6ee693630cc91533c69b9994a9886b8d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6ee693630cc91533c69b9994a9886b8d_JaffaCakes118
Size

2.6MB
MD5

6ee693630cc91533c69b9994a9886b8d
SHA1

abf9746e2e79b3160cd3e442bc52dd7b52c36e7f
SHA256

a6a476967e7e02a0611a06f96f41be34761e69b28fe865bcd96cf5678ebb555a
SHA512

008ea84e6e9dfee64fade8a00c07c0d360f39941cb6fb196f0c6f93a6e0dd9e8590fbfb90d9c20f6bd811ad48792136ae5c84a47674b8e37d0d49ebd28db5a2c
SSDEEP

24576:IVYbWzOLA80yE23Z5EU22lH1QnxBxabsM8KGH7Co0OLeGrIocE5lArjPPA:hWzOIyrZOU22lcx08KGbNLeGMb4unA

Score

3^/10

Malware Config

Signatures

Unsigned PE 13 IoCs

Checks for missing Authenticode signature.

Processes:

resource
6ee693630cc91533c69b9994a9886b8d_JaffaCakes118
unpack001/ADVPACK.DLL
unpack001/W95INF32.DLL
unpack001/fngrprnt.dll
unpack001/msnphoto.scr
unpack001/msvcr71.dll
unpack001/pibase.dll
unpack001/pidav.dll
unpack001/piorg.dll
unpack001/piorgres.dll
unpack001/pisync.dll
unpack001/pisynctw.exe
unpack001/piview.dll

Files

6ee693630cc91533c69b9994a9886b8d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6013d0b9fb6901d1d5e58a9ae7072103

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleBaseNameA
GetModuleFileNameExA
EnumProcessModules
EnumProcesses

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

GetTempFileNameA
CreateFileA
lstrcpyA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
GetVolumeInformationA
GetDriveTypeA
lstrcpynA
WaitForSingleObject
CreateMutexA
Thread32Next
SuspendThread
ResumeThread
OpenThread
Thread32First
CreateToolhelp32Snapshot
OpenProcess
TerminateProcess
CreateDirectoryA
GetTempPathA
DeleteFileA
FreeResource
UpdateResourceA
LockResource
LoadResource
SizeofResource
FindResourceExA
EnumResourceLanguagesA
EnumResourceNamesA
SetFileTime
GetFileTime
FreeLibrary
FindResourceA
LoadLibraryExA
GetCurrentProcess
SetEvent
OpenEventA
Process32Next
Process32First
FindClose
FindNextFileA
FindFirstFileA
EndUpdateResourceA
EnumResourceTypesA
BeginUpdateResourceA
GetTickCount
CopyFileA
ReleaseMutex
lstrlenA
lstrcatA
WriteFile
GetModuleFileNameA
CreateProcessA
CloseHandle
Sleep
GetLastError
HeapSize
GetLocaleInfoA
GetUserDefaultLCID
CreateThread
FlushFileBuffers
SetStdHandle
GetConsoleMode
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
LoadLibraryA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetFullPathNameA
GetCurrentThread
WideCharToMultiByte
GetModuleHandleA
GetVersionExA
lstrcmpA
SetFilePointer
GetSystemTimeAsFileTime
GetLocalTime
GetCurrentThreadId
GetCurrentProcessId
HeapAlloc
HeapFree
GetProcessHeap
InterlockedIncrement
InterlockedDecrement
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
GetCommandLineA
GetStartupInfoA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetCPInfo
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetACP
GetOEMCP
IsValidCodePage
GetStdHandle
ExitProcess
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
VirtualFree
QueryPerformanceCounter
VirtualAlloc
HeapReAlloc
ReadFile
GetConsoleCP

user32

wsprintfA
wvsprintfA

advapi32

RegQueryValueExA
RegCreateKeyA
RegEnumKeyExA
FreeSid
AllocateAndInitializeSid
EqualSid
RegEnumValueA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
OpenProcessToken
OpenThreadToken
GetTokenInformation

shell32

ShellExecuteA
SHGetSpecialFolderPathA

shlwapi

SHRegCreateUSKeyA
SHRegCloseUSKey

wininet

InternetCloseHandle
HttpOpenRequestA
InternetOpenA
InternetConnectA
InternetQueryOptionA
HttpQueryInfoA
InternetOpenUrlA
InternetSetFilePointer
HttpSendRequestA
InternetReadFile

ws2_32

WSAStartup
gethostbyname

Sections

.text
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ADVPACK.DLL
.dll windows:5 windows x86 arch:x86

c654a5cf569ffb2b7d4ea4076125d5c7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

ntdll

RtlUnwind

user32

DestroyWindow
GetWindowRect
CharToOemA
DispatchMessageA
OemToCharA
CharUpperA
MsgWaitForMultipleObjects
UpdateWindow
CreateDialogParamA
ShowWindow
GetSystemMetrics
PeekMessageA
GetDC
ReleaseDC
SetWindowPos
SendMessageA
SetDlgItemTextA
GetDlgItemTextA
GetDesktopWindow
SetWindowTextA
SendDlgItemMessageA
GetDlgItem
EnableWindow
EndDialog
DialogBoxParamA
MessageBeep
MessageBoxA
wsprintfA
CharPrevA
ExitWindowsEx
IsWindow
LoadStringA
CharNextA

gdi32

GetStockObject
GetObjectA
CreateFontIndirectA
GetDeviceCaps
DeleteObject

kernel32

SearchPathA
GetVolumeInformationA
GetCurrentProcess
GetDiskFreeSpaceA
EnumResourceLanguagesA
SetFileTime
MulDiv
ReadFile
WritePrivateProfileSectionA
GetFileTime
GetLocalTime
GetSystemInfo
GetProfileStringA
GetProcAddress
GetLastError
lstrcpyA
lstrlenA
GetDriveTypeA
lstrcpynA
GetEnvironmentVariableA
CloseHandle
WriteFile
CreateFileA
WritePrivateProfileStringA
LockResource
LoadResource
SizeofResource
FindResourceA
GetTempFileNameA
GetWindowsDirectoryA
GetTempPathA
SetFilePointer
LocalFree
LocalAlloc
lstrcatA
GetModuleFileNameA
IsBadReadPtr
DeleteFileA
LocalReAlloc
GetFileAttributesA
GetFullPathNameA
lstrcmpiA
FormatMessageA
GetPrivateProfileIntA
GetFileSize
FindNextFileA
lstrcmpA
GetPrivateProfileStringA
FreeLibrary
GetVersionExA
LoadLibraryA
IsDBCSLeadByte
GetShortPathNameA
ExpandEnvironmentStringsA
GetSystemDirectoryA
MultiByteToWideChar
LoadLibraryExA
_lclose
_llseek
_lopen
FindClose
FindFirstFileA
OpenFile
SetFileAttributesA
CreateDirectoryA
CreateProcessA
GetPrivateProfileSectionA
CopyFileA
UnmapViewOfFile
SetLastError
MapViewOfFileEx
CreateFileMappingA
MoveFileExA
MoveFileA
RemoveDirectoryA

advapi32

RegSetValueA
RegEnumKeyA
RegDeleteKeyA
GetTokenInformation
EqualSid
AllocateAndInitializeSid
FreeSid
RegUnLoadKeyA
RegLoadKeyA
RegSaveKeyA
RegFlushKey
RegDeleteValueA
RegQueryInfoKeyA
RegCreateKeyExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegEnumValueA
RegSetValueExA
RegQueryValueExA
RegCloseKey

ole32

CoTaskMemFree
OleInitialize
OleUninitialize

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Exports

Exports

AddDelBackupEntry
AdvInstallFile
CloseINFEngine
DelNode
DelNodeRunDLL32
DllMain
DoInfInstall
ExecuteCab
ExtractFiles
FileSaveMarkNotExist
FileSaveRestore
FileSaveRestoreOnINF
GetVersionFromFile
GetVersionFromFileEx
IsNTAdmin
LaunchINFSection
LaunchINFSectionEx
NeedReboot
NeedRebootInit
OpenINFEngine
RebootCheckOnInstall
RegInstall
RegRestoreAll
RegSaveRestore
RegSaveRestoreOnINF
RegisterOCX
RunSetupCommand
SetPerUserSecValues
TranslateInfString
TranslateInfStringEx
UserInstStubWrapper
UserUnInstStubWrapper

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PI.txt
W95INF16.DLL
W95INF32.DLL
.dll windows:4 windows x86 arch:x86

5f75d18fe563266a560ac1f72bd4cae2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SUnMapLS_IP_EBP_16
SMapLS_IP_EBP_16
SMapLS_IP_EBP_8
SUnMapLS_IP_EBP_12
ThunkConnect32
SMapLS_IP_EBP_12
SUnMapLS_IP_EBP_8

user32

MessageBoxA

Exports

Exports

CtlSetLddPath32@8
GenFormStrWithoutPlaceHolders32@12
GenInstall32@20
GetSETUPXErrorText32@12
w95thk_ThunkData32

Sections

.text
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 247B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 173B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
active~1.htm
.html .js polyglot
config.xml
data.xml
.xml
fngrprnt.dll
.dll windows:5 windows x86 arch:x86

95d5d555032868a55dfb71899f3429a4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\photos-v9\target\retail\i386\FngrPrnt.pdb

Imports

msvcr71

_onexit
__dllonexit
_except_handler3
__CppXcptFilter
_adjust_fdiv
malloc
_initterm
free

kernel32

SetLastError
LoadLibraryA
GetLastError
FreeLibrary
CompareStringA
InterlockedExchange
GetModuleHandleA
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA

advapi32

CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash

Exports

Exports

FingerPrintCalculate
FingerPrintInit
FingerPrintTerminate

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mega.gif
.gif
messen~1.xml
.xml
msnphoto.scr
.exe windows:5 windows x86 arch:x86

27c0cb43ce1328947820bbb6d57a276f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\photos-v9\target\retail\i386\msnphoto.pdb

Imports

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

kernel32

TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsAlloc
SetLastError
GetCurrentThreadId
TlsFree
TlsSetValue
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
HeapFree
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
GetACP
GetModuleHandleA
ExitProcess
HeapAlloc
InitializeCriticalSection
VirtualAlloc
HeapReAlloc
RtlUnwind
InterlockedExchange
VirtualQuery
HeapSize
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
VirtualProtect
GetSystemInfo
GetCommandLineA
GetStartupInfoA
FreeLibrary
LoadLibraryExA
lstrcpynA
GetCPInfo
GetProcAddress
GetVersionExA
GetOEMCP
GetSystemPowerStatus
Sleep

gdi32

SetBkColor
SelectObject
GetStockObject
GetClipBox
SetTextColor

user32

EnumDisplaySettingsA
LoadStringA
MessageBoxA
EndDialog
GetClientRect
MapWindowPoints
SetTimer
KillTimer
BeginPaint
FillRect
InflateRect
DrawTextExA
EndPaint
PostQuitMessage
GetSystemMetrics
CharNextA
GetCursorPos
SetCursor
DefWindowProcA
PostMessageA
IsWindow
GetParent
DialogBoxParamA
SendMessageA
PeekMessageA
GetForegroundWindow
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExA
RegisterClassA
RegisterWindowMessageA
SetForegroundWindow
FindWindowA
ReleaseDC
GetDC
LoadIconA
SystemParametersInfoA

ole32

CoInitialize
CoUninitialize

comctl32

InitCommonControlsEx

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
msvcr71.dll
.dll windows:4 windows x86 arch:x86

