JaffaCakes118_e095c09c0839a85ecd84346a853c9c7333c51d1d0080ea41b5cee1f6f897c243

resource	yara_rule
static1/unpack001/malware/1/Setup.exe	vmprotect

resource
unpack001/malware/1/Setup.exe
unpack001/malware/2/Setup.exe
unpack001/malware/4/Setup.exe
unpack001/malware/5/Data/Plug-ins/root/data/Microsoft.Expression.Interactions.dll
unpack001/malware/5/Data/Plug-ins/root/data/Newtonsoft.Json.dll
unpack001/malware/5/Data/Plug-ins/root/data/SQLite.Interop.dll
unpack001/malware/5/Data/Plug-ins/root/data/SharpRaven.dll
unpack001/malware/5/Data/Plug-ins/root/data/System.Data.SQLite.dll
unpack001/malware/5/Data/Plug-ins/root/data/System.Windows.Interactivity.dll
unpack001/malware/5/Data/Plug-ins/root/data/mfcm90.dll
unpack001/malware/5/Data/Plug-ins/root/data/mfcm90u.dll
unpack001/malware/5/Data/Plug-ins/root/data/msvcm90.dll
unpack001/malware/5/Engine.dll
unpack001/malware/5/Setup.exe

.zip

malware/1/OfficeMainFileInfo.txt

malware/1/Setup.exe

.exe windows:6 windows x86 arch:x86

2cb8a2e45af1c372dbb79d88821792a5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

CLRCreateInstance

oleaut32

SafeArrayCreate

kernel32

GetSystemTimeAsFileTime

LocalAlloc

LocalFree

GetModuleFileNameW

ExitProcess

LoadLibraryA

GetModuleHandleA

GetProcAddress

user32

CharUpperBuffW

Sections

.text
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.vmp1
Size: 1024B - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.vmp2
Size: 6.5MB - Virtual size: 6.5MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 69KB - Virtual size: 747KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

malware/1/langs/Croatian.ini

malware/1/langs/Danish.ini

malware/1/langs/English.ini

malware/1/langs/Finnish.ini

malware/1/langs/Hebrew.ini

malware/1/langs/Hungarian.ini

malware/1/langs/Indonesian.ini

malware/1/langs/Japanese.ini

malware/1/langs/Kazakh.ini

malware/1/langs/Korean.ini

malware/1/langs/Kurdish.ini

malware/1/langs/Norwegian.ini

malware/1/langs/SimpChinese.ini

malware/1/langs/Sinhala.ini

malware/1/langs/Slovak.ini

malware/1/langs/Swedish.ini

malware/1/langs/Thai.ini

malware/1/langs/TradChinese.ini

malware/1/langs/Ukrainian.ini

malware/1/langs/UyghurLatin.ini

malware/1/langs/Uzbek.ini

malware/1/langs/Vietnamese.ini

malware/2/Setup.exe

.exe windows:6 windows x86 arch:x86

c526e7dbff6b18f7ef128cd4f72319c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree

VirtualAlloc

lstrlenA

CreateMutexA

LocalAlloc

lstrcmpA

GetLastError

OpenMutexA

GetLogicalProcessorInformationEx

CloseHandle

HeapAlloc

LocalFree

WriteConsoleW

UnhandledExceptionFilter

SetUnhandledExceptionFilter

GetCurrentProcess

TerminateProcess

IsProcessorFeaturePresent

QueryPerformanceCounter

GetCurrentProcessId

GetCurrentThreadId

GetSystemTimeAsFileTime

InitializeSListHead

IsDebuggerPresent

GetStartupInfoW

GetModuleHandleW

RtlUnwind

SetLastError

EnterCriticalSection

LeaveCriticalSection

DeleteCriticalSection

InitializeCriticalSectionAndSpinCount

TlsAlloc

TlsGetValue

TlsSetValue

TlsFree

FreeLibrary

GetProcAddress

LoadLibraryExW

EncodePointer

RaiseException

ExitProcess

GetModuleHandleExW

QueryPerformanceFrequency

GetStdHandle

WriteFile

GetModuleFileNameW

FindClose

FindFirstFileExW

FindNextFileW

IsValidCodePage

GetACP

GetOEMCP

GetCPInfo

GetCommandLineA

GetCommandLineW

MultiByteToWideChar

WideCharToMultiByte

GetEnvironmentStringsW

FreeEnvironmentStringsW

SetStdHandle

GetFileType

GetStringTypeW

LCMapStringW

GetProcessHeap

HeapSize

HeapReAlloc

FlushFileBuffers

GetConsoleOutputCP

GetConsoleMode

SetFilePointerEx

CreateFileW

DecodePointer

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

LoG4WBw
Size: 288KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

malware/3/free_sea_of_thieves_hacks_(esp_.exe

.exe windows:6 windows x86 arch:x86

e569e6f445d32ba23766ad67d1e3787f

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

21:d6:d0:4a:4f:25:0f:c9:32:37:fc:aa:5e:12:8d:e9
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

06/10/2011, 08:39

Not After

06/10/2046, 08:39

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

bb:f0:cc:b5:b7:b8:31:fd:21:ae:32:77:8a:e4:0c:89
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Extended Validation Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

1b:24:8c:85:08:04:2d:36:bb:d5:d9:2d:18:9c:61:d8
Certificate

Issuer

CN=Certum Extended Validation Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

14/09/2022, 16:00

Not After

14/09/2023, 16:00

Subject

SERIALNUMBER=724591,CN=Digital Robin Limited,O=Digital Robin Limited,POSTALCODE=D02 FX60,STREET=85 Merrion Square South,L=Dublin,ST=Leinster,C=IE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024945

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:d6:f7:6e:2a:e4:92:64:0a:07:5f:17:35:29:7d:3d:52:cc:5c:4c
Signer

Actual PE Digest

77:d6:f7:6e:2a:e4:92:64:0a:07:5f:17:35:29:7d:3d:52:cc:5c:4c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_BYTES_REVERSED_LO

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetACP

GetExitCodeProcess

LocalFree

CloseHandle

SizeofResource

VirtualProtect

VirtualFree

GetFullPathNameW

ExitProcess

HeapAlloc

GetCPInfoExW

RtlUnwind

GetCPInfo

GetStdHandle

GetModuleHandleW

FreeLibrary

HeapDestroy

ReadFile

CreateProcessW

GetLastError

GetModuleFileNameW

SetLastError

FindResourceW

CreateThread

CompareStringW

LoadLibraryA

ResetEvent

GetVersion

RaiseException

FormatMessageW

SwitchToThread

GetExitCodeThread

GetCurrentThread

LoadLibraryExW

LockResource

GetCurrentThreadId

UnhandledExceptionFilter

VirtualQuery

VirtualQueryEx

Sleep

EnterCriticalSection

SetFilePointer

LoadResource

SuspendThread

GetTickCount

GetFileSize

GetStartupInfoW

GetFileAttributesW

InitializeCriticalSection

GetSystemWindowsDirectoryW

GetThreadPriority

SetThreadPriority

GetCurrentProcess

VirtualAlloc

GetSystemInfo

GetCommandLineW

LeaveCriticalSection

GetProcAddress

ResumeThread

GetVersionExW

VerifyVersionInfoW

HeapCreate

GetWindowsDirectoryW

VerSetConditionMask

GetDiskFreeSpaceW

FindFirstFileW

GetUserDefaultUILanguage

lstrlenW

QueryPerformanceCounter

SetEndOfFile

HeapFree

WideCharToMultiByte

FindClose

MultiByteToWideChar

LoadLibraryW

SetEvent

CreateFileW

GetLocaleInfoW

GetSystemDirectoryW

DeleteFileW

GetLocalTime

GetEnvironmentVariableW

WaitForSingleObject

WriteFile

ExitThread

DeleteCriticalSection

TlsGetValue

GetDateFormatW

SetErrorMode

IsValidLocale

TlsSetValue

CreateDirectoryW

GetSystemDefaultUILanguage

EnumCalendarInfoW

LocalAlloc

GetUserDefaultLangID

RemoveDirectoryW

CreateEventW

SetThreadLocale

GetThreadLocale

comctl32

InitCommonControls

version

GetFileVersionInfoSizeW

VerQueryValueW

GetFileVersionInfoW

user32

CreateWindowExW

TranslateMessage

CharLowerBuffW

CallWindowProcW

CharUpperW

PeekMessageW

GetSystemMetrics

SetWindowLongW

MessageBoxW

DestroyWindow

CharUpperBuffW

CharNextW

MsgWaitForMultipleObjects

LoadStringW

ExitWindowsEx

DispatchMessageW

oleaut32

SysAllocStringLen

SafeArrayPtrOfIndex

VariantCopy

SafeArrayGetLBound

SafeArrayGetUBound

VariantInit

VariantClear

SysFreeString

SysReAllocStringLen

VariantChangeType

SafeArrayCreate

netapi32

NetWkstaGetInfo

NetApiBufferFree

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW

RegQueryValueExW

AdjustTokenPrivileges

GetTokenInformation

ConvertSidToStringSidW

LookupPrivilegeValueW

RegCloseKey

OpenProcessToken

RegOpenKeyExW

Exports

TMethodImplementationIntercept

__dbk_fcall_wrapper

dbkFCallWrapperAddr

Sections

.text
Size: 718KB - Virtual size: 718KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 27KB

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 24B

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

malware/4/Setup.exe

.exe windows:6 windows x86 arch:x86

c526e7dbff6b18f7ef128cd4f72319c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree

VirtualAlloc

lstrlenA

CreateMutexA

LocalAlloc

lstrcmpA

GetLastError

OpenMutexA

GetLogicalProcessorInformationEx

CloseHandle

HeapAlloc

LocalFree

WriteConsoleW

UnhandledExceptionFilter

SetUnhandledExceptionFilter

GetCurrentProcess

TerminateProcess

IsProcessorFeaturePresent

QueryPerformanceCounter

GetCurrentProcessId

GetCurrentThreadId

GetSystemTimeAsFileTime

InitializeSListHead

IsDebuggerPresent

GetStartupInfoW

GetModuleHandleW

RtlUnwind

SetLastError

EnterCriticalSection

LeaveCriticalSection

DeleteCriticalSection

InitializeCriticalSectionAndSpinCount

TlsAlloc

TlsGetValue

TlsSetValue

TlsFree

FreeLibrary

GetProcAddress

LoadLibraryExW

EncodePointer

RaiseException

ExitProcess

GetModuleHandleExW

QueryPerformanceFrequency

GetStdHandle

WriteFile

GetModuleFileNameW

FindClose

FindFirstFileExW

FindNextFileW

IsValidCodePage

GetACP

GetOEMCP

GetCPInfo

GetCommandLineA

GetCommandLineW

MultiByteToWideChar

WideCharToMultiByte

GetEnvironmentStringsW

FreeEnvironmentStringsW

SetStdHandle

GetFileType

GetStringTypeW

LCMapStringW

GetProcessHeap

HeapSize

HeapReAlloc

FlushFileBuffers

GetConsoleOutputCP

GetConsoleMode

SetFilePointerEx

CreateFileW

DecodePointer

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

Al7UqNa
Size: 288KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

malware/5/Data/Plug-ins/#Rules.txt

malware/5/Data/Plug-ins/#Sample.txt

malware/5/Data/Plug-ins/Sample category/Readme.plg

malware/5/Data/Plug-ins/root/7 Sticky Notes.plg

malware/5/Data/Plug-ins/root/7-Zip.plg

malware/5/Data/Plug-ins/root/AIMP.plg

malware/5/Data/Plug-ins/root/AbiWord.plg

malware/5/Data/Plug-ins/root/Adguard.plg

malware/5/Data/Plug-ins/root/Adobe Brackets.plg

malware/5/Data/Plug-ins/root/Adobe Flash Player.plg

malware/5/Data/Plug-ins/root/Adobe Photoshop.plg

malware/5/Data/Plug-ins/root/Adobe Reader.plg

malware/5/Data/Plug-ins/root/Advanced SystemCare.plg

malware/5/Data/Plug-ins/root/AdwCleaner.plg

malware/5/Data/Plug-ins/root/Alcohol 120%.plg

malware/5/Data/Plug-ins/root/Any Video Converter.plg

malware/5/Data/Plug-ins/root/AnyDVD.plg

malware/5/Data/Plug-ins/root/AnyDesk.plg

malware/5/Data/Plug-ins/root/Ares.plg

malware/5/Data/Plug-ins/root/Audacity.plg

malware/5/Data/Plug-ins/root/AudioSwitcher.plg

malware/5/Data/Plug-ins/root/BSPlayer.plg

malware/5/Data/Plug-ins/root/Bandizip.plg

malware/5/Data/Plug-ins/root/Beyond Compare.plg

malware/5/Data/Plug-ins/root/BlueStacks.plg

malware/5/Data/Plug-ins/root/CCleaner.plg

malware/5/Data/Plug-ins/root/CDBurnerXP.plg

malware/5/Data/Plug-ins/root/CDex.plg

malware/5/Data/Plug-ins/root/Calibre.plg

malware/5/Data/Plug-ins/root/Cheat Engine.plg

malware/5/Data/Plug-ins/root/Citrix ICA Client.plg

malware/5/Data/Plug-ins/root/Classic Shell.plg

malware/5/Data/Plug-ins/root/CloneApp.plg

malware/5/Data/Plug-ins/root/CloneCD.plg

malware/5/Data/Plug-ins/root/Cobian Backup.plg

malware/5/Data/Plug-ins/root/Cybderduck.plg

malware/5/Data/Plug-ins/root/DUMo.plg

malware/5/Data/Plug-ins/root/Defraggler.plg

malware/5/Data/Plug-ins/root/DesktopOK.plg

malware/5/Data/Plug-ins/root/DisplayFusion.plg

malware/5/Data/Plug-ins/root/Download Master.plg

malware/5/Data/Plug-ins/root/Dropbox.plg

malware/5/Data/Plug-ins/root/EagleGet.plg

malware/5/Data/Plug-ins/root/Evernote.plg

malware/5/Data/Plug-ins/root/Everything.plg

malware/5/Data/Plug-ins/root/F.lux.plg

malware/5/Data/Plug-ins/root/FastStone Capture.plg

malware/5/Data/Plug-ins/root/FastStone Image Viewer.plg

malware/5/Data/Plug-ins/root/Fences.plg

malware/5/Data/Plug-ins/root/FileZilla.plg

malware/5/Data/Plug-ins/root/Foxit Reader.plg

malware/5/Data/Plug-ins/root/Free Download Manager 5.plg

malware/5/Data/Plug-ins/root/Free Download Manager.plg

malware/5/Data/Plug-ins/root/Free YouTube to MP3 Converter.plg

malware/5/Data/Plug-ins/root/FreeCommander.plg

malware/5/Data/Plug-ins/root/GIMP.plg

malware/5/Data/Plug-ins/root/GOM Player.plg

malware/5/Data/Plug-ins/root/Github Atom.plg

malware/5/Data/Plug-ins/root/Glary Utilities.plg

malware/5/Data/Plug-ins/root/Google Chrome.plg

malware/5/Data/Plug-ins/root/Google Drive.plg

malware/5/Data/Plug-ins/root/Google Earth.plg

malware/5/Data/Plug-ins/root/Google Picasa.plg

malware/5/Data/Plug-ins/root/Greenshot.plg

malware/5/Data/Plug-ins/root/Handbrake.plg

malware/5/Data/Plug-ins/root/HijackThis.plg

malware/5/Data/Plug-ins/root/IDM.plg

malware/5/Data/Plug-ins/root/IZArc.plg

malware/5/Data/Plug-ins/root/ImgBurn.plg

malware/5/Data/Plug-ins/root/InfraRecorder.plg

malware/5/Data/Plug-ins/root/Inkscape.plg

malware/5/Data/Plug-ins/root/Inno Setup.plg

malware/5/Data/Plug-ins/root/Installed Software.plg

malware/5/Data/Plug-ins/root/IrfanView.plg

malware/5/Data/Plug-ins/root/IsoBuster.plg

malware/5/Data/Plug-ins/root/JDownloader 2.plg

malware/5/Data/Plug-ins/root/JDownloader.plg

malware/5/Data/Plug-ins/root/Java.plg

malware/5/Data/Plug-ins/root/Junkware Removal Tool.plg

malware/5/Data/Plug-ins/root/KMPlayer.plg

malware/5/Data/Plug-ins/root/KeePass.plg

malware/5/Data/Plug-ins/root/Ketarin.plg

malware/5/Data/Plug-ins/root/Kodi.plg

malware/5/Data/Plug-ins/root/Launchy.plg

malware/5/Data/Plug-ins/root/LibreOffice.plg

malware/5/Data/Plug-ins/root/MP3tag.plg

malware/5/Data/Plug-ins/root/MPC-BE.plg

malware/5/Data/Plug-ins/root/MPC-HC.plg

malware/5/Data/Plug-ins/root/MailWasher.plg

malware/5/Data/Plug-ins/root/Malwarebytes Anti-Malware.plg

malware/5/Data/Plug-ins/root/Maxthon Cloud Browser.plg

malware/5/Data/Plug-ins/root/MediaMonkey.plg

malware/5/Data/Plug-ins/root/Microsoft Edge Favorites.plg

malware/5/Data/Plug-ins/root/Microsoft Edge.plg

malware/5/Data/Plug-ins/root/Microsoft Internet Explorer Cookies.plg

malware/5/Data/Plug-ins/root/Microsoft Internet Explorer Favorites.plg

malware/5/Data/Plug-ins/root/Microsoft Internet Explorer Send To.plg

malware/5/Data/Plug-ins/root/Microsoft Internet Explorer.plg

malware/5/Data/Plug-ins/root/Microsoft Office 2010 Activation.plg

malware/5/Data/Plug-ins/root/Microsoft Office Excel 2010.plg

malware/5/Data/Plug-ins/root/Microsoft Office Excel 2013.plg

malware/5/Data/Plug-ins/root/Microsoft Office Excel 2016.plg

malware/5/Data/Plug-ins/root/Microsoft Office OneNote 2010.plg

malware/5/Data/Plug-ins/root/Microsoft Office OneNote 2013.plg

malware/5/Data/Plug-ins/root/Microsoft Office OneNote 2016.plg

malware/5/Data/Plug-ins/root/Microsoft Office Outlook 2010.plg

malware/5/Data/Plug-ins/root/Microsoft Office Outlook 2013.plg

malware/5/Data/Plug-ins/root/Microsoft Office Outlook 2016.plg

malware/5/Data/Plug-ins/root/Microsoft Office PowerPoint 2010.plg

malware/5/Data/Plug-ins/root/Microsoft Office PowerPoint 2013.plg

malware/5/Data/Plug-ins/root/Microsoft Office PowerPoint 2016.plg

malware/5/Data/Plug-ins/root/Microsoft Office Word 2010.plg

malware/5/Data/Plug-ins/root/Microsoft Office Word 2013.plg

malware/5/Data/Plug-ins/root/Microsoft Office Word 2016.plg

malware/5/Data/Plug-ins/root/Miranda IM.plg

malware/5/Data/Plug-ins/root/Mozilla Firefox Bookmarks.plg

malware/5/Data/Plug-ins/root/Mozilla Firefox.plg

malware/5/Data/Plug-ins/root/Mozilla Thunderbird.plg

malware/5/Data/Plug-ins/root/Mozy.plg

malware/5/Data/Plug-ins/root/Mumble.plg

malware/5/Data/Plug-ins/root/MusicBee.plg

malware/5/Data/Plug-ins/root/MyPhoneExplorer.plg

malware/5/Data/Plug-ins/root/Nitro Reader.plg

malware/5/Data/Plug-ins/root/Notepad++.plg

malware/5/Data/Plug-ins/root/O&O Defrag.plg

malware/5/Data/Plug-ins/root/OpenOffice.plg

malware/5/Data/Plug-ins/root/Opera.plg

malware/5/Data/Plug-ins/root/PDF Split and Merge.plg

malware/5/Data/Plug-ins/root/PDF-XChange Editor.plg

malware/5/Data/Plug-ins/root/PDF24 Creator.plg

malware/5/Data/Plug-ins/root/PDFCreator.plg

malware/5/Data/Plug-ins/root/PTGui.plg

malware/5/Data/Plug-ins/root/Paint.NET.plg

malware/5/Data/Plug-ins/root/Pale Moon.plg

malware/5/Data/Plug-ins/root/PeaZip.plg

malware/5/Data/Plug-ins/root/PhotoScape.plg

malware/5/Data/Plug-ins/root/PicPick.plg

malware/5/Data/Plug-ins/root/Pidgin.plg

malware/5/Data/Plug-ins/root/Plex Media Server.plg

malware/5/Data/Plug-ins/root/PotPlayer.plg

malware/5/Data/Plug-ins/root/PowerArchiver.plg

malware/5/Data/Plug-ins/root/PrivaZer.plg

malware/5/Data/Plug-ins/root/Process Explorer.plg

malware/5/Data/Plug-ins/root/Process Lasso.plg

malware/5/Data/Plug-ins/root/Product Keys.plg

malware/5/Data/Plug-ins/root/PuTTY.plg

malware/5/Data/Plug-ins/root/Q-Dir.plg

malware/5/Data/Plug-ins/root/QuickTime.plg

malware/5/Data/Plug-ins/root/QuiteRSS.plg

malware/5/Data/Plug-ins/root/RJ TextEd.plg

malware/5/Data/Plug-ins/root/Rainmeter.plg

malware/5/Data/Plug-ins/root/Recuva.plg

malware/5/Data/Plug-ins/root/Resource Hacker.plg

malware/5/Data/Plug-ins/root/SMPlayer.plg

malware/5/Data/Plug-ins/root/STDU Viewer.plg

malware/5/Data/Plug-ins/root/SUMo.plg

malware/5/Data/Plug-ins/root/SUPERAntiSpyware.plg

malware/5/Data/Plug-ins/root/Samsung Kies.plg

malware/5/Data/Plug-ins/root/Sandboxie.plg

malware/5/Data/Plug-ins/root/Shareaza.plg

malware/5/Data/Plug-ins/root/Skype.plg

malware/5/Data/Plug-ins/root/SlimBrowser.plg

malware/5/Data/Plug-ins/root/Smart Defrag.plg

malware/5/Data/Plug-ins/root/SmartFTP.plg

malware/5/Data/Plug-ins/root/SnagIt.plg

malware/5/Data/Plug-ins/root/Speccy.plg

malware/5/Data/Plug-ins/root/SpyBot - Search & Destroy.plg

malware/5/Data/Plug-ins/root/Stardock.plg

malware/5/Data/Plug-ins/root/Start Menu 8.plg

malware/5/Data/Plug-ins/root/Steam.plg

malware/5/Data/Plug-ins/root/Stellarium.plg

malware/5/Data/Plug-ins/root/Sublime Text.plg

malware/5/Data/Plug-ins/root/SumatraPDF.plg

malware/5/Data/Plug-ins/root/SyncBackFree.plg

malware/5/Data/Plug-ins/root/Syncovery Pro.plg

malware/5/Data/Plug-ins/root/System Ninja.plg

malware/5/Data/Plug-ins/root/TeamSpeak.plg

malware/5/Data/Plug-ins/root/TeamViewer.plg

malware/5/Data/Plug-ins/root/TeraCopy.plg

malware/5/Data/Plug-ins/root/Tha Bat!.plg

malware/5/Data/Plug-ins/root/TortoiseSVN.plg

malware/5/Data/Plug-ins/root/Total Uninstall.plg

malware/5/Data/Plug-ins/root/Trillian.plg

malware/5/Data/Plug-ins/root/TrueCrypt.plg

malware/5/Data/Plug-ins/root/TweetDeck.plg

malware/5/Data/Plug-ins/root/UltraISO.plg

malware/5/Data/Plug-ins/root/UltraVNC.plg

malware/5/Data/Plug-ins/root/VLC media player.plg

malware/5/Data/Plug-ins/root/VeraCrypt.plg

malware/5/Data/Plug-ins/root/VirtualBox.plg

malware/5/Data/Plug-ins/root/Vivaldi.plg

malware/5/Data/Plug-ins/root/Vuze.plg

malware/5/Data/Plug-ins/root/Web Browser Passwords.plg

malware/5/Data/Plug-ins/root/WinDirStat.plg

malware/5/Data/Plug-ins/root/WinMerge.plg

malware/5/Data/Plug-ins/root/WinRAR.plg

malware/5/Data/Plug-ins/root/WinSCP.plg

malware/5/Data/Plug-ins/root/WinZip.plg

malware/5/Data/Plug-ins/root/Winamp.plg

malware/5/Data/Plug-ins/root/Window Blinds.plg

malware/5/Data/Plug-ins/root/Windows Account Pictures.plg

malware/5/Data/Plug-ins/root/Windows Command Prompt.plg

malware/5/Data/Plug-ins/root/Windows Contacts.plg

malware/5/Data/Plug-ins/root/Windows Desktop.plg

malware/5/Data/Plug-ins/root/Windows Documents.plg

malware/5/Data/Plug-ins/root/Windows Downloads.plg

malware/5/Data/Plug-ins/root/Windows Explorer.plg

malware/5/Data/Plug-ins/root/Windows Firewall.plg

malware/5/Data/Plug-ins/root/Windows Hosts.plg

malware/5/Data/Plug-ins/root/Windows Libraries.plg

malware/5/Data/Plug-ins/root/Windows Links.plg

malware/5/Data/Plug-ins/root/Windows Local Group Policy.plg

malware/5/Data/Plug-ins/root/Windows Mail.plg

malware/5/Data/Plug-ins/root/Windows Media Player.plg

malware/5/Data/Plug-ins/root/Windows Music.plg

malware/5/Data/Plug-ins/root/Windows Network Credentials.plg

malware/5/Data/Plug-ins/root/Windows Network.plg

malware/5/Data/Plug-ins/root/Windows ODBC Connections.plg

malware/5/Data/Plug-ins/root/Windows OneDrive.plg

malware/5/Data/Plug-ins/root/Windows Pictures.plg

malware/5/Data/Plug-ins/root/Windows Public Desktop.plg

malware/5/Data/Plug-ins/root/Windows Public Documents.plg

malware/5/Data/Plug-ins/root/Windows Public Downloads.plg

malware/5/Data/Plug-ins/root/Windows Public Music.plg

malware/5/Data/Plug-ins/root/Windows Public Pictures.plg

malware/5/Data/Plug-ins/root/Windows Public Videos.plg

malware/5/Data/Plug-ins/root/Windows Quick Launch.plg

malware/5/Data/Plug-ins/root/Windows Run List.plg

malware/5/Data/Plug-ins/root/Windows Saved Games.plg

malware/5/Data/Plug-ins/root/Windows Searches.plg

malware/5/Data/Plug-ins/root/Windows Send To.plg

malware/5/Data/Plug-ins/root/Windows Sidebar.plg

malware/5/Data/Plug-ins/root/Windows Startmenu.plg

malware/5/Data/Plug-ins/root/Windows System Utilities.plg

malware/5/Data/Plug-ins/root/Windows Taskbar.plg

malware/5/Data/Plug-ins/root/Windows Themes.plg

malware/5/Data/Plug-ins/root/Windows Videos.plg

malware/5/Data/Plug-ins/root/Windows Window Metrics.plg

malware/5/Data/Plug-ins/root/Winstep NeXus.plg

malware/5/Data/Plug-ins/root/Winyl.plg

malware/5/Data/Plug-ins/root/Wireless Network Keys.plg

malware/5/Data/Plug-ins/root/Wireshark.plg

malware/5/Data/Plug-ins/root/Wise Disk Cleaner.plg

malware/5/Data/Plug-ins/root/XnView.plg

malware/5/Data/Plug-ins/root/cFosSpeed.plg

malware/5/Data/Plug-ins/root/data/BIBUtils.dll

.dll windows:6 windows x64 arch:x64

4ca0a86428c07200e81af54fe58580cf

Code Sign

01:02:80:e6:32:aa:56:50:91:67:c4:2a:dc:45:2f:68
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/12/2020, 00:00

Not After

21/12/2022, 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Photoshop\, Bridge,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

6c:67:ad:dd:7c:0f:1b:4d:49:cd:c4:0b:95:a0:5d:a2:3f:e3:ac:87:80:f6:75:61:8e:1d:d8:54:40:2d:4a:ec
Signer

Actual PE Digest

6c:67:ad:dd:7c:0f:1b:4d:49:cd:c4:0b:95:a0:5d:a2:3f:e3:ac:87:80:f6:75:61:8e:1d:d8:54:40:2d:4a:ec

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

BIBUtils.pdb

Imports

kernel32

SwitchToThread

InitializeCriticalSection

EnterCriticalSection

LeaveCriticalSection

DeleteCriticalSection

GetCurrentDirectoryA

GetTempPathA

GetCurrentProcessId

GetCurrentThreadId

GetSystemTimeAsFileTime

QueryPerformanceCounter

IsDebuggerPresent

IsProcessorFeaturePresent

TerminateProcess

GetCurrentProcess

SetUnhandledExceptionFilter

UnhandledExceptionFilter

RtlVirtualUnwind

RtlLookupFunctionEntry

RtlCaptureContext

InitializeSListHead

vcruntime140

__std_type_info_destroy_list

_purecall

memcpy

__RTDynamicCast

__CxxFrameHandler3

_CxxThrowException

__std_exception_destroy

__std_exception_copy

__std_terminate

strstr

__C_specific_handler

memset

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table

_errno

_execute_onexit_table

_initialize_narrow_environment

_cexit

_configure_narrow_argv

_seh_filter_dll

_initterm

_initterm_e

_crt_atexit

_register_onexit_function

_invalid_parameter_noinfo

api-ms-win-crt-string-l1-1-0

strspn

isprint

isdigit

strcspn

isalpha

api-ms-win-crt-convert-l1-1-0

atof

atoi

api-ms-win-crt-filesystem-l1-1-0

_stat64i32

remove

rename

api-ms-win-crt-stdio-l1-1-0

_sopen_dispatch

_close

__stdio_common_vsscanf

__stdio_common_vsprintf_s

api-ms-win-crt-heap-l1-1-0

malloc

_callnewh

free

Exports

BIBUtilsGetVersion

BIBUtilsInitialize

BIBUtilsTerminate

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 580B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

malware/5/Data/Plug-ins/root/data/CITThreading.dll

.dll windows:6 windows x64 arch:x64

97496aa4628a1bb046446e96cadab9b0

Code Sign

01:02:80:e6:32:aa:56:50:91:67:c4:2a:dc:45:2f:68
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/12/2020, 00:00

Not After

21/12/2022, 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Photoshop\, Bridge,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

09:c3:c4:86:5c:f5:df:97:0f:f8:cb:82:2f:e7:08:8b:fb:c1:9c:7a:6a:60:39:e6:87:6c:1c:d2:bf:8b:20:5e
Signer

Actual PE Digest

09:c3:c4:86:5c:f5:df:97:0f:f8:cb:82:2f:e7:08:8b:fb:c1:9c:7a:6a:60:39:e6:87:6c:1c:d2:bf:8b:20:5e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

E:\W64Rel\20210906.r.215\photoshop\main\shared\projects\cit\Release\x64\cit_threading_boost\CITThreading.pdb

Imports

kernel32

CloseHandle

DuplicateHandle

QueryPerformanceCounter

QueryPerformanceFrequency

SetEvent

ReleaseSemaphore

WaitForSingleObjectEx

CreateEventA

GetCurrentProcess

GetSystemTimeAsFileTime

LocalFree

FormatMessageA

FormatMessageW

CreateSemaphoreA

WideCharToMultiByte

EnterCriticalSection

LeaveCriticalSection

InitializeCriticalSectionEx

DeleteCriticalSection

Sleep

GetCurrentProcessId

GetCurrentThreadId

HeapAlloc

HeapFree

GetProcessHeap

GetNativeSystemInfo

DisableThreadLibraryCalls

GetStartupInfoW

IsDebuggerPresent

IsProcessorFeaturePresent

TerminateProcess

SetUnhandledExceptionFilter

UnhandledExceptionFilter

RtlVirtualUnwind

RtlLookupFunctionEntry

RtlCaptureContext

GetModuleHandleW

CreateEventW

InitializeCriticalSectionAndSpinCount

GetProcAddress

GetModuleHandleA

GetLogicalProcessorInformation

TlsFree

TlsSetValue

TlsGetValue

TlsAlloc

ResumeThread

CreateWaitableTimerW

SetWaitableTimer

WaitForMultipleObjectsEx

ResetEvent

InitializeSListHead

OpenEventA

GetSystemInfo

GetLastError

msvcp140

?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ

?_Xlength_error@std@@YAXPEBD@Z

?_Xbad_function_call@std@@YAXXZ

?_Xbad_alloc@std@@YAXXZ

?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ

_Mbrtowc

?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ

vcruntime140

__std_type_info_destroy_list

__std_terminate

_purecall

memmove

__C_specific_handler

__CxxFrameHandler3

__std_exception_copy

__std_exception_destroy

_CxxThrowException

memcpy

memset

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll

strerror

_configure_narrow_argv

_beginthreadex

terminate

_initialize_narrow_environment

_initialize_onexit_table

_register_onexit_function

_invalid_parameter_noinfo_noreturn

_execute_onexit_table

_initterm_e

_initterm

_cexit

_crt_at_quick_exit

_crt_atexit

api-ms-win-crt-heap-l1-1-0

malloc

_callnewh

free

calloc

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf

api-ms-win-crt-string-l1-1-0

strncpy

api-ms-win-crt-time-l1-1-0

_gmtime64

Exports

??0Autolock@CITThreading@@QEAA@AEAVCriticalSection@1@@Z

??0CriticalSection@CITThreading@@QEAA@XZ

??0ExecutorBase@CIT@@QEAA@XZ

??0RunExecutor@CIT@@QEAA@AEAV?$vector@V?$shared_ptr@VExecutorBase@CIT@@@std@@V?$allocator@V?$shared_ptr@VExecutorBase@CIT@@@std@@@2@@std@@_N@Z

??0RunExecutor@CIT@@QEAA@AEBV01@@Z

??0ThreadPoolManagementInitializer@CITThreading@@QEAA@J@Z

??0ThreadSafeQueueBase@CITThreading@@QEAA@XZ

??0ThreadSafeStackBase@CITThreading@@QEAA@XZ

??0ThreadedExecutorContext@CITThreading@@QEAA@AEBV01@@Z

??0ThreadedExecutorContext@CITThreading@@QEAA@XZ

??1Autolock@CITThreading@@QEAA@XZ

??1CriticalSection@CITThreading@@QEAA@XZ

??1ExecutorBase@CIT@@UEAA@XZ

??1RunExecutor@CIT@@UEAA@XZ

??1ThreadPoolManagementInitializer@CITThreading@@QEAA@XZ

??1ThreadSafeQueueBase@CITThreading@@QEAA@XZ

??1ThreadSafeStackBase@CITThreading@@QEAA@XZ

??1ThreadedExecutorContext@CITThreading@@QEAA@XZ

??4RunExecutor@CIT@@QEAAAEAV01@AEBV01@@Z

??4ThreadPoolManagement@CITThreading@@QEAAAEAV01@$$QEAV01@@Z

??4ThreadPoolManagement@CITThreading@@QEAAAEAV01@AEBV01@@Z

??4ThreadPoolManagementInitializer@CITThreading@@QEAAAEAV01@AEBV01@@Z

??4ThreadSafeQueueBase@CITThreading@@QEAAAEAV01@AEBV01@@Z

??4ThreadSafeStackBase@CITThreading@@QEAAAEAV01@AEBV01@@Z

??4ThreadedExecutorContext@CITThreading@@QEAAAEAV01@AEBV01@@Z

??_7ExecutorBase@CIT@@6B@

??_7RunExecutor@CIT@@6B@

??_FThreadPoolManagementInitializer@CITThreading@@QEAAXXZ

?AtomicDecrementRefCount@ThreadedExecutorContext@CITThreading@@QEAAJXZ

?AtomicIncrementRefCount@ThreadedExecutorContext@CITThreading@@QEAAJXZ

?AtomicReadRefCount@ThreadedExecutorContext@CITThreading@@QEAAJXZ

?AttachToPool@ThreadPoolManagement@CITThreading@@SAJJ@Z

?CheckNumThreads@RunExecutor@CIT@@SAJJ@Z

?ChunkGetNumThreads@RunExecutor@CIT@@SAJJ_K@Z

?CreateAsyncThreadedExecutor@CITThreading@@YA?AV?$shared_ptr@VAsyncThreadedExecutor@CITThreading@@@std@@J_N@Z

?CreateQueuedAsyncThreadedExecutor@CITThreading@@YA?AV?$shared_ptr@VQueuedAsyncThreadedExecutor@CITThreading@@@std@@J_N@Z

?DoAbort@ExecutorBase@CIT@@UEAAXXZ

?DoAbort@ThreadSafeQueueBase@CITThreading@@QEAAXXZ

?DoAbort@ThreadSafeStackBase@CITThreading@@QEAAXXZ

?Enter@CriticalSection@CITThreading@@QEAAXXZ

?GetAbort@ExecutorBase@CIT@@QEBA_NXZ

?GetAbort@ThreadSafeQueueBase@CITThreading@@QEBA_NXZ

?GetAbort@ThreadSafeStackBase@CITThreading@@QEBA_NXZ

?GetCPUCount@CITThreading@@YAKXZ

?GetCount@ExecutorBase@CIT@@QEBAJXZ

?GetCount@ThreadSafeQueueBase@CITThreading@@QEBAJXZ

?GetCount@ThreadSafeStackBase@CITThreading@@QEBAJXZ

?GetCurrentProcessID@CITThreading@@YAJXZ

?GetCurrentThreadID@CITThreading@@YAKXZ

?GetErrorCode@ExecutorBase@CIT@@QEBA?AW4CitError@2@XZ

?GetItems@ExecutorBase@CIT@@QEBAJXZ

?GetMaxCount@ThreadSafeQueueBase@CITThreading@@QEBAJXZ

?GetMaxCount@ThreadSafeStackBase@CITThreading@@QEBAJXZ

?GetName@CITThreading@@YAPEBDXZ

?GetNestedLevel@ThreadedExecutorContext@CITThreading@@QEAAJXZ

?GetParentThreadedExecutorContext@ThreadedExecutorContext@CITThreading@@QEAAAEBV?$shared_ptr@VThreadedExecutorContext@CITThreading@@@std@@XZ

?GetPoppedItems@ThreadSafeQueueBase@CITThreading@@QEBAJXZ

?GetPoppedItems@ThreadSafeStackBase@CITThreading@@QEBAJXZ

?GetProgressUpdate@RunExecutor@CIT@@MEAAJXZ

?GetPushedItems@ThreadSafeQueueBase@CITThreading@@QEBAJXZ

?GetPushedItems@ThreadSafeStackBase@CITThreading@@QEBAJXZ

?GetTotalCountedItemsDone@RunExecutor@CIT@@UEBAJXZ

?GetTotalItems@RunExecutor@CIT@@UEBAJXZ

?IncrementCount@ExecutorBase@CIT@@QEAAJXZ

?Join@RunExecutor@CIT@@UEAA?AW4CitError@2@XZ

?Leave@CriticalSection@CITThreading@@QEAAXXZ

?NotifyAll@ThreadedExecutorContext@CITThreading@@QEAAXXZ

?Pop@ThreadSafeQueueBase@CITThreading@@QEAA_NAEAPEAXH@Z

?PopFront@ThreadSafeStackBase@CITThreading@@QEAA_NAEAPEAXH@Z

?Push@ThreadSafeQueueBase@CITThreading@@QEAA_NPEAX@Z

?PushFront@ThreadSafeStackBase@CITThreading@@QEAA_NPEAX@Z

?RemoveFromPool@ThreadPoolManagement@CITThreading@@SAJXZ

?Run@RunExecutor@CIT@@QEAA?AW4CitError@2@PEAUIProgressStatusSuite@2@@Z

?SetCountChangedFn@ExecutorBase@CIT@@QEAAXAEBV?$function@$$A6AXXZ@std@@@Z

?SetErrorCode@ExecutorBase@CIT@@QEAAXW4CitError@2@@Z

?SetItems@ExecutorBase@CIT@@QEAAXJ@Z

?SetMaxCount@ThreadSafeQueueBase@CITThreading@@QEAAXJ@Z

?SetMaxCount@ThreadSafeStackBase@CITThreading@@QEAAXJ@Z

?SetParentThreadedExecutorContext@ThreadedExecutorContext@CITThreading@@QEAAXAEBV?$shared_ptr@VThreadedExecutorContext@CITThreading@@@std@@@Z

?Sleep@CITThreading@@YAXJ@Z

?Start@RunExecutor@CIT@@UEAA?AW4CitError@2@PEAUIProgressStatusSuite@2@@Z

?SupportMultiThreadedMode@CITThreading@@YA_NXZ

?WaitNotify@ThreadedExecutorContext@CITThreading@@QEAAXXZ

Sections

.text
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

malware/5/Data/Plug-ins/root/data/CRClient.dll

.dll windows:6 windows x64 arch:x64

4a771c9af491309114263cd5a03e144c

Code Sign

01:02:80:e6:32:aa:56:50:91:67:c4:2a:dc:45:2f:68
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/12/2020, 00:00

Not After

21/12/2022, 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Photoshop\, Bridge,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

e0:e6:d2:ba:28:7c:14:e9:2b:b9:07:c6:21:ba:ae:68:6f:01:b3:99:65:e3:ef:ac:49:26:68:d8:44:3a:05:a1
Signer

Actual PE Digest

e0:e6:d2:ba:28:7c:14:e9:2b:b9:07:c6:21:ba:ae:68:6f:01:b3:99:65:e3:ef:ac:49:26:68:d8:44:3a:05:a1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

D:\Jenkins\workspace\CR Win Client Release Build\public\CR4.0\Source\CRWindowsClient\3.0\3.0.2\CRWindowsClientService\x64\Release\CRClient.pdb

Imports

dbghelp

SymFromAddr

StackWalk64

SymGetModuleBase64

SymGetModuleInfo64

SymInitialize

SymFunctionTableAccess64

kernel32

GetCurrentProcess

MultiByteToWideChar

LoadResource

LockResource

SizeofResource

FindResourceW

FindResourceExW

GetModuleHandleW

CloseHandle

CreateThread

WaitForSingleObject

GetModuleFileNameW

FreeLibrary

ReadFile

GetCurrentThreadId

ReadProcessMemory

TerminateProcess

GetCurrentProcessId

TerminateThread

OpenThread

GetThreadId

GetProcessId

K32GetModuleFileNameExW

SuspendThread

GetThreadContext

ResumeThread

ConnectNamedPipe

WriteProcessMemory

WerRegisterRuntimeExceptionModule

WerUnregisterRuntimeExceptionModule

VerSetConditionMask

VerifyVersionInfoW

CreateProcessW

WideCharToMultiByte

CreateNamedPipeW

WriteFile

FlushFileBuffers

DisconnectNamedPipe

CreateFileW

GetFileAttributesExW

EnterCriticalSection

LeaveCriticalSection

SetEvent

ResetEvent

WaitForSingleObjectEx

CreateEventW

RtlCaptureContext

RtlLookupFunctionEntry

RtlVirtualUnwind

UnhandledExceptionFilter

VirtualProtect

SetUnhandledExceptionFilter

GetProcessHeap

HeapSize

HeapReAlloc

HeapFree

HeapAlloc

HeapDestroy

LoadLibraryW

GetProcAddress

DeleteCriticalSection

InitializeCriticalSectionEx

GetLastError

RaiseException

IsProcessorFeaturePresent

QueryPerformanceCounter

GetSystemTimeAsFileTime

InitializeSListHead

OutputDebugStringW

LocaleNameToLCID

IsDebuggerPresent

user32

IsWindowVisible

EnableWindow

IsHungAppWindow

DisableProcessWindowsGhosting

MessageBoxW

GetWindowTextW

GetWindowTextLengthW

ReleaseDC

DrawIconEx

GetSysColor

GetDC

SetFocus

GetDlgCtrlID

IsDlgButtonChecked

PostMessageW

ShowWindow

GetSystemMenu

EnableMenuItem

GetWindowThreadProcessId

GetSysColorBrush

EndDialog

GetWindow

SetWindowTextW

SetDlgItemTextW

SetWindowPos

OffsetRect

CopyRect

GetDesktopWindow

GetKeyState

GetDlgItem

GetWindowLongPtrW

GetParent

SetCursor

LoadCursorW

ReleaseCapture

PtInRect

ClientToScreen

GetWindowRect

SetCapture

InvalidateRect

GetCapture

SendMessageW

EnumWindows

CheckDlgButton

SetPropW

RemovePropW

DialogBoxIndirectParamW

GetPropW

CallWindowProcW

SetWindowLongPtrW

gdi32

DeleteDC

CreateSolidBrush

CreateCompatibleBitmap

CreateCompatibleDC

SelectObject

SetBkMode

CreateFontIndirectW

GetObjectW

SetTextColor

DeleteObject

advapi32

RegSetValueExW

RegQueryValueExW

RegCloseKey

RegCreateKeyExW

RegOpenKeyExW

shell32

SHCreateDirectoryExW

SHGetKnownFolderPath

ord6

ole32

CoCreateGuid

CoTaskMemFree

msvcp140

??0_Locinfo@std@@QEAA@PEBD@Z

??1_Locinfo@std@@QEAA@XZ

?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ

??0facet@locale@std@@IEAA@_K@Z

??1facet@locale@std@@MEAA@XZ

?tolower@?$ctype@D@std@@QEBADD@Z

?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z

?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?is@?$ctype@_W@std@@QEBA_NF_W@Z

?tolower@?$ctype@_W@std@@QEBA_W_W@Z

?tolower@?$ctype@_W@std@@QEBAPEB_WPEA_WPEB_W@Z

?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z

?id@?$collate@D@std@@2V0locale@2@A

?id@?$collate@_W@std@@2V0locale@2@A

?id@?$ctype@D@std@@2V0locale@2@A

?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z

?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z

?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ

?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ

?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ

??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z

?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ

?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ

?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ

?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z

?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ

?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z

??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ

?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z

?read@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@PEA_W_J@Z

?seekg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_JH@Z

_Wcsxfrm

_Strxfrm

_Wcscoll

_Strcoll

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z

?_Xbad_alloc@std@@YAXXZ

??0_Lockit@std@@QEAA@H@Z

??1_Lockit@std@@QEAA@XZ

?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ

?_Xout_of_range@std@@YAXPEBD@Z

?_BADOFF@std@@3_JB

?_Xlength_error@std@@YAXPEBD@Z

?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A

??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ

?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXXZ

??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ

??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z

??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ

??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ

?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ

?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z

?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z

??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ

?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z

?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z

?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z

?always_noconv@codecvt_base@std@@QEBA_NXZ

??Bid@locale@std@@QEAA_KXZ

?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z

?_Throw_C_error@std@@YAXH@Z

_Thrd_start

_Thrd_detach

_Mtx_init

_Mtx_lock

_Mtx_unlock

_Cnd_init

_Cnd_wait

_Cnd_signal

_Cnd_destroy

_Mtx_destroy

_Cnd_do_broadcast_at_thread_exit

?_Throw_Cpp_error@std@@YAXH@Z

_Mtx_init_in_situ

_Mtx_destroy_in_situ

?empty@locale@std@@SA?AV12@XZ

?uncaught_exception@std@@YA_NXZ

?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z

?id@?$ctype@_W@std@@2V0locale@2@A

?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z

?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z

?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z

?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z

?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEBA?AVlocale@2@XZ

?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ

?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ

?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z

?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z

?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@N@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z

??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z

?getloc@ios_base@std@@QEBA?AVlocale@2@XZ

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_J@Z

?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?widen@?$ctype@_W@std@@QEBA_WD@Z

??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ

??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z

?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z

?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ

?_Incref@facet@locale@std@@UEAAXXZ

_Thrd_join

_Thrd_id

?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA_N_N@Z

?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ

?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ

?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ

??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z

??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z

?_Syserror_map@std@@YAPEBDH@Z

_Mtx_trylock

?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A

?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z

?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ

?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ

?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ

?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ

?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ

?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z

??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ

??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z

?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z

??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ

??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ

?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ

?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ

?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ

?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ

?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z

?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z

?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z

?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ

?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z

??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ

??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_N@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z

shlwapi

PathFileExistsW

PathAppendW

vcruntime140

strchr

wcsstr

__CxxFrameHandler3

memset

__C_specific_handler

__vcrt_InitializeCriticalSectionEx

_CxxThrowException

__std_type_info_destroy_list

memchr

_set_purecall_handler

_purecall

memmove

__std_exception_destroy

__std_exception_copy

__std_terminate

memcmp

memcpy

api-ms-win-crt-heap-l1-1-0

_recalloc

calloc

realloc

free

_set_new_mode

_callnewh

malloc

api-ms-win-crt-runtime-l1-1-0

_cexit

_invalid_parameter_noinfo_noreturn

_initterm

_errno

_invalid_parameter_noinfo

_set_new_handler

_crt_atexit

signal

terminate

_execute_onexit_table

_register_onexit_function

_initterm_e

_seh_filter_dll

_initialize_onexit_table

_initialize_narrow_environment

_configure_narrow_argv

_set_invalid_parameter_handler

api-ms-win-crt-stdio-l1-1-0

ungetwc

fflush

ungetc

fputwc

fgetwc

fsetpos

_fseeki64

fgetc

fputc

__stdio_common_vswprintf_s

__stdio_common_vswprintf

fclose

_get_stream_buffer_pointers

fwrite

setvbuf

fgetpos

api-ms-win-crt-filesystem-l1-1-0

_lock_file

_unlock_file

api-ms-win-crt-string-l1-1-0

wmemcpy_s

strtok_s

strncpy_s

isspace

tolower

_strdup

wcsnlen

iswspace

api-ms-win-crt-time-l1-1-0

clock

api-ms-win-crt-convert-l1-1-0

_itoa_s

Exports

?AddCRCustomData@@YA_NV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_K@Z

?AdobeCrashReporterEnableSignalHandling@@YA_NP6AXHV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@ZW4AdobeCrashReporterShowDialogForSignals@@I@Z

?CrashReporterInitialize@@YA_NPEAXPEBD1111P6A_KAEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@ZP6AXXZ_NW4AdobeCrashReporterScalingFactor@@@Z

?GetCRDialogOptions@@YAHXZ

?GetCRLastErrorCode@@YA?AW4ERROR_CR@@XZ

?SetCRDialogOptions@@YA_NH@Z

?SetCRDialogSaclingFactor@@YA_NW4AdobeCrashReporterScalingFactor@@@Z

?SetCRDialogUserEmail@@YA_NV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?SetCRDisplayName@@YA_NPEBD@Z

?SetCRHighbeamSessionId@@YA_NPEBD@Z

?SetCRHighbeamSessionInfo@@YA_NPEAXPEBG@Z

?SetCRLocale@@YA_NPEBD@Z

?SetCRParentWnd@@YA_NPEAX@Z

?SetCRPostHandler@@YA_NP6AXXZ@Z

?SetCRPostHandlerPassingExceptionInfoAndContext@@YA_NP6AXPEAU_EXCEPTION_RECORD@@PEAU_CONTEXT@@@Z@Z

?SetCRPosthandlerThreadPreference@@YA_N_N@Z

?SetCRPreHandler@@YA_NP6A_KAEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@Z

?ShowCRDialogOnlyOnFirstCrash@@YA_NXZ

OutOfProcessExceptionEventCallback

OutOfProcessExceptionEventDebuggerLaunchCallback

OutOfProcessExceptionEventSignatureCallback

Sections

.text
Size: 231KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

malware/5/Data/Plug-ins/root/data/ExtendScript.dll

.dll windows:6 windows x64 arch:x64

314111a04f6feaa7e9ecbbad38112188

Code Sign

01:02:80:e6:32:aa:56:50:91:67:c4:2a:dc:45:2f:68
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/12/2020, 00:00

Not After

21/12/2022, 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Photoshop\, Bridge,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

1f:0f:a5:39:fd:b6:98:e3:11:6a:c1:05:ff:56:0d:4c:90:82:ce:a6:b9:6b:2a:f6:de:8c:99:72:3f:83:5f:19
Signer

Actual PE Digest

1f:0f:a5:39:fd:b6:98:e3:11:6a:c1:05:ff:56:0d:4c:90:82:ce:a6:b9:6b:2a:f6:de:8c:99:72:3f:83:5f:19

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

E:\W64Rel\20210906.r.215\photoshop\main\shared\projects\extendscript\Release\x64\extendscript\ExtendScript.pdb

Imports

kernel32

GetCurrentProcessId

GetModuleHandleA

GetProcAddress

DisableThreadLibraryCalls

GetSystemTimeAsFileTime

GetCurrentThreadId

QueryPerformanceCounter

GetStartupInfoW

IsDebuggerPresent

IsProcessorFeaturePresent

TerminateProcess

GetCurrentProcess

SetUnhandledExceptionFilter

UnhandledExceptionFilter

RtlVirtualUnwind

RtlLookupFunctionEntry

RtlCaptureContext

GetModuleHandleW

CreateEventW

WaitForSingleObjectEx

ResetEvent

SetEvent

DeleteCriticalSection

InitializeCriticalSectionAndSpinCount

LeaveCriticalSection

EnterCriticalSection

CloseHandle

InitializeSListHead

user32

GetWindowThreadProcessId

GetMonitorInfoA

EnumDisplayMonitors

SetForegroundWindow

sccore

?find@String@ScCore@@QEBAHPEBDH_N@Z

?cmp@String@ScCore@@QEBAHPEBD@Z

?erase@String@ScCore@@QEAAXHH@Z

?erase@String@ScCore@@QEAAXXZ

??4String@ScCore@@QEAAAEAV01@PEBD@Z

??4String@ScCore@@QEAAAEAV01@AEBV01@@Z

??YString@ScCore@@QEAAAEAV01@D@Z

??YString@ScCore@@QEAAAEAV01@AEBV01@@Z

??0HashTable@ScCore@@QEAA@XZ

??1HashTable@ScCore@@QEAA@XZ

?hasKey@HashTable@ScCore@@QEBA_NAEBVString@2@_N@Z

?set@HashTable@ScCore@@QEAAAEBVString@2@AEBV32@_J_N@Z

?getKeys@HashTable@ScCore@@QEBAXAEAV?$TSimpleArray@$$CBVString@ScCore@@@2@@Z

ScAtomicInc

?acquire@Lock@ScCore@@QEAAXXZ

?release@Lock@ScCore@@QEAAXXZ

?doErase@Variant@ScCore@@IEAAXXZ

?doToString@Variant@ScCore@@IEBAXH@Z

??0Variant@ScCore@@QEAA@AEBV01@@Z

??1Variant@ScCore@@QEAA@XZ

?setLiveObject@Variant@ScCore@@QEAAXAEAVLiveObject@2@H@Z

?toString@Variant@ScCore@@QEBA?AVString@2@XZ

?getLiveObject@Variant@ScCore@@QEBAPEAVLiveObject@2@XZ

??4Variant@ScCore@@QEAAAEAV01@AEBV01@@Z

?setJSObject@Variant@ScCore@@QEAAXAEAVObject@ScScript@@@Z

?setJSObject@Variant@ScCore@@QEAAXPEAVObject@ScScript@@@Z

??0Array@ScCore@@QEAA@XZ

??1Array@ScCore@@UEAA@XZ

?length@Array@ScCore@@UEBAIXZ

?setLength@Array@ScCore@@QEAAXI@Z

??AArray@ScCore@@QEAAAEAVVariant@1@I@Z

?getAll@Dictionary@ScCore@@SAAEBV?$THashTable@$$CBVDictionary@ScCore@@@2@XZ

?get@Dictionary@ScCore@@SAPEAV12@AEBVString@2@@Z

?isDefault@Dictionary@ScCore@@QEBA_NXZ

?toXML@Dictionary@ScCore@@QEAAPEAVXML@2@PEBVString@2@@Z

?getClassXML@Dictionary@ScCore@@QEAAPEAVXML@2@AEBVString@2@@Z

??0Error@ScCore@@QEAA@XZ

??0Error@ScCore@@QEAA@AEBV01@@Z

??4Error@ScCore@@QEAAAEAV01@AEBV01@@Z

??1Error@ScCore@@QEAA@XZ

?push@Error@ScCore@@QEAAXHPEBVCloneable@2@@Z

?push@Error@ScCore@@QEAAXHAEBVString@2@PEBVCloneable@2@_N@Z

?getFullText@Error@ScCore@@QEBAXAEAVString@2@@Z

?getSystem@Encoder@ScCore@@SAAEBV12@XZ

?watol@UnicodeUtils@ScCore@@SAHPEBG@Z

?initData@FileSpec@ScCore@@AEAAXXZ

??0FileSpec@ScCore@@QEAA@AEBVString@1@_N@Z

??1FileSpec@ScCore@@QEAA@XZ

?resolve@FileSpec@ScCore@@QEBAHAEAV12@@Z

??0File@ScCore@@QEAA@AEBVFileSpec@1@@Z

??1File@ScCore@@UEAA@XZ

?getEncoding@File@ScCore@@QEBAAEBVString@2@XZ

?setEncoding@File@ScCore@@QEAAXAEBVString@2@@Z

?open@File@ScCore@@UEAAHAEBVString@2@II@Z

?read@File@ScCore@@UEAAH_JAEAVString@2@@Z

?seek@File@ScCore@@UEAAH_JH@Z

?setDefaultNamespaceURI@XML@ScCore@@SA?AVString@2@AEBV32@@Z

??0XML@ScCore@@QEAA@H@Z

??0XML@ScCore@@QEAA@AEBVString@1@@Z

??0XML@ScCore@@QEAA@HAEBVString@1@@Z

?setName@XML@ScCore@@QEAA_NAEBVString@2@@Z

?length@XML@ScCore@@QEBAHXZ

?getChild@XML@ScCore@@QEBAPEAV12@H@Z

?isEqual@XML@ScCore@@QEBA_NAEBV12@_N@Z

?indexOf@XML@ScCore@@QEBAHAEBVString@2@_N@Z

?get_r@XML@ScCore@@QEBAPEAV12@AEBVString@2@H@Z

?get_r@XML@ScCore@@QEBAPEAV12@HH@Z

?getBool@XML@ScCore@@QEBA_NAEBVString@2@@Z

?getInteger@XML@ScCore@@QEBAHAEBVString@2@@Z

?getText@XML@ScCore@@QEBA?AVString@2@AEBV32@@Z

?put@XML@ScCore@@QEAAPEAV12@AEBVString@2@0@Z

?add@XML@ScCore@@QEAAPEAV12@AEBVString@2@AEBV12@_N@Z

?add@XML@ScCore@@QEAAPEAV12@AEBVString@2@0@Z

?insert@XML@ScCore@@QEAA_NAEBV12@H_N@Z

?insertChild@XML@ScCore@@QEAA_NAEBV12@H_N@Z

?toString@XML@ScCore@@QEBA?AVString@2@H@Z

?toXMLString@XML@ScCore@@QEBA?AVString@2@H@Z

?erase@Error@ScCore@@QEAAXXZ

?release@Refcountable@ScCore@@UEBAXXZ

?getAs@LiveBase@ScCore@@UEAAPEAXH@Z

?getAs@LiveBase@ScCore@@UEBAPEBXH@Z

?invalidate@LiveBase@ScCore@@UEAAXXZ

?revalidate@LiveBase@ScCore@@UEAAXXZ

?getErrorText@LiveBase@ScCore@@UEBAHAEAVString@2@HH_N@Z

?getErrorText@LiveBase@ScCore@@UEBAHAEAVString@2@HPEBV32@@Z

?setError@LiveBase@ScCore@@QEBAHHHPEAVError@2@_N@Z

?getBool@Variant@ScCore@@QEBA_NXZ

?toString@Variant@ScCore@@QEBAXAEAVString@2@@Z

?setBool@Variant@ScCore@@QEAAX_N@Z

??ABasicArray@ScCore@@QEBAAEBVVariant@1@I@Z

?alert@Dialogs@ScCore@@SAXAEBVString@2@@Z

?alert@Dialogs@ScCore@@SAXAEBVString@2@0_N@Z

?confirm@Dialogs@ScCore@@SA_NAEBVString@2@_N@Z

?confirm@Dialogs@ScCore@@SA_NAEBVString@2@0_N@Z

?prompt@Dialogs@ScCore@@SAXAEBVString@2@00AEAVVariant@2@@Z

??0LivePropertyManager@ScCore@@QEAA@PEBULivePropertyInfo@1@@Z

??1LivePropertyManager@ScCore@@UEAA@XZ

??0LiveComponent@ScCore@@IEAA@XZ

??1LiveComponent@ScCore@@MEAA@XZ

?reset@LiveComponent@ScCore@@UEAAXXZ

?getIDForName@LiveComponent@ScCore@@UEBAHAEBVLiveObject@2@AEBVString@2@AEAHAEAW4InfoType@2@H@Z

?getNameForID@LiveComponent@ScCore@@UEBAHAEBVLiveObject@2@HAEAVString@2@H@Z

?getType@LiveComponent@ScCore@@UEBA?AW4InfoType@2@AEBVLiveObject@2@H@Z

?hasOperators@LiveComponent@ScCore@@UEBA_NXZ

?enumerate@LiveComponent@ScCore@@UEBAHAEBVLiveObject@2@AEAVSimpleArray@2@H@Z

?getServiceInfo@LiveComponent@ScCore@@UEBAPEBVServiceInfo@2@AEBVLiveObject@2@HH@Z

?get@LiveComponent@ScCore@@UEBAHAEBVLiveObject@2@HAEAVVariant@2@PEAVError@2@@Z

?put@LiveComponent@ScCore@@UEAAHAEAVLiveObject@2@HAEBVVariant@2@PEAVError@2@@Z

?isGeneric@LiveComponent@ScCore@@UEBA_NH@Z

?isIndexable@LiveComponent@ScCore@@UEBA_NXZ

?getLength@LiveComponent@ScCore@@UEBAHAEBVLiveObject@2@AEAI@Z

?putLength@LiveComponent@ScCore@@UEAAHAEAVLiveObject@2@I@Z

?getByIndex@LiveComponent@ScCore@@UEBAHAEBVLiveObject@2@IAEAVVariant@2@PEAVError@2@@Z

?putByIndex@LiveComponent@ScCore@@UEAAHAEAVLiveObject@2@IAEBVVariant@2@PEAVError@2@@Z

?deleteByIndex@LiveComponent@ScCore@@UEAAHAEAVLiveObject@2@I@Z

??YString@ScCore@@QEAAAEAV01@PEBD@Z

?allocMem@Allocator@ScCore@@UEAAPEAX_KPEBDH@Z

?flush@Allocator@ScCore@@UEAAXXZ

??8SimpleArray@ScCore@@QEBA_NAEBV01@@Z

?remove@SimpleArray@ScCore@@QEAAX_J@Z

??YSimpleArray@ScCore@@QEAAAEAV01@AEBV01@@Z

??8SparseArray@ScCore@@QEBA_NAEBV01@@Z

?find@SparseArray@ScCore@@QEBA_J_J@Z

?cmp@String@ScCore@@QEBAHPEBG@Z

?cmp@String@ScCore@@QEBAHAEBV12@@Z

??8String@ScCore@@QEBA_NAEBV01@@Z

??YString@ScCore@@QEAAAEAV01@G@Z

??8HashTable@ScCore@@QEBA_NAEBV01@@Z

?find@HashTable@ScCore@@QEBA_JAEBVString@2@_N@Z

ScAtomicDec

??1Lock@ScCore@@QEAA@XZ

??1Refcountable@ScCore@@MEAA@XZ

?getSuperclass@ClassInfo@ScCore@@UEBAXAEAVString@2@@Z

?getLanguage@ClassInfo@ScCore@@UEBAHXZ

?getState@ClassInfo@ScCore@@UEBA?AW4InfoState@2@XZ

?getDescription@ClassInfo@ScCore@@UEBAX_NAEAVString@2@@Z

?enumerate@ClassInfo@ScCore@@UEBAHAEAVSimpleArray@2@H@Z

?getServiceInfo@ClassInfo@ScCore@@UEBAPEBVServiceInfo@2@H@Z

?getStaticServiceInfo@ClassInfo@ScCore@@UEBAPEBVServiceInfo@2@H@Z

?getStaticServiceInfo@ClassInfo@ScCore@@UEBAPEBVServiceInfo@2@AEBVString@2@@Z

?getSampleCode@ClassInfo@ScCore@@UEBA_NAEAVString@2@@Z

?getSampleCode@ClassInfo@ScCore@@UEBA_NAEAVFileSpec@2@@Z

?getDataTypeAsString@TypeInfo@ScCore@@UEBAXAEAVString@2@@Z

?getDataClass@TypeInfo@ScCore@@UEBAXAEAVString@2@@Z

?isCollection@TypeInfo@ScCore@@UEBA_NXZ

?getValidRange@TypeInfo@ScCore@@UEBA_NAEAN0@Z

?getDefaultValue@TypeInfo@ScCore@@UEBA_NAEAVVariant@2@@Z

?getDescription@TypeInfo@ScCore@@UEBAXAEAVString@2@@Z

?getLanguage@ServiceInfo@ScCore@@UEBAHXZ

?getState@ServiceInfo@ScCore@@UEBA?AW4InfoState@2@XZ

?getDescription@ServiceInfo@ScCore@@UEBAX_NAEAVString@2@@Z

?getTypeInfo2@ServiceInfo@ScCore@@UEBAAEBVTypeInfo@2@XZ

?getParamCount@ServiceInfo@ScCore@@UEBAHXZ

?getParamInfo@ServiceInfo@ScCore@@UEBAPEBVParamInfo@2@H@Z

?getSampleCode@ServiceInfo@ScCore@@UEBA_NAEAVString@2@@Z

?getSampleCode@ServiceInfo@ScCore@@UEBA_NAEAVFileSpec@2@@Z

?getLanguage@ParamInfo@ScCore@@UEBAHXZ

?getState@ParamInfo@ScCore@@UEBA?AW4InfoState@2@XZ

?getName@ParamInfo@ScCore@@UEBAXAEAVString@2@@Z

?getDescription@ParamInfo@ScCore@@UEBAX_NAEAVString@2@@Z

?doSetNumAttrs@Variant@ScCore@@IEBAXXZ

?doGetDouble@Variant@ScCore@@IEBANXZ

?doIsFinite@Variant@ScCore@@IEBA_NXZ

?doIsNaN@Variant@ScCore@@IEBA_NXZ

?doIsMinus0@Variant@ScCore@@IEBA_NXZ

?setLiveObject@Variant@ScCore@@QEAAXPEAVLiveObject@2@H@Z

?setNumAttrs@Variant@ScCore@@QEBAXXZ

?getInteger@Variant@ScCore@@QEBAHXZ

?setInteger@Variant@ScCore@@QEAAXH@Z

?setInteger@Variant@ScCore@@QEAAXI@Z

?setDouble@Variant@ScCore@@QEAAXN@Z

?setString@Variant@ScCore@@QEAAXPEBD@Z

?setString@Variant@ScCore@@QEAAXPEBG@Z

?setString@Variant@ScCore@@QEAAXAEBVString@2@@Z

?setPoint@Variant@ScCore@@QEAAXAEBVPoint@2@@Z

?setRect@Variant@ScCore@@QEAAXAEBVRect@2@@Z

?setFileSpec@Variant@ScCore@@QEAAXAEBVFileSpec@2@@Z

?setRegExp@Variant@ScCore@@QEAAXAEBVRegExp@2@@Z

?setArray@Variant@ScCore@@QEAAXAEBVArray@2@@Z

?setUnitValue@Variant@ScCore@@QEAAXAEBVUnitValue@2@@Z

??8Variant@ScCore@@QEBA_NAEBV01@@Z

?compare@Variant@ScCore@@QEBAHAEBV12@@Z

??8Array@ScCore@@QEBA_NAEBV01@@Z

??1Listener@ScCore@@UEAA@XZ

?getData@Message@ScCore@@UEBAPEAVVariant@2@XZ

??0LiveObject@ScCore@@QEAA@PEBD_N@Z

??0Dictionary@ScCore@@QEAA@H@Z

?getErrorData@ErrorInfo@ScCore@@QEBAAEBVVariant@2@XZ

??0LiveCollection@ScCore@@QEAA@PEBDH_N@Z

??0LiveArray@ScCore@@QEAA@PEBDH_N@Z

?localizeText@Localizer@ScCore@@MEBA_NAEAVString@2@@Z

?localizedCaseConvert@Localizer@ScCore@@MEBA_NAEAVString@2@_N@Z

?localizedCompare@Localizer@ScCore@@MEBAHAEBVString@2@0@Z

?getErrorMsg@Localizer@ScCore@@MEBA_NHAEAVString@2@@Z

?getZString@Localizer@ScCore@@MEBA_NAEAVString@2@AEBV32@1@Z

?getLocale@Localizer@ScCore@@MEBA_NAEAVString@2@@Z

??8Rect@ScCore@@QEBA_NAEBV01@@Z

?moveTo@Rect@ScCore@@QEAAXNN@Z

?moveBy@Rect@ScCore@@QEAAXNN@Z

?inset@Rect@ScCore@@QEAAXNN@Z

?isInside@Rect@ScCore@@QEBA_NNN@Z

??8FileSpec@ScCore@@QEBA_NAEBV01@@Z

?getName@FileSpec@ScCore@@QEBA?AVString@2@XZ

?getAttributes@FileSpec@ScCore@@QEBAFPEAH0@Z

??1Cloneable@ScCore@@UEAA@XZ

??8UnitValue@ScCore@@QEBA_NAEBV01@@Z

??1Callbacks@ScCore@@UEAA@XZ

?findKey@SparseArray@ScCore@@QEBA_J_J@Z

??0String@ScCore@@QEAA@PEBDPEBVEncoder@1@@Z

??4String@ScCore@@QEAAAEAV01@PEBG@Z

?parse@TypeInfo@ScCore@@SAPEAV12@AEBVString@2@HPEAV32@11PEAPEAV12@@Z

??0Variant@ScCore@@QEAA@AEBVString@1@@Z

??0Variant@ScCore@@QEAA@HAEBVString@1@PEAVRoot@1@@Z

?setIncrement@SimpleArray@ScCore@@QEAAXH@Z

??4String@ScCore@@QEAAAEAV01@G@Z

?scanDouble@Variant@ScCore@@SANAEBVString@2@HPEAV32@@Z

??0Variant@ScCore@@QEAA@N@Z

?setNull@Variant@ScCore@@QEAAXXZ

?convert@Variant@ScCore@@QEAAXW4VariantType@2@@Z

strcmp16

strlen16

?getCacheSize@Heap@ScCore@@SAHXZ

?setCacheSize@Heap@ScCore@@SAXH@Z

??0String@ScCore@@QEAA@PEBGH@Z

?decode@String@ScCore@@QEAAHPEBDHPEBVEncoder@2@@Z

?ncmp@String@ScCore@@QEBAHPEBDH@Z

?convertLF@String@ScCore@@QEAAHW4CRLFEncoding@12@@Z

?setObject@Variant@ScCore@@QEAAXHAEBVString@2@PEAVRoot@2@@Z

?getRect@Variant@ScCore@@QEBAPEBVRect@2@XZ

?alert@Dialogs@ScCore@@SAXAEBVString@2@0@Z

?colorPicker@Dialogs@ScCore@@SAHH@Z

?get@Dictionary@ScCore@@SAPEAV12@XZ

?get@Encoder@ScCore@@SAPEBV12@PEBG@Z

?getDefault@Encoder@ScCore@@SAAEBV12@XZ

?setDefault@Encoder@ScCore@@SAXAEBV12@@Z

?getLocale@Localizer@ScCore@@SA?AVString@2@XZ

??0RegExp@ScCore@@QEAA@AEBVString@1@H@Z

??1RegExp@ScCore@@QEAA@XZ

?match@RegExp@ScCore@@QEBA_NAEBVString@2@HAEAVCapture@2@@Z

?createCaptureList@RegExp@ScCore@@QEBAPEAVCapture@2@XZ

?changePath@FileSpec@ScCore@@QEAA_NAEBVString@2@@Z

?getAbsoluteURI@FileSpec@ScCore@@QEBA?AVString@2@_N@Z

?getPath@FileSpec@ScCore@@QEBA?AVString@2@XZ

?close@File@ScCore@@UEAAHXZ

?sleep@Thread@ScCore@@SAXI@Z

?getHiResTimer@Thread@ScCore@@SA_JXZ

?indexOf@SimpleArray@ScCore@@QEBAH_J@Z

?removeAt@SimpleArray@ScCore@@QEAA_JH@Z

??0SparseArray@ScCore@@QEAA@XZ

??1SparseArray@ScCore@@QEAA@XZ

?set@SparseArray@ScCore@@QEAAX_J0@Z

?getObjectData@Variant@ScCore@@QEBAPEAVRoot@2@XZ

??1Dictionary@ScCore@@UEAA@XZ

?addTable@Dictionary@ScCore@@UEAAXAEBULivePropertyInfo@2@PEBD1@Z

?addTables@Dictionary@ScCore@@UEAAXPEBULivePropertyInfos@2@@Z

?getDateTimeStampAsISO@Dictionary@ScCore@@UEBA?AVString@2@XZ

?getAscii@Encoder@ScCore@@SAAEBV12@XZ

??4SimpleArray@ScCore@@QEAAAEAV01@AEBV01@@Z

??0Broadcaster@ScCore@@QEAA@XZ

??1Broadcaster@ScCore@@QEAA@XZ

?setMoreInfo@Error@ScCore@@QEAAXAEBVString@2@HHHG@Z

?get@Localizer@ScCore@@SAAEBV12@XZ

?set@Localizer@ScCore@@SAXPEBV12@@Z

?get@Context@ScCore@@SAAEAV12@XZ

?getUTCTime@Time@ScCore@@SANXZ

??0BasicArray@ScCore@@IEAA@XZ

??1BasicArray@ScCore@@MEAA@XZ

?getVersion@ScCore@@YAHXZ

?isInitialized@InitTerm@ScCore@@SA_NXZ

?get@Globals@ScCore@@SAPEAU12@XZ

?set@Callbacks@ScCore@@SAXPEAV12@@Z

?create@LiveObject@ScCore@@SAHPEAPEAV12@AEBVString@2@H@Z

?merge@SimpleArray@ScCore@@QEAAXAEBV12@_N@Z

?split@String@ScCore@@QEAA?AV12@D@Z

?forEach@SparseArray@ScCore@@QEAAXP6A_N_JPEA_J0@Z0@Z

??0HashTable@ScCore@@QEAA@AEBV01@@Z

?forEach@HashTable@ScCore@@QEAAXP6A_NAEBVString@2@PEA_J_J@Z2@Z

?addListener@Broadcaster@ScCore@@QEAAXAEAVListener@2@H@Z

?removeListener@Broadcaster@ScCore@@QEAAXAEAVListener@2@H@Z

?getFactory@LiveObject@ScCore@@SAPEAV12@AEBVString@2@H@Z

?setAutostore@LiveObject@ScCore@@QEBAXPEAV12@H@Z

?isErrorClass@Error@ScCore@@SA_NAEBVString@2@@Z

?decodeURI@String@ScCore@@QEAA_NXZ

?append@String@ScCore@@QEAAXPEBGH@Z

?findAny@String@ScCore@@QEBAHPEBDH@Z

?strip@String@ScCore@@QEAAXXZ

?parse@String@ScCore@@QEAA_NAEAV12@@Z

?erase@HashTable@ScCore@@QEAAXXZ

?isWS@UnicodeUtils@ScCore@@SA_NG@Z

??4FileSpec@ScCore@@QEAAAEAV01@AEBV01@@Z

?setPath@FileSpec@ScCore@@QEAA_NAEBVString@2@_N@Z

?getCurrentDir@FileUtils@ScCore@@SAHAEAVFileSpec@2@@Z

?hasUnassignedObjectData@Variant@ScCore@@QEBA_NXZ

?get@Allocator@ScCore@@SAPEAV12@XZ

??4SparseArray@ScCore@@QEAAAEAV01@AEBV01@@Z

?erase@SparseArray@ScCore@@QEAAXXZ

?getData@SparseArray@ScCore@@QEBAXAEAVSimpleArray@2@@Z

?getPoint@Variant@ScCore@@QEBAPEBVPoint@2@XZ

?getFileSpec@Variant@ScCore@@QEBAPEBVFileSpec@2@XZ

?getArray@Variant@ScCore@@QEBAPEBVArray@2@XZ

?setObjectData@Variant@ScCore@@QEAAXPEAVRoot@2@@Z

??0Array@ScCore@@QEAA@I@Z

??0Array@ScCore@@QEAA@AEBV01@@Z

??4Array@ScCore@@QEAAAEAV01@AEBV01@@Z

?get@Array@ScCore@@UEBAPEAVVariant@2@I@Z

?broadcast@Broadcaster@ScCore@@QEBA_NH@Z

?getErrorDefinition@Error@ScCore@@SA_NHAEAVString@2@0@Z

?getTicks@Time@ScCore@@SAIXZ

?getHiResTimer@Time@ScCore@@SA_JXZ

??0FileWrapper@ScCore@@QEAA@AEBVFileSpec@1@@Z

??0Variant@ScCore@@QEAA@PEBD@Z

??0Callbacks@ScCore@@QEAA@XZ

?setup@String@ScCore@@QEAAXGH@Z

?localize@String@ScCore@@QEAAXPEBVArray@2@@Z

?push@Error@ScCore@@QEAAXAEBV12@@Z

??0FileFilter@ScCore@@QEAA@AEBVString@1@@Z

??1FileFilter@ScCore@@UEAA@XZ

?test@FileFilter@ScCore@@UEBA_NAEBVFileSpec@2@@Z

??0FileSpec@ScCore@@QEAA@AEBV01@@Z

?getExtension@FileSpec@ScCore@@QEBA?AVString@2@XZ

?getSpecialDir@FileUtils@ScCore@@SAHHAEAVFileSpec@2@@Z

?setCurrentDir@FileUtils@ScCore@@SAHAEBVFileSpec@2@@Z

?write@File@ScCore@@UEAAHAEBVString@2@_N@Z

?tell@File@ScCore@@UEBA_JXZ

??0Folder@ScCore@@QEAA@AEBVFileSpec@1@@Z

??1Folder@ScCore@@QEAA@XZ

?create@Folder@ScCore@@QEAAHXZ

?iterate@Folder@ScCore@@QEAAHAEAVFileFilter@2@H@Z

?getKeys@SparseArray@ScCore@@QEBAXAEAVSimpleArray@2@@Z

??4String@ScCore@@QEAAAEAV01@D@Z

?escape@String@ScCore@@QEBA?AV12@_N@Z

?insert@String@ScCore@@QEAAXPEBDH@Z

?insert@String@ScCore@@QEAAXGH@Z

?find@String@ScCore@@QEBAHGH_N@Z

?set@String@ScCore@@QEAAXHG@Z

??1LiveObject@ScCore@@MEAA@XZ

?createProperty@LiveObject@ScCore@@MEAAPEAVLiveProperty@2@AEBVString@2@HI@Z

?addFactory@LiveObject@ScCore@@SAHAEAV12@H@Z

?removeFactory@LiveObject@ScCore@@SAXAEBVString@2@@Z

?createLocal@LiveObject@ScCore@@UEAAHPEAPEAV12@AEBVString@2@H@Z

?clone@LiveObject@ScCore@@UEBAHPEAPEAV12@_N@Z

?initialize@LiveObject@ScCore@@UEAAHAEBVArray@2@PEAVError@2@@Z

?getClassName@LiveObject@ScCore@@UEBAAEBVString@2@XZ

?getAs@LiveObject@ScCore@@UEAAPEAXH@Z

?getAs@LiveObject@ScCore@@UEBAPEBXH@Z

??8LiveObject@ScCore@@UEBA_NAEBV01@@Z

?setData@LiveObject@ScCore@@UEAAXPEAVRoot@2@@Z

?getData@LiveObject@ScCore@@UEBAPEAVRoot@2@XZ

?invalidate@LiveObject@ScCore@@UEAAXXZ

?revalidate@LiveObject@ScCore@@UEAAXXZ

?addComponent@LiveObject@ScCore@@UEAAHAEAVLiveComponent@2@@Z

?removeComponent@LiveObject@ScCore@@UEAAHAEAVLiveComponent@2@@Z

?getIDForName@LiveObject@ScCore@@UEBAHAEBVString@2@AEAHAEAW4InfoType@2@H@Z

?createIDForName@LiveObject@ScCore@@UEAAHAEBVString@2@AEAHH@Z

?defineIDForName@LiveObject@ScCore@@UEAAHAEBVString@2@HH@Z

?getNameForID@LiveObject@ScCore@@UEBAHHAEAVString@2@H@Z

?deleteDynamicProperties@LiveObject@ScCore@@UEAAX_N@Z

?hasOperators@LiveObject@ScCore@@UEBA_NXZ

?deleteID@LiveObject@ScCore@@UEAAHH@Z

?reset@LiveObject@ScCore@@UEAAXXZ

?enumerate@LiveObject@ScCore@@UEBAHAEAVSimpleArray@2@H@Z

?getType@LiveObject@ScCore@@UEBA?AW4InfoType@2@H@Z

?getClassInfo@LiveObject@ScCore@@UEBAPEBVClassInfo@2@H@Z

?get@LiveObject@ScCore@@UEBAHHAEAVVariant@2@PEAVError@2@@Z

?put@LiveObject@ScCore@@UEAAHHAEBVVariant@2@PEAVError@2@@Z

?call@LiveObject@ScCore@@UEAAHHAEBVArray@2@AEAVVariant@2@PEAVError@2@@Z

?apply@LiveObject@ScCore@@UEBAHAEAV12@HAEBVArray@2@AEAVVariant@2@PEAVError@2@@Z

?valueOf@LiveObject@ScCore@@UEBAXAEAVVariant@2@@Z

?notify@LiveObject@ScCore@@UEAA_NAEAVMessage@2@@Z

??1LiveCollection@ScCore@@UEAA@XZ

?getAs@LiveCollection@ScCore@@UEAAPEAXH@Z

?getAs@LiveCollection@ScCore@@UEBAPEBXH@Z

?getClassName@LiveCollection@ScCore@@UEBAAEBVString@2@XZ

?getIDForName@LiveCollection@ScCore@@UEBAHAEBVString@2@AEAHAEAW4InfoType@2@H@Z

?getNameForID@LiveCollection@ScCore@@UEBAHHAEAVString@2@H@Z

?getType@LiveCollection@ScCore@@UEBA?AW4InfoType@2@H@Z

?enumerate@LiveCollection@ScCore@@UEBAHAEAVSimpleArray@2@H@Z

?putLength@LiveCollection@ScCore@@UEAAHI@Z

?setCurrentNamespace_r@XML@ScCore@@SAPEBV12@PEBV12@@Z

?checkSymbolSyntax@XML@ScCore@@SA_NAEBVString@2@@Z

?parse@XML@ScCore@@SAPEAV12@AEBVString@2@AEAHAEAVError@2@_N33@Z

?getTypeAsString@XML@ScCore@@QEBAPEBDXZ

?asElementNode@XML@ScCore@@QEAAPEAV12@XZ

?setNamespace@XML@ScCore@@QEAA_NPEBV12@@Z

?setValue@XML@ScCore@@QEAA_NAEBVString@2@@Z

?isSimple@XML@ScCore@@QEBA_NXZ

?contains@XML@ScCore@@QEBA_NAEBV12@_N@Z

?remove@XML@ScCore@@QEAAHAEBVString@2@@Z

?remove@XML@ScCore@@QEAAXAEAV12@@Z

?indexOf@XML@ScCore@@QEBAHAEBV12@_N@Z

?getNS@XML@ScCore@@QEBAPEBV12@PEBVString@2@0_N@Z

?removeNS@XML@ScCore@@QEAA_NAEBV12@_N@Z

?put@XML@ScCore@@QEAAPEAV12@AEBVString@2@AEBV12@_N@Z

?add@XML@ScCore@@QEAAPEAV12@AEBVString@2@@Z

?descendants_r@XML@ScCore@@QEBAPEAV12@XZ

?namespaces_r@XML@ScCore@@QEBAPEAV12@XZ

?remove@XML@ScCore@@QEAAXHH@Z

?xpath_r@XML@ScCore@@QEBAPEAV12@AEBVString@2@AEAVVariant@2@AEAVError@2@PEBV?$THashTable@VString@ScCore@@@2@@Z

?copy_r@XML@ScCore@@QEBAPEAV12@_N@Z

?normalize@XML@ScCore@@QEAAXXZ

?encodeURI@String@ScCore@@QEAA_NPEBD@Z

?ucmp@String@ScCore@@QEBAHPEBD@Z

?toLower@String@ScCore@@QEAA_NXZ

??0Error@ScCore@@QEAA@HAEBVString@1@_N@Z

?isUIEnabled@InitTerm@ScCore@@SA_NXZ

?getParentSpec@FileSpec@ScCore@@QEBA_NAEAV12@@Z

?chooseFile@FileSpec@ScCore@@QEAA_NAEBVString@2@_NPEBV32@PEAVFileFilter@2@PEAVArray@2@@Z

?chooseSaveFile@FileSpec@ScCore@@QEAA_NAEBVString@2@PEBV32@PEAVFileFilter@2@@Z

?chooseFolder@FileSpec@ScCore@@QEAA_NAEBVString@2@@Z

?getFileSystem@FileUtils@ScCore@@SAPEBDXZ

?getCurrentDir@FileWrapper@ScCore@@SAPEAV12@XZ

?getSpecialDir@FileWrapper@ScCore@@SAPEAV12@H@Z

??0FileWrapper@ScCore@@QEAA@AEBVString@1@_N@Z

??1FileWrapper@ScCore@@UEAA@XZ

?getFileSpec@FileWrapper@ScCore@@QEBAAEBVFileSpec@2@XZ

?getError@FileWrapper@ScCore@@QEBAAEBVString@2@XZ

?setError@FileWrapper@ScCore@@QEAAXAEBVString@2@@Z

?getCloudDoc@FileWrapper@ScCore@@QEBA_NXZ

?setCloudDoc@FileWrapper@ScCore@@QEAAX_N@Z

?getRelativeURI@FileWrapper@ScCore@@QEBA?AVString@2@XZ

?getRelativeURI@FileWrapper@ScCore@@QEBA?AVString@2@AEBV12@@Z

?getAbsoluteURI@FileWrapper@ScCore@@QEBA?AVString@2@_N@Z

?getPath@FileWrapper@ScCore@@QEBA?AVString@2@XZ

?getDisplayName@FileWrapper@ScCore@@QEBA?AVString@2@XZ

?changePath@FileWrapper@ScCore@@QEAA_NAEBVString@2@@Z

?createAlias@FileWrapper@ScCore@@QEAA_NAEBVString@2@_N@Z

?getAttributes@FileWrapper@ScCore@@QEBAHPEAH0@Z

?setAttributes@FileWrapper@ScCore@@QEAA_NH@Z

?getFiles@FileWrapper@ScCore@@QEAA_NAEAV?$TSimpleArray@VFileWrapper@ScCore@@@2@PEBVString@2@@Z

?makeDir@FileWrapper@ScCore@@QEAA_NXZ

?rename@FileWrapper@ScCore@@QEAA_NAEBVString@2@@Z

?remove@FileWrapper@ScCore@@QEAA_NXZ

?getType@FileWrapper@ScCore@@QEBA?AVString@2@XZ

?getCreator@FileWrapper@ScCore@@QEBA?AVString@2@XZ

?getLF@FileWrapper@ScCore@@QEBAHXZ

?setLF@FileWrapper@ScCore@@QEAAXH@Z

?getSize@FileWrapper@ScCore@@QEBA_JXZ

?setSize@FileWrapper@ScCore@@QEAA_N_J@Z

?getEncoding@FileWrapper@ScCore@@QEBAAEBVString@2@XZ

?setEncoding@FileWrapper@ScCore@@QEAAXAEBVString@2@@Z

?open@FileWrapper@ScCore@@QEAA_NAEBVString@2@PEBV32@1@Z

?close@FileWrapper@ScCore@@QEAA_NXZ

?read@FileWrapper@ScCore@@QEAA_N_JAEAVString@2@@Z

?readch@FileWrapper@ScCore@@QEAAHXZ

?readln@FileWrapper@ScCore@@QEAA_NAEAVString@2@@Z

?eof@FileWrapper@ScCore@@QEBA_NXZ

?write@FileWrapper@ScCore@@QEAA_NAEBVString@2@_N@Z

?seek@FileWrapper@ScCore@@QEAA_N_JH@Z

?tell@FileWrapper@ScCore@@QEBA_JXZ

?copy@FileWrapper@ScCore@@QEBA_NAEBVString@2@@Z

?execute@FileWrapper@ScCore@@QEAA_NXZ

?setNaN@Variant@ScCore@@QEAAXXZ

?call@LiveObject@ScCore@@QEAAHAEBVString@2@AEBVArray@2@AEAVVariant@2@PEAVError@2@@Z

?replaceAll@String@ScCore@@QEAAHPEBD0H@Z

?isSymbolChar@UnicodeUtils@ScCore@@SA_NG@Z

?isSymbolStart@UnicodeUtils@ScCore@@SA_NG@Z

?call@LiveObject@ScCore@@QEAAHAEBVString@2@AEAVVariant@2@PEAVError@2@@Z

?getInteger@Variant@ScCore@@QEBAHHH@Z

??0SimpleArray@ScCore@@QEAA@AEBV01@@Z

?replaceAll@String@ScCore@@QEAAHPEBDAEBV12@H@Z

?nucmp@String@ScCore@@QEBAHPEBDH@Z

?getZString@Localizer@ScCore@@SAXAEAVString@2@@Z

?isDST@Time@ScCore@@SAHN@Z

?getTimeZoneOffset@Time@ScCore@@SANXZ

?replaceAll@String@ScCore@@QEAAHGGH@Z

?scanInteger@Variant@ScCore@@SANAEBVString@2@HHPEAV32@@Z

?setPosInfinity@Variant@ScCore@@QEAAXXZ

?localize@Localizer@ScCore@@SA?AVString@2@AEBV32@PEBVArray@2@@Z

?setMinus0@Variant@ScCore@@QEAAXXZ

?setNegInfinity@Variant@ScCore@@QEAAXXZ

??0Variant@ScCore@@QEAA@_N@Z

?replace@String@ScCore@@QEAAHGGH@Z

?getString@Variant@ScCore@@QEBAAEBVString@2@HH@Z

?isValidObject@Variant@ScCore@@QEBA_NXZ

?toXML@ClassInfo@ScCore@@QEBAPEAVXML@2@XZ

?convertDataTypeToString@TypeInfo@ScCore@@SAPEBDW4VariantType@2@@Z

?find@String@ScCore@@QEBAHAEBV12@H_N@Z

??0Variant@ScCore@@QEAA@H@Z

?getRegExp@Variant@ScCore@@QEBAPEBVRegExp@2@XZ

?getPattern@RegExp@ScCore@@QEBAAEBVString@2@XZ

?getFlags@RegExp@ScCore@@QEBAHXZ

?good@RegExp@ScCore@@QEBA_NXZ

?getCaptureLength@RegExp@ScCore@@QEBAHXZ

?getCurrentID@Thread@ScCore@@SAIXZ

?clear@String@ScCore@@QEAAXXZ

?isCf@UnicodeUtils@ScCore@@SA_NG@Z

?wcsnicmpmb@UnicodeUtils@ScCore@@SAHPEBGPEBDH@Z

?replace@String@ScCore@@QEAAHAEBV12@0H@Z

?toUpper@String@ScCore@@QEAA_NXZ

?caseConvert@Localizer@ScCore@@SA?AVString@2@AEBV32@_N@Z

?compare@Localizer@ScCore@@SAHAEBVString@2@0@Z

?getPathSeparator@FileUtils@ScCore@@SADXZ

?insertAt@Array@ScCore@@QEAAXII@Z

??0Rect@ScCore@@QEAA@NNNN@Z

?split@String@ScCore@@QEAA?AV12@PEBD@Z

??2Heap@ScCore@@SAPEAX_K@Z

??3Heap@ScCore@@SAXPEAX@Z

??_VHeap@ScCore@@SAXPEAX@Z

??1Root@ScCore@@UEAA@XZ

?unique@SimpleArray@ScCore@@AEAAXXZ

vcruntime140

memset

__std_exception_destroy

__C_specific_handler

__std_type_info_destroy_list

__RTDynamicCast

_CxxThrowException

memcpy

_purecall

__CxxFrameHandler3

__std_exception_copy

__std_terminate

api-ms-win-crt-environment-l1-1-0

_wgetenv

_wputenv

getenv

api-ms-win-crt-time-l1-1-0

_time64

_ctime64

api-ms-win-crt-math-l1-1-0

log10

asin

atan

atan2

cos

exp

log

pow

sin

sqrt

tan

floor

ceil

fmod

acos

api-ms-win-crt-utility-l1-1-0

rand

srand

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll

_initialize_onexit_table

_register_onexit_function

_configure_narrow_argv

_initialize_narrow_environment

_fpreset

_execute_onexit_table

_initterm_e

_initterm

_cexit

terminate

_crt_atexit

_crt_at_quick_exit

api-ms-win-crt-heap-l1-1-0

malloc

_callnewh

free

Exports

??0API@ScScript@@IEAA@AEAVEngine@1@H@Z

??0Allocator@ScCore@@QEAA@XZ

??0BinaryNode@ScScript@@QEAA@AEBUScanInfo@1@PEAVNode@1@1@Z

??0BreakpointInfo@ScScript@@QEAA@AEBV01@@Z

??0BreakpointInfo@ScScript@@QEAA@XZ

??0Broadcaster@ScCore@@QEAA@AEBV01@@Z

??0Callback@ScScript@@QEAA@XZ

??0Callbacks@ScCore@@QEAA@AEBV01@@Z

??0ClassInfo@ScCore@@QEAA@XZ

??0Cloneable@ScCore@@QEAA@XZ

??0ConversionTuple@ScCore@@QEAA@AEBV01@@Z

??0ConversionTuple@ScCore@@QEAA@II_N@Z

??0ConversionTuple@ScCore@@QEAA@XZ

??0CriticalSection@ScCore@@QEAA@PEAVLock@1@@Z

??0DataPool@ScScript@@QEAA@XZ

??0DebugAPI@ScScript@@AEAA@AEAVEngine@1@@Z

??0Debugger@ScScript@@QEAA@AEBV01@@Z

??0Debugger@ScScript@@QEAA@XZ

??0Dispatcher@ScScript@@QEAA@PEBD@Z

??0ESContext@ScScript@@IEAA@XZ

??0EmptyNode@ScScript@@QEAA@AEBUScanInfo@1@@Z

??0Engine@ScScript@@IEAA@XZ

??0FileDisp@ScScript@@QEAA@XZ

??0FileSpec@ScCore@@QEAA@XZ

??0GlobalDialogs@ScScript@@QEAA@XZ

??0Heap@ScCore@@QEAA@XZ

??0HiliteAPI@ScScript@@AEAA@AEAVEngine@1@@Z

??0LabelNode@ScScript@@QEAA@AEBUScanInfo@1@@Z

??0ListNode@ScScript@@QEAA@AEBUScanInfo@1@@Z

??0Listener@ScCore@@QEAA@AEBV01@@Z

??0Listener@ScCore@@QEAA@XZ

??0LiveObjectAPI@ScScript@@AEAA@AEAVEngine@1@@Z

??0Localizer@ScCore@@QEAA@XZ

??0LockRef@ScCore@@QEAA@PEAVLock@1@@Z

??0Lockable@ScCore@@QEAA@AEBV01@@Z

??0Lockable@ScCore@@QEAA@XZ

??0Message@ScCore@@QEAA@H@Z

??0Node@ScScript@@QEAA@AEBUScanInfo@1@@Z

??0ParamInfo@ScCore@@QEAA@XZ

??0ParserAPI@ScScript@@AEAA@AEAVEngine@1@@Z

??0Point@ScCore@@QEAA@AEBV01@@Z

??0Point@ScCore@@QEAA@NN@Z

??0Point@ScCore@@QEAA@XZ

??0Preprocessor@ScScript@@QEAA@XZ

??0ProfilerData@ScScript@@QEAA@XZ

??0Refcountable@ScCore@@IEAA@XZ

??0Root@ScCore@@QEAA@XZ

??0RuntimeError@ScScript@@QEAA@AEBV01@@Z

??0RuntimeError@ScScript@@QEAA@XZ

??0ScopeInfo@ScScript@@QEAA@XZ

??0ScopeNode@ScScript@@QEAA@AEBUScanInfo@1@@Z

??0Script@ScScript@@QEAA@XZ

??0ScriptContainer@ScScript@@QEAA@XZ

??0ScriptContainer@ScScript@@QEAA@_N@Z

??0ServiceInfo@ScCore@@QEAA@XZ

??0TernaryNode@ScScript@@QEAA@AEBUScanInfo@1@PEAVNode@1@11@Z

??0TypeInfo@ScCore@@QEAA@XZ

??0UnaryNode@ScScript@@QEAA@AEBUScanInfo@1@PEAVNode@1@@Z

??0UnitConverter@ScCore@@QEAA@XZ

??0UnitConverterTable@ScCore@@QEAA@XZ

??0ValidateData@ScScript@@QEAA@AEBV01@@Z

??0ValidateData@ScScript@@QEAA@XZ

??0Variant@ScCore@@QEAA@XZ

??1API@ScScript@@UEAA@XZ

??1Allocator@ScCore@@UEAA@XZ

??1ArgumentsMessage@ScCore@@UEAA@XZ

??1BinaryNode@ScScript@@UEAA@XZ

??1BreakpointInfo@ScScript@@UEAA@XZ

??1Callback@ScScript@@UEAA@XZ

??1ClassInfo@ScCore@@UEAA@XZ

??1CriticalSection@ScCore@@QEAA@XZ

??1DataMessage@ScCore@@UEAA@XZ

??1DataPool@ScScript@@QEAA@XZ

??1DebugAPI@ScScript@@UEAA@XZ

??1Debugger@ScScript@@UEAA@XZ

??1Dispatcher@ScScript@@UEAA@XZ

??1ESContext@ScScript@@MEAA@XZ

??1EmptyNode@ScScript@@UEAA@XZ

??1Engine@ScScript@@UEAA@XZ

??1FileDisp@ScScript@@UEAA@XZ

??1GlobalDialogs@ScScript@@UEAA@XZ

??1HiliteAPI@ScScript@@UEAA@XZ

??1LabelNode@ScScript@@UEAA@XZ

??1ListNode@ScScript@@UEAA@XZ

??1LiveMessage@ScCore@@UEAA@XZ

??1LiveObjectAPI@ScScript@@UEAA@XZ

??1Localizer@ScCore@@UEAA@XZ

??1LockRef@ScCore@@QEAA@XZ

??1Lockable@ScCore@@QEAA@XZ

??1Message@ScCore@@UEAA@XZ

??1Node@ScScript@@UEAA@XZ

??1ParamInfo@ScCore@@UEAA@XZ

??1ParserAPI@ScScript@@UEAA@XZ

??1Preprocessor@ScScript@@UEAA@XZ

??1RuntimeError@ScScript@@UEAA@XZ

??1ScopeInfo@ScScript@@UEAA@XZ

??1ScopeNode@ScScript@@UEAA@XZ

??1Script@ScScript@@MEAA@XZ

??1ScriptContainer@ScScript@@UEAA@XZ

??1ServiceInfo@ScCore@@UEAA@XZ

??1TernaryNode@ScScript@@UEAA@XZ

??1TypeInfo@ScCore@@UEAA@XZ

??1UnaryNode@ScScript@@UEAA@XZ

??1UnitConverter@ScCore@@MEAA@XZ

??1ValidateData@ScScript@@UEAA@XZ

??2Heap@ScCore@@SAPEAX_KPEAX@Z

??3Heap@ScCore@@SAXPEAX0@Z

??4Array@ScCore@@QEAAAEAV01@H@Z

??4BreakpointInfo@ScScript@@QEAAAEAV01@AEBV01@@Z

??4Broadcaster@ScCore@@QEAAAEAV01@AEBV01@@Z

??4Callbacks@ScCore@@QEAAAEAV01@AEBV01@@Z

??4ConversionTuple@ScCore@@QEAAAEAV01@AEBV01@@Z

??4Debugger@ScScript@@QEAAAEAV01@AEBV01@@Z

??4Dialogs@ScCore@@QEAAAEAV01@$$QEAV01@@Z

??4Dialogs@ScCore@@QEAAAEAV01@AEBV01@@Z

??4FileUtils@ScCore@@QEAAAEAV01@$$QEAV01@@Z

??4FileUtils@ScCore@@QEAAAEAV01@AEBV01@@Z

??4Globals@ScCore@@QEAAAEAU01@$$QEAU01@@Z

??4Globals@ScCore@@QEAAAEAU01@AEBU01@@Z

??4InitTerm@ScCore@@QEAAAEAV01@$$QEAV01@@Z

??4InitTerm@ScCore@@QEAAAEAV01@AEBV01@@Z

??4InitTerm@ScScript@@QEAAAEAV01@$$QEAV01@@Z

??4InitTerm@ScScript@@QEAAAEAV01@AEBV01@@Z

??4Listener@ScCore@@QEAAAEAV01@AEBV01@@Z

??4Lockable@ScCore@@QEAAAEAV01@AEBV01@@Z

??4Point@ScCore@@QEAAAEAV01@AEBV01@@Z

??4RuntimeError@ScScript@@QEAAAEAV01@AEBV01@@Z

??4Time@ScCore@@QEAAAEAV01@$$QEAV01@@Z

??4Time@ScCore@@QEAAAEAV01@AEBV01@@Z

??4UnicodeUtils@ScCore@@QEAAAEAV01@$$QEAV01@@Z

??4UnicodeUtils@ScCore@@QEAAAEAV01@AEBV01@@Z

??4ValidateData@ScScript@@QEAAAEAV01@AEBV01@@Z

??4Variant@ScCore@@QEAAAEAV01@AEAVLiveObject@1@@Z

??4Variant@ScCore@@QEAAAEAV01@AEBVArray@1@@Z

??4Variant@ScCore@@QEAAAEAV01@AEBVFileSpec@1@@Z

??4Variant@ScCore@@QEAAAEAV01@AEBVPoint@1@@Z

??4Variant@ScCore@@QEAAAEAV01@AEBVRect@1@@Z

??4Variant@ScCore@@QEAAAEAV01@AEBVRegExp@1@@Z

??4Variant@ScCore@@QEAAAEAV01@AEBVString@1@@Z

??4Variant@ScCore@@QEAAAEAV01@AEBVUnitValue@1@@Z

??4Variant@ScCore@@QEAAAEAV01@H@Z

??4Variant@ScCore@@QEAAAEAV01@I@Z

??4Variant@ScCore@@QEAAAEAV01@N@Z

??4Variant@ScCore@@QEAAAEAV01@PEAVLiveObject@1@@Z

??4Variant@ScCore@@QEAAAEAV01@PEBD@Z

??4Variant@ScCore@@QEAAAEAV01@PEBG@Z

??4Variant@ScCore@@QEAAAEAV01@_N@Z

??8Point@ScCore@@QEBA_NAEBV01@@Z

??8String@ScCore@@QEBA_NPEBD@Z

??8String@ScCore@@QEBA_NPEBG@Z

??8XML@ScCore@@QEBA_NAEBV01@@Z

??9Array@ScCore@@QEBA_NAEBV01@@Z

??9FileSpec@ScCore@@QEBA_NAEBV01@@Z

??9HashTable@ScCore@@QEBA_NAEBV01@@Z

??9Point@ScCore@@QEBA_NAEBV01@@Z

??9Rect@ScCore@@QEBA_NAEBV01@@Z

??9SimpleArray@ScCore@@QEBA_NAEBV01@@Z

??9SparseArray@ScCore@@QEBA_NAEBV01@@Z

??9String@ScCore@@QEBA_NAEBV01@@Z

??9String@ScCore@@QEBA_NPEBD@Z

??9String@ScCore@@QEBA_NPEBG@Z

??9UnitValue@ScCore@@QEBA_NAEBV01@@Z

??9Variant@ScCore@@QEBA_NAEBV01@@Z

??9XML@ScCore@@QEBA_NAEBV01@@Z

??AHashTable@ScCore@@QEBA_JAEBVString@1@@Z

??ASimpleArray@ScCore@@QEAAAEA_JH@Z

??ASimpleArray@ScCore@@QEBA_JH@Z

??ASparseArray@ScCore@@QEBA_J_J@Z

??BString@ScCore@@QEBAPEBGXZ

??MFileSpec@ScCore@@QEBA_NAEBV01@@Z

??MString@ScCore@@QEBA_NAEBV01@@Z

??MString@ScCore@@QEBA_NPEBD@Z

??MString@ScCore@@QEBA_NPEBG@Z

??MVariant@ScCore@@QEBAHAEBV01@@Z

??NString@ScCore@@QEBA_NAEBV01@@Z

??NString@ScCore@@QEBA_NPEBD@Z

??NString@ScCore@@QEBA_NPEBG@Z

??OString@ScCore@@QEBA_NAEBV01@@Z

??OString@ScCore@@QEBA_NPEBD@Z

??OString@ScCore@@QEBA_NPEBG@Z

??PString@ScCore@@QEBA_NAEBV01@@Z

??PString@ScCore@@QEBA_NPEBD@Z

??PString@ScCore@@QEBA_NPEBG@Z

??YArray@ScCore@@QEAAAEAV01@AEAV01@@Z

??YArray@ScCore@@QEAAAEAV01@AEAVFileSpec@1@@Z

??YArray@ScCore@@QEAAAEAV01@AEAVLiveObject@1@@Z

??YArray@ScCore@@QEAAAEAV01@AEBVPoint@1@@Z

??YArray@ScCore@@QEAAAEAV01@AEBVRect@1@@Z

??YArray@ScCore@@QEAAAEAV01@AEBVString@1@@Z

??YArray@ScCore@@QEAAAEAV01@AEBVVariant@1@@Z

??YArray@ScCore@@QEAAAEAV01@H@Z

??YArray@ScCore@@QEAAAEAV01@N@Z

??YArray@ScCore@@QEAAAEAV01@PEAVLiveObject@1@@Z

??YArray@ScCore@@QEAAAEAV01@PEBD@Z

??YArray@ScCore@@QEAAAEAV01@_N@Z

??YSimpleArray@ScCore@@QEAAAEAV01@_J@Z

??ZSimpleArray@ScCore@@QEAAAEAV01@_J@Z

??_7API@ScScript@@6B@

??_7Allocator@ScCore@@6B@

??_7BinaryNode@ScScript@@6B@

??_7BreakpointInfo@ScScript@@6B@

??_7Callback@ScScript@@6B@

??_7Callbacks@ScCore@@6B@

??_7ClassInfo@ScCore@@6B@

??_7Cloneable@ScCore@@6B@

??_7DebugAPI@ScScript@@6B@

??_7Debugger@ScScript@@6B@

??_7Dispatcher@ScScript@@6B@

??_7ESContext@ScScript@@6B@

??_7EmptyNode@ScScript@@6B@

??_7Engine@ScScript@@6B@

??_7FileDisp@ScScript@@6B@

??_7GlobalDialogs@ScScript@@6B@

??_7HiliteAPI@ScScript@@6B@

??_7LabelNode@ScScript@@6B@

??_7ListNode@ScScript@@6B@

??_7Listener@ScCore@@6B@

??_7LiveObjectAPI@ScScript@@6B@

??_7Localizer@ScCore@@6B@

??_7Message@ScCore@@6B@

??_7Node@ScScript@@6B@

??_7ParamInfo@ScCore@@6B@

??_7ParserAPI@ScScript@@6B@

??_7Preprocessor@ScScript@@6B@

??_7Refcountable@ScCore@@6B@

??_7RuntimeError@ScScript@@6B@

??_7ScopeInfo@ScScript@@6B@

??_7ScopeNode@ScScript@@6B@

??_7Script@ScScript@@6B@

??_7ScriptContainer@ScScript@@6B@

??_7ServiceInfo@ScCore@@6B@

??_7TernaryNode@ScScript@@6B@

??_7TypeInfo@ScCore@@6B@

??_7UnaryNode@ScScript@@6B@

??_7UnitConverter@ScCore@@6B@

??_7ValidateData@ScScript@@6B@

??_FDictionary@ScCore@@QEAAXXZ

??_FDispatcher@ScScript@@QEAAXXZ

??_FLiveArray@ScCore@@QEAAXXZ

??_FLiveCollection@ScCore@@QEAAXXZ

??_FLiveObject@ScCore@@QEAAXXZ

??_FXML@ScCore@@QEAAXXZ

?_isInteger@DataPool@ScScript@@AEBA_NH@Z

?_isUInteger@DataPool@ScScript@@AEBA_NH@Z

?add@DataPool@ScScript@@QEAAHAEBVVariant@ScCore@@@Z

?add@DataPool@ScScript@@QEAAHG@Z

?add@DataPool@ScScript@@QEAAHI@Z

?add@DataPool@ScScript@@QEAAHN@Z

?add@DataPool@ScScript@@QEAAHPEBD@Z

?add@DataPool@ScScript@@QEAAHPEBG@Z

?add@ScriptContainer@ScScript@@QEAAXAEBV12@_N@Z

?addClass@Dispatcher@ScScript@@QEAAXAEBVString@ScCore@@@Z

?addClass@Dispatcher@ScScript@@QEAAXPEBD@Z

?addProperties@Dispatcher@ScScript@@QEAAXHPEBUPropEntry@2@PEBD@Z

?addRef@Refcountable@ScCore@@QEBAXXZ

?append@SimpleArray@ScCore@@QEAAXAEBV12@@Z

?append@String@ScCore@@QEAAXAEBV12@@Z

?append@String@ScCore@@QEAAXD@Z

?append@String@ScCore@@QEAAXG@Z

?atExit@InitTerm@ScScript@@SAXP6AXXZ@Z

?call@Dispatcher@ScScript@@QEAAXAEAUArguments@2@PEBD@Z

?call@Dispatcher@ScScript@@UEAAXAEAUArguments@2@P6AX0@Z@Z

?call@GlobalDialogs@ScScript@@UEAAHAEAVLiveObject@ScCore@@HAEBVArray@4@AEAVVariant@4@PEAVError@4@@Z

?checkStack@ESContext@ScScript@@QEBA_NXZ

?clearError@Engine@ScScript@@UEAAXXZ

?clone@Engine@ScScript@@UEBAHPEAPEAV12@@Z

?command@DebugAPI@ScScript@@QEAAXW4Cmd@12@_N@Z

?compile@ScriptContainer@ScScript@@QEAAHAEBVFileSpec@ScCore@@_NP6A_N0@Z@Z

?compile@ScriptContainer@ScScript@@QEAAHAEBVString@ScCore@@0@Z

?createEngine@Engine@ScScript@@SAPEAV12@W4Type@12@@Z

?createFile@FileDisp@ScScript@@QEAA_NAEAVVariant@ScCore@@AEBVString@4@@Z

?createFolder@FileDisp@ScScript@@QEAA_NAEAVVariant@ScCore@@AEBVString@4@@Z

?createValidateVTable@ValidateData@ScScript@@SAPEAVHashTable@ScCore@@XZ

?debugBreak@DebugAPI@ScScript@@QEBAXAEBVString@ScCore@@@Z

?decRef@ScopeInfo@ScScript@@QEBAXXZ

?decompile@ParserAPI@ScScript@@QEBA?AVString@ScCore@@AEBVScopeNode@2@@Z

?decrement@Lock@ScCore@@SAHAEAH@Z

?directive@Preprocessor@ScScript@@AEAA_NAEAUProcData@12@@Z

?doProcess@Preprocessor@ScScript@@AEAA_NAEAUProcData@12@@Z

?dump@BinaryNode@ScScript@@UEAAXAEAVEngine@2@H@Z

?dump@LabelNode@ScScript@@UEAAXAEAVEngine@2@H@Z

?dump@ListNode@ScScript@@UEAAXAEAVEngine@2@H@Z

?dump@Node@ScScript@@UEAAXAEAVEngine@2@H@Z

?dump@ScopeNode@ScScript@@UEAAXAEAVEngine@2@H@Z

?dump@TernaryNode@ScScript@@UEAAXAEAVEngine@2@H@Z

?dump@UnaryNode@ScScript@@UEAAXAEAVEngine@2@H@Z

?enablePreProcessor@ParserAPI@ScScript@@QEAA_N_N@Z

?engineNotify@Callback@ScScript@@UEAAXAEAVEngine@2@H_J@Z

?enterDebugMode@Callback@ScScript@@UEAAXAEAVEngine@2@@Z

?erase@Array@ScCore@@QEAAXXZ

?erase@ScriptContainer@ScScript@@QEAAXXZ

?erase@SimpleArray@ScCore@@QEAAXXZ

?erase@UnitValue@ScCore@@QEAAXXZ

?erase@Variant@ScCore@@QEAAXXZ

?errorAlert@ScriptContainer@ScScript@@QEBAXXZ

?errorAlert@ScriptContainer@ScScript@@SAXAEBVError@ScCore@@@Z

?errorMessage@ScriptContainer@ScScript@@QEBA?AVString@ScCore@@XZ

?errorMessage@ScriptContainer@ScScript@@SA?AVString@ScCore@@AEBVError@4@@Z

?eval@DebugAPI@ScScript@@QEAAHAEBVString@ScCore@@AEAVVariant@4@@Z

?execute@ScriptContainer@ScScript@@QEAAHAEAVEngine@2@H@Z

?executeStaticXML@DebugAPI@ScScript@@SAPEAVXML@ScCore@@AEBV34@AEAVError@4@@Z

?executeXML@DebugAPI@ScScript@@QEAAPEAVXML@ScCore@@AEBV34@AEAVError@4@@Z

?exists@FileSpec@ScCore@@QEBA_NXZ

?exit@InitTerm@ScScript@@SAXXZ

?findEngine@Engine@ScScript@@SAPEAV12@AEBVString@ScCore@@@Z

?findProperty@Dispatcher@ScScript@@UEBAPEBVPropInfo@2@HHPEAVRoot@ScCore@@_N1@Z

?foldConstants@BinaryNode@ScScript@@UEAAPEAVNode@2@XZ

?foldConstants@ListNode@ScScript@@UEAAPEAVNode@2@XZ

?foldConstants@Node@ScScript@@UEAAPEAV12@XZ

?foldConstants@TernaryNode@ScScript@@UEAAPEAVNode@2@XZ

?foldConstants@UnaryNode@ScScript@@UEAAPEAVNode@2@XZ

?garbageCollecting@Callback@ScScript@@UEAA_NAEAVEngine@2@@Z

?gcAll@Engine@ScScript@@SAXXZ

?get@DataPool@ScScript@@SAAEAV12@XZ

?get@Dispatcher@ScScript@@UEAAXAEAUArguments@2@@Z

?get@ESContext@ScScript@@SAAEAV12@XZ

?getAll@Engine@ScScript@@SAXAEAV?$TSimpleArray@VEngine@ScScript@@@ScCore@@@Z

?getArgs@ArgumentsMessage@ScCore@@QEBAAEBVArray@2@XZ

?getArgs@LiveMessage@ScCore@@QEBAAEBVArray@2@XZ

?getArray@LiveArray@ScCore@@QEAAAEAVArray@2@XZ

?getArray@LiveArray@ScCore@@QEBAAEBVArray@2@XZ

?getBaseValue@UnitValue@ScCore@@QEBANAEAI@Z

?getBaseValue@UnitValue@ScCore@@QEBAXAEAV12@@Z

?getBreakpoints@DebugAPI@ScScript@@QEBAXAEAV?$TSimpleArray@VBreakpointInfo@ScScript@@@ScCore@@@Z

?getCallback@Engine@ScScript@@QEBAPEAVCallback@2@XZ

?getClass@Dispatcher@ScScript@@QEBAAEBVString@ScCore@@H@Z

?getClassCount@Dispatcher@ScScript@@QEBAHXZ

?getClassID@Dispatcher@ScScript@@AEBAHH@Z

?getClassInfo@Dispatcher@ScScript@@UEAAPEBVClassInfo@ScCore@@AEBVString@4@@Z

?getClassObject@Callback@ScScript@@UEAAPEAVLiveObject@ScCore@@AEAVEngine@2@AEBVString@4@AEAI@Z

?getCode@Error@ScCore@@QEBAHXZ

?getCode@ErrorInfo@ScCore@@QEBAHXZ

?getColumn@ErrorInfo@ScCore@@QEBAHXZ

?getConstant@Node@ScScript@@QEBAPEBVVariant@ScCore@@XZ

?getContextInfo@DebugAPI@ScScript@@QEBAHHAEAVString@ScCore@@AEAVArray@4@@Z

?getContextLevel@DebugAPI@ScScript@@QEBAHXZ

?getCurrent@Engine@ScScript@@SAPEAV12@XZ

?getData@ErrorInfo@ScCore@@QEBAPEBVCloneable@2@XZ

?getData@SimpleArray@ScCore@@QEBAPEB_JXZ

?getDebugFlags@Engine@ScScript@@QEBAHXZ

?getDebugLevel@Engine@ScScript@@QEBAHXZ

?getDebugState@DebugAPI@ScScript@@QEBA?AW4State@12@XZ

?getDictionary@Engine@ScScript@@UEBAPEAVDictionary@ScCore@@XZ

?getDirective@Preprocessor@ScScript@@QEBAPEBVString@ScCore@@AEBV34@@Z

?getDouble@Variant@ScCore@@QEBANXZ

?getEngine@API@ScScript@@QEBAAEAVEngine@2@XZ

?getEnumIDs@LiveMessage@ScCore@@QEBAPEAVSimpleArray@2@XZ

?getEnumNames@Dispatcher@ScScript@@UEBAXAEBVVariant@ScCore@@AEAV?$TSimpleArray@VString@ScCore@@@4@@Z

?getEnumerableProperties@Dispatcher@ScScript@@UEBAXAEBVVariant@ScCore@@AEAVSimpleArray@4@H@Z

?getError@Engine@ScScript@@UEBAAEBVError@ScCore@@XZ

?getError@Error@ScCore@@QEBAPEBVErrorInfo@2@XZ

?getError@LiveMessage@ScCore@@QEAAAEAHXZ

?getError@ScriptContainer@ScScript@@QEBAAEAVError@ScCore@@XZ

?getError@Thread@ScCore@@QEBAHXZ

?getErrorData@Error@ScCore@@QEBAPEBVVariant@2@XZ

?getErrorInfo@Engine@ScScript@@UEBAAEBVRuntimeError@2@XZ

?getExtError@LiveMessage@ScCore@@QEBAPEAVError@2@XZ

?getFile@ErrorInfo@ScCore@@QEBAAEBVString@2@XZ

?getFlags@LiveObject@ScCore@@QEBAIXZ

?getGlobalObject@LiveObjectAPI@ScScript@@QEBAAEAVLiveObject@ScCore@@XZ

?getID@Engine@ScScript@@QEBAIXZ

?getID@Message@ScCore@@QEBAHXZ

?getID@Thread@ScCore@@QEBAIXZ

?getIncludePath@ParserAPI@ScScript@@QEBAAEBVString@ScCore@@XZ

?getIncludes@Preprocessor@ScScript@@QEBAAEBVString@ScCore@@XZ

?getIncrement@SimpleArray@ScCore@@QEBAHXZ

?getInteger@DataPool@ScScript@@QEBAHH@Z

?getInterfaceID@LiveArray@ScCore@@SAHXZ

?getInterfaceID@LiveCollection@ScCore@@SAHXZ

?getInterfaceID@LiveObject@ScCore@@SAHXZ

?getLanguage@LiveMessage@ScCore@@QEAAAEAHXZ

?getLength@ErrorInfo@ScCore@@QEBAGXZ

?getLengthID@LiveCollection@ScCore@@QEBAHXZ

?getLine@ErrorInfo@ScCore@@QEBAHXZ

?getLocalizer@Engine@ScScript@@QEBAPEBVLocalizer@ScCore@@XZ

?getMapping@Encoder@ScCore@@QEBAHXZ

?getMask@FileFilter@ScCore@@QEBAAEBVString@2@XZ

?getName@API@ScScript@@QEBAHXZ

?getName@Engine@ScScript@@QEBAAEBVString@ScCore@@XZ

?getName@XML@ScCore@@QEBAAEBVString@2@XZ

?getNamespace@XML@ScCore@@QEBAPEBV12@XZ

?getNext@ErrorInfo@ScCore@@QEBAPEBV12@XZ

?getNode@ListNode@ScScript@@QEBAPEAVNode@2@H@Z

?getNumber@DataPool@ScScript@@QEBANH@Z

?getOffset@ErrorInfo@ScCore@@QEBAHXZ

?getOutputStream@DebugAPI@ScScript@@QEBAPEAVFile@ScCore@@XZ

?getParent@Dispatcher@ScScript@@QEBAPEAV12@XZ

?getParent@XML@ScCore@@QEAAPEAV12@XZ

?getParent@XML@ScCore@@QEBAPEBV12@XZ

?getProfilerData@DebugAPI@ScScript@@QEAAXPEAV?$TSimpleArray@VProfilerData@ScScript@@@ScCore@@_N@Z

?getProfilingLevel@Engine@ScScript@@QEBAHXZ

?getProperties@DebugAPI@ScScript@@QEAA_NAEBVVariant@ScCore@@AEAV?$THashTable@VVariant@ScCore@@@4@H@Z

?getProperties@DebugAPI@ScScript@@QEAA_NAEBVVariant@ScCore@@AEAV?$THashTable@VVariant@ScCore@@@4@_N2@Z

?getProperties@Dispatcher@ScScript@@UEBAXHHAEAV?$TSimpleArray@$$CBVPropInfo@ScScript@@@ScCore@@@Z

?getPropertyID@LiveMessage@ScCore@@QEAAAEAHXZ

?getPropertyManager@LiveBase@ScCore@@QEBAPEBVLivePropertyManager@2@XZ

?getPropertyTable@GlobalDialogs@ScScript@@SAAEBULivePropertyInfo@ScCore@@XZ

?getRefCount@Refcountable@ScCore@@QEBAHXZ

?getScript@DebugAPI@ScScript@@QEBAPEAVScript@2@XZ

?getScript@ScriptContainer@ScScript@@QEBAPEAVScript@2@H@Z

?getSecurityFlags@FileDisp@ScScript@@QEBAHXZ

?getSender@Message@ScCore@@QEBAPEBVBroadcaster@2@XZ

?getSource@DebugAPI@ScScript@@QEBA?AVString@ScCore@@XZ

?getSource@ErrorInfo@ScCore@@QEBAAEBVString@2@XZ

?getSourceFileID@DebugAPI@ScScript@@QEBAHXZ

?getSourceLine@DebugAPI@ScScript@@QEBAHXZ

?getStackDepth@DebugAPI@ScScript@@QEBAHXZ

?getStackTrace@DebugAPI@ScScript@@QEBA?AVString@ScCore@@HH@Z

?getString@Variant@ScCore@@QEBAAEBVString@2@H@Z

?getString@Variant@ScCore@@QEBAAEBVString@2@XZ

?getSymbol@DataPool@ScScript@@QEBA?AVString@ScCore@@H@Z

?getTable@Dispatcher@ScScript@@AEBAPEBVTableEntry@2@H@Z

?getText@ErrorInfo@ScCore@@QEBAAEBVString@2@XZ

?getThis@LiveMessage@ScCore@@QEBAAEBVLiveObject@2@XZ

?getType@UnitValue@ScCore@@QEBAIXZ

?getType@Variant@ScCore@@QEBA?AW4VariantType@2@XZ

?getType@XML@ScCore@@QEBAHXZ

?getUInteger@DataPool@ScScript@@QEBAIH@Z

?getUInteger@Variant@ScCore@@QEBAIXZ

?getUserData@Dispatcher@ScScript@@QEBAPEAVRoot@ScCore@@XZ

?getUserData@Engine@ScScript@@QEBAPEAVRoot@ScCore@@XZ

?getValue@DataPool@ScScript@@QEBAXHAEAVVariant@ScCore@@@Z

?getValue@UnitValue@ScCore@@QEBANAEAI@Z

?getValue@UnitValue@ScCore@@QEBANXZ

?getValue@XML@ScCore@@QEBAAEBVString@2@XZ

?getVersion@Engine@ScScript@@SAHXZ

?getWatchpointInfo@DebugAPI@ScScript@@QEAA_NAEAVVariant@ScCore@@00@Z

?getXML@LiveObjectAPI@ScScript@@QEBAPEAVXML@ScCore@@AEBVVariant@4@@Z

?grow@Rect@ScCore@@QEAAXAEBVPoint@2@@Z

?grow@Rect@ScCore@@QEAAXNN@Z

?hasDotProperties@Dispatcher@ScScript@@QEBA_NH@Z

?hasOperators@Dispatcher@ScScript@@AEBA_NH@Z

?hasProperty@Dispatcher@ScScript@@UEBAPEBUPropEntry@2@AEBVVariant@ScCore@@0_N@Z

?incRef@ScopeInfo@ScScript@@QEBAXXZ

?increment@Lock@ScCore@@SAHAEAH@Z

?init@InitTerm@ScScript@@SAXXZ

?init@ValidateData@ScScript@@SAXXZ

?insert@ScriptContainer@ScScript@@QEAAXAEAVScript@2@H@Z

?inset@Rect@ScCore@@QEAAXAEBVPoint@2@@Z

?invalidateClassAll@Engine@ScScript@@SAXAEBVString@ScCore@@@Z

?isActive@Thread@ScCore@@QEBA_NXZ

?isAlias@FileSpec@ScCore@@QEBA_NXZ

?isCaseless@LiveBase@ScCore@@KA_NH@Z

?isClass@Dispatcher@ScScript@@QEBA_NAEBVString@ScCore@@@Z

?isClass@Dispatcher@ScScript@@QEBA_NH@Z

?isClass@Dispatcher@ScScript@@QEBA_NPEBD@Z

?isCommandEnabled@DebugAPI@ScScript@@QEAA_NW4Cmd@12@@Z

?isContinueOnError@ScriptContainer@ScScript@@QEBA_NXZ

?isDefined@Variant@ScCore@@QEBA_NXZ

?isEmpty@Node@ScScript@@QEBA_NXZ

?isEmpty@Rect@ScCore@@QEBA_NXZ

?isEmpty@UnitValue@ScCore@@QEBA_NXZ

?isFile@FileSpec@ScCore@@QEBA_NXZ

?isFinite@Variant@ScCore@@QEBA_NXZ

?isFolder@FileSpec@ScCore@@QEBA_NXZ

?isInitialized@InitTerm@ScScript@@SA_NXZ

?isInside@Rect@ScCore@@QEBA_NAEBVPoint@2@@Z

?isInteger@DataPool@ScScript@@QEBA_NH@Z

?isInteger@Variant@ScCore@@QEBA_NXZ

?isMinus0@Variant@ScCore@@QEBA_NXZ

?isNaN@Variant@ScCore@@QEBA_NXZ

?isNull@Variant@ScCore@@QEBA_NXZ

?isNumber@DataPool@ScScript@@QEBA_NH@Z

?isPackage@FileSpec@ScCore@@QEBA_NXZ

?isProtected@FileSpec@ScCore@@QEBA_NXZ

?isReadOnly@DebugAPI@ScScript@@QEAA_NAEBVVariant@ScCore@@AEBVString@4@@Z

?isReadOnly@LiveCollection@ScCore@@QEBA_NXZ

?isRethrow@Allocator@ScCore@@QEBA_NXZ

?isUInteger@DataPool@ScScript@@QEBA_NH@Z

?isUInteger@Variant@ScCore@@QEBA_NXZ

?isUpperCase@DataPool@ScScript@@SA_NH@Z

?isValid@LiveBase@ScCore@@QEBA_NXZ

?isValidClassName@Callback@ScScript@@UEAA_NAEAVEngine@2@AEBVString@ScCore@@@Z

?isValidLine@Script@ScScript@@SA_NAEBV12@H@Z

?isVisible@FileSpec@ScCore@@QEBA_NXZ

?leaveDebugMode@Callback@ScScript@@UEAAXAEAVEngine@2@_N@Z

?length@HashTable@ScCore@@QEBAHXZ

?length@ListNode@ScScript@@QEBAHXZ

?length@LiveCollection@ScCore@@QEBAIXZ

?length@ScriptContainer@ScScript@@QEBAJXZ

?length@SimpleArray@ScCore@@QEBAHXZ

?length@SparseArray@ScCore@@QEBAHXZ

?length@String@ScCore@@QEBAHXZ

?load@ScriptContainer@ScScript@@QEAAHAEAVEngine@2@@Z

?lock@Lockable@ScCore@@QEBAXXZ

?lockRef@Engine@ScScript@@QEAAXAEBVVariant@ScCore@@@Z

?makeXMLObject@LiveObjectAPI@ScScript@@QEBAXAEBVXML@ScCore@@AEAVVariant@4@@Z

?moveBy@Rect@ScCore@@QEAAXAEBVPoint@2@@Z

?moveTo@Rect@ScCore@@QEAAXAEBVPoint@2@@Z

?next@HiliteAPI@ScScript@@QEAA_NPEAVHiliteAPIData@2@AEAUHiliteRange@2@@Z

?parse@ParserAPI@ScScript@@QEBAPEAVScopeNode@2@AEBVString@ScCore@@@Z

?process@Preprocessor@ScScript@@QEAAHAEBVString@ScCore@@0AEAV34@PEAVError@4@@Z

?put@Dispatcher@ScScript@@UEAAXAEAUArguments@2@@Z

?put@XML@ScCore@@QEAAPEAV12@AEBVString@2@@Z

?registerProperties@Dispatcher@ScScript@@QEAAXHPEBUPropEntry@2@@Z

?registerProperties@Dispatcher@ScScript@@QEAAXHPEBUPropEntry@2@AEBVString@ScCore@@@Z

?registerProperties@Dispatcher@ScScript@@QEAAXHPEBUPropEntry@2@PEBD@Z

?resolve@FileSpec@ScCore@@QEAAHXZ

?restoreError@Engine@ScScript@@UEAAXAEBVError@ScCore@@@Z

?running@Callback@ScScript@@UEAAXAEAVEngine@2@@Z

Sections

.text
Size: 614KB - Virtual size: 613KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.idata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 283B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

malware/5/Data/Plug-ins/root/data/JP2KLib.dll

.dll windows:6 windows x64 arch:x64

219f9de4f502dff7700e78df04ecccb7

Code Sign

01:02:80:e6:32:aa:56:50:91:67:c4:2a:dc:45:2f:68
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/12/2020, 00:00

Not After

21/12/2022, 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Photoshop\, Bridge,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0a:4b:8e:9a:27:81:9a:94:6e:6a:97:06:49:c1:67:89:6f:35:fb:02:5e:08:90:2f:1e:8e:4d:cd:dd:b8:ce:e6
Signer

Actual PE Digest

0a:4b:8e:9a:27:81:9a:94:6e:6a:97:06:49:c1:67:89:6f:35:fb:02:5e:08:90:2f:1e:8e:4d:cd:dd:b8:ce:e6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

JP2KLib.pdb

Imports

vcruntime140

_CxxThrowException

__CxxFrameHandler3

__C_specific_handler

__std_type_info_destroy_list

memset

api-ms-win-crt-math-l1-1-0

sqrtf

log10

logf

log

pow

sqrt

fabs

powf

ceilf

api-ms-win-crt-string-l1-1-0

strncmp

strlen

api-ms-win-crt-utility-l1-1-0

abs

api-ms-win-crt-stdio-l1-1-0

putc

__acrt_iob_func

__stdio_common_vfprintf

fopen_s

fclose

fflush

fputc

fwrite

api-ms-win-crt-runtime-l1-1-0

_cexit

terminate

_crt_at_quick_exit

_execute_onexit_table

_register_onexit_function

_initialize_onexit_table

_configure_narrow_argv

_seh_filter_dll

_initterm_e

_initterm

_crt_atexit

_initialize_narrow_environment

api-ms-win-crt-heap-l1-1-0

free

kernel32

GetCurrentThreadId

RtlLookupFunctionEntry

RtlVirtualUnwind

UnhandledExceptionFilter

SetUnhandledExceptionFilter

GetModuleHandleW

GetStartupInfoW

IsDebuggerPresent

InitializeSListHead

DisableThreadLibraryCalls

GetSystemTimeAsFileTime

RtlCaptureContext

GetCurrentProcessId

QueryPerformanceCounter

IsProcessorFeaturePresent

TerminateProcess

GetCurrentProcess

Exports

??0JP2KCodeStm@@QEAA@XZ

??1JP2KCodeStm@@QEAA@XZ

??4IJP2KException@@QEAAAEAV0@$$QEAV0@@Z

??4IJP2KException@@QEAAAEAV0@AEBV0@@Z

??4JP2KBufID_I@@QEAAAEAU0@$$QEAU0@@Z

??4JP2KBufID_I@@QEAAAEAU0@AEBU0@@Z

??4JP2KClientData@@QEAAAEAU0@$$QEAU0@@Z

??4JP2KClientData@@QEAAAEAU0@AEBU0@@Z

??4JP2KClientProcs@@QEAAAEAU0@$$QEAU0@@Z

??4JP2KClientProcs@@QEAAAEAU0@AEBU0@@Z

??4JP2KCodeStm@@QEAAAEAV0@AEBV0@@Z

??4JP2KDecOpt@@QEAAAEAU0@$$QEAU0@@Z

??4JP2KDecOpt@@QEAAAEAU0@AEBU0@@Z

??4JP2KEncOpt@@QEAAAEAU0@$$QEAU0@@Z

??4JP2KEncOpt@@QEAAAEAU0@AEBU0@@Z

??4JP2KException@@QEAAAEAU0@$$QEAU0@@Z

??4JP2KException@@QEAAAEAU0@AEBU0@@Z

??4JP2KImageDataParms@@QEAAAEAU0@$$QEAU0@@Z

??4JP2KImageDataParms@@QEAAAEAU0@AEBU0@@Z

??4JP2KImageDataProcs@@QEAAAEAU0@$$QEAU0@@Z

??4JP2KImageDataProcs@@QEAAAEAU0@AEBU0@@Z

??4JP2KMemFuncs@@QEAAAEAU0@$$QEAU0@@Z

??4JP2KMemFuncs@@QEAAAEAU0@AEBU0@@Z

??4JP2KMemFuncsEx@@QEAAAEAU0@$$QEAU0@@Z

??4JP2KMemFuncsEx@@QEAAAEAU0@AEBU0@@Z

??4JP2KStreamProcs@@QEAAAEAU0@$$QEAU0@@Z

??4JP2KStreamProcs@@QEAAAEAU0@AEBU0@@Z

??4JP2KStreamProcsEx@@QEAAAEAU0@$$QEAU0@@Z

??4JP2KStreamProcsEx@@QEAAAEAU0@AEBU0@@Z

??4JP2KUserActions@@QEAAAEAU0@$$QEAU0@@Z

??4JP2KUserActions@@QEAAAEAU0@AEBU0@@Z

?ClearErrState@IJP2KException@@QEAAXXZ

?Clone@IJP2KException@@QEAAXPEAV1@@Z

?Die@JP2KCodeStm@@QEAAXXZ

?GetCurPos@JP2KCodeStm@@QEAA_JXZ

?GetErrString@IJP2KException@@QEAAPEADXZ

?GetOpenMode@JP2KCodeStm@@QEAA?AW4JP2KStmOpenMode@@XZ

?GetStmBase@JP2KCodeStm@@QEAAPEAXXZ

?GetStmProcs@JP2KCodeStm@@QEAAPEAUJP2KStreamProcsEx@@XZ

?GetTotalLength@JP2KCodeStm@@QEAA_KXZ

?InitJP2KCodeStm@JP2KCodeStm@@QEAAH_KHPEAXPEAUJP2KStreamProcsEx@@W4JP2KStmOpenMode@@H@Z

?IsReadable@JP2KCodeStm@@QEAA_NXZ

?IsSeekable@JP2KCodeStm@@QEAA_NXZ

?IsWritable@JP2KCodeStm@@QEAA_NXZ

?ReadOnly@JP2KCodeStm@@QEAA_NXZ

?StmLengthUnknown@JP2KCodeStm@@QEAA_NXZ

?TellPos@JP2KCodeStm@@QEAA_JXZ

?WriteOnly@JP2KCodeStm@@QEAA_NXZ

?flushWriteBuffer@JP2KCodeStm@@QEAAHXZ

?read@JP2KCodeStm@@QEAAHPEAEH@Z

?seek@JP2KCodeStm@@QEAA_JH_J@Z

?write@JP2KCodeStm@@QEAAHPEAEH@Z

CIEParamsAreDefaults

ColorSpecIsJP2Compatibile

InitDefaultCIEParams

JP2KCopyRect

JP2KDecOptCreate

JP2KDecOptDestroy

JP2KDecOptInitToDefaults

JP2KEncOptClone

JP2KEncOptCreate

JP2KEncOptDestroy

JP2KEncOptGetGeomParams

JP2KEncOptInitToDefaults

JP2KEncOptInitToDefaultsUsingImageGeometry

JP2KGetMemObj

JP2KGetMemObjEx

JP2KImageCompletedDecoding

JP2KImageCompressAndWriteTile

JP2KImageCompressImage

JP2KImageCompressTile

JP2KImageCreate

JP2KImageDataCreate

JP2KImageDataDestroy

JP2KImageDataFreeImageBuffer

JP2KImageDataGetHeight

JP2KImageDataGetImageBuffer

JP2KImageDataGetSizeofImageDataType

JP2KImageDataGetWidth

JP2KImageDataInit

JP2KImageDataSetHeight

JP2KImageDataSetImageBuffer

JP2KImageDataSetImageBufferType

JP2KImageDataSetSizeOfImageDataType

JP2KImageDataSetWidth

JP2KImageDecodeImageRegion

JP2KImageDecodeImageWithoutSeeking

JP2KImageDecodeTileInterleaved

JP2KImageDecodeTileInterleavedIncremental

JP2KImageDecodeTilePlanar

JP2KImageDestroy

JP2KImageEncodeImage

JP2KImageEstimatePeakDecodeMemoryRequirement

JP2KImageEstimateSizeofRegionToDecode

JP2KImageFileIsJP2K

JP2KImageFileIsJP2KEx

JP2KImageFindQualityNumbersEmbedded

JP2KImageGeometryComputeTransformedPoint

JP2KImageGeometryComputeTransformedPointUsingOrientations

JP2KImageGeometryComputeTransformedRect

JP2KImageGeometryComputeTransformedRectUsingOrientations

JP2KImageGeometryCopyInit

JP2KImageGeometryCreate

JP2KImageGeometryDestroy

JP2KImageGeometryGetImageResolutionBoundingBox

JP2KImageGeometryGetNumXTiles

JP2KImageGeometryGetNumYTiles

JP2KImageGeometryGetParams

JP2KImageGeometryGetTileBoundingBox

JP2KImageGeometryGetTileCompBoundingBox

JP2KImageGeometryGetTileCompResolutionBoundingBox

JP2KImageGeometryGetTileNum

JP2KImageGeometryGetTileResolutionBoundingBox

JP2KImageGeometryGetTileResolutionBoundingBoxOfRegion

JP2KImageGeometryGetXIndex

JP2KImageGeometryGetYIndex

JP2KImageGeometryInit

JP2KImageGeometryMapCanvasCoordRectToComponentRect

JP2KImageGeometryMapCanvasCoordRectToLowerResComponentRect

JP2KImageGeometryMapRectToLowerRes

JP2KImageGeometryParamsAreInConsistent

JP2KImageGeometryTransformRect

JP2KImageGeometryTransformRectUsingOrientations

JP2KImageGetAlphaChannelCodeStreamSize

JP2KImageGetBitDepths

JP2KImageGetChannelIndex

JP2KImageGetChromaKey

JP2KImageGetClientData

JP2KImageGetCodeStream

JP2KImageGetColorSpecList

JP2KImageGetComponentType

JP2KImageGetDecodeOptions

JP2KImageGetDecodedImage

JP2KImageGetEncodeOptions

JP2KImageGetErrorDetails

JP2KImageGetGMLData

JP2KImageGetGeometryParams

JP2KImageGetGlobalTransparencyChannelNum

JP2KImageGetICCProfile

JP2KImageGetInterleavedColorData

JP2KImageGetMaxCodeStreamLength

JP2KImageGetMaxRes

JP2KImageGetMemObj

JP2KImageGetMemObjEx

JP2KImageGetMinCodeStreamLength

JP2KImageGetNumColorChannels

JP2KImageGetNumComponents

JP2KImageGetNumComponentsDoneInProgPlay

JP2KImageGetNumQualitySteps

JP2KImageGetNumTileComps

JP2KImageGetNumTiles

JP2KImageGetNumUUIDBoxes

JP2KImageGetNumXMLBoxes

JP2KImageGetOrientationForDecode

JP2KImageGetPalette

JP2KImageGetPreviewData

JP2KImageGetPreviewDataOfRegion

JP2KImageGetStreamProcs

JP2KImageGetStreamProcsEx

JP2KImageGetTempFileStream

JP2KImageGetTileComponent

JP2KImageGetTransparencyChannelNum

JP2KImageGetTransparencyCodeStreamSize

JP2KImageGetTransparencyType

JP2KImageGetUUIDBoxes

JP2KImageGetXMLBoxes

JP2KImageGlobalTransparencyChannelPresent

JP2KImageIncrementalDecodingIsEnabled

JP2KImageIncrementalDecodingIsRequired

JP2KImageInitDecoder

JP2KImageInitDecoderEx

JP2KImageInitEncoder

JP2KImageInitEncoderEx

JP2KImageIsGMLDataPresent

JP2KImageNumProgresionStepsInCompressImage

JP2KImageNumProgressionStepsInEncodeImage

JP2KImageOptimizeImage

JP2KImagePalettePresent

JP2KImagePlay

JP2KImagePlayProgression

JP2KImagePlayProgressionStart

JP2KImagePlayProgressionStop

JP2KImageReorderCodeStream

JP2KImageResolutionInfoPresent

JP2KImageRewind

JP2KImageSetAlphaChannelsForPreview

JP2KImageSetOrientationForDecode

JP2KImageSetReplayOptions

JP2KImageSkipDecodingOfAlphaChannels

JP2KImageTransparencyChannelPresent

JP2KImageUUIDPresent

JP2KImageUpdateCodestreamSize

JP2KImageValidate

JP2KImageWriteJPXHeaders

JP2KImageXMLPresent

JP2KImageZoom

JP2KLibBuildDate

JP2KLibInit

JP2KLibInitEx

JP2KLibShutDown

JP2KLibVersion

JP2KTileComponentGetDecOpt

JP2KTileComponentGetDecodeParams

JP2KTileComponentGetEncOpt

JP2KTileComponentGetHeight

JP2KTileComponentGetOutputImage

JP2KTileComponentGetProgData

JP2KTileComponentGetTileGeometryParams

JP2KTileComponentGetWaveletData

JP2KTileComponentGetWidth

JP2KTileComponentReleaseWaveletData

JP2KTileComponentResetTileCompDataIsValid

JP2KTileComponentResetTileCompDataReady

JP2KTileComponentSetDecodeOptions

JP2KTileComponentSetDecodeParams

JP2KTileComponentSetEncodeOptions

JP2KTileComponentSetIsAlphaChannel

JP2KTileComponentSetOutputImage

JP2KTileComponentSetProgData

JP2KTileComponentSetTileCompDataIsValid

JP2KTileComponentSetTileCompDataReady

JP2KTileComponentSetTileGeometryParams

JP2KTileComponentSetWaveletData

JP2KTileComponentTileCompDataIsValid

JP2KTileComponentTileCompDataReady

JP2KTileComponentValidate

JP2KTileGeometryCreate

JP2KTileGeometryDestroy

JP2KTileGeometryGetResolutionCoords

JP2KTileGeometryGetResolutionCoordsofRegion

JP2KTileGeometryInit

JP2KTileGeometryInitUsingTileIndices

JP2KTileGeometryRegionIsTile

Sections

.text
Size: 556KB - Virtual size: 556KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

malware/5/Data/Plug-ins/root/data/Microsoft.Expression.Interactions.dll

.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

e:\ExpressionRTM\Sparkle\SDK\BlendWPFSDK\Build\Intermediate\Release\Libraries\Microsoft.Expression.Interactions\Win32\Release\Microsoft.Expression.Interactions.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

malware/5/Data/Plug-ins/root/data/Microsoft.VC90.CRT.manifest

.xml

malware/5/Data/Plug-ins/root/data/Microsoft.VC90.MFC.manifest

.xml

malware/5/Data/Plug-ins/root/data/Newtonsoft.Json.dll

.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

C:\Development\Releases\Json\Working\Newtonsoft.Json\Working-Signed\Src\Newtonsoft.Json\obj\Release\net45\Newtonsoft.Json.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 644KB - Virtual size: 644KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

malware/5/Data/Plug-ins/root/data/SQLite.Interop.dll

.dll windows:5 windows x86 arch:x86

43cf4064308c8cffa2acc646c51eabf0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

C:\dev\sqlite\dotnet\bin\2010\Win32\ReleaseNativeOnlyStatic\SQLite.Interop.pdb

Imports

kernel32

UnmapViewOfFile

SetEndOfFile

FreeLibrary

HeapAlloc

SystemTimeToFileTime

QueryPerformanceCounter

HeapFree

WaitForSingleObject

InterlockedCompareExchange

UnlockFile

FlushViewOfFile

LockFile

WaitForSingleObjectEx

OutputDebugStringW

GetTickCount

UnlockFileEx

GetProcessHeap

GetSystemTimeAsFileTime

FormatMessageA

WriteFile

InitializeCriticalSection

WideCharToMultiByte

LoadLibraryW

Sleep

FormatMessageW

GetVersionExW

HeapDestroy

LeaveCriticalSection

GetFileAttributesA

HeapCreate

MapViewOfFile

GetFileAttributesW

ReadFile

CreateFileW

MultiByteToWideChar

FlushFileBuffers

GetTempPathW

GetLastError

GetProcAddress

HeapSize

LockFileEx

EnterCriticalSection

GetDiskFreeSpaceW

LoadLibraryA

CreateFileMappingA

CreateFileMappingW

GetDiskFreeSpaceA

GetSystemInfo

GetFileAttributesExW

DeleteCriticalSection

GetCurrentThreadId

OutputDebugStringA

GetVersionExA

CloseHandle

DeleteFileW

GetCurrentProcessId

GetTempPathA

LocalFree

GetSystemTime

AreFileApisANSI

DeleteFileA

TryEnterCriticalSection

SetFilePointer

HeapCompact

CreateMutexW

GetFileSize

CreateFileA

HeapReAlloc

GetFullPathNameA

HeapValidate

GetFullPathNameW

ExitThread

CreateThread

DecodePointer

GetCommandLineA

TerminateProcess

GetCurrentProcess

UnhandledExceptionFilter

SetUnhandledExceptionFilter

IsDebuggerPresent

IsProcessorFeaturePresent

EncodePointer

GetTimeZoneInformation

TlsAlloc

TlsGetValue

TlsSetValue

TlsFree

InterlockedIncrement

GetModuleHandleW

SetLastError

InterlockedDecrement

ExitProcess

GetCPInfo

GetACP

GetOEMCP

IsValidCodePage

LCMapStringW

SetHandleCount

GetStdHandle

InitializeCriticalSectionAndSpinCount

GetFileType

GetStartupInfoW

GetModuleFileNameA

FreeEnvironmentStringsW

GetEnvironmentStringsW

RaiseException

GetModuleFileNameW

RtlUnwind

GetStringTypeW

CompareStringW

SetEnvironmentVariableA

advapi32

CryptDestroyHash

CryptDecrypt

CryptDestroyKey

CryptCreateHash

CryptEncrypt

CryptDuplicateKey

CryptDeriveKey

CryptAcquireContextW

CryptHashData

Exports

_interop_compileoption_get@4

_interop_compileoption_used@4

_interop_libversion@0

_interop_sourceid@0

_sqlite3_backup_finish_interop@4

_sqlite3_bind_double_interop@12

_sqlite3_bind_int64_interop@12

_sqlite3_bind_parameter_name_interop@12

_sqlite3_blob_close_interop@4

_sqlite3_changes_interop@4

_sqlite3_close_interop@4

_sqlite3_column_database_name16_interop@12

_sqlite3_column_database_name_interop@12

_sqlite3_column_decltype16_interop@12

_sqlite3_column_decltype_interop@12

_sqlite3_column_double_interop@12

_sqlite3_column_int64_interop@12

_sqlite3_column_name16_interop@12

_sqlite3_column_name_interop@12

_sqlite3_column_origin_name16_interop@12

_sqlite3_column_origin_name_interop@12

_sqlite3_column_table_name16_interop@12

_sqlite3_column_table_name_interop@12

_sqlite3_column_text16_interop@12

_sqlite3_column_text_interop@12

_sqlite3_context_collcompare_interop@20

_sqlite3_context_collseq_interop@16

_sqlite3_create_disposable_module_interop@112

_sqlite3_create_function_interop@36

_sqlite3_cursor_rowid_interop@12

_sqlite3_errmsg_interop@8

_sqlite3_finalize_interop@4

_sqlite3_index_column_info_interop@32

_sqlite3_last_insert_rowid_interop@8

_sqlite3_malloc_size_interop@4

_sqlite3_memory_highwater_interop@8

_sqlite3_memory_used_interop@4

_sqlite3_open16_interop@20

_sqlite3_open_interop@20

_sqlite3_prepare16_interop@24

_sqlite3_prepare_interop@24

_sqlite3_reset_interop@4

_sqlite3_result_double_interop@8

_sqlite3_result_int64_interop@8

_sqlite3_table_column_metadata_interop@44

_sqlite3_table_cursor_interop@12

_sqlite3_value_double_interop@8

_sqlite3_value_int64_interop@8

_sqlite3_value_text16_interop@8

_sqlite3_value_text_interop@8

sqlite3_activate_see

sqlite3_aggregate_context

sqlite3_aggregate_count

sqlite3_auto_extension

sqlite3_backup_finish

sqlite3_backup_init

sqlite3_backup_pagecount

sqlite3_backup_remaining

sqlite3_backup_step

sqlite3_bind_blob

sqlite3_bind_blob64

sqlite3_bind_double

sqlite3_bind_int

sqlite3_bind_int64

sqlite3_bind_null

sqlite3_bind_parameter_count

sqlite3_bind_parameter_index

sqlite3_bind_parameter_name

sqlite3_bind_pointer

sqlite3_bind_text

sqlite3_bind_text16

sqlite3_bind_text64

sqlite3_bind_value

sqlite3_bind_zeroblob

sqlite3_bind_zeroblob64

sqlite3_blob_bytes

sqlite3_blob_close

sqlite3_blob_open

sqlite3_blob_read

sqlite3_blob_reopen

sqlite3_blob_write

sqlite3_busy_handler

sqlite3_busy_timeout

sqlite3_cancel_auto_extension

sqlite3_changes

sqlite3_clear_bindings

sqlite3_close

sqlite3_close_v2

sqlite3_collation_needed

sqlite3_collation_needed16

sqlite3_column_blob

sqlite3_column_bytes

sqlite3_column_bytes16

sqlite3_column_count

sqlite3_column_database_name

sqlite3_column_database_name16

sqlite3_column_decltype

sqlite3_column_decltype16

sqlite3_column_double

sqlite3_column_int

sqlite3_column_int64

sqlite3_column_name

sqlite3_column_name16

sqlite3_column_origin_name

sqlite3_column_origin_name16

sqlite3_column_table_name

sqlite3_column_table_name16

sqlite3_column_text

sqlite3_column_text16

sqlite3_column_type

sqlite3_column_value

sqlite3_commit_hook

sqlite3_compileoption_get

sqlite3_compileoption_used

sqlite3_complete

sqlite3_complete16

sqlite3_config

sqlite3_context_db_handle

sqlite3_create_collation

sqlite3_create_collation16

sqlite3_create_collation_v2

sqlite3_create_disposable_module

sqlite3_create_function

sqlite3_create_function16

sqlite3_create_function_v2

sqlite3_create_module

sqlite3_create_module_v2

sqlite3_data_count

sqlite3_data_directory

sqlite3_db_cacheflush

sqlite3_db_config

sqlite3_db_filename

sqlite3_db_handle

sqlite3_db_mutex

sqlite3_db_readonly

sqlite3_db_release_memory

sqlite3_db_status

sqlite3_declare_vtab

sqlite3_dispose_module

sqlite3_enable_load_extension

sqlite3_enable_shared_cache

sqlite3_errcode

sqlite3_errmsg

sqlite3_errmsg16

sqlite3_errstr

sqlite3_exec

sqlite3_expanded_sql

sqlite3_expired

sqlite3_extended_errcode

sqlite3_extended_result_codes

sqlite3_file_control

sqlite3_finalize

sqlite3_free

sqlite3_free_table

sqlite3_fts5_init

sqlite3_fts_init

sqlite3_get_autocommit

sqlite3_get_auxdata

sqlite3_get_table

sqlite3_global_recover

sqlite3_initialize

sqlite3_interrupt

sqlite3_json_init

sqlite3_key

sqlite3_key_v2

sqlite3_last_insert_rowid

sqlite3_libversion

sqlite3_libversion_number

sqlite3_limit

sqlite3_load_extension

sqlite3_log

sqlite3_malloc

sqlite3_malloc64

sqlite3_memory_alarm

sqlite3_memory_highwater

sqlite3_memory_used

sqlite3_mprintf

sqlite3_msize

sqlite3_mutex_alloc

sqlite3_mutex_enter

sqlite3_mutex_free

sqlite3_mutex_leave

sqlite3_mutex_try

sqlite3_next_stmt

sqlite3_open

sqlite3_open16

sqlite3_open_v2

sqlite3_os_end

sqlite3_os_init

sqlite3_overload_function

sqlite3_percentile_init

sqlite3_prepare

sqlite3_prepare16

sqlite3_prepare16_v2

sqlite3_prepare16_v3

sqlite3_prepare_v2

sqlite3_prepare_v3

sqlite3_preupdate_count

sqlite3_preupdate_depth

sqlite3_preupdate_hook

sqlite3_preupdate_new

sqlite3_preupdate_old

sqlite3_profile

sqlite3_progress_handler

sqlite3_randomness

sqlite3_realloc

sqlite3_realloc64

sqlite3_regexp_init

sqlite3_rekey

sqlite3_rekey_v2

sqlite3_release_memory

sqlite3_reset

sqlite3_reset_auto_extension

sqlite3_result_blob

sqlite3_result_blob64

sqlite3_result_double

sqlite3_result_error

sqlite3_result_error16

sqlite3_result_error_code

sqlite3_result_error_nomem

sqlite3_result_error_toobig

sqlite3_result_int

sqlite3_result_int64

sqlite3_result_null

sqlite3_result_pointer

sqlite3_result_subtype

sqlite3_result_text

sqlite3_result_text16

sqlite3_result_text16be

sqlite3_result_text16le

sqlite3_result_text64

sqlite3_result_value

sqlite3_result_zeroblob

sqlite3_result_zeroblob64

sqlite3_rollback_hook

sqlite3_rtree_geometry_callback

sqlite3_rtree_query_callback

sqlite3_set_authorizer

sqlite3_set_auxdata

sqlite3_set_last_insert_rowid

sqlite3_sha_init

sqlite3_shutdown

sqlite3_sleep

sqlite3_snprintf

sqlite3_soft_heap_limit

sqlite3_soft_heap_limit64

sqlite3_sourceid

sqlite3_sql

sqlite3_status

sqlite3_status64

sqlite3_step

sqlite3_stmt_busy

sqlite3_stmt_readonly

sqlite3_stmt_status

sqlite3_strglob

sqlite3_stricmp

sqlite3_strlike

sqlite3_strnicmp

sqlite3_system_errno

sqlite3_table_column_metadata

sqlite3_temp_directory

sqlite3_test_control

sqlite3_thread_cleanup

sqlite3_threadsafe

sqlite3_total_changes

sqlite3_totype_init

sqlite3_trace

sqlite3_trace_v2

sqlite3_transfer_bindings

sqlite3_update_hook

sqlite3_uri_boolean

sqlite3_uri_int64

sqlite3_uri_parameter

sqlite3_user_data

sqlite3_value_blob

sqlite3_value_bytes

sqlite3_value_bytes16

sqlite3_value_double

sqlite3_value_dup

sqlite3_value_free

sqlite3_value_int

sqlite3_value_int64

sqlite3_value_numeric_type

sqlite3_value_pointer

sqlite3_value_subtype

sqlite3_value_text

sqlite3_value_text16

sqlite3_value_text16be

sqlite3_value_text16le

sqlite3_value_type

sqlite3_version

sqlite3_vfs_find

sqlite3_vfs_register

sqlite3_vfs_unregister

sqlite3_vmprintf

sqlite3_vsnprintf

sqlite3_vtab_config

sqlite3_vtab_on_conflict

sqlite3_vtshim_init

sqlite3_wal_autocheckpoint

sqlite3_wal_checkpoint

sqlite3_wal_checkpoint_v2

sqlite3_wal_hook

sqlite3_win32_compact_heap

sqlite3_win32_is_nt

sqlite3_win32_mbcs_to_utf8

sqlite3_win32_mbcs_to_utf8_v2

sqlite3_win32_reset_heap

sqlite3_win32_set_directory

sqlite3_win32_sleep

sqlite3_win32_unicode_to_utf8

sqlite3_win32_utf8_to_mbcs

sqlite3_win32_utf8_to_mbcs_v2

sqlite3_win32_utf8_to_unicode

sqlite3_win32_write_debug

sqlite3changegroup_add

sqlite3changegroup_add_strm

sqlite3changegroup_delete

sqlite3changegroup_new

sqlite3changegroup_output

sqlite3changegroup_output_strm

sqlite3changeset_apply

sqlite3changeset_apply_strm

sqlite3changeset_concat

sqlite3changeset_concat_strm

sqlite3changeset_conflict

sqlite3changeset_finalize

sqlite3changeset_fk_conflicts

sqlite3changeset_invert

sqlite3changeset_invert_strm

sqlite3changeset_new

sqlite3changeset_next

sqlite3changeset_old

sqlite3changeset_op

sqlite3changeset_pk

sqlite3changeset_start

sqlite3changeset_start_strm

sqlite3session_attach

sqlite3session_changeset

sqlite3session_changeset_strm

sqlite3session_create

sqlite3session_delete

sqlite3session_diff

sqlite3session_enable

sqlite3session_indirect

sqlite3session_isempty

sqlite3session_patchset

sqlite3session_patchset_strm

sqlite3session_table_filter

Sections

.text
Size: 942KB - Virtual size: 941KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

malware/5/Data/Plug-ins/root/data/SharpRaven.dll

.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

C:\raven\build\obj\Release\net45\SharpRaven.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

malware/5/Data/Plug-ins/root/data/System.Data.SQLite.dll

.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

c:\dev\sqlite\dotnet\obj\2010\System.Data.SQLite.2010\Release\System.Data.SQLite.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 335KB - Virtual size: 334KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

malware/5/Data/Plug-ins/root/data/System.Windows.Interactivity.dll

.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

e:\ExpressionRTM\Sparkle\SDK\BlendWPFSDK\Build\Intermediate\Release\Libraries\System.Windows.Interactivity\Win32\Release\System.Windows.Interactivity.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

malware/5/Data/Plug-ins/root/data/api

.gif

malware/5/Data/Plug-ins/root/data/api.work

.js

malware/5/Data/Plug-ins/root/data/boost_date_time.dll

.dll windows:6 windows x64 arch:x64

7b4f99e79f786ffcb14fe05bed0344f2

Code Sign

01:02:80:e6:32:aa:56:50:91:67:c4:2a:dc:45:2f:68
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/12/2020, 00:00

Not After

21/12/2022, 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Photoshop\, Bridge,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

ba:9b:bc:e8:60:03:4f:b1:c1:27:8c:9c:aa:08:db:88:d1:04:6c:7c:c6:de:d3:cf:f7:e2:d3:ae:a6:9a:a0:56
Signer

Actual PE Digest

ba:9b:bc:e8:60:03:4f:b1:c1:27:8c:9c:aa:08:db:88:d1:04:6c:7c:c6:de:d3:cf:f7:e2:d3:ae:a6:9a:a0:56

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

C:\Perforce\21_staging\shared\dva\third_party\projects\boost_date_time\lib\win\release\64\boost_date_time.pdb

Imports

msvcp140

?id@?$ctype@D@std@@2V0locale@2@A

?_Incref@facet@locale@std@@UEAAXXZ

?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ

?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z

?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z

?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?tolower@?$ctype@D@std@@QEBADD@Z

?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ

?classic@locale@std@@SAAEBV12@XZ

?_Locimp_Addfac@_Locimp@locale@std@@CAXPEAV123@PEAVfacet@23@_K@Z

?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z

??1facet@locale@std@@MEAA@XZ

??0facet@locale@std@@IEAA@_K@Z

??0_Lockit@std@@QEAA@H@Z

??Bid@locale@std@@QEAA_KXZ

??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z

?_Xout_of_range@std@@YAXPEBD@Z

?_Xlength_error@std@@YAXPEBD@Z

?_Xbad_alloc@std@@YAXXZ

??1_Lockit@std@@QEAA@XZ

vcruntime140

_purecall

__std_terminate

__std_exception_copy

__std_exception_destroy

__std_type_info_destroy_list

memmove

_CxxThrowException

__CxxFrameHandler3

memcmp

memcpy

__C_specific_handler

__vcrt_InitializeCriticalSectionEx

memset

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn

_seh_filter_dll

_initialize_narrow_environment

_initialize_onexit_table

_register_onexit_function

_execute_onexit_table

_crt_atexit

_crt_at_quick_exit

_cexit

terminate

_initterm_e

_initterm

_configure_narrow_argv

api-ms-win-crt-heap-l1-1-0

_callnewh

malloc

free

kernel32

EnterCriticalSection

LeaveCriticalSection

DeleteCriticalSection

SetEvent

ResetEvent

WaitForSingleObjectEx

CreateEventW

GetModuleHandleW

GetProcAddress

RtlCaptureContext

RtlLookupFunctionEntry

RtlVirtualUnwind

IsDebuggerPresent

UnhandledExceptionFilter

SetUnhandledExceptionFilter

GetStartupInfoW

IsProcessorFeaturePresent

GetCurrentProcess

TerminateProcess

QueryPerformanceCounter

InitializeSListHead

DisableThreadLibraryCalls

GetSystemTimeAsFileTime

GetCurrentThreadId

GetCurrentProcessId

CloseHandle

Exports

??0?$constrained_value@V?$simple_exception_policy@G$00$0M@Ubad_month@gregorian@boost@@@CV@boost@@@CV@boost@@QEAA@G@Z

??0?$constrained_value@V?$simple_exception_policy@G$0A@$05Ubad_weekday@gregorian@boost@@@CV@boost@@@CV@boost@@QEAA@G@Z

??0greg_month@gregorian@boost@@QEAA@G@Z

??0greg_month@gregorian@boost@@QEAA@W4months_of_year@date_time@2@@Z

??0greg_weekday@gregorian@boost@@QEAA@G@Z

??4?$constrained_value@V?$simple_exception_policy@G$00$0M@Ubad_month@gregorian@boost@@@CV@boost@@@CV@boost@@QEAAAEAV012@$$QEAV012@@Z

??4?$constrained_value@V?$simple_exception_policy@G$00$0M@Ubad_month@gregorian@boost@@@CV@boost@@@CV@boost@@QEAAAEAV012@AEBV012@@Z

??4?$constrained_value@V?$simple_exception_policy@G$00$0M@Ubad_month@gregorian@boost@@@CV@boost@@@CV@boost@@QEAAAEAV012@G@Z

??4?$constrained_value@V?$simple_exception_policy@G$0A@$05Ubad_weekday@gregorian@boost@@@CV@boost@@@CV@boost@@QEAAAEAV012@$$QEAV012@@Z

??4?$constrained_value@V?$simple_exception_policy@G$0A@$05Ubad_weekday@gregorian@boost@@@CV@boost@@@CV@boost@@QEAAAEAV012@AEBV012@@Z

??4?$constrained_value@V?$simple_exception_policy@G$0A@$05Ubad_weekday@gregorian@boost@@@CV@boost@@@CV@boost@@QEAAAEAV012@G@Z

??4greg_month@gregorian@boost@@QEAAAEAV012@$$QEAV012@@Z

??4greg_month@gregorian@boost@@QEAAAEAV012@AEBV012@@Z

??4greg_weekday@gregorian@boost@@QEAAAEAV012@$$QEAV012@@Z

??4greg_weekday@gregorian@boost@@QEAAAEAV012@AEBV012@@Z

??B?$constrained_value@V?$simple_exception_policy@G$00$0M@Ubad_month@gregorian@boost@@@CV@boost@@@CV@boost@@QEBAGXZ

??B?$constrained_value@V?$simple_exception_policy@G$0A@$05Ubad_weekday@gregorian@boost@@@CV@boost@@@CV@boost@@QEBAGXZ

??Bgreg_month@gregorian@boost@@QEBAGXZ

?as_enum@greg_month@gregorian@boost@@QEBA?AW4months_of_year@date_time@3@XZ

?as_enum@greg_weekday@gregorian@boost@@QEBA?AW4weekdays@date_time@3@XZ

?as_long_string@greg_month@gregorian@boost@@QEBAPEBDD@Z

?as_long_string@greg_month@gregorian@boost@@QEBAPEBDXZ

?as_long_string@greg_month@gregorian@boost@@QEBAPEB_W_W@Z

?as_long_string@greg_weekday@gregorian@boost@@QEBAPEBDXZ

?as_long_wstring@greg_month@gregorian@boost@@QEBAPEB_WXZ

?as_long_wstring@greg_weekday@gregorian@boost@@QEBAPEB_WXZ

?as_number@greg_month@gregorian@boost@@QEBAGXZ

?as_number@greg_weekday@gregorian@boost@@QEBAGXZ

?as_short_string@greg_month@gregorian@boost@@QEBAPEBDD@Z

?as_short_string@greg_month@gregorian@boost@@QEBAPEBDXZ

?as_short_string@greg_month@gregorian@boost@@QEBAPEB_W_W@Z

?as_short_string@greg_weekday@gregorian@boost@@QEBAPEBDXZ

?as_short_wstring@greg_month@gregorian@boost@@QEBAPEB_WXZ

?as_short_wstring@greg_weekday@gregorian@boost@@QEBAPEB_WXZ

?assign@?$constrained_value@V?$simple_exception_policy@G$00$0M@Ubad_month@gregorian@boost@@@CV@boost@@@CV@boost@@AEAAXG@Z

?assign@?$constrained_value@V?$simple_exception_policy@G$0A@$05Ubad_weekday@gregorian@boost@@@CV@boost@@@CV@boost@@AEAAXG@Z

?create_facet_def@gregorian@boost@@YAPEAV?$all_date_names_put@Ugreg_facet_config@gregorian@boost@@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@date_time@2@D@Z

?create_facet_def@gregorian@boost@@YAPEAV?$all_date_names_put@Ugreg_facet_config@gregorian@boost@@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@date_time@2@_W@Z

?generate_locale@gregorian@boost@@YA?AVlocale@std@@AEAV34@D@Z

?generate_locale@gregorian@boost@@YA?AVlocale@std@@AEAV34@_W@Z

?get_month_map_ptr@greg_month@gregorian@boost@@SA?AV?$shared_ptr@V?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@GU?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@G@std@@@2@@std@@@3@XZ

?max@?$constrained_value@V?$simple_exception_policy@G$00$0M@Ubad_month@gregorian@boost@@@CV@boost@@@CV@boost@@SAGXZ

?max@?$constrained_value@V?$simple_exception_policy@G$0A@$05Ubad_weekday@gregorian@boost@@@CV@boost@@@CV@boost@@SAGXZ

?min@?$constrained_value@V?$simple_exception_policy@G$00$0M@Ubad_month@gregorian@boost@@@CV@boost@@@CV@boost@@SAGXZ

?min@?$constrained_value@V?$simple_exception_policy@G$0A@$05Ubad_weekday@gregorian@boost@@@CV@boost@@@CV@boost@@SAGXZ

?nth_as_str@date_time@boost@@YAPEBDH@Z

?special_value_from_string@gregorian@boost@@YA?AW4special_values@date_time@2@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

malware/5/Data/Plug-ins/root/data/boost_filesystem.dll

.dll windows:6 windows x64 arch:x64

6d033e3ee94dcaf1e6576bb099bf26d4

Code Sign

01:02:80:e6:32:aa:56:50:91:67:c4:2a:dc:45:2f:68
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/12/2020, 00:00

Not After

21/12/2022, 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Photoshop\, Bridge,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

24:8b:55:75:96:da:8e:1e:d4:bc:7f:c1:80:85:e7:51:79:f5:99:20:a2:4d:f8:76:15:a1:5d:b0:ae:02:c7:59
Signer

Actual PE Digest

24:8b:55:75:96:da:8e:1e:d4:bc:7f:c1:80:85:e7:51:79:f5:99:20:a2:4d:f8:76:15:a1:5d:b0:ae:02:c7:59

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

C:\Perforce\21_staging\shared\dva\third_party\projects\boost_filesystem\lib\win\release\64\boost_filesystem.pdb

Imports

boost_system

?system_category@system@boost@@YAAEBVerror_category@12@XZ

?generic_category@system@boost@@YAAEBVerror_category@12@XZ

kernel32

SetCurrentDirectoryW

GetCurrentDirectoryW

CreateDirectoryW

CreateFileW

DeleteFileW

FindClose

FindFirstFileExW

FindNextFileW

GetDiskFreeSpaceExW

GetFileAttributesW

GetFileAttributesExW

GetFileInformationByHandle

GetFileTime

GetFullPathNameW

RemoveDirectoryW

SetEndOfFile

GetEnvironmentVariableW

SetFilePointerEx

SetFileTime

CloseHandle

GetLastError

DeviceIoControl

GetWindowsDirectoryW

GetModuleHandleW

GetProcAddress

CreateDirectoryExW

CopyFileW

MoveFileExW

LCMapStringW

AreFileApisANSI

MultiByteToWideChar

WideCharToMultiByte

GetSystemTimeAsFileTime

DisableThreadLibraryCalls

SetFileAttributesW

InitializeSListHead

EnterCriticalSection

LeaveCriticalSection

DeleteCriticalSection

SetEvent

ResetEvent

WaitForSingleObjectEx

CreateEventW

RtlCaptureContext

RtlLookupFunctionEntry

RtlVirtualUnwind

IsDebuggerPresent

UnhandledExceptionFilter

SetUnhandledExceptionFilter

GetStartupInfoW

IsProcessorFeaturePresent

GetCurrentProcess

TerminateProcess

QueryPerformanceCounter

GetCurrentProcessId

GetCurrentThreadId

advapi32

CryptReleaseContext

CryptAcquireContextW

CryptGenRandom

msvcp140

?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z

?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z

?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A

?_Incref@facet@locale@std@@UEAAXXZ

?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ

??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ

?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z

?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ

?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z

?_Locimp_Addfac@_Locimp@locale@std@@CAXPEAV123@PEAVfacet@23@_K@Z

?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z

??Bid@locale@std@@QEAA_KXZ

??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z

??1_Lockit@std@@QEAA@XZ

??0_Lockit@std@@QEAA@H@Z

?_Syserror_map@std@@YAPEBDH@Z

?_Xout_of_range@std@@YAXPEBD@Z

?_Xlength_error@std@@YAXPEBD@Z

?_Xbad_alloc@std@@YAXXZ

vcruntime140

memmove

_CxxThrowException

__CxxFrameHandler3

__RTDynamicCast

memcpy

__std_terminate

__std_exception_copy

__std_exception_destroy

memset

memchr

memcmp

__C_specific_handler

__vcrt_InitializeCriticalSectionEx

__std_type_info_destroy_list

_purecall

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll

_initterm_e

_initterm

terminate

_cexit

_crt_at_quick_exit

_crt_atexit

_execute_onexit_table

_register_onexit_function

_initialize_onexit_table

_initialize_narrow_environment

_configure_narrow_argv

_invalid_parameter_noinfo_noreturn

api-ms-win-crt-heap-l1-1-0

malloc

free

_callnewh

Exports

??0directory_entry@filesystem@boost@@QEAA@$$QEAV012@@Z

??0directory_entry@filesystem@boost@@QEAA@AEBV012@@Z

??0directory_entry@filesystem@boost@@QEAA@AEBVpath@12@@Z

??0directory_entry@filesystem@boost@@QEAA@AEBVpath@12@Vfile_status@12@1@Z

??0directory_entry@filesystem@boost@@QEAA@XZ

??0file_status@filesystem@boost@@QEAA@$$QEAV012@@Z

??0file_status@filesystem@boost@@QEAA@AEBV012@@Z

??0file_status@filesystem@boost@@QEAA@W4file_type@12@@Z

??0file_status@filesystem@boost@@QEAA@W4file_type@12@W4perms@12@@Z

??0file_status@filesystem@boost@@QEAA@XZ

??0path@filesystem@boost@@QEAA@$$QEAV012@@Z

??0path@filesystem@boost@@QEAA@AEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

??0path@filesystem@boost@@QEAA@AEBV012@@Z

??0path@filesystem@boost@@QEAA@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

??0path@filesystem@boost@@QEAA@PEA_W@Z

??0path@filesystem@boost@@QEAA@PEB_W@Z

??0path@filesystem@boost@@QEAA@XZ

??0utf8_codecvt_facet@detail@filesystem@boost@@QEAA@_K@Z

??0windows_file_codecvt@@QEAA@_K@Z

??1directory_entry@filesystem@boost@@QEAA@XZ

??1path@filesystem@boost@@QEAA@XZ

??1windows_file_codecvt@@UEAA@XZ

??4directory_entry@filesystem@boost@@QEAAAEAV012@$$QEAV012@@Z

??4directory_entry@filesystem@boost@@QEAAAEAV012@AEBV012@@Z

??4file_status@filesystem@boost@@QEAAAEAV012@$$QEAV012@@Z

??4file_status@filesystem@boost@@QEAAAEAV012@AEBV012@@Z

??4path@filesystem@boost@@QEAAAEAV012@$$QEAV012@@Z

??4path@filesystem@boost@@QEAAAEAV012@AEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

??4path@filesystem@boost@@QEAAAEAV012@AEBV012@@Z

??4path@filesystem@boost@@QEAAAEAV012@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

??4path@filesystem@boost@@QEAAAEAV012@PEA_W@Z

??4path@filesystem@boost@@QEAAAEAV012@PEB_W@Z

??8directory_entry@filesystem@boost@@QEBA_NAEBV012@@Z

??8file_status@filesystem@boost@@QEBA_NAEBV012@@Z

??9directory_entry@filesystem@boost@@QEBA_NAEBV012@@Z

??9file_status@filesystem@boost@@QEBA_NAEBV012@@Z

??Bdirectory_entry@filesystem@boost@@QEBAAEBVpath@12@XZ

??Mdirectory_entry@filesystem@boost@@QEBA_NAEBV012@@Z

??Ndirectory_entry@filesystem@boost@@QEBA_NAEBV012@@Z

??Odirectory_entry@filesystem@boost@@QEBA_NAEBV012@@Z

??Pdirectory_entry@filesystem@boost@@QEBA_NAEBV012@@Z

??Ypath@filesystem@boost@@QEAAAEAV012@AEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

??Ypath@filesystem@boost@@QEAAAEAV012@AEBV012@@Z

??Ypath@filesystem@boost@@QEAAAEAV012@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

??Ypath@filesystem@boost@@QEAAAEAV012@PEA_W@Z

??Ypath@filesystem@boost@@QEAAAEAV012@PEB_W@Z

??Ypath@filesystem@boost@@QEAAAEAV012@_W@Z

??_0path@filesystem@boost@@QEAAAEAV012@AEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

??_0path@filesystem@boost@@QEAAAEAV012@AEBV012@@Z

??_0path@filesystem@boost@@QEAAAEAV012@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

??_0path@filesystem@boost@@QEAAAEAV012@PEA_W@Z

??_0path@filesystem@boost@@QEAAAEAV012@PEB_W@Z

??_7windows_file_codecvt@@6B@

??_Futf8_codecvt_facet@detail@filesystem@boost@@QEAAXXZ

??_Fwindows_file_codecvt@@QEAAXXZ

?absolute@filesystem@boost@@YA?AVpath@12@AEBV312@0@Z

?append@path@filesystem@boost@@QEAAAEAV123@PEB_W@Z

?append@path@filesystem@boost@@QEAAAEAV123@PEB_WAEBV?$codecvt@_WDU_Mbstatet@@@std@@@Z

?assign@directory_entry@filesystem@boost@@QEAAXAEBVpath@23@Vfile_status@23@1@Z

?assign@path@filesystem@boost@@QEAAAEAV123@PEB_WAEBV?$codecvt@_WDU_Mbstatet@@@std@@@Z

?begin@path@filesystem@boost@@QEBA?AViterator@123@XZ

?branch_path@path@filesystem@boost@@QEBA?AV123@XZ

?c_str@path@filesystem@boost@@QEBAPEB_WXZ

?canonical@detail@filesystem@boost@@YA?AVpath@23@AEBV423@0PEAVerror_code@system@3@@Z

?clear@path@filesystem@boost@@QEAAXXZ

?codecvt@path@filesystem@boost@@SAAEBV?$codecvt@_WDU_Mbstatet@@@std@@XZ

?codecvt_error_category@filesystem@boost@@YAAEBVerror_category@system@2@XZ

?compare@path@filesystem@boost@@QEBAHAEBV123@@Z

?compare@path@filesystem@boost@@QEBAHAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?compare@path@filesystem@boost@@QEBAHPEB_W@Z

?convert@path_traits@filesystem@boost@@YAXPEBD0AEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV?$codecvt@_WDU_Mbstatet@@@5@@Z

?convert@path_traits@filesystem@boost@@YAXPEB_W0AEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV?$codecvt@_WDU_Mbstatet@@@5@@Z

?copy@detail@filesystem@boost@@YAXAEBVpath@23@0PEAVerror_code@system@3@@Z

?copy_directory@detail@filesystem@boost@@YAXAEBVpath@23@0PEAVerror_code@system@3@@Z

?copy_file@detail@filesystem@boost@@YAXAEBVpath@23@0W4copy_option@123@PEAVerror_code@system@3@@Z

?copy_symlink@detail@filesystem@boost@@YAXAEBVpath@23@0PEAVerror_code@system@3@@Z

?create_directories@detail@filesystem@boost@@YA_NAEBVpath@23@PEAVerror_code@system@3@@Z

?create_directory@detail@filesystem@boost@@YA_NAEBVpath@23@PEAVerror_code@system@3@@Z

?create_directory_symlink@detail@filesystem@boost@@YAXAEBVpath@23@0PEAVerror_code@system@3@@Z

?create_hard_link@detail@filesystem@boost@@YAXAEBVpath@23@0PEAVerror_code@system@3@@Z

?create_symlink@detail@filesystem@boost@@YAXAEBVpath@23@0PEAVerror_code@system@3@@Z

?current_path@detail@filesystem@boost@@YA?AVpath@23@PEAVerror_code@system@3@@Z

?current_path@detail@filesystem@boost@@YAXAEBVpath@23@PEAVerror_code@system@3@@Z

?dir_itr_close@detail@filesystem@boost@@YA?AVerror_code@system@3@AEAPEAX@Z

?directory_iterator_construct@detail@filesystem@boost@@YAXAEAVdirectory_iterator@23@AEBVpath@23@PEAVerror_code@system@3@@Z

?directory_iterator_increment@detail@filesystem@boost@@YAXAEAVdirectory_iterator@23@PEAVerror_code@system@3@@Z

?directory_string@path@filesystem@boost@@QEBA?BV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?dispatch@path_traits@filesystem@boost@@YAXAEBVdirectory_entry@23@AEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?dispatch@path_traits@filesystem@boost@@YAXAEBVdirectory_entry@23@AEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV?$codecvt@_WDU_Mbstatet@@@6@@Z

?do_always_noconv@windows_file_codecvt@@MEBA_NXZ

?do_encoding@windows_file_codecvt@@MEBAHXZ

?do_in@utf8_codecvt_facet@detail@filesystem@boost@@MEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z

?do_in@windows_file_codecvt@@MEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z

?do_length@utf8_codecvt_facet@detail@filesystem@boost@@MEBAHAEBU_Mbstatet@@PEBD1_K@Z

?do_length@windows_file_codecvt@@MEBAHAEAU_Mbstatet@@PEBD1_K@Z

?do_max_length@windows_file_codecvt@@MEBAHXZ

?do_out@utf8_codecvt_facet@detail@filesystem@boost@@MEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z

?do_out@windows_file_codecvt@@MEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z

?do_unshift@windows_file_codecvt@@MEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z

?dot@path@filesystem@boost@@2_WB

?dot_dot_path@detail@filesystem@boost@@YAAEBVpath@23@XZ

?dot_path@detail@filesystem@boost@@YAAEBVpath@23@XZ

?empty@path@filesystem@boost@@QEBA_NXZ

?end@path@filesystem@boost@@QEBA?AViterator@123@XZ

?equivalent@detail@filesystem@boost@@YA_NAEBVpath@23@0PEAVerror_code@system@3@@Z

?extension@path@filesystem@boost@@QEBA?AV123@XZ

?external_directory_string@path@filesystem@boost@@QEBA?BV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

?external_file_string@path@filesystem@boost@@QEBA?BV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

?file_size@detail@filesystem@boost@@YA_KAEBVpath@23@PEAVerror_code@system@3@@Z

?file_string@path@filesystem@boost@@QEBA?BV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?filename@path@filesystem@boost@@QEBA?AV123@XZ

?filename_is_dot@path@filesystem@boost@@QEBA_NXZ

?filename_is_dot_dot@path@filesystem@boost@@QEBA_NXZ

?generic@path@filesystem@boost@@QEBA?AV123@XZ

?generic_path@path@filesystem@boost@@QEBA?AV123@XZ

?generic_string@path@filesystem@boost@@QEBA?BV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV?$codecvt@_WDU_Mbstatet@@@5@@Z

?generic_string@path@filesystem@boost@@QEBA?BV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?generic_wstring@path@filesystem@boost@@QEBA?BV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV?$codecvt@_WDU_Mbstatet@@@5@@Z

?generic_wstring@path@filesystem@boost@@QEBA?BV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

?get_cont_octet_out_count@utf8_codecvt_facet@detail@filesystem@boost@@IEBAH_W@Z

?get_octet_count@utf8_codecvt_facet@detail@filesystem@boost@@KAIE@Z

?hard_link_count@detail@filesystem@boost@@YA_KAEBVpath@23@PEAVerror_code@system@3@@Z

?has_branch_path@path@filesystem@boost@@QEBA_NXZ

?has_extension@path@filesystem@boost@@QEBA_NXZ

?has_filename@path@filesystem@boost@@QEBA_NXZ

?has_leaf@path@filesystem@boost@@QEBA_NXZ

?has_parent_path@path@filesystem@boost@@QEBA_NXZ

?has_relative_path@path@filesystem@boost@@QEBA_NXZ

?has_root_directory@path@filesystem@boost@@QEBA_NXZ

?has_root_name@path@filesystem@boost@@QEBA_NXZ

?has_root_path@path@filesystem@boost@@QEBA_NXZ

?has_stem@path@filesystem@boost@@QEBA_NXZ

?imbue@path@filesystem@boost@@SA?AVlocale@std@@AEBV45@@Z

?initial_path@detail@filesystem@boost@@YA?AVpath@23@PEAVerror_code@system@3@@Z

?is_absolute@path@filesystem@boost@@QEBA_NXZ

?is_complete@path@filesystem@boost@@QEBA_NXZ

?is_empty@detail@filesystem@boost@@YA_NAEBVpath@23@PEAVerror_code@system@3@@Z

?is_relative@path@filesystem@boost@@QEBA_NXZ

?last_write_time@detail@filesystem@boost@@YAXAEBVpath@23@_JPEAVerror_code@system@3@@Z

?last_write_time@detail@filesystem@boost@@YA_JAEBVpath@23@PEAVerror_code@system@3@@Z

?leaf@path@filesystem@boost@@QEBA?AV123@XZ

?lex_compare@detail@filesystem@boost@@YAHViterator@path@23@000@Z

?lexically_normal@path@filesystem@boost@@QEBA?AV123@XZ

?lexically_proximate@path@filesystem@boost@@QEBA?AV123@AEBV123@@Z

?lexically_relative@path@filesystem@boost@@QEBA?AV123@AEBV123@@Z

?m_append_separator_if_needed@path@filesystem@boost@@AEAA_KXZ

?m_erase_redundant_separator@path@filesystem@boost@@AEAAX_K@Z

?m_get_status@directory_entry@filesystem@boost@@AEBA?AVfile_status@23@PEAVerror_code@system@3@@Z

?m_get_symlink_status@directory_entry@filesystem@boost@@AEBA?AVfile_status@23@PEAVerror_code@system@3@@Z

?m_parent_path_end@path@filesystem@boost@@AEBA_KXZ

?m_path_iterator_decrement@path@filesystem@boost@@CAXAEAViterator@123@@Z

?m_path_iterator_increment@path@filesystem@boost@@CAXAEAViterator@123@@Z

?make_preferred@path@filesystem@boost@@QEAAAEAV123@XZ

?native@filesystem@boost@@YA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?native@path@filesystem@boost@@QEBAAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

?native_directory_string@path@filesystem@boost@@QEBA?BV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?native_file_string@path@filesystem@boost@@QEBA?BV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?normalize@path@filesystem@boost@@QEAAAEAV123@XZ

?parent_path@path@filesystem@boost@@QEBA?AV123@XZ

?path@directory_entry@filesystem@boost@@QEBAAEBV023@XZ

?permissions@detail@filesystem@boost@@YAXAEBVpath@23@W4perms@23@PEAVerror_code@system@3@@Z

?permissions@file_status@filesystem@boost@@QEAAXW4perms@23@@Z

?permissions@file_status@filesystem@boost@@QEBA?AW4perms@23@XZ

?portable_directory_name@filesystem@boost@@YA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?portable_file_name@filesystem@boost@@YA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?portable_name@filesystem@boost@@YA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?portable_posix_name@filesystem@boost@@YA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?possible_large_file_size_support@detail@filesystem@boost@@YA_NXZ

?preferred_separator@path@filesystem@boost@@2_WB

?rbegin@path@filesystem@boost@@QEBA?AVreverse_iterator@123@XZ

?read_symlink@detail@filesystem@boost@@YA?AVpath@23@AEBV423@PEAVerror_code@system@3@@Z

?relative@detail@filesystem@boost@@YA?AVpath@23@AEBV423@0PEAVerror_code@system@3@@Z

?relative_path@path@filesystem@boost@@QEBA?AV123@XZ

?remove@detail@filesystem@boost@@YA_NAEBVpath@23@PEAVerror_code@system@3@@Z

?remove_all@detail@filesystem@boost@@YA_KAEBVpath@23@PEAVerror_code@system@3@@Z

?remove_filename@path@filesystem@boost@@QEAAAEAV123@XZ

?remove_leaf@path@filesystem@boost@@QEAAAEAV123@XZ

?remove_trailing_separator@path@filesystem@boost@@QEAAAEAV123@XZ

?rename@detail@filesystem@boost@@YAXAEBVpath@23@0PEAVerror_code@system@3@@Z

?rend@path@filesystem@boost@@QEBA?AVreverse_iterator@123@XZ

?replace_extension@path@filesystem@boost@@QEAAAEAV123@AEBV123@@Z

?replace_filename@directory_entry@filesystem@boost@@QEAAXAEBVpath@23@Vfile_status@23@1@Z

?replace_leaf@directory_entry@filesystem@boost@@QEAAXAEBVpath@23@Vfile_status@23@1@Z

?resize_file@detail@filesystem@boost@@YAXAEBVpath@23@_KPEAVerror_code@system@3@@Z

?root_directory@path@filesystem@boost@@QEBA?AV123@XZ

?root_name@path@filesystem@boost@@QEBA?AV123@XZ

?root_path@path@filesystem@boost@@QEBA?AV123@XZ

?separator@path@filesystem@boost@@2_WB

?size@path@filesystem@boost@@QEBA_KXZ

?space@detail@filesystem@boost@@YA?AUspace_info@23@AEBVpath@23@PEAVerror_code@system@3@@Z

?status@detail@filesystem@boost@@YA?AVfile_status@23@AEBVpath@23@PEAVerror_code@system@3@@Z

?status@directory_entry@filesystem@boost@@QEBA?AVfile_status@23@AEAVerror_code@system@3@@Z

?status@directory_entry@filesystem@boost@@QEBA?AVfile_status@23@XZ

?stem@path@filesystem@boost@@QEBA?AV123@XZ

?string@path@filesystem@boost@@QEBA?BV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV?$codecvt@_WDU_Mbstatet@@@5@@Z

?string@path@filesystem@boost@@QEBA?BV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?swap@path@filesystem@boost@@QEAAXAEAV123@@Z

?symlink_status@detail@filesystem@boost@@YA?AVfile_status@23@AEBVpath@23@PEAVerror_code@system@3@@Z

?symlink_status@directory_entry@filesystem@boost@@QEBA?AVfile_status@23@AEAVerror_code@system@3@@Z

?symlink_status@directory_entry@filesystem@boost@@QEBA?AVfile_status@23@XZ

?system_complete@detail@filesystem@boost@@YA?AVpath@23@AEBV423@PEAVerror_code@system@3@@Z

?temp_directory_path@detail@filesystem@boost@@YA?AVpath@23@PEAVerror_code@system@3@@Z

?type@file_status@filesystem@boost@@QEAAXW4file_type@23@@Z

?type@file_status@filesystem@boost@@QEBA?AW4file_type@23@XZ

?unique_path@detail@filesystem@boost@@YA?AVpath@23@AEBV423@PEAVerror_code@system@3@@Z

?weakly_canonical@detail@filesystem@boost@@YA?AVpath@23@AEBV423@PEAVerror_code@system@3@@Z

?windows_name@filesystem@boost@@YA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?wstring@path@filesystem@boost@@QEBAAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV?$codecvt@_WDU_Mbstatet@@@5@@Z

?wstring@path@filesystem@boost@@QEBAAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

Sections

.text
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

malware/5/Data/Plug-ins/root/data/boost_system.dll

.dll windows:6 windows x64 arch:x64

00ccd643ca642b5fd9ee93bbc2c1e12a

Code Sign

01:02:80:e6:32:aa:56:50:91:67:c4:2a:dc:45:2f:68
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/12/2020, 00:00

Not After

21/12/2022, 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Photoshop\, Bridge,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

60:5a:e6:b7:5d:17:2a:ba:aa:92:9b:2d:f9:98:55:e5:9f:84:d4:1d:58:c9:d5:27:c3:df:83:0a:cf:66:4b:be
Signer

Actual PE Digest

60:5a:e6:b7:5d:17:2a:ba:aa:92:9b:2d:f9:98:55:e5:9f:84:d4:1d:58:c9:d5:27:c3:df:83:0a:cf:66:4b:be

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

C:\Perforce\21_staging\shared\dva\third_party\projects\boost_system\lib\win\release\64\boost_system.pdb

Imports

kernel32

FormatMessageA

LocalFree

DisableThreadLibraryCalls

GetSystemTimeAsFileTime

GetCurrentThreadId

GetCurrentProcessId

QueryPerformanceCounter

TerminateProcess

GetCurrentProcess

IsProcessorFeaturePresent

GetStartupInfoW

SetUnhandledExceptionFilter

UnhandledExceptionFilter

IsDebuggerPresent

RtlVirtualUnwind

RtlLookupFunctionEntry

RtlCaptureContext

GetProcAddress

GetModuleHandleW

CreateEventW

WaitForSingleObjectEx

ResetEvent

SetEvent

DeleteCriticalSection

LeaveCriticalSection

EnterCriticalSection

CloseHandle

InitializeSListHead

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

?_Xout_of_range@std@@YAXPEBD@Z

?_Syserror_map@std@@YAPEBDH@Z

?_Xbad_alloc@std@@YAXXZ

vcruntime140

_purecall

memmove

_CxxThrowException

__CxxFrameHandler3

__RTDynamicCast

memcpy

__C_specific_handler

__vcrt_InitializeCriticalSectionEx

__std_exception_copy

__std_exception_destroy

memset

__std_type_info_destroy_list

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll

_configure_narrow_argv

strerror

_invalid_parameter_noinfo_noreturn

terminate

_initterm_e

_initterm

_cexit

_initialize_narrow_environment

_crt_atexit

_execute_onexit_table

_register_onexit_function

_initialize_onexit_table

_crt_at_quick_exit

api-ms-win-crt-heap-l1-1-0

free

_callnewh

malloc

Exports

?generic_category@system@boost@@YAAEBVerror_category@12@XZ

?system_category@system@boost@@YAAEBVerror_category@12@XZ

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

malware/5/Data/Plug-ins/root/data/boost_threads.dll

.dll windows:6 windows x64 arch:x64

674347af433f9af177fb6e6014ad49c4

Code Sign

01:02:80:e6:32:aa:56:50:91:67:c4:2a:dc:45:2f:68
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/12/2020, 00:00

Not After

21/12/2022, 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Photoshop\, Bridge,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

35:59:14:39:62:44:bf:a6:75:20:d5:c3:cb:18:53:f8:a4:ec:6d:77:95:71:88:61:fe:83:12:5b:71:93:8e:a2
Signer

Actual PE Digest

35:59:14:39:62:44:bf:a6:75:20:d5:c3:cb:18:53:f8:a4:ec:6d:77:95:71:88:61:fe:83:12:5b:71:93:8e:a2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

C:\Perforce\21_staging\shared\dva\third_party\projects\boost_threads\lib\win\release\64\boost_threads.pdb

Imports

boost_system

?generic_category@system@boost@@YAAEBVerror_category@12@XZ

boost_date_time

??0greg_month@gregorian@boost@@QEAA@G@Z

kernel32

InitializeSListHead

QueryPerformanceCounter

TerminateProcess

IsProcessorFeaturePresent

GetSystemTimeAsFileTime

CreateEventA

OpenEventA

GetModuleHandleA

GetSystemInfo

GetTickCount

CloseHandle

WaitForSingleObjectEx

WaitForMultipleObjectsEx

ReleaseSemaphore

DuplicateHandle

Sleep

GetProcAddress

GetCurrentProcessId

GetCurrentThreadId

GetCurrentProcess

SetEvent

ResetEvent

GetProcessHeap

HeapAlloc

HeapFree

SystemTimeToFileTime

GetLastError

SetWaitableTimer

ResumeThread

TlsAlloc

TlsGetValue

TlsSetValue

TlsFree

GetLogicalProcessorInformation

CreateWaitableTimerW

LeaveCriticalSection

DeleteCriticalSection

CreateEventW

GetModuleHandleW

RtlCaptureContext

RtlLookupFunctionEntry

RtlVirtualUnwind

IsDebuggerPresent

UnhandledExceptionFilter

SetUnhandledExceptionFilter

GetStartupInfoW

EnterCriticalSection

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

?_Xout_of_range@std@@YAXPEBD@Z

?_Xbad_alloc@std@@YAXXZ

vcruntime140

__CxxFrameHandler3

_CxxThrowException

__std_type_info_destroy_list

__std_exception_destroy

__std_exception_copy

__std_terminate

_purecall

memset

__C_specific_handler

__vcrt_InitializeCriticalSectionEx

memmove

memcpy

api-ms-win-crt-runtime-l1-1-0

_initterm

_initterm_e

_invalid_parameter_noinfo_noreturn

_cexit

_register_onexit_function

_initialize_onexit_table

_initialize_narrow_environment

_configure_narrow_argv

_seh_filter_dll

_crt_at_quick_exit

_crt_atexit

_execute_onexit_table

terminate

_beginthreadex

api-ms-win-crt-time-l1-1-0

_gmtime64

api-ms-win-crt-heap-l1-1-0

malloc

free

_callnewh

Exports

??0disable_interruption@this_thread@boost@@QEAA@XZ

??0handle_manager@win32@detail@boost@@QEAA@PEAX@Z

??0handle_manager@win32@detail@boost@@QEAA@XZ

??0restore_interruption@this_thread@boost@@QEAA@AEAVdisable_interruption@12@@Z

??0thread@boost@@AEAA@V?$intrusive_ptr@Uthread_data_base@detail@boost@@@1@@Z

??0thread@boost@@QEAA@$$QEAV01@@Z

??0thread@boost@@QEAA@XZ

??0thread_data_base@detail@boost@@QEAA@XZ

??1disable_interruption@this_thread@boost@@QEAA@XZ

??1handle_manager@win32@detail@boost@@QEAA@XZ

??1restore_interruption@this_thread@boost@@QEAA@XZ

??1thread@boost@@QEAA@XZ

??1thread_data_base@detail@boost@@UEAA@XZ

??4handle_manager@win32@detail@boost@@QEAAAEAV0123@PEAX@Z

??4thread@boost@@QEAAAEAV01@$$QEAV01@@Z

??7handle_manager@win32@detail@boost@@QEBA_NXZ

??8thread@boost@@QEBA_NAEBV01@@Z

??9thread@boost@@QEBA_NAEBV01@@Z

??Bhandle_manager@win32@detail@boost@@QEBAPEAXXZ

??_7thread_data_base@detail@boost@@6B@

?add_thread_exit_function@detail@boost@@YAXPEAUthread_exit_function_base@12@@Z

?cleanup@handle_manager@win32@detail@boost@@AEAAXXZ

?detach@thread@boost@@QEAAXXZ

?do_try_join_until@thread@boost@@AEAA_N_K@Z

?do_try_join_until_noexcept@thread@boost@@AEAA_N_KAEA_N@Z

?duplicate@handle_manager@win32@detail@boost@@QEBAPEAXXZ

?get_current_thread_data@detail@boost@@YAPEAUthread_data_base@12@XZ

?get_id@this_thread@boost@@YA?AVid@thread@2@XZ

?get_id@thread@boost@@QEBA?AVid@12@XZ

?get_thread_info@thread@boost@@AEBA?AV?$intrusive_ptr@Uthread_data_base@detail@boost@@@2@XZ

?get_tss_data@detail@boost@@YAPEAXPEBX@Z

?hardware_concurrency@thread@boost@@SAIXZ

?interrupt@thread@boost@@QEAAXXZ

?interrupt@thread_data_base@detail@boost@@QEAAXXZ

?interruptible_wait@this_thread@boost@@YA_NPEAXUtimeout@detail@2@@Z

?interruption_enabled@this_thread@boost@@YA_NXZ

?interruption_point@this_thread@boost@@YAXXZ

?interruption_requested@this_thread@boost@@YA_NXZ

?interruption_requested@thread@boost@@QEBA_NXZ

?join@thread@boost@@QEAAXXZ

?join_noexcept@thread@boost@@AEAA_NXZ

?joinable@thread@boost@@QEBA_NXZ

?make_ready_at_thread_exit@thread_data_base@detail@boost@@QEAAXV?$shared_ptr@Ushared_state_base@detail@boost@@@3@@Z

?make_thread_info@thread@boost@@CA?AV?$intrusive_ptr@Uthread_data_base@detail@boost@@@2@P6AXXZ@Z

?native_handle@thread@boost@@QEAAPEAXXZ

?non_interruptible_wait@no_interruption_point@this_thread@boost@@YA_NPEAXUtimeout@detail@3@@Z

?notify_all_at_thread_exit@boost@@YAXAEAVcondition_variable@1@V?$unique_lock@Vmutex@boost@@@1@@Z

?notify_all_at_thread_exit@thread_data_base@detail@boost@@UEAAXPEAVcondition_variable@3@PEAVmutex@3@@Z

?on_process_enter@boost@@YAXXZ

?on_process_exit@boost@@YAXXZ

?on_thread_enter@boost@@YAXXZ

?on_thread_exit@boost@@YAXXZ

?physical_concurrency@thread@boost@@SAIXZ

?release@handle_manager@win32@detail@boost@@QEAAPEAXXZ

?release_handle@thread@boost@@AEAAXXZ

?set_tss_data@detail@boost@@YAXPEBXV?$shared_ptr@Utss_cleanup_function@detail@boost@@@2@PEAX_N@Z

?sleep@thread@boost@@SAXAEBVptime@posix_time@2@@Z

?start_thread@thread@boost@@AEAAXAEBVthread_attributes@2@@Z

?start_thread@thread@boost@@AEAAXXZ

?start_thread_noexcept@thread@boost@@AEAA_NAEBVthread_attributes@2@@Z

?start_thread_noexcept@thread@boost@@AEAA_NXZ

?swap@handle_manager@win32@detail@boost@@QEAAXAEAV1234@@Z

?swap@thread@boost@@QEAAXAEAV12@@Z

?timed_join@thread@boost@@QEAA_NAEBVptime@posix_time@2@@Z

?try_join_until@thread@boost@@QEAA_NAEBV?$time_point@Vsystem_clock@chrono@boost@@V?$duration@_JV?$ratio@$00$0DLJKMKAA@@boost@@@23@@chrono@2@@Z

?yield@this_thread@boost@@YAXXZ

?yield@thread@boost@@SAXXZ

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

malware/5/Data/Plug-ins/root/data/cr_win_client_config.cfg

malware/5/Data/Plug-ins/root/data/dnssd.dll

.dll windows:6 windows x64 arch:x64

975426068814fc7f33db9f683ae95890

Code Sign

01:02:80:e6:32:aa:56:50:91:67:c4:2a:dc:45:2f:68
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/12/2020, 00:00

Not After

21/12/2022, 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Photoshop\, Bridge,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

da:d5:b2:f1:be:c0:f8:e6:4a:b3:e3:21:6a:7b:72:94:b2:47:b9:48:d3:37:5d:8a:78:74:06:e8:7e:83:6d:b5
Signer

Actual PE Digest

da:d5:b2:f1:be:c0:f8:e6:4a:b3:e3:21:6a:7b:72:94:b2:47:b9:48:d3:37:5d:8a:78:74:06:e8:7e:83:6d:b5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

E:\W64Rel\20210906.r.215\photoshop\main\photoshop\Targets\x64\Release\dnssd.dll.pdb

Imports

ws2_32

WSAGetLastError

inet_pton

WSASetLastError

WSAStartup

htonl

accept

send

select

recv

ntohl

listen

htons

getsockname

connect

closesocket

bind

socket

kernel32

SetUnhandledExceptionFilter

GetCurrentProcess

TerminateProcess

IsProcessorFeaturePresent

QueryPerformanceCounter

GetCurrentProcessId

GetCurrentThreadId

RtlVirtualUnwind

InitializeSListHead

IsDebuggerPresent

UnhandledExceptionFilter

RtlLookupFunctionEntry

GetLastError

OutputDebugStringA

Sleep

FormatMessageA

GetSystemTimeAsFileTime

RtlCaptureContext

advapi32

EnumServicesStatusA

OpenSCManagerA

CloseServiceHandle

vcruntime140

__std_type_info_destroy_list

memcpy

memmove

memset

__C_specific_handler

api-ms-win-crt-heap-l1-1-0

free

calloc

malloc

api-ms-win-crt-string-l1-1-0

strcmp

_strnicmp

isspace

api-ms-win-crt-runtime-l1-1-0

_cexit

_initialize_onexit_table

_initialize_narrow_environment

_configure_narrow_argv

_seh_filter_dll

_initterm_e

_initterm

_errno

_execute_onexit_table

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf

Exports

DNSServiceAddRecord

DNSServiceBrowse

DNSServiceConstructFullName

DNSServiceCreateConnection

DNSServiceEnumerateDomains

DNSServiceGetAddrInfo

DNSServiceGetProperty

DNSServiceNATPortMappingCreate

DNSServiceProcessResult

DNSServiceQueryRecord

DNSServiceReconfirmRecord

DNSServiceRefDeallocate

DNSServiceRefSockFD

DNSServiceRegister

DNSServiceRegisterRecord

DNSServiceRemoveRecord

DNSServiceResolve

DNSServiceUpdateRecord

TXTRecordContainsKey

TXTRecordCreate

TXTRecordDeallocate

TXTRecordGetBytesPtr

TXTRecordGetCount

TXTRecordGetItemAtIndex

TXTRecordGetLength

TXTRecordGetValuePtr

TXTRecordRemoveValue

TXTRecordSetValue

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

malware/5/Data/Plug-ins/root/data/dvaappsupport.dll

.dll windows:6 windows x64 arch:x64

369a0e6100651d493b3693dccb410b73

Code Sign

01:02:80:e6:32:aa:56:50:91:67:c4:2a:dc:45:2f:68
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/12/2020, 00:00

Not After

21/12/2022, 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Photoshop\, Bridge,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

62:1c:0d:d4:18:25:a0:80:ff:f2:68:ac:1f:02:b1:a3:d6:54:c1:f9:62:69:1e:c3:11:eb:ff:a8:df:3c:65:19
Signer

Actual PE Digest

62:1c:0d:d4:18:25:a0:80:ff:f2:68:ac:1f:02:b1:a3:d6:54:c1:f9:62:69:1e:c3:11:eb:ff:a8:df:3c:65:19

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

C:\Perforce\21_staging\shared\dva\adobe\dvaappsupport\lib\win\release\64\dvaappsupport.pdb

Imports

boost_system

?generic_category@system@boost@@YAAEBVerror_category@12@XZ

boost_date_time

??0greg_month@gregorian@boost@@QEAA@G@Z

boost_threads

??1handle_manager@win32@detail@boost@@QEAA@XZ

dvaunittesting

?AddTest@TestSuite@dvaunittesting@@QEAAXPEAVTest@2@@Z

??0TestSuite@dvaunittesting@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

??0TestCaseBase@dvaunittesting@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

??1TestCaseBase@dvaunittesting@@UEAA@XZ

?ThrowTestFailure@dvaunittesting@@YAXPEBDULocationInfo@1@@Z

?Accept@TestCaseBase@dvaunittesting@@UEAA_NAEAVTestVisitor@2@@Z

?RegisterTest@TestRegistry@dvaunittesting@@YAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@P6APEAVTest@2@XZ@Z

dvacore

??1Dir@filesupport@dvacore@@QEAA@XZ

?FullPath@Dir@filesupport@dvacore@@QEBA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$STLAllocator@_W@SmallBlockAllocator@utility@dvacore@@@std@@XZ

??1FileIterator@Dir@filesupport@dvacore@@QEAA@XZ

??9FileIterator@Dir@filesupport@dvacore@@QEBA_NAEBV0123@@Z

??DFileIterator@Dir@filesupport@dvacore@@QEAA?AVFile@23@XZ

??EFileIterator@Dir@filesupport@dvacore@@QEAAAEAV0123@XZ

?BeginFiles@Dir@filesupport@dvacore@@QEBA?AVFileIterator@123@_NPEAV?$function@$$A6A_NXZ@boost@@0V?$shared_ptr@V?$function@$$A6A_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$STLAllocator@_W@SmallBlockAllocator@utility@dvacore@@@std@@0@Z@boost@@@6@@Z

?EndFiles@Dir@filesupport@dvacore@@QEBA?AVFileIterator@123@XZ

?PrefDir@Dir@filesupport@dvacore@@SA?AV123@XZ

??0File@filesupport@dvacore@@QEAA@AEBVDir@12@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$STLAllocator@_W@SmallBlockAllocator@utility@dvacore@@@std@@@Z

??0File@filesupport@dvacore@@QEAA@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$STLAllocator@_W@SmallBlockAllocator@utility@dvacore@@@std@@@Z

??0File@filesupport@dvacore@@QEAA@AEBV012@@Z

?Unlock@RecursiveMutex@threads@dvacore@@QEBAXXZ

?Lock@RecursiveMutex@threads@dvacore@@QEBAXPEBD@Z

??1RecursiveMutex@threads@dvacore@@QEAA@XZ

??0RecursiveMutex@threads@dvacore@@QEAA@XZ

?CurrentThreadIsMainThread@threads@dvacore@@YA_NXZ

?AsyncCallFromMainThread@threads@dvacore@@YA_NAEBV?$function@$$A6AXXZ@boost@@I@Z

?UTF8to16@utility@dvacore@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$STLAllocator@_W@SmallBlockAllocator@utility@dvacore@@@std@@AEBV?$basic_string@EU?$char_traits@E@std@@V?$STLAllocator@E@SmallBlockAllocator@utility@dvacore@@@4@PEAW4UnicodeErrorCode@12@PEA_K@Z

?EnsureDirectoryExists@FileUtils@utility@dvacore@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$STLAllocator@_W@SmallBlockAllocator@utility@dvacore@@@std@@@Z

?SimpleWriteStringToFile@FileUtils@utility@dvacore@@YAXAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$STLAllocator@_W@SmallBlockAllocator@utility@dvacore@@@std@@AEBV?$basic_string@EU?$char_traits@E@std@@V?$STLAllocator@E@SmallBlockAllocator@utility@dvacore@@@5@@Z

?JSONParse@serialization@dvacore@@YA?AV?$shared_ptr@Vany@boost@@@boost@@PEBE_K@Z

?JSONParse@serialization@dvacore@@YA?AV?$shared_ptr@Vany@boost@@@boost@@PEBE@Z

?ObjectHasProperty@serialization@dvacore@@YA_NAEBV?$map@V?$basic_string@EU?$char_traits@E@std@@V?$STLAllocator@E@SmallBlockAllocator@utility@dvacore@@@std@@V?$shared_ptr@Vany@boost@@@boost@@U?$less@X@2@V?$STLAllocator@U?$pair@$$CBV?$basic_string@EU?$char_traits@E@std@@V?$STLAllocator@E@SmallBlockAllocator@utility@dvacore@@@std@@V?$shared_ptr@Vany@boost@@@boost@@@std@@@SmallBlockAllocator@utility@dvacore@@@std@@PEBD_N@Z

?GetVariantInObject@serialization@dvacore@@YA?AV?$shared_ptr@Vany@boost@@@boost@@AEBV?$map@V?$basic_string@EU?$char_traits@E@std@@V?$STLAllocator@E@SmallBlockAllocator@utility@dvacore@@@std@@V?$shared_ptr@Vany@boost@@@boost@@U?$less@X@2@V?$STLAllocator@U?$pair@$$CBV?$basic_string@EU?$char_traits@E@std@@V?$STLAllocator@E@SmallBlockAllocator@utility@dvacore@@@std@@V?$shared_ptr@Vany@boost@@@boost@@@std@@@SmallBlockAllocator@utility@dvacore@@@std@@PEBD@Z

?GetJSONUTF8String@serialization@dvacore@@YA?AV?$basic_string@EU?$char_traits@E@std@@V?$STLAllocator@E@SmallBlockAllocator@utility@dvacore@@@std@@AEBVany@boost@@_N@Z

?AddToObject@serialization@dvacore@@YAXAEAVany@boost@@PEBDV34@@Z

?AppendToArray@serialization@dvacore@@YAXAEAVany@boost@@V34@@Z

??0Dir@filesupport@dvacore@@QEAA@AEBV012@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$STLAllocator@_W@SmallBlockAllocator@utility@dvacore@@@std@@@Z

?Length@IPlatformByteStream@filesupport@dvacore@@UEBA_KXZ

?ReadBlock@IPlatformByteStream@filesupport@dvacore@@UEAAXPEAEI@Z

??0IPlatformByteStream@filesupport@dvacore@@QEAA@AEBVFile@12@V?$Flags@I@utility@2@@Z

??1IPlatformByteStream@filesupport@dvacore@@UEAA@XZ

?Commit@SafeSave@filesupport@dvacore@@QEAAXXZ

?GetTempFile@SafeSave@filesupport@dvacore@@QEAAAEAVFile@23@XZ

??1SafeSave@filesupport@dvacore@@QEAA@XZ

??0SafeSave@filesupport@dvacore@@QEAA@AEAVFile@12@@Z

?StringToGUID@Guid@utility@dvacore@@CA?AU_GUID@@PEBD_K@Z

?AsUTF8String@Guid@utility@dvacore@@QEBA?AV?$basic_string@EU?$char_traits@E@std@@V?$STLAllocator@E@SmallBlockAllocator@utility@dvacore@@@std@@XZ

?CreateUnique@Guid@utility@dvacore@@SA?AV123@XZ

?ZString@dvacore@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$STLAllocator@_W@SmallBlockAllocator@utility@dvacore@@@std@@PEBDAEBV23@111111111@Z

?Get@Localizer@config@dvacore@@SAPEAV123@XZ

?Delete@File@filesupport@dvacore@@QEAAXXZ

?Create@File@filesupport@dvacore@@QEAAX_N@Z

?FullPath@File@filesupport@dvacore@@QEBA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$STLAllocator@_W@SmallBlockAllocator@utility@dvacore@@@std@@XZ

??0File@filesupport@dvacore@@QEAA@XZ

?Delete@Dir@filesupport@dvacore@@QEAAXXZ

?TraceChangeCount@debug@dvacore@@YAHXZ

?Trace@debug@dvacore@@YAXPEBE@Z

?TraceEnabled@debug@dvacore@@YA_NPEBEH_N@Z

?GetCurrentThreadID@threads@dvacore@@YAIXZ

?UTF16to8@utility@dvacore@@YA?AV?$basic_string@EU?$char_traits@E@std@@V?$STLAllocator@E@SmallBlockAllocator@utility@dvacore@@@std@@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$STLAllocator@_W@SmallBlockAllocator@utility@dvacore@@@4@@Z

?NormalizePathForSaving@FileUtils@utility@dvacore@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$STLAllocator@_W@SmallBlockAllocator@utility@dvacore@@@std@@AEBV45@@Z

?UniqueFileName@FileUtils@utility@dvacore@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$STLAllocator@_W@SmallBlockAllocator@utility@dvacore@@@std@@AEBV45@00@Z

?Dispose@SmallBlockAllocator@utility@dvacore@@YAXPEAX_K@Z

?Allocate@SmallBlockAllocator@utility@dvacore@@YAPEAX_K@Z

??4File@filesupport@dvacore@@QEAAAEAV012@AEBV012@@Z

?GetExtension@File@filesupport@dvacore@@QEBA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$STLAllocator@_W@SmallBlockAllocator@utility@dvacore@@@std@@_N@Z

?Exists@File@filesupport@dvacore@@QEBA_NXZ

?ExecuteCPUBoundTaskOnAllProcessors@threads@dvacore@@YAXAEBV?$function@$$A6AXH@Z@boost@@H@Z

?AsciiToUTF16@utility@dvacore@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$STLAllocator@_W@SmallBlockAllocator@utility@dvacore@@@std@@PEBD_K@Z

??1File@filesupport@dvacore@@QEAA@XZ

kernel32

ResetEvent

DisableThreadLibraryCalls

QueryPerformanceCounter

GetStartupInfoW

IsDebuggerPresent

IsProcessorFeaturePresent

TerminateProcess

GetCurrentProcess

SetUnhandledExceptionFilter

UnhandledExceptionFilter

RtlVirtualUnwind

RtlLookupFunctionEntry

RtlCaptureContext

GetProcAddress

GetModuleHandleW

CreateEventW

GetSystemTimeAsFileTime

InitializeSListHead

GetCurrentProcessId

OpenEventA

SetEvent

GetCurrentThreadId

WaitForSingleObjectEx

CloseHandle

CreateEventA

DeleteCriticalSection

LeaveCriticalSection

EnterCriticalSection

InitializeCriticalSection

msvcp140

??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ

??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z

??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ

?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z

?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z

??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ

?uncaught_exception@std@@YA_NXZ

?_Xbad_alloc@std@@YAXXZ

?_Xout_of_range@std@@YAXPEBD@Z

?_Xlength_error@std@@YAXPEBD@Z

?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z