:80:d4:8e:07:7d:ea:3e:bd:76:39:01:29:6d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\C++\DTL\hw2010\HWDetection\release\HardwareInfo.pdb

Imports

kernel32

GetVersionExA
GlobalFindAtomW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
RtlUnwind
RaiseException
ExitProcess
HeapSize
GetCPInfo
GetACP
GlobalAddAtomW
IsValidCodePage
LCMapStringW
LCMapStringA
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapCreate
HeapDestroy
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableA
GlobalFlags
WritePrivateProfileStringW
CompareStringW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
SetErrorMode
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
CompareStringA
InterlockedExchange
lstrcmpW
lstrlenA
lstrcmpA
SetLastError
GlobalLock
GlobalUnlock
FormatMessageW
DeleteFileA
AreFileApisANSI
GetSystemTime
GetTempPathA
GetCurrentProcessId
DeleteFileW
GetCurrentThreadId
LoadLibraryA
LockFileEx
GetTempPathW
FlushFileBuffers
GetFileAttributesW
GetFileAttributesA
WriteFile
FormatMessageA
GetSystemTimeAsFileTime
LockFile
UnlockFile
QueryPerformanceCounter
InterlockedIncrement
SetEndOfFile
GetFileSize
CreateFileA
GetFullPathNameA
GetFullPathNameW
GetLocalTime
LocalAlloc
LocalFree
SetEvent
WaitForSingleObjectEx
FreeLibrary
GetModuleFileNameA
GetModuleHandleA
LoadLibraryW
lstrcatW
CreateEventW
InterlockedDecrement
GlobalFree
GlobalAlloc
lstrcmpiW
lstrcpyW
lstrlenW
GetModuleFileNameW
GetCurrentProcess
GetModuleHandleW
WideCharToMultiByte
GetProcAddress
DefineDosDeviceW
VirtualFree
VirtualAlloc
SetFilePointer
DeviceIoControl
LockResource
GetTickCount
GetVersionExW
Sleep
ReadFile
CreateFileW
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetOEMCP
CloseHandle

user32

DestroyMenu
ShowWindow
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
IsWindow
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
DefWindowProcW
CallWindowProcW
CopyRect
GetMenu
SetWindowLongW
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
GetDlgCtrlID
wsprintfW
LoadBitmapW
GetWindowRect
GetClassNameW
PtInRect
SetWindowTextW
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetCursor
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
ModifyMenuW
CreateWindowExW
GetKeyboardType
GetSystemMetrics
GetSubMenu
GetMenuItemCount
GetMenuItemID
EnableMenuItem
CheckMenuItem
GetWindowTextW
GetWindowThreadProcessId
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
LoadCursorW
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnregisterClassW
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
SendMessageW
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
UnhookWindowsHookEx
PostMessageW
PostQuitMessage
GetMenuState
GetDlgItem

gdi32

GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportOrgEx
SetViewportExtEx
GetDeviceCaps
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
OffsetViewportOrgEx

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegSetValueExW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueW
RegOpenKeyW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
CloseServiceHandle
ControlService
StartServiceW
QueryServiceStatus
OpenServiceW
OpenSCManagerW

shlwapi

PathRemoveFileSpecW
PathFindFileNameW
PathRemoveFileSpecA
PathFindExtensionW

ole32

CoSetProxyBlanket
CoInitializeEx
CoCreateInstance
CoInitializeSecurity
CoUninitialize

oleaut32

SysAllocString
SysFreeString
SysAllocStringLen
VariantInit
VariantClear
VariantChangeType

setupapi

SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInstanceIdW
SetupDiGetDriverInfoDetailW
SetupDiDestroyDriverInfoList
SetupDiGetDeviceInstallParamsW
SetupDiOpenDevRegKey
SetupDiSetDeviceInstallParamsW
SetupDiBuildDriverInfoList
SetupDiEnumDriverInfoW
SetupDiEnumDeviceInfo

iphlpapi

GetAdaptersInfo

ws2_32

gethostname
gethostbyname

Exports

Exports

??0SQLiteCommand@sqlite3provider@@QAE@ABV01@@Z
??0SQLiteCommand@sqlite3provider@@QAE@ABVSQLiteConnection@1@@Z
??0SQLiteCommand@sqlite3provider@@QAE@ABVSQLiteConnection@1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0SQLiteConnection@sqlite3provider@@AAE@ABV01@@Z
??0SQLiteConnection@sqlite3provider@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0SQLiteDataReader@sqlite3provider@@AAE@AAVSQLiteCommand@1@@Z
??0SQLiteDataTable@sqlite3provider@@QAE@ABV01@@Z
??0SQLiteDataTable@sqlite3provider@@QAE@ABVSQLiteConnection@1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0SQLiteDataTable@sqlite3provider@@QAE@XZ
??0SQLiteException@sqlite3provider@@QAE@ABV01@@Z
??0SQLiteException@sqlite3provider@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0SQLiteException@sqlite3provider@@QAE@ABVSQLiteConnection@1@@Z
??0SQLiteParameter@sqlite3provider@@QAE@ABVSQLiteCommand@1@@Z
??1SQLiteCommand@sqlite3provider@@QAE@XZ
??1SQLiteConnection@sqlite3provider@@QAE@XZ
??1SQLiteDataReader@sqlite3provider@@QAE@XZ
??1SQLiteDataTable@sqlite3provider@@QAE@XZ
??1SQLiteException@sqlite3provider@@UAE@XZ
??1SQLiteParameter@sqlite3provider@@QAE@XZ
??4CHardwareInfo@@QAEAAV0@ABV0@@Z
??4SQLiteDataTable@sqlite3provider@@QAEAAV01@ABV01@@Z
??4SQLiteException@sqlite3provider@@QAEAAV01@ABV01@@Z
??_7SQLiteException@sqlite3provider@@6B@
?HWGetInfors@@YG_NHHPAX@Z
?assign@SQLiteDataTable@sqlite3provider@@QAEXABVSQLiteConnection@2@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?assigned@SQLiteParameter@sqlite3provider@@ABEXXZ
?beginTransaction@SQLiteConnection@sqlite3provider@@QBE?AVSQLiteTransaction@2@XZ
?close@SQLiteConnection@sqlite3provider@@QAEXXZ
?close@SQLiteDataReader@sqlite3provider@@QAEXXZ
?columns@SQLiteDataTable@sqlite3provider@@QBEHXZ
?createParameter@SQLiteCommand@sqlite3provider@@QAE?AVSQLiteParameter@2@XZ
?execute@SQLiteConnection@sqlite3provider@@ABEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@P6AHPAXHPAPAD2@Z1@Z
?executeNonQuery@SQLiteCommand@sqlite3provider@@QAEHXZ
?executeReader@SQLiteCommand@sqlite3provider@@QAE?BVSQLiteDataReader@2@XZ
?executeScalar@SQLiteCommand@sqlite3provider@@QAEHXZ
?fill@SQLiteCommand@sqlite3provider@@QAEXAAVSQLiteDataTable@2@@Z
?finalize@SQLiteCommand@sqlite3provider@@AAEXXZ
?getBlob@SQLiteDataReader@sqlite3provider@@QBE?AV?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?getDataTypeName@SQLiteDataReader@sqlite3provider@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?getFieldCount@SQLiteDataReader@sqlite3provider@@QBEHXZ
?getFieldDbType@SQLiteDataReader@sqlite3provider@@QBE?AW4SQLiteDbType@2@H@Z
?getFieldName@SQLiteDataReader@sqlite3provider@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?getFieldName@SQLiteDataTable@sqlite3provider@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?getFieldValue@SQLiteDataTable@sqlite3provider@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HH@Z
?getFloat@SQLiteDataReader@sqlite3provider@@QBENH@Z
?getInt32@SQLiteDataReader@sqlite3provider@@QBEHH@Z
?getInt64@SQLiteDataReader@sqlite3provider@@QBE_JH@Z
?getString16@SQLiteDataReader@sqlite3provider@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?getString@SQLiteDataReader@sqlite3provider@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?isDbNull@SQLiteDataReader@sqlite3provider@@QBE_NH@Z
?isOpened@SQLiteConnection@sqlite3provider@@ABEXXZ
?open@SQLiteConnection@sqlite3provider@@QAEXXZ
?prepare@SQLiteCommand@sqlite3provider@@AAEXXZ
?read@SQLiteDataReader@sqlite3provider@@QBE_NXZ
?reset@SQLiteCommand@sqlite3provider@@AAEXXZ
?rows@SQLiteDataTable@sqlite3provider@@QBEHXZ
?set@SQLiteParameter@sqlite3provider@@QAEXH@Z
?set@SQLiteParameter@sqlite3provider@@QAEXHABH@Z
?set@SQLiteParameter@sqlite3provider@@QAEXHABN@Z
?set@SQLiteParameter@sqlite3provider@@QAEXHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?set@SQLiteParameter@sqlite3provider@@QAEXHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?set@SQLiteParameter@sqlite3provider@@QAEXHAB_J@Z
?set@SQLiteParameter@sqlite3provider@@QAEXHPBD@Z
?set@SQLiteParameter@sqlite3provider@@QAEXHPBDH@Z
?set@SQLiteParameter@sqlite3provider@@QAEXHPBXH@Z
?set@SQLiteParameter@sqlite3provider@@QAEXHPB_W@Z
?setBusyTimeout@SQLiteConnection@sqlite3provider@@QBEXH@Z
?setCommandText@SQLiteCommand@sqlite3provider@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?step@SQLiteCommand@sqlite3provider@@AAE_NXZ
?verify@SQLiteDataReader@sqlite3provider@@ABEXH@Z
?verify@SQLiteParameter@sqlite3provider@@AAEXH@Z
?what@SQLiteException@sqlite3provider@@UBEPBDXZ
HWClose
HWGetBatteryInfos
HWGetCPUInfos
HWGetDiskInfos
HWGetDiskNumber
HWGetDisplayInfos
HWGetDisplayNumber
HWGetInputInfos
HWGetMainboardInfos
HWGetMediaInfos
HWGetMediaNumber
HWGetMemoryInfos
HWGetMemoryModuleInfos
HWGetMonitorInfos
HWGetMonitorNumber
HWGetNetInfos
HWGetNetNumber
HWGetSensorInfos
HWGetSystemInfos
HWGetUAABusDesc
HWGetUAABusNumber
HWInit

Sections

.text
Size: 723KB - Virtual size: 723KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 496KB - Virtual size: 496KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HwInfo.dll
.dll windows:4 windows x86 arch:x86

3b276302d632bb969206b177e0c360f6

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6b:d0:fa:31:11:e1:60:37:0e:59:8f:35:d2:0a:41:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13-09-2010 00:00

Not After

12-11-2011 23:59

Subject

CN=Shenzhen DriveTheLife Software Technology Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen DriveTheLife Software Technology Co.Ltd,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b4:7f:df:fe:95:29:cc:1f:a4:6a:e6:35:97:4a:b8:7c:b8:3c:77:4c
Signer

Actual PE Digest

b4:7f:df:fe:95:29:cc:1f:a4:6a:e6:35:97:4a:b8:7c:b8:3c:77:4c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\work\DriveTheLife2011\DTLAD\release\HwInfo.pdb

Imports

kernel32

Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
GetCurrentThreadId
CloseHandle
ExitProcess
SetUnhandledExceptionFilter
OpenSemaphoreW
CreateFileA
FreeLibrary
WriteFile
GetProcAddress
CreateSemaphoreW
GetModuleFileNameA
GetModuleHandleA
WideCharToMultiByte
MultiByteToWideChar
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
OpenProcess
GetLocalTime
UnmapViewOfFile
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
InterlockedCompareExchange
SetEvent
InterlockedExchange
CreateEventW
GetSystemInfo
ReleaseSemaphore
TerminateThread
ExitThread
ResetEvent
GetTickCount
HeapAlloc
HeapFree
GetProcessHeap
HeapCreate
HeapDestroy
FlushFileBuffers
ReadFile
GetConsoleMode
GetConsoleCP
SetStdHandle
SetFilePointer
LCMapStringW
LCMapStringA
RtlUnwind
GetProcessTimes
GetSystemTimeAsFileTime
CompareFileTime
Sleep
GetStartupInfoA
GetFileType
SetHandleCount
GetStringTypeExA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LoadLibraryA
GetStdHandle
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapReAlloc
VirtualAlloc
RaiseException
HeapSize
GetOEMCP
GetACP
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetLastError
GetFileAttributesA
SetEndOfFile
DeleteFileA
CreateThread
GetCommandLineA
GetVersionExA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCPInfo
VirtualFree

user32

LoadStringA
GetMessageW
TranslateMessage
GetFocus
AttachThreadInput
EnumWindows
GetForegroundWindow
GetClassNameW
EnumChildWindows
SendMessageTimeoutW
FindWindowExW
GetWindowThreadProcessId
DispatchMessageW

shell32

ShellExecuteExA

ws2_32

WSAStartup
WSACleanup
WSACloseEvent
inet_ntoa
recvfrom
inet_addr
WSAEnumNetworkEvents
htons
WSAEventSelect
ntohs
getsockname
sendto
socket
WSACreateEvent
closesocket
WSAWaitForMultipleEvents
setsockopt

Exports

Exports

Close
Init
LocalInfo
NotifyChange
ParseStep
SetCallbackFunc
SetUserInfo
_RMonitor@16

Sections

.text
Size: 244KB - Virtual size: 242KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Languages/en-us.xml
Languages/hdCheck_1028.xml
Languages/hdCheck_1033.xml
Languages/hdCheck_2052.xml
Languages/zh-cn.xml
Languages/zh-tw.xml
RemoveDock.exe
.exe windows:4 windows x86 arch:x86

276cc70cf0c63d645ee141af3db35ac1

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6b:d0:fa:31:11:e1:60:37:0e:59:8f:35:d2:0a:41:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13-09-2010 00:00

Not After

12-11-2011 23:59

Subject

CN=Shenzhen DriveTheLife Software Technology Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen DriveTheLife Software Technology Co.Ltd,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:34:b4:1f:cc:43:a5:85:51:8d:2b:58:04:7a:7c:0f:4f:d1:bc:27
Signer

Actual PE Digest

30:34:b4:1f:cc:43:a5:85:51:8d:2b:58:04:7a:7c:0f:4f:d1:bc:27

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\DriveTheLife2010_Client\检测栏\RemoveDock\release\RemoveDock.pdb