7acc8c379c768a1ecd81ec502ff5f33e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msvcr71.pdb

Imports

kernel32

GetModuleFileNameA
GetModuleFileNameW
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetCurrentThreadId
GetCommandLineA
GetVersionExA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ExitThread
CloseHandle
GetLastError
ResumeThread
CreateThread
TlsAlloc
SetLastError
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
FindNextFileA
FindFirstFileA
FindClose
FindNextFileW
FindFirstFileW
HeapAlloc
HeapFree
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetHandleCount
GetFileType
GetStartupInfoA
GetACP
GetOEMCP
GetCPInfo
LoadLibraryA
MultiByteToWideChar
GetCommandLineW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
InitializeCriticalSection
RtlUnwind
UnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetConsoleCtrlHandler
InterlockedExchange
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetEnvironmentVariableA
SetEnvironmentVariableW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetLocaleInfoW
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
HeapSize
VirtualProtect
GetSystemInfo
FlushFileBuffers
SetFilePointer
SetStdHandle
CompareStringA
CompareStringW
Sleep
Beep
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDiskFreeSpaceA
GetLogicalDrives
SetErrorMode
GetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetFileAttributesA
GetFullPathNameA
GetDriveTypeA
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
DeleteFileW
MoveFileW
RemoveDirectoryW
GetDriveTypeW
MoveFileA
RaiseException
IsBadReadPtr
SetUnhandledExceptionFilter
IsBadCodePtr
GetExitCodeProcess
WaitForSingleObject
FreeLibrary
CreateProcessA
CreateProcessW
HeapValidate
HeapCompact
HeapWalk
ReadConsoleA
SetConsoleMode
GetConsoleMode
IsDBCSLeadByteEx
GetConsoleCP
ReadConsoleW
SetEndOfFile
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
DuplicateHandle
GetFileInformationByHandle
PeekNamedPipe
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
ReadConsoleInputW
LockFile
UnlockFile
CreateFileA
CreatePipe
ReadFile
CreateFileW
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetLocalTime
SetLocalTime

Exports

Exports

$I10_OUTPUT
??0__non_rtti_object@@QAE@ABV0@@Z
??0__non_rtti_object@@QAE@PBD@Z
??0bad_cast@@AAE@PBQBD@Z
??0bad_cast@@QAE@ABQBD@Z
??0bad_cast@@QAE@ABV0@@Z
??0bad_cast@@QAE@PBD@Z
??0bad_typeid@@QAE@ABV0@@Z
??0bad_typeid@@QAE@PBD@Z
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1__non_rtti_object@@UAE@XZ
??1bad_cast@@UAE@XZ
??1bad_typeid@@UAE@XZ
??1exception@@UAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??3@YAXPAX@Z
??4__non_rtti_object@@QAEAAV0@ABV0@@Z
??4bad_cast@@QAEAAV0@ABV0@@Z
??4bad_typeid@@QAEAAV0@ABV0@@Z
??4exception@@QAEAAV0@ABV0@@Z
??8type_info@@QBEHABV0@@Z
??9type_info@@QBEHABV0@@Z
??_7__non_rtti_object@@6B@
??_7bad_cast@@6B@
??_7bad_typeid@@6B@
??_7exception@@6B@
??_Fbad_cast@@QAEXXZ
??_Fbad_typeid@@QAEXXZ
??_U@YAPAXI@Z
??_V@YAXPAX@Z
?_query_new_handler@@YAP6AHI@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?before@type_info@@QBEHABV1@@Z
?name@type_info@@QBEPBDXZ
?raw_name@type_info@@QBEPBDXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?swprintf@@YAHPAGIPBGZZ
?swprintf@@YAHPA_WIPB_WZZ
?terminate@@YAXXZ
?unexpected@@YAXXZ
?vswprintf@@YAHPAGIPBGPAD@Z
?vswprintf@@YAHPA_WIPB_WPAD@Z
?what@exception@@UBEPBDXZ
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CRT_RTC_INIT
_CxxThrowException
_EH_prolog
_Getdays
_Getmonths
_Gettnames
_HUGE
_Strftime
_XcptFilter
__CppXcptFilter
__CxxCallUnwindDtor
__CxxCallUnwindVecDtor
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
___lc_codepage_func
___lc_collate_cp_func
___lc_handle_func
___mb_cur_max_func
___setlc_active_func
___unguarded_readlc_active_add_func
__argc
__argv
__badioinfo
__buffer_overrun
__crtCompareStringA
__crtCompareStringW
__crtGetLocaleInfoW
__crtGetStringTypeW
__crtLCMapStringA
__crtLCMapStringW
__dllonexit
__doserrno
__fpecode
__getmainargs
__initenv
__iob_func
__isascii
__iscsym
__iscsymf
__lc_clike
__lc_codepage
__lc_collate_cp
__lc_handle
__lconv_init
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__amblksiz
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fileinfo
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__osver
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__winmajor
__p__winminor
__p__winver
__p__wpgmptr
__pctype_func
__pioinfo
__pwctype_func
__pxcptinfoptrs
__security_error_handler
__set_app_type
__set_buffer_overrun_handler
__setlc_active
__setusermatherr
__threadhandle
__threadid
__toascii
__unDName
__unDNameEx
__uncaught_exception
__unguarded_readlc_active
__wargv
__wcserror
__wgetmainargs
__winitenv
_abnormal_termination
_access
_acmdln
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_adjust_fdiv
_aexit_rtn
_aligned_free
_aligned_malloc
_aligned_offset_malloc
_aligned_offset_realloc
_aligned_realloc
_amsg_exit
_assert
_atodbl
_atoi64
_atoldbl
_beep
_beginthread
_beginthreadex
_c_exit
_cabs
_callnewh
_cexit
_cgets
_cgetws
_chdir
_chdrive
_chgsign
_chkesp
_chmod
_chsize
_clearfp
_close
_commit
_commode
_control87
_controlfp
_copysign
_cprintf
_cputs
_cputws
_creat
_cscanf
_ctime64
_cwait
_cwprintf
_cwscanf
_daylight
_dstbias
_dup
_dup2
_ecvt
_endthread
_endthreadex
_environ
_eof
_errno
_except_handler2
_except_handler3
_execl
_execle
_execlp
_execlpe
_execv
_execve
_execvp
_execvpe
_exit
_expand
_fcloseall
_fcvt
_fdopen
_fgetchar
_fgetwchar
_filbuf
_fileinfo
_filelength
_filelengthi64
_fileno
_findclose
_findfirst
_findfirst64
_findfirsti64
_findnext
_findnext64
_findnexti64
_finite
_flsbuf
_flushall
_fmode
_fpclass
_fpieee_flt
_fpreset
_fputchar
_fputwchar
_fsopen
_fstat
_fstat64
_fstati64
_ftime
_ftime64
_ftol
_fullpath
_futime
_futime64
_gcvt
_get_heap_handle
_get_osfhandle
_get_sbh_threshold
_getch
_getche
_getcwd
_getdcwd
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp
_getpid
_getsystime
_getw
_getwch
_getwche
_getws
_global_unwind2
_gmtime64
_heapadd
_heapchk
_heapmin
_heapset
_heapused
_heapwalk
_hypot
_i64toa
_i64tow
_initterm
_inp
_inpd
_inpw
_iob
_isatty
_isctype
_ismbbalnum
_ismbbalpha
_ismbbgraph
_ismbbkalnum
_ismbbkana
_ismbbkprint
_ismbbkpunct
_ismbblead
_ismbbprint
_ismbbpunct
_ismbbtrail
_ismbcalnum
_ismbcalpha
_ismbcdigit
_ismbcgraph
_ismbchira
_ismbckata
_ismbcl0
_ismbcl1
_ismbcl2
_ismbclegal
_ismbclower
_ismbcprint
_ismbcpunct
_ismbcspace
_ismbcsymbol
_ismbcupper
_ismbslead
_ismbstrail
_isnan
_itoa
_itow
_j0
_j1
_jn
_kbhit
_lfind
_loaddll
_local_unwind2
_localtime64
_lock
_locking
_logb
_longjmpex
_lrotl
_lrotr
_lsearch
_lseek
_lseeki64
_ltoa
_ltow
_makepath
_mbbtombc
_mbbtype
_mbcasemap
_mbccpy
_mbcjistojms
_mbcjmstojis
_mbclen
_mbctohira
_mbctokata
_mbctolower
_mbctombb
_mbctoupper
_mbctype
_mbsbtype
_mbscat
_mbschr
_mbscmp
_mbscoll
_mbscpy
_mbscspn
_mbsdec
_mbsdup
_mbsicmp
_mbsicoll
_mbsinc
_mbslen
_mbslwr
_mbsnbcat
_mbsnbcmp
_mbsnbcnt
_mbsnbcoll
_mbsnbcpy
_mbsnbicmp
_mbsnbicoll
_mbsnbset
_mbsncat
_mbsnccnt
_mbsncmp
_mbsncoll
_mbsncpy
_mbsnextc
_mbsnicmp
_mbsnicoll
_mbsninc
_mbsnset
_mbspbrk
_mbsrchr
_mbsrev
_mbsset
_mbsspn
_mbsspnp
_mbsstr
_mbstok
_mbstrlen
_mbsupr
_memccpy
_memicmp
_mkdir
_mktemp
_mktime64
_msize
_nextafter
_onexit
_open
_open_osfhandle
_osplatform
_osver
_outp
_outpd
_outpw
_pclose
_pctype
_pgmptr
_pipe
_popen
_purecall
_putch
_putenv
_putw
_putwch
_putws
_pwctype
_read
_resetstkoflw
_rmdir
_rmtmp
_rotl
_rotr
_safe_fdiv
_safe_fdivr
_safe_fprem
_safe_fprem1
_scalb
_scprintf
_scwprintf
_searchenv
_seh_longjmp_unwind
_set_SSE2_enable
_set_error_mode
_set_purecall_handler
_set_sbh_threshold
_set_security_error_handler
_seterrormode
_setjmp
_setjmp3
_setmaxstdio
_setmbcp
_setmode
_setsystime
_sleep
_snprintf
_snscanf
_snwprintf
_snwscanf
_sopen
_spawnl
_spawnle
_spawnlp
_spawnlpe
_spawnv
_spawnve
_spawnvp

Sections

.text
Size: 228KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pi.inf
pibase.dll
.dll windows:5 windows x86 arch:x86

43d41b64a35570823063ac5e40244bd9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\photos-v9\target\retail\i386\pibase.pdb

