cobaltstrike | 46dc49be65d7165e2a6009854a4f27f0088230199e61e0555cb1bd266535874a

Sharing

Copy URL

Twitter E-mail

General

Target

46dc49be65d7165e2a6009854a4f27f0088230199e61e0555cb1bd266535874a
Size

148.2MB
MD5

875294d0dba88dbc80c33a5cbb110b41
SHA1

3727db2a114f7302be5d5a3ef212bc0922060346
SHA256

46dc49be65d7165e2a6009854a4f27f0088230199e61e0555cb1bd266535874a
SHA512

4482e49c33c076cbde30a4da9c7283ef9cc67ae3ae75d9217ea402c206f6fc82aa4ffe90b76ab18c79cda6a7c1e302c02abda6736d594df2b2db273d013e07ab
SSDEEP

3145728:w0nOB9p1TEOzCfe/rMucwDUsf/xv6i+BpJA2zDI5HWhLnYEiU53i9dFzH:w1AOzKqnqsf7+BXAigHW/RCH

Score

10^/10

upx aspackv2 0 1535648626 pyinstaller isfb rat vmprotect cobaltstrike qakbot limerat gozi warzonerat modiloader

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://www.google.com:443/__utm.gif

Attributes

access_type
512
beacon_type
2048
crypto_scheme
256
host
www.google.com,/__utm.gif
http_header1
AAAACQAAABJ1dG1hYz1VQS0yMjAyNjA0LTIAAAAJAAAAB3V0bWNuPTEAAAAJAAAAEHV0bWNzPUlTTy04ODU5LTEAAAAJAAAAD3V0bXNyPTEyODB4MTAyNAAAAAkAAAAMdXRtc2M9MzItYml0AAAACQAAAAt1dG11bD1lbi1VUwAAAAoAAAAoSG9zdDogdHJhbnNsYXRlc2VydmljZXVwZGF0ZS5hcHBzcG90LmNvbQAAAAcAAAAAAAAACAAAAAIAAAAGX191dG1hAAAABQAAAAV1dG1jYwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAAAgAAAAZVQS0yMjAAAAABAAAAAi0yAAAABQAAAAV1dG1hYwAAAAkAAAAHdXRtY249MQAAAAkAAAAQdXRtY3M9SVNPLTg4NTktMQAAAAkAAAAPdXRtc3I9MTI4MHgxMDI0AAAACQAAAAx1dG1zYz0zMi1iaXQAAAAJAAAAC3V0bXVsPWVuLVVTAAAACgAAAChIb3N0OiB0cmFuc2xhdGVzZXJ2aWNldXBkYXRlLmFwcHNwb3QuY29tAAAABwAAAAEAAAAEAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
60000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+xef42wyX1NAUR5Ukrnj2L8wg2GQ3+zg6SV5+gTlXxdgo8apUHH/mtKv7A+Fa5aReI1QBvVbMdkwq7A1YwJpBtFUBouokiqs8MjBWWrcftqQno/goPu3jDA1eHNyB8Hn+E4URKzRBBwQBduCA6fvUK83z/jAh062sZrZaFGE6dwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
6.71092736e+08
unknown2
AAAABAAAAAIAAAAPAAAAAgAAAA8AAAACAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/___utm.gif
user_agent
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)
watermark
0

Extracted

Family

qakbot

Version

322.368

Campaign

1535648626

Credentials

Protocol: ftp
Host:
37.60.244.211
Port:
21
Username:
[email protected]
Password:
4AsEzIaMwi2d

Protocol: ftp
Host:
198.38.77.162
Port:
21
Username:
[email protected]
Password:
kJm6DKVPfyiv

Protocol: ftp
Host:
61.221.12.26
Port:
21
Username:
[email protected]
Password:
346HZGCMlwecz9S

Protocol: ftp
Host:
67.222.137.18
Port:
21
Username:
[email protected]
Password:
p4a8k6fE1FtA3pR

Protocol: ftp
Host:
107.6.152.61
Port:
21
Username:
[email protected]
Password:
RoP4Af0RKAAQ74V

190.185.219.110:443

73.74.72.141:443

65.116.179.83:443

50.198.141.161:2078

70.183.154.153:995

68.49.120.179:443

70.94.109.57:443

24.45.54.50:2222

190.80.21.204:2222

216.201.159.118:443

74.88.210.56:995

75.189.235.216:443

47.48.236.98:2222

68.59.209.183:995

75.3.101.153:443

108.17.25.169:443

185.219.83.73:443

184.180.157.203:2222

207.178.109.161:443

174.48.72.160:443

Extracted

Family

limerat

Attributes

aes_key
12344321
antivm
false
c2_url
https://pastebin.com/raw/7m5Ddsgv
delay
3
download_payload
false
install
true
install_name
svchost.exe
main_folder
AppData
pin_spread
false
sub_folder
\system\
usb_spread
false

Extracted

Family

gozi

Extracted

Family

warzonerat

smartconnect.duckdns.org:39

Signatures

Cobalt Strike reflective loader 1 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
static1/unpack001/foo/2f215e008c6a7d8886c578e442b8f1b0	cobalt_reflective_dll

Cobaltstrike family
cobaltstrike
Gozi family
gozi
Limerat family
limerat

ModiLoader Second Stage 1 IoCs

resource	yara_rule
static1/unpack001/foo/dea515c25081073ec2cee293b2991ee1	modiloader_stage2

Modiloader family
modiloader
Qakbot family
qakbot

Warzone RAT payload 1 IoCs

rat

resource	yara_rule
static1/unpack001/foo/b7d5f0b9bf2e6e13c5b3ca1c2a0a8b4a	warzonerat

Warzonerat family
warzonerat

Detected Nirsoft tools 1 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

resource	yara_rule
static1/unpack001/foo/39555eb0403a69906729713ad20888ec	Nirsoft

NirSoft MailPassView 1 IoCs

Password recovery tool for various email clients

resource	yara_rule
static1/unpack001/foo/39555eb0403a69906729713ad20888ec	MailPassView

NirSoft WebBrowserPassView 1 IoCs

Password recovery tool for various web browsers

resource	yara_rule
static1/unpack001/foo/39555eb0403a69906729713ad20888ec	WebBrowserPassView

ASPack v2.12-2.42 2 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/foo/0becfedf4d0b9ad5251aca33274a4cf4	aspack_v212_v242
static1/unpack001/foo/4a74c9f378007412ec2c8b2eea6da4cf	aspack_v212_v242

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/foo/e61c0e180c2616fa81e6c4d581a9520e	vmprotect

AutoIT Executable 2 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack001/foo/27f9116902c35a9b784c703762bbd249	autoit_exe
static1/unpack001/foo/acf0b7f4fe980501192187bb9b8e20c4	autoit_exe

UPX packed file 11 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/foo/035fa2f2fae0a8fad733686a7d9ea772	upx
static1/unpack001/foo/07470b6ede84f02ec31ab0a601cdc068	upx
static1/unpack001/foo/4c49c2496ae538bcec9e1510f3eb8eba	upx
static1/unpack001/foo/798f5e61531f527821a490a15ef957ba	upx
static1/unpack001/foo/9d3438ba1dbdbcc2a65451893e38004b	upx
static1/unpack001/foo/bad78e11371381ce9e1d703aac2821e5	upx
static1/unpack001/foo/c944eadb6e032fd9e7a0988464a6f1cc	upx
static1/unpack001/foo/d81e76123ccb64b73eeac2f31a7434c4	upx
static1/unpack001/foo/e03bd458de4a107688236bdc4ddc3afe	upx
static1/unpack001/foo/e95678212c7218c6e7944fca1631c88f	upx
static1/unpack001/foo/fcdc003a1529fe3660b160fd012173b3	upx

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
static1/unpack001/foo/b641961018d09dfbd7fa9c15f09a7723	pyinstaller

Unsigned PE 110 IoCs

Checks for missing Authenticode signature.

resource
unpack001/foo/0044d66e4abf7c4af6b5d207065320f7
unpack001/foo/034e4c62965f8d5dd5d5a2ce34a53ba9
unpack001/foo/035fa2f2fae0a8fad733686a7d9ea772
unpack002/out.upx
unpack001/foo/07470b6ede84f02ec31ab0a601cdc068
unpack001/foo/078adb95b1a0a6449d8c4ece796deac0
unpack001/foo/0becfedf4d0b9ad5251aca33274a4cf4
unpack001/foo/1a78d313f2891bd468f78694814a28a3
unpack001/foo/1ffe827beb75335731cb6f052a8ec3a6
unpack001/foo/27601d095e5b3761d9289584415a73cc
unpack001/foo/28408caa2961caecd35c9f8f7c1aecc5
unpack004/$PLUGINSDIR/System.dll
unpack004/$PLUGINSDIR/nsDialogs.dll
unpack004/$TEMP/fughetta.dll
unpack001/foo/2de7b886ed3bf5455694d76ac69a96a4
unpack001/foo/2e00df497f82c0bf215548969fefc18b
unpack005/$PLUGINSDIR/FYboQZPLzv.dll
unpack001/foo/2e90a15707ad3eb4cd06bd8a05463922
unpack001/foo/2f215e008c6a7d8886c578e442b8f1b0
unpack001/foo/30bc06d0add076dd6500fcdfbc12643e
unpack001/foo/312e67dc35992949937d1bad6ba529f3
unpack001/foo/383497fda5ca670a06dc688443c2011b
unpack001/foo/39555eb0403a69906729713ad20888ec
unpack001/foo/39e5310f67f0b1bf98604a2e0edb9204
unpack001/foo/3aba72d1f87f4372162972b6a45ed8cd
unpack001/foo/406c9b9529109f835fe7292e6cf3fefe
unpack001/foo/457cfd3e7a53e7500f8206b3ea300aca
unpack007/$PLUGINSDIR/NSISdl.dll
unpack007/$PLUGINSDIR/System.dll
unpack007/$SYSDIR/$SYSDIR/$_14_.exe
unpack008/$PLUGINSDIR/InstallOptions.dll
unpack008/$PLUGINSDIR/NSISdl.dll
unpack008/$PLUGINSDIR/Processes.dll
unpack008/$PLUGINSDIR/System.dll
unpack007/$SYSDIR/$SYSDIR/$_8_.dll
unpack001/foo/4761e4b165f62d326b9032d96329e460
unpack001/foo/487f1b1f30212eaa9104c084a667f104
unpack009/$PLUGINSDIR/ElevatePrivileges.dll
unpack009/$PLUGINSDIR/Fusion.dll
unpack009/$PLUGINSDIR/InstallOptions.dll
unpack009/$PLUGINSDIR/LangDLL.dll
unpack009/$PLUGINSDIR/Math.dll
unpack009/$PLUGINSDIR/Registry.dll
unpack009/$PLUGINSDIR/SaveInExe.dll
unpack009/$PLUGINSDIR/System.dll
unpack009/$PLUGINSDIR/execDos.dll
unpack009/$PLUGINSDIR/inetc.dll
unpack009/$PLUGINSDIR/nsDialogs.dll
unpack009/$PLUGINSDIR/nsProcess.dll
unpack009/libeay32.dll
unpack009/ssleay32.dll
unpack001/foo/4a74c9f378007412ec2c8b2eea6da4cf
unpack001/foo/4b2d7854b47943b118e24c6ec79b974b
unpack001/foo/4c49c2496ae538bcec9e1510f3eb8eba
unpack001/foo/4cfe8f3aa1592035b9a2cdb2c4f54c77
unpack001/foo/55fc11ec67a00177d047d5abc84231e0
unpack001/foo/59f0fbc29bace019804b8a181ce75a06
unpack001/foo/5b1c0df2be80006ec3af6a5eeea17ecb
unpack001/foo/5d33050f0514054c49f2bc2ff9abee2a
unpack001/foo/5d9775622b5e7123d5796d4de5dc2839
unpack001/foo/60121ea2ab380455f7e143cd9438443e
unpack001/foo/62565a39c4a264e48e0678edad5d60fd
unpack001/foo/62a3fd9b4932e59a7192813c22617764
unpack001/foo/63e9ce22dbf66934fd75c77bc84954d0
unpack001/foo/6497ba06c339ec8ca438ddf0dd2f8fc5
unpack001/foo/698cc868cdae13a5cc744020ec00e331
unpack001/foo/6f2c5c31fefa00afa2af1adcbdd93ad5
unpack001/foo/798f5e61531f527821a490a15ef957ba
unpack001/foo/7aec86c6c4cc35139b7874a0117e4451
unpack001/foo/84bf6e1a8fcd94cf6cba6ac7e2a95b64
unpack001/foo/907b7d9a23ed7821abb700fcbe1c9bb3
unpack001/foo/928f1db0c63d122f0183686a3bdfccee
unpack001/foo/9401b0788dc22eeb1dace02d23a9596c
unpack001/foo/97dd8726304f889ef12ef1beb510be84
unpack001/foo/9cde71abfd2a6aeb83cdd233cbc04fcd
unpack001/foo/9d3438ba1dbdbcc2a65451893e38004b
unpack001/foo/9f88187d774cc9eaf89dc65479c4302d
unpack001/foo/a17bdcde184026e23ae6dc8723f73fcf
unpack001/foo/a2981192a30538e97b55f363abbce946
unpack001/foo/aa3b51bd50bcc98f763cffcf7f907152
unpack001/foo/acf0b7f4fe980501192187bb9b8e20c4
unpack001/foo/b1071426aa88f31339f1b369cf13cef3
unpack001/foo/b514b59324818c52140b431aeac96bfc
unpack001/foo/b641961018d09dfbd7fa9c15f09a7723
unpack001/foo/b693dfe99d2915616044eea2cfe18360
unpack001/foo/b6e7c9793cf40153bf8865195e06ecbc
unpack001/foo/b7d5f0b9bf2e6e13c5b3ca1c2a0a8b4a
unpack001/foo/ba2d460199eb2d9e9d6d0559bb455529
unpack001/foo/bad78e11371381ce9e1d703aac2821e5
unpack001/foo/bc6536b86b04cf5b3bf7cd353d615ab9
unpack001/foo/be85e0b2608a55942aa101c66ce6c32c
unpack001/foo/c914b169d1388c5e78421045d05946ee
unpack001/foo/c944eadb6e032fd9e7a0988464a6f1cc
unpack001/foo/cad3634df5d5058551bed38237ab8e8b
unpack001/foo/cd89b6c808c296cde0bc77ee630dc7df
unpack001/foo/d81e76123ccb64b73eeac2f31a7434c4
unpack001/foo/d86d2cb12111422ad0b401afa523e308
unpack001/foo/d8e37dd7ca017370a0b54147a27a7498
unpack001/foo/dea515c25081073ec2cee293b2991ee1
unpack001/foo/dfcc555a02bccc9c438b08555b5c2ab8
unpack001/foo/e03bd458de4a107688236bdc4ddc3afe
unpack001/foo/e16ec7bc29b68f66e90fdbfefe1d3a2d
unpack001/foo/e78fad8a5d0ea89127ed36ed20bc9351
unpack001/foo/e95678212c7218c6e7944fca1631c88f
unpack001/foo/edf723c8e404cd67041e7dfbbb1a6eee
unpack001/foo/f2366f48d3534bc8af573f2696dce4f5
unpack001/foo/f645a94491240317caccd6f8508fba1f
unpack001/foo/f660284cb3574213a512e3f03ca9012b
unpack001/foo/f6c1c72f3e45d2f3499b6bd6661b3289
unpack001/foo/fbab903080d6a4e65a1a2f6bc4d97b7c

NSIS installer 14 IoCs

installer

resource	yara_rule
static1/unpack001/foo/28408caa2961caecd35c9f8f7c1aecc5	nsis_installer_1
static1/unpack001/foo/28408caa2961caecd35c9f8f7c1aecc5	nsis_installer_2
static1/unpack001/foo/457cfd3e7a53e7500f8206b3ea300aca	nsis_installer_1
static1/unpack001/foo/457cfd3e7a53e7500f8206b3ea300aca	nsis_installer_2
static1/unpack007/$SYSDIR/$SYSDIR/$_14_.exe	nsis_installer_1
static1/unpack007/$SYSDIR/$SYSDIR/$_14_.exe	nsis_installer_2
static1/unpack001/foo/4ea45460c3e7c3d8486d3f7bec90c613	nsis_installer_1
static1/unpack001/foo/4ea45460c3e7c3d8486d3f7bec90c613	nsis_installer_2
static1/unpack001/foo/698cc868cdae13a5cc744020ec00e331	nsis_installer_1
static1/unpack001/foo/698cc868cdae13a5cc744020ec00e331	nsis_installer_2
static1/unpack001/foo/b693dfe99d2915616044eea2cfe18360	nsis_installer_1
static1/unpack001/foo/b693dfe99d2915616044eea2cfe18360	nsis_installer_2
static1/unpack001/foo/dfcc555a02bccc9c438b08555b5c2ab8	nsis_installer_1
static1/unpack001/foo/dfcc555a02bccc9c438b08555b5c2ab8	nsis_installer_2

Files

46dc49be65d7165e2a6009854a4f27f0088230199e61e0555cb1bd266535874a
.zip
foo/0044d66e4abf7c4af6b5d207065320f7
.exe windows:4 windows x86 arch:x86

75d34a70b1e0a78511f786189af5083d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsDebuggerPresent
GetProcAddress
GetTickCount
GetModuleHandleA
VirtualQuery
lstrlenA
GetVersionExA
FatalExit
GetCurrentDirectoryA
LocalFree

user32

CreateDialogParamA
GetActiveWindow
MessageBoxA
GetWindow
FindWindowA
DefWindowProcA
PostQuitMessage
EndPaint
BeginPaint
DispatchMessageA
TranslateMessage
GetMessageA
UpdateWindow
ShowWindow
CreateWindowExA
LoadCursorA
LoadIconA

ntdll

memcpy
_chkstk

gdi32

TextOutA

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 890B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wh18
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wh14
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wh17
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wh16
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wh15
Size: 512B - Virtual size: 71B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wh11
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wh13
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wh12
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wh7
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wh10
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wh9
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wh8
Size: 1024B - Virtual size: 934B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wh3
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wh6
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wh2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
foo/034e4c62965f8d5dd5d5a2ce34a53ba9
.exe windows:4 windows x86 arch:x86

16e370498bafc2da116b687155eb9503

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetMessageA
GetDesktopWindow
SendMessageA
ReleaseDC
CloseClipboard
GetClientRect
GetClipboardData
OpenClipboard
BeginPaint
TranslateMessage
CreateWindowExA
GetWindowTextW
GetWindowTextLengthW
RegisterClassExA
MsgWaitForMultipleObjects
PeekMessageA
GetWindowTextA
IsWindowVisible
EnumWindows
DispatchMessageA
wsprintfA
GetDC
ToAscii
DefWindowProcA
CallNextHookEx
GetWindowThreadProcessId
GetKeyboardLayout
GetKeyboardState
GetKeyState
MapVirtualKeyA
GetSystemMetrics
MapVirtualKeyExA
GetForegroundWindow
GetKeyNameTextA
ToUnicodeEx

psapi

GetProcessMemoryInfo

kernel32

GetStdHandle
SetHandleCount
FlushFileBuffers
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
GetOEMCP
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
InterlockedExchange
GetACP
GetLocaleInfoA
GetVersionExA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
CloseHandle
OpenProcess
GetCurrentProcessId
Sleep
FileTimeToSystemTime
ReadFile
SetFilePointer
GetFileSize
GetFileInformationByHandle
MapViewOfFile
CreateFileMappingA
CreateFileA
WriteFile
GetFileType
GetLocalTime
LocalFileTimeToFileTime
CreateDirectoryA
GetFileAttributesA
GetCurrentDirectoryA
SetFileTime
GetModuleFileNameA
GetModuleHandleA
GetEnvironmentStrings
GetTickCount
SetFileAttributesA
CopyFileA
DeleteFileA
InterlockedDecrement
SetCurrentDirectoryA
FindClose
FindNextFileA
FindFirstFileA
GetVolumeInformationA
GetDriveTypeA
GetLastError
CreateProcessA
CreatePipe
WinExec
MoveFileA
GetCompressedFileSizeA
GetComputerNameA
ExpandEnvironmentStringsA
GlobalUnlock
GlobalLock
CreateThread
CreateEventA
Process32Next
Process32First
CreateToolhelp32Snapshot
lstrcmpA
CopyFileExA
MultiByteToWideChar
WideCharToMultiByte
LocalFree
GetTimeZoneInformation
VirtualProtect
GetSystemInfo
HeapSize
SystemTimeToFileTime
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
IsBadReadPtr
IsBadCodePtr
GetLocaleInfoW
SetStdHandle
SetEnvironmentVariableA
GetFullPathNameA
SetEndOfFile
FileTimeToLocalFileTime
VirtualQuery
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
CompareStringW
CompareStringA
HeapReAlloc
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetCommandLineA
GetStartupInfoA
GetDateFormatA
GetTimeFormatA
RemoveDirectoryA
UnmapViewOfFile
GetCPInfo
RtlUnwind
ResumeThread
ExitThread
GetCurrentProcess
TerminateProcess
HeapAlloc
HeapFree
ExitProcess
LeaveCriticalSection
EnterCriticalSection
InterlockedIncrement

gdi32

CreateCompatibleBitmap
SelectObject
BitBlt
DeleteObject
CreateCompatibleDC

advapi32

OpenServiceA
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
DeleteService
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegQueryInfoKeyA
RegEnumKeyExA
RegEnumValueA
OpenSCManagerA
CreateServiceA
CloseServiceHandle
SetServiceStatus

shell32

ShellExecuteA

ole32

CoInitializeSecurity
CoCreateInstance
CoInitializeEx
CoUninitialize

oleaut32

SysAllocString
VariantInit
VariantChangeType
VariantClear
SysFreeString

avicap32

capCreateCaptureWindowA

wininet

InternetCloseHandle
DeleteUrlCacheEntry

ws2_32

inet_addr
WSAGetLastError
gethostbyname
inet_ntoa
htonl
getservbyname
htons
gethostbyaddr
ntohs
WSAStartup
send
recv
socket
setsockopt
closesocket
WSACleanup
getservbyport

gdiplus

GdipCreateBitmapFromHBITMAP
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdiplusStartup
GdipCloneImage
GdipDrawImageRectI
GdipGetImageGraphicsContext
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSaveImageToFile
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipFree

Sections

.text
Size: 256KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
foo/035fa2f2fae0a8fad733686a7d9ea772
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 464KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 266KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 403KB - Virtual size: 402KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
foo/04884a82d01d733f245d921e1f74fb1b
.exe windows:5 windows x86 arch:x86

821d34f6795c04ca30de427162a28e5b

Code Sign

42:26:9f:68:1c:c6:c2:08:f4:12:52:20:6c:49:d2:f0
Certificate

Issuer

CN=WoSign Class 2 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

29-04-2015 07:14

Not After

29-04-2016 08:14

Subject

CN=梁志辉,L=广州市,ST=广东省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

25:e7:3b:77:32:8e:5c:a0:aa:57:f8:65:68:dc:f6:e8
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08-08-2009 01:00

Not After

08-08-2024 01:00

Subject

CN=WoSign Class 2 Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08-08-2009 01:00

Not After

08-08-2024 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1d:0e:70:d9:33:69:4f:c4:ed:b3:d9:00:64:2d:37:bd:e9:a3:ee:61
Signer

Actual PE Digest

1d:0e:70:d9:33:69:4f:c4:ed:b3:d9:00:64:2d:37:bd:e9:a3:ee:61

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\workspace\yiwanplayer\bin\Release\YiwanInstaller.pdb

Imports

kernel32

WritePrivateProfileStringW
GetTempPathW
GetTempFileNameW
GetVolumeInformationW
MultiByteToWideChar
WideCharToMultiByte
DecodePointer
InterlockedIncrement
InterlockedDecrement
GetProcAddress
GetCurrentProcessId
GetCurrentThreadId
lstrcmpiW
LoadLibraryExW
GetModuleHandleW
CreateMutexA
CloseHandle
OpenProcess
SizeofResource
LoadResource
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
ResumeThread
GetLastError
SetThreadPriority
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GlobalFree
FreeLibrary
LockResource
GetPrivateProfileStringW
FindResourceExW
FindResourceW
FindResourceA
OutputDebugStringW
LocalFree
GetFullPathNameA
SetEndOfFile
SetCurrentDirectoryW
GetFullPathNameW
SetConsoleCtrlHandler
GetFileAttributesExW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTimeZoneInformation
GetCommandLineW
GetStartupInfoW
ReadConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetOEMCP
GetACP
IsValidCodePage
GetCurrentThread
ExitProcess
WriteConsoleW
GetModuleHandleExW
FindFirstFileExW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
CreateSemaphoreW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
FatalAppExitA
SystemTimeToTzSpecificLocalTime
GetCurrentDirectoryA
SetCurrentDirectoryA
SetEnvironmentVariableA
PeekNamedPipe
GetFileType
FileTimeToLocalFileTime
CreateProcessW
GetModuleFileNameW
GetSystemTimeAsFileTime
AreFileApisANSI
RtlUnwind
ExitThread
CreateThread
VirtualQuery
VirtualProtect
VirtualAlloc
IsProcessorFeaturePresent
OpenFile
DuplicateHandle
CreateFileW
DeleteFileW
GetSystemInfo
GetTempPathA
GetTempFileNameA
GetTickCount
Sleep
GetEnvironmentVariableW
SetEnvironmentVariableW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetExitCodeProcess
lstrcpyW
lstrcatW
FindFirstFileW
FindClose
FindNextFileW
LoadLibraryW
WriteFile
ReadFile
SetFilePointer
CreateEventW
SetEvent
CreatePipe
SetHandleInformation
GetStdHandle
GetModuleFileNameA
CreateProcessA
ResetEvent
GlobalAlloc
GetLocalTime
VerSetConditionMask
VerifyVersionInfoW
GlobalMemoryStatusEx
CreateFileA
GetFileSize
IsDebuggerPresent
GetStringTypeW
EncodePointer
DeviceIoControl
lstrcmpA
lstrcmpiA
lstrlenA
lstrlenW
SetLastError
CreateDirectoryW
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesW
MoveFileW
MoveFileExW
GetLogicalDriveStringsW
GetDriveTypeW
GetDiskFreeSpaceExW
GetStartupInfoA
GetFileInformationByHandle
SystemTimeToFileTime
FileTimeToSystemTime
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
SetFileTime
LocalFileTimeToFileTime
GetCurrentDirectoryW
GetCurrentProcess
TerminateProcess
WaitForMultipleObjects
FreeResource

user32

RegisterWindowMessageW
IsWindowVisible
GetWindow
GetDesktopWindow
GetPropA
IsIconic
ShowWindow
GetWindowLongW
SetWindowPos
PostMessageW
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
DispatchMessageW
wsprintfW
EnumDisplayDevicesW
GetDC
ReleaseDC
RemovePropA
LoadCursorW
RegisterClassW
CreateWindowExW
IsWindow
UnregisterClassW
DestroyWindow
CharNextW
DefWindowProcW
FindWindowW
LoadIconW

advapi32

OpenProcessToken
RegQueryValueExW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
DeleteService
QueryServiceStatus
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
EnumDependentServicesW
ControlService
RegEnumKeyExA
InitializeSecurityDescriptor
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

SHCreateDirectoryExW
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
CommandLineToArgvW

ole32

CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CreateBindCtx
CoInitializeEx
CoSetProxyBlanket
CoInitializeSecurity
CoCreateGuid
CoUninitialize

oleaut32

CreateErrorInfo
SetErrorInfo
GetErrorInfo
VariantChangeType
VariantClear
SysFreeString
VarUI4FromStr
VariantInit
SysAllocString

shlwapi

StrToIntExW
PathIsRelativeA
PathIsRelativeW
SHGetValueA
PathIsRootW
PathIsUNCA
PathIsUNCW
PathIsNetworkPathA
SHSetValueA
PathCombineW
PathFileExistsA
PathFindFileNameW
PathIsDirectoryA
PathIsRootA
PathIsNetworkPathW
PathIsURLA
PathIsURLW
PathRelativePathToW
PathRemoveFileSpecA
StrStrA
StrStrIA
PathAddBackslashW
PathAppendW
PathAddBackslashA
StrStrIW
PathFileExistsW
PathAppendA
StrCpyW
PathRemoveFileSpecW
PathIsDirectoryW

comctl32

InitCommonControlsEx

opengl32

wglDeleteContext
wglMakeCurrent
wglCreateContext

ws2_32

getnameinfo
socket
setsockopt
sendto
WSAConnect
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAGetOverlappedResult
WSARecv
WSAResetEvent
WSASend
WSASetEvent
WSASocketW
getaddrinfo
freeaddrinfo
shutdown
send
WSACloseEvent
WSAGetLastError
WSASetLastError
WSACleanup
WSAStartup
closesocket
gethostname
recvfrom
recv
ntohs
ntohl
listen
accept
bind
connect
ioctlsocket
getpeername
getsockname
getsockopt
htonl
htons

winmm

timeEndPeriod
timeBeginPeriod

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wininet

InternetOpenW
HttpQueryInfoW
InternetReadFile
InternetOpenUrlW
InternetCloseHandle

iphlpapi

GetAdaptersInfo

urlmon

RegisterBindStatusCallback
CreateURLMoniker

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
CM_Get_Device_IDW
SetupDiDestroyDeviceInfoList

netapi32

Netbios

gdi32

GetStockObject
ChoosePixelFormat
SetPixelFormat
SwapBuffers

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 246KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
foo/06ed82e88e1f68cc08602d7cd8ec5f59
.exe windows:4 windows x86 arch:x86

39f05bc302a86de7c1cdfb5d856eb2fd

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17-11-2006 00:00

Not After

30-12-2020 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

72:37:ac:bb:ef:66:31:7b:1d:b4:6c:89:8e:1f:3a:be
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

19-07-2013 00:00

Not After

17-09-2014 23:59

Subject

CN=重庆话语科技有限公司,OU=酷屏项目部,O=重庆话语科技有限公司,L=重庆,ST=重庆,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:3a:6d:3c:e7:1b:12:ad:3f:c3:fb:2c:25:49:12:ab:42:77:f7:57
Signer

Actual PE Digest

61:3a:6d:3c:e7:1b:12:ad:3f:c3:fb:2c:25:49:12:ab:42:77:f7:57

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4998
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord4353
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord641
ord1146
ord567
ord324
ord2135
ord818
ord2302
ord4234
ord665
ord1979
ord6385
ord4853
ord1200
ord6197
ord6215
ord4710
ord2379
ord755
ord470
ord5280
ord3138
ord3797
ord1768
ord2688
ord4287
ord1949
ord4034
ord4376
ord5265
ord3402
ord5290
ord6374
ord1776
ord6055
ord1134
ord2621
ord1205
ord2514
ord815
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord4299
ord2089
ord2864
ord6880
ord4275
ord656
ord3610
ord3619
ord3571
ord2381
ord6199
ord5981
ord3874
ord1641
ord2414
ord3663
ord3626
ord3573
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord825
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4673
ord3337
ord3811
ord1168
ord5710
ord5856
ord6877
ord6876
ord4129
ord1228
ord1105
ord803
ord543
ord348
ord663
ord3584
ord5207
ord2393
ord939
ord1988
ord926
ord924
ord940
ord2764
ord6648
ord537
ord858
ord941
ord2818
ord535
ord540
ord389
ord800
ord690
ord823
ord353
ord1576

msvcrt

__set_app_type
_onexit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
strchr
__CxxFrameHandler
atol
sscanf
strstr
_access
sprintf
fclose
fread
fseek
fopen
fwrite
strrchr
__p__pgmptr
strncpy
_splitpath
memchr
isspace
time
_setmbcp
_itoa
_strcmpi
_stricmp
_strnicmp
_CxxThrowException
wcslen
malloc
free
__dllonexit
ftell
_purecall
isalnum
toupper
_controlfp
strncat
mktime
atoi
memmove
_ftol
_mbscmp
__p__fmode
strncmp
strtol
_mbclen
fgets
_snprintf
strtok

kernel32

WideCharToMultiByte
GetDiskFreeSpaceExA
CreateToolhelp32Snapshot
Process32First
Process32Next
GetTempPathA
GetTempFileNameA
FindFirstFileA
FindClose
GetLastError
MultiByteToWideChar
GetModuleHandleA
GetProcAddress
CloseHandle
lstrlenA
LeaveCriticalSection
RemoveDirectoryA
Sleep
GetModuleFileNameA
GetACP
GetStartupInfoA
ReadFile
WaitForSingleObject
CreateProcessA
FreeLibrary
WritePrivateProfileStringA
GetLocalTime
GetPrivateProfileStringA
LoadLibraryA
CreateMutexA
SetCurrentDirectoryA
LoadResource
SizeofResource
FindResourceA
EnterCriticalSection
GetCurrentDirectoryA
lstrcatA
SetEndOfFile
LocalFree
FindNextFileA
TerminateProcess
OpenProcess
GetFileSize
InitializeCriticalSection
DeleteCriticalSection
WriteFile
SetFilePointer
DeleteFileA
GetTickCount
CreateFileA
FormatMessageA
WinExec

user32

SendMessageA
wsprintfA
LoadIconA
DrawIcon
GetClientRect
IsIconic
SetWindowLongA
EnableWindow
PostMessageA
GetSystemMetrics
GetParent
DefWindowProcA
SetTimer
GetWindowDC
ScreenToClient
ReleaseCapture
PtInRect
SetCursor
LoadCursorA
ClientToScreen
IsZoomed
GetWindowRect
EndPaint
BeginPaint
ReleaseDC
IsWindow
SetWindowPos
SetWindowRgn
SetWindowTextA
SetCapture
KillTimer
CopyRect
InvalidateRect

advapi32

RegOpenKeyExA
RegCreateKeyA
RegSetValueA
RegCloseKey
RegEnumKeyExA
RegOpenKeyA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemFree

oleaut32

VariantClear

msvcp60

??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??_8?$basic_fstream@DU?$char_traits@D@std@@@std@@7B?$basic_ostream@DU?$char_traits@D@std@@@1@@
??_8?$basic_fstream@DU?$char_traits@D@std@@@std@@7B?$basic_istream@DU?$char_traits@D@std@@@1@@
??0ios_base@std@@IAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??_7?$basic_fstream@DU?$char_traits@D@std@@@std@@6B@
?__Fiopen@std@@YAPAU_iobuf@@PBDH@Z
?_Initcvt@?$basic_filebuf@DU?$char_traits@D@std@@@std@@IAEXXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??_D?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?_Copy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1ios_base@std@@UAE@XZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Init@?$basic_filebuf@DU?$char_traits@D@std@@@std@@IAEXPAU_iobuf@@W4_Initfl@12@@Z
??1?$basic_filebuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Xlen@std@@YAXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z

gdiplus

GdipFree
GdipDisposeImage
GdipCreateBitmapFromFileICM
GdipGetDC
GdipReleaseDC
GdipAlloc
GdipGetImageWidth
GdipGetImageHeight
GdipDrawImageRectRectI
GdipGraphicsClear
GdipCreateFromHDC
GdipDeleteGraphics
GdiplusStartup
GdipCloneImage
GdipCloneBrush
GdipDeleteBrush
GdipDeleteFontFamily
GdipCreateBitmapFromFile
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorKeys
GdipDeleteStringFormat
GdipGetFontSize
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateStringFormat
GdipDrawString
GdipMeasureString
GdipCreateSolidFill
GdipCreateFont
GdipCreateFontFamilyFromName
GdipDeleteFont

netapi32

Netbios

imagehlp

MakeSureDirectoryPathExists

ws2_32

recv
__WSAFDIsSet
select
WSAGetLastError
connect
send
htons
gethostbyname
socket
WSACleanup
WSAStartup
closesocket

gdi32

CreateDIBSection
BitBlt
CreateSolidBrush
CreateRoundRectRgn
CreateCompatibleBitmap
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC

comctl32

_TrackMouseEvent

Sections

.text
Size: 284KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 624KB - Virtual size: 620KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
foo/07470b6ede84f02ec31ab0a601cdc068
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 348KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 197KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
foo/078adb95b1a0a6449d8c4ece796deac0
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 344KB - Virtual size: 344KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
foo/09e5c88a0592763e0c4f30fb88d663b4
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

b2:98:7e:e9:d3:26:4a:51:ff:fb:38:49:fe:4c:ab:aa
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