Imports

kernel32

GetVersionExW
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetLastError
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
Sleep
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
GetLocaleInfoA
WideCharToMultiByte
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

ole32

CoInitialize
CoUninitialize

dockhelp

?ShowDockBand@@YG_N_N@Z
?InitDock@@YGX_N@Z

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Res/Image/WaitIntroduce.gif
.gif
Res/Image/Windows-2000.png
.png
Res/Image/Windows-2003.png
.png
Res/Image/Windows-2008.png
.png
Res/Image/Windows-7.png
.png
Res/Image/Windows-Vista.png
.png
Res/Image/Windows-XP.png
.png
Res/Image/en_us.bmp
Res/Image/waitting.gif
.gif
Res/Image/zh_cn.bmp
Res/Image/zh_tw.bmp
Res/ico.exe
Res/logo/3COM.jpg
.jpg
Res/logo/A-DATA.jpg
.jpg
Res/logo/ABIT.jpg
.jpg
Res/logo/ACER.jpg
.jpg
Res/logo/AEXEA.jpg
.jpg
Res/logo/ALI.jpg
.jpg
Res/logo/AMD.jpg
.jpg
Res/logo/AMI.jpg
.jpg
Res/logo/AOC.jpg
.jpg
Res/logo/AOPEN.jpg
.jpg
Res/logo/APACER.jpg
.jpg
Res/logo/ASROCK.jpg
.jpg
Res/logo/ASUS.jpg
.jpg
Res/logo/ASZ.jpg
.jpg
Res/logo/ATI.jpg
.jpg
Res/logo/B&DATA.jpg
.jpg
Res/logo/B-LINK.jpg
.jpg
Res/logo/BENQ.jpg
.jpg
Res/logo/BIOSTAR.jpg
.jpg
Res/logo/CHAINTECH.jpg
.jpg
Res/logo/CISCO.jpg
.jpg
Res/logo/CORSAIR.jpg
.jpg
Res/logo/CREATIVE.jpg
.jpg
Res/logo/Colorful.jpg
.jpg
Res/logo/Comeon.jpg
.jpg
Res/logo/D-LINK.jpg
.jpg
Res/logo/DELL.jpg
.jpg
Res/logo/DFI.jpg
.jpg
Res/logo/DTK.jpg
.jpg
Res/logo/E-MU.jpg
.jpg
Res/logo/EAST.jpg
.jpg
Res/logo/ECS.jpg
.jpg
Res/logo/ELEPHANT.jpg
.jpg
Res/logo/ELIXIR.jpg
.jpg
Res/logo/ELSA.jpg
.jpg
Res/logo/ENLON.jpg
.jpg
Res/logo/ENNYAH.jpg
.jpg
Res/logo/FIC.jpg
.jpg
Res/logo/FUJITSU.jpg
.jpg
Res/logo/G.SKILL.jpg
.jpg
Res/logo/GAINWARO.jpg
.jpg
Res/logo/GALAXY.jpg
.jpg
Res/logo/GAMEN.jpg
.jpg
Res/logo/GEIL.jpg
.jpg
Res/logo/GIGABYTE.jpg
.jpg
Res/logo/GREAT WALL.jpg
.jpg
Res/logo/HASEE.jpg
.jpg
Res/logo/HITACHI.jpg
.jpg
Res/logo/HOMKEY.jpg
.jpg
Res/logo/HP.jpg
.jpg
Res/logo/HYNIX.jpg
.jpg
Res/logo/IBM.jpg
.jpg
Res/logo/INNOVISION.jpg
.jpg
Res/logo/INTEL.jpg
.jpg
Res/logo/IOMEGA.jpg
.jpg
Res/logo/J&W.jpg
.jpg
Res/logo/JETWAY.jpg
.jpg
Res/logo/KINGBOX.jpg
.jpg
Res/logo/KINGFAST.jpg
.jpg
Res/logo/KINGMAX.jpg
.jpg
Res/logo/KINGSPEC.jpg
.jpg
Res/logo/KINGSTEK.jpg
.jpg
Res/logo/KINGSTON.jpg
.jpg
Res/logo/KINGTIGER.jpg
.jpg
Res/logo/LEADTEK.jpg
.jpg
Res/logo/LENOVO.jpg
.jpg
Res/logo/LINKSYS.jpg
.jpg
Res/logo/LITEON.jpg
.jpg
Res/logo/LITTLE TIGER.jpg
.jpg
Res/logo/LOGITECH.jpg
.jpg
Res/logo/M-ONE.jpg
.jpg
Res/logo/MACY.jpg
.jpg
Res/logo/MAGIC-PRO.jpg
.jpg
Res/logo/MATROX.jpg
.jpg
Res/logo/MAXSUN.jpg
.jpg
Res/logo/MAXTOR.jpg
.jpg
Res/logo/MAYA.jpg
.jpg
Res/logo/MEGASTAR.jpg
.jpg
Res/logo/MICRON.jpg
.jpg
Res/logo/MICROSOFT.jpg
.jpg
Res/logo/MMC.jpg
.jpg
Res/logo/MSI.jpg
.jpg
Res/logo/MUSILAND .jpg
.jpg
Res/logo/M_AUDIO.jpg
.jpg
Res/logo/NEC.jpg
.jpg
Res/logo/NETGEAR.jpg
.jpg
Res/logo/NOKIA.jpg
.jpg
Res/logo/NVIDIA.jpg
.jpg
Res/logo/OCZ.jpg
.jpg
Res/logo/OMEGA.jpg
.jpg
Res/logo/OMRON.jpg
.jpg
Res/logo/ONDA.jpg
.jpg
Res/logo/ONKYO.jpg
.jpg
Res/logo/PHILIPS.jpg
.jpg
Res/logo/PHOENIX.jpg
.jpg
Res/logo/PINE.jpg
.jpg
Res/logo/POWERCOLOR.jpg
.jpg
Res/logo/QDI.jpg
.jpg
Res/logo/QIMONDA.jpg
.jpg
Res/logo/QUANTUM.jpg
.jpg
Res/logo/RAZER.jpg
.jpg
Res/logo/REALTEK.jpg
.jpg
Res/logo/SAMSUNG.jpg
.jpg
Res/logo/SANYO.jpg
.jpg
Res/logo/SAPPHIRE.jpg
.jpg
Res/logo/SEAGATE.jpg
.jpg
Res/logo/SHARK.jpg
.jpg
Res/logo/SIEMENS.jpg
.jpg
Res/logo/SIS.jpg
.jpg
Res/logo/SONY.jpg
.jpg
Res/logo/SOYO.jpg
.jpg
Res/logo/SPARK.jpg
.jpg
Res/logo/SUPER GRAPHIC.jpg
.jpg
Res/logo/SUPOX.jpg
.jpg
Res/logo/SYMBOL.jpg
.jpg
Res/logo/T&W.jpg
.jpg
Res/logo/TAIYANFA.jpg
.jpg
Res/logo/TDK.jpg
.jpg
Res/logo/TEKRAM.jpg
.jpg
Res/logo/TERRATEC.jpg
.jpg
Res/logo/TEXAS INSTRUMENTS.jpg
.jpg
Res/logo/TOSHIBA.jpg
.jpg
Res/logo/TOYOTA.jpg
.jpg
Res/logo/TP-LINK.jpg
.jpg
Res/logo/TRANSMETA.jpg
.jpg
Res/logo/TYAN.jpg
.jpg
Res/logo/UMC.jpg
.jpg
Res/logo/UNIKA.jpg
.jpg
Res/logo/VIA.jpg
.jpg
Res/logo/WESTERN DIGITAL.jpg
.jpg
Res/logo/WINBOND.jpg
.jpg
Res/logo/XFX.jpg
.jpg
Res/logo/YESTON.jpg
.jpg
Res/logo/ZOTAC.jpg
.jpg
Res/logo/logo.xml
Res/logo/СӰԻӰ.jpg
.jpg
Res/logo/.jpg
.jpg
Res/logo/.jpg
.jpg
Res/logo/.jpg
.jpg
Res/logo/.jpg
.jpg
ResMgr.dll
.dll windows:4 windows x86 arch:x86

28559dbe17e7be8c84f3291960fa8496

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6b:d0:fa:31:11:e1:60:37:0e:59:8f:35:d2:0a:41:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13-09-2010 00:00

Not After

12-11-2011 23:59

Subject

CN=Shenzhen DriveTheLife Software Technology Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen DriveTheLife Software Technology Co.Ltd,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f0:8f:45:84:9f:e6:0c:37:b6:40:34:c5:99:74:1c:46:13:16:27:20
Signer

Actual PE Digest

f0:8f:45:84:9f:e6:0c:37:b6:40:34:c5:99:74:1c:46:13:16:27:20

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\WORK\DriveTheLife2010_Client\bin\release\ResMgr.pdb

Imports

kernel32

LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
GetLocaleInfoA
InitializeCriticalSection
LCMapStringW
GetOEMCP
GetACP
GetCPInfo
WriteFile
HeapReAlloc
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringW
lstrcmpiW
GlobalUnlock
GlobalLock
GlobalAlloc
LoadResource
LockResource
SizeofResource
LoadLibraryA
FindResourceW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
RtlUnwind
GetLastError
GetProcAddress
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
HeapSize
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection

user32

GetWindowLongW
GetPropW
SetPropW
GetFocus
SetWindowLongW
GetDlgItem
IsWindow
GetClassNameW
SendMessageW
RedrawWindow
GetSystemMetrics
ReleaseDC
GetSysColorBrush
GetWindowDC
LoadBitmapW
DrawFocusRect
DrawTextW
GetWindowTextW
InflateRect
FrameRect
GetSysColor
FillRect
RemovePropW
TrackMouseEvent
EndPaint
BeginPaint
GetWindowRect
DefWindowProcW
CallWindowProcW

gdi32

SetPixel
SetTextColor
LineTo
MoveToEx
CreatePen
CreateSolidBrush
GetStockObject
DeleteDC
DeleteObject
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
SetBkMode

ole32

CreateStreamOnHGlobal

msimg32

GradientFill

gdiplus

GdipAlloc
GdiplusStartup
GdiplusShutdown
GdipLoadImageFromStream
GdipCloneImage
GdipDisposeImage
GdipFree

Exports

Exports

?Mgr_GetImage@@YAPAVImage@Gdiplus@@PB_W@Z
?Mgr_InitRes@@YAXXZ
?Mgr_SkinCtrl@@YAXPAUHWND__@@@Z
?Mgr_SkinCtrlEx@@YAXPAUHWND__@@PAIH@Z
?Mgr_UnInitRes@@YAXXZ

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 464KB - Virtual size: 463KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Statistics.dll
.dll windows:4 windows x86 arch:x86

fa3f92580e635612e6e1bd722301a7c6

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6b:d0:fa:31:11:e1:60:37:0e:59:8f:35:d2:0a:41:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13-09-2010 00:00

Not After

12-11-2011 23:59

Subject

CN=Shenzhen DriveTheLife Software Technology Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen DriveTheLife Software Technology Co.Ltd,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ad:14:08:06:df:87:8c:75:e2:b4:78:da:5b:02:62:2f:1c:bf:5e:b4
Signer

Actual PE Digest

ad:14:08:06:df:87:8c:75:e2:b4:78:da:5b:02:62:2f:1c:bf:5e:b4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\bin\release\Statistics.pdb

Imports

kernel32

DeviceIoControl
CloseHandle
MultiByteToWideChar
Sleep
LoadLibraryW
GetProcAddress
FreeLibrary
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLocalTime
GetModuleFileNameA
CreateFileW
GetVersionExW
CreateFileA
GetModuleHandleW
GetCurrentProcess
GetModuleHandleA
LoadLibraryA
LocalFree
lstrlenA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement
ExitThread
GetCurrentThreadId
GetLastError
CreateThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
GetProcessHeap
GetCommandLineA
GetVersionExA
RaiseException
RtlUnwind
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetCPInfo
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
ExitProcess
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetACP
GetOEMCP
SetFilePointer
SetStdHandle
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetLocaleInfoA
GetStringTypeA

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString

ws2_32

gethostbyname

Exports

Exports

StatisticsClose
StatisticsInit
StatisticsReportDriverActiveUser
StatisticsReportDriverInstallResult
StatisticsReportNewsID
StatisticsReportSoftID
StatisticsReportUserHabit
StatisticsRequestNewsURL
StatisticsRequestNewsURLEx
StatisticsRequestSoftURL
StatisticsRequestSoftURLEx
_GetNewPCID@8
_StatisticsInitEx@20
_StatisticsNewPCID@4

Sections

.text
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Userconfig.dat
What is new.txt
devnts.dll
.dll windows:4 windows x86 arch:x86

9704c6413403804e79b3afc92396146e

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6b:d0:fa:31:11:e1:60:37:0e:59:8f:35:d2:0a:41:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13-09-2010 00:00

Not After

12-11-2011 23:59

Subject

CN=Shenzhen DriveTheLife Software Technology Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen DriveTheLife Software Technology Co.Ltd,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e5:22:a7:49:b7:85:2f:96:c4:77:90:d3:7d:ef:ee:db:eb:f4:e6:0d
Signer

Actual PE Digest

e5:22:a7:49:b7:85:2f:96:c4:77:90:d3:7d:ef:ee:db:eb:f4:e6:0d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\work\DriveTheLife2010\DTL2010\AD2010\release\devnts.pdb

Imports

kernel32

GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Exports

Exports

LocalInfo

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driverbak.dll
.dll windows:4 windows x86 arch:x86

9a800eff0ab2c97f6a0ca73c1d256367

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6b:d0:fa:31:11:e1:60:37:0e:59:8f:35:d2:0a:41:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13-09-2010 00:00

Not After

12-11-2011 23:59

Subject

CN=Shenzhen DriveTheLife Software Technology Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen DriveTheLife Software Technology Co.Ltd,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:aa:b0:ad:3c:40:21:a6:8d:2a:ea:50:38:c3:6e:82:22:21:c1:6b
Signer

Actual PE Digest

39:aa:b0:ad:3c:40:21:a6:8d:2a:ea:50:38:c3:6e:82:22:21:c1:6b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\work\DriveTheLife2010\DTL2010\2010Driver\driverbak\release\driverbak.pdb

Imports

gzipdll

unzipex
zip
gz_compress
unzip
gz_uncompress
gz_hash

kernel32

LoadLibraryW
GetModuleFileNameW
GetProcAddress
GetWindowsDirectoryW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLocalTime
GetModuleFileNameA
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
GetSystemInfo
GetCurrentThreadId
CloseHandle
ExitThread
GetTickCount
GetCurrentProcess
GetSystemDirectoryW
Sleep
GetVersionExW
CreateFileW
GetLastError
LocalAlloc
LocalFree
CreateFileA
GetFileAttributesW
FileTimeToSystemTime
DeleteFileW
CreateProcessW
OpenProcess
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
GetTempFileNameW
MoveFileExW
GetExitCodeProcess
GetSystemDefaultLCID
GetCurrentProcessId
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
WriteConsoleW
GetConsoleOutputCP
FreeLibrary
MultiByteToWideChar
WideCharToMultiByte
SetFileAttributesW
FindNextFileW
FindClose
CopyFileW
FindFirstFileW
LoadLibraryA
GetModuleHandleW
WriteConsoleA
HeapReAlloc
GetStringTypeW
GetStringTypeA
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
ExitProcess
FlushFileBuffers
SetStdHandle
GetLocaleInfoA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
RaiseException
GetVersionExA
GetCommandLineA
MoveFileW
GetConsoleMode
GetConsoleCP
WriteFile
SetFilePointer
ReadFile
CreateThread
DeleteFileA
GetProcessHeap
HeapAlloc
HeapFree
SetEndOfFile
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RemoveDirectoryW
CreateDirectoryW

user32

PostMessageW
GetWindowThreadProcessId
SetWindowTextW
FindWindowExW
IsWindow
EnumChildWindows
GetWindowTextW
FindWindowW