Imports

msvcr71

?terminate@@YAXXZ
??1type_info@@UAE@XZ
free
_onexit
__dllonexit
_except_handler3
__CppXcptFilter
_adjust_fdiv
_initterm
_msize
wcscmp
malloc
swprintf
vsprintf
_vscprintf
isspace
__CxxFrameHandler
wcscpy
wcsftime
_localtime64
_time64
vswprintf
_vscwprintf
wcsstr
wcslen
realloc
memmove
__security_error_handler
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
_stricmp
memset
iswspace
_CxxThrowException

kernel32

GetVersionExA
HeapDestroy
HeapReAlloc
HeapSize
LocalAlloc
ExitProcess
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetSystemDirectoryA
GetWindowsDirectoryA
CompareStringA
LoadLibraryA
GetModuleFileNameA
GetModuleHandleA
FreeLibrary
SetLastError
GetProcessHeap
OutputDebugStringA
TerminateProcess
WinExec
GlobalUnlock
GlobalLock
GetCurrentProcess
GetLocaleInfoA
InitializeCriticalSection
GetACP
RaiseException
InterlockedExchange
GetLastError
GetThreadLocale
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemInfo
SizeofResource
LockResource
LoadResource
HeapAlloc
HeapFree
LocalFree
GlobalAlloc
GlobalFree
EnterCriticalSection
LeaveCriticalSection
CloseHandle
FlushFileBuffers
WriteFile
FlushInstructionCache
MulDiv
GetCurrentThreadId

user32

EndDialog
GetWindowRect
GetClientRect
MapWindowPoints
CharNextExA
SetWindowPos
DestroyWindow
GetActiveWindow
CloseClipboard
SetClipboardData
EmptyClipboard
IsWindow
OpenClipboard
GetDlgItem
RedrawWindow
ShowWindow
InvalidateRect

advapi32

RegCloseKey

ole32

CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoGetMalloc

Exports

Exports

??0DisableProgressSteps@Base@@QAE@XZ
??0EnableProgressSteps@Base@@QAE@XZ
??0Exception@Base@@QAE@ABV01@@Z
??0Exception@Base@@QAE@J@Z
??0Exception@Base@@QAE@XZ
??0NoStructuredExceptionAssert@Base@@QAE@XZ
??1DisableProgressSteps@Base@@QAE@XZ
??1EnableProgressSteps@Base@@QAE@XZ
??1Exception@Base@@QAE@XZ
??1NoStructuredExceptionAssert@Base@@QAE@XZ
??1ProgressSteps@Base@@UAE@XZ
??4CPU@Base@@QAEAAV01@ABV01@@Z
??4Debug@Base@@QAEAAV01@ABV01@@Z
??4Exception@Base@@QAEAAV01@ABV01@@Z
??4Log@Base@@QAEAAV01@ABV01@@Z
??4NoStructuredExceptionAssert@Base@@QAEAAV01@ABV01@@Z
??4OS@Base@@QAEAAV01@ABV01@@Z
??4UI@Base@@QAEAAV01@ABV01@@Z
??BException@Base@@QBEJXZ
??_7Exception@Base@@6B@
?Abort@ProgressSteps@Base@@QAEHXZ
?AtlThrow@ATL@@YAXJ@Z
?CloseLogFile@Debug@Base@@SAXXZ
?Delete@BasePrivate@@YAXPAX@Z
?DoesProcessorMeetRequirements@CPU@Base@@SA_NABTCPUCaps@2@K@Z
?GdiplusStatusToHresult@Base@@YAJH@Z
?GetAssertCallback@Base@@YAAAP6A_NPBDH0@ZXZ
?GetBaseStringComManager@StringCom@Base@@SAAAVCAtlStringMgr@ATL@@XZ
?GetBaseStringManager@String@Base@@SAAAVCAtlStringMgr@ATL@@XZ
?GetDllVersion@OS@Base@@SAKPB_W@Z
?GetLogFile@Debug@Base@@SAPB_WXZ
?GetOSDescription@OS@Base@@SAXAAVString@2@@Z
?GetPercentComplete@ProgressSteps@Base@@QAEJPAK@Z
?GetProcessorCaps@CPU@Base@@SAXAATCPUCaps@2@@Z
?GetProcessorCount@CPU@Base@@SAHXZ
?GetProcessorManufacturer@CPU@Base@@SAXAAVString@2@@Z
?GetProcessorName@CPU@Base@@SAXAAVString@2@@Z
?GetProcessorSpeedEstimate@CPU@Base@@SAKXZ
?GetShowLogFile@Debug@Base@@SA_NXZ
?GetTop@ProgressSteps@Base@@SAPAV12@XZ
?Increment@ProgressSteps@Base@@QAEJK@Z
?Init@Exception@Base@@AAEXJ@Z
?Init@ProgressSteps@Base@@QAEJKPAURenderAbort@2@@Z
?Initialize@Base@@YGXXZ
?IsEnabled@ProgressSteps@Base@@QAEHXZ
?IsOpen@Log@Base@@SA_NXZ
?IsThemeActive@UI@Base@@SA_NXZ
?IsThemingSupported@UI@Base@@SA_NXZ
?IsWin32@OS@Base@@SA_NXZ
?IsWinNT@OS@Base@@SA_NXZ
?LoadUnicowsProc@BasePrivate@@YAPAUHINSTANCE__@@PBD@Z
?LogFileIsOpen@Debug@Base@@SA_NXZ
?LogOutputA@Debug@Base@@SAXPBD@Z
?LogOutputW@Debug@Base@@SAXPB_W@Z
?New@BasePrivate@@YAPAXI_N@Z
?NoAssert@NoStructuredExceptionAssert@Base@@SA_NXZ
?OnThreadEvent@ProgressSteps@Base@@QAEXXZ
?OutputDebugInfo@Exception@Base@@UBEXXZ
?ReportError@BasePrivate@@YA_NPBDHPB_W0PAD0JH0@Z
?Reset@ProgressSteps@Base@@QAEJKK@Z
?SetLogFile@Debug@Base@@SAXPB_W_N@Z
?SetShowLogFile@Debug@Base@@SAX_N@Z
?Show@Log@Base@@SAXXZ
?ShowLogFile@Debug@Base@@SAXXZ
?StackTrace@Exception@Base@@QBEPB_WXZ
?StructuredExceptionHandler@BasePrivate@@YGJPAU_EXCEPTION_POINTERS@@@Z
?ThreadID@Exception@Base@@QBEKXZ
?VerifyPtr@BasePrivate@@YA_NPBX@Z
?Write@Log@Base@@SAXPB_W@Z
?s_criticalSection@TempFile@Base@@0VCriticalSection@2@A
?s_iNoAssertCount@NoStructuredExceptionAssert@Base@@0HA
?s_nAssertsInhibited@AssertInhibitor@BasePrivate@@2HA
?s_previousPath@TempFile@Base@@0VPath@2@A
_BaseOutputDebugStringA@4
_BaseOutputDebugStringW@4
_BaseReportErrorA@12
_BaseReportErrorW@12

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pidav.dll
.dll regsvr32 windows:5 windows x86 arch:x86

847b4c077fe610bfa5e095226c5e934a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\photos-v9\target\retail\i386\PIDav.pdb

Imports

msvcr71

??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
__CppXcptFilter
_adjust_fdiv
_initterm
wcstol
_wtol
wcscmp
_wcsicmp
vswprintf
_vscwprintf
wcsstr
__CxxFrameHandler
wcsncpy
_purecall
realloc
memmove
wcslen
malloc
free
__security_error_handler
memset

kernel32

GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
QueryPerformanceCounter
ExitProcess
DeleteCriticalSection
SetLastError
LoadLibraryA
GetSystemDirectoryA
GetWindowsDirectoryA
GetModuleFileNameA
GetModuleHandleA
CompareStringA
Sleep
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
LoadResource
GetLocaleInfoA
InitializeCriticalSection
GetACP
RaiseException
InterlockedExchange
GetThreadLocale
GetVersionExA
FreeLibrary
GetLastError
SizeofResource
LockResource

advapi32

RegCloseKey

ole32

CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CoTaskMemFree

oleaut32

VarBstrCmp
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
VariantInit
VariantClear
VariantCopy
VarDateFromStr
SysAllocStringLen
SysAllocString
VarUI4FromStr
SysFreeString
SysStringLen

pibase

?AtlThrow@ATL@@YAXJ@Z
?New@BasePrivate@@YAPAXI_N@Z
?Delete@BasePrivate@@YAXPAX@Z
?GetBaseStringManager@String@Base@@SAAAVCAtlStringMgr@ATL@@XZ

wininet

InternetConnectW
HttpOpenRequestW
InternetSetOptionW
HttpEndRequestW
HttpSendRequestW
HttpQueryInfoW
InternetReadFile
InternetCloseHandle
InternetOpenW
HttpAddRequestHeadersW

shlwapi

PathFindExtensionW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
piorg.dll
.dll regsvr32 windows:5 windows x86 arch:x86

594b2ae8719a9f9a1dda6ab409827501

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\photos-v9\target\retail\i386\piorg.pdb

Imports

msvcr71

_CxxThrowException
__CxxFrameHandler
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
__CppXcptFilter
_adjust_fdiv
_initterm
_wmakepath
wcstok
iswalpha
_snwprintf
__security_error_handler
_makepath
towlower
wcstol
isalpha
_wtof
ceil
_ltow
_itoa
_wcsnicmp
memset
qsort
_vsnwprintf
_itow
wcspbrk
wcsstr
wcscspn
wcsspn
_wtoi
_beginthreadex
_mbscmp
_mbsstr
_wtol
atoi
strstr
sprintf
sscanf
_wsplitpath
wcschr
??0exception@@QAE@ABV0@@Z
vswprintf
_vscwprintf
_wcsicmp
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_purecall
malloc
realloc
wcsncmp
wcscmp
wcscpy
swprintf
wcsncat
wcscat
wcsncpy
wcsrchr
memmove
wcslen
free

kernel32

DeleteCriticalSection
GetVersion
CreateFileA
MulDiv
GetTempPathA
lstrlenA
GetFileAttributesA
GetFileSize
ReadFile
CloseHandle
IsBadReadPtr
SizeofResource
LockResource
GetThreadLocale
FreeLibrary
GetLastError
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
DeleteFileA
WriteFile
LoadLibraryA
HeapFree
GetCurrentProcess
InterlockedExchange
GetProcessHeap
HeapAlloc
GetCurrentThreadId
GlobalFree
GlobalLock
GlobalUnlock
SystemTimeToFileTime
GlobalAlloc
CreateThread
WaitForSingleObject
GetExitCodeThread
ResetEvent
SetEvent
GetCommandLineW
Sleep
FlushFileBuffers
GlobalHandle
SetLastError
GetCurrentProcessId
FileTimeToSystemTime
FileTimeToLocalFileTime
WaitForMultipleObjects
FindCloseChangeNotification
FindNextChangeNotification
CompareFileTime
CreateEventA
SetThreadPriority
GetFileAttributesExA
CompareStringA
GetModuleHandleA
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
SetFilePointer
RaiseException
GetACP
InitializeCriticalSection
GetLocaleInfoA
GetTickCount
GlobalMemoryStatus
GetUserDefaultLCID
GetSystemDefaultLCID
GetShortPathNameA
LocalFree
LocalAlloc
ReleaseMutex
GetSystemTimeAsFileTime
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
FlushInstructionCache
LoadResource
QueryPerformanceCounter
ExitProcess
lstrcatA
lstrcpyA