28-06-2018 00:00

Not After

27-06-2020 23:59

Subject

SERIALNUMBER=P11000097829,CN=IPVanish (Mudhook Marketing\, Inc.),O=IPVanish (Mudhook Marketing\, Inc.),POSTALCODE=75201,STREET=Suite 1100+STREET=2021 McKinney Avenue,L=Dallas,ST=Texas,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#1307466c6f72696461,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a9:fe:bf:02:a4:ad:55:26:b8:df:a3:f2:d9:fb:04:2c:a9:9c:b5:c1:05:4b:10:63:81:2d:e7:d8:2d:0c:d2:cc
Signer

Actual PE Digest

a9:fe:bf:02:a4:ad:55:26:b8:df:a3:f2:d9:fb:04:2c:a9:9c:b5:c1:05:4b:10:63:81:2d:e7:d8:2d:0c:d2:cc

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 541KB - Virtual size: 540KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
foo/0becfedf4d0b9ad5251aca33274a4cf4
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 112KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 53KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tu9
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
foo/1a78d313f2891bd468f78694814a28a3
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

YX��DD��Y7l�i �_��x�"��#"�uo��VD~��m�b4�� 2��;�\!��|�7�a`��)7��,��ʲ7˔M8%��Ponbxl��|��0�zz��}�ʡ�2z1��!3��"�O�i�>��[�뼲��hm*�U��{��z'��I2�j��b^��\��kHm�e ��e�cp!*I��4�|�)Y�1��?�=�t8B��m�-��8|N��Э�[_�ds�� k#B��vJ<��>�5 ʸ(�cu��Ć�2�}��C��R� KX��bWV��`=��6�X��8F�e[�HlJMKF��7Q jN��pT[�g��H��I~瞨�\E�_��m�8� D�[��]�>��Ӝ�Ex�f�d ��L��~�$�%��^wh@�Ɠ_p@E��`�bi|�w�'�;��~9��M��4�>��@�{p�wM��D#��Q8�i2��N��?Ӈ��a6X�W�ml��P3#9a�Y��['2�� z��*��J��z��r)�P�� >�J��X�"�A&��2�r��4B��My�ܛ��c�J��v�|��J*֣��{=ս�r�ͩs��ܺ�Z��ȩ� ��ث ~W��d (�@��9��B��N��ѱ2wP�P;��+WN_qK��˥�) "UL�\e��Ͼ{lE��#L�TIp]��y�(��˃/ɂ�g��WZ+��zČ`��]�~ٳ�!��$�K[��&}GX��z;�l~=��u͵�;��cC�x�F�[ &u�3��C7Rk@��w�1�w�Te2$��*Lې��9�hp +�a�V�^ǽ�$AG��S:|�$<��2C�sOc�Rϋb8�*�$�Kj��p\t� ��(�x�}u��b�Ѐ�|�m�e `��z:��e(M�$��6�ne��x_I ��I��a1�iC�{wc�q?��;��X��6W�v��V��H�Wj�&�ڊ�n��[�k�鵽6 �,��V�@�7\X�_(��n�v=�)`b��&�S� /u>��G�z�%��<*U/� u޷�� M�� ے8?��PJ&.��ؼ�x��9�� G�e��*��F��?D��Q��I��X��sa��f4A!Z_m��T��A�VCjA��03� �Q�V�#�D��\gZ��R}��l��~�o2S��ks�~�`_X��e1�� N�Me��z��OMh�b��!j:~�AG��i�鮅��:��T��3��)�;�E�s��ryt�x٢l1.\җ��]�y�8A��+�җ�捊�*�U1�lxK��Rk�g��dC<Wv�o��[��_v�XϮ<��p*x�q��ӽܔ;��'g2Z��IӇJp��r*ܴX/Z(��\xdEZ'��8�K��{��aJ۠�{?;��5��{p�c� ɡ�� H�G��AV�z�v��{�b1i�)��K�^�!$��F}��b4��"�A��9��%�M@O��Tֽ6��=�X�� "�w`��z֟��0ݘSԢA��'~�P�!JLa�k�\��K��1�x}�u��t� ?۟��+�O��v�l��gq��y,$��-��9W(M��/a�vMz�w*L� ��Z/ s��@�s�&3X �YbV�IEp��F��|�df��e/��8Q~F0��c"�o}��7yb�u�AO}�$^�V��.�P�A��@�AT�Kac��sf��i�Z��|C7Y�D��o�iҎ^ q8�N��d��c�d��L��Y �j��eȮ��WK1��n{��_��2̆mC#h��2yi��u�z�K��#(�5��_�(�%�}�I�J| ��Y{I4V=�K�b�( '�ɺ�:��u ��<�?3��l��ך�&*\W;S1�+��{�u�q(趵v$J�� "Y='t�0�6u�C$��x��ա�O��1y� ��V�)g>�eM��׋��!�ؒ/��)�pO�*G@��P��j��Z-wh;m�r�&T��D�44��^��6� ˄�_�W��$2��[��#p�Du��b^\��d�i��1��P��GԒK4!\�UKƃ��'o@�b ��2�R��#e�7�`yJ"Y�]��f�U]e杀[��As�qxf��]B�g��Π%�VX��W&�+7��)�3�\ ʾf�G��h��E0]򉣹Ѯϧ:Ø�h��܄6�ce� ɿ��ž^�C<��]>��a�/�F3��D�m-�hT� �ZD�z�-\�(�f�q��E��p�V<u� b�T��j��`;_�=ã�dǄ��޶b�T�p7F*&��a��DoT��׃۪��I�'͋qʰ�n��YT��Ȟ�@��|z)��k�:c�s��'ˆ��w�|�`۲�HW��7�hu��1FD|��D�Ϡ�vMF��ˋdd��KsW�:��:~�G�ֽ��r��::x��1�s��_��K�Y� ��*�L�M��:EUc�"x��7X{n�+TӞ~��Ɩ"<�d!;�yBno#�?|$��,zA��L�9��cN|�V��'��'Ӵ4u��9��^H��'�C�V�)2H�/��Q��%Ҏ��z�b�1i7^��<�ў�U�Fu��ѫ�@�PT��ς�Q��S�}��)�_�EA�u�Y�m�Y-��h��~�鈜GZ�r"��isߺ^�x4~RoS<f�d�qhuw�%\(eSU��̺n��Gi"k3��:�/\~Fc�f��!��/v��8F��إ3-�.��e��9��懆�]��O�/��W�L�y��V�,��2؇L��"��m�1�D2*��z��p�C�ߢT��<`��We��_��a2a2��&�Yj��YҪN�~#y|��L��8-�7��_U��,A�z�|$�۲��=~�v&v3tYW�1#�5]��J��X�l�:�׷/��!��(8��<��Ar��2_�Yǃo!�yc_�?;��!�oa��cey��8e�V��r�bo"��7��B�J��L�\F,�'<�-��=��]��O~Z#y�}�3�i�*�n��&�ی8�;p�ya&�݀zB ��m?|�h��V��u��6[�M\"��W��

Sections

Size: 1.1MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 73KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1.8MB - Virtual size: 10.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
foo/1ffe827beb75335731cb6f052a8ec3a6
.exe windows:6 windows x86 arch:x86

81e6f3e2a927b527923da0f3e596fab6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
WideCharToMultiByte
CreateFileW
ReadConsoleW
SetStdHandle
SetFilePointerEx
ReadFile
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapReAlloc
GetOEMCP
GetACP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameA
LoadLibraryW
OutputDebugStringW
lstrlenW
HeapSize
ExitProcess
WriteFile
LoadLibraryExW
ExitThread
EnumSystemLocalesW
GetUserDefaultLCID
WaitForSingleObjectEx
GetLocaleInfoW
LCMapStringW
VirtualAlloc
IsProcessorFeaturePresent
GetModuleHandleW
GetStartupInfoW
TerminateProcess
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
InitializeCriticalSectionAndSpinCount
lstrlenA
lstrcatW
lstrcpyW
lstrcpyA
lstrcpynA
WaitForSingleObject
GetLastError
CreateThread
IsDebuggerPresent
VirtualProtectEx
GetProcAddress
GetModuleHandleA
CreateSemaphoreA
DuplicateHandle
CloseHandle
Sleep
ReleaseSemaphore
SetEvent
GetCommandLineA
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
WriteConsoleW
GetModuleHandleExW
GetModuleFileNameW
GetFileType
GetStdHandle
CreateWaitableTimerA
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
ResumeThread
CreateEventA
GetCurrentProcess
GetProcessHeap
HeapFree
IsValidLocale
HeapAlloc
GetCurrentThreadId
GetCurrentProcessId
InterlockedCompareExchange
InterlockedExchangeAdd
SetWaitableTimer
OpenEventA
WaitForMultipleObjectsEx
ResetEvent
QueryPerformanceFrequency
QueryPerformanceCounter
InterlockedIncrement
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InterlockedExchange
EncodePointer
DecodePointer
GetStringTypeW

user32

GetMonitorInfoA
GetCursorPos
SetCursorPos
DrawFrameControl
EnumDisplayMonitors
SetScrollInfo
LoadStringA
LoadIconA
GetWindowThreadProcessId
FindWindowW
SetWindowLongA
GetWindowLongA
GetSysColor
MessageBoxA
GetClientRect
SetWindowTextA
RemovePropA
SetScrollRange
SetScrollPos
InvalidateRect
GetDC
SetMenuItemInfoA
GetMenuItemInfoA
GetMenuItemCount
EnableMenuItem
DestroyMenu
DrawMenuBar
TranslateAcceleratorA
CreateAcceleratorTableA
SetFocus
GetDlgItem
DialogBoxParamA
SetWindowPlacement
GetWindowPlacement
ShowWindow
DestroyWindow
CreateWindowExA
RegisterClassA
PostQuitMessage
DefWindowProcA
AttachThreadInput
PostMessageA
SendMessageA
DispatchMessageA
TranslateMessage
GetMessageA

gdi32

StartDocA
SetTextColor
SetBkColor
ExtEscape
EnumObjects
DescribePixelFormat
DeleteDC
CreateDCA
CreatePolygonRgn

comdlg32

CommDlgExtendedError
GetSaveFileNameA

advapi32

RegCloseKey
RegOpenKeyA
RegQueryValueExA
OpenProcessToken

shell32

Shell_NotifyIconA
SHEmptyRecycleBinA
SHQueryRecycleBinA

oleaut32

SysFreeString
SysAllocStringLen

netapi32

NetApiBufferFree
NetUserEnum

psapi

GetDeviceDriverBaseNameA
EnumDeviceDrivers
GetDeviceDriverFileNameA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

crypt32

CertGetNameStringA

comctl32

ImageList_Create
ImageList_GetImageCount
ord17
ImageList_ReplaceIcon

rpcrt4

UuidCreateSequential

opengl32

wglCreateContext
wglGetProcAddress
wglMakeCurrent

setupapi

SetupDiGetClassDevsA

usp10

ScriptGetFontProperties

Sections

.text
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
foo/255028f2f37838e92f84f27c68aaf4e1
.dll windows:5 windows x86 arch:x86

347c772e602516fcbffd7c30b60504a7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

79:05:d0:fd:6f:33:57:3c:01:51:88:83:a8:08:69:9c
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

05-05-2017 00:00

Not After

24-06-2020 23:59

Subject

CN=Torch Media Inc.,OU=DEV,O=Torch Media Inc.,L=Panama,ST=Panama,C=PA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a3:00:8c:1e:87:69:d6:0a:a3:47:2b:2c:a6:34:a9:01:19:92:bb:f2:f4:82:6c:5a:48:80:78:27:f7:3f:af:33
Signer

Actual PE Digest

a3:00:8c:1e:87:69:d6:0a:a3:47:2b:2c:a6:34:a9:01:19:92:bb:f2:f4:82:6c:5a:48:80:78:27:f7:3f:af:33

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Torch\65-prerelease\Client\src\out\release_static_x86_official\chrome_watcher.dll.pdb

Imports

kernel32

WriteConsoleW
SetLastError
GetLastError
SetEvent
SetProcessShutdownParameters
SetErrorMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
ReadConsoleW
GetDriveTypeW
GetCommandLineW
LocalFree
ReleaseSRWLockExclusive
GetModuleHandleW
GetProcAddress
SetEnvironmentVariableW
GetEnvironmentVariableW
CloseHandle
DeleteFileW
CreateFileW
GetCurrentDirectoryW
GetModuleFileNameW
GetCurrentProcessId
GetLocalTime
GetTickCount
FormatMessageA
OutputDebugStringA
WriteFile
GetCurrentProcess
DuplicateHandle
TerminateProcess
WaitForSingleObject
GetExitCodeProcess
RtlCaptureStackBackTrace
RaiseException
HeapSetInformation
GetCurrentThreadId
GetCurrentThread
Sleep
IsDebuggerPresent
CreateThread
GetThreadId
SetThreadPriority
GetThreadPriority
CreateEventW
ResetEvent
GetFileAttributesW
GetTempPathW
ReadFile
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
GetSystemDirectoryW
GetWindowsDirectoryW
HeapCreate
HeapDestroy
GetProcessId
GetSystemTimeAsFileTime
QueryPerformanceFrequency
QueryPerformanceCounter
QueryThreadCycleTime
GetModuleHandleExW
TlsGetValue
CreateIoCompletionPort
PostQueuedCompletionStatus
GetQueuedCompletionStatus
FindClose
SetFilePointerEx
FlushFileBuffers
GetVersionExW
VerSetConditionMask
VerifyVersionInfoW
GetNativeSystemInfo
VirtualQuery
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
SetUnhandledExceptionFilter
TlsAlloc
TlsFree
TlsSetValue
GetProcessTimes
GetModuleHandleExA
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WaitForSingleObjectEx
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
GetStartupInfoW
GetStringTypeW
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
LCMapStringW
GetLocaleInfoW
GetCPInfo
LoadLibraryExW
RtlUnwind
InterlockedFlushSList
GetConsoleCP
GetConsoleMode
ExitProcess
GetFullPathNameW
SetStdHandle
GetFileType
GetModuleFileNameA
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetACP

chrome_elf

GetInstallDetailsPayload

advapi32

RegSetValueExW
RegQueryValueExW
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
TraceEvent
RegOpenKeyExW
EventRegister
EventUnregister
EventWrite
RegCreateKeyExW
RegCloseKey

ole32

CoInitializeEx
CoUninitialize
CoTaskMemFree

shell32

SHGetFolderPathW
SHGetKnownFolderPath
CommandLineToArgvW

user32

DefWindowProcW
SetWindowLongW
GetWindowLongW
UnregisterClassW
DestroyWindow
RegisterClassExW
DispatchMessageW
TranslateMessage
PostQuitMessage
MsgWaitForMultipleObjectsEx
GetQueueStatus
PeekMessageW
SetTimer
CreateWindowExW
PostMessageW
KillTimer

winmm

timeBeginPeriod
timeGetTime
timeEndPeriod

Exports

Exports

GetHandleVerifier
WatcherMain

Sections

.text
Size: 423KB - Virtual size: 422KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
foo/27601d095e5b3761d9289584415a73cc
.exe windows:5 windows x86 arch:x86

32f3282581436269b3a75b6675fe3e08

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 516KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
foo/27f9116902c35a9b784c703762bbd249
.exe windows:5 windows x86 arch:x86

eb97e4fc5518ac300a92a11673825e0b

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03-07-2018 20:45

Not After

26-07-2019 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

63:d2:84:5e:5b:a1:a3:47:6c:de:d6:0d:d3:d7:d5:8e:cf:50:22:b1:b3:75:25:17:0c:33:ae:74:b4:a5:b3:27
Signer

Actual PE Digest

63:d2:84:5e:5b:a1:a3:47:6c:de:d6:0d:d3:d7:d5:8e:cf:50:22:b1:b3:75:25:17:0c:33:ae:74:b4:a5:b3:27

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSACleanup
socket
inet_ntoa
setsockopt
ntohs
recvfrom
ioctlsocket
htons
WSAStartup
__WSAFDIsSet
select
accept
listen
bind
closesocket
WSAGetLastError
recv
sendto
send
inet_addr
gethostbyname
gethostname
connect

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

winmm

timeGetTime
waveOutSetVolume
mciSendStringW

comctl32

ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Remove
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
InitCommonControlsEx
ImageList_Create

mpr

WNetUseConnectionW
WNetCancelConnection2W
WNetGetConnectionW
WNetAddConnection2W

wininet

InternetQueryDataAvailable
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetCrackUrlW
HttpQueryInfoW
InternetQueryOptionW
HttpOpenRequestW
HttpSendRequestW
FtpOpenFileW
FtpGetFileSize
InternetOpenUrlW
InternetReadFile
InternetConnectW

psapi

GetProcessMemoryInfo

iphlpapi

IcmpCreateFile
IcmpCloseHandle
IcmpSendEcho

userenv

DestroyEnvironmentBlock
UnloadUserProfile
CreateEnvironmentBlock
LoadUserProfileW

uxtheme

IsThemeActive

kernel32

DuplicateHandle
CreateThread
WaitForSingleObject
HeapAlloc
GetProcessHeap
HeapFree
Sleep
GetCurrentThreadId
MultiByteToWideChar
MulDiv
GetVersionExW
IsWow64Process
GetSystemInfo
FreeLibrary
LoadLibraryA
GetProcAddress
SetErrorMode
GetModuleFileNameW
WideCharToMultiByte
lstrcpyW
lstrlenW
GetModuleHandleW
QueryPerformanceCounter
VirtualFreeEx
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
CreateFileW
SetFilePointerEx
SetEndOfFile
ReadFile
WriteFile
FlushFileBuffers
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetFileTime
GetFileAttributesW
FindFirstFileW
SetCurrentDirectoryW
GetLongPathNameW
GetShortPathNameW
DeleteFileW
FindNextFileW
CopyFileExW
MoveFileW
CreateDirectoryW
RemoveDirectoryW
SetSystemPowerState
QueryPerformanceFrequency
FindResourceW
LoadResource
LockResource
SizeofResource
EnumResourceNamesW
OutputDebugStringW
GetTempPathW
GetTempFileNameW
DeviceIoControl
GetLocalTime
CompareStringW
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
CreatePipe
InterlockedExchange
TerminateThread
LoadLibraryExW
FindResourceExW
CopyFileW
VirtualFree
FormatMessageW
GetExitCodeProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetVolumeInformationW
SetVolumeLabelW
CreateHardLinkW
SetFileAttributesW
CreateEventW
SetEvent
GetEnvironmentVariableW
SetEnvironmentVariableW
GlobalLock
GlobalUnlock
GlobalAlloc
GetFileSize
GlobalFree
GlobalMemoryStatusEx
Beep
GetSystemDirectoryW
HeapReAlloc
HeapSize
GetComputerNameW
GetWindowsDirectoryW
GetCurrentProcessId
GetProcessIoCounters
CreateProcessW
GetProcessId
SetPriorityClass
LoadLibraryW
VirtualAlloc
IsDebuggerPresent
GetCurrentDirectoryW
lstrcmpiW
DecodePointer
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
GetCurrentThread
CloseHandle
GetFullPathNameW
EncodePointer
ExitProcess
GetModuleHandleExW
ExitThread
GetSystemTimeAsFileTime
ResumeThread
GetCommandLineW
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetStringTypeW
SetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
RtlUnwind
ReadConsoleW
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
FindClose
SetEnvironmentVariableA

user32

AdjustWindowRectEx
CopyImage
SetWindowPos
GetCursorInfo
RegisterHotKey
ClientToScreen
GetKeyboardLayoutNameW
IsCharAlphaW
IsCharAlphaNumericW
IsCharLowerW
IsCharUpperW
GetMenuStringW
GetSubMenu
GetCaretPos
IsZoomed
MonitorFromPoint
GetMonitorInfoW
SetWindowLongW
SetLayeredWindowAttributes
FlashWindow
GetClassLongW
TranslateAcceleratorW
IsDialogMessageW
GetSysColor
InflateRect
DrawFocusRect
DrawTextW
FrameRect
DrawFrameControl
FillRect
PtInRect
DestroyAcceleratorTable
CreateAcceleratorTableW
SetCursor
GetWindowDC
GetSystemMetrics
GetActiveWindow
CharNextW
wsprintfW
RedrawWindow
DrawMenuBar
DestroyMenu
SetMenu
GetWindowTextLengthW
CreateMenu
IsDlgButtonChecked
DefDlgProcW
CallWindowProcW
ReleaseCapture
SetCapture
CreateIconFromResourceEx
mouse_event
ExitWindowsEx
SetActiveWindow
FindWindowExW
EnumThreadWindows
SetMenuDefaultItem
InsertMenuItemW
IsMenu
TrackPopupMenuEx
GetCursorPos
DeleteMenu
SetRect
GetMenuItemID
GetMenuItemCount
SetMenuItemInfoW
GetMenuItemInfoW
SetForegroundWindow
IsIconic
FindWindowW
MonitorFromRect
keybd_event
SendInput
GetAsyncKeyState
SetKeyboardState
GetKeyboardState
GetKeyState
VkKeyScanW
LoadStringW
DialogBoxParamW
MessageBeep
EndDialog
SendDlgItemMessageW
GetDlgItem
SetWindowTextW
CopyRect
ReleaseDC
GetDC
EndPaint
BeginPaint
GetClientRect
GetMenu
DestroyWindow
EnumWindows
GetDesktopWindow
IsWindow
IsWindowEnabled
IsWindowVisible
EnableWindow
InvalidateRect
GetWindowLongW
GetWindowThreadProcessId
AttachThreadInput
GetFocus
GetWindowTextW
ScreenToClient
SendMessageTimeoutW
EnumChildWindows
CharUpperBuffW
GetParent
GetDlgCtrlID
SendMessageW
MapVirtualKeyW
PostMessageW
GetWindowRect
SetUserObjectSecurity
CloseDesktop
CloseWindowStation
OpenDesktopW
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
GetUserObjectSecurity
MessageBoxW
DefWindowProcW
SetClipboardData
EmptyClipboard
CountClipboardFormats
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
BlockInput
GetMessageW
LockWindowUpdate
DispatchMessageW
TranslateMessage
PeekMessageW
UnregisterHotKey
CheckMenuRadioItem
CharLowerBuffW
MoveWindow
SetFocus
PostQuitMessage
KillTimer
CreatePopupMenu
RegisterWindowMessageW
SetTimer
ShowWindow
CreateWindowExW
RegisterClassExW
LoadIconW
LoadCursorW
GetSysColorBrush
GetForegroundWindow
MessageBoxA
DestroyIcon
SystemParametersInfoW
LoadImageW
GetClassNameW

gdi32

StrokePath
DeleteObject
GetTextExtentPoint32W
ExtCreatePen
GetDeviceCaps
EndPath
SetPixel
CloseFigure
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
StretchBlt
GetDIBits
LineTo
AngleArc
MoveToEx
Ellipse
DeleteDC
GetPixel
CreateDCW
GetStockObject
GetTextFaceW
CreateFontW
SetTextColor
PolyDraw
BeginPath
Rectangle
SetViewportOrgEx
GetObjectW
SetBkMode
RoundRect
SetBkColor
CreatePen
CreateSolidBrush
StrokeAndFillPath

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

GetAce
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegConnectRegistryW
InitializeSecurityDescriptor
InitializeAcl
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
CreateProcessWithLogonW
GetLengthSid
CopySid
LogonUserW
AllocateAndInitializeSid
CheckTokenMembership
RegCreateKeyExW
FreeSid
GetTokenInformation
GetSecurityDescriptorDacl
GetAclInformation
AddAce
SetSecurityDescriptorDacl
GetUserNameW
InitiateSystemShutdownExW

shell32

DragQueryPoint
ShellExecuteExW
DragQueryFileW
SHEmptyRecycleBinW
SHGetPathFromIDListW
SHBrowseForFolderW
SHCreateShellItem
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetFolderPathW
SHFileOperationW
ExtractIconExW
Shell_NotifyIconW
ShellExecuteW
DragFinish

ole32

CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
ProgIDFromCLSID
CLSIDFromProgID
OleSetMenuDescriptor
MkParseDisplayName
OleSetContainedObject
CoCreateInstance
IIDFromString
StringFromGUID2
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoInitialize
CoUninitialize
GetRunningObjectTable
CoGetInstanceFromFile
CoGetObject
CoSetProxyBlanket
CoCreateInstanceEx
CoInitializeSecurity

oleaut32

LoadTypeLibEx
VariantCopyInd
SysReAllocString
SysFreeString
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayAllocData
SafeArrayAllocDescriptorEx
SafeArrayCreateVector
RegisterTypeLi
CreateStdDispatch
DispCallFunc
VariantChangeType
SysStringLen
VariantTimeToSystemTime
VarR8FromDec
SafeArrayGetVartype
VariantCopy
VariantClear
OleLoadPicture
QueryPathOfRegTypeLi
RegisterTypeLibForUser
UnRegisterTypeLibForUser
UnRegisterTypeLi
CreateDispTypeInfo
SysAllocString
VariantInit

Sections

.text
Size: 567KB - Virtual size: 567KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 506KB - Virtual size: 505KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
foo/28408caa2961caecd35c9f8f7c1aecc5
.exe windows:4 windows x86 arch:x86

57e98d9a5a72c8d7ad8fb7a6a58b3daf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableA
CreateFileA
GetFileSize
GetModuleFileNameA
ReadFile
GetCurrentProcess
CopyFileA
Sleep
GetTickCount
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
ExitProcess
SetCurrentDirectoryA
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
GetExitCodeProcess
WaitForSingleObject
CompareFileTime
SetFileAttributesA
GetFileAttributesA
GetShortPathNameA
MoveFileA
GetFullPathNameA
SetFileTime
SearchPathA
CloseHandle
lstrcmpiA
GlobalUnlock
GetDiskFreeSpaceA
lstrcmpA
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
GetPrivateProfileStringA
FindClose
MultiByteToWideChar
FreeLibrary
MulDiv
WritePrivateProfileStringA
LoadLibraryExA
GetModuleHandleA
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA

user32

ScreenToClient
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
PostQuitMessage
GetWindowRect
EnableMenuItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
GetDC
CreateDialogParamA
SetTimer
GetDlgItem
SetWindowLongA
SetForegroundWindow
LoadImageA
IsWindow
SendMessageTimeoutA
FindWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
EndPaint
DestroyWindow
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
SHFileOperationA

advapi32

AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

ebc2d915841be8afc8fa1ee9f6850960

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesA
lstrcpyA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
lstrcmpiA
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
SetCurrentDirectoryA
HeapAlloc

user32

DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
GetPropA
CharPrevA
DrawFocusRect
GetWindowLongA
DrawTextA
GetClientRect
SetWindowLongA
GetDlgItem
GetSysColor
SetWindowPos
CreateDialogParamA
MapDialogRect
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
CharNextA
SendMessageA
MapWindowPoints
RemovePropA
GetWindowTextA

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 628B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/Epizoa
$TEMP/bg6_thumb.png
.png
$TEMP/fughetta.dll
.dll windows:4 windows x86 arch:x86

ff0c6bcb512f72c5a2e444fc91a26088

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

GetKeyboardLayoutList
GetScrollInfo

advapi32

CreateProcessAsUserW

kernel32

VirtualAllocEx
GetFileSize

msvcrt

free
_initterm
malloc
_adjust_fdiv

Exports

Exports

vctoolkit

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 616B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
foo/29682275a385f42634ee312db7f666e4
.dll windows:5 windows x86 arch:x86

91f1ffc997c1750014f8b653347102cb

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ae:6e:12:1d:ae:3f:ec:e1:3c:71:96:7a:b3:21:95:2d
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13-04-2018 00:00

Not After

13-04-2019 23:59

Subject

CN=Genco London Ltd,O=Genco London Ltd,POSTALCODE=NW10 4QJ,STREET=8 Spezia Road,L=London,ST=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

65:b7:d5:a8:74:d3:ed:86:88:e9:6d:09:f7:f9:aa:24:96:b0:3e:33
Signer

Actual PE Digest

65:b7:d5:a8:74:d3:ed:86:88:e9:6d:09:f7:f9:aa:24:96:b0:3e:33

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit
GetErrorInfo
SysFreeString

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegUnLoadKeyW
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegLoadKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
IsValidAcl
InitializeAcl
GetUserNameW
AdjustTokenPrivileges
SetSecurityInfo

user32

CharNextW
LoadStringW
SetClassLongW
GetClassLongW
SetWindowLongW
GetWindowLongW
CreateWindowExW
mouse_event
keybd_event
WindowFromPoint
WaitMessage
VkKeyScanA
VkKeyScanW
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCaret
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetKeyboardState
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetCapture
SetActiveWindow
SendMessageA
SendMessageW
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PostThreadMessageW
PostQuitMessage
PostMessageA
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LoadStringW
LoadKeyboardLayoutW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsIconic
IsDialogMessageA
IsDialogMessageW
IsClipboardFormatAvailable
IsChild
InvalidateRect
InsertMenuItemW
InsertMenuW
InflateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetScrollBarInfo
GetPropW
GetParent
GetWindow
GetMessagePos
GetMessageExtraInfo
GetMessageW
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDlgCtrlID
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameW
GetClassInfoExW
GetClassInfoW
GetCapture
GetAsyncKeyState
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
ExitWindowsEx
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EnumChildWindows
EndPaint
EndMenu
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CreateAcceleratorTableW
CountClipboardFormats
CopyImage
CopyIcon
CloseClipboard
ClientToScreen
CheckMenuItem
CharUpperBuffW
CharUpperW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
AttachThreadInput
AdjustWindowRectEx
ActivateKeyboardLayout
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
DdeCmpStringHandles
DdeFreeStringHandle
DdeQueryStringA
DdeCreateStringHandleA
DdeGetLastError
DdeFreeDataHandle
DdeUnaccessData
DdeAccessData
DdeCreateDataHandle
DdeClientTransaction
DdeNameService
DdePostAdvise
DdeSetUserHandle
DdeQueryConvInfo
DdeDisconnect
DdeConnect
DdeUninitialize
DdeInitializeA
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

kernel32

Sleep
VirtualFree
VirtualAlloc
lstrlenW
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsDBCSLeadByteEx
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetConsoleOutputCP
GetConsoleCP
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwind
RaiseException
ExitProcess
ExitThread
SwitchToThread
GetCurrentThreadId
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
SetFilePointer
SetEndOfFile
ReadFile
GetFileType
GetFileSize
CreateFileW
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
FreeLibrary
WriteFile
WinExec
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
VerSetConditionMask
VerifyVersionInfoW
TryEnterCriticalSection
TerminateProcess
SwitchToThread
SuspendThread
Sleep
SizeofResource
SetThreadPriority
SetThreadLocale
SetProcessWorkingSetSize
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
RemoveDirectoryW
ReadFile
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
IsDebuggerPresent
OpenProcess
MulDiv
LockResource
LocalFree
LoadResource
LoadLibraryW
LeaveCriticalSection
IsValidLocale
InitializeCriticalSection
HeapSize
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GlobalUnlock
GlobalSize
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetVersionExW
GetVersion
GetTimeZoneInformation
GetTickCount
GetThreadPriority
GetThreadLocale
GetTempPathW
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesW
GetExitCodeThread
GetEnvironmentVariableW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetComputerNameW
GetCPInfoExW
GetCPInfo
GetACP
FreeResource
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
FindNextFileW
FindFirstFileW
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExitProcess
EnumSystemLocalesW
EnumResourceNamesW
EnumCalendarInfoW
EnterCriticalSection
DeleteFileW
DeleteCriticalSection
CreateThread
CreateMutexW
CreateFileW
CreateEventW
CompareStringW
CloseHandle
Sleep
VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
GlobalFree
GetProcAddress
LocalAlloc
LocalFree
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

gdi32

UnrealizeObject
StretchDIBits
StretchBlt
StartPage
StartDocW
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetRectRgn
SetROP2
SetPixel
SetEnhMetaFileBits
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SaveDC
RoundRect
RestoreDC
ResizePalette
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
GetSystemPaletteEntries
GetStretchBltMode
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetNearestPaletteIndex
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExtFloodFill
ExcludeClipRect
EnumFontsW
EnumFontFamiliesExW
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateEllipticRgn
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CombineRgn
Chord
BitBlt
ArcTo
Arc
AngleArc
AbortDoc

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

netapi32

NetWkstaGetInfo

ole32

OleUninitialize
OleInitialize
CreateBindCtx
MkParseDisplayName
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CoCreateInstance
CoUninitialize
CoInitialize
IsEqualGUID

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Copy
ImageList_LoadImageW
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_SetOverlayImage
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

msvcrt

memset
memcpy

shell32

ShellExecuteW
Shell_NotifyIconW
SHGetFolderPathW
IsUserAnAdmin

wininet

InternetReadFile
InternetOpenUrlW
InternetOpenW
InternetCloseHandle
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW
FindCloseUrlCache
DeleteUrlCacheEntryW

winspool.drv

OpenPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter
GetDefaultPrinterW

wsock32

WSACleanup
WSAStartup
WSAGetLastError
WSACancelAsyncRequest
WSAAsyncGetServByName
WSAAsyncGetHostByName
WSAAsyncSelect
gethostname
getservbyname
gethostbyname
gethostbyaddr
socket
send
recv
ntohs
listen
ioctlsocket
inet_ntoa
inet_addr
htons
getsockname
getpeername
connect
closesocket
bind

winmm

PlaySoundW

wtsapi32

WTSSendMessageW

Exports

Exports

SHGetFolderPathW
TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

)D@1296F
Size: - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

)\"cjP(H
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

J//"$Fe;
Size: - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CB3.z[k@
Size: - Virtual size: 27KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

dh%&9d!U
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.x7kJ<Et
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

#y7mmps+
Size: - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

w[tR>L]9
Size: - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

$C#b9_]$
Size: - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CVrM[KOB
Size: 8.3MB - Virtual size: 8.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

kg>v7I9x
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
foo/2de7b886ed3bf5455694d76ac69a96a4
.exe windows:5 windows x86 arch:x86

b3db89ce86f70347a4c95fa1444c57d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rsaenh

CPDecrypt
CPCreateHash

kernel32

ExitProcess
CreateEventA
OpenWaitableTimerA
CreateNamedPipeW
CreateFileMappingW
GetProcAddress
OpenFileMappingW
GetLocalTime
MoveFileExW
GetVersionExW
CreateMutexA
LoadLibraryExW
lstrcmp
GetModuleHandleA
GetCommandLineW
WaitForSingleObject

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.kdata
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.udata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rSrC
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
foo/2e00df497f82c0bf215548969fefc18b
.exe windows:5 windows x86 arch:x86

be41bf7b8cc010b614bd36bbca606973

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 772KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 16.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FYboQZPLzv.dll
.dll windows:6 windows x86 arch:x86