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

ShellExecuteExW

ole32

CLSIDFromString

setupapi

SetupScanFileQueueW
SetupDiEnumDriverInfoW
SetupDiSetSelectedDriverW
CM_Reenumerate_DevNode_Ex
SetupDiOpenDevRegKey
SetupDiSetClassInstallParamsW
SetupGetTargetPathW
SetupGetFieldCount
SetupGetLineCountW
SetupFindFirstLineW
SetupOpenInfFileW
SetupCloseInfFile
SetupGetStringFieldW
SetupFindNextLine
SetupCloseFileQueue
SetupDiRemoveDevice
SetupDiInstallDriverFiles
SetupOpenFileQueue
CM_Get_DevNode_Status
SetupDiGetDriverInfoDetailW
CM_Locate_DevNode_ExW
SetupDiBuildDriverInfoList
SetupDiGetDeviceInstallParamsW
SetupDiGetSelectedDriverW
SetupDiSetDriverInstallParamsW
SetupDiGetDriverInstallParamsW
SetupDiCallClassInstaller
SetupDiDestroyDriverInfoList
SetupDiSelectBestCompatDrv
SetupDiSetSelectedDevice
SetupDiSetDeviceInstallParamsW
SetupDiGetINFClassW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInstanceIdW

Exports

Exports

DBBackupDriver
DBBeginBackup
DBBeginComeback
DBEndBackup
DBEndComeback
DBGetBackupErrorID
DBGetBackupInfo
DBGetBackupStatus
DBGetComebackErrorCode
DBGetComebackErrorMsg
DBGetComebackStatus
DBInstallDriver
DBIsRequeiredReboot
SH_GetDevInstanceID
SH_GetDriverFileCount
SH_GetDriverInfo
SH_GetDriverProblemMsg
SH_GetFullHwID
SH_JudgeDriverStatus
SH_ReenumerateDevice
SH_RemoveDriver
SH_Unzip
SH_UnzipEx
SH_Zip
_SH_ChangeDeviceStatus@16

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
drv64.exe
.exe windows:4 windows x64 arch:x64

c5a6ceb17f54dfe16400cd1067958cd0

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6b:d0:fa:31:11:e1:60:37:0e:59:8f:35:d2:0a:41:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13-09-2010 00:00

Not After

12-11-2011 23:59

Subject

CN=Shenzhen DriveTheLife Software Technology Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen DriveTheLife Software Technology Co.Ltd,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:25:36:79:fb:24:0a:13:18:64:fc:8c:6c:8c:da:91:82:7f:fc:79
Signer

Actual PE Digest

0d:25:36:79:fb:24:0a:13:18:64:fc:8c:6c:8c:da:91:82:7f:fc:79

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\bin\drv64.pdb

Imports

kernel32

MoveFileExA
FreeLibrary
Sleep
GetFileAttributesA
GetSystemDirectoryA
GetLastError
GetProcAddress
GetTempFileNameA
LoadLibraryA
lstrlenA
GetCurrentProcess
GetModuleHandleA
LocalFree
GetWindowsDirectoryA
GetSystemInfo
GetVersionExA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLocalTime
GetModuleFileNameA
DeleteCriticalSection
CloseHandle
SetFileAttributesA
CreateFileA
LocalAlloc
HeapReAlloc
SetEndOfFile
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
HeapSize
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LCMapStringW
LCMapStringA
SetStdHandle
GetStartupInfoA
SetHandleCount
GetStdHandle
ExitProcess
GetFileType
HeapCreate
HeapSetInformation
FlsAlloc
HeapFree
HeapAlloc
MultiByteToWideChar
ReadFile
SetFilePointer
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
DeleteFileA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
GetCommandLineA
GetProcessHeap
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
GetCPInfo
GetACP
GetOEMCP
FlsGetValue
FlsSetValue
TlsFree
FlsFree
SetLastError
GetCurrentThreadId

setupapi

SetupDiSetDriverInstallParamsA
SetupFindNextLine
SetupGetLineCountA
SetupOpenInfFileA
SetupFindFirstLineA
SetupGetStringFieldA
SetupGetTargetPathA
SetupGetFieldCount
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupCloseInfFile
SetupDiGetINFClassA
SetupDiSetDeviceInstallParamsA
SetupDiBuildDriverInfoList
SetupDiGetSelectedDriverA
SetupDiGetDeviceInstallParamsA
SetupDiGetDriverInstallParamsA
SetupDiDestroyDeviceInfoList
SetupDiCallClassInstaller
SetupDiDestroyDriverInfoList
SetupDiSetSelectedDevice
SetupDiGetClassDevsA

Sections

.text
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
drvcore.dll
.dll windows:4 windows x86 arch:x86

605e97a991bc458c02c2b74e0acd5a8b

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6b:d0:fa:31:11:e1:60:37:0e:59:8f:35:d2:0a:41:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13-09-2010 00:00

Not After

12-11-2011 23:59

Subject

CN=Shenzhen DriveTheLife Software Technology Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen DriveTheLife Software Technology Co.Ltd,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fa:d3:ab:67:d8:0b:d6:6d:13:ae:c7:75:f1:ed:f8:14:ba:70:16:90
Signer

Actual PE Digest

fa:d3:ab:67:d8:0b:d6:6d:13:ae:c7:75:f1:ed:f8:14:ba:70:16:90

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\work\DriveTheLife2010\DTL2010\2010Driver\DriverCore\release\drvcore.pdb

Imports

kernel32

FreeLibrary
LoadLibraryW
GetProcAddress
WideCharToMultiByte
MultiByteToWideChar
Sleep
WritePrivateProfileStringW
GetPrivateProfileSectionW
GetCurrentProcess
GetModuleHandleW
GetPrivateProfileStringW
GetUserDefaultLangID
GetPrivateProfileStructW
GetVersionExW
WritePrivateProfileStructW
FileTimeToSystemTime
SystemTimeToFileTime
InterlockedDecrement
LoadLibraryA
GetModuleHandleA
FindFirstFileW
FindClose
FindNextFileW
SetFileAttributesW
GetTempPathW
GetWindowsDirectoryW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLocalTime
GetModuleFileNameA
DeleteCriticalSection
InterlockedIncrement
InterlockedCompareExchange
InterlockedExchange
GetCurrentThreadId
CloseHandle
GetTickCount
GetFullPathNameW
GetFullPathNameA
CreateFileA
GetFileSize
SetFilePointer
SetEndOfFile
QueryPerformanceCounter
UnlockFile
LockFile
GetSystemTimeAsFileTime
FormatMessageA
WriteFile
GetFileAttributesA
GetFileAttributesW
ReadFile
CreateFileW
FlushFileBuffers
GetLastError
LockFileEx
DeleteFileW
GetCurrentProcessId
GetTempPathA
GetSystemTime
AreFileApisANSI
DeleteFileA
GetOEMCP
GetACP
GetStringTypeW
LocalFree
lstrlenA
SetEnvironmentVariableA
GetLocaleInfoW
WriteConsoleW
GetStringTypeA
CompareStringW
CompareStringA
GetDateFormatA
GetTimeFormatA
GetConsoleOutputCP
WriteConsoleA
IsValidCodePage
ExitProcess
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
SetStdHandle
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
HeapSize
SetLastError
TlsFree
TlsSetValue
TlsAlloc
GetLocaleInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
MoveFileW
CreateDirectoryW
RemoveDirectoryW
FileTimeToLocalFileTime
HeapAlloc
GetProcessHeap
HeapReAlloc
GetCommandLineA
GetVersionExA
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
TlsGetValue

ole32

CoUninitialize
CoSetProxyBlanket
CoCreateInstance
CoInitializeEx

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

ws2_32

gethostbyname

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInstanceIdW

Exports

Exports

??0SQLiteCommand@sqlite3provider@@QAE@ABV01@@Z
??0SQLiteCommand@sqlite3provider@@QAE@ABVSQLiteConnection@1@@Z
??0SQLiteCommand@sqlite3provider@@QAE@ABVSQLiteConnection@1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0SQLiteConnection@sqlite3provider@@AAE@ABV01@@Z
??0SQLiteConnection@sqlite3provider@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0SQLiteDataReader@sqlite3provider@@AAE@AAVSQLiteCommand@1@@Z
??0SQLiteDataTable@sqlite3provider@@QAE@ABV01@@Z
??0SQLiteDataTable@sqlite3provider@@QAE@ABVSQLiteConnection@1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0SQLiteDataTable@sqlite3provider@@QAE@XZ
??0SQLiteException@sqlite3provider@@QAE@ABV01@@Z
??0SQLiteException@sqlite3provider@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0SQLiteException@sqlite3provider@@QAE@ABVSQLiteConnection@1@@Z
??0SQLiteParameter@sqlite3provider@@QAE@ABVSQLiteCommand@1@@Z
??1SQLiteCommand@sqlite3provider@@QAE@XZ
??1SQLiteConnection@sqlite3provider@@QAE@XZ
??1SQLiteDataReader@sqlite3provider@@QAE@XZ
??1SQLiteDataTable@sqlite3provider@@QAE@XZ
??1SQLiteException@sqlite3provider@@UAE@XZ
??1SQLiteParameter@sqlite3provider@@QAE@XZ
??4SQLiteDataTable@sqlite3provider@@QAEAAV01@ABV01@@Z
??4SQLiteException@sqlite3provider@@QAEAAV01@ABV01@@Z
??_7SQLiteException@sqlite3provider@@6B@
?assign@SQLiteDataTable@sqlite3provider@@QAEXABVSQLiteConnection@2@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?assigned@SQLiteParameter@sqlite3provider@@ABEXXZ
?beginTransaction@SQLiteConnection@sqlite3provider@@QBE?AVSQLiteTransaction@2@XZ
?close@SQLiteConnection@sqlite3provider@@QAEXXZ
?close@SQLiteDataReader@sqlite3provider@@QAEXXZ
?columns@SQLiteDataTable@sqlite3provider@@QBEHXZ
?createParameter@SQLiteCommand@sqlite3provider@@QAE?AVSQLiteParameter@2@XZ
?execute@SQLiteConnection@sqlite3provider@@ABEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@P6AHPAXHPAPAD2@Z1@Z
?executeNonQuery@SQLiteCommand@sqlite3provider@@QAEHXZ
?executeReader@SQLiteCommand@sqlite3provider@@QAE?BVSQLiteDataReader@2@XZ
?executeScalar@SQLiteCommand@sqlite3provider@@QAEHXZ
?fill@SQLiteCommand@sqlite3provider@@QAEXAAVSQLiteDataTable@2@@Z
?finalize@SQLiteCommand@sqlite3provider@@AAEXXZ
?getBlob@SQLiteDataReader@sqlite3provider@@QBE?AV?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?getDataTypeName@SQLiteDataReader@sqlite3provider@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?getFieldCount@SQLiteDataReader@sqlite3provider@@QBEHXZ
?getFieldDbType@SQLiteDataReader@sqlite3provider@@QBE?AW4SQLiteDbType@2@H@Z
?getFieldName@SQLiteDataReader@sqlite3provider@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?getFieldName@SQLiteDataTable@sqlite3provider@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?getFieldValue@SQLiteDataTable@sqlite3provider@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HH@Z
?getFloat@SQLiteDataReader@sqlite3provider@@QBENH@Z
?getInt32@SQLiteDataReader@sqlite3provider@@QBEHH@Z
?getInt64@SQLiteDataReader@sqlite3provider@@QBE_JH@Z
?getString16@SQLiteDataReader@sqlite3provider@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?getString@SQLiteDataReader@sqlite3provider@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?isDbNull@SQLiteDataReader@sqlite3provider@@QBE_NH@Z
?isOpened@SQLiteConnection@sqlite3provider@@ABEXXZ
?open@SQLiteConnection@sqlite3provider@@QAEXXZ
?prepare@SQLiteCommand@sqlite3provider@@AAEXXZ
?read@SQLiteDataReader@sqlite3provider@@QBE_NXZ
?reset@SQLiteCommand@sqlite3provider@@AAEXXZ
?rows@SQLiteDataTable@sqlite3provider@@QBEHXZ
?set@SQLiteParameter@sqlite3provider@@QAEXH@Z
?set@SQLiteParameter@sqlite3provider@@QAEXHABH@Z
?set@SQLiteParameter@sqlite3provider@@QAEXHABN@Z
?set@SQLiteParameter@sqlite3provider@@QAEXHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?set@SQLiteParameter@sqlite3provider@@QAEXHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?set@SQLiteParameter@sqlite3provider@@QAEXHAB_J@Z
?set@SQLiteParameter@sqlite3provider@@QAEXHPBD@Z
?set@SQLiteParameter@sqlite3provider@@QAEXHPBDH@Z
?set@SQLiteParameter@sqlite3provider@@QAEXHPBXH@Z
?set@SQLiteParameter@sqlite3provider@@QAEXHPB_W@Z
?setBusyTimeout@SQLiteConnection@sqlite3provider@@QBEXH@Z
?setCommandText@SQLiteCommand@sqlite3provider@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?step@SQLiteCommand@sqlite3provider@@AAE_NXZ
?verify@SQLiteDataReader@sqlite3provider@@ABEXH@Z
?verify@SQLiteParameter@sqlite3provider@@AAEXH@Z
?what@SQLiteException@sqlite3provider@@UBEPBDXZ
DTLBackupDrv
DTLChangeBackupPath
DTLChangeMatchDriverType
DTLCheckMatchDrvIsDownloaded
DTLClose
DTLDelAllBackup
DTLDelBackupInfoByDate
DTLDelBackupInfoByHWIDAndDate
DTLDelBackupInfoByHwId
DTLDelBackupInfoByIndex
DTLDeleteDownloadFile
DTLDownloadDrv
DTLDownloadFile
DTLDownloadFileStatus
DTLEvaluateDrvSystem
DTLFreshClassDev
DTLFreshDriverInfo
DTLGetBackupInfo
DTLGetBackupInfoCount
DTLGetBackupPathList
DTLGetClassDevCount
DTLGetClientID
DTLGetDevClassCode
DTLGetDevClassType
DTLGetDevDesc
DTLGetDevHWId
DTLGetDevHandle
DTLGetDevHandleByHWID
DTLGetDevInst
DTLGetLDrvDate
DTLGetLDrvProvider
DTLGetLDrvStatus
DTLGetLDrvVer
DTLGetLMatchHwId
DTLGetMatchDeviceID
DTLGetMatchDrvCount
DTLGetMatchDrvDate
DTLGetMatchDrvHash
DTLGetMatchDrvIntroduce
DTLGetMatchDrvLevel
DTLGetMatchDrvProvider
DTLGetMatchDrvSetupID
DTLGetMatchDrvSize
DTLGetMatchDrvSource
DTLGetMatchDrvVer
DTLGetPCID
DTLGetServer
DTLGetTotalSpeed
DTLGetUnionID
DTLGetUpdatePath
DTLGetUsingDevFilter
DTLInit
DTLIsExistBackupInfo
DTLIsFilterUpdate
DTLIsNeedBackupDrv
DTLIsNeedUpdateDrv
DTLMakeClassDevHandle
DTLRevertDrv
DTLRevertDrvEx
DTLSelectedOtherBackupPath
DTLSetDeviceChangeNotifyCallback
DTLSetFilterUpdate
DTLSetNetworkStatusNotifyCallback
DTLSetUnionID
DTLSetUpdatePath
DTLSetUsingDevFilter
DTLSetVersion
DTLStopDownloadDrv
DTLStopDownloadFile
DTLUninstallDrv
DTLUnzip
DTLUnzipEx
DTLUpdateDrv
DTLZip