user32

CreatePopupMenu
UpdateWindow
SetWindowPos
ClientToScreen
SetTimer
KillTimer
TrackPopupMenuEx
SetMenuDefaultItem
DestroyMenu
ReleaseDC
BeginPaint
EndPaint
SetRect
IsWindowVisible
NotifyWinEvent
TrackMouseEvent
ChildWindowFromPointEx
IsDlgButtonChecked
CheckDlgButton
GetSystemMetrics
ShowWindow
SetRectEmpty
GetClientRect
GetMessagePos
GetCapture
SetCapture
ReleaseCapture
SetFocus
PtInRect
GetWindowDC
FillRect
GetDesktopWindow
InvalidateRgn
RedrawWindow
GetDlgItem
GetWindow
GetFocus
IsChild
GetDC
GetSysColor
DestroyAcceleratorTable
EndDialog
GetCursor
SetCursor
ScreenToClient
InvalidateRect
DestroyWindow
IsWindow
GetParent
DestroyIcon
DrawEdge
GetSysColorBrush
OffsetRect
CheckMenuRadioItem
GetKeyState
ChangeClipboardChain
SetClipboardViewer
IsWindowEnabled
GetActiveWindow
InflateRect
IntersectRect
SetWindowContextHelpId
MapDialogRect
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetWindowRect
EnumChildWindows
CopyRect
MapWindowPoints
TranslateMessage
PostQuitMessage

advapi32

CryptCreateHash
CryptHashData
CryptDeriveKey
CryptSetKeyParam
CryptDestroyKey
CryptDestroyHash
CryptAcquireContextA
CryptEncrypt
CryptReleaseContext
CryptDecrypt
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

gdi32

SelectObject
CreatePatternBrush
CreateBitmap
PatBlt
GetStockObject
GetDeviceCaps
BitBlt
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
SetBkColor
DeleteDC
StretchDIBits
SetStretchBltMode
SetDIBitsToDevice
Rectangle
CreatePen
GetObjectA
SetBrushOrgEx
UnrealizeObject
SetTextColor
SelectPalette
RealizePalette
DeleteObject
StretchBlt
CreateDIBPatternBrushPt
SetBkMode

ole32

CoTaskMemAlloc
OleLockRunning
CreateStreamOnHGlobal
OleIsCurrentClipboard
ReleaseStgMedium
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
OleSetClipboard
OleGetClipboard
DoDragDrop
CoTaskMemRealloc
CoTaskMemFree
OleInitialize
OleUninitialize
StgOpenStorage
StgIsStorageFile
RevokeDragDrop
RegisterDragDrop
CoUninitialize
CoCreateInstance
CoInitialize
CoCreateGuid
StgCreateDocfile
StringFromGUID2

oleaut32

SysFreeString
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
VarBstrCat
VarUI4FromStr
VarBstrCmp
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
SysStringLen
SysAllocString
VariantCopy
VariantInit
RegisterTypeLi
UnRegisterTypeLi
VarFormatDateTime
SystemTimeToVariantTime
LoadTypeLi

gdiplus

GdipSetLineBlend
GdipDrawString
GdipSetStringFormatHotkeyPrefix
GdipFillPolygonI
GdipDrawLineI
GdipCreateLineBrush
GdipSetStringFormatLineAlign
GdipSetSmoothingMode
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetPageUnit
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipDrawImageRectRectI
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipFillRectangleI
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCloneBitmapAreaI
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipCreateFromHDC
GdipCreateBitmapFromResource
GdipCreateHBITMAPFromBitmap
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipImageRotateFlip
GdipGetImageRawFormat
GdipFree
GdipCloneImage
GdipAlloc
GdipDisposeImage
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipSaveImageToStream
GdipDrawImageRectI
GdipGraphicsClear
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipCreateBitmapFromGdiDib
GdipDeleteGraphics
GdiplusShutdown
GdiplusStartup
GdipGetImageHeight
GdipGetImageWidth
GdipSaveImageToFile
GdipGetPageUnit
GdipReleaseDC
GdipGetDC
GdipDrawLinesI
GdipCreateFromHWND
GdipDrawPath
GdipCreatePen1
GdipGetSmoothingMode
GdipFillPath
GdipSetRenderingOrigin
GdipStringFormatGetGenericTypographic
GdipCreatePath
GdipDeletePath
GdipAddPathArcI
GdipAddPathLineI
GdipClosePathFigure
GdipMeasureString
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipCreateHalftonePalette
GdipCreateBitmapFromGraphics
GdipTranslateWorldTransform
GdipDrawImageI
GdipCreateHatchBrush
GdipCreatePen2
GdipDeletePen
GdipSetPenMode
GdipDrawRectangleI
GdipSetLineSigmaBlend

shlwapi

PathRemoveBackslashW
PathRemoveFileSpecW
StrCmpW
StrCmpIW
UrlCanonicalizeW
StrCmpNW
PathAppendW
PathFileExistsW
PathFindExtensionW
PathRenameExtensionW
PathIsRelativeW
PathAddBackslashW
StrRetToStrW

comctl32

ImageList_SetIconSize
ImageList_Destroy
ImageList_AddMasked
ImageList_Create
ImageList_DrawEx
ImageList_GetIconSize
ImageList_LoadImageW

pibase

?Delete@BasePrivate@@YAXPAX@Z
?New@BasePrivate@@YAPAXI_N@Z
?GetBaseStringManager@String@Base@@SAAAVCAtlStringMgr@ATL@@XZ
?AtlThrow@ATL@@YAXJ@Z
??1Exception@Base@@QAE@XZ
??0Exception@Base@@QAE@ABV01@@Z
??0Exception@Base@@QAE@XZ
?DoesProcessorMeetRequirements@CPU@Base@@SA_NABTCPUCaps@2@K@Z
??0Exception@Base@@QAE@J@Z
?Initialize@Base@@YGXXZ
?OutputDebugInfo@Exception@Base@@UBEXXZ
?s_previousPath@TempFile@Base@@0VPath@2@A
?s_criticalSection@TempFile@Base@@0VCriticalSection@2@A
?LoadUnicowsProc@BasePrivate@@YAPAUHINSTANCE__@@PBD@Z
?GdiplusStatusToHresult@Base@@YAJH@Z

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

crypt32

CryptProtectData
CryptUnprotectData

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.sdata
Size: 1024B - Virtual size: 602B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 352KB - Virtual size: 351KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
piorgres.dll
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 238KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pisync.dll
.dll windows:5 windows x86 arch:x86

9575b7b13a57bcca6b2f2aadb75d273b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\photos-v9\target\retail\i386\pisync.pdb

Imports

msvcr71

isalpha
_wmakepath
strstr
iswalpha
wcstol
__CxxFrameHandler
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
__CppXcptFilter
_adjust_fdiv
_initterm
rand
srand
wcscpy
vswprintf
_vscwprintf
wcsstr
_wcsicmp
_wtol
wcsrchr
wcschr
wcscmp
_wtoi
realloc
malloc
_CxxThrowException
memmove
wcslen
__security_error_handler
_ltow
_purecall
memset
strncpy
wcsncpy
free

kernel32

CreateMutexA
GetLastError
CloseHandle
GetSystemTime
SystemTimeToFileTime
DisableThreadLibraryCalls
LockResource
GetCurrentProcess
FlushInstructionCache
GetProcessHeap
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
InterlockedIncrement
LocalFree
FreeLibrary
SizeofResource
LoadResource
EnterCriticalSection
HeapFree
GlobalAlloc
GlobalLock
DeleteCriticalSection
GlobalFree
ReadFile
WriteFile
SetFilePointer
SetEndOfFile
GetFileSize
GetLocalTime
GetTickCount
CompareFileTime
FindClose
CompareStringA
GetModuleHandleA
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
LoadLibraryA
SetLastError
LocalAlloc
GetUserDefaultLCID
GetSystemDefaultLCID
ReleaseMutex
SetEvent
GetSystemTimeAsFileTime
WaitForSingleObject
GlobalHandle
GetThreadLocale
InterlockedExchange
RaiseException
GetACP
InitializeCriticalSection
GetLocaleInfoA
ExitProcess
QueryPerformanceCounter
GetCurrentProcessId
GlobalUnlock
lstrlenA
MulDiv
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
InterlockedDecrement

user32

MapWindowPoints
GetClientRect
GetWindow
SetTimer
ShowWindow
SetFocus
UpdateWindow
IsWindow
GetActiveWindow
EndDialog
GetWindowRect
SetWindowPos
GetDlgItem
GetFocus
SetCursor
DestroyWindow
DrawFocusRect
InvalidateRect
GetParent
IsWindowEnabled
GetSysColor
InflateRect
GetMessageTime
GetMessagePos
GetCursorPos
GetMenu
ScreenToClient
BeginPaint
EndPaint
GetDC
ReleaseDC
InvalidateRgn
RedrawWindow
SetCapture
CheckDlgButton
IsDlgButtonChecked
IsChild
SetWindowContextHelpId
DestroyAcceleratorTable
FillRect
GetDesktopWindow
ReleaseCapture
GetCursor
MapDialogRect
IsWindowVisible

advapi32

CryptSetKeyParam
StartServiceW
RegQueryValueExA
CryptDestroyKey
CryptDestroyHash
CryptAcquireContextA
CryptEncrypt
CryptReleaseContext
CryptDecrypt
CryptDeriveKey
CryptHashData
CryptCreateHash
RegOpenKeyExA
RegCloseKey
OpenSCManagerW
QueryServiceStatus
OpenServiceW
CloseServiceHandle

gdi32

SetBkColor
DeleteObject
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
DeleteDC
GetStockObject
CreateSolidBrush
SetTextColor
GetDeviceCaps

ole32

StringFromGUID2
OleLockRunning
OleInitialize
OleUninitialize
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CoFreeLibrary
CoRevokeClassObject
CoRegisterClassObject
CoLoadLibrary
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoGetClassObject

oleaut32

VariantTimeToSystemTime
SysAllocString
SysAllocStringLen
VarUI4FromStr
VariantInit
OleCreateFontIndirect
VariantClear
SysStringByteLen
SysAllocStringByteLen
SysStringLen
LoadRegTypeLi
LoadTypeLi
VarBstrCat
SysFreeString

gdiplus

GdipGetImageWidth
GdipFree
GdipCloneImage
GdipFillRectangleI
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipDeleteFont
GdipReleaseDC
GdipGetDC
GdiplusStartup
GdiplusShutdown
GdipCreateFromHDC
GdipDeleteGraphics
GdipCreateBitmapFromResource
GdipDisposeImage
GdipDrawImageRectI
GdipGetImageHeight
GdipAlloc

shlwapi

PathIsDirectoryW
PathCanonicalizeW
PathIsRelativeW
StrCmpIW
StrCmpNW
UrlCanonicalizeW
PathFindExtensionW
StrCmpW
PathRemoveBackslashW
PathFileExistsW
PathAddBackslashW

comctl32

PropertySheetW
InitCommonControlsEx

pibase

?Delete@BasePrivate@@YAXPAX@Z
?New@BasePrivate@@YAPAXI_N@Z
?LoadUnicowsProc@BasePrivate@@YAPAUHINSTANCE__@@PBD@Z
?Initialize@Base@@YGXXZ
??0Exception@Base@@QAE@ABV01@@Z
??1Exception@Base@@QAE@XZ
??0Exception@Base@@QAE@J@Z
?GetBaseStringManager@String@Base@@SAAAVCAtlStringMgr@ATL@@XZ
?AtlThrow@ATL@@YAXJ@Z
??0Exception@Base@@QAE@XZ

crypt32

CryptProtectData
CryptUnprotectData

Exports

Exports

?GetPhotoShowModified@@YGJPA_N@Z
DllCanUnloadNow
DoSync
GetDuration
GetInstallPathA
GetInstallPathW
GetShowDashboard
GetShuffle
GetSyncPathA
GetSyncPathW
ShowSettingsDialog
SlideshowInitialize