820790f8f3c0763a38899003ae1df6ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SizeofResource
FindResourceW
FindResourceExW
GetCommandLineA
RaiseException
MultiByteToWideChar
CreateThread
LockResource
ReadConsoleW
DeleteFileW
FindFirstFileW
CreateFileW
CloseHandle
WriteConsoleW
SetFilePointerEx
LoadResource
WaitForSingleObject
WideCharToMultiByte
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
GetProcAddress
LCMapStringW
SetEvent
Sleep
lstrcmpA
SetFilePointer
GetModuleFileNameW
GetFileSize
ReadFile
GetSystemTimeAsFileTime
GetCurrentThreadId
RtlUnwind
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualQuery
IsDebuggerPresent
IsProcessorFeaturePresent
InterlockedIncrement
InterlockedDecrement
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
ExitProcess
GetModuleHandleExW
AreFileApisANSI
GetStdHandle
WriteFile
GetFileType
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTimeZoneInformation
GetStringTypeW
LoadLibraryExW
OutputDebugStringW
LoadLibraryW
CompareStringW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetEnvironmentVariableA
SetStdHandle
SetEndOfFile

oleaut32

VarBstrCat
SysAllocStringByteLen
SysStringByteLen
SysStringLen
SysFreeString
VariantInit
VariantClear
SysAllocString
VariantCopy
VariantChangeType
VarCmp
SysAllocStringLen

cabinet

ord20
ord23

shlwapi

PathRemoveFileSpecW

Exports

Exports

AnqNW
DfAkFoqeely
DvGxaNyV
XmEJQwtzKk
abFLCVxLxAcZOTPz
boNQjV
hJWpjMqsxigDGfAIOE
kOhHPuYNtODJWbeNhS
kjyoQ
oPKzJVO
pdJUhsQjuvDFHG

Sections

.text
Size: 768KB - Virtual size: 768KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/MeDxGUcTQJ.map
.cab
data0.mdb
foo/2e90a15707ad3eb4cd06bd8a05463922
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
foo/2f215e008c6a7d8886c578e442b8f1b0
.dll windows:5 windows x86 arch:x86

849158f8bf50d28015ffebb1bd966d42

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

FindNextFileA
CreateRemoteThread
OpenProcess
VirtualProtectEx
VirtualAllocEx
WriteProcessMemory
FreeLibrary
VirtualFree
Thread32First
Thread32Next
SetLastError
VirtualAlloc
LoadLibraryA
OpenThread
CreateToolhelp32Snapshot
SuspendThread
ResumeThread
PeekNamedPipe
WaitNamedPipeA
SetNamedPipeHandleState
LocalAlloc
LocalFree
GetComputerNameA
Process32First
TerminateProcess
Process32Next
ProcessIdToSessionId
MoveFileA
FindClose
CopyFileA
FindFirstFileA
FileTimeToSystemTime
GetFileAttributesA
ExpandEnvironmentStringsA
GetLogicalDrives
SystemTimeToTzSpecificLocalTime
GetFullPathNameA
CreateThread
GetVersionExA
GetModuleHandleA
CreateNamedPipeA
GetProcAddress
ReadFile
GetCurrentThread
ConnectNamedPipe
GetCurrentProcess
CloseHandle
GetFileTime
GetCurrentDirectoryA
CreatePipe
GetCurrentDirectoryW
GetLastError
GetStartupInfoA
SetCurrentDirectoryA
FlushFileBuffers
DisconnectNamedPipe
GetEnvironmentVariableA
CreateProcessA
WriteFile
SetFileTime
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
VirtualQuery
GetModuleFileNameW
GetProcessHeap
SetStdHandle
WriteConsoleW
SetEnvironmentVariableW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
HeapSize
DebugBreak
RaiseException
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
WaitForSingleObject
CreateFileA
GetCurrentProcessId
GetLocalTime
Sleep
GetTickCount
FreeEnvironmentStringsA
SetFilePointer
GetFileType
SetHandleCount
HeapFree
HeapAlloc
GetModuleHandleW
ExitProcess
MultiByteToWideChar
DeleteFileA
CreateDirectoryA
RemoveDirectoryA
GetCurrentThreadId
GetCommandLineA
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
WideCharToMultiByte
GetConsoleCP
GetConsoleMode

advapi32

CreateProcessWithLogonW
CloseServiceHandle
DeleteService
CreateServiceA
StartServiceA
CreateProcessWithTokenW
CryptReleaseContext
CryptAcquireContextA
CryptGenRandom
LogonUserA
CheckTokenMembership
FreeSid
RevertToSelf
AllocateAndInitializeSid
DuplicateTokenEx
LookupAccountSidA
GetTokenInformation
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetUserNameA
AdjustTokenPrivileges
ControlService
QueryServiceStatusEx
ImpersonateNamedPipeClient
ImpersonateLoggedOnUser
LookupPrivilegeValueA
OpenThreadToken
OpenProcessToken
OpenServiceA
OpenSCManagerA
QueryServiceStatus
CreateProcessAsUserA

wininet

InternetConnectA
InternetQueryDataAvailable
InternetReadFile
InternetSetOptionA
HttpOpenRequestA
HttpSendRequestA
InternetOpenA
InternetCloseHandle
InternetQueryOptionA
HttpQueryInfoA

ws2_32

ntohs
connect
htons
socket
accept
send
gethostname
inet_ntoa
WSAStartup
WSACleanup
htonl
ntohl
listen
__WSAFDIsSet
bind
recv
shutdown
WSAGetLastError
select
ioctlsocket
inet_addr
closesocket
gethostbyname

dnsapi

DnsFree
DnsQuery_A

iphlpapi

GetIpAddrTable
GetIfEntry

secur32

LsaCallAuthenticationPackage
LsaConnectUntrusted
LsaLookupAuthenticationPackage

Exports

Exports

_ReflectiveLoader@4

Sections

.text
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
foo/30bc06d0add076dd6500fcdfbc12643e
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 320KB - Virtual size: 319KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
foo/312e67dc35992949937d1bad6ba529f3
.exe windows:4 windows x86 arch:x86

eaf4744bb45ae329588bea957bf9d967

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
ord582
__vbaVarSub
__vbaVarTstGt
ord583
__vbaStrI2
_CIcos
_adj_fptan
ord585
__vbaVarMove
__vbaStrI4
ord586
__vbaVarVargNofree
ord587
ord694
__vbaFreeVar
__vbaAryMove
__vbaLateIdCall
__vbaLenBstr
__vbaStrVarMove
__vbaVarIdiv
__vbaFreeVarList
__vbaPut3
__vbaEnd
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaNextEachVar
__vbaRaiseEvent
__vbaFreeObjList
ord516
__vbaStrErrVarCopy
ord517
_adj_fprem1
ord518
__vbaRecAnsiToUni
ord626
ord519
__vbaI2Abs
__vbaResume
__vbaCopyBytes
__vbaForEachCollAd
__vbaStrCat
__vbaError
ord553
__vbaBoolErrVar
__vbaLsetFixstr
__vbaRecDestruct
__vbaSetSystemError
__vbaLenBstrB
__vbaHresultCheckObj
__vbaNameFile
__vbaLenVar
__vbaVargVarCopy
_adj_fdiv_m32
ord666
__vbaAryVar
ord667
Zombie_GetTypeInfo
__vbaAryDestruct
__vbaLateMemSt
ord591
__vbaCyErrVar
ord592
ord593
__vbaExitProc
__vbaBoolStr
ord300
ord594
__vbaStrLike
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
ord304
ord598
ord305
__vbaFpR4
ord306
__vbaStrFixstr
ord520
__vbaForEachCollVar
__vbaStrTextCmp
ord309
__vbaFpR8
__vbaRefVarAry
__vbaBoolVarNull
_CIsin
ord631
__vbaErase
__vbaVarZero
__vbaVarCmpGt
__vbaVargVarMove
ord525
ord632
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
ord528
__vbaGenerateBoundsError
__vbaStrCmp
__vbaGet3
ord529
__vbaAryConstruct2
__vbaVarTstEq
__vbaPutOwner3
__vbaDateR8
ord561
__vbaNextEachCollVar
__vbaI2I4
__vbaObjVar
DllFunctionCall
__vbaVarOr
ord563
__vbaCySub
__vbaFpUI1
__vbaCastObjVar
__vbaStrR4
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaR8Cy
__vbaStrR8
__vbaRedim
__vbaUI1ErrVar
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
ord601
__vbaUI1I2
_CIsqrt
ord310
__vbaVarAnd
__vbaObjIs
ord311
EVENT_SINK_QueryInterface
__vbaStrUI1
__vbaExceptHandler
ord312
ord711
ord313
__vbaStrToUnicode
ord712
__vbaR4ErrVar
ord606
ord713
_adj_fprem
_adj_fdivr_m64
__vbaFailedFriend
ord714
ord607
__vbaR8ErrVar
__vbaI2Str
ord608
ord531
ord716
__vbaFPException
__vbaInStrVar
ord717
ord319
__vbaUbound
__vbaStrVarVal
__vbaGetOwner3
__vbaVarCat
__vbaDateVar
__vbaI2Var
ord537
ord644
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVarLateMemCallLdRf
__vbaR8Str
__vbaNew2
__vbaVar2Vec
ord648
ord570
__vbaInStr
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
ord573
__vbaStrCopy
ord681
__vbaI4Str
__vbaVarCmpLt
__vbaFreeStrList
__vbaVarTextTstGt
ord576
__vbaDerefAry1
_adj_fdivr_m32
__vbaPowerR8
__vbaR8Var
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
ord610
__vbaVarAdd
__vbaAryLock
__vbaLateMemCall
ord320
ord612
__vbaVarDup
__vbaStrToAnsi
ord321
ord614
__vbaFpI2
__vbaVarLateMemCallLd
ord616
__vbaVarCopy
__vbaFpI4
__vbaLateMemCallLd
__vbaVarSetObjAddref
ord617
_CIatan
__vbaUI1Str
__vbaI2ErrVar
__vbaStrMove
__vbaAryCopy
__vbaCastObj
ord619
__vbaR8IntI4
__vbaStrVarCopy
__vbaForEachVar
ord542
_allmul
__vbaVarLateMemCallSt
__vbaLateIdSt
__vbaLenVarB
ord545
_CItan
__vbaNextEachCollAd
ord546
__vbaFPInt
__vbaAryUnlock
_CIexp
__vbaMidStmtBstr
__vbaRecAssign
__vbaI4ErrVar
__vbaFreeStr
__vbaFreeObj
ord580
ord581

Sections

.text
Size: 436KB - Virtual size: 432KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
foo/383497fda5ca670a06dc688443c2011b
.exe windows:5 windows x86 arch:x86

86ea836eef69a7ca14fafcce9a9f61b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
FindActCtxSectionStringW
SetVolumeMountPointW
VirtualProtect
LocalAlloc
FindAtomA
LoadLibraryW
GetQueuedCompletionStatus
DeleteAtom
GetCPInfoExA
lstrlenW
ReadFile
GetProcessHeap
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetCommandLineA
GetStartupInfoA
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetHandleCount
GetStdHandle
GetFileType
GetProcAddress
GetModuleHandleA
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapAlloc
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetFilePointer
SetStdHandle
InitializeCriticalSectionAndSpinCount
CloseHandle
CreateFileA
LoadLibraryA
GetLocaleInfoW
SetEndOfFile

user32

DdeClientTransaction

ole32

CoGetCurrentProcess

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 31.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 452KB - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
foo/39555eb0403a69906729713ad20888ec
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 499KB - Virtual size: 498KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
foo/39e5310f67f0b1bf98604a2e0edb9204
.exe windows:4 windows x86 arch:x86

67f3f69d3918540d5a1b4d753aece545

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarSub
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaEnd
__vbaPut3
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaNextEachVar
__vbaRaiseEvent
__vbaFreeObjList
ord516
__vbaVarIndexLoadRef
_adj_fprem1
__vbaRecAnsiToUni
ord626
__vbaI2Abs
__vbaResume
__vbaForEachCollAd
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
ord666
ord667
Zombie_GetTypeInfo
__vbaAryDestruct
__vbaLateMemSt
__vbaExitProc
__vbaBoolStr
__vbaOnError
ord595
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
__vbaStrFixstr
ord520
__vbaBoolVarNull
_CIsin
ord709
ord525
__vbaVarZero
ord632
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaGet3
__vbaStrCmp
__vbaAryConstruct2
__vbaPutOwner3
ord561
__vbaObjVar
__vbaI2I4
DllFunctionCall
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaFixstrConstruct
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
__vbaUI1I2
_CIsqrt
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaUI1I4
ord710
__vbaExceptHandler
ord711
ord712
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
ord607
ord608
ord531
ord716
__vbaFPException
ord717
__vbaInStrVar
ord319
__vbaUbound
__vbaStrVarVal
__vbaVarCat
ord644
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord570
__vbaVarLateMemCallLdRf
__vbaVar2Vec
__vbaR8Str
__vbaInStr
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord681
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord578
ord100
ord579
__vbaI4Var
ord610
__vbaLateMemCall
__vbaVarAdd
__vbaAryLock
ord320
ord612
__vbaVarDup
__vbaStrToAnsi
ord321
__vbaVarCopy
__vbaVarTstGe
ord616
__vbaFpI4
__vbaVarLateMemCallLd
ord617
__vbaLateMemCallLd
_CIatan
ord618
__vbaUI1Str
__vbaCastObj
__vbaStrMove
__vbaAryCopy
__vbaForEachVar
_allmul
__vbaVarLateMemCallSt
_CItan
__vbaNextEachCollAd
__vbaAryUnlock
_CIexp
__vbaMidStmtBstr
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
foo/3aba72d1f87f4372162972b6a45ed8cd
.exe windows:5 windows x86 arch:x86

adc09d20b6533ea7dd915203eada623b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
GetSystemDirectoryA
CreateThread
GetWindowsDirectoryA
CreateDirectoryA
ReadFile
WriteFile
SetFilePointer
CreateMutexA
ReleaseMutex
CreateFileA
DeleteFileA
CloseHandle
GetStartupInfoA
CreateProcessA
OutputDebugStringA
GetLocalTime
VirtualFree
VirtualAlloc
InitializeCriticalSection
DeleteCriticalSection
LocalAlloc
LocalFree
ExitProcess
GetTickCount
SetUnhandledExceptionFilter
HeapFree
HeapAlloc
GetProcessHeap
InterlockedDecrement
InterlockedIncrement
SetFileTime
GetCurrentDirectoryA
LocalFileTimeToFileTime
GetFileAttributesA
Sleep
UnmapViewOfFile
WaitForSingleObject
LeaveCriticalSection
CreateFileW
WriteConsoleW
SetFilePointerEx
HeapSize
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetStdHandle
FindNextFileA
FindFirstFileExA
FindClose
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFileType
GetACP
SystemTimeToFileTime
EnterCriticalSection
TryEnterCriticalSection
GetCurrentThreadId
WideCharToMultiByte
QueryPerformanceCounter
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
EncodePointer
DecodePointer
MultiByteToWideChar
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCurrentThread
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualProtect
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
LoadLibraryW
RaiseException
RtlUnwind
HeapReAlloc
GetModuleHandleExW
GetStdHandle
GetModuleFileNameA
GetCommandLineA
GetCommandLineW

user32

wsprintfA

ws2_32

accept
bind
WSAIoctl
__WSAFDIsSet
gethostbyname
select
listen
WSAStartup
send
socket
connect
recv
htonl
htons
setsockopt
gethostname
inet_addr
closesocket

wininet

HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetReadFile
InternetOpenA
InternetCloseHandle

iphlpapi

GetTcpTable

advapi32

SystemFunction036

Sections

.text
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
foo/406c9b9529109f835fe7292e6cf3fefe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 223KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 240KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
foo/457cfd3e7a53e7500f8206b3ea300aca
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
lstrcpynA
lstrlenA
lstrcatA
GlobalAlloc
GlobalFree
CloseHandle
GetTickCount
DeleteFileA
Sleep
WriteFile
CreateFileA
lstrcmpiA
lstrcpyA
MulDiv
CreateThread

user32

CharPrevA
SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExA
SetWindowTextA
SendMessageA
wsprintfA
SetDlgItemTextA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

gethostbyname
inet_addr
ioctlsocket
htons
socket
closesocket
shutdown
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup

Exports

Exports

download
download_quiet

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/$SYSDIR/$_14_.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
lstrcpynA
lstrlenA
lstrcatA
GlobalAlloc
GlobalFree
CloseHandle
GetTickCount
DeleteFileA
Sleep
WriteFile
CreateFileA
lstrcmpiA
lstrcpyA
MulDiv
CreateThread

user32

CharPrevA
SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExA
SetWindowTextA
SendMessageA
wsprintfA
SetDlgItemTextA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

gethostbyname
inet_addr
ioctlsocket
htons
socket
closesocket
shutdown
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup

Exports

Exports

download
download_quiet

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Processes.dll
.dll windows:4 windows x86 arch:x86

f5edecae12589e705677a6e272ad0394

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
FreeLibrary
OpenProcess
CloseHandle
TerminateProcess
GlobalFree
lstrcpyA
GetCommandLineA
GetVersionExA
ExitProcess
GetModuleHandleA
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
UnhandledExceptionFilter
DisableThreadLibraryCalls
WriteFile
SetFilePointer
HeapAlloc
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
RtlUnwind
InterlockedExchange
VirtualQuery
SetStdHandle
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
GetLocaleInfoA
VirtualProtect
GetSystemInfo

user32

FindWindowA
GetDesktopWindow
wsprintfA
UpdateWindow

Exports

Exports

FindDevice
FindProcess
KillProcess

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/validate.ini
$SYSDIR/$SYSDIR/$_8_.dll
.dll regsvr32 windows:5 windows x86 arch:x86

03eec74798f6074e060bab11162e9d33

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rpcrt4

UuidToStringW
RpcStringFreeW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

shlwapi

StrCmpIW
StrStrIW
PathStripPathW
UrlEscapeW
SHDeleteKeyW

kernel32

ExitThread
WaitForSingleObject
CreateThread
Sleep
GetModuleFileNameW
OpenMutexW
GetSystemTime
CreateEventW
OpenProcess
CreateMutexW
GetLastError
InterlockedIncrement
InterlockedDecrement
lstrcmpW
GetTickCount
SystemTimeToFileTime
GetLocalTime
LocalFree
LoadLibraryA
FreeLibrary
ExpandEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetTempFileNameW
GetEnvironmentVariableW
LocalAlloc
VirtualQuery
GetVolumeInformationW
LoadLibraryW
GetSystemInfo
GetStringTypeW
GetStringTypeA
LCMapStringA
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
SetFilePointer
HeapReAlloc
VirtualAlloc
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
HeapDestroy
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetProcAddress
CreateProcessW
CloseHandle
SetEvent
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
lstrlenW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
GetWindowsDirectoryW
GetFileType
SetHandleCount
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
HeapSize
GetModuleHandleA
SetLastError
TlsFree
TlsSetValue
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
GetCurrentThreadId
GetCommandLineA
HeapFree
HeapAlloc
GetModuleHandleW
TlsGetValue
TlsAlloc

user32

GetWindowTextW
EnumChildWindows
RealGetWindowClassW
CallWindowProcW
SetWindowLongW
GetWindowThreadProcessId
SetActiveWindow
SendMessageW
GetPropW
RemovePropW
SetWindowTextW
SetPropW
IntersectRect
InflateRect
ClientToScreen
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
DispatchMessageW
GetClassNameW
PostMessageW
OffsetRect

advapi32

CryptCreateHash
CryptGetHashParam
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityInfo
CryptGenRandom
CryptAcquireContextW
CryptHashData
CryptDestroyHash
CryptReleaseContext
RegQueryValueExW
RegCreateKeyW
RegCreateKeyExW
RegSetValueW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegCloseKey

ole32

CoInitializeEx
CoCreateInstance
CoTaskMemFree
CoUninitialize

oleaut32

VariantCopy
SafeArrayCreateVector
SafeArrayPutElement
SafeArrayDestroy
SysAllocString
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysFreeString
SysStringLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
foo/4761e4b165f62d326b9032d96329e460
.exe windows:6 windows x86 arch:x86

b433140b84917730a1d440049cbf1d82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileW
GetComputerNameExW
SetConsoleScreenBufferSize
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
FindResourceA
ReadConsoleW
WriteConsoleW
SetStdHandle
OutputDebugStringW
GetTimeZoneInformation
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameA
GetFileType
GetOEMCP
IsValidCodePage
GetACP
IsDebuggerPresent
HeapSize
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
IsProcessorFeaturePresent
GetModuleHandleW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetCommandLineA
LoadLibraryExW
ExitThread
CreateThread
HeapFree
RtlUnwind
RaiseException
CreateFileA
GetDiskFreeSpaceW
LoadLibraryW
GetFullPathNameW
GetFullPathNameA
FormatMessageA
LockFileEx
GetSystemTime
GetTickCount
QueryPerformanceCounter
LoadLibraryA
DeleteFileA
GetFileAttributesA
LockFile
UnlockFile
CreateEventA
lstrlenA
lstrcpyA
WriteFile
LoadResource
SetLastError
GetLastError
GetCurrentProcessId
GetProcessHeap
HeapAlloc
VirtualAlloc
GlobalFree
GetProcAddress
FreeLibrary
LockResource
OutputDebugStringA
CloseHandle
GetFileSize
FlushFileBuffers
WaitForSingleObject
ResetEvent
AreFileApisANSI
InterlockedCompareExchange
InitializeCriticalSection
GetStringTypeW
MultiByteToWideChar
DecodePointer
EncodePointer
GetTempFileNameA
GetTempPathA
GetVersionExA
SetEnvironmentVariableA
SetFilePointer
SetEndOfFile
GetFileAttributesW
DeleteFileW
InterlockedDecrement
FormatMessageW
LocalFree
WideCharToMultiByte
GetTempPathW
GetStartupInfoA
GetModuleHandleA
lstrcmpiA
lstrcmpA
Sleep
GetDiskFreeSpaceA
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
GetSystemTimeAsFileTime
GetStdHandle
GetCurrentProcess
TerminateProcess
GetStartupInfoW
SetEvent
GetCurrentThreadId
SetThreadPriority
GetExitCodeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreateEventW
ReadFile

user32

CreateWindowExA
DestroyWindow
ShowWindow
IsWindowVisible
DialogBoxParamA
EndDialog
SetFocus
LoadAcceleratorsA
RegisterClassExA
PostQuitMessage
BeginPaint
EndPaint
GetWindowTextA
GetClientRect
GetWindowRect
MessageBoxA
EnumChildWindows
FindWindowA
EnumWindows
LoadCursorA
LoadIconA
DefWindowProcA
UpdateWindow
TranslateMessage
DispatchMessageA
SendMessageA
GetMessageA
TranslateAcceleratorA
MapWindowPoints
LoadStringA
wsprintfA
GetCursorInfo
LookupIconIdFromDirectory
LoadBitmapA
GetWindowThreadProcessId
FindWindowExA
GetParent
GetDesktopWindow
GetSysColor
wsprintfW
ClientToScreen
GetCursorPos
SetCursor
GetWindowTextLengthA
SetWindowTextA
InvalidateRect
GetWindowDC
GetDC
SetForegroundWindow
DrawTextA
TrackPopupMenu
AppendMenuA
CreateMenu
LoadMenuA
CreateAcceleratorTableA
SetTimer
GetDlgItem
SetLayeredWindowAttributes
CallWindowProcA
PostMessageA

gdi32

GetTextMetricsW
SetTextColor
SetTextCharacterExtra
SetBkMode
SelectPalette
SelectObject
RealizePalette
GetDeviceCaps
ExcludeClipRect
DeleteObject
CreatePalette
CreateFontW
CreateFontA
CreateFontIndirectA
CreateCompatibleDC
BitBlt

winspool.drv

ConnectToPrinterDlg

advapi32

ImpersonateLoggedOnUser

shell32

SHGetPathFromIDListA
SHBrowseForFolderA

ole32

CreatePointerMoniker
CoTaskMemFree

odbc32

ord41

comctl32

ImageList_GetIconSize

ws2_32

WSAStartup
WSACleanup
accept
bind
closesocket
htons
listen
recv
shutdown
socket
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSASetEvent
WSAWaitForMultipleEvents
__WSAFDIsSet
connect
ioctlsocket
inet_addr
select
WSAGetLastError
send

shlwapi

PathFindExtensionW
PathCombineW
ColorRGBToHLS
PathFindFileNameW

msimg32

TransparentBlt

avifil32

AVIStreamWrite

pdh

PdhCollectQueryData

dhcpsapi

DhcpEnumSubnets
DhcpRpcFreeMemory
DhcpGetSubnetInfo

Exports

Exports

Pi

Sections

.text
Size: 419KB - Virtual size: 418KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 270KB - Virtual size: 269KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
foo/487f1b1f30212eaa9104c084a667f104
.exe windows:5 windows x86 arch:x86

32f3282581436269b3a75b6675fe3e08

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/Твои раскраски/tmp/downloader.exe
.exe windows:5 windows x86 arch:x86

a05d88650e5594db2afe874ec2674b55

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

13-04-2019 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:0f:f6:46:2b:63:d5:5a:fb:aa:81:f9:c7:34:a7:aa:94
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

25-09-2015 10:44

Not After

25-09-2017 10:44

Subject

CN=YANDEX LLC,O=YANDEX LLC,L=Moscow,ST=Moscow,C=RU,1.2.840.113549.1.9.1=#0c12706b694079616e6465782d7465616d2e7275

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

02-08-2019 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:b9:06:4e:5f:57:13:dc:c7:34:91:3c:8d:e9:3b:98:fc
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

10-11-2015 15:46

Not After

10-11-2017 15:46

Subject

CN=YANDEX LLC,OU=YANDEX LLC,O=YANDEX LLC,L=Moscow,ST=Moscow,C=RU,1.2.840.113549.1.9.1=#0c12706b694079616e6465782d7465616d2e7275

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:ed:90:18:ca:a9:27:b7:62:6c:52:6b:90:6d:93:f5:67
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ec:f2:44:e1:a0:43:09:79:2d:1f:b6:20:46:f3:44:4c:79:41:38:a3:3c:ca:39:0a:2f:8b:d1:3e:d7:56:69:cc
Signer

Actual PE Digest

ec:f2:44:e1:a0:43:09:79:2d:1f:b6:20:46:f3:44:4c:79:41:38:a3:3c:ca:39:0a:2f:8b:d1:3e:d7:56:69:cc

Digest Algorithm

sha256

PE Digest Matches

true

98:46:38:18:c7:2d:b7:b3:d6:ae:48:04:ad:a5:bb:3e:6b:90:1e:0e
Signer

Actual PE Digest

98:46:38:18:c7:2d:b7:b3:d6:ae:48:04:ad:a5:bb:3e:6b:90:1e:0e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BuildAgent\work\a197c1fa8a223363\downloader\Release\downloader.pdb

Imports

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

secur32

LsaFreeReturnBuffer
LsaGetLogonSessionData
LsaEnumerateLogonSessions

kernel32

GetCurrentProcess
SetHandleInformation
WaitForSingleObject
Sleep
GetVersionExW
GetExitCodeProcess
GetLastError
CloseHandle
GetCurrentProcessId
HeapAlloc
HeapFree
InterlockedDecrement
GetProcessHeap
WideCharToMultiByte
GetModuleFileNameW
MultiByteToWideChar
DuplicateHandle
WriteConsoleW
SetFilePointerEx
SetStdHandle
CreateProcessW
GetCommandLineW
CreateFileW
HeapReAlloc
GetConsoleMode
HeapSize
OutputDebugStringW
CompareStringW
LoadLibraryExW
SetEnvironmentVariableW
GetStringTypeW
GetConsoleCP
SetEndOfFile
ReadConsoleW
ReadFile
SetLastError
WriteFile
FlushFileBuffers
GetProcAddress
GetModuleHandleExW
ExitProcess
FreeEnvironmentStringsW
LCMapStringW
QueryPerformanceCounter
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetEnvironmentStringsW
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentThreadId
lstrlenA
LocalFree
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW

user32

CharLowerW
wsprintfW

advapi32

ConvertSidToStringSidW
GetLengthSid
LsaNtStatusToWinError
RegOpenKeyExW
RegQueryValueExW
CopySid
GetTokenInformation
OpenProcessToken
RegCloseKey

shell32

ShellExecuteExW
SHCreateDirectoryExW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
OleRun

oleaut32

SysFreeString
VariantInit
VariantClear
GetErrorInfo
SysAllocString

urlmon

URLOpenBlockingStreamW

wintrust

WinVerifyTrust

ws2_32

send
freeaddrinfo
socket
WSACleanup
shutdown
htons
WSAGetLastError
getaddrinfo
htonl
WSAStartup
connect
closesocket
recv

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Sections

.text
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ElevatePrivileges.dll
.dll windows:5 windows x86 arch:x86

47fda6a58e505d04d9a4fa8b292bae67

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\projects\projects-git\su-pro\installer-scripts\NSIS\plugins\ElevatePrivileges\Release\ElevatePrivileges.pdb

Imports

kernel32

InterlockedDecrement
GlobalFree
lstrcpyW
lstrcpynW
GlobalAlloc
WideCharToMultiByte
MultiByteToWideChar
LocalFree
CreateFileW
SetStdHandle
WriteConsoleW
CloseHandle
SetFilePointer
GetCurrentThreadId
DecodePointer
GetCommandLineA
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
GetLastError
HeapFree
IsProcessorFeaturePresent
EncodePointer
EnterCriticalSection
LeaveCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetProcAddress
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
GetModuleFileNameW
RtlUnwind
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
LoadLibraryW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringW
GetStringTypeW

user32

wsprintfW

ole32

CoCreateInstance

oleaut32

SysFreeString
SysStringByteLen
VariantInit
SysAllocStringByteLen
VariantClear
SysAllocString

Exports

Exports

createUACDisablingTask
removeUACDisablingTask

Sections

.text
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Fusion.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

Bibic
Bidotalo
Bikubudapis
Biporofi
Bunocuda
Cigidahomahu
Codek
Cuhufakimebic
Dahefabakon
Damek
Damema
Darocusol
Dematatanocen
Dohunapacak
Faces
Fisidenetecef
Hihanagolopa
Kegada
Komumu
Kubopas
Luseresofik
Malose
Manokolecuhac
Mimud
Noselebehin
Pedocecub
Pugesudol
Sedofobid
Sufupobo
Tibarad
Topetalalu
Topopadolu

Sections

CODE
Size: 1004KB - Virtual size: 1004KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 685B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:5 windows x86 arch:x86

cd90e33ffbc335413a25300c682c83df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiW
GetModuleHandleW
GlobalLock
GlobalUnlock
GetCurrentDirectoryW
SetCurrentDirectoryW
GetPrivateProfileIntW
GetPrivateProfileStringW
lstrcatW
WritePrivateProfileStringW
lstrcpynW
lstrlenW
lstrcpyW
GlobalFree
GlobalAlloc

user32

OpenClipboard
DestroyIcon
LoadCursorW
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
SetWindowLongW
GetClientRect
SetWindowRgn
LoadIconW
LoadImageW
CreateWindowExW
MapDialogRect
GetClipboardData
GetWindowRect
CreateDialogParamW
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
SetCursor
DrawTextW
GetWindowLongW
DrawFocusRect
CallWindowProcW
PostMessageW
wsprintfW
CharNextW
MessageBoxW
CloseClipboard
GetDlgCtrlID
MapWindowPoints
SetWindowPos
PtInRect
GetWindowTextW
SetWindowTextW
SendMessageW
DestroyWindow

gdi32

SelectObject
CreateRectRgn
GetObjectW
CombineRgn
DeleteObject
CreateCompatibleDC
GetDIBits
SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
SHGetDesktopFolder

comdlg32

GetOpenFileNameW
CommDlgExtendedError
GetSaveFileNameW

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:5 windows x86 arch:x86

e981c0ab92cb1f191bb5e23392e14796

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrlenW
GlobalAlloc
lstrcmpW
GetModuleHandleW
MulDiv
lstrcpyW
lstrcpynW

user32

SetWindowTextW
SetDlgItemTextW
EndDialog
SendDlgItemMessageW
DialogBoxParamW
LoadIconW
SendMessageW
ShowWindow
GetDC

gdi32

CreateFontIndirectW
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 729B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 350B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Math.dll
.dll windows:5 windows x86 arch:x86

9e076237451e90f00c0ff9eb96ba6514

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyW
lstrcmpW
GlobalFree
lstrlenW
lstrcatW
GlobalAlloc
lstrcpynW
WideCharToMultiByte
MultiByteToWideChar
CloseHandle
CreateFileW
GetCurrentThreadId
DecodePointer
GetCommandLineA
IsProcessorFeaturePresent
EncodePointer
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
GetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
InterlockedDecrement
GetProcAddress
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LeaveCriticalSection
EnterCriticalSection
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
HeapAlloc
HeapReAlloc
LoadLibraryW
GetModuleFileNameW
RtlUnwind
LCMapStringW
GetStringTypeW
SetStdHandle
WriteConsoleW
HeapSize
FlushFileBuffers

Exports

Exports

Script

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Registry.dll
.dll windows:5 windows x86 arch:x86

0c4ab0a88a7d1d5d2bec9bf180354b2f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Projects-Git\CrashRptSaved\dupdater-2.0.0.4703\installer-scripts\NSIS\bin\Release\Registry.pdb

Imports

kernel32

MultiByteToWideChar
GlobalAlloc
lstrcpynW
lstrcpyW
WideCharToMultiByte
GlobalFree
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
GetCurrentThreadId
GetCommandLineA
GetCPInfo
RaiseException
RtlUnwind
HeapAlloc
LCMapStringW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
HeapDestroy
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetProcAddress
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoW
WriteFile
GetModuleFileNameW
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapReAlloc
LoadLibraryW

user32

wsprintfW

advapi32

RegCloseKey
RegOpenKeyExW
RegSetValueExW

Exports

Exports

readListItem
writeInt4ToRegistry

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SaveInExe.dll
.dll windows:5 windows x86 arch:x86

b8998bc7a2067cbf38d42e3697f68613

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\Projects\FontManager\installer-scripts\NSIS\plugins\AppendDataToCertificateTable\Release\SaveInExe.pdb

Imports

kernel32

GetModuleFileNameA
GlobalFree
lstrcpyW
lstrcpynW
GlobalAlloc
WideCharToMultiByte
MultiByteToWideChar
SetEndOfFile
CreateFileW
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
HeapAlloc
LCMapStringW
GetCPInfo
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
IsProcessorFeaturePresent
HeapCreate
HeapDestroy
GetProcAddress
GetModuleHandleW
ExitProcess
ReadFile
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CloseHandle
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameW
GetLocaleInfoW
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
HeapReAlloc
LoadLibraryW
SetStdHandle
WriteConsoleW
CreateFileA
GetProcessHeap

Exports

Exports

LoadStringFromSetup

Sections

.text
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/avast_translate.ini
$PLUGINSDIR/base-translate.ini
$PLUGINSDIR/execDos.dll
.dll windows:5 windows x86 arch:x86

a5d239ed12c9442d63c73cb9ff7cad0e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
Sleep
lstrcatW
lstrcmpiW
TerminateProcess
ReadFile
GetExitCodeProcess
PeekNamedPipe
CreateFileW
FlushFileBuffers
WriteFile
lstrlenW
CloseHandle
CreateProcessW
DuplicateHandle
GetCurrentProcess
CreatePipe
GetProcAddress
GetModuleHandleW
GlobalAlloc
GetExitCodeThread
WaitForSingleObject
CreateThread
lstrcpyW
lstrcpynW

user32

wsprintfW
GetClassNameW
GetDlgItem
FindWindowExW
SendMessageW

Exports

Exports

exec
isdone
wait

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 334B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/inetc.dll
.dll windows:5 windows x86 arch:x86

d1c28c04ae5df0dc0a9e31fb9c5cd043

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcr100

_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
_crt_debugger_hook
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
free
_malloc_crt
wcslen
??2@YAPAXI@Z
strlen
wcstoul
wcstol
strchr
memset
wcsstr
wcsrchr
wcschr
strrchr
_except_handler4_common

wininet

InternetReadFile
InternetWriteFile
HttpSendRequestW
HttpSendRequestExW
HttpQueryInfoW
FtpCreateDirectoryW
FtpOpenFileW
InternetGetLastResponseInfoW
InternetSetFilePointer
InternetSetOptionW
InternetQueryOptionW
HttpAddRequestHeadersA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestW
HttpAddRequestHeadersW
HttpEndRequestW
InternetConnectW
InternetCrackUrlW
InternetOpenW
InternetOpenUrlA
InternetOpenA

comctl32

ord17

kernel32

CreateFileW
GetFileSize
lstrcatW
GetTickCount
SleepEx
CloseHandle
DeleteFileW
lstrcmpiW
lstrcmpW
ReadFile
WriteFile
lstrlenW
GlobalAlloc
lstrcpynW
lstrcpyW
GlobalFree
GetLastError
SetFilePointer
LoadLibraryW
MulDiv
GetModuleHandleW
TerminateThread
WaitForSingleObject
CreateThread
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
WideCharToMultiByte
CreateFileA
GetProcAddress

user32

SetWindowLongW
wsprintfA
FindWindowExW
CreateDialogParamW
EnableWindow
IsWindowVisible
IsDialogMessageW
GetMessageW
TranslateMessage
DispatchMessageW
RedrawWindow
KillTimer
DestroyWindow
UpdateWindow
LoadIconW
SetTimer
GetWindowRect
GetClientRect
SystemParametersInfoW
SetWindowPos
SetDlgItemTextW
SendMessageW
GetWindowTextW
wsprintfW
IsWindow
MessageBoxW
GetParent
ShowWindow
GetWindowLongW
SetWindowTextW
SendDlgItemMessageW
GetDlgItem
PostMessageW

Exports

Exports

get
head
post
put
simpleHttpRequest

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/installer-translate.ini
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:5 windows x86 arch:x86

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
MulDiv
lstrlenW
HeapFree
GetProcessHeap
lstrcmpiW
HeapReAlloc
lstrcpynW
GetFileAttributesW
lstrcpyW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapAlloc
GlobalFree

user32

LoadCursorW
RemovePropW
DrawFocusRect
GetPropW
DrawTextW
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetCursor
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
GetClientRect
CharPrevW
CallWindowProcW
SetPropW
DestroyWindow
MapDialogRect
CharNextW
SendMessageW
GetWindowLongW

gdi32

SetTextColor

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsProcess.dll
.dll windows:5 windows x86 arch:x86

439074d1c01f7b16781bdf060930814a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
TerminateProcess
WaitForSingleObject
GetExitCodeProcess
OpenProcess
MultiByteToWideChar
lstrlenA
lstrlenW
LoadLibraryA
lstrcmpiW
lstrcpynW
FreeLibrary
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryW
GetVersionExW
GlobalFree
GlobalAlloc

user32

GetWindowThreadProcessId
EnumWindows
wsprintfW
PostMessageW

Exports

Exports

_CloseProcess
_FindProcess
_KillProcess
_Unload

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 927B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 254B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/opera_translate.ini
$PLUGINSDIR/yandex_translate.ini
$TEMP/downloader.exe
.exe windows:5 windows x86 arch:x86

a05d88650e5594db2afe874ec2674b55

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

13-04-2019 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:0f:f6:46:2b:63:d5:5a:fb:aa:81:f9:c7:34:a7:aa:94
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

25-09-2015 10:44

Not After

25-09-2017 10:44

Subject

CN=YANDEX LLC,O=YANDEX LLC,L=Moscow,ST=Moscow,C=RU,1.2.840.113549.1.9.1=#0c12706b694079616e6465782d7465616d2e7275

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

02-08-2019 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:b9:06:4e:5f:57:13:dc:c7:34:91:3c:8d:e9:3b:98:fc
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

10-11-2015 15:46

Not After

10-11-2017 15:46

Subject

CN=YANDEX LLC,OU=YANDEX LLC,O=YANDEX LLC,L=Moscow,ST=Moscow,C=RU,1.2.840.113549.1.9.1=#0c12706b694079616e6465782d7465616d2e7275

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:ed:90:18:ca:a9:27:b7:62:6c:52:6b:90:6d:93:f5:67
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ec:f2:44:e1:a0:43:09:79:2d:1f:b6:20:46:f3:44:4c:79:41:38:a3:3c:ca:39:0a:2f:8b:d1:3e:d7:56:69:cc
Signer

Actual PE Digest

ec:f2:44:e1:a0:43:09:79:2d:1f:b6:20:46:f3:44:4c:79:41:38:a3:3c:ca:39:0a:2f:8b:d1:3e:d7:56:69:cc

Digest Algorithm

sha256

PE Digest Matches

true

98:46:38:18:c7:2d:b7:b3:d6:ae:48:04:ad:a5:bb:3e:6b:90:1e:0e
Signer

Actual PE Digest

98:46:38:18:c7:2d:b7:b3:d6:ae:48:04:ad:a5:bb:3e:6b:90:1e:0e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BuildAgent\work\a197c1fa8a223363\downloader\Release\downloader.pdb

Imports

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

secur32

LsaFreeReturnBuffer
LsaGetLogonSessionData
LsaEnumerateLogonSessions

kernel32

GetCurrentProcess
SetHandleInformation
WaitForSingleObject
Sleep
GetVersionExW
GetExitCodeProcess
GetLastError
CloseHandle
GetCurrentProcessId
HeapAlloc
HeapFree
InterlockedDecrement
GetProcessHeap
WideCharToMultiByte
GetModuleFileNameW
MultiByteToWideChar
DuplicateHandle
WriteConsoleW
SetFilePointerEx
SetStdHandle
CreateProcessW
GetCommandLineW
CreateFileW
HeapReAlloc
GetConsoleMode
HeapSize
OutputDebugStringW
CompareStringW
LoadLibraryExW
SetEnvironmentVariableW
GetStringTypeW
GetConsoleCP
SetEndOfFile
ReadConsoleW
ReadFile
SetLastError
WriteFile
FlushFileBuffers
GetProcAddress
GetModuleHandleExW
ExitProcess
FreeEnvironmentStringsW
LCMapStringW
QueryPerformanceCounter
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetEnvironmentStringsW
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentThreadId
lstrlenA
LocalFree
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW

user32

CharLowerW
wsprintfW

advapi32

ConvertSidToStringSidW
GetLengthSid
LsaNtStatusToWinError
RegOpenKeyExW
RegQueryValueExW
CopySid
GetTokenInformation
OpenProcessToken
RegCloseKey

shell32

ShellExecuteExW
SHCreateDirectoryExW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
OleRun

oleaut32

SysFreeString
VariantInit
VariantClear
GetErrorInfo
SysAllocString

urlmon

URLOpenBlockingStreamW

wintrust

WinVerifyTrust

ws2_32

send
freeaddrinfo
socket
WSACleanup
shutdown
htons
WSAGetLastError
getaddrinfo
htonl
WSAStartup
connect
closesocket
recv

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Sections

.text
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/list-bullet.bmp
$TEMP/opera-image.bmp
TvoiRaskraski.exe
.exe windows:5 windows x64 arch:x64

303d9e34c98a2e7aef2219549e157c1b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

57:f3:d6:07:da:77:27:b5:86:cd:4a:fc:0d:5d:8d:37
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

26-08-2016 00:00

Not After

26-08-2019 23:59

Subject

CN=ROSTPEI LTD,O=ROSTPEI LTD,POSTALCODE=344011,STREET=str. Dolomanovsky\, 70D\, office 1001,L=Rostov-on-Don,ST=Rostov region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b2:7f:11:8a:cf:36:a6:0d:40:8f:1b:1b:a0:3b:e1:e1:8a:80:e0:f6
Signer

Actual PE Digest

b2:7f:11:8a:cf:36:a6:0d:40:8f:1b:1b:a0:3b:e1:e1:8a:80:e0:f6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayRedim
SafeArrayCreate
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
VariantInit
GetErrorInfo
SysFreeString

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegUnLoadKeyW
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegLoadKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey

user32

CharNextW
LoadStringW
SetClassLongPtrW
GetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
CreateWindowExW
WindowFromPoint
WaitMessage
ValidateRect
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
ToUnicode
TabbedTextOutW
SystemParametersInfoW
SubtractRect
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCaret
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRectEmpty
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetCapture
SetActiveWindow
SendNotifyMessageW
SendMessageA
SendMessageW
ScrollWindowEx
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PtInRect
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
OffsetRect
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MoveWindow
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LoadStringW
LoadKeyboardLayoutW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageA
IsDialogMessageW
IsClipboardFormatAvailable
IsChild
InvalidateRgn
InvalidateRect
IntersectRect
InsertMenuItemW
InsertMenuW
InflateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextW
GetWindowRgn
GetWindowRect
GetWindowPlacement
GetWindowDC
GetUpdateRgn
GetTopWindow
GetTabbedTextExtentW
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetScrollBarInfo
GetPropW
GetParent
GetWindow
GetMessageTime
GetMessagePos
GetMessageExtraInfo
GetMessageW
GetMenuStringW
GetMenuState
GetMenuItemRect
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDoubleClickTime
GetDlgItem
GetDlgCtrlID
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetComboBoxInfo
GetClipboardData
GetClientRect
GetClassNameW
GetClassInfoExW
GetClassInfoW
GetCaretPos
GetCapture
GetAsyncKeyState
GetAncestor
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EnumChildWindows
EndPaint
EndMenu
EndDeferWindowPos
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DeferWindowPos
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIconIndirect
CreateIcon
CreateAcceleratorTableW
CountClipboardFormats
CopyImage
CopyIcon
CloseClipboard
ClientToScreen
ChildWindowFromPointEx
CheckMenuItem
CharUpperBuffW
CharUpperW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
BeginDeferWindowPos
CharUpperBuffA
AdjustWindowRectEx
ActivateKeyboardLayout
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow

kernel32

Sleep
VirtualFree
VirtualAlloc
lstrlenW
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwindEx
RtlUnwind
RaiseException
ExitProcess
ExitThread
SwitchToThread
GetCurrentThreadId
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
LocalFree
LocalAlloc
GetModuleHandleW
FreeLibrary
lstrcmpW
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
VerSetConditionMask
VerifyVersionInfoW
UnmapViewOfFile
TryEnterCriticalSection
TerminateThread
SwitchToThread
SuspendThread
SleepEx
Sleep
SizeofResource
SetThreadPriority
SetThreadLocale
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
QueryDosDeviceW
IsDebuggerPresent
MultiByteToWideChar
MulDiv
MapViewOfFile
LockResource
LocalFree
LoadResource
LoadLibraryW
LeaveCriticalSection
IsValidLocale
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
HeapSize
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GlobalUnlock
GlobalSize
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetVolumeInformationW
GetVersionExW
GetVersion
GetTimeZoneInformation
GetTimeFormatW
GetTickCount
GetThreadPriority
GetThreadLocale
GetTempPathW
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLogicalDriveStringsW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesW
GetExitCodeThread
GetEnvironmentVariableW
GetDriveTypeW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetComputerNameW
GetCPInfoExW
GetCPInfo
GetACP
FreeResource
FreeLibrary
FormatMessageW
FindResourceW
FindFirstFileW
FindClose
EnumSystemLocalesW
EnumResourceNamesW
EnumCalendarInfoW
EnterCriticalSection
DeleteCriticalSection
CreateThread
CreateFileMappingW
CreateFileW
CreateEventW
CompareStringA
CompareStringW
CloseHandle
Sleep
GetStringTypeW

gdi32

UnrealizeObject
TextOutW
StrokePath
StretchDIBits
StretchBlt
StartPage
StartDocW
SetWorldTransform
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextJustification
SetTextColor
SetStretchBltMode
SetRectRgn
SetROP2
SetPixel
SetGraphicsMode
SetEnhMetaFileBits
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SelectClipRgn
SelectClipPath
SaveDC
RoundRect
RestoreDC
Rectangle
RectVisible
RealizePalette
PtVisible
PtInRegion
Polyline
Polygon
PolyPolyline
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PathToRegion
PatBlt
OffsetWindowOrgEx
OffsetRgn
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetViewportOrgEx
GetTextMetricsA
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
GetTextExtentExPointW
GetTextColor
GetSystemPaletteEntries
GetStretchBltMode
GetStockObject
GetRgnBox
GetROP2
GetPixel
GetPaletteEntries
GetObjectType
GetObjectW
GetNearestColor
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetCurrentPositionEx
GetCurrentObject
GetClipRgn
GetClipBox
GetBrushOrgEx
GetBkMode
GetBkColor
GetBitmapBits
GdiFlush
FrameRgn
FillRgn
FillPath
ExtTextOutW
ExtFloodFill
ExtCreateRegion
ExcludeClipRect
EqualRgn
EnumFontsW
EnumFontFamiliesExW
EndPath
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
DPtoLP
CreateSolidBrush
CreateRoundRectRgn
CreateRectRgnIndirect
CreateRectRgn
CreatePolygonRgn
CreatePenIndirect
CreatePatternBrush
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateEnhMetaFileW
CreateEllipticRgn
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CombineRgn
CloseEnhMetaFile
Chord
BitBlt
BeginPath
ArcTo
Arc
AngleArc
AbortDoc

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

netapi32

NetWkstaGetInfo

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitialize
IsEqualGUID

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Copy
ImageList_LoadImageW
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_AddMasked
ImageList_Replace
ImageList_Draw
ImageList_SetOverlayImage
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

msvcrt

memset
memcpy

shell32

ShellExecuteW
Shell_NotifyIconW

comdlg32

PrintDlgW
GetSaveFileNameW
GetOpenFileNameW

winspool.drv

OpenPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter
GetDefaultPrinterW

wsock32

__WSAFDIsSet
WSACleanup
WSAStartup
WSAGetLastError
gethostbyname
socket
shutdown
setsockopt
send
select
recv
ntohs
listen
ioctlsocket
inet_ntoa
inet_addr
htons
getsockopt
getsockname
connect
closesocket
bind
accept

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 10.9MB - Virtual size: 10.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 136KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 159B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 640B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 109B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 588KB - Virtual size: 587KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pdata
Size: 697KB - Virtual size: 697KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
libeay32.dll
.dll windows:4 windows x64 arch:x64

96c4f4e8917dc64df4c59957846701ef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\OpenSSL\Temp\openssl-1.0.2q-x64\out32dll\libeay32.pdb

Imports

ws2_32

sendto
recvfrom
bind
listen
accept
ntohl
ioctlsocket
WSACleanup
WSAStartup
getsockopt
getservbyname
ntohs
htons
htonl
socket
setsockopt
connect
send
WSASetLastError
recv
closesocket
WSAGetLastError
shutdown
gethostbyname

gdi32

CreateCompatibleBitmap
GetObjectW
GetDIBits
DeleteObject
GetDeviceCaps

advapi32

ReportEventW
DeregisterEventSource
RegisterEventSourceW

user32

GetDC
MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW
ReleaseDC

msvcrt

fread
fwrite
fflush
_setmode
ftell
fseek
fgets
perror
qsort
strcmp
setvbuf
_stat
_chmod
_fdopen
_open
__C_specific_handler
strerror
isspace
isalnum
tolower
strncmp
isupper
strrchr
memchr
fprintf
strtol
signal
_getch
printf
_initterm
fclose
fopen
_wfopen
strncpy
strstr
sprintf
atoi
isdigit
isxdigit
_write
_read
memmove
_errno
_stricmp
_strnicmp
gmtime
memset
localtime
time
memcpy
malloc
realloc
free
_iob
raise
_exit
_vsnprintf
_vsnwprintf
wcsstr
getenv
sscanf
strtoul
strchr
memcmp
_snwprintf
fputs

kernel32

WideCharToMultiByte
FindNextFileW
FindFirstFileW
FindClose
RtlVirtualUnwind
FreeLibrary
LoadLibraryA
GetStdHandle
LoadLibraryW
SetLastError
SystemTimeToFileTime
GetSystemTime
GetTickCount
QueryPerformanceCounter
GetCurrentProcessId
GetFileType
WriteFile
MultiByteToWideChar
GetVersion
GetCurrentThreadId
GetLastError
GetModuleHandleW
GetProcAddress
CloseHandle
GlobalMemoryStatus
FlushConsoleInputBuffer
GetSystemTimeAsFileTime
ExitProcess
TerminateProcess
GetCurrentProcess
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
SetUnhandledExceptionFilter
UnhandledExceptionFilter

Exports

Exports

ACCESS_DESCRIPTION_free
ACCESS_DESCRIPTION_it
ACCESS_DESCRIPTION_new
AES_bi_ige_encrypt
AES_cbc_encrypt
AES_cfb128_encrypt
AES_cfb1_encrypt
AES_cfb8_encrypt
AES_ctr128_encrypt
AES_decrypt
AES_ecb_encrypt
AES_encrypt
AES_ige_encrypt
AES_ofb128_encrypt
AES_options
AES_set_decrypt_key
AES_set_encrypt_key
AES_unwrap_key
AES_wrap_key
ASN1_ANY_it
ASN1_BIT_STRING_check
ASN1_BIT_STRING_free
ASN1_BIT_STRING_get_bit
ASN1_BIT_STRING_it
ASN1_BIT_STRING_name_print
ASN1_BIT_STRING_new
ASN1_BIT_STRING_num_asc
ASN1_BIT_STRING_set
ASN1_BIT_STRING_set_asc
ASN1_BIT_STRING_set_bit
ASN1_BMPSTRING_free
ASN1_BMPSTRING_it
ASN1_BMPSTRING_new
ASN1_BOOLEAN_it
ASN1_ENUMERATED_free
ASN1_ENUMERATED_get
ASN1_ENUMERATED_it
ASN1_ENUMERATED_new
ASN1_ENUMERATED_set
ASN1_ENUMERATED_to_BN
ASN1_FBOOLEAN_it
ASN1_GENERALIZEDTIME_adj
ASN1_GENERALIZEDTIME_check
ASN1_GENERALIZEDTIME_free
ASN1_GENERALIZEDTIME_it
ASN1_GENERALIZEDTIME_new
ASN1_GENERALIZEDTIME_print
ASN1_GENERALIZEDTIME_set
ASN1_GENERALIZEDTIME_set_string
ASN1_GENERALSTRING_free
ASN1_GENERALSTRING_it
ASN1_GENERALSTRING_new
ASN1_IA5STRING_free
ASN1_IA5STRING_it
ASN1_IA5STRING_new
ASN1_INTEGER_cmp
ASN1_INTEGER_dup
ASN1_INTEGER_free
ASN1_INTEGER_get
ASN1_INTEGER_it
ASN1_INTEGER_new
ASN1_INTEGER_set
ASN1_INTEGER_to_BN
ASN1_NULL_free
ASN1_NULL_it
ASN1_NULL_new
ASN1_OBJECT_create
ASN1_OBJECT_free
ASN1_OBJECT_it
ASN1_OBJECT_new
ASN1_OCTET_STRING_NDEF_it
ASN1_OCTET_STRING_cmp
ASN1_OCTET_STRING_dup
ASN1_OCTET_STRING_free
ASN1_OCTET_STRING_it
ASN1_OCTET_STRING_new
ASN1_OCTET_STRING_set
ASN1_PCTX_free
ASN1_PCTX_get_cert_flags
ASN1_PCTX_get_flags
ASN1_PCTX_get_nm_flags
ASN1_PCTX_get_oid_flags
ASN1_PCTX_get_str_flags
ASN1_PCTX_new
ASN1_PCTX_set_cert_flags
ASN1_PCTX_set_flags
ASN1_PCTX_set_nm_flags
ASN1_PCTX_set_oid_flags
ASN1_PCTX_set_str_flags
ASN1_PRINTABLESTRING_free
ASN1_PRINTABLESTRING_it
ASN1_PRINTABLESTRING_new
ASN1_PRINTABLE_free
ASN1_PRINTABLE_it
ASN1_PRINTABLE_new
ASN1_PRINTABLE_type
ASN1_SEQUENCE_ANY_it
ASN1_SEQUENCE_it
ASN1_SET_ANY_it
ASN1_STRING_TABLE_add
ASN1_STRING_TABLE_cleanup
ASN1_STRING_TABLE_get
ASN1_STRING_clear_free
ASN1_STRING_cmp
ASN1_STRING_copy
ASN1_STRING_data
ASN1_STRING_dup
ASN1_STRING_free
ASN1_STRING_get_default_mask
ASN1_STRING_length
ASN1_STRING_length_set
ASN1_STRING_new
ASN1_STRING_print
ASN1_STRING_print_ex
ASN1_STRING_print_ex_fp
ASN1_STRING_set
ASN1_STRING_set0
ASN1_STRING_set_by_NID
ASN1_STRING_set_default_mask
ASN1_STRING_set_default_mask_asc
ASN1_STRING_to_UTF8
ASN1_STRING_type
ASN1_STRING_type_new
ASN1_T61STRING_free
ASN1_T61STRING_it
ASN1_T61STRING_new
ASN1_TBOOLEAN_it
ASN1_TIME_adj
ASN1_TIME_check
ASN1_TIME_diff
ASN1_TIME_free
ASN1_TIME_it
ASN1_TIME_new
ASN1_TIME_print
ASN1_TIME_set
ASN1_TIME_set_string
ASN1_TIME_to_generalizedtime
ASN1_TYPE_cmp
ASN1_TYPE_free
ASN1_TYPE_get
ASN1_TYPE_get_int_octetstring
ASN1_TYPE_get_octetstring
ASN1_TYPE_new
ASN1_TYPE_set
ASN1_TYPE_set1
ASN1_TYPE_set_int_octetstring
ASN1_TYPE_set_octetstring
ASN1_UNIVERSALSTRING_free
ASN1_UNIVERSALSTRING_it
ASN1_UNIVERSALSTRING_new
ASN1_UNIVERSALSTRING_to_string
ASN1_UTCTIME_adj
ASN1_UTCTIME_check
ASN1_UTCTIME_cmp_time_t
ASN1_UTCTIME_free
ASN1_UTCTIME_it
ASN1_UTCTIME_new
ASN1_UTCTIME_print
ASN1_UTCTIME_set
ASN1_UTCTIME_set_string
ASN1_UTF8STRING_free
ASN1_UTF8STRING_it
ASN1_UTF8STRING_new
ASN1_VISIBLESTRING_free
ASN1_VISIBLESTRING_it
ASN1_VISIBLESTRING_new
ASN1_add_oid_module
ASN1_bn_print
ASN1_check_infinite_end
ASN1_const_check_infinite_end
ASN1_d2i_bio
ASN1_d2i_fp
ASN1_digest
ASN1_dup
ASN1_generate_nconf
ASN1_generate_v3
ASN1_get_object
ASN1_i2d_bio
ASN1_i2d_fp
ASN1_item_d2i
ASN1_item_d2i_bio
ASN1_item_d2i_fp
ASN1_item_digest
ASN1_item_dup
ASN1_item_ex_d2i
ASN1_item_ex_free
ASN1_item_ex_i2d
ASN1_item_ex_new
ASN1_item_free
ASN1_item_i2d
ASN1_item_i2d_bio
ASN1_item_i2d_fp
ASN1_item_ndef_i2d
ASN1_item_new
ASN1_item_pack
ASN1_item_print
ASN1_item_sign
ASN1_item_sign_ctx
ASN1_item_unpack
ASN1_item_verify
ASN1_mbstring_copy
ASN1_mbstring_ncopy
ASN1_object_size
ASN1_pack_string
ASN1_parse
ASN1_parse_dump
ASN1_primitive_free
ASN1_primitive_new
ASN1_put_eoc
ASN1_put_object
ASN1_seq_pack
ASN1_seq_unpack
ASN1_sign
ASN1_tag2bit
ASN1_tag2str
ASN1_template_d2i
ASN1_template_free
ASN1_template_i2d
ASN1_template_new
ASN1_unpack_string
ASN1_verify
AUTHORITY_INFO_ACCESS_free
AUTHORITY_INFO_ACCESS_it
AUTHORITY_INFO_ACCESS_new
AUTHORITY_KEYID_free
AUTHORITY_KEYID_it
AUTHORITY_KEYID_new
BASIC_CONSTRAINTS_free
BASIC_CONSTRAINTS_it
BASIC_CONSTRAINTS_new
BF_cbc_encrypt
BF_cfb64_encrypt
BF_decrypt
BF_ecb_encrypt
BF_encrypt
BF_ofb64_encrypt
BF_options
BF_set_key
BIGNUM_it
BIO_accept
BIO_asn1_get_prefix
BIO_asn1_get_suffix
BIO_asn1_set_prefix
BIO_asn1_set_suffix
BIO_callback_ctrl
BIO_clear_flags
BIO_copy_next_retry
BIO_ctrl
BIO_ctrl_get_read_request
BIO_ctrl_get_write_guarantee
BIO_ctrl_pending
BIO_ctrl_reset_read_request
BIO_ctrl_wpending
BIO_debug_callback
BIO_dgram_non_fatal_error
BIO_dump
BIO_dump_cb
BIO_dump_fp
BIO_dump_indent
BIO_dump_indent_cb
BIO_dump_indent_fp
BIO_dup_chain
BIO_f_asn1
BIO_f_base64
BIO_f_buffer
BIO_f_cipher
BIO_f_md
BIO_f_nbio_test
BIO_f_null
BIO_f_reliable
BIO_fd_non_fatal_error
BIO_fd_should_retry
BIO_find_type
BIO_free
BIO_free_all
BIO_get_accept_socket
BIO_get_callback
BIO_get_callback_arg
BIO_get_ex_data
BIO_get_ex_new_index
BIO_get_host_ip
BIO_get_port
BIO_get_retry_BIO
BIO_get_retry_reason
BIO_gethostbyname
BIO_gets
BIO_hex_string
BIO_indent
BIO_int_ctrl
BIO_method_name
BIO_method_type
BIO_new
BIO_new_CMS
BIO_new_NDEF
BIO_new_PKCS7
BIO_new_accept
BIO_new_bio_pair
BIO_new_connect
BIO_new_dgram
BIO_new_fd
BIO_new_file
BIO_new_fp
BIO_new_mem_buf
BIO_new_socket
BIO_next
BIO_nread
BIO_nread0
BIO_number_read
BIO_number_written
BIO_nwrite
BIO_nwrite0
BIO_pop
BIO_printf
BIO_ptr_ctrl
BIO_push
BIO_puts
BIO_read
BIO_s_accept
BIO_s_bio
BIO_s_connect
BIO_s_datagram
BIO_s_fd
BIO_s_file
BIO_s_mem
BIO_s_null
BIO_s_socket
BIO_set
BIO_set_callback
BIO_set_callback_arg
BIO_set_cipher
BIO_set_ex_data
BIO_set_flags
BIO_set_tcp_ndelay
BIO_snprintf
BIO_sock_cleanup
BIO_sock_error
BIO_sock_init
BIO_sock_non_fatal_error
BIO_sock_should_retry
BIO_socket_ioctl
BIO_socket_nbio
BIO_test_flags
BIO_vfree
BIO_vprintf
BIO_vsnprintf
BIO_write
BN_BLINDING_convert
BN_BLINDING_convert_ex
BN_BLINDING_create_param
BN_BLINDING_free
BN_BLINDING_get_flags
BN_BLINDING_get_thread_id
BN_BLINDING_invert
BN_BLINDING_invert_ex
BN_BLINDING_new
BN_BLINDING_set_flags
BN_BLINDING_set_thread_id
BN_BLINDING_thread_id
BN_BLINDING_update
BN_CTX_end
BN_CTX_free
BN_CTX_get
BN_CTX_init
BN_CTX_new
BN_CTX_start
BN_GENCB_call
BN_GF2m_add
BN_GF2m_arr2poly
BN_GF2m_mod
BN_GF2m_mod_arr
BN_GF2m_mod_div
BN_GF2m_mod_div_arr
BN_GF2m_mod_exp
BN_GF2m_mod_exp_arr
BN_GF2m_mod_inv
BN_GF2m_mod_inv_arr
BN_GF2m_mod_mul
BN_GF2m_mod_mul_arr
BN_GF2m_mod_solve_quad
BN_GF2m_mod_solve_quad_arr
BN_GF2m_mod_sqr
BN_GF2m_mod_sqr_arr
BN_GF2m_mod_sqrt
BN_GF2m_mod_sqrt_arr
BN_GF2m_poly2arr
BN_MONT_CTX_copy
BN_MONT_CTX_free
BN_MONT_CTX_init
BN_MONT_CTX_new
BN_MONT_CTX_set
BN_MONT_CTX_set_locked
BN_RECP_CTX_free
BN_RECP_CTX_init
BN_RECP_CTX_new
BN_RECP_CTX_set
BN_X931_derive_prime_ex
BN_X931_generate_Xpq
BN_X931_generate_prime_ex
BN_add
BN_add_word
BN_asc2bn
BN_bin2bn
BN_bn2bin
BN_bn2dec
BN_bn2hex
BN_bn2mpi
BN_bntest_rand
BN_clear
BN_clear_bit
BN_clear_free
BN_cmp
BN_consttime_swap
BN_copy
BN_dec2bn
BN_div
BN_div_recp
BN_div_word
BN_dup
BN_exp
BN_free
BN_from_montgomery
BN_gcd
BN_generate_prime
BN_generate_prime_ex
BN_get0_nist_prime_192
BN_get0_nist_prime_224
BN_get0_nist_prime_256
BN_get0_nist_prime_384
BN_get0_nist_prime_521
BN_get_params
BN_get_word
BN_hex2bn
BN_init
BN_is_bit_set
BN_is_prime
BN_is_prime_ex
BN_is_prime_fasttest
BN_is_prime_fasttest_ex
BN_kronecker
BN_lshift
BN_lshift1
BN_mask_bits
BN_mod_add
BN_mod_add_quick
BN_mod_exp
BN_mod_exp2_mont
BN_mod_exp_mont
BN_mod_exp_mont_consttime
BN_mod_exp_mont_word
BN_mod_exp_recp
BN_mod_exp_simple
BN_mod_inverse
BN_mod_lshift
BN_mod_lshift1
BN_mod_lshift1_quick
BN_mod_lshift_quick
BN_mod_mul
BN_mod_mul_montgomery
BN_mod_mul_reciprocal
BN_mod_sqr
BN_mod_sqrt
BN_mod_sub
BN_mod_sub_quick
BN_mod_word
BN_mpi2bn
BN_mul
BN_mul_word
BN_new
BN_nist_mod_192
BN_nist_mod_224
BN_nist_mod_256
BN_nist_mod_384
BN_nist_mod_521
BN_nnmod
BN_num_bits
BN_num_bits_word
BN_options
BN_print
BN_print_fp
BN_pseudo_rand
BN_pseudo_rand_range
BN_rand
BN_rand_range
BN_reciprocal
BN_rshift
BN_rshift1
BN_set_bit
BN_set_negative
BN_set_params
BN_set_word
BN_sqr
BN_sub
BN_sub_word
BN_swap
BN_to_ASN1_ENUMERATED
BN_to_ASN1_INTEGER
BN_uadd
BN_ucmp
BN_usub
BN_value_one

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 548KB - Virtual size: 548KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 249KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ssleay32.dll
.dll windows:4 windows x64 arch:x64

f5309b9bf4cf9ba2dc53e76fa84b0e29

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\OpenSSL\Temp\openssl-1.0.2q-x64\out32dll\ssleay32.pdb

Imports

libeay32

ord188
ord3178
ord3695
ord3570
ord3575
ord3550
ord3608
ord3480
ord3729
ord3353
ord203
ord4540
ord2760
ord2630
ord866
ord4430
ord4233
ord1070
ord32
ord222
ord4488
ord4245
ord4119
ord165
ord170
ord3513
ord3422
ord2929
ord3644
ord2578
ord3010
ord2924
ord3459
ord3512
ord3663
ord202
ord123
ord201
ord118
ord281
ord2128
ord967
ord654
ord3245
ord490
ord464
ord66
ord4369
ord4474
ord3666
ord219
ord498
ord290
ord52
ord635
ord909
ord912
ord641
ord910
ord754
ord2411
ord965
ord964
ord274
ord276
ord3899
ord2572
ord3315
ord2894
ord2927
ord2784
ord256
ord168
ord2747
ord961
ord167
ord169
ord3844
ord3837
ord3896
ord2201
ord904
ord176
ord282
ord572
ord3165
ord3489
ord1071
ord2925
ord268
ord316
ord363
ord2712
ord4164
ord493
ord4262
ord3719
ord216
ord333
ord4125
ord4470
ord1010
ord4046
ord3682
ord2877
ord3711
ord129
ord124
ord1000
ord125
ord150
ord205
ord486
ord484
ord577
ord763
ord907
ord87
ord3450
ord2107
ord2063
ord283
ord3418
ord481
ord323
ord2915
ord3836
ord3873
ord1096
ord1097
ord3244
ord3874
ord3816
ord3888
ord109
ord2589
ord78
ord95
ord3891
ord89
ord1145
ord1144
ord3906
ord1081
ord2292
ord3823
ord3846
ord3866
ord2400
ord3857
ord187
ord267
ord3633
ord3631
ord3675
ord3737
ord1011
ord341
ord1012
ord503
ord3664
ord3479
ord359
ord365
ord4684
ord3192
ord3388
ord3528
ord2568
ord3312
ord3922
ord2898
ord264
ord266
ord3067
ord3313
ord111
ord4210
ord4701
ord653
ord4692
ord3925
ord541
ord2702
ord3124
ord4372
ord4144
ord4174
ord3782
ord1202
ord193
ord3704
ord3758
ord3767
ord3647
ord3766
ord3365
ord4114
ord3460
ord3783
ord3454
ord3754
ord3394
ord897
ord3414
ord3495
ord3610
ord67
ord65
ord53
ord98
ord3826
ord3559
ord3399
ord636
ord2257
ord914
ord2478
ord626
ord890
ord1004
ord3527
ord4513
ord364
ord2051
ord206
ord497
ord85
ord58
ord630
ord628
ord1041
ord1007
ord1005
ord4331
ord1027
ord3437
ord629
ord892
ord74
ord248
ord3378
ord1655
ord575
ord1025
ord246
ord1100
ord4693
ord2135
ord622
ord679
ord2524
ord3505
ord3595
ord1023
ord2451
ord623
ord657
ord401
ord93
ord911
ord3396
ord3657
ord857
ord908
ord680
ord1016
ord2204
ord3205
ord624
ord128
ord4045
ord2475
ord368
ord367
ord370
ord369
ord887
ord889
ord891
ord4320
ord4383
ord315
ord1671
ord1147
ord189
ord314
ord956
ord280
ord2181
ord399
ord748
ord279
ord400
ord751
ord750
ord394
ord774
ord1959
ord37
ord35
ord824
ord822
ord8
ord1091
ord3700
ord3623
ord718
ord7
ord716
ord703
ord2426
ord86
ord88
ord3724
ord313
ord1101
ord293
ord3914
ord3807
ord3795
ord4740
ord4731
ord4656
ord4637
ord4615
ord4601
ord2996
ord3155
ord959
ord325
ord329
ord318
ord304
ord292
ord299
ord395
ord955
ord2252
ord91
ord247
ord225
ord4578
ord4572
ord4576
ord4570
ord4573
ord4582
ord4575
ord4577
ord4584
ord4580
ord4581
ord110
ord151
ord285
ord3239
ord120
ord181
ord3883
ord3109
ord269
ord2936
ord495
ord2821
ord289
ord252
ord1654
ord1653
ord905
ord3314
ord903

msvcrt

malloc
free
_initterm
_stricmp
_strnicmp
abort
_errno
_iob
fprintf
strchr
strncmp
time
memmove
memset
memcmp
memcpy

kernel32

SystemTimeToFileTime
GetSystemTime
GetLastError
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Sleep
DisableThreadLibraryCalls
SetLastError

Exports

Exports

BIO_f_ssl
BIO_new_buffer_ssl_connect
BIO_new_ssl
BIO_new_ssl_connect
BIO_ssl_copy_session_id
BIO_ssl_shutdown
DTLS_client_method
DTLS_method
DTLS_server_method
DTLSv1_2_client_method
DTLSv1_2_method
DTLSv1_2_server_method
DTLSv1_client_method
DTLSv1_method
DTLSv1_server_method
ERR_load_SSL_strings
PEM_read_SSL_SESSION
PEM_read_bio_SSL_SESSION
PEM_write_SSL_SESSION
PEM_write_bio_SSL_SESSION
SRP_Calc_A_param
SRP_generate_client_master_secret
SRP_generate_server_master_secret
SSL_CIPHER_description
SSL_CIPHER_find
SSL_CIPHER_get_bits
SSL_CIPHER_get_id
SSL_CIPHER_get_name
SSL_CIPHER_get_version
SSL_COMP_add_compression_method
SSL_COMP_free_compression_methods
SSL_COMP_get_compression_methods
SSL_COMP_get_name
SSL_COMP_set0_compression_methods
SSL_CONF_CTX_clear_flags
SSL_CONF_CTX_finish
SSL_CONF_CTX_free
SSL_CONF_CTX_new
SSL_CONF_CTX_set1_prefix
SSL_CONF_CTX_set_flags
SSL_CONF_CTX_set_ssl
SSL_CONF_CTX_set_ssl_ctx
SSL_CONF_cmd
SSL_CONF_cmd_argv
SSL_CONF_cmd_value_type
SSL_CTX_SRP_CTX_free
SSL_CTX_SRP_CTX_init
SSL_CTX_add_client_CA
SSL_CTX_add_client_custom_ext
SSL_CTX_add_server_custom_ext
SSL_CTX_add_session
SSL_CTX_callback_ctrl
SSL_CTX_check_private_key
SSL_CTX_ctrl
SSL_CTX_flush_sessions
SSL_CTX_free
SSL_CTX_get0_certificate
SSL_CTX_get0_param
SSL_CTX_get0_privatekey
SSL_CTX_get_cert_store
SSL_CTX_get_client_CA_list
SSL_CTX_get_client_cert_cb
SSL_CTX_get_ex_data
SSL_CTX_get_ex_new_index
SSL_CTX_get_info_callback
SSL_CTX_get_quiet_shutdown
SSL_CTX_get_ssl_method
SSL_CTX_get_timeout
SSL_CTX_get_verify_callback
SSL_CTX_get_verify_depth
SSL_CTX_get_verify_mode
SSL_CTX_load_verify_locations
SSL_CTX_new
SSL_CTX_remove_session
SSL_CTX_sess_get_get_cb
SSL_CTX_sess_get_new_cb
SSL_CTX_sess_get_remove_cb
SSL_CTX_sess_set_get_cb
SSL_CTX_sess_set_new_cb
SSL_CTX_sess_set_remove_cb
SSL_CTX_sessions
SSL_CTX_set1_param
SSL_CTX_set_alpn_protos
SSL_CTX_set_alpn_select_cb
SSL_CTX_set_cert_cb
SSL_CTX_set_cert_store
SSL_CTX_set_cert_verify_callback
SSL_CTX_set_cipher_list
SSL_CTX_set_client_CA_list
SSL_CTX_set_client_cert_cb
SSL_CTX_set_client_cert_engine
SSL_CTX_set_cookie_generate_cb
SSL_CTX_set_cookie_verify_cb
SSL_CTX_set_default_passwd_cb
SSL_CTX_set_default_passwd_cb_userdata
SSL_CTX_set_default_verify_paths
SSL_CTX_set_ex_data
SSL_CTX_set_generate_session_id
SSL_CTX_set_info_callback
SSL_CTX_set_msg_callback
SSL_CTX_set_next_proto_select_cb
SSL_CTX_set_next_protos_advertised_cb
SSL_CTX_set_psk_client_callback
SSL_CTX_set_psk_server_callback
SSL_CTX_set_purpose
SSL_CTX_set_quiet_shutdown
SSL_CTX_set_session_id_context
SSL_CTX_set_srp_cb_arg
SSL_CTX_set_srp_client_pwd_callback
SSL_CTX_set_srp_password
SSL_CTX_set_srp_strength
SSL_CTX_set_srp_username
SSL_CTX_set_srp_username_callback
SSL_CTX_set_srp_verify_param_callback
SSL_CTX_set_ssl_version
SSL_CTX_set_timeout
SSL_CTX_set_tlsext_use_srtp
SSL_CTX_set_tmp_dh_callback
SSL_CTX_set_tmp_ecdh_callback
SSL_CTX_set_tmp_rsa_callback
SSL_CTX_set_trust
SSL_CTX_set_verify
SSL_CTX_set_verify_depth
SSL_CTX_use_PrivateKey
SSL_CTX_use_PrivateKey_ASN1
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_RSAPrivateKey
SSL_CTX_use_RSAPrivateKey_ASN1
SSL_CTX_use_RSAPrivateKey_file
SSL_CTX_use_certificate
SSL_CTX_use_certificate_ASN1
SSL_CTX_use_certificate_chain_file
SSL_CTX_use_certificate_file
SSL_CTX_use_psk_identity_hint
SSL_CTX_use_serverinfo
SSL_CTX_use_serverinfo_file
SSL_SESSION_free
SSL_SESSION_get0_peer
SSL_SESSION_get_compress_id
SSL_SESSION_get_ex_data
SSL_SESSION_get_ex_new_index
SSL_SESSION_get_id
SSL_SESSION_get_time
SSL_SESSION_get_timeout
SSL_SESSION_new
SSL_SESSION_print
SSL_SESSION_print_fp
SSL_SESSION_set1_id_context
SSL_SESSION_set_ex_data
SSL_SESSION_set_time
SSL_SESSION_set_timeout
SSL_SRP_CTX_free
SSL_SRP_CTX_init
SSL_accept
SSL_add_client_CA
SSL_add_dir_cert_subjects_to_stack
SSL_add_file_cert_subjects_to_stack
SSL_alert_desc_string
SSL_alert_desc_string_long
SSL_alert_type_string
SSL_alert_type_string_long
SSL_cache_hit
SSL_callback_ctrl
SSL_certs_clear
SSL_check_chain
SSL_check_private_key
SSL_clear
SSL_connect
SSL_copy_session_id
SSL_ctrl
SSL_do_handshake
SSL_dup
SSL_dup_CA_list
SSL_export_keying_material
SSL_extension_supported
SSL_free
SSL_get0_alpn_selected
SSL_get0_next_proto_negotiated
SSL_get0_param
SSL_get1_session
SSL_get_SSL_CTX
SSL_get_certificate
SSL_get_cipher_list
SSL_get_ciphers
SSL_get_client_CA_list
SSL_get_current_cipher
SSL_get_current_compression
SSL_get_current_expansion
SSL_get_default_timeout
SSL_get_error
SSL_get_ex_data
SSL_get_ex_data_X509_STORE_CTX_idx
SSL_get_ex_new_index
SSL_get_fd
SSL_get_finished
SSL_get_info_callback
SSL_get_peer_cert_chain
SSL_get_peer_certificate
SSL_get_peer_finished
SSL_get_privatekey
SSL_get_psk_identity
SSL_get_psk_identity_hint
SSL_get_quiet_shutdown
SSL_get_rbio
SSL_get_read_ahead
SSL_get_rfd
SSL_get_selected_srtp_profile
SSL_get_servername
SSL_get_servername_type
SSL_get_session
SSL_get_shared_ciphers
SSL_get_shared_sigalgs
SSL_get_shutdown
SSL_get_sigalgs
SSL_get_srp_N
SSL_get_srp_g
SSL_get_srp_userinfo
SSL_get_srp_username
SSL_get_srtp_profiles
SSL_get_ssl_method
SSL_get_verify_callback
SSL_get_verify_depth
SSL_get_verify_mode
SSL_get_verify_result
SSL_get_version
SSL_get_wbio
SSL_get_wfd
SSL_has_matching_session_id
SSL_is_server
SSL_library_init
SSL_load_client_CA_file
SSL_load_error_strings
SSL_new
SSL_peek
SSL_pending
SSL_read
SSL_renegotiate
SSL_renegotiate_abbreviated
SSL_renegotiate_pending
SSL_rstate_string
SSL_rstate_string_long
SSL_select_next_proto
SSL_set1_param
SSL_set_SSL_CTX
SSL_set_accept_state
SSL_set_alpn_protos
SSL_set_bio
SSL_set_cert_cb
SSL_set_cipher_list
SSL_set_client_CA_list
SSL_set_connect_state
SSL_set_debug
SSL_set_ex_data
SSL_set_fd
SSL_set_generate_session_id
SSL_set_info_callback
SSL_set_msg_callback
SSL_set_psk_client_callback
SSL_set_psk_server_callback
SSL_set_purpose
SSL_set_quiet_shutdown
SSL_set_read_ahead
SSL_set_rfd
SSL_set_session
SSL_set_session_id_context
SSL_set_session_secret_cb
SSL_set_session_ticket_ext
SSL_set_session_ticket_ext_cb
SSL_set_shutdown
SSL_set_srp_server_param
SSL_set_srp_server_param_pw
SSL_set_ssl_method
SSL_set_state
SSL_set_tlsext_use_srtp
SSL_set_tmp_dh_callback
SSL_set_tmp_ecdh_callback
SSL_set_tmp_rsa_callback
SSL_set_trust
SSL_set_verify
SSL_set_verify_depth
SSL_set_verify_result
SSL_set_wfd
SSL_shutdown
SSL_srp_server_param_with_username
SSL_state
SSL_state_string
SSL_state_string_long
SSL_use_PrivateKey
SSL_use_PrivateKey_ASN1
SSL_use_PrivateKey_file
SSL_use_RSAPrivateKey
SSL_use_RSAPrivateKey_ASN1
SSL_use_RSAPrivateKey_file
SSL_use_certificate
SSL_use_certificate_ASN1
SSL_use_certificate_file
SSL_use_psk_identity_hint
SSL_version
SSL_want
SSL_write
SSLv23_client_method
SSLv23_method
SSLv23_server_method
SSLv2_client_method
SSLv2_method
SSLv2_server_method
SSLv3_client_method
SSLv3_method
SSLv3_server_method
TLSv1_1_client_method
TLSv1_1_method
TLSv1_1_server_method
TLSv1_2_client_method
TLSv1_2_method
TLSv1_2_server_method
TLSv1_client_method
TLSv1_method
TLSv1_server_method
d2i_SSL_SESSION
i2d_SSL_SESSION
ssl3_ciphers

Sections

.text
Size: 251KB - Virtual size: 251KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninstall.exe
.exe windows:5 windows x86 arch:x86

32f3282581436269b3a75b6675fe3e08

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

57:f3:d6:07:da:77:27:b5:86:cd:4a:fc:0d:5d:8d:37
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

26-08-2016 00:00

Not After

26-08-2019 23:59

Subject

CN=ROSTPEI LTD,O=ROSTPEI LTD,POSTALCODE=344011,STREET=str. Dolomanovsky\, 70D\, office 1001,L=Rostov-on-Don,ST=Rostov region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:e8:0d:91:f1:f0:9b:d8:ba:8b:c5:3a:a7:67:3a:85:29:6c:74:5d
Signer

Actual PE Digest

90:e8:0d:91:f1:f0:9b:d8:ba:8b:c5:3a:a7:67:3a:85:29:6c:74:5d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
foo/4a74c9f378007412ec2c8b2eea6da4cf
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 241KB - Virtual size: 636KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 256KB - Virtual size: 772KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
foo/4b2d7854b47943b118e24c6ec79b974b
.exe windows:5 windows x86 arch:x86

20dd26497880c05caed9305b3c8b9109

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

user32

GetKeyboardType
LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
TranslateMessage
SetWindowLongW
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW
LoadStringW
GetSystemMetrics
ExitWindowsEx
DispatchMessageW
DestroyWindow
CharUpperBuffW
CallWindowProcW

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
SizeofResource
SignalObjectAndWait
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResetEvent
RemoveDirectoryW
ReadFile
MultiByteToWideChar
LockResource
LoadResource
LoadLibraryW
GetWindowsDirectoryW
GetVersionExW
GetVersion
GetUserDefaultLangID
GetThreadLocale
GetSystemInfo
GetSystemDirectoryW
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesW
GetExitCodeProcess
GetEnvironmentVariableW
GetDiskFreeSpaceW
GetCurrentProcess
GetCommandLineW
GetCPInfo
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
EnumCalendarInfoW
DeleteFileW
CreateProcessW
CreateFileW
CreateEventW
CreateDirectoryW
CloseHandle
Sleep

comctl32

InitCommonControls

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 21KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
foo/4c49c2496ae538bcec9e1510f3eb8eba
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 88KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 62KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
foo/4cfe8f3aa1592035b9a2cdb2c4f54c77
.exe windows:4 windows x86 arch:x86

baa93d47220682c04d92f7797d9224ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

comctl32

InitCommonControls

Sections

Size: 304KB - Virtual size: 496KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

csvoyirt
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ptnqfyuj
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
foo/4ea45460c3e7c3d8486d3f7bec90c613
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

27:37:89:89:dd:16:b0:5a:ee:2c:c4:48:c7:0c:ed:70
Certificate

Issuer

CN=Root SGC Authority

Not Before

16-07-1999 19:47

Not After

16-07-2004 19:47

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Extended Key Usages

ExtKeyUsageMicrosoftServerGatedCrypto
ExtKeyUsageNetscapeServerGatedCrypto

40:13:5a:d6:20:21:5d:2d:c7:c7:f6:f2:d6:fc:59:07
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

17-04-2014 00:00

Not After

17-04-2015 23:59

Subject

CN=长沙聚丰网络科技有限公司,O=长沙聚丰网络科技有限公司,L=长沙,ST=湖南,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17-11-2006 00:00

Not After

30-12-2020 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a6:75:47:bf:b4:8f:21:d7:b5:1a:3d:25:10:1c:94:09:17:f6:57:99
Signer

Actual PE Digest

a6:75:47:bf:b4:8f:21:d7:b5:1a:3d:25:10:1c:94:09:17:f6:57:99

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
foo/52d6c59fcfe73048a240c7fdd1f04d7e
.exe windows:5 windows x86 arch:x86

32f3282581436269b3a75b6675fe3e08

Code Sign

09:dd:51:cf:ea:a8:59:55:a8:df:60:cf:dd:9f:fc:ec
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

01-08-2017 00:00

Not After

26-08-2019 23:59

Subject

CN=Greentree Applications SRL,O=Greentree Applications SRL,L=Bucharest,ST=Bucharest,C=RO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5b:53:b3:46:e1:67:44:14:d9:ff:af:5d:93:8c:3d:af:23:80:ec:77
Signer

Actual PE Digest

5b:53:b3:46:e1:67:44:14:d9:ff:af:5d:93:8c:3d:af:23:80:ec:77

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
foo/55fc11ec67a00177d047d5abc84231e0
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\android\AppData\Local\Temporary Projects\DMZ\obj\Debug\DMZ.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
foo/59f0fbc29bace019804b8a181ce75a06
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 352KB - Virtual size: 351KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
foo/5b1c0df2be80006ec3af6a5eeea17ecb
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 554KB - Virtual size: 553KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
foo/5bc72a1ae433663758319d97917b77ea
.exe windows:5 windows x86 arch:x86

be41bf7b8cc010b614bd36bbca606973

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

03-02-2015 00:00

Not After

03-03-2026 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3e:28:59:50:49:b0:aa:bb:cd:7f:30:83:62:48:a5:1c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17-03-2016 00:00

Not After

26-03-2017 23:59

Subject

CN=\ Baidu Online Network Technology (Beijing) Co.\,Ltd.,OU=Baidu security,O=\ Baidu Online Network Technology (Beijing) Co.\,Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3c:1c:0f:4f:88:7a:6d:d0:f0:de:d5:bc:72:80:d1:08:47:25:12:31
Signer

Actual PE Digest

3c:1c:0f:4f:88:7a:6d:d0:f0:de:d5:bc:72:80:d1:08:47:25:12:31

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 368KB - Virtual size: 367KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
foo/5d33050f0514054c49f2bc2ff9abee2a
.exe windows:4 windows x86 arch:x86

7ed0d71376e55d58ab36dc7d3ffda898

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathW
SetFileTime
CloseHandle
GetShortPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
GetFullPathNameW
CreateDirectoryW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
SetEnvironmentVariableW
GetWindowsDirectoryW
GetTempPathW
SetFileAttributesW
ExpandEnvironmentStringsW
LoadLibraryW
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
CreateProcessW
RemoveDirectoryW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcpyA
lstrcpyW
lstrcatW
GetSystemDirectoryW
GetVersion
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetModuleHandleW
lstrcmpiW
lstrcmpW
WaitForSingleObject
GlobalFree
GlobalAlloc
LoadLibraryExW
GetExitCodeProcess
FreeLibrary
WritePrivateProfileStringW
SetErrorMode
GetCommandLineW
GetPrivateProfileStringW
FindFirstFileW
FindNextFileW
DeleteFileW
SetFilePointer
ReadFile
FindClose
MulDiv
MultiByteToWideChar
WriteFile
lstrlenA
WideCharToMultiByte

user32

EndDialog
ScreenToClient
GetWindowRect
RegisterClassW
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongW
SetCursor
LoadCursorW
CheckDlgButton
GetMessagePos
LoadBitmapW
CallWindowProcW
IsWindowVisible
CloseClipboard
SetClipboardData
wsprintfW
CreateWindowExW
SystemParametersInfoW
AppendMenuW
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharPrevW
CharNextA
wsprintfA
DispatchMessageW
PeekMessageW
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
GetDC
SetWindowLongW
LoadImageW
SendMessageTimeoutW
FindWindowExW
EmptyClipboard
OpenClipboard
TrackPopupMenu
EndPaint
ShowWindow
GetDlgItem
IsWindow
SetForegroundWindow

gdi32

SelectObject
SetBkMode
CreateFontIndirectW
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW

advapi32

RegCloseKey
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumKeyW

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 120KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
foo/5d9775622b5e7123d5796d4de5dc2839
.exe windows:5 windows x86 arch:x86

8404d55587690c9710f53efab6f8b9bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCPInfo
GetTickCount
TerminateThread
GetThreadSelectorEntry
TerminateProcess
GetMailslotInfo
GetLastError
SetLastError
GetProcAddress
LoadLibraryA
LocalAlloc
FindNextChangeNotification
AddAtomA
FindFirstChangeNotificationA
FatalExit
GetCurrentDirectoryA
WriteConsoleOutputCharacterW
GetSystemTime
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
HeapSize
GetProcessHeap
SetEndOfFile
ExitProcess
GetStartupInfoW
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
HeapFree
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
CloseHandle
GetModuleHandleW
Sleep
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
MultiByteToWideChar
ReadFile
InitializeCriticalSectionAndSpinCount
CreateFileA
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
FlushFileBuffers
GetACP
GetOEMCP
IsValidCodePage

user32

GetNextDlgTabItem
GetThreadDesktop
GetMonitorInfoA
GetUpdateRect
LockWindowUpdate
PeekMessageA
ScrollWindow
GetAltTabInfoW
LoadStringW
LoadImageA
UpdateWindow
GetDlgCtrlID
LookupIconIdFromDirectory
LoadCursorFromFileA

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 4.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
foo/60121ea2ab380455f7e143cd9438443e
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
foo/62565a39c4a264e48e0678edad5d60fd
.exe windows:5 windows x86 arch:x86

92b15cfce654067f352c19e9db92a798

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

userenv

GetUserProfileDirectoryA

shlwapi

PathMatchSpecA
wvnsprintfA
PathCombineA
StrStrIA
PathUnquoteSpacesA
StrStrIW

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CoInitializeEx
CoSetProxyBlanket
CoInitializeSecurity

shell32

ShellExecuteA
SHGetFolderPathA

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo

kernel32

SetFilePointer
SleepEx
CloseHandle
SetEvent
OpenEventA
GetCurrentProcessId
Sleep
GetLastError
lstrlenA
GetModuleHandleA
FreeLibrary
GetProcAddress
LoadLibraryA
ReleaseMutex
CreateEventW
ExitProcess
GetDriveTypeA
lstrcmpA
lstrcpyA
OpenProcess
CopyFileA
GetCommandLineA
WideCharToMultiByte
MultiByteToWideChar
lstrcatA
GetLocalTime
GetEnvironmentVariableA
GetExitCodeProcess
ResumeThread
CreateMutexA
OpenMutexA
lstrcmpiA
GetSystemTimeAsFileTime
DeleteFileA
GetFileAttributesA
WaitForSingleObject
ExpandEnvironmentStringsA
HeapAlloc
HeapFree
VirtualAlloc
GetProcessId
GetCurrentProcess
GetCurrentThread
LocalAlloc
LoadResource
SizeofResource
FindResourceA
CreateFileA
GetSystemInfo
GetVersionExA
GetModuleFileNameA
GetComputerNameW
GetComputerNameA
SetEnvironmentVariableA
GetWindowsDirectoryA
GetTickCount
GetThreadContext
TerminateThread
CreateThread
GetFileSize
VirtualFree
lstrcpynA
HeapCreate

user32

MessageBoxA
CharUpperBuffA

advapi32

EqualSid
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
CreateProcessAsUserA
LookupAccountNameW
SetFileSecurityA
ConvertSidToStringSidA
RegLoadKeyA
RegUnLoadKeyA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
OpenThreadToken
OpenProcessToken
SetServiceStatus

netapi32

NetUserEnum
NetGetDCName
NetApiBufferFree

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 324KB - Virtual size: 323KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
foo/62a3fd9b4932e59a7192813c22617764
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 451KB - Virtual size: 451KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
foo/63e9ce22dbf66934fd75c77bc84954d0
.exe windows:4 windows x86 arch:x86

f6baa5eaa8231d4fe8e922a2e6d240ea

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

shell32

SHGetSpecialFolderPathW
ShellExecuteW
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteExW

gdi32

CreateCompatibleDC
CreateFontIndirectW
DeleteObject
DeleteDC
GetCurrentObject
StretchBlt
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
SetStretchBltMode
GetObjectW

advapi32

FreeSid
AllocateAndInitializeSid
CheckTokenMembership

user32

GetWindowLongW
GetMenu
SetWindowPos
GetWindowDC
ReleaseDC
GetDlgItem
GetParent
GetWindowRect
GetClassNameA
CreateWindowExW
SetTimer
GetMessageW
DispatchMessageW
KillTimer
DestroyWindow
SendMessageW
EndDialog
wsprintfW
GetWindowTextW
GetWindowTextLengthW
GetSysColor
wsprintfA
SetWindowTextW
MessageBoxA
ScreenToClient
GetClientRect
SetWindowLongW
UnhookWindowsHookEx
SetFocus
GetSystemMetrics
SystemParametersInfoW
ShowWindow
DrawTextW
GetDC
ClientToScreen
GetWindow
DialogBoxIndirectParamW
DrawIconEx
CallWindowProcW
DefWindowProcW
CallNextHookEx
PtInRect
SetWindowsHookExW
LoadImageW
LoadIconW
MessageBeep
EnableWindow
IsWindow
EnableMenuItem
GetSystemMenu
CreateWindowExA
wvsprintfW
CharUpperW
GetKeyState
CopyImage

ole32

CreateStreamOnHGlobal
CoCreateInstance
CoInitialize

oleaut32

VariantClear
SysFreeString
OleLoadPicture
SysAllocString

kernel32

GetFileSize
SetFilePointer
ReadFile
WaitForMultipleObjects
GetModuleHandleA
SetFileTime
SetEndOfFile
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FormatMessageW
lstrcpyW
LocalFree
IsBadReadPtr
GetSystemDirectoryW
GetCurrentThreadId
SuspendThread
TerminateThread
InitializeCriticalSection
ResetEvent
SetEvent
CreateEventW
GetVersionExW
GetModuleFileNameW
GetCurrentProcess
SetProcessWorkingSetSize
SetCurrentDirectoryW
GetDriveTypeW
CreateFileW
GetCommandLineW
GetStartupInfoW
CreateProcessW
CreateJobObjectW
ResumeThread
AssignProcessToJobObject
CreateIoCompletionPort
SetInformationJobObject
GetQueuedCompletionStatus
GetExitCodeProcess
CloseHandle
SetEnvironmentVariableW
GetTempPathW
GetSystemTimeAsFileTime
lstrlenW
CompareFileTime
SetThreadLocale
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
RemoveDirectoryW
ExpandEnvironmentStringsW
WideCharToMultiByte
VirtualAlloc
GlobalMemoryStatusEx
lstrcmpW
GetEnvironmentVariableW
lstrcmpiW
lstrlenA
GetLocaleInfoW
MultiByteToWideChar
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetSystemDefaultLCID
lstrcmpiA
GlobalAlloc
GlobalFree
MulDiv
FindResourceExA
SizeofResource
LoadResource
LockResource
LoadLibraryA
GetProcAddress
GetModuleHandleW
ExitProcess
lstrcatW
GetDiskFreeSpaceExW
SetFileAttributesW
SetLastError
Sleep
GetExitCodeThread
WaitForSingleObject
CreateThread
GetLastError
SystemTimeToFileTime
GetLocalTime
GetFileAttributesW
CreateDirectoryW
WriteFile
GetStdHandle
VirtualFree
GetStartupInfoA

msvcrt

??3@YAXPAX@Z
??2@YAPAXI@Z
memcmp
free
memcpy
_wtol
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
_CxxThrowException
_beginthreadex
_EH_prolog
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
memset
_wcsnicmp
strncmp
wcsncmp
malloc
memmove
_purecall

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
foo/6497ba06c339ec8ca438ddf0dd2f8fc5
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
foo/698cc868cdae13a5cc744020ec00e331
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
foo/6f2c5c31fefa00afa2af1adcbdd93ad5
.exe windows:5 windows x86 arch:x86

d6dcfcd3088d6708ed0add18c48ebf98

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Branch\win\Release\stubs\x86\ExternalUi.pdb

Imports

kernel32

CreateFileW
WriteFile
CloseHandle
DeleteCriticalSection
GetLastError
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
RaiseException
GetProcAddress
GetModuleHandleW
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
lstrcpynW
MulDiv
WaitForSingleObject
LoadLibraryExW
DecodePointer
GetCurrentThreadId
Sleep
GetDiskFreeSpaceExW
SetLastError
CreateEventW
SetEvent
GetExitCodeThread
GetCurrentProcessId
CreateDirectoryW
GetSystemDirectoryW
FreeLibrary
lstrlenW
GetVersionExW
lstrcmpiW
LoadLibraryW
GetDriveTypeW
CompareStringW
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcmpW
GetFileSize
ReadFile
GlobalFree
GetTempPathW
GetSystemTime
SystemTimeToFileTime
GetTempFileNameW
DeleteFileW
FindFirstFileW
RemoveDirectoryW
FindNextFileW
GetLogicalDriveStringsW
GetFileAttributesW
SetFileAttributesW
GetFileTime
CopyFileW
FindClose
MultiByteToWideChar
WideCharToMultiByte
InterlockedExchange
GetCurrentProcess
GetSystemInfo
WaitForMultipleObjects
VirtualProtect
VirtualQuery
LoadLibraryExA
GetShortPathNameW
SetUnhandledExceptionFilter
CreateThread
FormatMessageW
GetEnvironmentVariableW
LocalFree
LoadLibraryA
GetCurrentThread
GetFullPathNameW
SetConsoleTextAttribute
GetStdHandle
GetConsoleScreenBufferInfo
SetFilePointer
FlushFileBuffers
GetModuleFileNameA
CreateProcessW
GetExitCodeProcess
GetCommandLineW
SetCurrentDirectoryW
SetEndOfFile
EnumResourceLanguagesW
GetLocaleInfoW
GetSystemDefaultLangID
GetUserDefaultLangID
FileTimeToSystemTime
GetWindowsDirectoryW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OutputDebugStringW
GetLocalTime
TerminateThread
CreateNamedPipeW
ConnectNamedPipe
GetStringTypeW
GetLocaleInfoA
MoveFileW
ResetEvent
LocalAlloc
CompareFileTime
CopyFileExW
OpenEventW
PeekNamedPipe
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
IsDebuggerPresent
GetCPInfo
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
LCMapStringW
WaitForSingleObjectEx
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
QueryPerformanceCounter
RtlUnwind
QueryPerformanceFrequency
GetACP
ExitProcess
GetModuleHandleExW
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleCP
GetConsoleMode
IsValidCodePage
GetOEMCP
SetFilePointerEx
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCommandLineA
FindFirstFileExW
SetStdHandle
WriteConsoleW
ReadConsoleW

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 313KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 215KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
foo/798f5e61531f527821a490a15ef957ba
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 152KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 89KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
foo/7aec86c6c4cc35139b7874a0117e4451
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 382KB - Virtual size: 381KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 246KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
foo/84bf6e1a8fcd94cf6cba6ac7e2a95b64
.exe windows:5 windows x86 arch:x86

3eaa732d4dae53340f9646bdd85dac41

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Projects\WinRAR\SFX\build\sfxrar32\Release\sfxrar.pdb

Imports

comctl32

InitCommonControlsEx

shlwapi

SHAutoComplete

kernel32

ReadFile
GetFileAttributesW
SetFileAttributesW
FindNextFileW
GetFullPathNameW
GetModuleFileNameW
FindResourceW
GetModuleHandleW
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentProcessId
GetLocaleInfoW
GetNumberFormatW
ExpandEnvironmentStringsW
WaitForSingleObject
DosDateTimeToFileTime
GetDateFormatW
GetTimeFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetExitCodeProcess
GetTempPathW
MoveFileExW
Sleep
UnmapViewOfFile
MapViewOfFile
GetCommandLineW
CreateFileMappingW
GetTickCount
SetEnvironmentVariableW
OpenFileMappingW
CreateThread
EnterCriticalSection
LeaveCriticalSection
GetProcessAffinityMask
ReleaseSemaphore
ResetEvent
DeleteCriticalSection
SetEvent
SetThreadPriority
InitializeCriticalSection
CreateEventW
CreateSemaphoreW
SystemTimeToFileTime
GetSystemTime
LocalFileTimeToFileTime
WideCharToMultiByte
MultiByteToWideChar
CompareStringW
IsDBCSLeadByte
FindFirstFileW
GetFileType
SetCurrentDirectoryW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameA
ExitProcess
HeapSize
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualAlloc
VirtualFree
HeapCreate
InterlockedDecrement
GetCurrentThreadId
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetCommandLineA
RaiseException
GetSystemTimeAsFileTime
SetEndOfFile
SetFilePointer
GetStdHandle
WriteFile
FlushFileBuffers
GetLongPathNameW
MoveFileW
GetShortPathNameW
CreateDirectoryW
RemoveDirectoryW
GlobalAlloc
DeleteFileW
FindClose
CreateFileW
DeviceIoControl
SetFileTime
GetCurrentProcess
CloseHandle
CreateHardLinkW
SetLastError
GetLastError
GetCurrentDirectoryW
CreateFileA
GetCPInfo
HeapAlloc
HeapReAlloc
HeapFree
RtlUnwind

user32

EnableWindow
ShowWindow
GetDlgItem
MessageBoxW
FindWindowExW
GetParent
MapWindowPoints
CreateWindowExW
UpdateWindow
LoadCursorW
RegisterClassExW
DefWindowProcW
DestroyWindow
CopyRect
IsWindow
CharUpperW
OemToCharBuffA
LoadIconW
PostMessageW
GetSysColor
SetForegroundWindow
WaitForInputIdle
IsWindowVisible
DialogBoxParamW
DestroyIcon
SetFocus
GetClassNameW
SendDlgItemMessageW
EndDialog
GetDlgItemTextW
SetDlgItemTextW
wvsprintfW
SendMessageW
GetDC
ReleaseDC
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
LoadStringW
GetWindowRect
GetClientRect
SetWindowPos
GetWindowTextW
SetWindowTextW
GetSystemMetrics
GetWindow
GetWindowLongW
SetWindowLongW
LoadBitmapW

gdi32

GetDeviceCaps
CreateCompatibleDC
GetObjectW
CreateCompatibleBitmap
SelectObject
StretchBlt
DeleteDC
DeleteObject

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

SHChangeNotify
SHGetFileInfoW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteExW
SHFileOperationW

ole32

CLSIDFromString
CoCreateInstance
OleInitialize
OleUninitialize
CreateStreamOnHGlobal

oleaut32

VariantInit

Sections

.text
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
foo/907b7d9a23ed7821abb700fcbe1c9bb3
.exe windows:4 windows x86 arch:x86

958159bb2b2a48f4f42f4a53a4d7f287

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetAdaptersInfo

winmm

midiOutReset
midiStreamClose
midiStreamRestart
waveOutRestart
midiStreamStop
midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
midiOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutClose
waveOutReset
waveOutPause
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader
PlaySoundA

ws2_32

WSAAsyncSelect
closesocket
send
select
WSAStartup
gethostbyname
inet_ntoa
inet_addr
WSACleanup
ntohl
htons
accept
getpeername
recv
connect
ioctlsocket
recvfrom
socket

msvfw32

DrawDibDraw

avifil32

AVIStreamInfoA
AVIStreamGetFrame

kernel32

CreateMutexA
SuspendThread
InterlockedIncrement
InterlockedDecrement
FileTimeToSystemTime
FileTimeToLocalFileTime
lstrcpynA
DuplicateHandle
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetThreadLocale
lstrcmpiA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
lstrcmpA
LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
TlsSetValue
LocalReAlloc
TlsGetValue
GetFileTime
GetCurrentThread
GlobalFlags
SetErrorMode
GetProcessVersion
GetCPInfo
GetOEMCP
GetStartupInfoA
RtlUnwind
GetSystemTime
GetLocalTime
RaiseException
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
IsDBCSLeadByte
FlushInstructionCache
WideCharToMultiByte
FormatMessageA
TerminateThread
LocalFree
GetVersion
GetTimeZoneInformation
SetLastError
MultiByteToWideChar
GetSystemDirectoryA
GetWindowsDirectoryA
TerminateProcess
GetCurrentProcess
GetFileSize
SetFilePointer
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
ReadFile
GetLastError
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
lstrlenW
RemoveDirectoryA
GetModuleFileNameA
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
lstrlenA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetUserDefaultLCID
GetFullPathNameA
FreeLibrary
LoadLibraryA
GetVersionExA
WritePrivateProfileStringA
GetPrivateProfileStringA
CreateThread
CreateEventA
Sleep
ExpandEnvironmentStringsA
GlobalAlloc
GlobalLock
GlobalUnlock
GetTempPathA
FindFirstFileA
FindClose
GetFileAttributesA
MoveFileA
DeleteFileA
CreateDirectoryA
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
MulDiv
SetLocalTime
GetCommandLineA
GetTickCount
CreateProcessA
WaitForSingleObject
CloseHandle
InterlockedExchange
ReleaseMutex

user32

SetWindowContextHelpId
MapDialogRect
GetNextDlgGroupItem
PostThreadMessageA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
IsDialogMessageA
ScrollWindowEx
SendDlgItemMessageA
MapWindowPoints
AdjustWindowRectEx
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollPos
RegisterClassA
GetClassLongA
GetMessageTime
GetLastActivePopup
RegisterWindowMessageA
GetWindowPlacement
EndDialog
CreateDialogIndirectParamA
DestroyWindow
EndPaint
BeginPaint
CharUpperA
GetWindowTextLengthA
SetWindowTextA
GetTabbedTextExtentA
EnumChildWindows
UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExA
MoveWindow
GetCursor
CheckMenuItem
GetMenuStringA
GetMenuState
GrayStringA
DrawTextA
TabbedTextOutA
WindowFromDC
IsMenu
GetMenuItemID
GetMenuItemRect
DrawMenuBar
RemovePropA
GetPropA
SetPropA
GetSysColorBrush
GetWindowDC
GetMenuItemInfoA
GetMenuItemCount
GetForegroundWindow
UnregisterHotKey
RegisterHotKey
CreateWindowExA
CallWindowProcA
UnregisterClassA
FrameRect
GetNextDlgTabItem
GetWindowTextA
FindWindowExA
GetDlgItem
FindWindowA
GetClassNameA
GetDesktopWindow
LoadIconA
TranslateMessage
DrawFrameControl
DrawEdge
CharNextA
WindowFromPoint
GetMessageA
DispatchMessageA
SetRectEmpty
RegisterClipboardFormatA
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
CreatePopupMenu
AppendMenuA
ModifyMenuA
CreateMenu
CreateAcceleratorTableA
GetDlgCtrlID
GetSubMenu
EnableMenuItem
ClientToScreen
EnumDisplaySettingsA
LoadImageA
SystemParametersInfoA
ShowWindow
IsWindowEnabled
TranslateAcceleratorA
GetKeyState
CopyAcceleratorTableA
PostQuitMessage
IsZoomed
GetClassInfoA
DefWindowProcA
GetSystemMenu
DeleteMenu
GetMenu
SetMenu
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer
ReleaseCapture
GetCapture
SetCapture
GetScrollRange
SetScrollRange
SetScrollPos
SetRect
InflateRect
IntersectRect
DestroyIcon
PtInRect
OffsetRect
IsWindowVisible
EnableWindow
RedrawWindow
GetWindowLongA
SetWindowLongA
GetSysColor
SetActiveWindow
SetCursorPos
LoadCursorA
SetCursor
GetDC
FillRect
InvertRect
IsRectEmpty
ScrollDC
ReleaseDC
IsChild
TrackPopupMenu
DestroyMenu
SetForegroundWindow
GetWindowRect
EqualRect
UpdateWindow
ValidateRect
InvalidateRect
GetClientRect
GetFocus
GetParent
GetTopWindow
PostMessageA
IsWindow
SetParent
DestroyCursor
SendMessageA
SetWindowPos
MessageBeep
MessageBoxA
GetCursorPos
GetSystemMetrics
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
wsprintfA
WaitForInputIdle
LoadStringA
DrawFocusRect
ScreenToClient
DrawStateA

gdi32

GetROP2
GetBkColor
GetBkMode
GetStretchBltMode
GetPolyFillMode
GetTextColor
CreateCompatibleBitmap
CreateDCA
CreateBrushIndirect
CreateHatchBrush
CreateBitmap
CreatePatternBrush
CreateRoundRectRgn
SelectObject
CreatePen
PatBlt
CreateEllipticRgn
CombineRgn
TranslateCharsetInfo
GetClipBox
PtVisible
RectVisible
ExtTextOutA
Escape
SetWindowOrgEx
SaveDC
RestoreDC
CreatePenIndirect
CreateRectRgn
SetPolyFillMode
SetROP2
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
FillRgn
SetWindowExtEx
ScaleWindowExtEx
ExcludeClipRect
MoveToEx
LineTo
ExtSelectClipRgn
GetViewportExtEx
GetTextMetricsA
GetMapMode
TextOutA
SetBkColor
CreateRectRgnIndirect
CreateDIBSection
SetPixel
ExtCreateRegion
SetStretchBltMode
GetClipRgn
CreatePolygonRgn
SelectClipRgn
DeleteObject
CreateDIBitmap
GetSystemPaletteEntries
CreatePalette
StretchBlt
SelectPalette
RealizePalette
GetDIBits
GetWindowExtEx
GetViewportOrgEx
GetWindowOrgEx
CreateSolidBrush
CreateFontIndirectA
GetStockObject
GetObjectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
GetPixel
CreateCompatibleDC
SetPixelV
ScaleViewportExtEx
CreateFontA
SetDIBitsToDevice
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
Pie
Chord
Arc
Polygon
GetTextExtentPoint32A
SetTextColor
GetDeviceCaps
BeginPath
EndPath
PathToRegion
SetBkMode

msimg32

GradientFill
TransparentBlt
AlphaBlend

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

comdlg32

GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA
ChooseFontA
ChooseColorA

advapi32

RegCreateKeyExA
RegQueryValueA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHGetSpecialFolderPathA
Shell_NotifyIconA
ShellExecuteA
DragQueryFileA
DragAcceptFiles
DragFinish

ole32

CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
OleFlushClipboard
CoDisconnectObject
OleIsCurrentClipboard
CoGetClassObject
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
OleInitialize
OleUninitialize
CLSIDFromString
CoCreateInstance
OleRun

oleaut32

SafeArrayUnaccessData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayAccessData
VariantChangeType
VariantClear
VariantCopy
SafeArrayGetElement
VariantCopyInd
VariantInit
SysAllocString
SafeArrayDestroy
VariantTimeToSystemTime
SysStringLen
SafeArrayCreate
SafeArrayPutElement
RegisterTypeLi
SafeArrayGetUBound
LHashValOfNameSys
LoadTypeLi
SysAllocStringLen
OleCreateFontIndirect
UnRegisterTypeLi
SysFreeString
SafeArrayGetElemsize
SysAllocStringByteLen

comctl32

ImageList_Duplicate
ImageList_DrawIndirect
ImageList_Write
ImageList_Read
ImageList_GetIcon
ord17
ImageList_EndDrag
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_GetImageInfo
ImageList_GetImageCount
ImageList_SetBkColor
ImageList_AddMasked
ImageList_Draw
_TrackMouseEvent
ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy

oledlg

ord8

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 140KB - Virtual size: 624KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 296KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
foo/928f1db0c63d122f0183686a3bdfccee
.exe windows:4 windows x86 arch:x86

d3a49dad10f0a895d5065b5fe37eaf2a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegEnumValueW
RegOpenKeyExW
CryptReleaseContext
CryptEncrypt
CryptDecrypt
RegCloseKey
LookupPrivilegeValueW
CryptCreateHash
IsValidSid
EqualSid
RegSaveKeyW
RegSetValueExW
CryptDestroyHash
OpenThreadToken
RegEnumKeyExW
CryptDestroyKey
GetSidSubAuthorityCount
AllocateAndInitializeSid
CryptAcquireContextW
CryptHashData
FreeSid
GetSidIdentifierAuthority
RegQueryInfoKeyW
RegQueryValueExA
RegDeleteKeyW
GetUserNameW
AdjustTokenPrivileges
RegDeleteValueW
OpenProcessToken
RegCreateKeyExW
CryptDeriveKey
GetTokenInformation
GetSidSubAuthority
RegQueryValueExW
RegOpenKeyExA
OpenSCManagerW

gdi32

SelectObject
DeleteObject
CreateFontIndirectW
GetObjectW
GetCurrentObject

kernel32

CreateEventW
FindNextFileW
GetLocalTime
lstrcpyA
IsBadCodePtr
lstrcpynW
IsBadStringPtrW
GetCurrentProcessId
WideCharToMultiByte
LoadLibraryW
GetModuleHandleA
lstrlenA
ReleaseMutex
FindFirstFileW
LocalAlloc
GetCurrentProcess
LocalFree
lstrcmpiW
InitializeCriticalSection
GetACP
lstrcatW
MultiByteToWideChar
GetVersion
WaitForSingleObject
GlobalUnlock
GlobalFree
GetModuleFileNameW
lstrlenW
GlobalReAlloc
lstrcatA
MulDiv
TlsSetValue
GetProfileIntW
GetCurrentThread
GlobalLock
CreateMutexW
GlobalAlloc
SetLastError
GetComputerNameW
Sleep
VirtualAlloc
FormatMessageW
FreeLibraryAndExitThread
TlsGetValue
GetLastError
CreateThread
TlsFree
IsBadStringPtrA
QueryPerformanceCounter
OutputDebugStringA
CloseHandle
TlsAlloc
GetProcAddress
ResetEvent
GlobalSize
GetTickCount
GetWindowsDirectoryW
GetSystemDirectoryW
GlobalHandle
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
DeleteFileW
HeapAlloc
lstrcmpW
LeaveCriticalSection
HeapFree
IsBadReadPtr
SetEvent
GetProcessHeap
FreeLibrary
GetModuleHandleW
lstrcpyW
DeleteCriticalSection
IsBadWritePtr
InterlockedDecrement

rpcrt4

RpcStringFreeW
I_RpcExceptionFilter
RpcBindingFromStringBindingW
RpcBindingFree
RpcStringBindingComposeW
RpcBindingSetAuthInfoW
NdrClientCall2

rtutils

TraceRegisterExW
TraceDeregisterW
TraceVprintfExA

shlwapi

StrCmpW
StrCmpIW
StrToIntW
StrChrW
StrCpyNW
StrCmpNW

user32

EnumChildWindows
KillTimer
EndDialog
GetSystemMetrics
GetWindowTextW
CreateWindowExW
SetDlgItemInt
DefWindowProcW
LoadStringW
CheckRadioButton
GetThreadDesktop
SendMessageW
DestroyWindow
GetWindowLongW
RegisterClassW
GetFocus
MessageBoxW
GetDlgItemInt
wsprintfA
GetUserObjectInformationW
GetClientRect
SendDlgItemMessageW
WinHelpW
MessageBeep
SetWindowPos
GetWindowRect
SetWindowTextW
EnableWindow
GetClipboardData
PostMessageW
SetFocus
SetWindowLongW
DialogBoxParamW
GetActiveWindow
CloseClipboard
EnumWindows
IsWindow
LoadStringA
SetForegroundWindow
OpenClipboard
ShowWindow
GetKeyState
wsprintfW
GetParent
SetTimer
SetClipboardData
IsWindowEnabled

winmm

waveOutMessage
midiOutMessage
midiInMessage
waveInMessage

ole32

OleInitialize

midimap

DriverProc

wiadss

FindImportDSByDeviceName

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 732KB - Virtual size: 807KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
foo/9401b0788dc22eeb1dace02d23a9596c
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\all\source\repos\csjoke\csjoke\obj\Debug\CSJ.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 419KB - Virtual size: 419KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
foo/97dd8726304f889ef12ef1beb510be84
.exe windows:5 windows x86 arch:x86

f4a7a2712a4579cce89d8e4bdf2986b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Individ\Release\2's.pdb

Imports

kernel32

GetProcessHeap
SetEndOfFile
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
GetTimeZoneInformation
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetACP
HeapSize
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetFilePointer
ReadFile
FlushFileBuffers
GetConsoleMode
GetConsoleCP
HeapReAlloc
VirtualFree
HeapCreate
HeapAlloc
GetFileType
InitializeCriticalSectionAndSpinCount
LoadLibraryA
WriteFile
GetTempPathW
GetModuleFileNameW
VirtualAlloc
VirtualLock
CreateEventA
GetModuleFileNameA
WaitForSingleObject
GetStdHandle
SetConsoleTextAttribute
FindFirstChangeNotificationA
CloseHandle
FindNextChangeNotification
Sleep
EnumSystemLanguageGroupsA
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
CompareStringW
CompareStringA
GetDateFormatA
GetTimeFormatA
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoA
GetCommandLineA
HeapFree
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetEnvironmentVariableA
GetCurrentProcess
FindFirstFileA
GetLastError
FindNextFileA
FindClose
WideCharToMultiByte
MultiByteToWideChar
RaiseException
ExitThread
QueryDosDeviceA
TerminateProcess
RtlUnwind
ExitProcess
GetProcAddress
GetModuleHandleW
CreateThread
ResumeThread
SetHandleCount
GetModuleHandleA
GetLocaleInfoA
InterlockedCompareExchange
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection

user32

IsWindow
GetWindowRect
FillRect
OffsetRect
InflateRect
SendMessageA
GetWindowLongA
LoadIconA
MapWindowPoints
GetWindowTextA
GetForegroundWindow
GetAsyncKeyState
LoadStringW
CreatePopupMenu
AppendMenuW
GetMessagePos
SetForegroundWindow
CreateWindowExA
SetTimer
KillTimer
SystemParametersInfoA
LoadCursorA
RegisterClassA
GetMessageA
DispatchMessageA
GetDlgItem
GetDC
BeginPaint
GetParent
IsDlgButtonChecked
LoadImageA
EndPaint
GetCursorPos
ScreenToClient
GetClientRect
PtInRect
InvalidateRect
CallWindowProcA
TrackPopupMenu
GetSystemMenu
EnableMenuItem
EnableWindow

gdi32

GetTextMetricsW
SelectClipRgn
CreateSolidBrush
ResetDCW
StartDocA
MoveToEx
SelectObject
DeleteObject
BitBlt
GetStockObject
FillRgn
GetPixel
ExcludeClipRect

winspool.drv

DeviceCapabilitiesA
ResetPrinterW
SetPrinterDataExA

shell32

Shell_NotifyIconA
SHGetInstanceExplorer
ShellExecuteA

ole32

StgCreateDocfile
CoCreateInstance
OleInitialize

oleaut32

SysAllocStringByteLen
SysStringByteLen
SysFreeString
SafeArrayAllocDescriptor
UnRegisterTypeLi

opengl32

glViewport
glOrtho
glLoadIdentity
glMatrixMode

glu32

gluLookAt

comctl32

CreatePropertySheetPageA
DestroyPropertySheetPage
ord6
ord17
CreateToolbarEx
ImageList_ReplaceIcon

ws2_32

WSAStartup
closesocket

shlwapi

PathFileExistsA
SHStrDupW
PathRemoveFileSpecW

iphlpapi

GetFriendlyIfIndex

urlmon

ObtainUserAgentString

Sections

.text
Size: 281KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 338KB - Virtual size: 337KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
foo/9b8c48e6186718b7b290ceed9369a1a4
.exe windows:5 windows x86 arch:x86

20dd26497880c05caed9305b3c8b9109

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27-04-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

30-05-2020 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f3:00:df:7b:2b:64:1a:6f:68:d2:22:b5:b9:b3:a7:7c
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

16-01-2019 00:00

Not After

24-12-2021 23:59

Subject

CN=Monitor INC,O=Monitor INC,POSTALCODE=195220,STREET=d. 22 litera A ofis 610\, prospekt Grazhdanski,L=St. Petersburg,ST=Russian Federation,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f3:00:df:7b:2b:64:1a:6f:68:d2:22:b5:b9:b3:a7:7c
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

16-01-2019 00:00

Not After

24-12-2021 23:59

Subject

CN=Monitor INC,O=Monitor INC,POSTALCODE=195220,STREET=d. 22 litera A ofis 610\, prospekt Grazhdanski,L=St. Petersburg,ST=Russian Federation,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

01-08-2030 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1e:c5:d0:84:4d:90:88:4e:4c:7a:5e:17:34:62:e8:f3:53:24:28:4f:d1:b0:c4:b2:b4:d6:e3:d4:16:d7:9b:4b
Signer

Actual PE Digest

1e:c5:d0:84:4d:90:88:4e:4c:7a:5e:17:34:62:e8:f3:53:24:28:4f:d1:b0:c4:b2:b4:d6:e3:d4:16:d7:9b:4b

Digest Algorithm

sha256

PE Digest Matches

true

84:ab:eb:22:21:07:75:be:2a:7a:16:23:fc:8a:5a:93:73:63:88:35
Signer

Actual PE Digest

84:ab:eb:22:21:07:75:be:2a:7a:16:23:fc:8a:5a:93:73:63:88:35

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

user32

GetKeyboardType
LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
TranslateMessage
SetWindowLongW
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW
LoadStringW
GetSystemMetrics
ExitWindowsEx
DispatchMessageW
DestroyWindow
CharUpperBuffW
CallWindowProcW

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
SizeofResource
SignalObjectAndWait
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResetEvent
RemoveDirectoryW
ReadFile
MultiByteToWideChar
LockResource
LoadResource
LoadLibraryW
GetWindowsDirectoryW
GetVersionExW
GetVersion
GetUserDefaultLangID
GetThreadLocale
GetSystemInfo
GetSystemDirectoryW
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesW
GetExitCodeProcess
GetEnvironmentVariableW
GetDiskFreeSpaceW
GetCurrentProcess
GetCommandLineW
GetCPInfo
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
EnumCalendarInfoW
DeleteFileW
CreateProcessW
CreateFileW
CreateEventW
CreateDirectoryW
CloseHandle
Sleep

comctl32

InitCommonControls

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 21KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
foo/9cde71abfd2a6aeb83cdd233cbc04fcd
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
foo/9d3438ba1dbdbcc2a65451893e38004b
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 2.9MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 293KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
foo/9f88187d774cc9eaf89dc65479c4302d
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

z2g$&S
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 318KB - Virtual size: 318KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
foo/a17bdcde184026e23ae6dc8723f73fcf
.exe windows:4 windows x86 arch:x86

baa93d47220682c04d92f7797d9224ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

comctl32

InitCommonControls

Sections

Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

gunklgch
Size: 753KB - Virtual size: 760KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

oziarfdc
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
foo/a2981192a30538e97b55f363abbce946
.exe windows:4 windows x86 arch:x86

696a817420821c59c0d146afa525882e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasHangUpA
RasGetConnectStatusA

kernel32

lstrcmpiA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
DuplicateHandle
lstrcpynA
FileTimeToLocalFileTime
WideCharToMultiByte
MultiByteToWideChar
GetCurrentProcess
SetLastError
GetTimeZoneInformation
FileTimeToSystemTime
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
IsBadCodePtr
IsBadReadPtr
InterlockedIncrement
CompareStringA
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
IsBadWritePtr
VirtualAlloc
LCMapStringW
LCMapStringA
SetEnvironmentVariableA
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetFileType
SetStdHandle
GetACP
HeapSize
TerminateProcess
GetLocalTime
ReadFile
GetLastError
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
GetModuleFileNameA
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetFullPathNameA
FreeLibrary
LoadLibraryA
lstrlenA
GetVersionExA
WritePrivateProfileStringA
CreateThread
CreateEventA
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
FindFirstFileA
FindClose
SetFileAttributesA
GetFileAttributesA
DeleteFileA
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
GetSystemTime
RaiseException
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
GetFileSize
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcmpA
GetVersion
MulDiv
GetCommandLineA
GetTickCount
CreateProcessA
WaitForSingleObject
CloseHandle
LocalFree
InterlockedDecrement
CompareStringW
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom

user32

GetCursorPos
MessageBoxA
SetWindowPos
SendMessageA
DestroyCursor
SetParent
IsWindow
PostMessageA
GetTopWindow
GetParent
GetFocus
GetClientRect
InvalidateRect
ValidateRect
UpdateWindow
GetSystemMetrics
EqualRect
GetWindowRect
SetForegroundWindow
DestroyMenu
IsChild
ReleaseDC
IsRectEmpty
FillRect
GetDC
SetCursor
LoadCursorA
SetActiveWindow
GetSysColor
SetWindowLongA
GetWindowLongA
RedrawWindow
EnableWindow
IsWindowVisible
OffsetRect
PtInRect
DestroyIcon
IntersectRect
SetRect
InflateRect
SetScrollPos
SetScrollRange
GetScrollRange
SetCapture
GetCapture
ReleaseCapture
SetTimer
KillTimer
WinHelpA
LoadBitmapA
CopyRect
ChildWindowFromPointEx
ScreenToClient
GetMessagePos
SetWindowRgn
DestroyAcceleratorTable
GetWindow
GetActiveWindow
SetFocus
IsIconic
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
wsprintfA
WaitForInputIdle
SetCursorPos
DestroyWindow
PeekMessageA
SetMenu
GetMenu
DefWindowProcA
GetClassInfoA
DeleteMenu
GetSysColorBrush
LoadStringA
GetDesktopWindow
GetClassNameA
GetMenuCheckMarkDimensions
GetMenuState
SetMenuItemBitmaps
CheckMenuItem
MoveWindow
IsDialogMessageA
ScrollWindowEx
GetForegroundWindow
SetWindowTextA
SystemParametersInfoA
TranslateMessage
LoadIconA
DrawFrameControl
DrawEdge
DrawFocusRect
WindowFromPoint
GetMessageA
DispatchMessageA
SetRectEmpty
RegisterClipboardFormatA
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
CreatePopupMenu
AppendMenuA
ModifyMenuA
CreateMenu
CreateAcceleratorTableA
GetDlgCtrlID
GetSubMenu
EnableMenuItem
ClientToScreen
EnumDisplaySettingsA
LoadImageA
ShowWindow
IsWindowEnabled
TranslateAcceleratorA
GetKeyState
CopyAcceleratorTableA
PostQuitMessage
IsZoomed
GetSystemMenu
GetWindowTextA
GetWindowTextLengthA
CharUpperA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
UnregisterClassA
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetLastActivePopup
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA

gdi32

GetSystemPaletteEntries
CreatePalette
StretchBlt
SelectPalette
RealizePalette
GetDIBits
GetWindowExtEx
GetViewportOrgEx
GetWindowOrgEx
BeginPath
EndPath
PathToRegion
CreateEllipticRgn
CreateRoundRectRgn
GetTextColor
GetBkMode
GetBkColor
GetROP2
GetStretchBltMode
GetPolyFillMode
CreateCompatibleBitmap
CreateDCA
CreateBitmap
SelectObject
GetObjectA
CreatePen
PatBlt
FillRgn
CreateRectRgn
CombineRgn
CreateSolidBrush
GetStockObject
CreateFontIndirectA
EndPage
EndDoc
DeleteDC
StartDocA
CreateDIBitmap
BitBlt
CreateCompatibleDC
Ellipse
Rectangle
DeleteObject
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
GetDeviceCaps
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
ExcludeClipRect
MoveToEx
LineTo
SelectClipRgn
CreatePolygonRgn
GetClipRgn
SetStretchBltMode
CreateRectRgnIndirect
SetBkColor
ExtSelectClipRgn
GetViewportExtEx
LPtoDP
StartPage
GetTextMetricsA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible

winmm

waveOutUnprepareHeader
waveOutPrepareHeader
waveOutWrite
waveOutPause
waveOutReset
waveOutClose
waveOutGetNumDevs
waveOutOpen
midiOutUnprepareHeader
midiStreamOpen
midiStreamProperty
midiOutPrepareHeader
midiStreamOut
midiStreamStop
midiOutReset
midiStreamClose
midiStreamRestart

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegCreateKeyExA
RegQueryValueA
RegSetValueExA
RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteA
Shell_NotifyIconA

ole32

CLSIDFromString
OleUninitialize
OleInitialize

oleaut32

UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi

comctl32

ord17
ImageList_Destroy

ws2_32

WSAAsyncSelect
closesocket
send
select
WSACleanup
recvfrom
ioctlsocket
recv
WSAStartup
getpeername
accept
inet_ntoa

wininet

HttpQueryInfoA
InternetOpenA
InternetCloseHandle
InternetSetOptionA
InternetConnectA
InternetReadFile
InternetCanonicalizeUrlA
HttpSendRequestA
HttpOpenRequestA
InternetCrackUrlA

comdlg32

ChooseColorA
GetSaveFileNameA
GetOpenFileNameA
GetFileTitleA

Sections

.text
Size: 420KB - Virtual size: 416KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 252KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
foo/aa3b51bd50bcc98f763cffcf7f907152
.exe windows:4 windows x86 arch:x86

55802a715ae039d99bfed6421f807cd0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
ord709
__vbaChkstk
EVENT_SINK_AddRef
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord608
__vbaFPException
__vbaStrVarVal
ord534
_CIlog
__vbaFileOpen
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaStrToAnsi
_CIatan
__vbaStrMove
ord619
_allmul
_CItan
_CIexp
__vbaFreeStr

Sections

.text
Size: 816KB - Virtual size: 814KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
foo/acf0b7f4fe980501192187bb9b8e20c4
.exe windows:5 windows x86 arch:x86

eb97e4fc5518ac300a92a11673825e0b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSACleanup
socket
inet_ntoa
setsockopt
ntohs
recvfrom
ioctlsocket
htons
WSAStartup
__WSAFDIsSet
select
accept
listen
bind
closesocket
WSAGetLastError
recv
sendto
send
inet_addr
gethostbyname
gethostname
connect

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

winmm

timeGetTime
waveOutSetVolume
mciSendStringW

comctl32

ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Remove
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
InitCommonControlsEx
ImageList_Create

mpr

WNetUseConnectionW
WNetCancelConnection2W
WNetGetConnectionW
WNetAddConnection2W

wininet

InternetQueryDataAvailable
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetCrackUrlW
HttpQueryInfoW
InternetQueryOptionW
HttpOpenRequestW
HttpSendRequestW
FtpOpenFileW
FtpGetFileSize
InternetOpenUrlW
InternetReadFile
InternetConnectW

psapi

GetProcessMemoryInfo

iphlpapi

IcmpCreateFile
IcmpCloseHandle
IcmpSendEcho

userenv

DestroyEnvironmentBlock
UnloadUserProfile
CreateEnvironmentBlock
LoadUserProfileW

uxtheme

IsThemeActive

kernel32

DuplicateHandle
CreateThread
WaitForSingleObject
HeapAlloc
GetProcessHeap
HeapFree
Sleep
GetCurrentThreadId
MultiByteToWideChar
MulDiv
GetVersionExW
IsWow64Process
GetSystemInfo
FreeLibrary
LoadLibraryA
GetProcAddress
SetErrorMode
GetModuleFileNameW
WideCharToMultiByte
lstrcpyW
lstrlenW
GetModuleHandleW
QueryPerformanceCounter
VirtualFreeEx
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
CreateFileW
SetFilePointerEx
SetEndOfFile
ReadFile
WriteFile
FlushFileBuffers
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetFileTime
GetFileAttributesW
FindFirstFileW
SetCurrentDirectoryW
GetLongPathNameW
GetShortPathNameW
DeleteFileW
FindNextFileW
CopyFileExW
MoveFileW
CreateDirectoryW
RemoveDirectoryW
SetSystemPowerState
QueryPerformanceFrequency
FindResourceW
LoadResource
LockResource
SizeofResource
EnumResourceNamesW
OutputDebugStringW
GetTempPathW
GetTempFileNameW
DeviceIoControl
GetLocalTime
CompareStringW
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
CreatePipe
InterlockedExchange
TerminateThread
LoadLibraryExW
FindResourceExW
CopyFileW
VirtualFree
FormatMessageW
GetExitCodeProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetVolumeInformationW
SetVolumeLabelW
CreateHardLinkW
SetFileAttributesW
CreateEventW
SetEvent
GetEnvironmentVariableW
SetEnvironmentVariableW
GlobalLock
GlobalUnlock
GlobalAlloc
GetFileSize
GlobalFree
GlobalMemoryStatusEx
Beep
GetSystemDirectoryW
HeapReAlloc
HeapSize
GetComputerNameW
GetWindowsDirectoryW
GetCurrentProcessId
GetProcessIoCounters
CreateProcessW
GetProcessId
SetPriorityClass
LoadLibraryW
VirtualAlloc
IsDebuggerPresent
GetCurrentDirectoryW
lstrcmpiW
DecodePointer
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
GetCurrentThread
CloseHandle
GetFullPathNameW
EncodePointer
ExitProcess
GetModuleHandleExW
ExitThread
GetSystemTimeAsFileTime
ResumeThread
GetCommandLineW
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetStringTypeW
SetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
RtlUnwind
ReadConsoleW
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
FindClose
SetEnvironmentVariableA

user32

AdjustWindowRectEx
CopyImage
SetWindowPos
GetCursorInfo
RegisterHotKey
ClientToScreen
GetKeyboardLayoutNameW
IsCharAlphaW
IsCharAlphaNumericW
IsCharLowerW
IsCharUpperW
GetMenuStringW
GetSubMenu
GetCaretPos
IsZoomed
MonitorFromPoint
GetMonitorInfoW
SetWindowLongW
SetLayeredWindowAttributes
FlashWindow
GetClassLongW
TranslateAcceleratorW
IsDialogMessageW
GetSysColor
InflateRect
DrawFocusRect
DrawTextW
FrameRect
DrawFrameControl
FillRect
PtInRect
DestroyAcceleratorTable
CreateAcceleratorTableW
SetCursor
GetWindowDC
GetSystemMetrics
GetActiveWindow
CharNextW
wsprintfW
RedrawWindow
DrawMenuBar
DestroyMenu
SetMenu
GetWindowTextLengthW
CreateMenu
IsDlgButtonChecked
DefDlgProcW
CallWindowProcW
ReleaseCapture
SetCapture
CreateIconFromResourceEx
mouse_event
ExitWindowsEx
SetActiveWindow
FindWindowExW
EnumThreadWindows
SetMenuDefaultItem
InsertMenuItemW
IsMenu
TrackPopupMenuEx
GetCursorPos
DeleteMenu
SetRect
GetMenuItemID
GetMenuItemCount
SetMenuItemInfoW
GetMenuItemInfoW
SetForegroundWindow
IsIconic
FindWindowW
MonitorFromRect
keybd_event
SendInput
GetAsyncKeyState
SetKeyboardState
GetKeyboardState
GetKeyState
VkKeyScanW
LoadStringW
DialogBoxParamW
MessageBeep
EndDialog
SendDlgItemMessageW
GetDlgItem
SetWindowTextW
CopyRect
ReleaseDC
GetDC
EndPaint
BeginPaint
GetClientRect
GetMenu
DestroyWindow
EnumWindows
GetDesktopWindow
IsWindow
IsWindowEnabled
IsWindowVisible
EnableWindow
InvalidateRect
GetWindowLongW
GetWindowThreadProcessId
AttachThreadInput
GetFocus
GetWindowTextW
ScreenToClient
SendMessageTimeoutW
EnumChildWindows
CharUpperBuffW
GetParent
GetDlgCtrlID
SendMessageW
MapVirtualKeyW
PostMessageW
GetWindowRect
SetUserObjectSecurity
CloseDesktop
CloseWindowStation
OpenDesktopW
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
GetUserObjectSecurity
MessageBoxW
DefWindowProcW
SetClipboardData
EmptyClipboard
CountClipboardFormats
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
BlockInput
GetMessageW
LockWindowUpdate
DispatchMessageW
TranslateMessage
PeekMessageW
UnregisterHotKey
CheckMenuRadioItem
CharLowerBuffW
MoveWindow
SetFocus
PostQuitMessage
KillTimer
CreatePopupMenu
RegisterWindowMessageW
SetTimer
ShowWindow
CreateWindowExW
RegisterClassExW
LoadIconW
LoadCursorW
GetSysColorBrush
GetForegroundWindow
MessageBoxA
DestroyIcon
SystemParametersInfoW
LoadImageW
GetClassNameW

gdi32

StrokePath
DeleteObject
GetTextExtentPoint32W
ExtCreatePen
GetDeviceCaps
EndPath
SetPixel
CloseFigure
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
StretchBlt
GetDIBits
LineTo
AngleArc
MoveToEx
Ellipse
DeleteDC
GetPixel
CreateDCW
GetStockObject
GetTextFaceW
CreateFontW
SetTextColor
PolyDraw
BeginPath
Rectangle
SetViewportOrgEx
GetObjectW
SetBkMode
RoundRect
SetBkColor
CreatePen
CreateSolidBrush
StrokeAndFillPath

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

GetAce
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegConnectRegistryW
InitializeSecurityDescriptor
InitializeAcl
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
CreateProcessWithLogonW
GetLengthSid
CopySid
LogonUserW
AllocateAndInitializeSid
CheckTokenMembership
RegCreateKeyExW
FreeSid
GetTokenInformation
GetSecurityDescriptorDacl
GetAclInformation
AddAce
SetSecurityDescriptorDacl
GetUserNameW
InitiateSystemShutdownExW

shell32

DragQueryPoint
ShellExecuteExW
DragQueryFileW
SHEmptyRecycleBinW
SHGetPathFromIDListW
SHBrowseForFolderW
SHCreateShellItem
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetFolderPathW
SHFileOperationW
ExtractIconExW
Shell_NotifyIconW
ShellExecuteW
DragFinish

ole32

CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
ProgIDFromCLSID
CLSIDFromProgID
OleSetMenuDescriptor
MkParseDisplayName
OleSetContainedObject
CoCreateInstance
IIDFromString
StringFromGUID2
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoInitialize
CoUninitialize
GetRunningObjectTable
CoGetInstanceFromFile
CoGetObject
CoSetProxyBlanket
CoCreateInstanceEx
CoInitializeSecurity

oleaut32

LoadTypeLibEx
VariantCopyInd
SysReAllocString
SysFreeString
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayAllocData
SafeArrayAllocDescriptorEx
SafeArrayCreateVector
RegisterTypeLi
CreateStdDispatch
DispCallFunc
VariantChangeType
SysStringLen
VariantTimeToSystemTime
VarR8FromDec
SafeArrayGetVartype
VariantCopy
VariantClear
OleLoadPicture
QueryPathOfRegTypeLi
RegisterTypeLibForUser
UnRegisterTypeLibForUser
UnRegisterTypeLi
CreateDispTypeInfo
SysAllocString
VariantInit

Sections

.text
Size: 568KB - Virtual size: 567KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
foo/aeca5c301d02253e8ffcc240c08f61f7
.exe windows:4 windows x86 arch:x86

f4af18d37337ca529e10e6495ff8e459

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

39:b2:a6:49:48:b0:2d:c7:bd:5d:6d:f1:63:56:d0:a2
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

08-10-2018 00:00

Not After

08-10-2019 23:59

Subject

CN=MicroNames Corp,OU=IT Team,O=MicroNames Corp,L=Guro-gu,ST=SEOUL,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d0:7f:a8:8f:c6:ba:8a:24:28:85:9a:0d:e5:ad:02:f1:31:97:a9:6b:ca:80:4e:fa:a0:fc:40:86:fc:fe:78:d1
Signer

Actual PE Digest

d0:7f:a8:8f:c6:ba:8a:24:28:85:9a:0d:e5:ad:02:f1:31:97:a9:6b:ca:80:4e:fa:a0:fc:40:86:fc:fe:78:d1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
ord513
__vbaFreeObjList
_adj_fprem1
__vbaRecAnsiToUni
ord518
__vbaVarCmpNe
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
__vbaExitProc
ord593
__vbaVarForInit
ord594
__vbaOnError
ord595
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
ord598
__vbaVarIndexLoad
ord520
__vbaStrFixstr
__vbaVarTstLt
__vbaBoolVarNull
__vbaRefVarAry
_CIsin
ord631
ord525
ord632
__vbaVarCmpGt
__vbaChkstk
EVENT_SINK_AddRef
ord528
__vbaGenerateBoundsError
ord529
__vbaStrCmp
__vbaVarTstEq
ord560
__vbaI2I4
DllFunctionCall
__vbaVarOr
_adj_fpatan
__vbaFixstrConstruct
__vbaLateIdCallLd
__vbaRecUniToAnsi
EVENT_SINK_Release
ord600
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
__vbaStrToUnicode
ord712
ord606
_adj_fprem
_adj_fdivr_m64
__vbaVarDiv
ord608
ord530
ord531
__vbaFPException
ord717
__vbaInStrVar
ord532
__vbaUbound
__vbaStrVarVal
__vbaI2Var
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaInStr
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord681
__vbaFreeStrList
ord576
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
ord579
__vbaVarTstNe
__vbaI4Var
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
ord616
__vbaVarCopy
ord617
_CIatan
__vbaStrMove
__vbaAryCopy
ord619
_allmul
__vbaLenVarB
_CItan
__vbaFPInt
__vbaVarForNext
_CIexp
ord580
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
foo/b1071426aa88f31339f1b369cf13cef3
.exe windows:4 windows x86 arch:x86

6deb1f591718b3520349be0473eb059e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFilePointer
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
LoadLibraryA
InitializeCriticalSection
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
HeapReAlloc
OutputDebugStringW
DebugBreak
GetTimeZoneInformation
GetModuleFileNameA
LoadLibraryW
GetConsoleMode
SetStdHandle
IsValidCodePage
lstrcpyA
GetOEMCP
GetACP
LCMapStringW
LCMapStringA
ExitProcess
SetLastError
InterlockedIncrement
TlsFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsGetValue
DeleteCriticalSection
LeaveCriticalSection
WriteConsoleA
GetConsoleOutputCP
FlushFileBuffers
SetEndOfFile
CompareStringA
CompareStringW
GetProcessHeap
HeapFree
WideCharToMultiByte
CreateEventA
GlobalAlloc
CreateThread
GetCurrentProcessId
WaitForSingleObject
SetEvent
WaitNamedPipeA
ExitThread
GetVersionExA
GetProcAddress
GetSystemInfo
DeviceIoControl
OutputDebugStringA
Beep
GetModuleHandleA
VirtualAlloc
EnterCriticalSection
GetStartupInfoA
lstrcatA
GetComputerNameA
FormatMessageA
LocalFree
WriteFile
ReadFile
CloseHandle
HeapAlloc
GetCommandLineA
IsBadReadPtr
HeapValidate
IsDebuggerPresent
GetConsoleCP
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
lstrlenA
ResumeThread
RtlUnwind
RaiseException
GetCurrentDirectoryA
SetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeA
SetEnvironmentVariableA
InterlockedDecrement
CreateFileA
SetCommTimeouts
GetLastError
GetCPInfo
Sleep
GetFileAttributesA
GetModuleFileNameW
WriteConsoleW
GetStdHandle
GetFileType
MultiByteToWideChar

user32

FillRect
ReleaseDC
wsprintfA
SetTimer
GetSysColor
SetActiveWindow
InsertMenuItemA
SetWindowLongA
OffsetRect
DispatchMessageA
TranslateMessage
DefWindowProcA
EndPaint
BeginPaint
DrawFocusRect
CharLowerA
GetWindowTextA
GetDC
GetMessageA
GetWindowInfo
DrawIconEx
GetWindowThreadProcessId
GetWindow
DestroyIcon
LoadCursorA
GetWindowLongA
LoadBitmapA
GetDesktopWindow
GetWindowRect
LoadIconA
GetTopWindow
MessageBoxA
SetWindowTextA
GetSysColorBrush
RegisterClassExA
CreateWindowExA
SystemParametersInfoA
CreateWindowExW
InvalidateRect
CheckDlgButton
SendMessageW
SendMessageA
GetMenuState
ShowWindow
CheckMenuItem
GetClientRect
MoveWindow
CreatePopupMenu
ClientToScreen
AppendMenuW
TrackPopupMenu
DestroyMenu
DestroyWindow
PostQuitMessage
DefWindowProcW
SendDlgItemMessageA
IsDlgButtonChecked
EndDialog
CreateMenu
LoadImageW
SetMenuItemBitmaps
SetMenu
UpdateWindow

gdi32

SetMapMode
AddFontResourceExW
CreateRectRgn
CombineRgn
SetDCPenColor
BeginPath
MoveToEx
AngleArc
CreateFontW
CreateFontIndirectA
DeleteObject
SetTextColor
SetBkColor
SetBkMode
ExtTextOutA
SetWindowExtEx
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetStockObject
TextOutA
GetClipBox
BitBlt
GetObjectA
GetBkColor
CreateSolidBrush
DeleteDC
GetTextMetricsA

comdlg32

ChooseColorA

advapi32

ReadEventLogA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
GetOldestEventLogRecord
LsaClose

shell32

SHBrowseForFolderA
ord3

ole32

CoCreateInstance
CLSIDFromProgID
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoInitialize

oleaut32

SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
SafeArrayCreate
SafeArrayRedim
SafeArrayAllocDescriptor
SysFreeString
SysAllocString
VariantClear
SysAllocStringLen

crypt32

PFXImportCertStore
CertGetNameStringA
PFXExportCertStore

netapi32

NetUserAdd
NetLocalGroupAddMember

winmm

timeEndPeriod
timeGetDevCaps
timeKillEvent
timeSetEvent

comctl32

ord17

rpcrt4

RpcBindingInqOption

gdiplus

GdipCreatePen1
GdipDrawLine
GdipDeleteGraphics
GdipCreateFromHDC
GdipDeletePen

imm32

ImmGetVirtualKey

setupapi

SetupAddToSourceListA

powrprof

GetPwrCapabilities

Sections

.text
Size: 292KB - Virtual size: 289KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
foo/b2365260985173cc758575cd8059459f
.exe windows:5 windows x86 arch:x86

ac87d5c24fff5879beb04190fee9f8c0

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17-11-2006 00:00

Not After

16-07-2036 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:f4:ed:a5:fa:64:1e:70:16:27:13:42:64:01:f4:38
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

01-04-2019 00:00

Not After

31-03-2020 23:59

Subject

CN=DUHANEY LIMITED,O=DUHANEY LIMITED,L=BIRMINGHAM,ST=WEST MIDLANDS,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ed:7d:0c:37:4f:98:ff:dc:0a:16:10:c5:8e:81:0a:d5:17:b7:30:31
Signer

Actual PE Digest

ed:7d:0c:37:4f:98:ff:dc:0a:16:10:c5:8e:81:0a:d5:17:b7:30:31

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

secur32

FreeContextBuffer
QuerySecurityPackageInfoW
AcquireCredentialsHandleW
FreeCredentialsHandle
InitializeSecurityContextW
GetUserNameExW
GetUserNameExA
CompleteAuthToken

winscard

SCardReleaseContext
SCardGetStatusChangeW
SCardListReadersW
SCardEstablishContext

ws2_32

send
__WSAFDIsSet
WSAIoctl
closesocket
select
getaddrinfo
WSAStartup
socket
connect
htons
freeaddrinfo
setsockopt
inet_addr
recv
ioctlsocket
WSAGetLastError
WSACleanup

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

dbghelp

MiniDumpWriteDump

wtsapi32

WTSEnumerateSessionsW

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoCreateInstance
CoUninitialize

kernel32

GetFileInformationByHandle
GetTimeZoneInformation
CompareStringA
GetLastError
OpenMutexA
FatalAppExitA
GlobalSize
GetUserDefaultLCID
SetEvent
FileTimeToSystemTime
GetCurrentThread
TerminateThread
lstrcatW
TlsAlloc
LockResource
QueryPerformanceFrequency
GetDateFormatA
GlobalAlloc
DeleteFileW
lstrcpyA
GlobalFree
CloseHandle
RaiseException
ResetEvent
FileTimeToLocalFileTime
GetLocalTime
SetStdHandle
GetOverlappedResult
HeapDestroy
GetProcAddress
LocalFree
GetTimeFormatW
DeleteCriticalSection
ExitProcess
SetEnvironmentVariableA
GetCurrentProcessId
UnhandledExceptionFilter
GetProcessHeap
GetModuleHandleW
GetProfileStringW
WideCharToMultiByte
TlsGetValue
LocalReAlloc
GetSystemTimeAsFileTime
TlsFree
GetSystemTime
FormatMessageA
CreateEventA
MapViewOfFile
lstrcmpiW
GetTickCount
GetEnvironmentStringsW
GlobalUnlock
FreeEnvironmentStringsA
HeapSize
GlobalReAlloc
GetComputerNameA
DebugSetProcessKillOnExit
SetUnhandledExceptionFilter
FlushFileBuffers
GetCurrentProcess
CreateFileW
GetSystemDirectoryW
OpenProcess
LoadLibraryW
CreateThread
FreeLibrary
WaitNamedPipeW
GetExitCodeProcess
MultiByteToWideChar
GetVersionExW
GetModuleFileNameW
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
SetHandleInformation
ExpandEnvironmentStringsW
InterlockedDecrement
CreatePipe
PeekNamedPipe
GetTimeFormatA
FreeResource
CreateFileA
MoveFileExW
CreateProcessW
lstrcmpA
Sleep
lstrcmpiA
GlobalLock
InterlockedIncrement
CreateDirectoryW
GetFileSizeEx
MoveFileW
GetDriveTypeW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
lstrcmpW
SetFileTime
ProcessIdToSessionId
SleepEx
GetFileTime
GetLogicalDrives
FindNextFileW
RemoveDirectoryW
FindClose
SetFileAttributesW
OpenEventW
QueryPerformanceCounter
lstrlenW
lstrlenA
TryEnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetFileSize
GetSystemInfo
GetComputerNameW
GetModuleFileNameA
TlsSetValue
SetThreadPriority
ResumeThread
DuplicateHandle
CreateSemaphoreW
GetACP
GetModuleHandleA
ExitThread
GetCurrentDirectoryA
GetCurrentThreadId
GetFileAttributesW
LocalAlloc
WaitForSingleObject
CreateMutexA
GetEnvironmentVariableA
FindResourceA
SetEndOfFile
GetFullPathNameA
SetFilePointer
ExpandEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
GetConsoleCP
TerminateProcess
VirtualAlloc
LCMapStringA
lstrcpynW
WriteFile
WriteConsoleA
GetCPInfo
GetConsoleOutputCP
GetHandleInformation
GetCommandLineW
EnterCriticalSection
SetLastError
HeapFree
CompareStringW
EraseTape
HeapCreate
FindFirstFileA
FindFirstFileW
GetOEMCP
LocalLock
SetConsoleCtrlHandler
ReadFile
CreateEventW
LoadLibraryA
IsValidCodePage
GetStringTypeW
EncodePointer
DecodePointer
LCMapStringW
GetLocaleInfoW
IsProcessorFeaturePresent
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
GetFileType
GetModuleHandleExW
FreeLibraryAndExitThread
HeapAlloc
HeapReAlloc
GetStdHandle
GetConsoleMode
IsValidLocale
EnumSystemLocalesW
SetFilePointerEx
ReadConsoleW
FindFirstFileExA
FindNextFileA
GetCommandLineA
FreeEnvironmentStringsW
MulDiv
WriteConsoleW

user32

GetClipboardOwner
SetClipboardViewer
EqualRect
GetWindowRect
DefWindowProcW
OpenDesktopW
wsprintfW
FindWindowW
ReleaseDC
IntersectRect
EnumWindows
IsWindowVisible
GetMenuState
GetMessageA
CharLowerW
LoadMenuW
CallWindowProcW
PostMessageW
CheckMenuRadioItem
SetProcessDefaultLayout
GetDC
MessageBoxW
CheckRadioButton
LoadStringA
CreateWindowExW
DeleteMenu
EndDialog
GetSystemMetrics
MessageBeep
SetMenuItemBitmaps
DialogBoxParamA
RegisterClassExW
LoadAcceleratorsW
LoadStringW
ShowWindow
IsWindow
DialogBoxIndirectParamA
InvalidateRgn
OffsetRect
TranslateAcceleratorA
SetTimer
IsDialogMessageW
IsDialogMessageA
GetMenuCheckMarkDimensions
SetWindowLongA
CloseClipboard
PeekMessageW
GetWindowTextA
LoadAcceleratorsA
GetKeyboardLayout
LoadBitmapA
SetWindowTextA
AttachThreadInput
GetIconInfo
EmptyClipboard
OpenInputDesktop
SendDlgItemMessageW
MessageBoxA
MoveWindow
IsDlgButtonChecked
WinHelpW
DefWindowProcA
DrawTextExW
SetFocus
TranslateMessage
GetClipboardData
LoadIconW
LoadCursorW
GetProcessDefaultLayout
SendMessageA
SetCapture
SetClipboardData
SetCursor
LoadIconA
SetWindowLongW
AppendMenuA
CheckMenuItem
GetClientRect
IsZoomed
PeekMessageA
DrawTextW
KillTimer
CheckDlgButton
GetSysColorBrush
EnableMenuItem
SetWinEventHook
DialogBoxParamW
InsertMenuItemA
UnhookWinEvent
ReleaseCapture
SetForegroundWindow
InvalidateRect
GetAncestor
ChildWindowFromPoint
BeginPaint
EndPaint
GetUserObjectInformationW
PostQuitMessage
GetDesktopWindow
GetCursorPos
VkKeyScanExW
MapVirtualKeyW
GetAsyncKeyState
LoadKeyboardLayoutW
SendMessageTimeoutW
SystemParametersInfoW
keybd_event
SetThreadDesktop
GetKeyboardState
ExitWindowsEx
SendMessageW
MsgWaitForMultipleObjects
GetThreadDesktop
CloseDesktop
OpenClipboard
DispatchMessageW
GetCursorInfo
GetDlgItemTextW
ChangeClipboardChain
mouse_event
DestroyWindow
PostThreadMessageW
GetWindowLongW
GetMessageW
CallWindowProcA
GetSystemMenu

gdi32

GetSystemPaletteEntries
SelectPalette
GetDeviceCaps
GetDIBits
RealizePalette
GdiFlush
CreateCompatibleDC
CreateDIBSection
BitBlt
DeleteDC
CreatePalette
CreateRectRgnIndirect
GetRegionData
CombineRgn
GetBitmapBits
GetObjectW
DeleteObject
CreateCompatibleBitmap
CreateFontA
SelectObject
StartPage
StretchBlt
StartDocA
AbortDoc
EndDoc
EnumFontsW
CreateDCW
GetTextMetricsW
TextOutW
GetTextExtentPoint32W
SetTextColor
GetTextExtentPointA
SetBkMode
CreateFontIndirectA
LPtoDP
SetMapMode
CreateFontIndirectW
SetAbortProc
GetObjectA
StartDocW

winspool.drv

OpenPrinterW

comdlg32

ChooseFontA
ChooseColorA
PageSetupDlgW
PrintDlgExW
PrintDlgA
GetFileTitleW
FindTextA
ReplaceTextW
GetOpenFileNameW

advapi32

RegCreateKeyExA
OpenSCManagerW
DeleteService
StartServiceW
EnumServicesStatusExW
QueryServiceConfigW
OpenServiceW
ConvertSidToStringSidW
AccessCheck
SetSecurityDescriptorOwner
AllocateAndInitializeSid
GetTokenInformation
GetSidSubAuthority
IsValidSecurityDescriptor
FreeSid
InitializeAcl
DuplicateToken
GetLengthSid
SetSecurityDescriptorDacl
RegisterServiceCtrlHandlerExW
SetTokenInformation
AddAccessAllowedAce
SetServiceStatus
OpenThreadToken
SetSecurityDescriptorGroup
OpenProcessToken
CreateProcessAsUserW
StartServiceCtrlDispatcherW
DuplicateTokenEx
RegOpenKeyExW
CreateServiceA
AdjustTokenPrivileges
IsTextUnicode
RegCloseKey
RegQueryValueExA
LookupPrivilegeValueA
ControlService
RegSetValueExA
InitializeSecurityDescriptor
RegOpenKeyExA
RegCreateKeyW
RegQueryValueExW
QueryServiceStatus
CreateServiceW
InitiateSystemShutdownExW
LookupPrivilegeValueW
ImpersonateLoggedOnUser
RevertToSelf
RegDeleteValueW
RegSetValueExW
RegDeleteKeyA
CloseServiceHandle
RegCreateKeyExW
RegEnumKeyExW

shell32

SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteA
Shell_NotifyIconA
DragAcceptFiles
DragQueryFileW

oleaut32

SysAllocString
SysFreeString
VariantClear

Sections

.text
Size: 495KB - Virtual size: 495KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
foo/b514b59324818c52140b431aeac96bfc
.exe windows:5 windows x86 arch:x86

d3786c6c09ec15a2d365f8c74855ca3a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetWindowRect
MessageBoxA
AdjustWindowRect
EndDialog
InvalidateRect
wsprintfA
SetWindowTextA
DrawMenuBar
BeginPaint
EndPaint
IsIconic
MoveWindow
PostQuitMessage
GetWindowLongA
DialogBoxParamA
DefWindowProcA
EnableMenuItem
LoadStringA
SendMessageA
SetWindowPos
PostMessageA
GetMessageA
TranslateMessage
DispatchMessageA
MessageBeep
LoadIconA
LoadCursorA
RegisterClassA
GetSystemMetrics
CreateWindowExA
GetMenu
ShowWindow
UpdateWindow
DestroyWindow

comdlg32

GetOpenFileNameA

kernel32

GetModuleHandleA
RtlUnwind
InitializeCriticalSection
Sleep
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetCurrentProcessId
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
IsDebuggerPresent
GetVersionExA
LCMapStringA
MultiByteToWideChar
LCMapStringW
lstrcpyA
SetHandleCount
LoadLibraryA
HeapReAlloc
GetProcAddress
EnumSystemLocalesA
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetDateFormatA
GetTimeFormatA
QueryPerformanceCounter
FlushFileBuffers
IsValidCodePage
VirtualQuery
GetSystemInfo
VirtualProtect
HeapSize
SetStdHandle
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetStartupInfoW
GetProcessHeap
RaiseException
GetLocaleInfoA
GetTickCount
GlobalFlags
GlobalAddAtomW
GlobalFindAtomW
GetStringTypeW
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetStringTypeA
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
foo/b641961018d09dfbd7fa9c15f09a7723
.exe windows:4 windows x64 arch:x64

a6fd5349bcf73fc9e11dc3b566bd5fce

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CreateProcessW
DeleteCriticalSection
EnterCriticalSection
ExpandEnvironmentStringsW
FormatMessageA
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableW
GetExitCodeProcess
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetShortPathNameW
GetStartupInfoW
GetSystemTimeAsFileTime
GetTempPathW
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
MultiByteToWideChar
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetDllDirectoryW
SetEnvironmentVariableW
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
__C_specific_handler

msvcrt

__argc
__dllonexit
__iob_func
__lconv_init
__set_app_type
__setusermatherr
__wargv
__wgetmainargs
__winitenv
_amsg_exit
_cexit
_fileno
_findclose
_fmode
_fullpath
_get_osfhandle
_getpid
_initterm
_lock
_onexit
_setmode
_stat64
_strdup
_unlock
_vsnprintf
_vsnwprintf
_wcmdln
_wfindfirst64
_wfindnext64
_wfopen
_wmkdir
_wremove
_wrmdir
_wstat64
_wtempnam
abort
calloc
clearerr
exit
fclose
feof
ferror
fflush
fprintf
fread
free
fseek
ftell
fwrite
getenv
malloc
mbstowcs
memcpy
memset
setbuf
setlocale
signal
sprintf
strcat
strchr
strcmp
strcpy
strlen
strncat
strncmp
strncpy
strrchr
strtok
vfprintf
wcscat
wcscmp
wcscpy
wcslen

user32

MessageBoxA

ws2_32

ntohl

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 51KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
foo/b693dfe99d2915616044eea2cfe18360
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
foo/b6e7c9793cf40153bf8865195e06ecbc
.exe windows:4 windows x86 arch:x86

baa93d47220682c04d92f7797d9224ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

comctl32

InitCommonControls

Sections

Size: 186KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

znpqfokw
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

affhobcm
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
foo/b7d5f0b9bf2e6e13c5b3ca1c2a0a8b4a
.exe windows:5 windows x86 arch:x86

4747c70adc127d28c18f0f7237b1add9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoA
HeapFree
VirtualFree
VirtualAlloc
HeapReAlloc
VirtualQuery
TerminateThread
CreateThread
WriteFile
CreateFileW
LoadLibraryW
GetLocalTime
GetCurrentThreadId
GetCurrentProcessId
ReadFile
FindFirstFileA
GetBinaryTypeW
FindNextFileA
GetFullPathNameA
GetTempPathW
GetPrivateProfileStringW
CreateFileA
GlobalAlloc
GetCurrentDirectoryW
SetCurrentDirectoryW
LocalFree
GetFileSize
FreeLibrary
WaitForSingleObject
GetCurrentProcess
WaitForMultipleObjects
CreatePipe
PeekNamedPipe
DuplicateHandle
SetEvent
CreateProcessW
CreateEventA
LoadLibraryA
LoadResource
FindResourceW
GetComputerNameW
LoadLibraryExW
FindFirstFileW
FindNextFileW
GetCommandLineA
GetLogicalDriveStringsW
DeleteFileW
CopyFileW
GetDriveTypeW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
CreateMutexA
ReleaseMutex
TerminateProcess
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
VirtualProtectEx
GetProcessHeap
SizeofResource
VirtualProtect
Wow64DisableWow64FsRedirection
GetSystemDirectoryW
Wow64RevertWow64FsRedirection
LockResource
GetWindowsDirectoryW
IsWow64Process
Process32First
WriteProcessMemory
Process32Next
GetWindowsDirectoryA
VirtualAllocEx
CreateRemoteThread
WinExec
GetTempPathA
HeapAlloc
Sleep
lstrcmpW
GetTickCount
lstrcpyW
WideCharToMultiByte
GetModuleHandleA
ExitProcess
SetFilePointer
lstrcpyA
MultiByteToWideChar
lstrcatA
lstrcmpA
lstrlenA
ExpandEnvironmentStringsW
lstrlenW
CloseHandle
GetProcAddress
lstrcatW
GetLastError
SetLastError
GetModuleFileNameA
CreateDirectoryW
GetModuleFileNameW
CreateProcessA

user32

MessageBoxA
GetKeyState
GetMessageA
DispatchMessageA
CreateWindowExW
CallNextHookEx
GetAsyncKeyState
SetWindowsHookExA
RegisterClassW
GetRawInputData
MapVirtualKeyA
GetForegroundWindow
DefWindowProcA
RegisterRawInputDevices
GetLastInputInfo
ToUnicode
GetKeyNameTextW
PostQuitMessage
GetWindowTextW
TranslateMessage
wsprintfA
wsprintfW

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
AllocateAndInitializeSid
OpenProcessToken
FreeSid
LookupAccountSidW
GetTokenInformation
CloseServiceHandle
OpenSCManagerW
RegCreateKeyExW
RegDeleteKeyW
InitializeSecurityDescriptor
RegDeleteKeyA
SetSecurityDescriptorDacl
RegDeleteValueW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegEnumKeyExW
RegQueryValueExA
RegQueryInfoKeyW
RegCloseKey
OpenServiceW
ChangeServiceConfigW
QueryServiceConfigW
EnumServicesStatusExW
StartServiceW
RegSetValueExW
RegCreateKeyExA
RegSetValueExA

shell32

ShellExecuteExW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
SHGetFolderPathW
ShellExecuteW
ord680
ShellExecuteExA

urlmon

URLDownloadToFileW

ws2_32

setsockopt
freeaddrinfo
htons
recv
connect
socket
send
WSAStartup
shutdown
closesocket
WSACleanup
ioctlsocket
ntohs
gethostbyname
inet_addr
getaddrinfo

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree

shlwapi

StrStrW
PathRemoveFileSpecA
StrStrA
PathCombineA
PathFindFileNameW
PathFindExtensionW
PathFileExistsW

netapi32

NetLocalGroupAddMembers
NetUserAdd

oleaut32

VariantInit

crypt32

CryptStringToBinaryA
CryptUnprotectData

psapi

GetModuleFileNameExW

wininet

InternetQueryDataAvailable
InternetOpenUrlW
InternetOpenW
InternetCloseHandle
InternetReadFile
InternetCheckConnectionW

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.bss
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
foo/ba2d460199eb2d9e9d6d0559bb455529
.exe windows:5 windows x86 arch:x86

de02954bf517f55f5badef2bcbb849e2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Us db

Imports

shlwapi

PathFileExistsW

msvcrt

_XcptFilter
exit
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
memset
_exit

kernel32

Process32First
GetStartupInfoA
GetModuleHandleA
ExpandEnvironmentStringsW
DeleteFileW
CloseHandle
CreateToolhelp32Snapshot
Process32Next
TerminateProcess
Sleep
OpenProcess

advapi32

RegCloseKey
RegDeleteValueW
RegOpenKeyExW

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 422B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
foo/bad78e11371381ce9e1d703aac2821e5
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 348KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 208KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
foo/bc6536b86b04cf5b3bf7cd353d615ab9
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
foo/be85e0b2608a55942aa101c66ce6c32c
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 329KB - Virtual size: 328KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 329KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
foo/c914b169d1388c5e78421045d05946ee
.exe windows:4 windows x86 arch:x86

62cdf3b88c4f7bf7f381795c9e8bec44

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

OleRegGetUserType
CreateOleAdviseHolder
OleCreate
OleSetContainedObject
StringFromIID
CLSIDFromString
CLSIDFromProgID
CoRegisterClassObject
CoRevokeClassObject
MkParseDisplayName
CreateBindCtx
CoCreateInstance
CoLockObjectExternal
CoTaskMemFree
StringFromCLSID
CoTaskMemAlloc
OleUninitialize
OleInitialize

shlwapi

SHDeleteKeyA

kernel32

FindResourceA
FreeResource
LoadResource
GetCurrentProcess
SizeofResource
GetConsoleWindow
LockResource
GetModuleHandleA
CloseHandle
CreateFileA
ReadFile
VirtualFree
FreeLibrary
WaitForSingleObject
CreateRemoteThread
OpenProcess
VirtualFreeEx
ReadProcessMemory
GetProcAddress
VirtualAlloc
VirtualAllocEx
LoadLibraryA
GetSystemInfo
GetCurrentThreadId
WriteProcessMemory
GetFileSize
SetFilePointer
WriteFile
Sleep
SystemTimeToTzSpecificLocalTime
GetTickCount
GetTimeZoneInformation
GetCurrentThread
InitializeCriticalSection
TerminateThread
LeaveCriticalSection
EnterCriticalSection
OpenThread
GetExitCodeThread
DeleteCriticalSection
SuspendThread
ResumeThread
AllocConsole
ReadConsoleA
SetConsoleMode
SetConsoleTitleA
GetStdHandle
AttachConsole
SetConsoleCtrlHandler
SetConsoleWindowInfo
GetCurrentProcessId
HeapAlloc
HeapFree
GetProcessHeap
IsBadReadPtr
VirtualProtect
GetCommandLineA
HeapSetInformation
GetStartupInfoW
LocalFree
EncodePointer
GetModuleHandleW
ExitProcess
GetFullPathNameA
lstrcpyW
ExitThread
CreateThread
RtlUnwind
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
DuplicateHandle
MoveFileA
CreateProcessA
DeleteFileA
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
HeapCreate
QueryPerformanceCounter
RaiseException
GetCPInfo
GetACP
GetOEMCP
DebugBreak
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetLocaleInfoW
LoadLibraryW
GetDriveTypeW
CompareStringW
LCMapStringW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
IsProcessorFeaturePresent
CreatePipe
GetExitCodeProcess
HeapSize
WriteConsoleW
GetCurrentDirectoryW
SetEndOfFile
CreateFileW
SetEnvironmentVariableA
FatalAppExitA
lstrlenW
IsBadWritePtr
GetLastError
MultiByteToWideChar
WideCharToMultiByte
FormatMessageA
GetModuleFileNameA
InterlockedDecrement
InterlockedIncrement
HeapReAlloc
GetFileAttributesA
DecodePointer
IsValidCodePage

user32

SetActiveWindow
ModifyMenuA
GetWindowThreadProcessId
GetMessageA
GetSystemMenu
PeekMessageA
DispatchMessageA
SetForegroundWindow
SetWindowRgn
TranslateMessage
GetClientRect
WinHelpA
IsWindow
RegisterClassA
CallWindowProcA
MapWindowPoints
IsWindowVisible
EqualRect
GetActiveWindow
ShowWindow
SetWindowPos
DefWindowProcA
CreateWindowExA
GetWindowLongA
GetWindowRect
wsprintfA
SetFocus
OffsetRect
IntersectRect
MessageBoxA

gdi32

SetViewportOrgEx
SetWindowExtEx
SetViewportExtEx
SetMapMode
CreateRectRgnIndirect
DeleteObject
SetWindowOrgEx

advapi32

RegSetValueExA
IsTextUnicode
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegQueryValueExA

oleaut32

GetActiveObject
VariantInit
VariantCopyInd
VariantClear
LoadTypeLibEx
SysFreeString
SysStringLen
SysAllocStringLen
LoadRegTypeLi
LHashValOfNameSys
SafeArrayCreateVector
VariantTimeToSystemTime
SafeArrayAccessData
VariantCopy
SafeArrayDestroy
SafeArrayCreate
SystemTimeToVariantTime
SafeArrayGetDim
VariantChangeType
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayPutElement
DispGetIDsOfNames
UnRegisterTypeLi

Sections

.text
Size: 481KB - Virtual size: 480KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
foo/c944eadb6e032fd9e7a0988464a6f1cc
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 188KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 150KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
foo/cad3634df5d5058551bed38237ab8e8b
.exe windows:5 windows x86 arch:x86

847c3746fe942bb10b09e9ad7a65deac

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSACleanup
inet_addr
gethostbyname
gethostname
WSAStartup

winmm

mixerSetControlDetails
waveOutGetVolume
joyGetPosEx
mixerGetControlDetailsW
mixerOpen
mixerGetDevCapsW
mixerGetLineControlsW
waveOutSetVolume
mixerClose
mciSendStringW
joyGetDevCapsW
mixerGetLineInfoW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

comctl32

ImageList_Create
CreateStatusWindowW
ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_GetIconSize
ImageList_Destroy
ImageList_AddMasked

psapi

GetModuleBaseNameW
GetModuleFileNameExW

kernel32

FindFirstFileW
FindNextFileW
FindClose
FileTimeToLocalFileTime
SetEnvironmentVariableW
Beep
MoveFileW
OutputDebugStringW
CreateProcessW
GetFileAttributesW
WideCharToMultiByte
MultiByteToWideChar
GetExitCodeProcess
WriteProcessMemory
ReadProcessMemory
GetCurrentProcessId
OpenProcess
TerminateProcess
SetPriorityClass
SetLastError
GetEnvironmentVariableW
GetLocalTime
GetDateFormatW
GetTimeFormatW
GetDiskFreeSpaceW
SetVolumeLabelW
CreateFileW
DeviceIoControl
GetDriveTypeW
GetVolumeInformationW
CreateDirectoryW
ReadFile
WriteFile
DeleteFileW
SetFileAttributesW
LocalFileTimeToFileTime
SetFileTime
GetFileSizeEx
GetSystemTime
GetSystemDefaultUILanguage
GetComputerNameW
GetWindowsDirectoryW
GetTempPathW
LockResource
GetShortPathNameW
EnterCriticalSection
LeaveCriticalSection
VirtualProtect
QueryDosDeviceW
CompareStringW
RemoveDirectoryW
CopyFileW
GetCurrentProcess
FormatMessageW
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
WritePrivateProfileSectionW
SetEndOfFile
GetACP
GetFileType
GetStdHandle
SetFilePointerEx
SystemTimeToFileTime
FileTimeToSystemTime
GetFileSize
VirtualAllocEx
VirtualFreeEx
EnumResourceNamesW
LoadLibraryExW
GlobalSize
GetOEMCP
InterlockedDecrement
InterlockedIncrement
GetStartupInfoW
HeapSetInformation
GetCommandLineW
HeapQueryInformation
HeapSize
HeapReAlloc
HeapFree
ExitProcess
HeapAlloc
TlsFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
InitializeCriticalSectionAndSpinCount
LoadResource
SizeofResource
FindResourceW
GetSystemTimeAsFileTime
GetModuleFileNameW
DeleteCriticalSection
GetCPInfo
GetVersionExW
FreeLibrary
LoadLibraryW
GetModuleHandleW
GetProcAddress
GetLastError
CreateMutexW
CloseHandle
GetExitCodeThread
SetThreadPriority
CreateThread
GetStringTypeExW
lstrcmpiW
GetCurrentThreadId
GlobalUnlock
GlobalFree
GlobalAlloc
GlobalLock
GetCurrentDirectoryW
SetErrorMode
InitializeCriticalSection
SetCurrentDirectoryW
Sleep
GetTickCount
MulDiv
IsValidCodePage
TlsAlloc
TlsGetValue
SetHandleCount
IsProcessorFeaturePresent
GetStringTypeW
LCMapStringW
RaiseException
RtlUnwind
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
TlsSetValue
SetFilePointer
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetProcessHeap
GetFullPathNameW
VirtualQuery

user32

GetMenuItemID
GetSubMenu
GetMenuStringW
ExitWindowsEx
SetMenu
FlashWindow
GetPropW
SetPropW
RemovePropW
MapWindowPoints
RedrawWindow
SetParent
GetClassInfoExW
GetAncestor
UpdateWindow
GetMessagePos
GetClassLongW
DefDlgProcW
CallWindowProcW
CheckRadioButton
IntersectRect
GetUpdateRect
PtInRect
CreateDialogIndirectParamW
CreateAcceleratorTableW
DestroyAcceleratorTable
InsertMenuItemW
SetMenuDefaultItem
RemoveMenu
SetMenuItemInfoW
IsMenu
GetMenuItemInfoW
CreateMenu
CreatePopupMenu
SetMenuInfo
AppendMenuW
DestroyMenu
TrackPopupMenuEx
GetDesktopWindow
CopyImage
CreateIconIndirect
CreateIconFromResourceEx
EnumClipboardFormats
GetWindow
BringWindowToTop
MessageBoxW
GetTopWindow
SetWindowTextW
IsWindowVisible
CheckMenuItem
LoadImageW
ChangeClipboardChain
GetMenuItemCount
LoadAcceleratorsW
GetMenu
CreateWindowExW
RegisterClassExW
LoadCursorW
DestroyIcon
DestroyWindow
IsCharAlphaW
MapVirtualKeyW
VkKeyScanExW
GetSysColorBrush
GetKeyboardLayoutNameW
ActivateKeyboardLayout
GetGUIThreadInfo
GetWindowTextW
mouse_event
WindowFromPoint
GetSystemMetrics
keybd_event
SetKeyboardState
GetKeyboardState
GetCursorPos
GetAsyncKeyState
AttachThreadInput
SendInput
UnregisterHotKey
RegisterHotKey
PostQuitMessage
SendMessageTimeoutW
UnhookWindowsHookEx
SetWindowsHookExW
PostThreadMessageW
IsCharAlphaNumericW
IsCharUpperW
IsCharLowerW
ToUnicodeEx
GetKeyboardLayout
CallNextHookEx
CharLowerW
ReleaseDC
GetDC
OpenClipboard
GetClipboardData
GetClipboardFormatNameW
CloseClipboard
SetClipboardData
EmptyClipboard
PostMessageW
FindWindowW
EndDialog
IsWindow
DispatchMessageW
TranslateMessage
GetSystemMenu
GetLastInputInfo
GetCursor
ClientToScreen
MessageBeep
SetDlgItemTextW
GetDlgItem
SendDlgItemMessageW
DialogBoxParamW
SetForegroundWindow
DefWindowProcW
FillRect
SetClipboardViewer
DrawIconEx
ShowWindow
CountClipboardFormats
SetWindowLongW
ScreenToClient
IsDialogMessageW
SendMessageW
IsWindowEnabled
GetWindowLongW
GetKeyState
TranslateAcceleratorW
GetSysColor
RegisterWindowMessageW
IsIconic
IsZoomed
EnumWindows
GetWindowTextLengthW
EnableWindow
InvalidateRect
SetLayeredWindowAttributes
SetWindowPos
SetWindowRgn
SetFocus
SetActiveWindow
EnumChildWindows
MoveWindow
GetQueueStatus
GetWindowRect
GetClientRect
SystemParametersInfoW
AdjustWindowRectEx
DrawTextW
KillTimer
PeekMessageW
GetFocus
GetClassNameW
GetWindowThreadProcessId
GetForegroundWindow
GetMessageW
SetTimer
GetParent
GetDlgCtrlID
CharUpperW
IsClipboardFormatAvailable
SetRect
MapVirtualKeyExW
GetIconInfo
EnableMenuItem

gdi32

GetPixel
GetClipRgn
GetCharABCWidthsW
SetBkMode
CreatePatternBrush
SetBrushOrgEx
EnumFontFamiliesExW
CreateDIBSection
GdiFlush
SetBkColor
ExcludeClipRect
SetTextColor
GetClipBox
BitBlt
CreateCompatibleBitmap
GetSystemPaletteEntries
GetDIBits
CreateCompatibleDC
CreatePolygonRgn
CreateRectRgn
CreateRoundRectRgn
CreateEllipticRgn
DeleteDC
GetObjectW
GetTextMetricsW
GetTextFaceW
SelectObject
GetStockObject
CreateDCW
CreateSolidBrush
CreateFontW
FillRgn
GetDeviceCaps
DeleteObject

comdlg32

CommDlgExtendedError
GetSaveFileNameW
GetOpenFileNameW

advapi32

RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
CloseServiceHandle
UnlockServiceDatabase
LockServiceDatabase
OpenSCManagerW
GetUserNameW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegConnectRegistryW
RegDeleteValueW

shell32

DragQueryPoint
SHEmptyRecycleBinW
SHFileOperationW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetDesktopFolder
SHGetMalloc
SHGetFolderPathW
ShellExecuteExW
Shell_NotifyIconW
DragFinish
DragQueryFileW
ExtractIconW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
CoInitialize
CoUninitialize
CLSIDFromString
CoGetObject
StringFromGUID2
CreateStreamOnHGlobal

oleaut32

SafeArrayGetLBound
GetActiveObject
OleLoadPicture
SafeArrayUnaccessData
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnlock
SafeArrayPtrOfIndex
SafeArrayLock
SafeArrayGetDim
SafeArrayDestroy
SafeArrayGetUBound
VariantCopyInd
SafeArrayCopy
SysAllocString
VariantChangeType
VariantClear
SafeArrayCreate
SysFreeString
SysStringLen

Sections

.text
Size: 630KB - Virtual size: 629KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
foo/cd89b6c808c296cde0bc77ee630dc7df
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

4 OK
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 235KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
foo/d81e76123ccb64b73eeac2f31a7434c4
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 80.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
foo/d86d2cb12111422ad0b401afa523e308
.exe windows:5 windows x86 arch:x86

f36152b751bb97a4fed875d13827bdf5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetDiskFreeSpaceA
SHGetSpecialFolderPathW

kernel32

FindNextFileA
FindFirstFileExA
DecodePointer
GetStringTypeW
GetCPInfo
GetExitCodeProcess
WaitForSingleObject
GetFileAttributesExW
GetOEMCP
LCMapStringW
GetEnvironmentStringsW
FreeEnvironmentStringsW
Process32FirstW
SetFilePointerEx
LoadLibraryA
GetUserDefaultLCID
SetThreadAffinityMask
GetProcessHeaps
IsValidCodePage
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapAlloc
HeapFree
GetProcessHeap
GetConsoleMode
GetConsoleCP
Module32Next
EnumDateFormatsA
GetShortPathNameW
FindFirstChangeNotificationW
GlobalFindAtomW
BuildCommDCBAndTimeoutsA
GetConsoleAliasA
SetCurrentDirectoryA
_lcreat
FindNextVolumeW
RtlUnwind
GetVolumePathNameA
WriteConsoleW
GetTimeZoneInformation
GetStartupInfoW
GetFileType
SetStdHandle
GetACP
ExitProcess
GetModuleFileNameA
WriteFile
GetStdHandle
FileTimeToSystemTime
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateFileW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
RaiseException
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
HeapReAlloc
HeapSize
HeapQueryInformation
FlushFileBuffers
MultiByteToWideChar
CloseHandle
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
GetDriveTypeW
GetFullPathNameA
WideCharToMultiByte
CreateProcessA
CreateProcessW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
SystemTimeToTzSpecificLocalTime

user32

GrayStringW
SetClipboardViewer
DdeInitializeW
GetMenuItemInfoA
DialogBoxIndirectParamA
OemToCharA
GetMessageTime
SetMessageExtraInfo
DestroyCursor
wvsprintfW
DrawFrame
SendMessageA
DialogBoxParamA
CopyIcon
DdeQueryConvInfo
DdeClientTransaction
DrawTextA
VkKeyScanA
GetDlgItemInt
CharNextA

gdi32

SetMetaRgn
SetBkColor
DescribePixelFormat
RealizePalette
EnumMetaFile
SetBrushOrgEx
GetTextCharset
GetFontAssocStatus
PatBlt

winspool.drv

GetPrinterDataExA
DeleteFormA
StartDocPrinterW
ord205
AddJobA
EnumPrinterKeyA
ord211
GetJobA

comdlg32

ReplaceTextA

advapi32

SystemFunction002
RegSetValueA
IsValidSecurityDescriptor
BuildTrusteeWithSidA
GetUserNameW
SetEntriesInAccessListA
LsaOpenSecret
IsValidAcl
LsaCreateTrustedDomainEx
CryptSetHashParam
CryptAcquireContextW
SetFileSecurityW
LsaOpenAccount

ole32

CreateOleAdviseHolder
StgIsStorageILockBytes
CoRevokeClassObject
EnableHookObject
HMENU_UserSize
HMETAFILE_UserMarshal
CoGetMalloc
OleTranslateAccelerator

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 734KB - Virtual size: 733KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
foo/d8e37dd7ca017370a0b54147a27a7498
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8.2MB - Virtual size: 8.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rol
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
foo/dea515c25081073ec2cee293b2991ee1
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 757KB - Virtual size: 756KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 343KB - Virtual size: 342KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
foo/dfcc555a02bccc9c438b08555b5c2ab8
.exe windows:4 windows x86 arch:x86

57e98d9a5a72c8d7ad8fb7a6a58b3daf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableA
CreateFileA
GetFileSize
GetModuleFileNameA
ReadFile
GetCurrentProcess
CopyFileA
Sleep
GetTickCount
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
ExitProcess
SetCurrentDirectoryA
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
GetExitCodeProcess
WaitForSingleObject
CompareFileTime
SetFileAttributesA
GetFileAttributesA
GetShortPathNameA
MoveFileA
GetFullPathNameA
SetFileTime
SearchPathA
CloseHandle
lstrcmpiA
GlobalUnlock
GetDiskFreeSpaceA
lstrcmpA
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
GetPrivateProfileStringA
FindClose
MultiByteToWideChar
FreeLibrary
MulDiv
WritePrivateProfileStringA
LoadLibraryExA
GetModuleHandleA
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA

user32

ScreenToClient
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
PostQuitMessage
GetWindowRect
EnableMenuItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
GetDC
CreateDialogParamA
SetTimer
GetDlgItem
SetWindowLongA
SetForegroundWindow
LoadImageA
IsWindow
SendMessageTimeoutA
FindWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
EndPaint
DestroyWindow
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
SHFileOperationA

advapi32

AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
foo/e03bd458de4a107688236bdc4ddc3afe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 216KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 429KB - Virtual size: 432KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
foo/e16ec7bc29b68f66e90fdbfefe1d3a2d
.exe windows:1 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
foo/e61c0e180c2616fa81e6c4d581a9520e
.exe windows:6 windows x86 arch:x86

5757e79a15699d63eb9d2d2da7a218f5

Code Sign

01:e9:39:99:f3:87:1d:10:91:dc:1e:8d:58:b8:d4:05
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

16-05-2017 00:00

Not After

24-06-2020 12:00

Subject

CN=AVAST Software s.r.o.,O=AVAST Software s.r.o.,L=Praha 4,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:e9:39:99:f3:87:1d:10:91:dc:1e:8d:58:b8:d4:05
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

16-05-2017 00:00

Not After

24-06-2020 12:00

Subject

CN=AVAST Software s.r.o.,O=AVAST Software s.r.o.,L=Praha 4,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04-01-2017 00:00

Not After

18-01-2028 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a9:0b:29:c3:f3:e9:49:51:18:fc:d2:c5:d3:ff:e4:3b:83:26:0c:50:99:2c:b4:c0:ca:62:a3:ba:01:cc:f3:86
Signer

Actual PE Digest

a9:0b:29:c3:f3:e9:49:51:18:fc:d2:c5:d3:ff:e4:3b:83:26:0c:50:99:2c:b4:c0:ca:62:a3:ba:01:cc:f3:86

Digest Algorithm

sha256

PE Digest Matches

false

92:a7:3b:c4:13:9b:58:fe:c9:bc:f2:d3:a9:ee:86:8e:f2:53:bd:f0
Signer

Actual PE Digest

92:a7:3b:c4:13:9b:58:fe:c9:bc:f2:d3:a9:ee:86:8e:f2:53:bd:f0

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

ole32

CoUninitialize

wininet

InternetOpenA

gdiplus

GdipGetImageEncodersSize

wtsapi32

WTSSendMessageW

user32

GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

Sections

.text
Size: - Virtual size: 229KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
foo/e78fad8a5d0ea89127ed36ed20bc9351
.exe windows:1 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
foo/e7ad45164be5c3c7f9936e9b5fb28788
.exe windows:5 windows x86 arch:x86

b5723417ba5aaff89773ffe44d3747f5

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17-11-2006 00:00

Not After

16-07-2036 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:6f:c9:78:38:42:c6:6c:5b:98:b5:f3:29:c8:1e:af
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

05-09-2017 00:00

Not After

05-12-2018 23:59

Subject

CN=COMPUTER BILD Digital GmbH,OU=IT,O=COMPUTER BILD Digital GmbH,L=Hamburg,ST=Hamburg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7c:2a:4a:da:a2:6e:32:bf:6b:2b:3d:96:1c:1e:f6:6e:b2:49:d3:2d
Signer

Actual PE Digest

7c:2a:4a:da:a2:6e:32:bf:6b:2b:3d:96:1c:1e:f6:6e:b2:49:d3:2d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LocalAlloc
LoadLibraryA
CloseHandle
ResetEvent
GetSystemTime
ReleaseMutex
MoveFileExW
SetCurrentDirectoryW
CreateFileMappingW
FindClose
GetFullPathNameW
FindFirstFileW
FindNextFileW
DebugBreak
OutputDebugStringW
lstrlenA
LoadLibraryW
MulDiv
lstrcmpW
GlobalUnlock
GlobalLock
GlobalAlloc
FlushFileBuffers
CreateFileW
ReadFile
WriteConsoleW
SetStdHandle
LCMapStringW
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
SetFilePointer
InterlockedDecrement
RtlUnwind
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetStdHandle
WriteFile
HeapReAlloc
HeapCreate
ExitProcess
HeapSize
Sleep
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
HeapSetInformation
GetCommandLineW
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
InterlockedPopEntrySList
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
lstrlenW
MultiByteToWideChar
lstrcmpiW
FreeLibrary
SetLastError
GetLastError
RaiseException
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
GetModuleHandleW
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange

user32

GetFocus
SetWindowLongW
KillTimer
SetTimer
RegisterClassExW
GetClassInfoExW
LoadCursorW
DestroyWindow
CreateWindowExW
RegisterWindowMessageW
BeginPaint
FillRect
EndPaint
IsChild
SetFocus
GetDlgItem
GetClassNameW
GetSysColor
RedrawWindow
CreateAcceleratorTableW
InvalidateRect
GetDesktopWindow
UnregisterClassA
UpdateWindow
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
SendMessageW
ClientToScreen
ReleaseDC
GetDC
PostMessageW
ShowWindow
IsWindowVisible
GetWindow
MonitorFromWindow
GetMonitorInfoW
GetParent
GetClientRect
MapWindowPoints
SetWindowPos
MoveWindow
GetWindowRect
IsWindow
MessageBoxW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
CharNextW
CallWindowProcW
GetWindowLongW
DefWindowProcW

gdi32

CreateSolidBrush
GetStockObject
GetObjectW
SelectObject
CreateCompatibleDC
DeleteDC
DeleteObject
GetDeviceCaps

advapi32

RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
OleUninitialize
OleLockRunning
CreateStreamOnHGlobal
OleInitialize

oleaut32

LoadTypeLi
SysFreeString
VariantInit
VariantClear
VariantChangeType
SysAllocString
VariantCopy
SysStringLen
VarUI4FromStr
LoadRegTypeLi
OleCreateFontIndirect
SysAllocStringByteLen
SysStringByteLen
VarBstrCat
DispCallFunc

shlwapi

PathAddBackslashW
PathFileExistsW

Sections

.text
Size: 363KB - Virtual size: 362KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
foo/e95678212c7218c6e7944fca1631c88f
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 2.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 793KB - Virtual size: 796KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
foo/edf723c8e404cd67041e7dfbbb1a6eee
.dll windows:5 windows x86 arch:x86

168c2f7752511dfd263a83d5d08a90db

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

wsprintfA
EnumChildWindows
GetWindow
PostMessageA
GetWindowThreadProcessId

shell32

SHGetSpecialFolderPathA

advapi32

OpenProcessToken
GetUserNameA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA

kernel32

GetProcessHeap
ExitProcess
SetEndOfFile
GetModuleFileNameA
LoadLibraryA
GetProcAddress
CreateToolhelp32Snapshot
Process32First
Process32Next
GetCurrentProcess
GetLastError
CloseHandle
lstrcatA
GetShortPathNameA
GetLocalTime
Sleep
CreateThread
CreateMutexA
GetComputerNameA
FreeLibrary
DeleteFileA
HeapAlloc
HeapFree
GetCurrentThreadId
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
GetModuleHandleW
WriteFile
SetStdHandle
SetFilePointer
RaiseException
MultiByteToWideChar
ReadFile
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
CreateFileA
HeapSize
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

Exports

Exports

ExportFunction

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
foo/f2366f48d3534bc8af573f2696dce4f5
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\yaherrd\Desktop\CryptoObfuscator_Output\absolute dumper.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
foo/f645a94491240317caccd6f8508fba1f
.exe windows:5 windows x86 arch:x86

5aff291b6d48bb3c9cfd6d96353b6fb8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

CommandLineToArgvW
SHGetFolderPathW
ord680

kernel32

DecodePointer
DeleteCriticalSection
GetProcessHeap
GetTickCount
CreateDirectoryW
GetCurrentDirectoryW
FindFirstFileW
FindNextFileW
FindClose
CreateFileW
CloseHandle
GetFileSize
CopyFileW
WaitForSingleObject
CreateEventW
SetEvent
GetCommandLineW
LocalFree
Sleep
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetFileTime
GetLocalTime
WriteProcessMemory
OpenProcess
HeapAlloc
Process32NextW
LoadLibraryA
Process32FirstW
VirtualProtectEx
GetProcAddress
VirtualAllocEx
FlushInstructionCache
CreateRemoteThread
VirtualFreeEx
CreateProcessW
SetErrorMode
CreateMutexW
SetCurrentDirectoryW
InterlockedDecrement
CreateThread
ReleaseMutex
OpenMutexW
FileTimeToSystemTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
GetSystemTime
GetCurrentProcess
GetModuleFileNameW
GetCurrentThread
GetExitCodeProcess
GetModuleFileNameA
RaiseException
HeapReAlloc
GlobalFree
GetLastError
MultiByteToWideChar
GetVersion
HeapSize
InitializeCriticalSectionAndSpinCount
SetLastError
HeapFree
GetModuleHandleExW
GetACP
ExitProcess
CreateToolhelp32Snapshot
VirtualQuery
GetSystemInfo
HeapValidate
RtlUnwind
SetEndOfFile
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
LoadLibraryW
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
GetCommandLineA
InterlockedPopEntrySList
ReleaseSemaphore
FindFirstFileExW
ReadConsoleW
GetTimeZoneInformation
GetOEMCP
IsValidCodePage
SetFilePointerEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleMode
GetConsoleCP
VirtualProtect
FlushFileBuffers
WriteConsoleW
OutputDebugStringA
HeapQueryInformation
GetFileType
WriteFile
GetStdHandle
ExitThread
WideCharToMultiByte
GetStringTypeW
TryEnterCriticalSection
GetCurrentThreadId
DuplicateHandle
WaitForSingleObjectEx
GetExitCodeThread
EncodePointer
QueryPerformanceCounter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
IsDebuggerPresent
OutputDebugStringW
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualFree
ReadFile

advapi32

OpenProcessToken
FreeSid
CheckTokenMembership
CreateProcessAsUserW
DuplicateTokenEx
OpenThreadToken
LookupAccountSidW
GetTokenInformation
GetUserNameW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
AllocateAndInitializeSid

ole32

CoCreateGuid
StringFromCLSID
CoTaskMemFree
CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysAllocStringLen
VariantInit
SysFreeString
SysAllocString
VariantClear

urlmon

ObtainUserAgentString

netapi32

NetApiBufferFree
NetQueryDisplayInformation

userenv

CreateEnvironmentBlock

wtsapi32

WTSEnumerateSessionsW
WTSQueryUserToken

winhttp

WinHttpQueryHeaders
WinHttpReadData
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpAddRequestHeaders
WinHttpWriteData
WinHttpSendRequest
WinHttpSetTimeouts
WinHttpConnect
WinHttpCrackUrl
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpOpen
WinHttpReceiveResponse
WinHttpGetProxyForUrl

shlwapi

PathRemoveFileSpecW
PathFileExistsW

Exports

Exports

?startLogic@@YAXXZ

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 383KB - Virtual size: 383KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
foo/f65e75d9675a50f9b4807e79dcc48d56
.exe windows:4 windows x86 arch:x86

e696adf0f4442a15659c03c9247e6721

Code Sign

01
Certificate

Issuer

CN=Telerik Instruments,O=Telerik Systems Incorporated Instruments,C=US

Not Before

30-10-2018 09:40

Not After

29-10-2021 09:40

Subject

CN=Telerik Instruments,O=Telerik Systems Incorporated Instruments,C=US

6a:43:f2:60:c9:4c:ff:25:25:dd:bd:84:f7:9a:2f:cc:23:cf:00:7a
Signer

Actual PE Digest

6a:43:f2:60:c9:4c:ff:25:25:dd:bd:84:f7:9a:2f:cc:23:cf:00:7a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord582
__vbaCyForInit
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
ord516
_adj_fprem1
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaFPFix
__vbaFpR8
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaGet3
__vbaCyI2
__vbaVarTstEq
DllFunctionCall
__vbaCySub
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaFpCmpCy
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaCyForNext
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
__vbaR8Str
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaVarDup
__vbaStrToAnsi
__vbaVarCopy
ord616
ord617
_CIatan
__vbaStrMove
ord619
__vbaI4Cy
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
foo/f660284cb3574213a512e3f03ca9012b
.exe windows:5 windows x86 arch:x86

bf5a4aa99e5b160f8521cadd6bfe73b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Imports

kernel32

RaiseException
GetLastError
MultiByteToWideChar
lstrlenA
InterlockedDecrement
GetProcAddress
LoadLibraryA
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceA
GetModuleHandleA
Module32Next
CloseHandle
Module32First
CreateToolhelp32Snapshot
GetCurrentProcessId
SetEndOfFile
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
HeapFree
GetProcessHeap
HeapAlloc
GetCommandLineA
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
HeapSize
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
ReadFile
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
FlushFileBuffers
SetFilePointer
SetHandleCount
GetFileType
GetStartupInfoA
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
CompareStringA
CompareStringW
SetEnvironmentVariableA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA

ole32

OleInitialize

oleaut32

SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayCreateVector
VariantClear
VariantInit
SysFreeString
SysAllocString

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 851KB - Virtual size: 851KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
foo/f6c1c72f3e45d2f3499b6bd6661b3289
.exe windows:5 windows x86 arch:x86

36b7c2d59896ab3ce31f114866427d53

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\OEMActivi\Release\Approve.pdb

Imports

kernel32

VirtualAlloc
WaitForSingleObject
GetConsoleWindow
CreateEventA
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
CreateFileA
SetupComm
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoA
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
CloseHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetStringTypeW
GetStringTypeA
HeapSize
WriteFile
ExitProcess
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapReAlloc
HeapCreate
GetStartupInfoA
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetFileType
SetStdHandle
RtlUnwind
VirtualQuery
GetSystemInfo
GetModuleHandleW
VirtualProtect
SetCommState
GetCommTimeouts
SetCommTimeouts
FillConsoleOutputCharacterA
FillConsoleOutputAttribute
SetConsoleCursorPosition
Sleep
BackupWrite
DeleteFileA
FormatMessageA
LocalFree
ReadFile
AllocConsole
GetStdHandle
GetConsoleScreenBufferInfo
SetConsoleScreenBufferSize
GetThreadContext
GetDateFormatA
GetTimeFormatA
GetFullPathNameA
OutputDebugStringA
DebugBreak
LockResource
GetVersionExA
MulDiv
GetModuleFileNameA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
SetLastError
IsDBCSLeadByte
lstrcmpiA
lstrlenA
GetModuleHandleA
GetProcAddress
InterlockedIncrement
GetLastError
lstrlenW
WideCharToMultiByte
InterlockedDecrement
GetCurrentThreadId
MultiByteToWideChar
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
QueryPerformanceCounter
RaiseException

user32

GetKeyState
SetWindowLongA
CharNextA
DefWindowProcA
DestroyWindow
GetWindowLongA
CallWindowProcA
LoadStringA
SendMessageA
DialogBoxParamA
CreateWindowExA
SetWindowPos
GetWindowRect
GetClientRect
InvalidateRect
ShowWindow
IsWindowVisible
RedrawWindow
SetDlgItemInt
SetDlgItemTextA
GetDlgItem
IsWindow
UnregisterClassA
SetCapture
ClientToScreen
SetRect
MapWindowPoints
GetMonitorInfoA
MonitorFromWindow
GetWindow
GetParent
SetCursor
EnableWindow
EndDialog
SetFocus
MessageBeep
LoadCursorA
SendDlgItemMessageA
ClipCursor
GetDC
ReleaseDC
GetCursorPos
GetSystemMenu
EnableMenuItem
DrawMenuBar
MoveWindow
IsDlgButtonChecked
SetForegroundWindow
GetWindowTextA
IntersectRect
UnhookWindowsHookEx
SetActiveWindow
FillRect
LoadAcceleratorsA
GetMessageA
BeginPaint
EndPaint
GetSysColor
EnumChildWindows
LoadIconA
RegisterClassA
MessageBoxA
UpdateWindow
GetSystemMetrics
LoadImageA
GetActiveWindow
GetWindowTextLengthA

advapi32

RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegQueryValueExA

ole32

CoInitialize
CoCreateInstance
CoTaskMemRealloc
CoGetClassObject
CoTaskMemFree
CoUninitialize
CoTaskMemAlloc
CLSIDFromProgID

shell32

SHGetSpecialFolderLocation
SHBrowseForFolderA

oleaut32

VarR8FromDate
VarR8FromBool
VariantTimeToSystemTime
GetErrorInfo
VariantClear
SafeArrayGetUBound
VariantInit
VarUI4FromStr
SysAllocStringLen
SysFreeString
SafeArrayGetLBound
VariantChangeType
SysAllocString

comctl32

FlatSB_GetScrollInfo
ImageList_GetDragImage
ImageList_GetBkColor
ImageList_Duplicate
ImageList_LoadImageA
InitCommonControlsEx

gdi32

CreateSolidBrush
CreateCompatibleBitmap
GetTextExtentPoint32A
DeleteObject
CombineRgn
TextOutA
MoveToEx
SetROP2
SelectObject
CreatePen
CreateICA
GetTextMetricsA
CreateCompatibleDC
DeleteDC
GetObjectA
CreateBitmapIndirect
StretchBlt
SelectPalette
RealizePalette
LineTo
GetStockObject
RestoreDC
UpdateColors
CreateBitmap
CreatePatternBrush
PatBlt
SetBkColor
SetPixelV
SetTextColor
SetBrushOrgEx

comdlg32

GetOpenFileNameA
GetSaveFileNameA

winmm

mmioClose
mmioDescend
timeGetTime
mmioSeek
timeBeginPeriod

ws2_32

socket
WSACleanup
closesocket
getsockopt
bind
WSAStartup
WSAEventSelect

userenv

CreateEnvironmentBlock

avicap32

capCreateCaptureWindowA

msacm32

acmDriverDetailsA

pdh

PdhSetQueryTimeRange
PdhSetLogSetRunID
PdhCollectQueryData

dbghelp

MiniDumpWriteDump

setupapi

SetupDiGetClassDevsA

wtsapi32

WTSQuerySessionInformationA

dxva2

GetNumberOfPhysicalMonitorsFromHMONITOR

Sections

.text
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 187KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
foo/fbab903080d6a4e65a1a2f6bc4d97b7c
.exe windows:4 windows x86 arch:x86

52304e2a18fa5608f4f4aeb8041c7da0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

Imports

kernel32

GetCommandLineA
SetErrorMode
GetModuleHandleA
MulDiv
GetTempFileNameA
GetModuleFileNameA
lstrlenA
_lclose
lstrcpyA
FormatMessageA
lstrcatA
GetLastError
_lwrite
_llseek
GlobalUnlock
GlobalFree
GlobalAlloc
_lopen
GetProcAddress
_lcreat
LoadLibraryA
GetVersionExA
FreeLibrary
OpenFile
ExitProcess
GetCurrentProcess
WinExec
GetTempPathA
_lread
LocalFree
GetWindowsDirectoryA
GlobalLock

user32

GetDC
DrawTextA
EndPaint
InvalidateRect
PostQuitMessage
SendMessageA
DefWindowProcA
GetClientRect
CreateWindowExA
BeginPaint
ReleaseDC
SetWindowPos
ShowWindow
UpdateWindow
SetTimer
LoadIconA
RegisterClassA
MessageBoxA
ExitWindowsEx
LoadCursorA

gdi32

DeleteObject
PatBlt
CreateSolidBrush
GetDeviceCaps
SetTextColor
SetBkMode
TextOutA
StretchDIBits
CreateFontA
SelectObject
SelectPalette
CreatePalette
RealizePalette
GetStockObject

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

Exports

Exports

_MainWndProc@16
_StubFileWrite@12

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
foo/fcdc003a1529fe3660b160fd012173b3
.exe windows:4 windows x86 arch:x86

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:ab:ac:07:f8:d0:ce:56:7f:7d:75:ee:04:7e:fe:e2
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-04-2018 00:00

Not After

23-06-2021 12:00

Subject

CN=Ultrareach Internet Corp.,O=Ultrareach Internet Corp.,L=Cheyenne,ST=Wyoming,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cf:20:21:42:26:36:39:d5:5b:ab:1e:7e:a2:55:c5:b1:6b:6c:05:a2
Signer

Actual PE Digest

cf:20:21:42:26:36:39:d5:5b:ab:1e:7e:a2:55:c5:b1:6b:6c:05:a2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
foo/fffb61eaaac6e8a40bfaa7a4acb6b9ba
.exe windows:4 windows x86 arch:x86

5ab55780c301fce03b308cfc22768213

Code Sign

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

16-07-2036 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04-03-2014 00:00

Not After

03-03-2024 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:d3:da:2b:7c:27:7d:2d:f1:26:1c:b3:bc:ab:b9:6c
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16-03-2017 00:00

Not After

21-04-2018 23:59

Subject

SERIALNUMBER=09500488,CN=MICROLEAVES LTD,O=MICROLEAVES LTD,L=London,ST=London,C=GB,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13064c6f6e646f6e,1.3.6.1.4.1.311.60.2.1.2=#13064c6f6e646f6e,1.3.6.1.4.1.311.60.2.1.3=#13024742

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04-01-2017 00:00

Not After

18-01-2028 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4f:46:9a:c8:e7:41:ef:d8:5a:cc:f5:39:f2:74:0d:95:85:37:6f:9f:b3:ff:42:39:23:ca:42:34:a7:97:52:15
Signer

Actual PE Digest

4f:46:9a:c8:e7:41:ef:d8:5a:cc:f5:39:f2:74:0d:95:85:37:6f:9f:b3:ff:42:39:23:ca:42:34:a7:97:52:15

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

dnsapi

DnsQuery_A
DnsRecordListFree

kernel32

CloseHandle
CreateThread
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetCurrentThread
GetLastError
GetModuleHandleA
GetProcAddress
GetTickCount
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedExchange
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SleepEx
TlsGetValue
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

_strdup
_stricmp
_stricoll
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_errno
_fpreset
_fullpath
_iob
_isctype
_onexit
_pctype
_setmode
abort
atexit
atoi
calloc
exit
fflush
fputc
free
fwrite
getenv
isalnum
isalpha
iscntrl
isgraph
islower
isprint
ispunct
isspace
isupper
isxdigit
localeconv
malloc
mbstowcs
memchr
memcmp
memcpy
memmove
memset
realloc
setlocale
signal
srand
strchr
strcmp
strcoll
strlen
strncmp
strncpy
strstr
time
tolower
toupper
vfprintf
vsprintf
wcslen
wcstombs

ws2_32

WSAGetLastError
WSASetLastError
WSAStartup
__WSAFDIsSet
bind
closesocket
connect
freeaddrinfo
getaddrinfo
getpeername
getsockopt
htons
inet_addr
inet_ntoa
ioctlsocket
recv
select
send
shutdown
socket

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/14
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/80
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/91
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Signatures

Files

75d34a70b1e0a78511f786189af5083d

Headers

File Characteristics

Imports

kernel32

user32

ntdll

gdi32

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 1024B - Virtual size: 890B

.data Size: 25KB - Virtual size: 46KB

.wh18 Size: 5KB - Virtual size: 5KB

.wh14 Size: 14KB - Virtual size: 13KB

.wh17 Size: 4KB - Virtual size: 3KB

.wh16 Size: 2KB - Virtual size: 1KB

.wh15 Size: 512B - Virtual size: 71B

.wh11 Size: 10KB - Virtual size: 9KB

.wh13 Size: 3KB - Virtual size: 2KB

.wh12 Size: 1KB - Virtual size: 1KB

.wh7 Size: 11KB - Virtual size: 11KB

.wh10 Size: 4KB - Virtual size: 4KB

.wh9 Size: 3KB - Virtual size: 2KB

.wh8 Size: 1024B - Virtual size: 934B

.wh3 Size: 12KB - Virtual size: 12KB

.wh6 Size: 4KB - Virtual size: 3KB

.bss Size: 2KB - Virtual size: 2KB

.wh2 Size: 3KB - Virtual size: 3KB

16e370498bafc2da116b687155eb9503

Headers

File Characteristics

Imports

user32

psapi

kernel32

gdi32

advapi32

shell32

ole32

oleaut32

avicap32

wininet

ws2_32

gdiplus

Sections

.text Size: 256KB - Virtual size: 252KB

.rdata Size: 52KB - Virtual size: 49KB

.data Size: 72KB - Virtual size: 103KB

.shared Size: 4KB - Virtual size: 4B

.rsrc Size: 28KB - Virtual size: 25KB

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 464KB

UPX1 Size: 266KB - Virtual size: 268KB

.rsrc Size: 24KB - Virtual size: 24KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 403KB - Virtual size: 402KB

.text1 Size: 512B - Virtual size: 96B

.rdata Size: 91KB - Virtual size: 91KB

.data Size: 22KB - Virtual size: 37KB

.data1 Size: 3KB - Virtual size: 3KB

.rsrc Size: 107KB - Virtual size: 107KB

.reloc Size: 50KB - Virtual size: 50KB

821d34f6795c04ca30de427162a28e5b

Code Sign

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 1024B - Virtual size: 890B

.data
Size: 25KB - Virtual size: 46KB

.wh18
Size: 5KB - Virtual size: 5KB

.wh14
Size: 14KB - Virtual size: 13KB

.wh17
Size: 4KB - Virtual size: 3KB

.wh16
Size: 2KB - Virtual size: 1KB

.wh15
Size: 512B - Virtual size: 71B

.wh11
Size: 10KB - Virtual size: 9KB

.wh13
Size: 3KB - Virtual size: 2KB

.wh12
Size: 1KB - Virtual size: 1KB

.wh7
Size: 11KB - Virtual size: 11KB

.wh10
Size: 4KB - Virtual size: 4KB

.wh9
Size: 3KB - Virtual size: 2KB

.wh8
Size: 1024B - Virtual size: 934B

.wh3
Size: 12KB - Virtual size: 12KB

.wh6
Size: 4KB - Virtual size: 3KB

.bss
Size: 2KB - Virtual size: 2KB

.wh2
Size: 3KB - Virtual size: 3KB

.text
Size: 256KB - Virtual size: 252KB

.rdata
Size: 52KB - Virtual size: 49KB

.data
Size: 72KB - Virtual size: 103KB

.shared
Size: 4KB - Virtual size: 4B

.rsrc
Size: 28KB - Virtual size: 25KB

UPX0
Size: - Virtual size: 464KB

UPX1
Size: 266KB - Virtual size: 268KB

.rsrc
Size: 24KB - Virtual size: 24KB

.text
Size: 403KB - Virtual size: 402KB

.text1
Size: 512B - Virtual size: 96B

.rdata
Size: 91KB - Virtual size: 91KB

.data
Size: 22KB - Virtual size: 37KB

.data1
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 107KB - Virtual size: 107KB

.reloc
Size: 50KB - Virtual size: 50KB

42:26:9f:68:1c:c6:c2:08:f4:12:52:20:6c:49:d2:f0
Certificate

25:e7:3b:77:32:8e:5c:a0:aa:57:f8:65:68:dc:f6:e8
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

1d:0e:70:d9:33:69:4f:c4:ed:b3:d9:00:64:2d:37:bd:e9:a3:ee:61
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 246KB - Virtual size: 245KB

.data
Size: 18KB - Virtual size: 227KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 50KB - Virtual size: 50KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

72:37:ac:bb:ef:66:31:7b:1d:b4:6c:89:8e:1f:3a:be
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

61:3a:6d:3c:e7:1b:12:ad:3f:c3:fb:2c:25:49:12:ab:42:77:f7:57
Signer