Sections

.text
Size: 632KB - Virtual size: 631KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
drvnts.dll
.dll windows:4 windows x86 arch:x86

9704c6413403804e79b3afc92396146e

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6b:d0:fa:31:11:e1:60:37:0e:59:8f:35:d2:0a:41:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13-09-2010 00:00

Not After

12-11-2011 23:59

Subject

CN=Shenzhen DriveTheLife Software Technology Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen DriveTheLife Software Technology Co.Ltd,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c2:f1:b8:8e:70:24:00:2f:62:56:80:53:5a:18:be:b0:f2:64:68:64
Signer

Actual PE Digest

c2:f1:b8:8e:70:24:00:2f:62:56:80:53:5a:18:be:b0:f2:64:68:64

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\work\DriveTheLife2010\DTL2010\AD2010\release\drvnts.pdb

Imports

kernel32

GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Exports

Exports

LocalInfo

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
gzipdll.dll
.dll windows:4 windows x86 arch:x86

2984f954b31423fa6fac157ee635883a

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6b:d0:fa:31:11:e1:60:37:0e:59:8f:35:d2:0a:41:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13-09-2010 00:00

Not After

12-11-2011 23:59

Subject

CN=Shenzhen DriveTheLife Software Technology Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen DriveTheLife Software Technology Co.Ltd,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4b:b6:22:e9:ac:a0:12:cb:18:6b:18:79:c7:23:86:ba:06:79:57:18
Signer

Actual PE Digest

4b:b6:22:e9:ac:a0:12:cb:18:6b:18:79:c7:23:86:ba:06:79:57:18

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\work\DriveTheLife2010\DTL2010\2010Driver\driverbak\release\gzipdll.pdb

Imports

kernel32

FindFirstFileW
GetFileAttributesW
GetLastError
GetCurrentDirectoryW
FindClose
SetCurrentDirectoryW
FindNextFileW
SetFileAttributesW
WideCharToMultiByte
lstrlenW
MultiByteToWideChar
GetProcAddress
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLocalTime
GetModuleFileNameA
DeleteCriticalSection
MapViewOfFile
UnmapViewOfFile
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
CreateFileMappingW
GetCurrentThreadId
CloseHandle
GetTickCount
DosDateTimeToFileTime
SetFilePointer
SystemTimeToFileTime
GetCurrentProcess
CreateDirectoryW
SetFileTime
WriteFile
ReadFile
CreateFileW
GetFileType
FileTimeToDosDateTime
GetFileSize
FileTimeToSystemTime
GetFileInformationByHandle
GetSystemTime
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LoadLibraryA
HeapSize
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetSystemTimeAsFileTime
GetThreadLocale
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
Sleep
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetEndOfFile
HeapFree
HeapAlloc
GetProcessHeap
GetCommandLineA
GetVersionExA
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
GetACP
GetOEMCP
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
SetStdHandle
SetHandleCount
GetStdHandle
GetStartupInfoA
CreateFileA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ExitProcess
HeapDestroy

Exports

Exports

gz_compress
gz_hash
gz_uncompress
unzip
unzipex
zip

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hdcore.dat
.dll windows:4 windows x86 arch:x86

a3c53e55a492c39e4192d9e552b4d162

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6b:d0:fa:31:11:e1:60:37:0e:59:8f:35:d2:0a:41:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13-09-2010 00:00

Not After

12-11-2011 23:59

Subject

CN=Shenzhen DriveTheLife Software Technology Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen DriveTheLife Software Technology Co.Ltd,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

98:49:2f:4b:1a:3f:35:cb:13:f9:ff:ad:d7:9a:d7:c9:9f:b6:bf:29
Signer

Actual PE Digest

98:49:2f:4b:1a:3f:35:cb:13:f9:ff:ad:d7:9a:d7:c9:9f:b6:bf:29

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\CPUID\customers\[DriveTheLife] 131 NETWORK\CPUIDSDK\makefiles\win32_dll\vc2005\Release\cpuidsdk.pdb

Imports

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

user32

GetSystemMetrics
wsprintfA

ole32

CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity
CoInitialize
CoInitializeEx
CoUninitialize

oleaut32

VariantInit
SafeArrayGetVartype
SafeArrayGetElemsize
SafeArrayGetElement
VariantClear
SysAllocString
SysFreeString
SysAllocStringByteLen
SysStringLen

kernel32

lstrlenA
GetSystemInfo
FreeLibrary
GetProcAddress
LoadLibraryA
Sleep
ReleaseMutex
GetVersionExA
CloseHandle
MultiByteToWideChar
WaitForSingleObject
CreateMutexA
GetLastError
SetLastError
WideCharToMultiByte
SetFilePointer
GlobalMemoryStatus
GetTempPathA
GetModuleHandleA
GetModuleFileNameA
GetCurrentDirectoryA
GetCurrentProcess
CreateFileA
LocalAlloc
LocalFree
DeviceIoControl
GetCurrentThread
GetProcessAffinityMask
GetVolumeInformationA
ReadFile
WriteFile
CreateEventA
GetOverlappedResult
WriteConsoleA
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount
CreateDirectoryA
SetCurrentDirectoryA
GetComputerNameA
RemoveDirectoryA
DeleteFileA
GetWindowsDirectoryA
SizeofResource
LockResource
LoadResource
FindResourceA
InterlockedDecrement
GetSystemDirectoryA
lstrcmpiA
HeapAlloc
HeapFree
GetCurrentThreadId
GetCommandLineA
GetProcessHeap
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
DeleteCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
HeapSize
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
InitializeCriticalSection
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile

advapi32

ImpersonateSelf
OpenThreadToken
AllocateAndInitializeSid
FreeSid
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
AccessCheck
RevertToSelf
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenSCManagerA
ControlService
StartServiceA
OpenServiceA
DeleteService
CreateServiceA
CloseServiceHandle
OpenProcessToken

Exports

Exports

QueryInterface

Sections

.text
Size: 728KB - Virtual size: 726KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hdenum.dll
.dll windows:4 windows x86 arch:x86

387f5f39c6b39e93a61b7423559919bf

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6b:d0:fa:31:11:e1:60:37:0e:59:8f:35:d2:0a:41:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13-09-2010 00:00

Not After

12-11-2011 23:59

Subject

CN=Shenzhen DriveTheLife Software Technology Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen DriveTheLife Software Technology Co.Ltd,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:84:43:df:9c:bf:d2:b6:6a:e1:d5:b5:e1:fc:51:d6:2f:32:3f:c4
Signer

Actual PE Digest

0d:84:43:df:9c:bf:d2:b6:6a:e1:d5:b5:e1:fc:51:d6:2f:32:3f:c4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\work\DriveTheLife2010\DTL2010\2010Driver\portdriver\release\hdenum.pdb

Imports

kernel32

LocalAlloc
LocalFree
lstrlenW
GlobalAlloc
WideCharToMultiByte
CreateFileW
GlobalFree
DeviceIoControl
CloseHandle
MultiByteToWideChar
GetLastError
LeaveCriticalSection
EnterCriticalSection
GetLocalTime
GetModuleFileNameA
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
ExitThread
GetTickCount
CreateFileA
WriteConsoleW
GetConsoleOutputCP
SystemTimeToFileTime
Sleep
GetProcAddress
InitializeCriticalSection
GetCurrentProcess
WriteConsoleA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
FlushFileBuffers
ReadFile
GetConsoleMode
GetConsoleCP
SetStdHandle
SetFilePointer
RtlUnwind
GetStartupInfoA
GetFileType
SetHandleCount
GetStdHandle
WriteFile
LCMapStringW
LCMapStringA
RaiseException
GetOEMCP
GetACP
GetCPInfo
ExitProcess
HeapSize
SetLastError
TlsFree
TlsSetValue
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
CreateThread
SetEndOfFile
HeapFree
HeapAlloc
GetProcessHeap
DeleteFileA
GetCommandLineA
GetVersionExA
GetModuleHandleA
TlsGetValue
TlsAlloc

user32

PostMessageW
FindWindowW
IsWindow

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

setupapi

SetupDiGetDeviceInterfaceDetailW
CM_Get_DevNode_Registry_PropertyW
SetupDiEnumDeviceInterfaces
CM_Locate_DevNodeW
CM_Get_Parent
CM_Get_Sibling
CM_Get_Child
CM_Get_Device_IDW
CM_Reenumerate_DevNode_Ex
CM_Locate_DevNode_ExW
SetupDiBuildDriverInfoList
SetupDiGetDeviceInstallParamsW
SetupDiGetClassDevsW
SetupDiOpenDevRegKey
SetupDiEnumDriverInfoW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status
SetupDiDestroyDriverInfoList
SetupDiGetDriverInfoDetailW
SetupDiGetDeviceInstanceIdW
SetupDiSetDeviceInstallParamsW

Exports

Exports

HDCloseHD
HDCreateDeviceList
HDDestroyDeviceList
HDGetDriverProblemMsg
HDGetPCDevice
HDGetPCDeviceCount
HDInitHD
HDJudgeDriverStatus
HDReenumerateDevice
HDSetDeviceChangeNotifyCallback

Sections

.text
Size: 136KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msvcr100.dll
.dll windows:5 windows x86 arch:x86

5271d5ce8b44dd47bc92563e27585466

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6b:d0:fa:31:11:e1:60:37:0e:59:8f:35:d2:0a:41:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13-09-2010 00:00

Not After

12-11-2011 23:59

Subject

CN=Shenzhen DriveTheLife Software Technology Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen DriveTheLife Software Technology Co.Ltd,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

42:49:74:54:aa:4d:83:7a:e5:5d:a1:1f:f1:e8:b6:0a:d3:24:a0:ae
Signer

Actual PE Digest

42:49:74:54:aa:4d:83:7a:e5:5d:a1:1f:f1:e8:b6:0a:d3:24:a0:ae

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msvcr100.i386.pdb

Imports

kernel32

EncodePointer
DecodePointer
RaiseException
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetCurrentThreadId
TlsGetValue
GetCommandLineW
GetCommandLineA
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ExitThread
CloseHandle
GetLastError
ResumeThread
CreateThread
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThread
FindNextFileA
FindFirstFileExA
FindClose
FindNextFileW
FindFirstFileExW
GetLogicalDrives
GetDiskFreeSpaceA
FileTimeToSystemTime
FileTimeToLocalFileTime
SetErrorMode
Sleep
Beep
GetFileAttributesA
SetFileAttributesA
SetEnvironmentVariableA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFullPathNameA
GetDriveTypeW
GetCurrentProcessId
CreateDirectoryA
MoveFileA
RemoveDirectoryA
GetDriveTypeA
DeleteFileA
GetFileAttributesW
SetEnvironmentVariableW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
MoveFileW
RemoveDirectoryW
DeleteFileW
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
LoadLibraryA
FreeLibrary
CreateProcessW
ReadFile
DuplicateHandle
GetCurrentProcess
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetLocalTime
WideCharToMultiByte
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetLocalTime
InterlockedPopEntrySList
InterlockedFlushSList
QueryDepthSList
InterlockedPushEntrySList
CreateTimerQueue
CreateTimerQueueTimer
DeleteTimerQueueTimer
SetEvent
CreateEventW
SwitchToThread
SignalObjectAndWait
TryEnterCriticalSection
GetTickCount
VirtualFree
GetVersionExW
SetThreadPriority
VirtualAlloc
GetSystemInfo
GetProcessAffinityMask
VirtualProtect
SetThreadAffinityMask
InitializeSListHead
ReleaseSemaphore
CreateSemaphoreW
WaitForMultipleObjects
GetThreadPriority
LoadLibraryW
SleepEx
OutputDebugStringW
FreeLibraryAndExitThread
GetModuleHandleA
GetThreadTimes
DebugBreak
MultiByteToWideChar
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
GetTimeFormatW
GetDateFormatW
RtlUnwind
HeapAlloc
HeapFree
HeapCreate
HeapDestroy
HeapQueryInformation
HeapReAlloc
HeapSize
HeapValidate
HeapCompact
HeapWalk
VirtualQuery
SetHandleCount
GetFileType
GetStartupInfoW
GetFileInformationByHandle
PeekNamedPipe
CreateFileA
CreateFileW
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CreatePipe
SetStdHandle
ReadConsoleInputA
SetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
ReadConsoleInputW
WriteConsoleW
ReadConsoleW
SetEndOfFile
GetProcessHeap
InterlockedExchange
LockFile
UnlockFile
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
SetConsoleCtrlHandler
GetLocaleInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
LCMapStringW
CompareStringW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsProcessorFeaturePresent

Exports

Exports

$I10_OUTPUT
??0?$_SpinWait@$00@details@Concurrency@@QAE@P6AXXZ@Z
??0?$_SpinWait@$0A@@details@Concurrency@@QAE@P6AXXZ@Z
??0SchedulerPolicy@Concurrency@@QAA@IZZ
??0SchedulerPolicy@Concurrency@@QAE@ABV01@@Z
??0SchedulerPolicy@Concurrency@@QAE@XZ
??0_NonReentrantBlockingLock@details@Concurrency@@QAE@XZ
??0_NonReentrantPPLLock@details@Concurrency@@QAE@XZ
??0_ReaderWriterLock@details@Concurrency@@QAE@XZ
??0_ReentrantBlockingLock@details@Concurrency@@QAE@XZ
??0_ReentrantLock@details@Concurrency@@QAE@XZ
??0_ReentrantPPLLock@details@Concurrency@@QAE@XZ
??0_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QAE@AAV123@@Z
??0_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QAE@AAV123@@Z
??0_SpinLock@details@Concurrency@@QAE@ACJ@Z
??0_TaskCollection@details@Concurrency@@QAE@XZ
??0_Timer@details@Concurrency@@IAE@I_N@Z
??0__non_rtti_object@std@@QAE@ABV01@@Z
??0__non_rtti_object@std@@QAE@PBD@Z
??0bad_cast@std@@AAE@PBQBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
??0bad_target@Concurrency@@QAE@PBD@Z
??0bad_target@Concurrency@@QAE@XZ
??0bad_typeid@std@@QAE@ABV01@@Z
??0bad_typeid@std@@QAE@PBD@Z
??0context_self_unblock@Concurrency@@QAE@PBD@Z
??0context_self_unblock@Concurrency@@QAE@XZ
??0context_unblock_unbalanced@Concurrency@@QAE@PBD@Z
??0context_unblock_unbalanced@Concurrency@@QAE@XZ
??0critical_section@Concurrency@@QAE@XZ
??0default_scheduler_exists@Concurrency@@QAE@PBD@Z
??0default_scheduler_exists@Concurrency@@QAE@XZ
??0event@Concurrency@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABQBDH@Z
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
??0improper_lock@Concurrency@@QAE@PBD@Z
??0improper_lock@Concurrency@@QAE@XZ
??0improper_scheduler_attach@Concurrency@@QAE@PBD@Z
??0improper_scheduler_attach@Concurrency@@QAE@XZ
??0improper_scheduler_detach@Concurrency@@QAE@PBD@Z
??0improper_scheduler_detach@Concurrency@@QAE@XZ
??0improper_scheduler_reference@Concurrency@@QAE@PBD@Z
??0improper_scheduler_reference@Concurrency@@QAE@XZ
??0invalid_link_target@Concurrency@@QAE@PBD@Z
??0invalid_link_target@Concurrency@@QAE@XZ
??0invalid_multiple_scheduling@Concurrency@@QAE@PBD@Z
??0invalid_multiple_scheduling@Concurrency@@QAE@XZ
??0invalid_operation@Concurrency@@QAE@PBD@Z
??0invalid_operation@Concurrency@@QAE@XZ
??0invalid_oversubscribe_operation@Concurrency@@QAE@PBD@Z
??0invalid_oversubscribe_operation@Concurrency@@QAE@XZ
??0invalid_scheduler_policy_key@Concurrency@@QAE@PBD@Z
??0invalid_scheduler_policy_key@Concurrency@@QAE@XZ
??0invalid_scheduler_policy_thread_specification@Concurrency@@QAE@PBD@Z
??0invalid_scheduler_policy_thread_specification@Concurrency@@QAE@XZ
??0invalid_scheduler_policy_value@Concurrency@@QAE@PBD@Z
??0invalid_scheduler_policy_value@Concurrency@@QAE@XZ
??0message_not_found@Concurrency@@QAE@PBD@Z
??0message_not_found@Concurrency@@QAE@XZ
??0missing_wait@Concurrency@@QAE@PBD@Z
??0missing_wait@Concurrency@@QAE@XZ
??0nested_scheduler_missing_detach@Concurrency@@QAE@PBD@Z
??0nested_scheduler_missing_detach@Concurrency@@QAE@XZ
??0operation_timed_out@Concurrency@@QAE@PBD@Z
??0operation_timed_out@Concurrency@@QAE@XZ
??0reader_writer_lock@Concurrency@@QAE@XZ
??0scheduler_not_attached@Concurrency@@QAE@PBD@Z
??0scheduler_not_attached@Concurrency@@QAE@XZ
??0scheduler_resource_allocation_error@Concurrency@@QAE@J@Z
??0scheduler_resource_allocation_error@Concurrency@@QAE@PBDJ@Z
??0scoped_lock@critical_section@Concurrency@@QAE@AAV12@@Z
??0scoped_lock@reader_writer_lock@Concurrency@@QAE@AAV12@@Z
??0scoped_lock_read@reader_writer_lock@Concurrency@@QAE@AAV12@@Z
??0task_canceled@details@Concurrency@@QAE@PBD@Z
??0task_canceled@details@Concurrency@@QAE@XZ
??0unsupported_os@Concurrency@@QAE@PBD@Z
??0unsupported_os@Concurrency@@QAE@XZ
??1SchedulerPolicy@Concurrency@@QAE@XZ
??1_NonReentrantBlockingLock@details@Concurrency@@QAE@XZ
??1_ReentrantBlockingLock@details@Concurrency@@QAE@XZ
??1_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QAE@XZ
??1_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QAE@XZ
??1_SpinLock@details@Concurrency@@QAE@XZ
??1_TaskCollection@details@Concurrency@@QAE@XZ
??1_Timer@details@Concurrency@@IAE@XZ
??1__non_rtti_object@std@@UAE@XZ
??1bad_cast@std@@UAE@XZ
??1bad_typeid@std@@UAE@XZ
??1critical_section@Concurrency@@QAE@XZ
??1event@Concurrency@@QAE@XZ
??1exception@std@@UAE@XZ
??1reader_writer_lock@Concurrency@@QAE@XZ
??1scoped_lock@critical_section@Concurrency@@QAE@XZ
??1scoped_lock@reader_writer_lock@Concurrency@@QAE@XZ
??1scoped_lock_read@reader_writer_lock@Concurrency@@QAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??2@YAPAXIHPBDH@Z
??3@YAXPAX@Z
??4?$_SpinWait@$00@details@Concurrency@@QAEAAV012@ABV012@@Z
??4?$_SpinWait@$0A@@details@Concurrency@@QAEAAV012@ABV012@@Z
??4SchedulerPolicy@Concurrency@@QAEAAV01@ABV01@@Z
??4__non_rtti_object@std@@QAEAAV01@ABV01@@Z
??4bad_cast@std@@QAEAAV01@ABV01@@Z
??4bad_typeid@std@@QAEAAV01@ABV01@@Z
??4exception@std@@QAEAAV01@ABV01@@Z
??8type_info@@QBE_NABV0@@Z
??9type_info@@QBE_NABV0@@Z
??_7__non_rtti_object@std@@6B@
??_7bad_cast@std@@6B@
??_7bad_typeid@std@@6B@
??_7exception@@6B@
??_7exception@std@@6B@
??_F?$_SpinWait@$00@details@Concurrency@@QAEXXZ
??_F?$_SpinWait@$0A@@details@Concurrency@@QAEXXZ
??_Fbad_cast@std@@QAEXXZ
??_Fbad_typeid@std@@QAEXXZ
??_U@YAPAXI@Z
??_U@YAPAXIHPBDH@Z
??_V@YAXPAX@Z
?Alloc@Concurrency@@YAPAXI@Z
?Block@Context@Concurrency@@SAXXZ
?Create@CurrentScheduler@Concurrency@@SAXABVSchedulerPolicy@2@@Z
?Create@Scheduler@Concurrency@@SAPAV12@ABVSchedulerPolicy@2@@Z
?CreateResourceManager@Concurrency@@YAPAUIResourceManager@1@XZ
?CreateScheduleGroup@CurrentScheduler@Concurrency@@SAPAVScheduleGroup@2@XZ
?CurrentContext@Context@Concurrency@@SAPAV12@XZ
?Detach@CurrentScheduler@Concurrency@@SAXXZ
?DisableTracing@Concurrency@@YAJXZ
?EnableTracing@Concurrency@@YAJXZ
?Free@Concurrency@@YAXPAX@Z
?Get@CurrentScheduler@Concurrency@@SAPAVScheduler@2@XZ
?GetExecutionContextId@Concurrency@@YAIXZ
?GetNumberOfVirtualProcessors@CurrentScheduler@Concurrency@@SAIXZ
?GetOSVersion@Concurrency@@YA?AW4OSVersion@IResourceManager@1@XZ
?GetPolicy@CurrentScheduler@Concurrency@@SA?AVSchedulerPolicy@2@XZ
?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z
?GetProcessorCount@Concurrency@@YAIXZ
?GetProcessorNodeCount@Concurrency@@YAIXZ
?GetSchedulerId@Concurrency@@YAIXZ
?GetSharedTimerQueue@details@Concurrency@@YAPAXXZ
?Id@Context@Concurrency@@SAIXZ
?Id@CurrentScheduler@Concurrency@@SAIXZ
?IsCurrentTaskCollectionCanceling@Context@Concurrency@@SA_NXZ
?Log2@details@Concurrency@@YAKI@Z
?Oversubscribe@Context@Concurrency@@SAX_N@Z
?RegisterShutdownEvent@CurrentScheduler@Concurrency@@SAXPAX@Z
?ResetDefaultSchedulerPolicy@Scheduler@Concurrency@@SAXXZ
?ScheduleGroupId@Context@Concurrency@@SAIXZ
?ScheduleTask@CurrentScheduler@Concurrency@@SAXP6AXPAX@Z0@Z
?SetConcurrencyLimits@SchedulerPolicy@Concurrency@@QAEXII@Z
?SetDefaultSchedulerPolicy@Scheduler@Concurrency@@SAXABVSchedulerPolicy@2@@Z
?SetPolicyValue@SchedulerPolicy@Concurrency@@QAEIW4PolicyElementKey@2@I@Z
?VirtualProcessorId@Context@Concurrency@@SAIXZ
?Yield@Context@Concurrency@@SAXXZ
?_Abort@_StructuredTaskCollection@details@Concurrency@@AAEXXZ
?_Acquire@_NonReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Acquire@_NonReentrantPPLLock@details@Concurrency@@QAEXPAX@Z
?_Acquire@_ReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Acquire@_ReentrantLock@details@Concurrency@@QAEXXZ
?_Acquire@_ReentrantPPLLock@details@Concurrency@@QAEXPAX@Z
?_AcquireRead@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_AcquireWrite@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_Cancel@_StructuredTaskCollection@details@Concurrency@@QAEXXZ
?_Cancel@_TaskCollection@details@Concurrency@@QAEXXZ
?_CheckTaskCollection@_UnrealizedChore@details@Concurrency@@IAEXXZ
?_ConcRT_Assert@details@Concurrency@@YAXPBD0H@Z
?_ConcRT_CoreAssert@details@Concurrency@@YAXPBD0H@Z
?_ConcRT_DumpMessage@details@Concurrency@@YAXPB_WZZ
?_ConcRT_Trace@details@Concurrency@@YAXHPB_WZZ
?_Copy_str@exception@std@@AAEXPBD@Z
?_DoYield@?$_SpinWait@$00@details@Concurrency@@IAEXXZ
?_DoYield@?$_SpinWait@$0A@@details@Concurrency@@IAEXXZ
?_IsCanceling@_StructuredTaskCollection@details@Concurrency@@QAE_NXZ
?_IsCanceling@_TaskCollection@details@Concurrency@@QAE_NXZ
?_Name_base@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z
?_Name_base_internal@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z
?_NumberOfSpins@?$_SpinWait@$00@details@Concurrency@@IAEKXZ
?_NumberOfSpins@?$_SpinWait@$0A@@details@Concurrency@@IAEKXZ
?_Release@_NonReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Release@_NonReentrantPPLLock@details@Concurrency@@QAEXXZ
?_Release@_ReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Release@_ReentrantLock@details@Concurrency@@QAEXXZ
?_Release@_ReentrantPPLLock@details@Concurrency@@QAEXXZ
?_ReleaseRead@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_ReleaseWrite@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_Reset@?$_SpinWait@$00@details@Concurrency@@IAEXXZ
?_Reset@?$_SpinWait@$0A@@details@Concurrency@@IAEXXZ
?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z
?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z
?_Schedule@_StructuredTaskCollection@details@Concurrency@@QAEXPAV_UnrealizedChore@23@@Z
?_Schedule@_TaskCollection@details@Concurrency@@QAEXPAV_UnrealizedChore@23@@Z
?_SetSpinCount@?$_SpinWait@$00@details@Concurrency@@QAEXI@Z
?_SetSpinCount@?$_SpinWait@$0A@@details@Concurrency@@QAEXI@Z
?_ShouldSpinAgain@?$_SpinWait@$00@details@Concurrency@@IAE_NXZ
?_ShouldSpinAgain@?$_SpinWait@$0A@@details@Concurrency@@IAE_NXZ
?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QAE_NXZ
?_SpinOnce@?$_SpinWait@$0A@@details@Concurrency@@QAE_NXZ
?_SpinYield@Context@Concurrency@@SAXXZ
?_Start@_Timer@details@Concurrency@@IAEXXZ
?_Stop@_Timer@details@Concurrency@@IAEXXZ
?_Tidy@exception@std@@AAEXXZ
?_Trace_ppl_function@Concurrency@@YAXABU_GUID@@EW4ConcRT_EventType@1@@Z
?_TryAcquire@_NonReentrantBlockingLock@details@Concurrency@@QAE_NXZ
?_TryAcquire@_ReentrantBlockingLock@details@Concurrency@@QAE_NXZ
?_TryAcquire@_ReentrantLock@details@Concurrency@@QAE_NXZ
?_TryAcquireWrite@_ReaderWriterLock@details@Concurrency@@QAE_NXZ
?_Type_info_dtor@type_info@@CAXPAV1@@Z
?_Type_info_dtor_internal@type_info@@CAXPAV1@@Z
?_UnderlyingYield@details@Concurrency@@YAXXZ
?_ValidateExecute@@YAHP6GHXZ@Z
?_ValidateRead@@YAHPBXI@Z
?_ValidateWrite@@YAHPAXI@Z
?_Value@_SpinCount@details@Concurrency@@SAIXZ
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?__ExceptionPtrCompare@@YA_NPBX0@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrCopyException@@YAXPAXPBX1@Z
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
?_inconsistency@@YAXXZ
?_invalid_parameter@@YAXPBG00II@Z
?_is_exception_typeof@@YAHABVtype_info@@PAU_EXCEPTION_POINTERS@@@Z
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
?_open@@YAHPBDHH@Z
?_query_new_handler@@YAP6AHI@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AHI@ZH@Z
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?_sopen@@YAHPBDHHH@Z
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?_wopen@@YAHPB_WHH@Z
?_wsopen@@YAHPB_WHHH@Z
?before@type_info@@QBEHABV1@@Z
?get_error_code@scheduler_resource_allocation_error@Concurrency@@QBEJXZ
?lock@critical_section@Concurrency@@QAEXXZ
?lock@reader_writer_lock@Concurrency@@QAEXXZ
?lock_read@reader_writer_lock@Concurrency@@QAEXXZ
?name@type_info@@QBEPBDPAU__type_info_node@@@Z
?native_handle@critical_section@Concurrency@@QAEAAV12@XZ
?raw_name@type_info@@QBEPBDXZ
?reset@event@Concurrency@@QAEXXZ
?set@event@Concurrency@@QAEXXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZH@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZH@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?swprintf@@YAHPAGIPBGZZ
?swprintf@@YAHPA_WIPB_WZZ
?terminate@@YAXXZ
?try_lock@critical_section@Concurrency@@QAE_NXZ
?try_lock@reader_writer_lock@Concurrency@@QAE_NXZ
?try_lock_read@reader_writer_lock@Concurrency@@QAE_NXZ
?unexpected@@YAXXZ
?unlock@critical_section@Concurrency@@QAEXXZ
?unlock@reader_writer_lock@Concurrency@@QAEXXZ
?vswprintf@@YAHPA_WIPB_WPAD@Z
?wait@Concurrency@@YAXI@Z
?wait@event@Concurrency@@QAEII@Z
?wait_for_multiple@event@Concurrency@@SAIPAPAV12@I_NI@Z
?what@exception@std@@UBEPBDXZ
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CRT_RTC_INIT
_CRT_RTC_INITW
_CreateFrameInfo
_CxxThrowException
_EH_prolog
_FindAndUnlinkFrame
_Getdays
_Getmonths
_Gettnames
_HUGE
_IsExceptionObjectToBeDestroyed
_NLG_Dispatch2
_NLG_Return
_NLG_Return2
_Strftime
_XcptFilter
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__CppXcptFilter
__CxxCallUnwindDelDtor
__CxxCallUnwindDtor
__CxxCallUnwindStdDelDtor
__CxxCallUnwindVecDtor
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
__STRINGTOLD_L
__TypeMatch
___fls_getvalue@4
___fls_setvalue@8
___lc_codepage_func
___lc_collate_cp_func
___lc_handle_func
___mb_cur_max_func
___mb_cur_max_l_func
___setlc_active_func
___unguarded_readlc_active_add_func
__argc
__argv
__badioinfo
__clean_type_info_names_internal
__control87_2
__create_locale
__crtCompareStringA
__crtCompareStringW
__crtLCMapStringA
__crtLCMapStringW
__daylight
__dllonexit
__doserrno
__dstbias
__fpecode
__free_locale
__get_current_locale
__get_flsindex
__get_tlsindex
__getmainargs
__initenv
__iob_func
__isascii
__iscsym
__iscsymf
__iswcsym
__iswcsymf
__lconv
__lconv_init
__libm_sse2_acos
__libm_sse2_acosf
__libm_sse2_asin
__libm_sse2_asinf
__libm_sse2_atan
__libm_sse2_atan2
__libm_sse2_atanf
__libm_sse2_cos
__libm_sse2_cosf
__libm_sse2_exp
__libm_sse2_expf
__libm_sse2_log
__libm_sse2_log10
__libm_sse2_log10f
__libm_sse2_logf
__libm_sse2_pow
__libm_sse2_powf
__libm_sse2_sin
__libm_sse2_sinf
__libm_sse2_tan
__libm_sse2_tanf
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__wpgmptr
__pctype_func
__pioinfo
__pwctype_func
__pxcptinfoptrs
__report_gsfailure
__set_app_type
__set_flsgetvalue
__setlc_active
__setusermatherr
__strncnt
__swprintf_l
__sys_errlist
__sys_nerr
__threadhandle
__threadid
__timezone
__toascii
__tzname
__unDName
__unDNameEx
__unDNameHelper
__uncaught_exception
__unguarded_readlc_active
__vswprintf_l
__wargv
__wcserror
__wcserror_s
__wcsncnt
__wgetmainargs
__winitenv
_abnormal_termination
_abs64
_access
_access_s
_acmdln
_aligned_free
_aligned_malloc
_aligned_msize
_aligned_offset_malloc
_aligned_offset_realloc
_aligned_offset_recalloc
_aligned_realloc
_aligned_recalloc
_amsg_exit
_assert
_atodbl
_atodbl_l
_atof_l
_atoflt
_atoflt_l
_atoi64
_atoi64_l
_atoi_l
_atol_l
_atoldbl
_atoldbl_l
_beep
_beginthread
_beginthreadex
_byteswap_uint64
_byteswap_ulong
_byteswap_ushort
_c_exit
_cabs
_callnewh
_calloc_crt
_cexit
_cgets
_cgets_s
_cgetws
_cgetws_s
_chdir
_chdrive
_chgsign
_chkesp
_chmod
_chsize
_chsize_s
_clearfp
_close
_commit
_commode
_configthreadlocale
_control87
_controlfp
_controlfp_s
_copysign
_cprintf
_cprintf_l
_cprintf_p