Sections

.sdata
Size: 1024B - Virtual size: 602B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pisynctw.exe
.exe windows:5 windows x86 arch:x86

c7dd1a2ec7eaf06dd125cf1aa1fceed0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\photos-v9\target\retail\i386\pisynctw.pdb

Imports

msvcr71

_XcptFilter
_ismbblead
_cexit
exit
_acmdln
_amsg_exit
__getmainargs
_initterm
_exit
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
__dllonexit
_onexit
_controlfp
_c_exit
__setusermatherr
_mbsstr

kernel32

GetModuleHandleA
GetStartupInfoA

ole32

CoUninitialize
CoInitialize

pisync

DoSync
ShowSettingsDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
piview.dll
.dll regsvr32 windows:5 windows x86 arch:x86

9c319a3ef57a2d25ef6cd2046a069440

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\photos-v9\target\retail\i386\piview.pdb

Imports

msvcr71

_CIpow
_CxxThrowException
??1type_info@@UAE@XZ
__CxxFrameHandler
_itow
towlower
wcschr
memset
__security_error_handler
ceil
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
__CppXcptFilter
_adjust_fdiv
_initterm
floor
_wtoi
rand
srand
wcscmp
_wcsicmp
wcsstr
wcscpy
_beginthreadex
vswprintf
_vscwprintf
memmove
wcslen
_purecall
realloc
wcsncpy
malloc
free

kernel32

GetACP
RaiseException
InterlockedExchange
GetThreadLocale
DeleteCriticalSection
GetCurrentProcess
FlushInstructionCache
HeapAlloc
FreeLibrary
SizeofResource
LoadResource
MulDiv
InterlockedIncrement
InterlockedDecrement
DisableThreadLibraryCalls
GetLastError
HeapReAlloc
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
LockResource
HeapFree
GetTickCount
GetExitCodeThread
TerminateThread
Sleep
CloseHandle
WaitForSingleObject
InitializeCriticalSection
QueryPerformanceCounter
lstrcpynA
FindClose
GetSystemTime
SystemTimeToFileTime
SetFileTime
GetFileSize
LocalFree
GetCurrentProcessId
ReadFile
WriteFile
SetFilePointer
SetEndOfFile
CompareStringA
GetModuleHandleA
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
LoadLibraryA
SetLastError
HeapSize
GlobalMemoryStatus
ExitProcess
HeapDestroy
QueryPerformanceFrequency
GetSystemTimeAsFileTime
GetLocaleInfoA
GetProcessHeap

user32

EnumDisplayDevicesA
SetTimer
MoveWindow
SetWindowPos
GetSysColor
GetDesktopWindow
MapWindowPoints
GetMessagePos
DestroyWindow
IsChild
GetFocus
GetParent
SetFocus
ShowWindow
PostQuitMessage
LoadStringA
MessageBeep
IsWindow
ReleaseDC
RedrawWindow
InflateRect
EnumDisplaySettingsA
GetMessageTime
SetMenuDefaultItem
ClientToScreen
KillTimer
IsZoomed
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetAncestor
SetMenu
GetCursorPos
PtInRect
SetRect
IsWindowEnabled
NotifyWinEvent
TrackMouseEvent
FillRect
GetSysColorBrush
GetDC
InvalidateRect
BeginPaint
GetClientRect
EndPaint
GetKeyState
GetSystemMetrics
GetWindowPlacement
GetWindowRect
SystemParametersInfoA
OffsetRect
TranslateMessage
GetDoubleClickTime
TrackPopupMenuEx
CreatePopupMenu
DestroyMenu
UpdateWindow
SetCapture
ReleaseCapture
SetCursor
GetMenuItemCount
RemoveMenu
DestroyCursor
ShowScrollBar
SetScrollInfo
GetCapture
GetScrollInfo
IsWindowVisible

advapi32

RegCloseKey

gdi32

GetDeviceCaps
LPtoDP
SetMapMode
SetViewportOrgEx
DeleteDC
RestoreDC
CreateCompatibleDC
SelectObject
DeleteObject
GetStockObject
SetBkColor
SetTextColor
SetWindowOrgEx
SaveDC
SetTextAlign
GetObjectA
SelectPalette
RealizePalette

ole32

CreateOleAdviseHolder
CoCreateInstance
OleRegEnumVerbs
OleRegGetUserType
OleRegGetMiscStatus
CoInitialize
CoUninitialize
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CoTaskMemFree

oleaut32

SysStringByteLen
SysAllocStringByteLen
VariantCopy
VarUI4FromStr
VariantInit
VariantClear
OleCreatePropertyFrame
RegisterTypeLi
UnRegisterTypeLi
SysAllocString
SysFreeString
SysStringLen
SysAllocStringLen
LoadTypeLi
LoadRegTypeLi

gdiplus

GdipSetStringFormatLineAlign
GdipDrawImageI
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipSaveImageToFile
GdipDrawImagePointRectI
GdipCreateFromHWND
GdipCreateHBITMAPFromBitmap
GdiplusShutdown
GdiplusStartup
GdipDrawImageRectRectI
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDrawLineI
GdipDrawString
GdipDeleteStringFormat
GdipCreateStringFormat
GdipMeasureString
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipCreateTexture
GdipCreatePen2
GdipCreateHatchBrush
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromGraphics
GdipCreateHalftonePalette
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromResource
GdipCreateFromHDC
GdipDrawRectangleI
GdipGetImageHeight
GdipDrawImageRectI
GdipSetWorldTransform
GdipTranslateWorldTransform
GdipGetWorldTransform
GdipDeleteMatrix
GdipCreateMatrix
GdipFillRectangleI
GdipSetInterpolationMode
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipGetImageWidth
GdipSetPenDashStyle
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipAlloc
GdipDeleteFont
GdipFree
GdipDeletePen
GdipClosePathFigure
GdipAddPathLineI
GdipAddPathArcI
GdipCreatePath
GdipSetRenderingOrigin
GdipGetDC
GdipReleaseDC
GdipGetPageUnit
GdipSetPageUnit
GdipGetSmoothingMode
GdipSetSmoothingMode
GdipCloneStringFormat
GdipStringFormatGetGenericTypographic
GdipSetStringFormatHotkeyPrefix
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipCreateLineBrush
GdipSetLineSigmaBlend
GdipFillPath
GdipSetPenMode
GdipDrawPath
GdipDeletePath
GdipSetLineBlend
GdipFillPolygonI
GdipDrawLinesI
GdipSetStringFormatAlign

shlwapi

PathCanonicalizeW
PathIsRelativeW
PathRemoveFileSpecW
PathFileExistsW
PathIsDirectoryW
PathAddBackslashW
PathFindExtensionW

comctl32

ImageList_LoadImageW
ImageList_Destroy
InitCommonControlsEx

oleacc

AccessibleObjectFromWindow
LresultFromObject

imm32

ImmAssociateContext

msimg32

AlphaBlend

pibase

??1Exception@Base@@QAE@XZ
??0Exception@Base@@QAE@ABV01@@Z
?Initialize@Base@@YGXXZ
?GetBaseStringManager@String@Base@@SAAAVCAtlStringMgr@ATL@@XZ
?AtlThrow@ATL@@YAXJ@Z
?LoadUnicowsProc@BasePrivate@@YAPAUHINSTANCE__@@PBD@Z
?New@BasePrivate@@YAPAXI_N@Z
?Delete@BasePrivate@@YAXPAX@Z
??0Exception@Base@@QAE@XZ
?DoesProcessorMeetRequirements@CPU@Base@@SA_NABTCPUCaps@2@K@Z
??0Exception@Base@@QAE@J@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
prgemp.gif
.gif
prggrn.gif
.gif
slides~1.js
.js
slides~1.xml
splash.gif
.gif
startup.js
.js
unicows.dll
.dll windows:6 windows x86 arch:x86

785d5607ed2f18f4ea0be5809350b169

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12-05-1997 00:00

Not After

07-01-2004 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28-02-2001 00:00

Not After

06-01-2004 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-12-2000 08:00

Not After

12-11-2005 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:07:11:43:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-05-2002 00:55