Sections

.text
Size: 705KB - Virtual size: 705KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
news/Award.mht
.eml
attachment-2
.gif
attachment-3
.gif
attachment-4
.gif
attachment-5
.gif
email-html-1.txt
news/hwnews.dat
.xml
news/img/20100525182016kk.png
.png
news/img/20100624182554pptv.jpg
.jpg
news/img/20100715101905em-logo-L.png
.png
news/img/20100721160452QQ.png
.png
news/img/20100721162117Messenger.png
.png
news/img/20100729162921flash player.png
.png
news/img/20100729162933flash player.png
.png
news/img/20100810150322Game Booster.png
.png
news/img/20100902164526QQGame2010.png
.png
news/img/20100930180121qianlong.png
.png
news/img/20100930180148LiteViewer.png
.png
news/img/20101009153025MSE.png
.png
news/img/20101009153045MSE.png
.png
news/img/20101009153111kuandaiwang.png
.png
news/img/20101009153124IE8.png
.png
news/img/20101009153141Warkey.png
.png
news/img/20101009153154DotAReplay.png
.png
news/img/20101009153303SKReplayParser.png
.png
news/img/20101009153321VSjiasu.png
.png
news/img/20101009153337IEbanlv.png
.png
news/img/20101009153352yingyinzhixing.png
.png
news/img/20101009153411MSE.png
.png
news/img/20101009153427ruijia.png
.png
news/img/20101009153624360Security.png
.png
news/img/20101009153654Audition.jpg
.jpg
news/img/20101009153711replays.png
.png
news/img/20101009153732DisplayX.png
.png
news/img/20101009154354shuma.png
.png
news/img/20101009154500foobar2000.png
.png
news/img/20101009154550MiniShutoff.png
.png
news/img/20101009154620FLASH.png
.png
news/img/20101009155110ps.png
.png
news/img/20101009155645xunlei7.png
.png
news/img/20101009155746Orca.png
.png
news/img/20101009155815Webxunlei.png
.png
news/img/20101009155832Avant.png
.png
news/img/20101009155933115.png
.png
news/img/20101009160004filezilla.png
.png
news/img/20101009160313155.png
.png
news/img/20101009160446chrome.png
.png
news/img/20101009160904Opera.png
.png
news/img/20101009161217meiyingliusheng.png
.png
news/img/20101009161258zhongguozhisheng.png
.png
news/img/20101009161318longjuanfeng.png
.png
news/img/20101009161530xunjing.png
.png
news/img/20101009161743cureit.png
.png
news/img/20101009161805yitian.png
.png
news/img/20101009172049QuickTime.png
.png
news/img/20101009172121ACDSee.png
.png
news/img/20101009172453meitupaipai.png
.png
news/img/20101009172515duomi.png
.png
news/img/20101009173034juece.png
.png
news/img/20101009173055Vagaa.png
.png
news/img/20101009173127dazitong.png
.png
news/img/20101009173200kuaiyi.png
.png
news/img/20101009173221recuva.png
.png
news/img/20101009173246miren.png
.png
news/img/20101009173312AVG.png
.png
news/img/20101009173353fuxin.png
.png
news/img/20101009173413baiduHI.png
.png
news/img/20101009173430KMPlayer.png
.png
news/img/20101009173538wanmeijiema.png
.png
news/img/20101009173557Defraggler.png
.png
news/img/20101009173618kuaibo.png
.png
news/img/20101009173633xunbo.png
.png
news/img/20101009173653Foxmail.png
.png
news/img/20101009173715AliIM2010.png
.png
news/img/20101009173737QQTM.png
.png
news/img/20101009173752UDown.png
.png
news/img/20101009173910JJ.png
.png
news/img/20101009173934tuotu.png
.png
news/img/20101009174032Advanced.png
.png
news/img/20101009174111QQcidian.png
.png
news/img/20101009175553Director.png
.png
news/img/20101009180013DiskGenius.jpg
.jpg
news/img/20101009180031migu.png
.png
news/img/20101009180102avast.png
.png
news/img/20101009180122ARPfanghuoqiang.png
.png
news/img/20101009180154beikemumazhuansha.png
.png
news/img/20101011152852QQduizhan.png
.png
news/img/20101011153151HF.png
.png
news/img/20101011153229zhangmenren.png
.png
news/img/20101011153245VS.png
.png
news/img/20101011153503175PT.png
.png
news/img/20101011153536wanjiabaobao.png
.png
news/img/20101011153553youdao.png
.png
news/img/20101011153621linggesi.png
.png
news/img/20101011153645jinshanciba.png
.png
news/img/20101011153708huoxing.png
.png
news/img/20101011153726gugepinyin.png
.png
news/img/20101011153759ziguang.png
.png
news/img/201010111538217-ZIP.png
.png
news/img/20101011153842QQWubi.png
.png
news/img/20101011161531QQPinyin.png
.png
news/img/20101011161551guaguakge.png
.png
news/img/20101011161651qianqian.png
.png
news/img/20101011161739IconWorkshop.png
.png
news/img/20101011162256QQPlayer.png
.png
news/img/20101011162345QQlive.png
.png
news/img/20101011162425QQMusic.png
.png
news/img/20101011162445guagualiaotian.png
.png
news/img/20101011163010dabenying.png
.png
news/img/20101011163030tangguo.png
.png
news/img/20101011163234QQTT.png
.png
news/img/20101011163838gucheng.png
.png
news/img/20101011163901koufu.png
.png
news/img/20101011163923WPS.png
.png
news/img/20101011164004kuwokge.png
.png
news/img/20101011164026kuwo.png
.png
news/img/20101011164051dazhihui.png
.png
news/img/20101011164115tonghuashun.png
.png
news/img/20101011164140wandian.png
.png
news/img/20101011164201judun.png
.png
news/img/20101011164245QQliulanqi.png
.png
news/img/20101011164309gugeliulanqi.png
.png
news/img/20101011164333Safari.png
.png
news/img/20101011164411shijiezhichuang.png
.png
news/img/20101011164432huohu.png
.png
news/img/20101011164502uTorrent.png
.png
news/img/20101011164659BitSpirit.png
.png
news/img/20101011164940BitComet.png
.png
news/img/20101011171804Reader.png
.png
news/img/20101011171839dianlv.png
.png
news/img/20101011172313FlashGetMini.png
.png
news/img/20101011172332kuaiche.png
.png
news/img/20101011172900MiniThunder.png
.png
news/img/20101011173438xunlei.png
.png
news/img/20101011173522keniushadu.png
.png
news/img/20101011173834Fraps.png
.png
news/img/20101011173852iSpeak.png
.png
news/img/20101011174035huishenghuiying.png
.png
news/img/20101011174100MediaCoder.png
.png
news/img/20101011174651DAEMON.png
.png
news/img/20101011175906AA.png
.png
news/img/20101011180138GPU-Z.png
.png
news/img/20101011180154CPU-Z.png
.png
news/img/20101011180211HWMonitor.png
.png
news/img/20101011180228Everest.png
.png
news/img/20101011180247OneKey.png
.png
news/img/20101011180354yijianhuanyuan.png
.png
news/img/20101011180413NVIDIA.png
.png
news/img/20101011180432CCleaner.png
.png
news/img/20101011180456.NET.png
.png
news/img/20101011180511DirectX.png
.png
news/img/20101011180528WINRAR.png
.png
news/img/20101011180546YY3.0.png
.png
news/img/20101011181020Opera.png
.png
news/img/20101012145112sougou.png
.png
news/img/20101012145324gegu.png
.png
news/img/20101012151458caopanshou.png
.png
news/img/20101012155559fengxing.png
.png
news/img/20101012155941aoyou3.png
.png
news/img/20101012155958aoyou2.png
.png
news/img/20101012160022360liulanqi.png
.png
news/img/20101012160103Nero.png
.png
news/img/20101012160134Cool.png
.png
news/img/20101012161256renren.png
.png
news/img/20101012161314xiage.png
.png
news/img/20101012161335geshi.png
.png
news/img/20101012161358manhuaxiazaiqi.png
.png
news/img/20101012161515tunshitiandi.png
.png
news/img/20101012161539xiaoshuo.png
.png
news/img/20101012161707xunleiwangyoujiasu.png
.png
news/img/20101012161742xunyou.png
.png
news/img/20101012161807duoduo.png
.png
news/img/20101012161826131.png
.png
news/img/20101012161853kuaiwan.png
.png
news/img/20101012173727guangying.png
.png
news/img/20101012173759keniu.png
.png
news/img/20101012173826keniupaizhao.png
.png
news/img/20101012173905meituxiuxiu.png
.png
news/img/20101012174023baofengyingyin.png
.png
news/img/20101012175230jinshanweishi.png
.png
news/img/20101012175253jinshanwangdun.png
.png
news/img/20101012175311ruixing.png
.png
news/img/20101012175332jinshanduba.png
.png
news/img/20101012180051DTL.png
.png
news/img/20101012180121360anquanweishi.png
.png
news/img/20101012180220360shadu.png
.png
news/img/20101012180548kugoo.png
.png
news/img/20101012180625QQxuanfeng.png
.png
news/img/20101014141612GG.png
.png
news/img/20101020104235UUCall.png
.png
news/img/20101022153044kele.png
.png
news/img/20101022153620qixi.png
.png
news/img/20101022163336feixin.png
.png
news/img/20101026142509PPS.png
.png
news/img/20101104093709kabasiji.png
.png
news/img/20101105104518netpas.png
.png
news/img/20101105105612ModiacFactory.png
.png
news/img/20101111161733GHOST.png
.png
news/img/20101122145251qushishadu.png
.png
news/img/20101122145721AGBtianan.png
.png
news/img/20101201155649bibibei.png
.png
news/img/20101214150107jpzm.png
.png
news/img/20101215155231HaoZip.png
.png
news/img/20101229100057Speccy.png
.png
news/img/20110105180534kaakoo.png
.png
news/img/20110124124043AIRPLAY.png
.png
news/img/20110221144817avira.png
.png
news/img/20110222161417BaiduPlayer.png
.png
news/img/20110222161928P2P.png
.png
news/img/20110301180124XLJJB.png
.png
news/img/20110309150252douban.png
.png
news/img/20110309155200mndt.png
.png
news/img/20110315110836jsfhq.png
.png
news/img/20110315180745alitong.png
.png
news/img/20110322144931maiku.png
.png
news/img/20110323155940AiDianIE.png
.png
news/img/20110323173640IE9.png
.png
news/img/20110323173831IE9.png
.png
news/img/20110323173927IE9.png
.png
news/img/20110323174105IE9.png
.png
news/img/20110325111128HDTune.png
.png
news/img/20110325115345KC.png
.png
news/img/20110325155048seemao.png
.png
news/img/20110331110345360zip.png
.png
news/img/20110408100424aacall.png
.png
news/img/20110408145723Firefox.png
.png
news/img/20110415120459aacall.png
.png
news/img/20110415135401kklogo.png
.png
news/img/20110415152533rdcs.png
.png
news/img/20110416131640kele.png
.png
news/img/20110419093809cjpp.png
.png
news/img/20110420174238KuaiZip.png
.png
news/img/20110426164821bawang.gif
.gif
news/img/20110426165837cangtian.gif
.gif
news/img/20110427115313tunshi.gif
.gif
news/img/20110427120100RO.gif
.gif
news/img/20110427120406yingxiong.gif
.gif
news/img/20110427152115jianxia.gif
.gif
news/img/20110427153011jianwang3.gif
.gif
news/img/20110427153829shushan.gif
.gif
news/img/20110428100149rexueyinghao.png
.png
news/img/20110428105331xueyusha.png
.png
news/img/20110428145906tianzi.png
.png
news/img/20110428174842MJ2.png
.png
news/img/20110505173301pipi.png
.png
news/img/20110520100659longzhigu.png
.png
news/img/20110520155350youxiyouhua.png
.png
news/img/20110524110740iDown.png
.png
news/img/20110527171342eScanav.png
.png
news/software.dat
p2spd.dll
.dll windows:4 windows x86 arch:x86

75e127d6f1cf252fa3afeb5bc249af9b

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6b:d0:fa:31:11:e1:60:37:0e:59:8f:35:d2:0a:41:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13-09-2010 00:00

Not After

12-11-2011 23:59

Subject

CN=Shenzhen DriveTheLife Software Technology Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen DriveTheLife Software Technology Co.Ltd,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

79:23:58:c2:98:49:9d:54:26:ad:10:5c:4e:53:e2:ab:a3:14:1e:35
Signer

Actual PE Digest

79:23:58:c2:98:49:9d:54:26:ad:10:5c:4e:53:e2:ab:a3:14:1e:35

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\work\DriveTheLife2010\DTL2010\2010P2SP_201110513\P2SP\release\p2spd.pdb

Imports

kernel32

CloseHandle
CreateThread
FindFirstFileA
FindClose
WideCharToMultiByte
MultiByteToWideChar
GetProcAddress
LoadLibraryA
GetModuleFileNameA
GetCurrentDirectoryA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetLocalTime
GetStdHandle
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
InterlockedCompareExchange
SetEvent
CreateEventA
InterlockedExchange
CreateFileMappingA
GetSystemInfo
GetCurrentThreadId
CreateSemaphoreA
ReleaseSemaphore
ExitThread
ResetEvent
GetTickCount
Sleep
HeapAlloc
HeapFree
GetProcessHeap
CreateFileA
DeviceIoControl
GetVersionExA
GetFileTime
SetFilePointer
SetEndOfFile
WriteFile
ReadFile
CompareStringW
CompareStringA
TerminateThread
UnmapViewOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetTimeZoneInformation
GetLocaleInfoA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetStdHandle
GetStringTypeW
GetStringTypeA
GetFullPathNameA
GetOEMCP
GetACP
HeapSize
SetLastError
TlsFree
TlsSetValue
GetLastError
GetFileAttributesA
DeleteFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetDriveTypeA
MoveFileA
GetCommandLineA
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
SetHandleCount
GetFileType
GetStartupInfoA
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc

advapi32

RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey

ws2_32

WSACloseEvent
gethostname
connect
recvfrom
inet_addr
WSAGetLastError
WSAEnumNetworkEvents
htons
WSAEventSelect
ntohs
getsockname
setsockopt
sendto
recv
bind
socket
WSACreateEvent
closesocket
send
WSAWaitForMultipleEvents
inet_ntoa
gethostbyname
WSAStartup
WSACleanup

rasapi32

RasEnumConnectionsA
RasGetProjectionInfoA
RasGetConnectStatusA

sensapi

IsNetworkAlive

Exports

Exports

P2SPCheckTask
P2SPClose
P2SPDelTask
P2SPGetAllTaskSpeed
P2SPGetAllTaskUrl
P2SPGetDigest
P2SPGetProperty
P2SPGetServer
P2SPGetTaskConnectedPeers
P2SPGetTaskDownloadedSize
P2SPGetTaskErrorCode
P2SPGetTaskErrorMsg
P2SPGetTaskErrorPeers
P2SPGetTaskFileName
P2SPGetTaskFileSize
P2SPGetTaskSearchPeers
P2SPGetTaskSpeed
P2SPGetTaskStatus
P2SPGetUploadSpeed
P2SPInit
P2SPIsExistTask
P2SPNetWorkStatusCallback
P2SPNewTask
P2SPRun
P2SPRunTask
P2SPSetProperty
P2SPSetProxy
P2SPStop
P2SPStopTask
P2SPTestProxy

Sections

.text
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ppinfo/reg.cfg
tipsdll.dll
.dll windows:4 windows x86 arch:x86

bdc56ccd3041ec59f3590ab33e436e52

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6b:d0:fa:31:11:e1:60:37:0e:59:8f:35:d2:0a:41:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13-09-2010 00:00

Not After

12-11-2011 23:59

Subject

CN=Shenzhen DriveTheLife Software Technology Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen DriveTheLife Software Technology Co.Ltd,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6c:58:3f:74:a8:93:4d:eb:50:0b:aa:84:4b:b9:42:a0:36:4b:e8:22
Signer

Actual PE Digest

6c:58:3f:74:a8:93:4d:eb:50:0b:aa:84:4b:b9:42:a0:36:4b:e8:22

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\work\DriveTheLife2010\DTL2010\2010TipsPopup\tips_popup\release\tipsdll.pdb

Imports

kernel32

GetOEMCP
WritePrivateProfileStringA
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
GetFileAttributesA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualAlloc
HeapReAlloc
ExitThread
CreateThread
GetSystemTimeAsFileTime
GetCommandLineA
GetCPInfo
RaiseException
ExitProcess
HeapSize
GetConsoleCP
GetConsoleMode
GetACP
GetStringTypeA
GetStringTypeW
GetStdHandle
HeapDestroy
HeapCreate
VirtualFree
SetHandleCount
GetFileType
GetStartupInfoA
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GlobalFlags
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GetCurrentProcessId
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
GetThreadLocale
LocalFree
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
LoadLibraryA
lstrcmpW
FreeLibrary
GetModuleFileNameW
FreeResource
MulDiv
SetLastError
FormatMessageA
GetCurrentProcess
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
IsDBCSLeadByte
HeapAlloc
GetProcessHeap
HeapFree
Sleep
GetTickCount
GetSystemInfo
SetEvent
InterlockedCompareExchange
WaitForSingleObject
InterlockedIncrement
GetCurrentThreadId
UnmapViewOfFile
GetLocalTime
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
TerminateThread
WaitForSingleObjectEx
CreateEventA
GetVersion
CompareStringA
GetLastError
InterlockedExchange
MultiByteToWideChar
lstrlenA
CloseHandle
DeviceIoControl
CreateFileA
GetVersionExA
GetModuleFileNameA
GetTempPathA
InterlockedDecrement
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GetUserDefaultLangID
GetProcAddress
RtlUnwind
GetModuleHandleA

user32

GetMessageA
TranslateMessage
ValidateRect
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuState
RegisterWindowMessageA
LoadIconA
WinHelpA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetTopWindow
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
IsWindowVisible
UpdateWindow
GetMenu
PostMessageA
GetSubMenu
GetMenuItemID
GetMenuItemCount
MessageBoxA
GetClassInfoExA
RegisterClassA
AdjustWindowRectEx
CopyRect
CallWindowProcA
IsIconic
GetWindowPlacement
GetFocus
ShowWindow
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
UnhookWindowsHookEx
GetWindowTextLengthA
GetWindowTextA
GetWindow
SetFocus
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
LoadBitmapA
GetDC
RegisterClipboardFormatA
DestroyWindow
IsWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetSysColor
ScreenToClient
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DestroyMenu
GetSysColorBrush
GetWindowThreadProcessId
UnregisterClassA
GetClassInfoA
SetWindowRgn
SetForegroundWindow
SystemParametersInfoA
GetSystemMetrics
FindWindowA
GetWindowRect
KillTimer
SetTimer
SetWindowLongA
GetWindowLongA
GetCursorPos
PtInRect
LoadCursorA
SetCursor
EnableWindow
SetLayeredWindowAttributes
GetClientRect
InvalidateRect
GetActiveWindow
GetParent
GetCapture
SetCapture
ClientToScreen
WindowFromPoint
ReleaseCapture
SendMessageA
RegisterClassExA
CreateWindowExA
SetWindowPos
ReleaseDC
EqualRect
GetWindowDC
UpdateLayeredWindow
DefWindowProcA
EndPaint
BeginPaint

gdi32

ScaleWindowExtEx
CreateBitmap
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateCompatibleDC
GetClipBox
SetMapMode
SetTextColor
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateFontIndirectA
GetDeviceCaps
CreateDIBSection
DeleteObject
DeleteDC
GetStockObject
StretchBlt
BitBlt
CombineRgn
GetPixel
CreateRectRgn
SelectObject
GetObjectA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegCloseKey

shell32

ShellExecuteA

shlwapi

PathFindExtensionA
PathFindFileNameA
PathRemoveFileSpecA

ole32

OleInitialize
OleUninitialize
OleCreate
OleSetContainedObject
OleDraw
CreateStreamOnHGlobal

oleaut32

SysAllocString
VariantClear
VariantChangeType
VariantInit
GetErrorInfo
SysFreeString

gdiplus

GdipCreateBitmapFromStream
GdipCreateHBITMAPFromBitmap
GdipFree
GdipAlloc
GdipDisposeImage
GdipCloneImage

ws2_32

htons
inet_ntoa
WSACloseEvent
setsockopt
recvfrom
sendto
recv
send
closesocket
shutdown
connect
socket
WSACleanup
WSAStartup
ntohs
gethostbyname
inet_addr
WSAGetLastError

Exports

Exports

TipsCheckDtlVer
TipsClose
TipsInit
TipsServer
TipsSetSWVersion
TipsSetUpdateCallback
TipsUnionID
TipsUserID

Sections

.text
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 288KB - Virtual size: 285KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
udp.dll
.dll windows:4 windows x86 arch:x86

787fdaef02fbb0ca8a008ca5c307f1b1

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6b:d0:fa:31:11:e1:60:37:0e:59:8f:35:d2:0a:41:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13-09-2010 00:00

Not After

12-11-2011 23:59

Subject

CN=Shenzhen DriveTheLife Software Technology Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen DriveTheLife Software Technology Co.Ltd,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

48:81:4c:08:55:31:14:01:bb:f9:ec:73:cf:9e:5f:df:f0:f1:5f:5a
Signer

Actual PE Digest

48:81:4c:08:55:31:14:01:bb:f9:ec:73:cf:9e:5f:df:f0:f1:5f:5a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\work\DriveTheLife2010\DTL2010\2010P2SP\Communication\release\udp.pdb

Imports

kernel32

WideCharToMultiByte
MultiByteToWideChar
GetProcAddress
LoadLibraryA
GetModuleFileNameA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetLocalTime
UnmapViewOfFile
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
InterlockedCompareExchange
SetEvent
CreateEventA
InterlockedExchange
GetSystemInfo
GetCurrentThreadId
CloseHandle
CreateSemaphoreA
ReleaseSemaphore
TerminateThread
ExitThread
ResetEvent
GetTickCount
Sleep
HeapAlloc
HeapFree
GetProcessHeap
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
GetLocaleInfoA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
FlushFileBuffers
ReadFile
GetConsoleMode
GetConsoleCP
WriteFile
SetStdHandle
SetFilePointer
GetStringTypeW
GetLastError
DeleteFileA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetEndOfFile
CreateThread
GetCommandLineA
GetVersionExA
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
ExitProcess
RaiseException
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
RtlUnwind
GetStringTypeA

ws2_32

WSACleanup
gethostname
connect
inet_ntoa
recvfrom
inet_addr
WSAGetLastError
WSAEnumNetworkEvents
htons
WSAStartup
ntohs
getsockname
sendto
recv
bind
socket
WSACreateEvent
closesocket
gethostbyname
send
WSAWaitForMultipleEvents
WSAEventSelect
WSACloseEvent

rasapi32

RasGetProjectionInfoA
RasEnumConnectionsA
RasGetConnectStatusA

Exports

Exports

UDPClose
UDPCreate
UDPFree
UDPInit
UDPRecvFrom
UDPReset
UDPSendTo

Sections

.text
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninst.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
wanyixia/gzipdll.dll
.dll windows:4 windows x86 arch:x86

f01eb850661e35e2c88e151173684e47

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6b:d0:fa:31:11:e1:60:37:0e:59:8f:35:d2:0a:41:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13-09-2010 00:00

Not After

12-11-2011 23:59

Subject

CN=Shenzhen DriveTheLife Software Technology Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen DriveTheLife Software Technology Co.Ltd,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

26:a1:73:da:42:bc:fc:1c:71:7b:29:dc:d0:a1:1b:1e:b2:44:61:3b
Signer

Actual PE Digest

26:a1:73:da:42:bc:fc:1c:71:7b:29:dc:d0:a1:1b:1e:b2:44:61:3b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\work\DriveTheLife2010\DTL2010\2010Driver\driverbak\release\gzipdll.pdb

Imports

kernel32

FindFirstFileW
GetFileAttributesW
GetCurrentDirectoryW
FindClose
SetCurrentDirectoryW
FindNextFileW
SetFileAttributesW
WideCharToMultiByte
lstrlenW
MultiByteToWideChar
GetProcAddress
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLocalTime
GetModuleFileNameA
DeleteCriticalSection
MapViewOfFile
UnmapViewOfFile
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
CreateFileMappingW
GetCurrentThreadId
CloseHandle
Sleep
GetTickCount
DosDateTimeToFileTime
SetFilePointer
SystemTimeToFileTime
GetCurrentProcess
CreateDirectoryW
SetFileTime
WriteFile
ReadFile
CreateFileW
GetFileType
FileTimeToDosDateTime
GetFileSize
FileTimeToSystemTime
GetLastError
GetFileInformationByHandle
GetSystemTime
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LoadLibraryA
HeapSize
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetThreadLocale
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetEndOfFile
HeapFree
HeapAlloc
GetProcessHeap
GetCommandLineA
GetVersionExA
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
GetACP
GetOEMCP
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
SetStdHandle
SetHandleCount
GetStdHandle
GetStartupInfoA
CreateFileA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ExitProcess
HeapDestroy