Not After

25-11-2003 01:05

Subject

CN=Microsoft Corporation,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

unicows.pdb

Imports

kernel32

GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetDriveTypeA
GetDriveTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetEnvironmentVariableW
FindClose
IsDBCSLeadByte
GetFullPathNameA
GetFullPathNameW
GetLocaleInfoW
GetLogicalDriveStringsA
GetLogicalDriveStringsW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
GetNamedPipeHandleStateA
GetNamedPipeHandleStateW
GetNumberFormatA
GetNumberFormatW
GetPrivateProfileIntA
GetPrivateProfileIntW
GetPrivateProfileSectionA
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesA
GetPrivateProfileSectionNamesW
GetPrivateProfileStringA
GetPrivateProfileStringW
GetPrivateProfileStructA
GetPrivateProfileStructW
GetProfileIntA
GetProfileIntW
GetProfileSectionA
GetProfileSectionW
GetProfileStringA
GetProfileStringW
GetShortPathNameA
GetShortPathNameW
GetStartupInfoA
GetStartupInfoW
GetStringTypeExA
GetStringTypeExW
GetSystemDirectoryA
GetSystemDirectoryW
GetTempFileNameW
GetTempPathW
GetTimeFormatA
GetTimeFormatW
GetVersionExA
GetVersionExW
GetVolumeInformationA
GetVolumeInformationW
GetWindowsDirectoryA
GetWindowsDirectoryW
GlobalAddAtomW
GlobalFindAtomA
GlobalFindAtomW
GlobalGetAtomNameA
GlobalGetAtomNameW
IsBadStringPtrW
IsValidCodePage
LCMapStringA
LCMapStringW
LoadLibraryW
LoadLibraryExW
lstrcatW
lstrcmpW
lstrcmpiW
lstrcpyW
lstrcpynW
MoveFileW
OpenEventA
OpenEventW
GetDefaultCommConfigW
OpenFileMappingW
OpenMutexA
OpenMutexW
OpenSemaphoreA
OpenSemaphoreW
OutputDebugStringA
OutputDebugStringW
PeekConsoleInputA
PeekConsoleInputW
QueryDosDeviceA
QueryDosDeviceW
ReadConsoleA
ReadConsoleW
ReadConsoleInputA
ReadConsoleInputW
ReadConsoleOutputA
ReadConsoleOutputW
ReadConsoleOutputCharacterA
ReadConsoleOutputCharacterW
RemoveDirectoryA
RemoveDirectoryW
ScrollConsoleScreenBufferA
ScrollConsoleScreenBufferW
SearchPathA
SearchPathW
SetComputerNameA
SetComputerNameW
SetConsoleTitleA
SetConsoleTitleW
SetCurrentDirectoryA
SetCurrentDirectoryW
SetDefaultCommConfigA
SetDefaultCommConfigW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetFileAttributesA
SetFileAttributesW
SetLocaleInfoA
SetLocaleInfoW
SetVolumeLabelA
SetVolumeLabelW
VerLanguageNameA
VerLanguageNameW
WaitNamedPipeA
WaitNamedPipeW
WriteConsoleA
WriteConsoleW
WriteConsoleInputA
WriteConsoleInputW
WriteConsoleOutputA
WriteConsoleOutputW
WriteConsoleOutputCharacterA
WriteConsoleOutputCharacterW
WritePrivateProfileSectionA
WritePrivateProfileSectionW
WritePrivateProfileStringA
WritePrivateProfileStringW
WritePrivateProfileStructA
WritePrivateProfileStructW
WriteProfileSectionA
WriteProfileSectionW
WriteProfileStringA
WriteProfileStringW
FindResourceA
lstrcpyA
IsBadWritePtr
SetErrorMode
GetStringTypeW
FindResourceW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
GetDefaultCommConfigA
GetDateFormatW
GetDateFormatA
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrencyFormatW
GetCurrencyFormatA
GetConsoleTitleW
GetConsoleTitleA
GetComputerNameW
GetComputerNameA
GetAtomNameW
GetAtomNameA
FormatMessageW
FormatMessageA
LocalFree
HeapReAlloc
LocalAlloc
FreeEnvironmentStringsW
FindNextFileW
FindNextFileA
FindFirstFileW
FindFirstFileA
FindFirstChangeNotificationW
FindFirstChangeNotificationA
FindAtomW
FindAtomA
FillConsoleOutputCharacterW
FillConsoleOutputCharacterA
FatalAppExitW
FatalAppExitA
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
EnumTimeFormatsW
EnumTimeFormatsA
EnumSystemLocalesW
EnumSystemLocalesA
EnumSystemCodePagesW
EnumDateFormatsW
EnumDateFormatsA
EnumCalendarInfoW
EnumCalendarInfoA
DeleteFileW
CreateSemaphoreW
CreateSemaphoreA
CreateProcessW
CreateProcessA
CreateNamedPipeW
CreateNamedPipeA
CreateMutexW
CreateMutexA
CreateMailslotW
CreateMailslotA
CreateFileMappingW
CreateFileMappingA
CreateFileW
CreateEventW
CreateEventA
CreateDirectoryExW
CreateDirectoryExA
CreateDirectoryW
CreateDirectoryA
CopyFileW
CopyFileA
CompareStringW
CommConfigDialogW
CommConfigDialogA
CallNamedPipeW
CallNamedPipeA
BuildCommDCBAndTimeoutsW
BuildCommDCBAndTimeoutsA
BuildCommDCBW
BuildCommDCBA
AddAtomW
AddAtomA
InitializeCriticalSection
GetACP
GetOEMCP
DeleteCriticalSection
GetFileAttributesA
LoadLibraryExA
EnumResourceTypesW
EnumResourceNamesW
EnumResourceLanguagesW
lstrlenW
FindResourceExW
SizeofResource
LoadResource
LockResource
FreeResource
GetTempFileNameA
GetTempPathA
DeleteFileA
MoveFileA
_lclose
_lread
_lwrite
_llseek
VirtualQuery
GetSystemInfo
VirtualFree
VirtualAlloc
VirtualProtect
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
GetCurrentProcessId
EnterCriticalSection
LeaveCriticalSection
CompareStringA
GlobalAddAtomA
AreFileApisANSI
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
GetCurrentThreadId
lstrcmpA
WideCharToMultiByte
lstrcmpiA
GetLocaleInfoA
CreateFileA
GetFileSize
CloseHandle
IsDBCSLeadByteEx
LoadLibraryA
InterlockedExchange
FreeLibrary
GetModuleHandleA
GetProcAddress
GetCPInfo
GetVersion
GetFileAttributesW
GetLastError
lstrlenA
GetProcessHeap
HeapAlloc
SetLastError
MultiByteToWideChar
OpenFileMappingA
HeapFree
RtlUnwind

user32

SystemParametersInfoW
TranslateAcceleratorW
TabbedTextOutA
TabbedTextOutW
UnregisterClassA
UnregisterClassW
VkKeyScanExA
VkKeyScanExW
WinHelpA
WinHelpW
wvsprintfW
EnumClipboardFormats
GetClipboardData
VkKeyScanW
wsprintfW
IsCharLowerW
IsCharAlphaNumericW
IsCharAlphaW
InsertMenuItemW
InsertMenuItemA
InsertMenuW
InsertMenuA
GrayStringW
GrayStringA
GetWindowTextLengthW
GetWindowTextLengthA
GetWindowTextW
GetWindowTextA
GetWindowLongW
GetTabbedTextExtentW
GetTabbedTextExtentA
GetPropW
GetMessageW
GetMenuStringW
GetMenuStringA
GetMenuItemInfoW
GetMenuItemInfoA
GetKeyNameTextW
GetKeyboardLayout
GetKeyNameTextA
GetKeyboardLayoutNameW
GetKeyboardLayoutNameA
GetDlgItemTextW
GetDlgItemTextA
GetClipboardFormatNameW
GetClipboardFormatNameA
GetClassNameW
GetClassLongW
GetClassLongA
GetClassInfoExW
GetClassInfoExA
GetClassInfoW
GetClassInfoA
FindWindowExW
FindWindowExA
FindWindowW
FindWindowA
EnableWindow
EnumPropsExW
EnumPropsExA
EnumPropsW
EnumPropsA
EnumDisplaySettingsW
EnumDisplaySettingsA
DrawTextExW
DrawTextExA
DrawTextW
DrawTextA
DrawStateW
DrawStateA
DlgDirSelectExW
DlgDirSelectExA
DlgDirSelectComboBoxExW
DlgDirSelectComboBoxExA
DlgDirListComboBoxW
DlgDirListComboBoxA
DlgDirListW
SystemParametersInfoA
DispatchMessageW
DialogBoxParamW
DialogBoxParamA
DialogBoxIndirectParamW
DialogBoxIndirectParamA
DefMDIChildProcW
DefFrameProcW
DefDlgProcW
DdeQueryStringW
DdeQueryStringA
DdeQueryConvInfo
DdeInitializeW
DdeInitializeA
DdeCreateStringHandleW
DdeCreateStringHandleA
DdeConnectList
DdeConnect
CharUpperBuffW
CharUpperW
CharToOemBuffW
CharToOemW
CharPrevW
CharNextW
CharLowerBuffW
CharLowerW
ChangeMenuW
SetWindowTextW
SetWindowTextA
SetWindowsHookExW
SetWindowsHookW
SetWindowsHookA
SetWindowLongW
SetPropW
SetMenuItemInfoW
SetMenuItemInfoA
SetDlgItemTextW
SetDlgItemTextA
SetClassLongW
SetClassLongA
SendNotifyMessageW
SendMessageTimeoutW
SendMessageCallbackW
SendMessageW
SendDlgItemMessageW
RemovePropW
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClipboardFormatA
RegisterClassExW
RegisterClassExA
RegisterClassW
RegisterClassA
PostThreadMessageW
PostMessageW
PeekMessageW
OemToCharBuffW
OemToCharW
ModifyMenuW
ModifyMenuA
MessageBoxIndirectW
MessageBoxIndirectA
MessageBoxExW
MessageBoxW
MapVirtualKeyExW
MapVirtualKeyExA
ChangeMenuA
ChangeDisplaySettingsW
ChangeDisplaySettingsA
CreateWindowExW
CreateWindowExA
CreateMDIWindowW
CreateMDIWindowA
CreateDialogParamW
CreateDialogParamA
CreateDialogIndirectParamW
CreateDialogIndirectParamA
CreateAcceleratorTableW
CreateAcceleratorTableA
CopyAcceleratorTableW
CopyAcceleratorTableA
CallWindowProcW
CallMsgFilterW
CallMsgFilterA
AppendMenuW
AppendMenuA
GetWindowThreadProcessId
SetWindowLongA
TranslateAcceleratorA
IsDialogMessageA
DispatchMessageA
PeekMessageA
GetMessageA
PostThreadMessageA
PostMessageA
SendNotifyMessageA
SendMessageTimeoutA
SendMessageCallbackA
SendMessageA
DefWindowProcA
CallWindowProcA
DefMDIChildProcA
DefFrameProcA
DefDlgProcA
GetWindowLongA
GetParent
GetDlgItem
SetPropA
RemovePropA
GetPropA
IsDlgButtonChecked
GetClassNameA
CharLowerA
CharUpperA
UnhookWindowsHookEx
SetWindowsHookExA
MapVirtualKeyW
CallNextHookEx
MapVirtualKeyA
LoadStringW
LoadMenuIndirectW
LoadMenuIndirectA
EnumChildWindows
RegisterWindowMessageA
LoadMenuW
LoadMenuA
LoadKeyboardLayoutW
LoadKeyboardLayoutA
LoadImageW
LoadImageA
LoadIconW
LoadIconA
LoadCursorFromFileW
LoadCursorFromFileA
LoadCursorW
LoadCursorA
LoadBitmapW
LoadBitmapA
LoadAcceleratorsW
LoadAcceleratorsA
IsWindowUnicode
IsWindow
IsDialogMessageW
DlgDirListA
IsClipboardFormatAvailable
IsCharUpperW

gdi32

GetEnhMetaFileDescriptionW
GetGlyphOutlineA
GetGlyphOutlineW
GetICMProfileA
GetICMProfileW
GetKerningPairsA
GetKerningPairsW
GetLogColorSpaceA
GetLogColorSpaceW
GetMetaFileA
GetMetaFileW
GetObjectA
GetObjectType
GetObjectW
GetOutlineTextMetricsA
GetOutlineTextMetricsW
GetTextExtentExPointA
GetTextExtentExPointW
GetTextExtentPointA
GetEnhMetaFileDescriptionA
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextFaceA
GetTextFaceW
GetTextMetricsA
GetTextMetricsW
PolyTextOutA
PolyTextOutW
RemoveFontResourceA
RemoveFontResourceW
ResetDCA
ResetDCW
SetICMProfileA
SetICMProfileW
StartDocA
StartDocW
TextOutW
UpdateICMRegKeyA
UpdateICMRegKeyW
GetEnhMetaFileW
GetEnhMetaFileA
GetCharacterPlacementW
GetCharacterPlacementA
GetCharWidthFloatW
GetCharWidthFloatA
GetCharWidth32W
GetCharWidthW
GetCharWidthA
GetCharABCWidthsFloatW
GetCharABCWidthsFloatA
GetCharABCWidthsW
GetCharABCWidthsA
ExtTextOutW
ExtTextOutA
EnumICMProfilesW
EnumICMProfilesA
EnumFontsW
EnumFontsA
EnumFontFamiliesExW
EnumFontFamiliesExA
EnumFontFamiliesW
EnumFontFamiliesA
CreateScalableFontResourceW
CreateScalableFontResourceA
CreateMetaFileW
CreateMetaFileA
CreateICW
CreateICA
CreateFontIndirectW
CreateFontIndirectA
CreateFontW
CreateFontA
CreateEnhMetaFileW
CreateEnhMetaFileA
CreateDCW
CreateDCA
CreateColorSpaceW
CreateColorSpaceA
CopyMetaFileW
CopyMetaFileA
CopyEnhMetaFileW
CopyEnhMetaFileA
AddFontResourceW
AddFontResourceA
GetFontData
GetTextExtentPointW
TranslateCharsetInfo
GetTextCharset

mpr

WNetGetUniversalNameW
MultinetGetConnectionPerformanceW
WNetAddConnectionA
WNetAddConnectionW
WNetAddConnection2A
WNetAddConnection2W
WNetAddConnection3A
WNetAddConnection3W
WNetCancelConnectionA
WNetCancelConnectionW
WNetCancelConnection2A
WNetCancelConnection2W
WNetConnectionDialog1A
WNetConnectionDialog1W
WNetDisconnectDialog1A
WNetDisconnectDialog1W
WNetEnumResourceA
WNetEnumResourceW
WNetGetConnectionA
WNetGetConnectionW
WNetGetLastErrorA
WNetGetLastErrorW
WNetGetNetworkInformationA
WNetGetNetworkInformationW
WNetGetProviderNameA
WNetUseConnectionW
WNetUseConnectionA
WNetOpenEnumW
WNetOpenEnumA
WNetGetUserW
WNetGetUserA
MultinetGetConnectionPerformanceA
WNetGetUniversalNameA
WNetGetResourceParentW
WNetGetResourceParentA
WNetGetResourceInformationW
WNetGetResourceInformationA
WNetGetProviderNameW

advapi32

RegOpenKeyA
RegEnumValueA
RegUnLoadKeyW
RegUnLoadKeyA
RegSetValueExW
RegSetValueExA
RegSetValueW
RegSetValueA
RegSaveKeyW
RegSaveKeyA
RegReplaceKeyW
RegReplaceKeyA
RegQueryValueExW
RegQueryValueExA
RegQueryValueW
RegQueryValueA
RegQueryMultipleValuesW
RegQueryMultipleValuesA
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyExW
RegOpenKeyW
RegCloseKey
RegLoadKeyW
RegLoadKeyA
RegEnumValueW
RegEnumKeyExW
RegEnumKeyExA
RegEnumKeyW
RegEnumKeyA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegCreateKeyExW
RegCreateKeyExA
RegCreateKeyW
RegCreateKeyA
RegConnectRegistryW
RegConnectRegistryA
IsTextUnicode
GetUserNameW
GetUserNameA
RegOpenKeyExA

comdlg32

GetOpenFileNameW
GetFileTitleW
GetFileTitleA
FindTextW
ChooseFontW
ChooseFontA
ChooseColorW
ChooseColorA
ReplaceTextW
FindTextA
ReplaceTextA
GetOpenFileNameA
GetSaveFileNameA
PageSetupDlgA
PageSetupDlgW
PrintDlgA
PrintDlgW
GetSaveFileNameW

version

VerQueryValueW
VerQueryValueA
VerInstallFileW
VerInstallFileA
VerFindFileW
VerFindFileA
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
GetFileVersionInfoW
GetFileVersionInfoA

shell32

SHGetPathFromIDListA
ord180
ord179
SHGetFileInfoA
SHFileOperationA
SHChangeNotify
SHBrowseForFolderA
Shell_NotifyIconA
ShellExecuteExA
ShellExecuteW
ShellExecuteA
ShellAboutW
ShellAboutA
FindExecutableW
FindExecutableA
ExtractIconExA
DragQueryFileA
DragQueryFileW
ExtractIconW
ExtractIconA

winspool.drv

GetPrinterW
GetPrinterDataW
GetPrinterDriverW
GetPrinterDriverDirectoryA
GetPrinterDriverDirectoryW
GetPrintProcessorDirectoryA
GetPrintProcessorDirectoryW
GetJobW
OpenPrinterW
ResetPrinterA
ResetPrinterW
SetJobA
SetJobW
SetPrinterA
SetPrinterW
SetPrinterDataA
SetPrinterDataW
StartDocPrinterA
EnumPrintProcessorsW
EnumPrintProcessorDatatypesW
EnumPrintersW
EnumPrinterDriversW
EnumPortsW
EnumMonitorsW
DocumentPropertiesW
DocumentPropertiesA
DeviceCapabilitiesW
DeviceCapabilitiesA
DeletePrintProvidorW
DeletePrintProvidorA
DeletePrintProcessorW
DeletePrintProcessorA
DeletePrinterDriverW
DeletePrinterDriverA
DeletePortW
DeletePortA
DeleteMonitorW
DeleteMonitorA
ConfigurePortW
ConfigurePortA
AdvancedDocumentPropertiesW
AdvancedDocumentPropertiesA
AddPrintProvidorW
AddPrintProvidorA
AddPrintProcessorW
AddPrintProcessorA
AddPrinterDriverW
AddPrinterDriverA
AddPrinterW
AddPrinterA
AddPortW
AddPortA
AddMonitorW
AddMonitorA
AddJobW
AddJobA
OpenPrinterA
StartDocPrinterW

oledlg

OleUIUpdateLinksW
OleUIPromptUserW
OleUIPasteSpecialW
OleUIObjectPropertiesW
OleUIInsertObjectW
OleUIEditLinksW
OleUIConvertW
OleUIChangeSourceW
OleUIChangeIconW
OleUIBusyW
ord8
OleUIAddVerbMenuW
ord1
ord6

winmm

waveOutGetErrorTextW
waveOutGetErrorTextA
waveOutGetDevCapsW
waveOutGetDevCapsA
waveInGetErrorTextW
mixerGetControlDetailsW
midiOutGetErrorTextW
midiOutGetErrorTextA
midiOutGetDevCapsW
midiOutGetDevCapsA
midiInGetErrorTextW
midiInGetDevCapsW
midiInGetDevCapsA
mciSendStringW
mciSendStringA
mciSendCommandW
mciGetErrorStringW
mciGetErrorStringA
midiInGetErrorTextA
mciGetDeviceIDW
mciGetDeviceIDA
joyGetDevCapsW
joyGetDevCapsA
auxGetDevCapsW
auxGetDevCapsA
PlaySoundW
PlaySoundA
mixerGetDevCapsW
mixerGetLineControlsW
mixerGetLineInfoW
mmioInstallIOProcW
mmioOpenA
mmioOpenW
mmioRenameA
mmioRenameW
mmioStringToFOURCCA
mmioStringToFOURCCW
sndPlaySoundA
sndPlaySoundW
waveInGetDevCapsA
waveInGetDevCapsW
waveInGetErrorTextA
mixerGetDevCapsA

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

msvfw32

MCIWndCreateW
MCIWndCreateA
GetSaveFileNamePreviewW
GetOpenFileNamePreviewW

imm32

ImmReleaseContext
ImmGetCompositionStringA
ImmGetContext
ImmGetCompositionStringW

Exports

Exports

AcquireCredentialsHandleW
AddAtomW
AddFontResourceW
AddJobW
AddMonitorW
AddPortW
AddPrintProcessorW
AddPrintProvidorW
AddPrinterDriverW
AddPrinterW
AdvancedDocumentPropertiesW
AppendMenuW
BeginUpdateResourceA
BeginUpdateResourceW
BroadcastSystemMessageW
BuildCommDCBAndTimeoutsW
BuildCommDCBW
CallMsgFilterW
CallNamedPipeW
CallWindowProcA
CallWindowProcW
ChangeDisplaySettingsExW
ChangeDisplaySettingsW
ChangeMenuW
CharLowerBuffW
CharLowerW
CharNextW
CharPrevW
CharToOemBuffW
CharToOemW
CharUpperBuffW
CharUpperW
ChooseColorW
ChooseFontW
CommConfigDialogW
CompareStringW
ConfigurePortW
CopyAcceleratorTableW
CopyEnhMetaFileW
CopyFileExW
CopyFileW
CopyMetaFileW
CreateAcceleratorTableW
CreateColorSpaceW
CreateDCW
CreateDialogIndirectParamW
CreateDialogParamW
CreateDirectoryExW
CreateDirectoryW
CreateEnhMetaFileW
CreateEventW
CreateFileMappingW
CreateFileW
CreateFontIndirectW
CreateFontW
CreateICW
CreateMDIWindowW
CreateMailslotW
CreateMetaFileW
CreateMutexW
CreateNamedPipeW
CreateProcessW
CreateScalableFontResourceW
CreateSemaphoreW
CreateStdAccessibleProxyW
CreateWaitableTimerW
CreateWindowExW
CryptAcquireContextW
CryptEnumProviderTypesW
CryptEnumProvidersW
CryptGetDefaultProviderW
CryptSetProviderExW
CryptSetProviderW
CryptSignHashW
CryptVerifySignatureW
DdeConnect
DdeConnectList
DdeCreateStringHandleW
DdeInitializeW
DdeQueryConvInfo
DdeQueryStringW
DefDlgProcW
DefFrameProcW
DefMDIChildProcW
DefWindowProcW
DeleteFileW
DeleteMonitorW
DeletePortW
DeletePrintProcessorW
DeletePrintProvidorW
DeletePrinterDriverW
DeviceCapabilitiesW
DialogBoxIndirectParamW
DialogBoxParamW
DispatchMessageW
DlgDirListComboBoxW
DlgDirListW
DlgDirSelectComboBoxExW
DlgDirSelectExW
DocumentPropertiesW
DragQueryFileW
DrawStateW
DrawTextExW
DrawTextW
EnableWindow
EndUpdateResourceA
EndUpdateResourceW
EnumCalendarInfoExW
EnumCalendarInfoW
EnumClipboardFormats
EnumDateFormatsExW
EnumDateFormatsW
EnumDisplayDevicesW
EnumDisplaySettingsExW
EnumDisplaySettingsW
EnumFontFamiliesExW
EnumFontFamiliesW
EnumFontsW
EnumICMProfilesW
EnumMonitorsW
EnumPortsW
EnumPrintProcessorDatatypesW
EnumPrintProcessorsW
EnumPrinterDriversW
EnumPrintersW
EnumPropsA
EnumPropsExA
EnumPropsExW
EnumPropsW
EnumSystemCodePagesW
EnumSystemLocalesW
EnumTimeFormatsW
EnumerateSecurityPackagesW
ExpandEnvironmentStringsW
ExtTextOutW
ExtractIconExW
ExtractIconW
FatalAppExitW
FillConsoleOutputCharacterW
FindAtomW
FindExecutableW
FindFirstChangeNotificationW
FindFirstFileW
FindNextFileW
FindResourceExW
FindResourceW
FindTextW
FindWindowExW
FindWindowW
FormatMessageW
FreeContextBuffer
FreeEnvironmentStringsW
GetAltTabInfoW
GetAtomNameW
GetCPInfo
GetCPInfoExW
GetCalendarInfoW
GetCharABCWidthsFloatW
GetCharABCWidthsW
GetCharWidth32W
GetCharWidthFloatW
GetCharWidthW
GetCharacterPlacementW
GetClassInfoExW
GetClassInfoW
GetClassLongW
GetClassNameW
GetClipboardData
GetClipboardFormatNameW
GetComputerNameW
GetConsoleTitleW
GetCurrencyFormatW
GetCurrentDirectoryW
GetCurrentHwProfileW
GetDateFormatW
GetDefaultCommConfigW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDlgItemTextW
GetDriveTypeW
GetEnhMetaFileDescriptionW
GetEnhMetaFileW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetFileAttributesExW
GetFileAttributesW
GetFileTitleW
GetFileVersionInfoSizeW
GetFileVersionInfoW
GetFullPathNameW
GetGlyphOutlineW
GetICMProfileW
GetJobW
GetKerningPairsW
GetKeyNameTextW
GetKeyboardLayoutNameW
GetLocaleInfoW
GetLogColorSpaceW
GetLogicalDriveStringsW
GetLongPathNameW
GetMenuItemInfoW
GetMenuStringW
GetMessageW
GetMetaFileW
GetModuleFileNameW
GetModuleHandleW
GetMonitorInfoW
GetNamedPipeHandleStateW
GetNumberFormatW
GetObjectW
GetOpenFileNamePreviewW
GetOpenFileNameW
GetOutlineTextMetricsW
GetPrintProcessorDirectoryW
GetPrinterDataW
GetPrinterDriverDirectoryW
GetPrinterDriverW
GetPrinterW
GetPrivateProfileIntW
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
GetPrivateProfileStringW
GetPrivateProfileStructW
GetProcAddress
GetProfileIntW
GetProfileSectionW
GetProfileStringW
GetPropA
GetPropW
GetRoleTextW
GetSaveFileNamePreviewW
GetSaveFileNameW
GetShortPathNameW
GetStartupInfoW
GetStateTextW
GetStringTypeExW
GetStringTypeW
GetSystemDirectoryW
GetSystemWindowsDirectoryW
GetTabbedTextExtentW
GetTempFileNameW
GetTempPathW
GetTextExtentExPointW
GetTextExtentPoint32W
GetTextExtentPointW
GetTextFaceW
GetTextMetricsW
GetTimeFormatW
GetUserNameW
GetVersionExW
GetVolumeInformationW
GetWindowLongA
GetWindowLongW
GetWindowModuleFileNameW
GetWindowTextLengthW
GetWindowTextW
GetWindowsDirectoryW
GlobalAddAtomW
GlobalFindAtomW
GlobalGetAtomNameW
GrayStringW
InitSecurityInterfaceW
InitializeSecurityContextW
InsertMenuItemW
InsertMenuW
IsBadStringPtrW
IsCharAlphaNumericW
IsCharAlphaW
IsCharLowerW
IsCharUpperW
IsClipboardFormatAvailable
IsDestinationReachableW
IsDialogMessageW
IsTextUnicode
IsValidCodePage
IsWindowUnicode
LCMapStringW
LoadAcceleratorsW
LoadBitmapW
LoadCursorFromFileW
LoadCursorW
LoadIconW
LoadImageW
LoadKeyboardLayoutW
LoadLibraryExW
LoadLibraryW
LoadMenuIndirectW
LoadMenuW
LoadStringW
MCIWndCreateW
MapVirtualKeyExW
MapVirtualKeyW
MessageBoxExW
MessageBoxIndirectW
MessageBoxW
ModifyMenuW
MoveFileW
MultiByteToWideChar
MultinetGetConnectionPerformanceW
OemToCharBuffW
OemToCharW
OleUIAddVerbMenuW
OleUIBusyW
OleUIChangeIconW
OleUIChangeSourceW
OleUIConvertW
OleUIEditLinksW
OleUIInsertObjectW
OleUIObjectPropertiesW
OleUIPasteSpecialW
OleUIPromptUserW
OleUIUpdateLinksW
OpenEventW
OpenFileMappingW
OpenMutexW
OpenPrinterW
OpenSemaphoreW
OpenWaitableTimerW
OutputDebugStringW
PageSetupDlgW
PeekConsoleInputW
PeekMessageW
PlaySoundW
PolyTextOutW
PostMessageW
PostThreadMessageW
PrintDlgW
QueryContextAttributesW
QueryCredentialsAttributesW
QueryDosDeviceW
QuerySecurityPackageInfoW
RasConnectionNotificationW
RasCreatePhonebookEntryW
RasDeleteEntryW
RasDeleteSubEntryW
RasDialW
RasEditPhonebookEntryW
RasEnumConnectionsW
RasEnumDevicesW
RasEnumEntriesW
RasGetConnectStatusW
RasGetEntryDialParamsW
RasGetEntryPropertiesW
RasGetErrorStringW
RasGetProjectionInfoW
RasHangUpW
RasRenameEntryW
RasSetEntryDialParamsW
RasSetEntryPropertiesW
RasSetSubEntryPropertiesW
RasValidateEntryNameW
ReadConsoleInputW
ReadConsoleOutputCharacterW
ReadConsoleOutputW
ReadConsoleW
RegConnectRegistryW
RegCreateKeyExW
RegCreateKeyW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumKeyW
RegEnumValueW
RegLoadKeyW
RegOpenKeyExW
RegOpenKeyW
RegQueryInfoKeyW
RegQueryMultipleValuesW
RegQueryValueExW
RegQueryValueW
RegReplaceKeyW
RegSaveKeyW
RegSetValueExW
RegSetValueW
RegUnLoadKeyW
RegisterClassExW
RegisterClassW
RegisterClipboardFormatW
RegisterDeviceNotificationW
RegisterWindowMessageW
RemoveDirectoryW
RemoveFontResourceW
RemovePropA
RemovePropW
ReplaceTextW
ResetDCW
ResetPrinterW
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHGetFileInfoW
SHGetNewLinkInfoW
SHGetPathFromIDListW
ScrollConsoleScreenBufferW
SearchPathW
SendDlgItemMessageW
SendMessageCallbackW
SendMessageTimeoutW
SendMessageW
SendNotifyMessageW
SetCalendarInfoW
SetClassLongW
SetComputerNameW
SetConsoleTitleW
SetCurrentDirectoryW
SetDefaultCommConfigW
SetDlgItemTextW
SetEnvironmentVariableW
SetFileAttributesW
SetICMProfileW
SetJobW
SetLocaleInfoW
SetMenuItemInfoW
SetPrinterDataW
SetPrinterW
SetPropA
SetPropW
SetVolumeLabelW
SetWindowLongA
SetWindowLongW
SetWindowTextW
SetWindowsHookExW
SetWindowsHookW
ShellAboutW
ShellExecuteExW
ShellExecuteW
Shell_NotifyIconW
StartDocPrinterW
StartDocW
SystemParametersInfoW
TabbedTextOutW
TextOutW
TranslateAcceleratorW
UnregisterClassW
UpdateICMRegKeyW
UpdateResourceA
UpdateResourceW
VerFindFileW
VerInstallFileW
VerLanguageNameW
VerQueryValueW
VkKeyScanExW
VkKeyScanW
WNetAddConnection2W
WNetAddConnection3W
WNetAddConnectionW
WNetCancelConnection2W
WNetCancelConnectionW
WNetConnectionDialog1W
WNetDisconnectDialog1W
WNetEnumResourceW
WNetGetConnectionW
WNetGetLastErrorW
WNetGetNetworkInformationW
WNetGetProviderNameW
WNetGetResourceInformationW
WNetGetResourceParentW
WNetGetUniversalNameW
WNetGetUserW
WNetOpenEnumW
WNetUseConnectionW
WaitNamedPipeW
WideCharToMultiByte
WinHelpW
WriteConsoleInputW
WriteConsoleOutputCharacterW
WriteConsoleOutputW
WriteConsoleW
WritePrivateProfileSectionW
WritePrivateProfileStringW
WritePrivateProfileStructW
WriteProfileSectionW
WriteProfileStringW
__FreeAllLibrariesInMsluDll
auxGetDevCapsW
capCreateCaptureWindowW
capGetDriverDescriptionW
joyGetDevCapsW
lstrcatW
lstrcmpW
lstrcmpiW
lstrcpyW
lstrcpynW
lstrlenW
mciGetDeviceIDW
mciGetErrorStringW
mciSendCommandW
mciSendStringW
midiInGetDevCapsW
midiInGetErrorTextW
midiOutGetDevCapsW
midiOutGetErrorTextW
mixerGetControlDetailsW
mixerGetDevCapsW
mixerGetLineControlsW
mixerGetLineInfoW
mmioInstallIOProcW
mmioOpenW
mmioRenameW
mmioStringToFOURCCW

Sections

.text
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
viewer.htm
.html .vbs polyglot

Sharing

General

Malware Config

Signatures

Files

6013d0b9fb6901d1d5e58a9ae7072103

Headers

DLL Characteristics

File Characteristics

Imports

psapi

version

kernel32

user32

advapi32

shell32

shlwapi

wininet

ws2_32

Sections

.text Size: 144KB - Virtual size: 143KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 2.5MB - Virtual size: 2.5MB

c654a5cf569ffb2b7d4ea4076125d5c7

Headers

File Characteristics

Imports

ntdll

user32

gdi32

kernel32

advapi32

ole32

version

Exports

Exports

Sections

.text Size: 73KB - Virtual size: 72KB

.data Size: 1KB - Virtual size: 52KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 5KB - Virtual size: 5KB

5f75d18fe563266a560ac1f72bd4cae2

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 512B - Virtual size: 400B

.rdata Size: 512B - Virtual size: 247B

.data Size: 512B - Virtual size: 173B

.idata Size: 512B - Virtual size: 320B

.rsrc Size: 1024B - Virtual size: 908B

.reloc Size: 512B - Virtual size: 92B

95d5d555032868a55dfb71899f3429a4

Headers

File Characteristics

PDB Paths

Imports

msvcr71

kernel32

advapi32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 212B

.rsrc Size: 1024B - Virtual size: 928B

.reloc Size: 1KB - Virtual size: 1KB

27c0cb43ce1328947820bbb6d57a276f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

.text
Size: 144KB - Virtual size: 143KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

.text
Size: 73KB - Virtual size: 72KB

.data
Size: 1KB - Virtual size: 52KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 512B - Virtual size: 400B

.rdata
Size: 512B - Virtual size: 247B

.data
Size: 512B - Virtual size: 173B

.idata
Size: 512B - Virtual size: 320B

.rsrc
Size: 1024B - Virtual size: 908B

.reloc
Size: 512B - Virtual size: 92B

.text
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 212B

.rsrc
Size: 1024B - Virtual size: 928B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 38KB - Virtual size: 38KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 49KB - Virtual size: 49KB

.text
Size: 228KB - Virtual size: 226KB

.rdata
Size: 68KB - Virtual size: 64KB

.data
Size: 24KB - Virtual size: 26KB

.rsrc
Size: 4KB - Virtual size: 952B

.reloc
Size: 12KB - Virtual size: 10KB

.text
Size: 36KB - Virtual size: 35KB

.data
Size: 1KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 51KB - Virtual size: 51KB

.data
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 18KB - Virtual size: 17KB

.reloc
Size: 6KB - Virtual size: 6KB