Exports

Exports

gz_compress
gz_hash
gz_uncompress
unzip
zip

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wanyixia/mydata/mycfg.dat
.xml
wanyixia/mydata/mygame.dat
.xml
wanyixia/res/ExpandLeft.bmp
wanyixia/res/Expandright.bmp
wanyixia/res/b_tabclose.png
.png
wanyixia/res/close.bmp
wanyixia/res/d_close.bmp
wanyixia/res/d_feedback.bmp
wanyixia/res/d_nag_flush.bmp
wanyixia/res/d_nag_home.bmp
wanyixia/res/d_sound_close.bmp
wanyixia/res/d_sound_open.bmp
wanyixia/res/d_tobig.bmp
wanyixia/res/d_tomax.bmp
wanyixia/res/d_tonormal.bmp
wanyixia/res/d_tosmall.bmp
wanyixia/res/feedback.bmp
wanyixia/res/m_b_tabclose.png
.png
wanyixia/res/m_close.bmp
wanyixia/res/m_feedback.bmp
wanyixia/res/m_nag_flush.bmp
wanyixia/res/m_nag_home.bmp
wanyixia/res/m_sound_close.bmp
wanyixia/res/m_sound_open.bmp
wanyixia/res/m_tobig.bmp
wanyixia/res/m_tonormal.bmp
wanyixia/res/m_tosmall.bmp
wanyixia/res/nag_flush.bmp
wanyixia/res/nag_home.bmp
wanyixia/res/scj_1.bmp
wanyixia/res/scj_2.bmp
wanyixia/res/scj_3.bmp
wanyixia/res/sound_close.bmp
wanyixia/res/sound_open.bmp
wanyixia/res/tabactive.bmp
wanyixia/res/tabnormal.bmp
wanyixia/res/tobig.bmp
wanyixia/res/tonormal.bmp
wanyixia/res/tosmall.bmp
wanyixia/wanyixia.exe
.exe windows:4 windows x86 arch:x86

062b4690f16e334f90dcaaa41f45556f

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6b:d0:fa:31:11:e1:60:37:0e:59:8f:35:d2:0a:41:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13-09-2010 00:00

Not After

12-11-2011 23:59

Subject

CN=Shenzhen DriveTheLife Software Technology Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen DriveTheLife Software Technology Co.Ltd,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

95:db:7b:b3:ef:eb:49:22:43:60:d3:cc:56:a6:0f:ce:70:24:7e:63
Signer

Actual PE Digest

95:db:7b:b3:ef:eb:49:22:43:60:d3:cc:56:a6:0f:ce:70:24:7e:63

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\driver code\driver life\work\6.24玩一下\release\wanyixia.pdb

Imports

kernel32

GetCurrentThread
WritePrivateProfileStringW
lstrlenA
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
GlobalGetAtomNameW
GetFileTime
ReadFile
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
SetErrorMode
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
HeapReAlloc
GetSystemTimeAsFileTime
ConvertDefaultLocale
RtlUnwind
RaiseException
HeapSize
SetStdHandle
GetFileType
VirtualProtect
VirtualAlloc
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetEnvironmentVariableA
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
GetThreadLocale
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
FormatMessageW
LocalFree
MulDiv
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
FreeLibrary
CompareStringW
lstrcmpW
GetVersionExA
WriteFile
SetFilePointer
GetFileSize
CreateFileW
FindFirstFileW
LoadLibraryExW
LoadLibraryExA
LoadLibraryW
LoadLibraryA
WriteProcessMemory
lstrcmpiA
VirtualQuery
GetModuleHandleA
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
GetWindowsDirectoryW
ExitProcess
HeapAlloc
GetProcessHeap
HeapFree
CreateEventW
GetSystemInfo
SetEvent
InterlockedDecrement
InterlockedCompareExchange
WaitForSingleObject
InterlockedIncrement
GetCurrentThreadId
InterlockedExchange
UnmapViewOfFile
GetModuleFileNameA
GetLocalTime
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FindClose
Sleep
SetProcessWorkingSetSize
OpenProcess
GetCurrentProcessId
lstrcatW
DeviceIoControl
CreateFileA
GetPrivateProfileStringW
SetFileAttributesW
GetFileAttributesW
GetPrivateProfileIntW
ResumeThread
SetThreadPriority
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
CloseHandle
GetCommandLineW
DeleteFileW
CreateDirectoryW
CreateMutexW
SetLastError
GetLastError
FindResourceW
LoadResource
LockResource
SizeofResource
GetCurrentDirectoryW
MultiByteToWideChar
GetVersionExW
GetCurrentProcess
GetModuleHandleW
GetProcAddress
lstrlenW
WideCharToMultiByte
GetModuleFileNameW
GetTickCount

user32

ReuseDDElParam
UnpackDDElParam
RegisterClipboardFormatW
PostThreadMessageW
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
GetWindowThreadProcessId
ShowOwnedPopups
GetMessageW
TranslateMessage
ValidateRect
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
MoveWindow
SetWindowTextW
IsDialogMessageW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetMenuState
EndPaint
BeginPaint
GetWindowDC
GetDC
ClientToScreen
FillRect
WindowFromPoint
IsWindowEnabled
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
LoadMenuW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
SetActiveWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
TrackPopupMenu
GetKeyState
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExW
GetClassInfoExW
RegisterClassW
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
GetDlgCtrlID
LoadAcceleratorsW
InsertMenuItemW
SetRectEmpty
SetMenu
CallWindowProcW
SetWindowPos
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetActiveWindow
MessageBoxA
OffsetRect
AdjustWindowRectEx
IsWindow
EnumChildWindows
FindWindowExW
DefWindowProcW
ReleaseDC
UpdateWindow
InflateRect
TranslateAcceleratorW
UnregisterClassW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
CharNextW
GetDesktopWindow
MessageBoxW
KillTimer
CharUpperW
GetSysColorBrush
ReleaseCapture
SetCapture
DrawIcon
GetClassLongW
IsRectEmpty
GetSystemMetrics
PostMessageW
GetCursorPos
AppendMenuW
SetMenuInfo
CreatePopupMenu
SetForegroundWindow
IsIconic
CopyRect
ScreenToClient
PtInRect
SetWindowLongW
IsZoomed
SetRect
GetSystemMenu
ShowWindow
BringWindowToTop
GetLastActivePopup
FindWindowW
GetSysColor
LoadIconW
DefDlgProcW
GetClassInfoW
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
SetWindowRgn
GetClientRect
EnableWindow
SendMessageW
IsWindowVisible
SetTimer
SetCursor
InvalidateRect
GetParent
GetWindowLongW
GetWindowRect
LoadCursorW
ScrollWindow
UnregisterClassA

gdi32

ExtSelectClipRgn
DeleteDC
CreatePatternBrush
CreateBitmap
GetDeviceCaps
CreatePen
CreateRectRgnIndirect
CreateEllipticRgn
Ellipse
GetTextColor
GetRgnBox
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
DeleteObject
SetMapMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
GetTextExtentPoint32W
GetStockObject
CreateFontIndirectW
GetObjectW
CreateSolidBrush
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
LPtoDP
GetMapMode
GetWindowExtEx
GetViewportExtEx
DPtoLP
GetBkColor
CombineRgn
GetPixel
CreateRectRgn
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

RegDeleteKeyW
RegQueryValueW
RegEnumKeyW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegOpenKeyW

shell32

SHFileOperationW
Shell_NotifyIconW
ShellExecuteW
DragQueryFileW
DragFinish

comctl32

_TrackMouseEvent
InitCommonControlsEx

shlwapi

PathIsDirectoryW
UrlUnescapeW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathRemoveFileSpecW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoRegisterMessageFilter
OleFlushClipboard
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard

oleaut32

OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysAllocString
SysFreeString

gdiplus

GdipCreateBitmapFromResource
GdiplusShutdown
GdiplusStartup
GdipImageSelectActiveFrame
GdipAlloc
GdipDeleteGraphics
GdipDrawImageRectI
GdipFree
GdipDisposeImage
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipLoadImageFromFile
GdipCreateFromHDC

ws2_32

WSACleanup
WSAStartup
WSACloseEvent
gethostbyname
socket
shutdown
closesocket
inet_addr
htons
sendto
setsockopt

iphlpapi

GetAdaptersInfo

imagehlp

ImageDirectoryEntryToData

wininet

InternetConnectW
HttpSendRequestW
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW
InternetCloseHandle
HttpQueryInfoW
InternetQueryDataAvailable
HttpOpenRequestW
InternetSetOptionExW
InternetCanonicalizeUrlW
InternetCrackUrlW

Sections

.text
Size: 396KB - Virtual size: 394KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
wanyixia/wanyixiaUpdateUI.exe
.exe windows:4 windows x86 arch:x86

9db75de2eaf91fba63f554a411d0430f

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6b:d0:fa:31:11:e1:60:37:0e:59:8f:35:d2:0a:41:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13-09-2010 00:00

Not After

12-11-2011 23:59

Subject

CN=Shenzhen DriveTheLife Software Technology Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen DriveTheLife Software Technology Co.Ltd,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e7:1c:c6:d8:84:cc:ec:c9:90:41:52:ff:b9:16:ce:d8:e2:d6:59:09
Signer

Actual PE Digest

e7:1c:c6:d8:84:cc:ec:c9:90:41:52:ff:b9:16:ce:d8:e2:d6:59:09

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\driver code\driver life\work\6.24玩一下\release\wanyixiaUpdateUI.pdb

Imports

gzipdll

unzip

mfc80ud

ord7034
ord4114
ord2522
ord5313
ord7276
ord8601
ord6873
ord1341
ord5287
ord7570
ord2644
ord2689
ord6009
ord8669
ord5279
ord8667
ord5613
ord5655
ord386
ord1416
ord2634
ord5045
ord6278
ord5770
ord8386
ord7991
ord8391
ord8424
ord5502
ord573
ord832
ord7664
ord4646
ord3469
ord2725
ord6482
ord289
ord3663
ord3187
ord422
ord742
ord3121
ord1975
ord4487
ord1669
ord2784
ord5941
ord6179
ord3999
ord6998
ord2152
ord2221
ord2222
ord2580
ord6970
ord1864
ord6730
ord4655
ord8670
ord5280
ord8668
ord2064
ord2992
ord3002
ord7036
ord3268
ord3266
ord3284
ord3296
ord3273
ord3289
ord3294
ord3277
ord3279
ord3281
ord3275
ord3291
ord3271
ord1184
ord1180
ord1182
ord1178
ord1173
ord7050
ord7052
ord8194
ord2153
ord5961
ord6455
ord4775
ord1802
ord2994
ord7001
ord5856
ord8666
ord6841
ord2508
ord6946
ord5922
ord1916
ord5499
ord2176
ord2179
ord8117
ord9157
ord2100
ord2101
ord2244
ord2245
ord6638
ord6468
ord5884
ord6977
ord9137
ord288
ord2029
ord919
ord3402
ord1160
ord5503
ord6266
ord7046
ord7011
ord7553
ord3508
ord3803
ord3972
ord5990
ord3780
ord3975
ord3511
ord3684
ord3503
ord5151
ord5152
ord5142
ord3682
ord5506
ord6174
ord5940
ord2891
ord1757
ord7685
ord4638
ord3080
ord714
ord2646
ord2595
ord3253
ord5633
ord1578
ord1358
ord8227
ord1396
ord1485
ord5311
ord908
ord888
ord662
ord5087
ord6237
ord1142
ord1145
ord286
ord299
ord673
ord921
ord901
ord1435
ord3286
ord893

msvcr80d

_CrtSetCheckCount
_wcmdln
_cexit
_XcptFilter
_exit
__wgetmainargs
_amsg_exit
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_errno
_CrtDbgReportW
exit
_beginthreadex
wcslen
memmove_s
_wcsicmp
memcmp
_recalloc
calloc
_initterm
_initterm_e
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_controlfp_s
_invoke_watson
_except_handler4_common
_crt_debugger_hook
__CxxFrameHandler3
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_snprintf_s
_CxxThrowException
_CrtDbgReport
free
strcpy
wcscpy
_vsnprintf_s
memset
_vsnwprintf_s
_snwprintf_s
wcscpy_s
wcsncpy_s
strcpy_s

kernel32

CloseHandle
Sleep
CreateMutexW
SetLastError
GetLastError
MultiByteToWideChar
GetCurrentProcess
GetModuleFileNameW
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoW
SetThreadPriority
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
FatalAppExitA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameA
InterlockedDecrement
InterlockedIncrement
OpenFileMappingA
GetVersion
ResumeThread
GetTickCount
GetCurrentThread
CreateFileMappingA
MapViewOfFile
QueryPerformanceCounter
GetSystemInfo
UnmapViewOfFile
VirtualAlloc
lstrlenA
OutputDebugStringW
OutputDebugStringA
OpenEventA
SetEvent
RaiseException
GetThreadLocale
GetLocaleInfoA
GetACP
GetVersionExA
MulDiv

user32

OffsetRect
InflateRect
EqualRect
SetRectEmpty
SubtractRect
IntersectRect
IsRectEmpty
RegisterClassW
GetSysColor
PtInRect
UnionRect
LoadCursorW
SetRect
CopyRect
PostMessageW
GetSystemMetrics
FindWindowW
DefDlgProcW

gdi32

CreateSolidBrush

shell32

ShellExecuteW
SHFileOperationW

comctl32

InitCommonControlsEx

shlwapi

PathRemoveFileSpecW

ws2_32

WSAStartup

gdiplus

GdiplusStartup
GdiplusShutdown

advapi32

SetThreadToken
RevertToSelf
OpenThreadToken

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
wanyixia/webpath/nonetworkleft.mht
.eml
- http://wan.52dian.com/leftEx.aspx
attachment-4
email-html-1.txt
wanyixia/webpath/right.mht
.eml
email-html-1.txt

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 12KB - Virtual size: 11KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

3f1149a3053980fe6b461521d2b55a2c

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

wininet

comctl32

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

af92b0d9ff70f638f47a7bb6216e5f2a

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate

Extended Key Usages

Key Usages

6b:d0:fa:31:11:e1:60:37:0e:59:8f:35:d2:0a:41:b4Certificate

Extended Key Usages

Key Usages

e8:7e:2b:ad:ba:b1:20:47:60:17:61:60:df:a7:7a:d3:6e:25:cc:72Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 12KB - Virtual size: 11KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

6b:d0:fa:31:11:e1:60:37:0e:59:8f:35:d2:0a:41:b4
Certificate

e8:7e:2b:ad:ba:b1:20:47:60:17:61:60:df:a7:7a:d3:6e:25:cc:72
Signer

.text
Size: 360KB - Virtual size: 356KB

.rdata
Size: 80KB - Virtual size: 78KB

.data
Size: 16KB - Virtual size: 31KB

.rsrc
Size: 80KB - Virtual size: 76KB

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

6b:d0:fa:31:11:e1:60:37:0e:59:8f:35:d2:0a:41:b4
Certificate

f6:1e:93:34:eb:fb:04:2e:27:2d:c5:52:e2:1e:38:c4:5f:c9:a4:d5
Signer

.text
Size: 100KB - Virtual size: 96KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 456KB - Virtual size: 452KB

.reloc
Size: 12KB - Virtual size: 11KB

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

6b:d0:fa:31:11:e1:60:37:0e:59:8f:35:d2:0a:41:b4
Certificate

ac:15:8c:0f:b4:85:ed:c3:51:c0:0a:b8:fa:c1:08:c0:ae:20:4d:73
Signer

.text
Size: 320KB - Virtual size: 316KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 16KB - Virtual size: 29KB

.rsrc
Size: 40KB - Virtual size: 36KB

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate