JaffaCakes118_1501f2ea21bf8b38b5ad8bd8219bec31

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_1501f2ea21bf8b38b5ad8bd8219bec31
Size

10.3MB
MD5

1501f2ea21bf8b38b5ad8bd8219bec31
SHA1

6f6d7764d59ec02b07b0c071035bee58795efc02
SHA256

8bd05c7e27e65b921ae28194857ff2769f249dd942342a70ff0878e678a3ed22
SHA512

8a284124c51a0eb7ca23b7f75bce07219e9007af08280ccb34e7bf2aa021c7e3fc335daa85fec673872750bb1acafe8e34121046d3dcd85dd3ce97ded33a3671
SSDEEP

196608:3ivEfavbRmnlDv6/Nyrcta3tMxOMhwA+rdo+nEbJAY6k4aY:1fWdC6KWQMx+Ro+eHP4X

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/$PLUGINSDIR/hao123inst-taiwan.exe	upx

Unsigned PE 14 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_1501f2ea21bf8b38b5ad8bd8219bec31
unpack001/$PLUGINSDIR/AdvSplash.dll
unpack001/$PLUGINSDIR/System.dll
unpack003/out.upx
unpack001/BCGCBPRO1800u100.dll
unpack001/BCGPStyle2007Aqua180.dll
unpack001/BCGPStyle2007Luna180.dll
unpack001/BCGPStyle2007Obsidian180.dll
unpack001/BCGPStyle2007Silver180.dll
unpack001/FFInst.exe
unpack001/FormatFactory.exe
unpack001/MediaInfo.dll
unpack001/ShellEx64_101.dll
unpack001/ShellEx_101.dll

NSIS installer 3 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/$PLUGINSDIR/Baidu-TB-ASBar.exe	nsis_installer_1

Files

JaffaCakes118_1501f2ea21bf8b38b5ad8bd8219bec31
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 100KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/AdvSplash.dll
.dll windows:4 windows x86 arch:x86

741b6bafe355b63a372d737b30543a95

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GetVersion
lstrcpyA
lstrcatA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree

user32

LoadCursorA
RegisterClassA
SetWindowPos
SetWindowLongA
SystemParametersInfoA
EndPaint
GetClientRect
BeginPaint
DefWindowProcA
DestroyWindow
LoadImageA
CreateWindowExA
IsWindow
GetMessageA
DispatchMessageA
UnregisterClassA
wsprintfA
PostMessageA
SetWindowRgn
EnumDisplaySettingsA

gdi32

CombineRgn
CreateRectRgn
GetDIBits
SelectObject
CreateCompatibleDC
GetObjectA
DeleteDC
BitBlt
DeleteObject

winmm

timeSetEvent
PlaySoundA
timeKillEvent

Exports

Exports

show

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/AskExample.bmp
$PLUGINSDIR/BaiDu.bmp
$PLUGINSDIR/BaiDuToolBar.bmp
$PLUGINSDIR/Baidu-TB-ASBar.exe
.exe windows:4 windows x86 arch:x86

b711f65a9aff6a22fb2f57f0ac8bda33

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:16:5e:50:24:9f:f6:ad:03:9d:77:06:ec:59:bf:8d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

31/07/2009, 00:00

Not After

30/07/2012, 23:59

Subject

CN=Baidu Online Network Technology (Beijing) Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing) Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
lstrcpynA
SetFileTime
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
GlobalAlloc
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
CloseHandle
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
MulDiv
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetCommandLineA

user32

SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
CreateWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
CreateDialogParamA
EmptyClipboard
DestroyWindow
SetWindowLongA
LoadImageA
GetDC
EnableWindow
PeekMessageA
DispatchMessageA
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
GetDlgItem

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PROGRAM_FILES/Baidu/ASBarBroker.exe
.exe windows:4 windows x86 arch:x86

8cb73f23fc4ffce04345bba981c347fe

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:16:5e:50:24:9f:f6:ad:03:9d:77:06:ec:59:bf:8d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

31/07/2009, 00:00

Not After

30/07/2012, 23:59

Subject

CN=Baidu Online Network Technology (Beijing) Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing) Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleFileNameExW

kernel32

OutputDebugStringW
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
Sleep
GetProcAddress
LoadLibraryW
GetLongPathNameW
GetCurrentThreadId
GetCommandLineW
EnterCriticalSection
LeaveCriticalSection
VirtualFreeEx
CreateRemoteThread
WriteProcessMemory
DebugBreak
GetShortPathNameW
OpenProcess
CreateFileW
DeviceIoControl
GetVersionExW
GlobalFree
GlobalAlloc
GetCurrentProcess
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
lstrlenA
InterlockedIncrement
GetModuleFileNameW
CreateEventW
CreateThread
SetEvent
lstrcmpiW
InterlockedDecrement
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
WaitForSingleObject
CloseHandle
VirtualAllocEx
GetConsoleCP
SetFilePointer
LoadLibraryA
SetStdHandle
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
GetVersionExA
HeapAlloc
HeapFree
RtlUnwind
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcessHeap
GetStartupInfoW
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError

user32

GetMessageW
TranslateMessage
DispatchMessageW
LoadStringW
CharNextW
PostThreadMessageW
UnregisterClassA
CharLowerBuffW

advapi32

RegCreateKeyW
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

shell32

ShellExecuteExW
SHGetFolderPathW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoRegisterClassObject
CoRevokeClassObject
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2

oleaut32

SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
SysStringLen
SysFreeString
VarUI4FromStr

shlwapi

PathFileExistsW
StrCmpNIW
SHGetValueW

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PROGRAM_FILES/Baidu/AddressBar.dll
.dll regsvr32 windows:4 windows x86 arch:x86

788cc5963434f77bb211a37bbe44bbc3

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:16:5e:50:24:9f:f6:ad:03:9d:77:06:ec:59:bf:8d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

31/07/2009, 00:00

Not After

30/07/2012, 23:59

Subject

CN=Baidu Online Network Technology (Beijing) Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing) Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\cygwin\home\scmpf\compiler_src\liulin02_566894_win32\0\app\gensoft\bar\address-search\Res\Chinese\Baidudg\AddressBar.pdb

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

ws2_32

gethostname
WSAStartup
gethostbyname
inet_ntoa
WSACleanup

shlwapi

StrDupW
PathRemoveFileSpecW
StrCmpNW
UrlCanonicalizeW
UrlUnescapeA
StrCmpIW
PathRemoveFileSpecA
PathIsDirectoryA
PathFileExistsW
SHDeleteValueW
StrStrIW
SHGetValueW
StrCpyNW
SHDeleteKeyW
SHSetValueW

dbghelp

ImageDirectoryEntryToData

winmm

timeGetTime

iphlpapi

GetAdaptersInfo
GetNetworkParams

wininet

InternetCloseHandle
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetOpenW
HttpQueryInfoW
GetUrlCacheEntryInfoW
InternetQueryOptionW
InternetConnectA
HttpOpenRequestA
InternetReadFile
InternetReadFileExA
InternetSetStatusCallbackA
InternetOpenUrlW
InternetSetOptionW
InternetQueryDataAvailable
InternetCrackUrlW
InternetGetCookieW
DeleteUrlCacheEntryW
InternetSetStatusCallbackW

rpcrt4

UuidCreate

setupapi

SetupIterateCabinetW

imm32

ImmReleaseContext
ImmGetCompositionStringW
ImmGetOpenStatus
ImmGetCompositionWindow
ImmGetContext
ImmGetDefaultIMEWnd

dnsapi

DnsQuery_W
DnsRecordListFree

kernel32

GetStdHandle
GetModuleFileNameA
GetConsoleCP
GetConsoleMode
LoadLibraryA
LoadLibraryW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
RaiseException
InterlockedDecrement
lstrlenW
EnterCriticalSection
LeaveCriticalSection
GetLastError
SetLastError
GetModuleFileNameW
OutputDebugStringA
InterlockedIncrement
OutputDebugStringW
InitializeCriticalSection
DeleteCriticalSection
lstrcmpiW
LoadLibraryExW
lstrlenA
DebugBreak
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
DisableThreadLibraryCalls
LocalFree
CloseHandle
ResumeThread
SetThreadPriority
ReleaseMutex
WaitForSingleObject
CreateMutexW
DeleteFileW
GetACP
GetCurrentThreadId
WideCharToMultiByte
GetTickCount
GlobalUnlock
GlobalLock
CreateFileW
DeviceIoControl
GetVersionExW
FlushInstructionCache
GetCurrentProcess
lstrcmpW
SwitchToThread
GetCurrentProcessId
GetCommandLineW
Sleep
MoveFileExW
GetPrivateProfileStringW
CreateDirectoryW
GetCurrentDirectoryA
GetSystemDirectoryW
GetLongPathNameW
TerminateThread
CopyFileW
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
IsBadReadPtr
GetPrivateProfileIntW
IsBadCodePtr
CreateEventW
TryEnterCriticalSection
GetLocalTime
CompareStringW
GetWindowsDirectoryW
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
SetFilePointer
ReadFile
SystemTimeToFileTime
LocalFileTimeToFileTime
GetCurrentDirectoryW
SetFileTime
WriteFile
GetTempFileNameW
GetTempPathW
LockResource
GlobalFree
GlobalAlloc
SetErrorMode
GetFileSize
FileTimeToSystemTime
QueryPerformanceCounter
QueryPerformanceFrequency
GetShortPathNameW
lstrcatW
lstrcpyW
WritePrivateProfileStringW
FindNextFileW
FindClose
FindFirstFileW
FreeResource
WriteProcessMemory
ReadProcessMemory
VirtualProtect
VirtualQuery
lstrcmpiA
GetFileInformationByHandle
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
LocalAlloc
GetProcessHeap
GlobalReAlloc
GetFileAttributesA
DeleteFileA
AreFileApisANSI
CreateFileA
GetTempPathA
FlushFileBuffers
SetEndOfFile
UnlockFile
LockFile
LockFileEx
GetFullPathNameA
GetFullPathNameW
GetSystemTime
GetSystemTimeAsFileTime
SetCurrentDirectoryA
LCMapStringA
LCMapStringW
GetTimeZoneInformation
SetHandleCount
GetFileType
ExitThread
GetStartupInfoA
CreateThread
FileTimeToLocalFileTime
GetDriveTypeW
GetDriveTypeA
FindFirstFileA
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
GetCurrentThread
HeapDestroy
HeapCreate
FatalAppExitA
ExitProcess
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetConsoleCtrlHandler
InterlockedExchange
GetLocaleInfoW
SetStdHandle
IsDebuggerPresent
SetUnhandledExceptionFilter
GetVersionExA
InterlockedCompareExchange
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
RtlUnwind
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
SetEnvironmentVariableA
TerminateProcess
RemoveDirectoryW
UnhandledExceptionFilter

user32

GetDlgCtrlID
GetCapture
CharLowerBuffW
SetForegroundWindow
GetForegroundWindow
AttachThreadInput
GetClassLongW
KillTimer
SetTimer
wsprintfW
RemovePropW
SetPropW
GetPropW
MessageBoxW
OffsetRect
SetCursor
IsWindowEnabled
GetWindowDC
ScreenToClient
MoveWindow
GetWindowTextLengthW
SetFocus
GetWindow
MapWindowPoints
SetWindowPos
GetDlgItem
EndDialog
CharLowerW
FindWindowW
SetWindowTextW
GetActiveWindow
DialogBoxParamW
FindWindowExW
PostThreadMessageW
GetMessageW
TranslateMessage
DispatchMessageW
UpdateWindow
IsWindowVisible
EnumChildWindows
GetKeyState
GetClassNameW
GetParent
GetWindowThreadProcessId
WindowFromPoint
GetWindowRect
CreateWindowExW
GetClassInfoExW
RegisterClassExW
DestroyWindow
PtInRect
LoadCursorW
IsWindow
ShowWindow
PostMessageW
GetClientRect
SetRectEmpty
CreateDialogParamW
BeginPaint
EndPaint
RegisterWindowMessageW
InvalidateRect
FillRect
DrawIconEx
SystemParametersInfoW
GetWindowTextW
ReleaseDC
GetDC
GetFocus
CharLowerBuffA
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
DefWindowProcW
CallWindowProcW
GetWindowLongW
SetWindowLongW
CharNextW
GetSysColor
DrawFocusRect
LoadStringW
InflateRect
CopyRect
DrawTextW
SendMessageW
SetScrollPos
ReleaseCapture
UpdateLayeredWindow
SetRect
GetSystemMetrics
RegisterClassW
SetCapture
DestroyIcon
GetScrollInfo
SetScrollInfo
ShowScrollBar
PeekMessageW
GetDesktopWindow
CharUpperBuffW
CharUpperW
MonitorFromRect
GetMonitorInfoW
LoadImageW
GetCursorPos
CreateIconFromResourceEx
UnregisterClassA
LoadIconW

gdi32

CreateSolidBrush
CreateFontIndirectW
GetTextExtentPoint32W
DeleteDC
SelectObject
TextOutW
GetPixel
DeleteObject
ExtCreateRegion
CombineRgn
SetStretchBltMode
StretchBlt
GetDIBits
SetTextColor
GetTextExtentPointW
BitBlt
CreateCompatibleDC
CreateDIBSection
CreateFontW
GetStockObject
GetCurrentObject
CreateCompatibleBitmap
SetBkMode
SetBkColor
ExtTextOutW
MoveToEx
GetObjectW
CreatePen
LineTo

advapi32

RegQueryInfoKeyW
RegCreateKeyW
RegQueryValueExW
CryptDestroyKey
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDestroyHash
RegEnumKeyExA
RegEnumKeyExW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
CryptDuplicateKey
CryptDecrypt
CryptEncrypt
RegOpenKeyW
RegEnumValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW

shell32

ShellExecuteW
SHGetFolderPathW
ShellExecuteExW
ExtractIconW
SHGetSpecialFolderPathW
DragQueryFileA
ord85

ole32

GetHGlobalFromStream
CreateStreamOnHGlobal
CoTaskMemAlloc
CoGetClassObject
RevokeDragDrop
CoInitialize
CoUninitialize
ReleaseStgMedium
RegisterDragDrop
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
OleUninitialize
OleInitialize

oleaut32

SysAllocString
LoadTypeLi
RegisterTypeLi
VarUI4FromStr
LoadRegTypeLi
VariantInit
SysFreeString
SysAllocStringLen
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
VariantCopy
SysStringLen
VariantClear
GetErrorInfo
VariantChangeType
SetErrorInfo
CreateErrorInfo

msimg32

AlphaBlend

urlmon

CoInternetGetSession

Exports

Exports

DllCanUnloadNow
DllCreateObject
DllGetClassObject
DllRegisterServer
DllUnregisterServer
RemoveOldVersion
RunOnceUpdate
SVCUninstall
UpdateASBar
_sqlite3_key_interop@12
_sqlite3_rekey_interop@12

Sections

.text
Size: 876KB - Virtual size: 875KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAM_FILES/Baidu/Toolbar/BaiduBarX_Tmp/BaiduBarX.dll
.dll regsvr32 windows:4 windows x86 arch:x86

facdec36283f213a8519234d6b3845f4

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:16:5e:50:24:9f:f6:ad:03:9d:77:06:ec:59:bf:8d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

31/07/2009, 00:00

Not After

30/07/2012, 23:59

Subject

CN=Baidu Online Network Technology (Beijing) Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing) Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\cygwin\home\scmpf\compiler_src\liulin02_544379_win32\0\app\gensoft\bar\toolbar\chinese_unicode_release\BaiduBarX.pdb

Imports

setupapi

SetupIterateCabinetW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

imm32

ImmReleaseContext
ImmGetContext
ImmGetCompositionStringW

shlwapi

PathFindFileNameW
StrCpyW
SHDeleteKeyW
SHSetValueW
PathRemoveExtensionW
PathIsDirectoryW
PathFileExistsW
SHDeleteValueW
UrlCombineW
PathIsDirectoryA
PathRemoveFileSpecA
StrCmpIW
StrStrIW
PathFindExtensionW
UrlUnescapeA
UrlCanonicalizeW
StrRetToStrW
StrRetToStrA
UrlEscapeW
SHCopyKeyW
UrlUnescapeW
SHGetValueW
PathRemoveFileSpecW

wininet

InternetCloseHandle
HttpOpenRequestW
InternetConnectW
InternetSetOptionW
GetUrlCacheEntryInfoW
HttpAddRequestHeadersW
InternetReadFile
InternetCanonicalizeUrlW
HttpSendRequestW
InternetOpenW
InternetSetStatusCallbackW
InternetCrackUrlW
HttpQueryInfoW
InternetQueryDataAvailable
InternetQueryOptionW
FindFirstUrlCacheGroup
DeleteUrlCacheGroup
FindNextUrlCacheGroup
FindCloseUrlCache
FindFirstUrlCacheEntryW
FindNextUrlCacheEntryW
InternetOpenUrlW
InternetGetCookieW
HttpSendRequestExW
HttpEndRequestW
InternetGetConnectedState
InternetOpenA
InternetSetOptionA
InternetConnectA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestExA
InternetWriteFile
HttpEndRequestA
InternetSetCookieW
DeleteUrlCacheEntryW

urlmon

URLDownloadToFileW
CoInternetGetSession

rpcrt4

UuidCreate

iphlpapi

GetAdaptersInfo
GetNetworkParams

ws2_32

gethostname
gethostbyname

kernel32

OutputDebugStringW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
LoadLibraryW
GetLastError
SetLastError
GetModuleFileNameW
OutputDebugStringA
GetCurrentThreadId
InterlockedIncrement
CreateProcessW
WideCharToMultiByte
CreateDirectoryW
GetTempPathW
CreateFileW
CloseHandle
WriteFile
WaitForSingleObject
CreateMutexW
ReleaseMutex
DeleteFileW
ResumeThread
SetThreadPriority
SizeofResource
LockResource
LoadResource
FindResourceW
LocalFree
FreeLibrary
lstrcmpiW
TryEnterCriticalSection
LoadLibraryExW
MultiByteToWideChar
DisableThreadLibraryCalls
CopyFileW
DeviceIoControl
GetSystemDirectoryW
GetVersionExW
GetPrivateProfileStringW
GetTickCount
CompareStringW
LoadLibraryA
GetACP
GetCurrentProcess
GlobalLock
GlobalAlloc
GetCurrentProcessId
FindClose
FindNextFileW
FindFirstFileW
TerminateThread
GetExitCodeThread
OpenMutexW
GetFullPathNameW
GlobalFree
MulDiv
RemoveDirectoryW
Sleep
ReadFile
GetFileSize
Thread32Next
SuspendThread
OpenThread
Thread32First
CreateToolhelp32Snapshot
UnmapViewOfFile
SetUnhandledExceptionFilter
MapViewOfFile
CreateFileMappingW
TerminateProcess
OpenProcess
SwitchToThread
GetCommandLineW
ExpandEnvironmentStringsW
GetExitCodeProcess
GetPrivateProfileIntW
SetEvent
CreateEventW
Process32NextW
Process32FirstW
InterlockedExchange
FindResourceExW
GetSystemTime
DebugBreak
WritePrivateProfileStringW
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
SetFileAttributesW
lstrcmpW
HeapFree
HeapAlloc
GetProcessHeap
GetEnvironmentVariableW
SetFilePointer
GetSystemInfo
GlobalSize
SetErrorMode
FreeResource
GetShortPathNameW
GetSystemDefaultLCID
ReadProcessMemory
MoveFileExW
lstrcatW
lstrcpyW
GetTempFileNameW
GlobalReAlloc
GetVolumeInformationA
FlushInstructionCache
GetVersionExA
InterlockedCompareExchange
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
HeapDestroy
HeapReAlloc
HeapSize
RtlUnwind
UnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
ExitThread
CreateThread
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
VirtualProtect
VirtualQuery
GetFileAttributesA
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
GetCurrentThread
GetStdHandle
GetModuleFileNameA
FatalAppExitA
HeapCreate
ExitProcess
GetConsoleCP
GetConsoleMode
GetCurrentDirectoryA
SetCurrentDirectoryA
GetTimeZoneInformation
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
FlushFileBuffers
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetConsoleCtrlHandler
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEndOfFile
GetDriveTypeA
GetFullPathNameA
CompareStringA
lstrlenA
lstrlenW
ResetEvent
InterlockedDecrement
SetEnvironmentVariableA
GlobalUnlock

user32

EnableMenuItem
GetMenuItemCount
GetMenuItemInfoW
InsertMenuItemW
GetSysColorBrush
ShowCursor
UnregisterHotKey
RegisterHotKey
PrintWindow
EnumDisplayMonitors
EndMenu
GetMenuItemRect
RemovePropW
GetPropW
SetPropW
SetMenuItemInfoW
DrawStateW
TrackPopupMenuEx
ModifyMenuW
MessageBeep
LoadBitmapW
GetSubMenu
PostQuitMessage
ValidateRect
SetParent
IntersectRect
CharLowerBuffA
WaitForInputIdle
CreateIconFromResourceEx
CharNextA
SetActiveWindow
ScrollWindow
TrackPopupMenu
MonitorFromPoint
RemoveMenu
CreatePopupMenu
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
GetSystemMetrics
RegisterClipboardFormatW
GetAsyncKeyState
GetMessagePos
IsRectEmpty
GetScrollInfo
SetScrollPos
ClientToScreen
FrameRect
EnableWindow
SetWindowRgn
SetScrollInfo
GetScrollPos
DestroyCursor
DestroyIcon
GetClassLongW
SetClassLongW
MonitorFromRect
GetMonitorInfoW
CopyRect
MoveWindow
InflateRect
WindowFromPoint
IsChild
FindWindowW
AdjustWindowRectEx
GetCapture
ReleaseCapture
DeleteMenu
GetDlgCtrlID
SetCapture
IsWindowEnabled
UpdateWindow
DrawFocusRect
SetRectEmpty
OffsetRect
ReleaseDC
SetFocus
GetWindowTextLengthW
DrawTextW
DrawIconEx
FillRect
TrackMouseEvent
MessageBoxW
CharLowerBuffW
GetCursorPos
GetWindowThreadProcessId
GetGUIThreadInfo
GetClassNameW
PtInRect
ScreenToClient
GetFocus
GetSysColor
TranslateMessage
DispatchMessageW
InvalidateRect
GetWindowTextW
RegisterWindowMessageW
GetActiveWindow
LoadIconW
IsWindowVisible
GetParent
GetWindow
GetWindowRect
SystemParametersInfoW
GetClientRect
MapWindowPoints
SendMessageW
DialogBoxParamW
DestroyMenu
IsMenu
GetKeyState
CharLowerW
CreateWindowExW
GetClassInfoExW
RegisterClassExW
DestroyWindow
PeekMessageW
MsgWaitForMultipleObjects
EqualRect
UpdateLayeredWindow
SetForegroundWindow
GetForegroundWindow
AttachThreadInput
SetRect
CharUpperBuffW
LoadKeyboardLayoutW
ActivateKeyboardLayout
GetMessageW
IsIconic
PostThreadMessageW
UnregisterClassA
FindWindowExW
EnumChildWindows
SendMessageA
GetUpdateRect
GetTopWindow
MenuItemFromPoint
GetMenuItemID
GetDlgItemTextW
AdjustWindowRect
GetWindowDC
CreateDialogParamW
SetDlgItemTextW
RedrawWindow
EnumWindows
IsDialogMessageW
LoadImageW
OpenClipboard
EmptyClipboard
SetClipboardData
LoadCursorW
KillTimer
SetTimer
PostMessageW
CharNextW
EndPaint
BeginPaint
DefWindowProcW
LoadStringW
SetWindowPos
IsWindow
GetDlgItem
ShowWindow
GetDC
SetWindowTextW
GetWindowLongW
SetWindowLongW
CallWindowProcW
EndDialog
CloseClipboard
CharUpperW
CreateMenu
SetCursor
InsertMenuW
AppendMenuW

gdi32

ExtCreateRegion
CombineRgn
SetStretchBltMode
StretchBlt
GetDIBits
GetTextMetricsW
PatBlt
GetTextColor
CreateRoundRectRgn
FillRgn
CreateRectRgn
SetPixel
Rectangle
SetROP2
CreateDCW
CreateDIBSection
GetObjectW
CreatePen
LineTo
MoveToEx
SelectObject
CreateBitmap
ExcludeClipRect
GetDeviceCaps
DPtoLP
SetViewportOrgEx
GetClipBox
RoundRect
RestoreDC
SaveDC
GetCurrentObject
CreatePolygonRgn
CreateSolidBrush
CreateFontIndirectW
GetTextExtentPoint32W
CreateCompatibleBitmap
BitBlt
CreateCompatibleDC
DeleteObject
GetStockObject
ExtTextOutW
SetBkColor
SetBkMode
DeleteDC
SetTextColor
GetPixel
TextOutW
CreateFontW

advapi32

RegSetValueExW
GetSecurityDescriptorSacl
SetSecurityInfo
EqualSid
GetUserNameW
RegSetKeySecurity
RegEnumKeyW
AllocateAndInitializeSid
InitializeAcl
AddAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RegGetKeySecurity
GetTokenInformation
CopySid
RegCreateKeyW
RegOpenKeyW
OpenProcessToken
DuplicateTokenEx
ConvertStringSidToSidW
GetLengthSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
RegEnumValueW
CreateProcessAsUserW
SetTokenInformation

shell32

ShellExecuteW
DragQueryFileA
DuplicateIcon
SHFileOperationW
ShellExecuteExW
SHCreateDirectoryExW
ExtractIconW
SHGetMalloc
SHGetFileInfoW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetFolderPathW
SHGetSpecialFolderPathW

ole32

OleInitialize
GetHGlobalFromStream
CreateStreamOnHGlobal
OleDraw
CoCreateGuid
RegisterDragDrop
OleDuplicateData
ReleaseStgMedium
RevokeDragDrop
CLSIDFromProgID
StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoInitialize
DoDragDrop
CoUninitialize
OleUninitialize

oleaut32

VariantClear
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
VarBstrCmp
VariantCopy
LoadTypeLi
VariantInit
RegisterTypeLi
VarUI4FromStr
LoadRegTypeLi
VarBstrCat
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
SysFreeString
UnRegisterTypeLi
SysStringLen
SetErrorInfo
VariantChangeType
GetErrorInfo
CreateErrorInfo

msimg32

GradientFill
AlphaBlend

gdiplus

GdipCreateHBITMAPFromBitmap
GdiplusShutdown
GdiplusStartup
GdipGetImageEncoders
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipSaveImageToFile
GdipCloneImage
GdipCreateBitmapFromHICON
GdipAlloc
GdipGetImageEncodersSize
GdipFree

uxtheme

DrawThemeBackground
OpenThemeData
CloseThemeData

Exports

Exports

ClearDefSearch
ClearHomePage
CloseIEUpdate
DllCanUnloadNow
DllCreateObject
DllGetClassObject
DllRegisterServer
MyCopyFile
RunOnceRemove
RunOnceUpdate
SVCUninstall
SetDefSearch
SetHomePageToBaidu
ShowWebMsg
Uninstall
UpdateBaiduToolbar
UpdateBaiduToolbarWithUI

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 320KB - Virtual size: 319KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Shared
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 772KB - Virtual size: 771KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAM_FILES/Baidu/Toolbar/BaiduBarX_Tmp/BarBroker.exe
.exe windows:4 windows x86 arch:x86

6223fe4bfb126e3750ccd92127592502

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:16:5e:50:24:9f:f6:ad:03:9d:77:06:ec:59:bf:8d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

31/07/2009, 00:00

Not After

30/07/2012, 23:59

Subject

CN=Baidu Online Network Technology (Beijing) Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing) Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleFileNameExW

dbghelp

SymGetOptions
SymSetOptions
StackWalk
SymGetModuleInfo
SymFunctionTableAccess
SymInitialize
SymLoadModule

wininet

InternetCrackUrlW
InternetCloseHandle
InternetOpenA
InternetSetOptionA
InternetConnectA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestExA
InternetWriteFile
HttpEndRequestA

kernel32

GetStringTypeW
GetStringTypeA
FlushFileBuffers
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
GetStartupInfoA
GetFileType
SetHandleCount
GetCurrentDirectoryA
LocalFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryW
CloseHandle
WaitForSingleObject
WideCharToMultiByte
lstrlenW
RaiseException
GetLastError
InterlockedDecrement
lstrcmpiW
SetEvent
CreateThread
CreateEventW
GetModuleFileNameW
InterlockedIncrement
lstrlenA
DebugBreak
OutputDebugStringW
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
Sleep
GetCurrentThreadId
GetCommandLineW
VirtualFreeEx
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
GetModuleFileNameA
VirtualQueryEx
UnmapViewOfFile
FlushInstructionCache
GetCurrentProcess
MapViewOfFile
CreateFileMappingW
SetLastError
CreateFileW
DeleteFileW
GetTempPathW
GetTickCount
ReadFile
GetFileSize
InterlockedExchange
GetSystemDefaultLCID
GetVersionExW
WriteFile
GlobalFree
GlobalAlloc
GetCurrentProcessId
SetFilePointer
GetShortPathNameW
FindClose
FindFirstFileW
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetStartupInfoW
GetFileAttributesA
GetDriveTypeW
FileTimeToLocalFileTime
FileTimeToSystemTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapReAlloc
RtlUnwind
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetVersionExA
ExitProcess
GetStdHandle
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetConsoleCP
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetTimeZoneInformation
CreateFileA
SetEndOfFile
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
HeapDestroy
OpenThread
GetConsoleMode
GetFullPathNameW

user32

CharLowerBuffW
GetSystemMetrics
LoadImageW
GetParent
GetWindow
GetWindowRect
SystemParametersInfoW
GetClientRect
MapWindowPoints
SetWindowPos
SendMessageW
GetDlgItem
ShowWindow
GetWindowLongW
GetActiveWindow
DestroyWindow
EndDialog
DialogBoxParamW
LoadStringW
SetWindowLongW
GetMessageW
TranslateMessage
DispatchMessageW
CharNextW
PostThreadMessageW
UnregisterClassA

advapi32

RegOpenKeyW
RegCreateKeyW
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW

shell32

SHGetFolderPathW
ShellExecuteExW

ole32

CoInitialize
CoUninitialize
StringFromGUID2
CoTaskMemFree
CoRegisterClassObject
CoRevokeClassObject
CoTaskMemRealloc
CoCreateInstance
CoTaskMemAlloc

oleaut32

LoadTypeLi
SysAllocString
SysFreeString
SysStringLen
RegisterTypeLi
VarUI4FromStr
UnRegisterTypeLi

shlwapi

StrCmpNIW
PathFileExistsW

Sections

.text
Size: 144KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PROGRAM_FILES/Baidu/Toolbar/BaiduBarX_Tmp/rc.dll
.dll windows:4 windows x86 arch:x86

d811d71710ad58776155b7a8da1fa9db

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:16:5e:50:24:9f:f6:ad:03:9d:77:06:ec:59:bf:8d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

31/07/2009, 00:00

Not After

30/07/2012, 23:59

Subject

CN=Baidu Online Network Technology (Beijing) Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing) Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 440KB - Virtual size: 436KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAM_FILES/Baidu/conf.xml
.xml
$PLUGINSDIR/Left.bmp
$PLUGINSDIR/Logo.bmp
$PLUGINSDIR/SetHomePage.bmp
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/hao123inst-egypt.exe
.exe windows:4 windows x86 arch:x86

e77bd34dca46078815bcf24e63bff284

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

11:21:df:76:75:aa:a0:8d:1b:49:a8:3a:48:0f:14:85:5d:24
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

22/02/2012, 09:18

Not After

22/02/2015, 09:18

Subject

CN=Baidu (China) Co.\, Ltd.,O=Baidu (China) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\cygwin\home\scmpf\compiler_src\chenjian02_687742_win32\0\app\gensoft\bar\hao123desk\hao123desk\Build\Release\hao123inst-egypt\hao123inst-egypt.pdb

Imports

kernel32

InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
MultiByteToWideChar
RaiseException
InitializeCriticalSection
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
CloseHandle
HeapFree
ReadFile
HeapAlloc
GetProcessHeap
GetFileSize
CreateFileW
GetModuleFileNameW
TerminateProcess
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
lstrlenA
LocalFree
GetCommandLineW
FlushFileBuffers
WriteFile
SetFilePointer
DeleteFileW
GetFullPathNameW
CreateDirectoryW
GetLongPathNameW
FindClose
FindNextFileW
RtlZeroMemory
FindFirstFileW
GetModuleHandleW
GetCurrentProcessId
GetLastError
lstrlenW
GetCurrentProcess
LoadLibraryW
ExpandEnvironmentStringsW
WideCharToMultiByte
GetFileAttributesW
CreateProcessW
MoveFileExW
GetTempFileNameW
GetTempPathW
GetTickCount
InterlockedDecrement
SetEndOfFile
SetLastError
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
IsBadCodePtr
IsBadReadPtr
LoadLibraryA
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
GetCPInfo
GetOEMCP
LCMapStringW
GetProcAddress
CreateFileA
SetStdHandle
GetLocaleInfoW
InterlockedIncrement
LCMapStringA
GetSystemInfo
VirtualProtect
HeapSize
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
VirtualQuery
SetUnhandledExceptionFilter
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameA
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
GetVersionExA
GetStartupInfoW
GetModuleHandleA
HeapReAlloc
RtlUnwind
ExitProcess

user32

MessageBoxW

advapi32

RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCreateKeyExW
RegCloseKey

shell32

SHGetFolderPathAndSubDirW
SHGetSpecialFolderPathA
ShellExecuteW
CommandLineToArgvW

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoCreateGuid

shlwapi

PathFileExistsW
SHSetValueW
PathFileExistsA
PathAppendW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 156KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 976KB - Virtual size: 973KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/hao123inst-japan.exe
.exe windows:4 windows x86 arch:x86

9f770129802e58fa770950e4d82121e5

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

11:21:df:76:75:aa:a0:8d:1b:49:a8:3a:48:0f:14:85:5d:24
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

22/02/2012, 09:18

Not After

22/02/2015, 09:18

Subject

CN=Baidu (China) Co.\, Ltd.,O=Baidu (China) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\cygwin\home\scmpf\compiler_src\chenjian02_642399_win32\0\app\gensoft\bar\hao123desk\hao123desk\Build\Release\hao123inst-japan\hao123inst-japan.pdb

Imports

kernel32

InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
RaiseException
InitializeCriticalSection
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
CloseHandle
HeapFree
ReadFile
HeapAlloc
GetProcessHeap
GetFileSize
CreateFileW
GetModuleFileNameW
TerminateProcess
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
LocalFree
GetCommandLineW
FlushFileBuffers
WriteFile
SetFilePointer
DeleteFileW
GetFullPathNameW
CreateDirectoryW
GetLongPathNameW
FindClose
FindNextFileW
RtlZeroMemory
FindFirstFileW
GetModuleHandleW
GetCurrentProcessId
GetLastError
lstrlenW
GetCurrentProcess
LoadLibraryW
ExpandEnvironmentStringsW
MultiByteToWideChar
WideCharToMultiByte
GetFileAttributesW
CreateProcessW
MoveFileExW
GetTempFileNameW
GetTempPathW
GetTickCount
InterlockedDecrement
SetEndOfFile
SetLastError
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
IsBadCodePtr
IsBadReadPtr
LoadLibraryA
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
GetCPInfo
GetOEMCP
LCMapStringW
GetProcAddress
CreateFileA
SetStdHandle
GetLocaleInfoW
InterlockedIncrement
LCMapStringA
GetSystemInfo
VirtualProtect
HeapSize
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
VirtualQuery
SetUnhandledExceptionFilter
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameA
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
GetVersionExA
GetStartupInfoW
GetModuleHandleA
HeapReAlloc
RtlUnwind
ExitProcess

user32

MessageBoxW

advapi32

RegSetValueExW
RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey

shell32

CommandLineToArgvW
SHGetFolderPathAndSubDirW
SHGetSpecialFolderPathA
ShellExecuteW

ole32

CoCreateInstance
CoInitialize
CoUninitialize

shlwapi

PathFileExistsA
SHSetValueW
PathAppendW
PathFileExistsW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 156KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 572KB - Virtual size: 571KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/hao123inst-taiwan.exe
.exe windows:4 windows x86 arch:x86

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

11:21:df:76:75:aa:a0:8d:1b:49:a8:3a:48:0f:14:85:5d:24
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

22/02/2012, 09:18

Not After

22/02/2015, 09:18

Subject

CN=Baidu (China) Co.\, Ltd.,O=Baidu (China) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 924KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 283KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 156KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 996KB - Virtual size: 993KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/hao123inst.exe
.exe windows:4 windows x86 arch:x86

425696cce97f6ea47fa9705f2d7cd6b7

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:16:5e:50:24:9f:f6:ad:03:9d:77:06:ec:59:bf:8d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

31/07/2009, 00:00

Not After

30/07/2012, 23:59

Subject

CN=Baidu Online Network Technology (Beijing) Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing) Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\cygwin\home\scmpf\compiler_src\xiongxinxing_481935_win32\0\app\gensoft\bar\hao123desk\Build\Release\hao123inst\hao123inst.pdb

Imports

kernel32

GetProcAddress
LoadLibraryW
InterlockedExchange
GetACP
GetLocaleInfoA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
LocalFree
GetModuleFileNameW
GetCommandLineW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
CloseHandle
FlushFileBuffers
WriteFile
SetFilePointer
GetFileSize
CreateFileW
ReadFile
DeleteFileW
GetFullPathNameW
GetLongPathNameW
GetModuleHandleW
GetLastError
lstrlenW
GetCurrentProcess
ExpandEnvironmentStringsW
HeapFree
HeapAlloc
GetProcessHeap
Sleep
GetFileAttributesW
GetTempFileNameW
GetTempPathW
CreateDirectoryW
InterlockedCompareExchange
GetTickCount
GetCurrentProcessId
GetOEMCP
GetStringTypeW
GetStringTypeA
GetCPInfo
IsBadCodePtr
IsBadReadPtr
LoadLibraryA
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetStdHandle
WideCharToMultiByte
LCMapStringA
LCMapStringW
TlsAlloc
MultiByteToWideChar
UnhandledExceptionFilter
GetStdHandle
HeapSize
TerminateProcess
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualQuery
SetUnhandledExceptionFilter
EnterCriticalSection
TlsGetValue
TlsSetValue
TlsFree
LeaveCriticalSection
GetModuleFileNameA
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
GetVersionExA
ExitProcess
RtlUnwind
HeapReAlloc
GetModuleHandleA
GetStartupInfoW
SetLastError

advapi32

RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey

shell32

CommandLineToArgvW

ole32

CoCreateInstance
CoInitialize

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 792KB - Virtual size: 788KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/splash.bmp
$PLUGINSDIR/v9fft.exe
.exe windows:5 windows x86 arch:x86

5dc177c1b2306eb65d7fb5ceaaaa423a

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

27:bf:92:4e:a3:bb:36:4a:9c:02:78:c0:ba:68:28:79
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/05/2012, 00:00

Not After

24/07/2013, 23:59

Subject

CN=Beijing ELEX Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing ELEX Technology Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8c:28:67:fd:86:18:6a:93:42:1a:06:e7:50:9a:96:61:6f:da:dc:ea
Signer

Actual PE Digest

8c:28:67:fd:86:18:6a:93:42:1a:06:e7:50:9a:96:61:6f:da:dc:ea

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\soft365\MakerV2\Release\SoftStudio.pdb

Imports

ws2_32

gethostname
ioctlsocket
select
__WSAFDIsSet
listen
accept
recvfrom
sendto
getaddrinfo
freeaddrinfo
WSASetLastError
connect
setsockopt
getpeername
getsockopt
htons
bind
ntohs
getsockname
send
recv
socket
closesocket
WSAGetLastError
WSAStartup
WSACleanup

wldap32

ord22
ord211
ord143
ord60
ord50
ord26
ord30
ord32
ord35
ord79
ord200
ord33
ord301
ord27
ord41
ord46

kernel32

IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
HeapSize
FlushFileBuffers
SetStdHandle
GetFullPathNameA
GetConsoleMode
GetConsoleCP
GetCurrentProcessId
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoW
HeapCreate
IsProcessorFeaturePresent
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetEnvironmentVariableW
FreeResource
FindResourceW
LoadResource
CreateProcessW
CreateDirectoryW
WaitForSingleObject
WriteFile
WideCharToMultiByte
SizeofResource
GetFileAttributesW
GetModuleFileNameW
CreateFileW
GetStdHandle
GetLastError
LockResource
CloseHandle
GetStringTypeW
SetFilePointer
SystemTimeToFileTime
SetFileTime
ReadFile
MultiByteToWideChar
GetCurrentDirectoryW
LocalFileTimeToFileTime
CreateFileA
DeviceIoControl
GetVolumeInformationW
GetSystemDefaultLangID
ExitProcess
GetFileSize
GetModuleHandleW
GetVersionExW
GetProcAddress
FindClose
GetLocalTime
GetSystemInfo
lstrcmpiW
ExpandEnvironmentStringsA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
GetTimeZoneInformation
SetLastError
SleepEx
FormatMessageA
GetTickCount
PeekNamedPipe
WaitForMultipleObjects
GetFileType
FreeLibrary
LoadLibraryA
Sleep
TerminateProcess
GetCPInfo
LCMapStringW
LoadLibraryW
CompareStringW
SetEnvironmentVariableA
WriteConsoleW
GetDriveTypeW
SetEndOfFile
GetProcessHeap
GetFileInformationByHandle
CreateThread
GetCurrentThreadId
DeleteFileW
EnterCriticalSection
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetCommandLineW
HeapSetInformation
GetStartupInfoW
RaiseException
RtlUnwind
HeapReAlloc
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
ExitThread

user32

GetSystemMetrics
wsprintfW

advapi32

RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW

shell32

ShellExecuteW

Sections

.text
Size: 393KB - Virtual size: 392KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/AskPIP_FF_.exe
.exe windows:5 windows x86 arch:x86

10d0bb402acae5b26890ee0fe4c5884a

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:65:f2:ac:72:36:c7:e1:bd:ca:44:ed:13:9b:27:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/06/2011, 00:00

Not After

18/06/2014, 23:59

Subject

CN=Ask.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Distribution,O=Ask.com,L=Oakland,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1e:1a:5c:31:29:bb:3e:99:b3:9a:0b:28:d7:1e:d8:48:c2:14:a3:64
Signer

Actual PE Digest

1e:1a:5c:31:29:bb:3e:99:b3:9a:0b:28:d7:1e:d8:48:c2:14:a3:64

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\hudson\jobs\PIP2.0_Installer\workspace\release\AskInstaller_1_.pdb

Imports

rpcrt4

UuidToStringW
UuidCreate
RpcStringFreeW

kernel32

OutputDebugStringW
FormatMessageW
LocalAlloc
LocalFree
lstrlenA
CreateProcessW
SetWaitableTimer
CreateDirectoryW
WaitForSingleObject
CancelWaitableTimer
GetSystemDefaultLCID
OpenProcess
WideCharToMultiByte
GetExitCodeProcess
GetFileAttributesW
TerminateProcess
CompareStringW
InterlockedExchange
MoveFileW
Process32FirstW
WritePrivateProfileStringA
RemoveDirectoryW
GetPrivateProfileSectionNamesA
Process32NextW
CreateWaitableTimerW
GetPrivateProfileSectionA
CreateToolhelp32Snapshot
WinExec
GetWindowsDirectoryW
lstrcpyW
DeleteFileA
CreateThread
SuspendThread
ResumeThread
GetTickCount
CreateEventW
FindFirstFileW
FindClose
FindNextFileW
lstrcmpA
GetSystemTimeAsFileTime
SetEnvironmentVariableA
SetEndOfFile
CreateFileW
CreateFileA
WriteConsoleW
SetStdHandle
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
FindResourceExW
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetFilePointer
ReadFile
IsValidCodePage
GetOEMCP
GetACP
GetFileType
SetHandleCount
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetStdHandle
WriteFile
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetDateFormatA
GetTimeFormatA
LCMapStringW
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineW
GetCurrentProcessId
GetCPInfo
ExitProcess
VirtualQuery
VirtualProtect
InitializeCriticalSection
DecodePointer
EncodePointer
GetStringTypeW
HeapSize
HeapReAlloc
HeapDestroy
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange
DeleteFileW
GetVersion
GetDiskFreeSpaceExW
GetUserDefaultUILanguage
GetSystemInfo
SetCurrentDirectoryW
GetLocalTime
GetCurrentDirectoryW
GetTempPathW
GetTimeZoneInformation
GetVersionExW
CopyFileW
GetLocaleInfoW
LoadLibraryW
GetPrivateProfileStringW
GetLogicalDriveStringsW
GetDriveTypeW
lstrcpynW
CloseHandle
GetCurrentThreadId
DeleteCriticalSection
lstrcmpiW
GlobalHandle
LockResource
CreateFileMappingW
GlobalFree
EnterCriticalSection
GetProcAddress
SetLastError
GetLastError
FlushInstructionCache
GlobalUnlock
lstrlenW
MultiByteToWideChar
lstrcmpW
GetModuleFileNameW
MulDiv
LeaveCriticalSection
SizeofResource
Sleep
InitializeCriticalSectionAndSpinCount
GlobalAlloc
GetModuleHandleW
GlobalLock
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
LoadLibraryExW
LoadResource
FreeLibrary
FindResourceW
RaiseException
IsValidLocale

user32

MessageBoxW
CreateWindowExW
IsWindow
GetActiveWindow
LoadStringW
SetWindowPos
GetSysColor
GetDesktopWindow
RedrawWindow
SetWindowLongW
ReleaseCapture
SendMessageW
SetWindowTextW
CallWindowProcW
DefWindowProcW
CharLowerBuffW
TranslateMessage
PeekMessageW
DispatchMessageW
LoadBitmapW
GetScrollInfo
SetScrollPos
SetScrollInfo
GetWindow
MoveWindow
UnregisterClassA
SetCursor
SetTimer
MapDialogRect
LoadImageW
PostMessageW
KillTimer
SetForegroundWindow
IsWindowEnabled
DestroyWindow
ClientToScreen
EndPaint
GetMonitorInfoW
MapWindowPoints
EndDialog
MonitorFromWindow
GetWindowRect
EnableWindow
SystemParametersInfoW
DrawTextW
ShowWindow
GetDlgItem
ReleaseDC
GetClassNameW
GetWindowTextW
GetWindowLongW
InvalidateRect
RegisterClassExW
GetDC
GetClassInfoExW
BeginPaint
SetFocus
CreateAcceleratorTableW
GetClientRect
LoadCursorW
InvalidateRgn
GetParent
GetFocus
DialogBoxIndirectParamW
SetCapture
IsChild
FillRect
RegisterWindowMessageW
GetSystemMetrics
GetWindowThreadProcessId
GetDlgCtrlID
UpdateWindow
AllowSetForegroundWindow
AdjustWindowRectEx
SetLayeredWindowAttributes
GetCursorPos
SendDlgItemMessageW
OffsetRect
GetMenu
SetWindowContextHelpId
DrawFocusRect
GetCapture
wsprintfW
PtInRect
CharNextW
ScreenToClient
DestroyAcceleratorTable
FindWindowW
SetRectEmpty
GetWindowTextLengthW

gdi32

SetWindowOrgEx
CreateSolidBrush
GetStockObject
GetObjectW
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DeleteObject
GetDeviceCaps
DeleteDC
BitBlt
CreateFontW
DPtoLP
SetBkMode
SetBkColor
CreateFontIndirectW
SetTextColor
GetClipBox
GetBkColor
SetStretchBltMode
GetDIBColorTable
SetDIBColorTable
StretchBlt
CreateDIBSection
SetViewportOrgEx
GetTextColor
LPtoDP

advapi32

RegCreateKeyExW
RegNotifyChangeKeyValue
ConvertSidToStringSidW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegSetValueExW
GetTokenInformation
OpenProcessToken
RegEnumValueW
RegQueryValueExW

shell32

ShellExecuteW
SHGetSpecialFolderPathW
Shell_NotifyIconW
SHGetFolderPathW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoInitializeEx
CoInitializeSecurity
ProgIDFromCLSID
CoTaskMemAlloc
CoGetClassObject
CoTaskMemFree
OleLockRunning
OleUninitialize
OleInitialize
StringFromGUID2
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoTaskMemRealloc

oleaut32

VarUI4FromStr
LoadRegTypeLi
SetErrorInfo
CreateErrorInfo
OleCreateFontIndirect
SysAllocStringByteLen
VarBstrCmp
SysStringByteLen
DispCallFunc
SysFreeString
SysAllocStringLen
VariantCopy
SysAllocString
SysStringLen
VariantClear
VariantInit
LoadTypeLi

shlwapi

StrCmpW
PathFileExistsW

comctl32

ImageList_GetIconSize
_TrackMouseEvent
ImageList_Destroy

msimg32

AlphaBlend
TransparentBlt

wininet

InternetOpenW
InternetCrackUrlW
InternetReadFile
InternetConnectW
HttpSendRequestW
InternetSetOptionW
HttpQueryInfoW
HttpOpenRequestW
InternetCloseHandle
InternetGetCookieW
DeleteUrlCacheEntryW

urlmon

URLDownloadToFileW

gdiplus

GdipFree
GdipGetImageHeight
GdiplusStartup
GdipGetImageWidth
GdipCloneImage
GdipBitmapLockBits
GdipGetImagePaletteSize
GdipCreateBitmapFromFile
GdipDisposeImage
GdipAlloc
GdipDrawImageI
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipGetImagePalette
GdiplusShutdown

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

msi

ord70
ord45

crypt32

CryptMsgClose
CryptDecodeObject
CryptQueryObject
CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam

wintrust

WinVerifyTrust

Sections

.text
Size: 537KB - Virtual size: 537KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/AskToolbarTemp/ApnIC.dll
.dll windows:5 windows x86 arch:x86

e6d5b654a2f46226422e10afb7946120

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:65:f2:ac:72:36:c7:e1:bd:ca:44:ed:13:9b:27:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/06/2011, 00:00

Not After

18/06/2014, 23:59

Subject

CN=Ask.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Distribution,O=Ask.com,L=Oakland,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

97:d5:ea:56:ee:d6:0f:3a:75:4f:25:19:eb:79:32:38:c6:ba:02:c5
Signer

Actual PE Digest

97:d5:ea:56:ee:d6:0f:3a:75:4f:25:19:eb:79:32:38:c6:ba:02:c5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\hudson\jobs\APN_Stub2.0\workspace\Release\APNIC.pdb

Imports

kernel32

lstrcpyW
CloseHandle
ReadFile
CreateFileW
GetPrivateProfileStringW
WriteFile
CopyFileW
GetLastError
GetCurrentProcess
GetProcAddress
LoadLibraryW
lstrcpynW
CreateDirectoryW
FreeLibrary
WideCharToMultiByte
GetVersionExW
lstrlenA
GetLocalTime
GetTempPathW
lstrcatW
CreateToolhelp32Snapshot
GetFileTime
InterlockedDecrement
GetModuleHandleW
DeleteFileW
MultiByteToWideChar
GetSystemDefaultLangID
WriteConsoleA
SetStdHandle
InitializeCriticalSectionAndSpinCount
lstrcmpW
FormatMessageW
LocalFree
Sleep
lstrlenW
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
CreateFileA
SetHandleCount
IsValidCodePage
HeapSize
ExitProcess
Process32NextW
HeapReAlloc
GetOEMCP
VirtualAlloc
LoadLibraryA
GetLocaleInfoA
GetACP
GetCPInfo
SetLastError
InterlockedIncrement
DeleteCriticalSection
VirtualFree
HeapDestroy
HeapCreate
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
SetFilePointer
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleA
LCMapStringW
HeapFree
GetProcessHeap
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
HeapAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
LCMapStringA

advapi32

RegDeleteKeyW
RegFlushKey
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumValueW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey

shell32

SHGetFolderPathW

ole32

CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysAllocString
SysFreeString

shlwapi

SHDeleteKeyW
StrStrIW
PathFileExistsW

wininet

InternetConnectW
InternetCloseHandle
InternetSetOptionW
HttpOpenRequestW
HttpSendRequestW
HttpQueryInfoW
InternetReadFile
InternetCrackUrlW
HttpEndRequestW
HttpSendRequestExW
InternetOpenW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW

Exports

Exports

DoCheckInstall
DoCheckOverInstall
DoPostInstall
DoPreCheck
DoPreInstall
GetCmdParamsToAdd
GetCmdParamsToRem
GetPayloadPath
VolatileStoreClearMacroData

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/AskToolbarTemp/ApnStub.exe
.exe windows:5 windows x86 arch:x86

e3adedff741228614390d07cc1084a41

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:65:f2:ac:72:36:c7:e1:bd:ca:44:ed:13:9b:27:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/06/2011, 00:00

Not After

18/06/2014, 23:59

Subject

CN=Ask.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Distribution,O=Ask.com,L=Oakland,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:e3:3a:92:8c:d8:34:fe:12:23:5a:11:59:b5:e1:d6:c1:e2:79:e1
Signer

Actual PE Digest

09:e3:3a:92:8c:d8:34:fe:12:23:5a:11:59:b5:e1:d6:c1:e2:79:e1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\hudson\jobs\APN_Stub2.0\workspace\Release\ApnStub.pdb

Imports

urlmon

URLDownloadToFileW
IsValidURL

kernel32

GetProcAddress
GetLastError
FormatMessageW
LocalFree
FreeLibrary
SetLastError
WaitForSingleObject
GetExitCodeProcess
CreateDirectoryW
CopyFileW
CreateFileW
DeleteFileW
OpenProcess
OpenMutexW
CreateMutexW
GetLongPathNameW
CompareStringW
MoveFileExW
FindNextFileW
WriteFile
ReadFile
FindResourceW
LoadResource
SizeofResource
LockResource
FreeResource
CreateToolhelp32Snapshot
Process32FirstW
LoadLibraryW
LocalAlloc
lstrcmpA
GetTempFileNameW
GetNativeSystemInfo
SetFilePointer
GetCurrentProcess
CompareFileTime
WideCharToMultiByte
GetVersionExW
MultiByteToWideChar
FlushFileBuffers
IsWow64Process
GetSystemInfo
GetSystemTime
CreateFileA
FindClose
FindFirstFileW
GetSystemTimeAsFileTime
GetTickCount
GetModuleFileNameW
GetTempPathW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
RtlUnwind
InitializeCriticalSectionAndSpinCount
LoadLibraryA
CloseHandle
ReleaseMutex
SetCurrentDirectoryW
Sleep
lstrlenW
GetModuleHandleA
Process32NextW
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
HeapReAlloc
VirtualAlloc
EnterCriticalSection
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
RaiseException
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
HeapSize
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
LeaveCriticalSection

user32

MessageBoxW

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegDeleteValueW
RegSetValueExW

shell32

SHGetFolderPathW
SHFileOperationW
ShellExecuteExW
SHGetFolderPathAndSubDirW

ole32

CoUninitialize
CoTaskMemFree
CoCreateInstance
CoInitializeSecurity
CoInitializeEx

crypt32

CryptMsgClose
CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptDecodeObject
CryptQueryObject
CryptMsgGetParam

wintrust

WinVerifyTrust

rpcrt4

UuidToStringW
RpcStringFreeW
UuidCreate

wininet

HttpQueryInfoW
InternetConnectW
InternetCrackUrlW
HttpOpenRequestW
HttpAddRequestHeadersA
HttpSendRequestA
InternetCloseHandle
InternetOpenW

Sections

.text
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 223KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/AskToolbarTemp/ApnToolbarInstaller.exe
.exe windows:5 windows x86 arch:x86

eed18f32b4cd5d7cb9ed82b0d6447a98

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:65:f2:ac:72:36:c7:e1:bd:ca:44:ed:13:9b:27:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/06/2011, 00:00

Not After

18/06/2014, 23:59

Subject

CN=Ask.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Distribution,O=Ask.com,L=Oakland,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

06:ab:fd:e0:d6:86:5c:be:e7:6f:1a:54:06:7e:1e:d5:9d:9d:de:25
Signer

Actual PE Digest

06:ab:fd:e0:d6:86:5c:be:e7:6f:1a:54:06:7e:1e:d5:9d:9d:de:25

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\hudson\jobs\ToolbarCore_Staging\workspace\build\ToolbarCore\toolbar\ie\src\toolbar\wrapper\Release\externalwrapper.pdb

Imports

shlwapi

PathFileExistsW
StrStrIW
StrCmpNIW
SHDeleteValueW

msi

ord92
ord113
ord163
ord160
ord20
ord125
ord159
ord8
ord70
ord205
ord32
ord118

kernel32

GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetCommandLineW
FileTimeToDosDateTime
GetTempFileNameW
lstrlenA
FindResourceW
LoadResource
WaitForSingleObject
GetTickCount
WriteFile
WideCharToMultiByte
SizeofResource
GetExitCodeProcess
CreateFileW
MultiByteToWideChar
lstrlenW
GetTempPathW
FindFirstFileA
GetLastError
FindClose
GetLocalTime
Process32FirstW
Process32NextW
SetEndOfFile
CreateToolhelp32Snapshot
CloseHandle
FileTimeToLocalFileTime
DeleteFileW
LocalFree
CreateFileA
SetFilePointer
ReadFile
GetVersionExW
CreateDirectoryW
GetPrivateProfileStringW
GetFileTime
InterlockedDecrement
GetSystemDefaultLangID
FreeLibrary
GetCurrentProcess
GetModuleHandleW
LoadLibraryW
GetProcAddress
GetSystemInfo
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
lstrcmpiW
GetOEMCP
GetACP
GetStringTypeW
LCMapStringA
LCMapStringW
RtlUnwind
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
HeapSize
GetCurrentProcessId
RaiseException
GetStartupInfoW
GetCPInfo
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameW
GetStringTypeA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapReAlloc
VirtualAlloc
VirtualFree
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapCreate
InterlockedIncrement
InterlockedCompareExchange
InterlockedExchange
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
GetProcessHeap
HeapAlloc

user32

GetSystemMetrics

advapi32

RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegQueryValueExW
RegEnumKeyExW

shell32

SHGetSpecialFolderPathW
ShellExecuteExW
SHCreateDirectoryExW
SHGetFolderPathW
CommandLineToArgvW

ole32

CoCreateInstance
OleInitialize
OleUninitialize
CoUninitialize
CoInitialize

oleaut32

SysAllocString
VariantInit
SysFreeString

wininet

InternetCanonicalizeUrlW
InternetSetOptionW
HttpEndRequestW
HttpSendRequestExW
InternetCloseHandle
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestW
HttpQueryInfoW
InternetConnectW
InternetCrackUrlW
InternetOpenW
HttpSendRequestW
InternetReadFile

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

rpcrt4

UuidToStringW
RpcStringFreeW
UuidCreate

urlmon

URLDownloadToFileW

Sections

.text
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BCGCBPRO1800u100.dll
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 520KB - Virtual size: 520KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 379KB - Virtual size: 379KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BCGPStyle2007Aqua180.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 468KB - Virtual size: 465KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BCGPStyle2007Luna180.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 400KB - Virtual size: 396KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BCGPStyle2007Obsidian180.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 408KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BCGPStyle2007Silver180.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 408KB - Virtual size: 407KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Codec.bmp
FFInst.exe
.exe windows:5 windows x86 arch:x86

c908dd5002c6f7b2092490cc1b83d0c7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\prg\FormatFactory\Bin\FFInst.pdb

Imports

shlwapi

SHDeleteKeyW

kernel32

GetTickCount
GetModuleFileNameA
GetModuleFileNameW
OutputDebugStringA
CreateFileW
FlushFileBuffers
ReadFile
WriteFile
SetFilePointer
GetFileSize
SetEndOfFile
CopyFileW
DeleteFileW
TerminateThread
GetFileTime
SetFileTime
GetFileAttributesW
RemoveDirectoryW
FindClose
FindFirstFileW
FindNextFileW
CreateDirectoryW
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
ResumeThread
OpenThread
SuspendThread
CloseHandle
CreateThread
GetEnvironmentVariableW
GetNativeSystemInfo
FormatMessageW
LocalFree
CreateProcessW
GetLogicalDrives
GetDriveTypeW
GetDiskFreeSpaceExW
GetCurrentProcess
IsProcessorFeaturePresent
GetLastError
Sleep
WaitForSingleObject
GetSystemTimeAsFileTime
MoveFileW
DecodePointer
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
EncodePointer
GetStartupInfoW
HeapSetInformation
InterlockedCompareExchange
InterlockedExchange

user32

PostMessageW
ExitWindowsEx

advapi32

RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegDeleteKeyW
RegDeleteValueA
RegDeleteKeyA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
AllocateAndInitializeSid
CheckTokenMembership
FreeSid

msvcr100

wcscpy_s
strcat_s
??2@YAPAXI@Z
swprintf_s
__CxxFrameHandler3
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_invoke_watson
_controlfp_s
wcsrchr
wcschr
strcpy_s
strrchr
strchr
_wtol
memset
??3@YAXPAX@Z

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FormatFactory.exe
.exe windows:5 windows x86 arch:x86

eb566c2def90cd51bceea18682e79425

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\prg\FormatFactory\Bin\FormatFactory.pdb

Imports

winmm

mciSendCommandW
sndPlaySoundW

wininet

InternetQueryOptionW

shlwapi

SHDeleteKeyW

mediainfo

ord27
ord14
ord23
ord18
ord17
ord25
ord20
ord26

ws2_32

gethostbyname
gethostname
closesocket
WSAStartup
WSACleanup
send
recv
htons
socket
connect

mfc100u

ord12127
ord4449
ord3420
ord3452
ord13072
ord13074
ord3466
ord3188
ord14066
ord9580
ord11426
ord2843
ord10044
ord8391
ord3208
ord3194
ord4151
ord10648
ord13306
ord11082
ord2155
ord1474
ord3643
ord5600
ord3482
ord5900
ord3754
ord7903
ord9901
ord9396
ord5324
ord5871
ord9470
ord10511
ord4084
ord4756
ord5296
ord5279
ord12561
ord5280
ord12563
ord1529
ord5469
ord4445
ord4444
ord2766
ord7384
ord11073
ord3993
ord2216
ord12554
ord5275
ord1346
ord2030
ord11094
ord8485
ord8313
ord7624
ord7548
ord11784
ord13854
ord4744
ord2164
ord11476
ord11477
ord13381
ord7108
ord13387
ord8530
ord3684
ord3625
ord11864
ord7126
ord1739
ord14162
ord10976
ord13267
ord11469
ord7179
ord13570
ord13567
ord3416
ord5261
ord11228
ord11236
ord7391
ord9498
ord11240
ord11209
ord11845
ord5118
ord9328
ord6140
ord4086
ord2407
ord13391
ord1895
ord1986
ord1990
ord7176
ord12753
ord2773
ord1292
ord890
ord6869
ord11132
ord11530
ord5517
ord1445
ord3493
ord11786
ord7661
ord5801
ord11870
ord2774
ord9786
ord1313
ord1019
ord468
ord1006
ord457
ord10935
ord10934
ord10936
ord10933
ord10199
ord9621
ord10265
ord11123
ord8181
ord3627
ord10043
ord10064
ord5563
ord11683
ord3368
ord3985
ord7876
ord285
ord5264
ord2629
ord7347
ord2423
ord1013
ord5882
ord8269
ord2780
ord3751
ord7902
ord2618
ord3438
ord13366
ord2410
ord4512
ord5652
ord7932
ord11940
ord7871
ord12948
ord13224
ord4478
ord4811
ord3437
ord970
ord5846
ord12745
ord4571
ord12228
ord3752
ord8270
ord5198
ord11494
ord3628
ord980
ord422
ord5535
ord5564
ord12510
ord12502
ord4360
ord4511
ord2068
ord13569
ord1476
ord5227
ord278
ord7245
ord1309
ord9493
ord922
ord5810
ord2749
ord2919
ord3260
ord3380
ord286
ord12413
ord7006
ord3241
ord7005
ord5164
ord3978
ord13305
ord12504
ord7251
ord4358
ord4805
ord921
ord5809
ord8266
ord2748
ord3749
ord7901
ord2617
ord3436
ord1284
ord6134
ord5461
ord10412
ord2981
ord2980
ord2756
ord5556
ord12606
ord2417
ord8347
ord1479
ord12351
ord12951
ord3261
ord1440
ord7524
ord266
ord8599
ord280
ord2349
ord1905
ord11999
ord5855
ord6096
ord4139
ord12871
ord12001
ord12182
ord919
ord341
ord3846
ord1310
ord3397
ord11982
ord2185
ord2184
ord945
ord374
ord1212
ord788
ord1721
ord11544
ord6870
ord6073
ord5862
ord3446
ord4290
ord1987
ord5799
ord902
ord296
ord1271
ord870
ord1266
ord897
ord1296
ord6117
ord8346
ord5468
ord4901
ord2852
ord11116
ord2339
ord6156
ord14067
ord4383
ord4379
ord4413
ord1512
ord1508
ord11210
ord11081
ord8273
ord2887
ord12610
ord5558
ord2844
ord3763
ord7246
ord2062
ord1934
ord13047
ord1312
ord5199
ord7241
ord5161
ord12512
ord265
ord13571
ord13568
ord7982
ord3589
ord2212
ord7981
ord10665
ord9360
ord10619
ord9787
ord10686
ord10895
ord10210
ord8614
ord10027
ord10197
ord10685
ord8632
ord8631
ord8399
ord10194
ord10621
ord8144
ord9900
ord9384
ord10739
ord9327
ord9421
ord10738
ord10274
ord9354
ord8619
ord9132
ord10882
ord9472
ord10541
ord9388
ord10499
ord13452
ord6975
ord9140
ord9139
ord10185
ord8151
ord10164
ord8660
ord10750
ord8062
ord8070
ord9557
ord10159
ord8657
ord9080
ord9075
ord8645
ord8655
ord8640
ord10307
ord10304
ord7474
ord5557
ord12608
ord2886
ord2884
ord7385
ord2418
ord14146
ord14148
ord14147
ord14145
ord14149
ord14132
ord14059
ord14060
ord8277
ord3402
ord10937
ord13380
ord8112
ord11170
ord6247
ord10045
ord8393
ord2853
ord12724
ord11246
ord11244
ord1501
ord4437
ord1514
ord4438
ord1519
ord4388
ord4425
ord4396
ord4408
ord4404
ord4400
ord4430
ord4421
ord4392
ord4434
ord4441
ord4439
ord4440
ord4416
ord3999
ord14214
ord3992
ord2665
ord13382
ord7109
ord13388
ord6155
ord10725
ord12557
ord5276
ord2337
ord11096
ord3491
ord2952
ord2951
ord2771
ord11159
ord4642
ord4923
ord5115
ord8483
ord4904
ord5143
ord4645
ord4794
ord4623
ord6931
ord6932
ord6922
ord4792
ord7393
ord9333
ord8363
ord7977
ord2614
ord1298
ord1003
ord451
ord1300
ord1535
ord3624
ord3672
ord3673
ord7093
ord5111
ord5045
ord13183
ord13176
ord3705
ord12810
ord6661
ord3702
ord4355
ord1867
ord3428
ord11997
ord3703
ord5585
ord12125
ord4447
ord8362
ord2664
ord2825
ord13085
ord13097
ord12186
ord3248
ord2251
ord2781
ord6246
ord2089
ord13572

msvcr100

fgetc
_wfopen
_ltow_s
_wtoi
swscanf_s
atol
atof
_ltow
memmove
_localtime64_s
wcsftime
_time64
_wtof
_wtol
wcschr
swprintf_s
fwrite
fseek
fread
fclose
fopen
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
free
malloc
vsprintf_s
strcat_s
strcpy_s
atoi
sprintf_s
wcscat_s
fputc
_ftelli64
feof
vswprintf_s
strtoul
memchr
strchr
wcscpy_s
srand
rand
strstr
_purecall
strncpy
memcpy
memset
sscanf_s
__CxxFrameHandler3
strrchr
wcsrchr
_stat64i32
_utime64
printf
isalnum
_mktime64
isupper
tolower
sprintf
_strdup
strncmp
rename
remove
ftell
fflush
fopen_s
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
__setusermatherr
_commode
_fmode
__set_app_type
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_configthreadlocale
_CxxThrowException
_CIsqrt

kernel32

CopyFileW
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
DecodePointer
EncodePointer
GetStartupInfoW
HeapSetInformation
InterlockedCompareExchange
InterlockedExchange
LocalFree
GetCurrentProcess
AllocConsole
GetStdHandle
FindNextFileW
FindFirstFileW
FindClose
RemoveDirectoryW
GetFileAttributesW
SetFileTime
GetFileTime
MoveFileW
SetEndOfFile
FlushFileBuffers
WideCharToMultiByte
OutputDebugStringA
GetModuleFileNameW
GetModuleFileNameA
TerminateThread
ResumeThread
OpenThread
SuspendThread
GetEnvironmentVariableW
GetNativeSystemInfo
MultiByteToWideChar
SetThreadPriority
LeaveCriticalSection
EnterCriticalSection
GetExitCodeProcess
GetComputerNameW
CreateProcessW
TerminateProcess
SetErrorMode
CreatePipe
CreateDirectoryW
GetTempPathW
OpenEventW
GetTickCount
FormatMessageW
GetSystemDefaultLangID
GetVersionExW
Sleep
GetACP
GetDiskFreeSpaceExW
GlobalUnlock
GlobalLock
GlobalAlloc
GetVolumeInformationW
GetDriveTypeW
GetLogicalDrives
GetCurrentThreadId
CreateThread
lstrcpyW
lstrlenW
SetEvent
WaitForSingleObject
ActivateActCtx
GetModuleHandleW
GetLastError
DeactivateActCtx
SetLastError
DeleteCriticalSection
InitializeCriticalSection
SetThreadExecutionState
CreateEventW
GetProcAddress
LoadLibraryW
SetCurrentDirectoryW
GetCurrentDirectoryW
OutputDebugStringW
SetFilePointer
ReadFile
CreateFileA
DeleteFileA
GetFileSize
GetDiskFreeSpaceExA
WriteFile
DeviceIoControl
CloseHandle
CreateFileW
GlobalMemoryStatusEx
DeleteFileW

user32

IsZoomed
DestroyIcon
RegisterWindowMessageW
IsWindowVisible
GetSystemMetrics
FillRect
DrawFocusRect
CopyRect
GetSysColor
GetWindowDC
InvalidateRect
IsWindow
GetWindowRect
CloseClipboard
SetClipboardData
SetCursor
OpenClipboard
GetParent
PostMessageW
IsIconic
LoadIconW
DrawTextW
LoadBitmapW
ScrollDC
GetClientRect
KillTimer
SetTimer
RedrawWindow
SendMessageW
UpdateWindow
EnableWindow
InflateRect
ModifyMenuW
GetSubMenu
IsRectEmpty
GetKeyState
GetCursorPos
InsertMenuW
MapWindowPoints
LoadCursorW
RemoveMenu
ExitWindowsEx
EmptyClipboard
wsprintfW

gdi32

EnumFontsW
RoundRect
CreateDIBSection
DeleteObject
GetTextColor
GetStockObject
SelectObject
CreateSolidBrush
CreateCompatibleDC
GetTextExtentPoint32W
GetObjectW
CreateFontW
GetBkColor
RealizePalette
GetDeviceCaps
CreateBitmap
BitBlt
CreateCompatibleBitmap

comdlg32

CommDlgExtendedError

advapi32

RegSetValueExW
RegDeleteKeyW
RegDeleteValueA
RegDeleteKeyA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegEnumValueW
RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegOpenKeyExW
RegCreateKeyExW

shell32

ShellExecuteExW
DragQueryFileW
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
Shell_NotifyIconW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetMalloc
DragAcceptFiles
ShellExecuteW

comctl32

_TrackMouseEvent
ord17

ole32

CoCreateInstance

oleaut32

SysAllocString
VariantClear

bcgcbpro1800u100

?OnChangeMenuHighlight@CBCGPBaseRibbonElement@@UAEXPAVCBCGPRibbonPanelMenuBar@@PAV1@@Z
?IsShowTooltipOnBottom@CBCGPBaseRibbonElement@@UBEHXZ
?OnAfterAddToParent@CBCGPBaseRibbonElement@@UAEXPAV1@@Z
?OnRTLChanged@CBCGPBaseRibbonElement@@UAEXH@Z
?GetElements@CBCGPRibbonButton@@MAEXAAV?$CArray@PAVCBCGPBaseRibbonElement@@PAV1@@@@Z
?GetElementsByName@CBCGPRibbonLabel@@MAEXPB_WAAV?$CArray@PAVCBCGPBaseRibbonElement@@PAV1@@@K@Z
?GetVisibleElements@CBCGPBaseRibbonElement@@UAEXAAV?$CArray@PAVCBCGPBaseRibbonElement@@PAV1@@@@Z
?GetElementsByID@CBCGPRibbonButton@@MAEXIAAV?$CArray@PAVCBCGPBaseRibbonElement@@PAV1@@@@Z
?OnMenuKey@CBCGPBaseRibbonElement@@UAEHI@Z
?AddToKeyList@CBCGPBaseRibbonElement@@UAEXAAV?$CArray@PAVCBCGPRibbonKeyTip@@PAV1@@@@Z
?OnKey@CBCGPRibbonButton@@MAEHH@Z
?GetKeyTipRect@CBCGPRibbonButton@@MAE?AVCRect@@PAVCDC@@H@Z
?GetKeyTipSize@CBCGPBaseRibbonElement@@UAE?AVCSize@@PAVCDC@@@Z
?OnDrawKeyTip@CBCGPBaseRibbonElement@@UAEXPAVCDC@@ABVCRect@@H@Z
?GetFocused@CBCGPBaseRibbonElement@@UAEPAV1@XZ
?GetHighlighted@CBCGPBaseRibbonElement@@UAEPAV1@XZ
?GetDroppedDown@CBCGPBaseRibbonElement@@UAEPAV1@XZ
?GetPressed@CBCGPBaseRibbonElement@@UAEPAV1@XZ
?DestroyCtrl@CBCGPBaseRibbonElement@@UAEXXZ
?CreateCustomCopy@CBCGPBaseRibbonElement@@UAEPAV1@XZ
?CreateQATCopy@CBCGPRibbonButton@@MAEPAVCBCGPBaseRibbonElement@@XZ
?GetQATID@CBCGPBaseRibbonElement@@UBEIXZ
?OnAddToQAToolbar@CBCGPBaseRibbonElement@@UAEHAAVCBCGPRibbonQuickAccessToolbar@@@Z
?UpdateTooltipInfo@CBCGPBaseRibbonElement@@UAEXXZ
?FindByOriginal@CBCGPBaseRibbonElement@@UAEPAV1@PAV1@@Z
?FindByData@CBCGPRibbonButton@@MAEPAVCBCGPBaseRibbonElement@@K@Z
?FindByIDNonCustom@CBCGPRibbonButton@@MAEPAVCBCGPBaseRibbonElement@@I@Z
?FindByID@CBCGPRibbonButton@@MAEPAVCBCGPBaseRibbonElement@@I@Z
?Find@CBCGPBaseRibbonElement@@UAEPAV1@PBV1@@Z
?ClosePopupMenu@CBCGPRibbonButton@@UAEXXZ
?IsAlignByColumn@CBCGPBaseRibbonElement@@UBEHXZ
?StretcheHorizontally@CBCGPBaseRibbonElement@@UAEXXZ
?CanBeStretchedHorizontally@CBCGPBaseRibbonElement@@UAEHXZ
?CanBeStretchedOnDialogBar@CBCGPBaseRibbonElement@@UAEHXZ
?CanBeStretched@CBCGPRibbonButton@@UAEHXZ
?CleanUpSizes@CBCGPRibbonButton@@UAEXXZ
?OnCalcTextSize@CBCGPRibbonLabel@@MAEXPAVCDC@@@Z
?OnDraw@CBCGPRibbonLabel@@MAEXPAVCDC@@@Z
?OnDrawOnList@CBCGPRibbonButton@@MAEXPAVCDC@@V?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@HVCRect@@HH@Z
?AddToTree@CBCGPRibbonLabel@@MAEPAVCBCGPGridRow@@PAVCBCGPGridCtrl@@PAV2@@Z
?AddToListBox@CBCGPRibbonLabel@@MAEHPAVCBCGPRibbonCommandsListBox@@H@Z
?OnSize@CBCGPListCtrl@@IAEXIHH@Z
?OnEraseBkgnd@CBCGPListCtrl@@IAEHPAVCDC@@@Z
?g_pContextMenuManager@@3PAVCBCGPContextMenuManager@@A
?DrawRect@CBCGPDrawManager@@QAEXABVCRect@@KK@Z
?GetMenuById@CBCGPContextMenuManager@@QBEPAUHMENU__@@I@Z
?OnCreate@CBCGPListCtrl@@IAEHPAUtagCREATESTRUCTW@@@Z
?GetThisClass@CBCGPListCtrl@@SGPAUCRuntimeClass@@XZ
?OnSetPlacement@CBCGPPropertySheet@@MAEHAAUtagWINDOWPLACEMENT@@@Z
?ReposButtons@CBCGPPropertySheet@@MAEHH@Z
?OnRemoveTreePage@CBCGPPropertySheet@@UAEHPAVCPropertyPage@@@Z
?InitNavigationControl@CBCGPPropertySheet@@UAEPAVCWnd@@XZ
?OnActivatePage@CBCGPPropertySheet@@UAEXPAVCPropertyPage@@@Z
?AdjustControlsLayout@CBCGPPropertySheet@@UAEXXZ
?PreTranslateMessage@CBCGPPropertySheet@@UAEHPAUtagMSG@@@Z
?OnCommand@CBCGPPropertySheet@@MAEHIJ@Z
?OnDestroy@CBCGPPropertySheet@@IAEXXZ
?SetButtonText@CBCGPToolBar@@QAEHHPB_W@Z
?OnInitDialog@CBCGPPropertySheet@@UAEHXZ
?GetButtonText@CBCGPToolBar@@QBEXHAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?DrawShadow@CBCGPDrawManager@@QAEHVCRect@@HHHPAVCBitmap@@1KH@Z
??1CBCGPPenSelector@@QAE@XZ
??0CBCGPPenSelector@@QAE@AAVCDC@@KIK@Z
?GetThisMessageMap@CBCGPPropertySheet@@KGPBUAFX_MSGMAP@@XZ
?EnableVisualManagerStyle@CBCGPPropertySheet@@QAEXHH@Z
?EnablePageHeader@CBCGPPropertySheet@@QAEXHH@Z
?AddPage@CBCGPPropertySheet@@QAEXPAVCPropertyPage@@@Z
?SetLook@CBCGPPropertySheet@@QAEXW4PropSheetLook@1@HH@Z
?SetTransparentColor@CBCGPToolBarImages@@QAEKK@Z
?SetImageSize@CBCGPToolBarImages@@QAEXUtagSIZE@@H@Z
?SetIconsList@CBCGPPropertySheet@@QAEHIHK@Z
??1CBCGPPropertySheet@@UAE@XZ
??0CBCGPPropertySheet@@QAE@PB_WPAVCWnd@@I@Z
?GetThisClass@CBCGPPropertySheet@@SGPAUCRuntimeClass@@XZ
?Clear@CBCGPToolBarImages@@QAEXXZ
?DrawEx@CBCGPToolBarImages@@QAEHPAVCDC@@VCRect@@HW4ImageAlignHorz@1@W4ImageAlignVert@1@1EH@Z
?FillGradient2@CBCGPDrawManager@@QAEXVCRect@@KKH@Z
?SetOnGlass@CBCGPToolbarButton@@UAEXH@Z
?IsExtraSize@CBCGPToolbarButton@@UBEHXZ
?SetRadio@CBCGPToolbarButton@@UAEXXZ
?SetImage@CBCGPToolbarButton@@UAEXH@Z
?GetAccCount@CBCGPToolbarButton@@UAEHXZ
?SetACCData@CBCGPToolbarButton@@UAEHPAVCWnd@@AAUCBCGPAccessibilityData@@@Z
?GetKeyboardAccelerator@CBCGPToolbarButton@@UBEHAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?IsAlwaysOpaque@CBCGPToolbarButton@@UBEHXZ
?IsLastInGroup@CBCGPToolbarButton@@UBEHXZ
?IsFirstInGroup@CBCGPToolbarButton@@UBEHXZ
?OnUpdateToolTip@CBCGPToolbarButton@@UAEHPAVCWnd@@HAAVCToolTipCtrl@@AAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?OnGetCustomToolTipText@CBCGPToolbarButton@@UAEHAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?HasFocus@CBCGPToolbarButton@@UBEHXZ
?IsOwnerOf@CBCGPToolbarButton@@UAEHPAUHWND__@@@Z
?IsWindowVisible@CBCGPToolbarButton@@UAEHXZ
?EnableWindow@CBCGPToolbarButton@@UAEXH@Z
?CompareWith@CBCGPToolbarButton@@UBEHABV1@@Z
?ResetImageToDefault@CBCGPToolbarButton@@UAEXXZ
?SetStyle@CBCGPToolbarButton@@UAEXI@Z
?GetInvalidateRect@CBCGPToolbarButton@@UBE?BVCRect@@XZ
?OnShow@CBCGPToolbarButton@@UAEXH@Z
?SaveBarState@CBCGPToolbarButton@@UAEXXZ
?OnToolHitTest@CBCGPToolbarButton@@UAEHPBVCWnd@@PAUtagTOOLINFOW@@@Z
?OnBeforeDrop@CBCGPToolbarButton@@UAEHPAVCBCGPToolBar@@@Z
?OnBeforeDrag@CBCGPToolbarButton@@UBEHXZ
?IsDroppedDown@CBCGPToolbarButton@@UBEHXZ
?OnDrawOnCustomizeList@CBCGPToolbarButton@@UAEHPAVCDC@@ABVCRect@@H@Z
?OnCustomizeMenu@CBCGPToolbarButton@@UAEHPAVCMenu@@@Z
?OnContextHelp@CBCGPToolbarButton@@UAEHPAVCWnd@@@Z
?IsEditable@CBCGPToolbarButton@@UBEHXZ
?OnGlobalFontsChanged@CBCGPToolbarButton@@UAEXXZ
?OnCancelMode@CBCGPToolbarButton@@UAEXXZ
?HaveHotBorder@CBCGPToolbarButton@@UBEHXZ
?CanBeStored@CBCGPToolbarButton@@UBEHXZ
?OnDblClick@CBCGPToolbarButton@@UAEXPAVCWnd@@@Z
?OnCtlColor@CBCGPToolbarButton@@UAEPAUHBRUSH__@@PAVCDC@@I@Z
?OnAddToCustomizePage@CBCGPToolbarButton@@UAEXXZ
?NotifyCommand@CBCGPToolbarButton@@UAEHH@Z
?CanBeStretched@CBCGPToolbarButton@@UBEHXZ
?GetHwnd@CBCGPToolbarButton@@UAEPAUHWND__@@XZ
?OnSize@CBCGPToolbarButton@@UAEXH@Z
?OnMove@CBCGPToolbarButton@@UAEXXZ
?ExportToMenuButton@CBCGPToolbarButton@@UBEHAAVCBCGPToolbarMenuButton@@@Z
?OnChangeParentWnd@CBCGPToolbarButton@@UAEXPAVCWnd@@@Z
?OnClickUpOutside@CBCGPToolbarButton@@UAEXXZ
?OnClickUp@CBCGPToolbarButton@@UAEHXZ
?OnClick@CBCGPToolbarButton@@UAEHPAVCWnd@@H@Z
?OnCalculateSize@CBCGPToolbarButton@@UAE?AUtagSIZE@@PAVCDC@@ABVCSize@@H@Z
?OnDraw@CBCGPToolbarButton@@UAEXPAVCDC@@ABVCRect@@PAVCBCGPToolBarImages@@HHHHH@Z
?CopyFrom@CBCGPToolbarButton@@UAEXABV1@@Z
?CanBeDropped@CBCGPToolbarButton@@UAEHPAVCBCGPToolBar@@@Z
?PrepareDrag@CBCGPToolbarButton@@UAEHAAVCOleDataSource@@@Z
?Serialize@CBCGPToolbarButton@@UAEXAAVCArchive@@@Z
?OnDrawMarkOnList@CBCGPRibbonCheckBox@@MAEXPAVCDC@@VCRect@@HH@Z
?OnDrawMark@CBCGPRibbonCheckBox@@MAEXPAVCDC@@VCRect@@@Z
?IsDrawTooltipImage@CBCGPRibbonCheckBox@@UBEHXZ
?IsCustomIconAllowed@CBCGPRibbonCheckBox@@UBEHXZ
?OnCalcTextSize@CBCGPRibbonButton@@UAEXPAVCDC@@@Z
?OnDraw@CBCGPRibbonCheckBox@@UAEXPAVCDC@@@Z
?OnDrawOnList@CBCGPRibbonCheckBox@@UAEXPAVCDC@@V?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@HVCRect@@HH@Z
?CopyFrom@CBCGPRibbonButton@@MAEXABVCBCGPBaseRibbonElement@@@Z
?OnDrawMenuImage@CBCGPRibbonCheckBox@@UAEHPAVCDC@@VCRect@@@Z
?GetCompactSize@CBCGPRibbonCheckBox@@UAE?AVCSize@@PAVCDC@@@Z
?GetIntermediateSize@CBCGPRibbonCheckBox@@UAE?AVCSize@@PAVCDC@@@Z
?GetRegularSize@CBCGPRibbonCheckBox@@UAE?AVCSize@@PAVCDC@@@Z
?GetRuntimeClass@CBCGPRibbonCheckBox@@UBEPAUCRuntimeClass@@XZ
?DrawButtonText@CBCGPToolbarButton@@UAEXPAVCDC@@ABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@VCRect@@IKH@Z
??1CBCGPToolbarButton@@UAE@XZ
??0CBCGPToolbarButton@@QAE@XZ
?GetThisClass@CBCGPToolbarButton@@SGPAUCRuntimeClass@@XZ
??1CBCGPRibbonCheckBox@@UAE@XZ
??0CBCGPRibbonCheckBox@@QAE@IPB_W@Z
?GetThisMessageMap@CBCGPPropertyPage@@KGPBUAFX_MSGMAP@@XZ
?GetThisClass@CBCGPPropertyPage@@SGPAUCRuntimeClass@@XZ
?OnDrawSplitter@CBCGPSplitterWnd@@UAEXPAVCDC@@W4ESplitType@CSplitterWnd@@ABVCRect@@@Z
?GetThisMessageMap@CBCGPSplitterWnd@@KGPBUAFX_MSGMAP@@XZ
?GetThisClass@CBCGPSplitterWnd@@SGPAUCRuntimeClass@@XZ
?OnAfterAnimation@CBCGPOutlookBar@@UAEXH@Z
?OnScroll@CBCGPOutlookBar@@UAEXH@Z
?OnActivateTab@CBCGPBaseTabbedBar@@MAEXH@Z
?GetControlBarList@CBCGPBaseTabbedBar@@UAEXAAVCObList@@PAUCRuntimeClass@@@Z
?CanSetCaptionTextToTabName@CBCGPOutlookBar@@UBEHXZ
?EnableSetCaptionTextToTabName@CBCGPBaseTabbedBar@@UAEXH@Z
?SaveSiblingBarIDs@CBCGPBaseTabbedBar@@UAEXAAVCArchive@@@Z
?SerializeTabWindow@CBCGPBaseTabbedBar@@UAEXAAVCArchive@@@Z
?ApplyRestoredTabInfo@CBCGPBaseTabbedBar@@UAEXH@Z
?GetFirstVisibleTab@CBCGPBaseTabbedBar@@UAEPAVCWnd@@AAH@Z
?FindBarByTabNumber@CBCGPBaseTabbedBar@@UAEPAVCWnd@@HH@Z
?FindBarByID@CBCGPBaseTabbedBar@@UAEPAVCWnd@@I@Z
?ShowTab@CBCGPBaseTabbedBar@@UAEHPAVCWnd@@HHH@Z
?RemoveControlBar@CBCGPBaseTabbedBar@@UAEHPAVCWnd@@@Z
?DetachControlBar@CBCGPBaseTabbedBar@@UAEHPAVCWnd@@H@Z
?FloatTab@CBCGPOutlookBar@@UAEHPAVCWnd@@HW4BCGP_DOCK_METHOD@@H@Z
?AddTab@CBCGPBaseTabbedBar@@UAEHPAVCWnd@@HHH@Z
?IsRestoreTabsState@CBCGPOutlookBar@@UBEHXZ
?AllowDestroyEmptyTabbedBar@CBCGPOutlookBar@@UBEHXZ
?IsHideSingleTab@CBCGPBaseTabbedBar@@UBEHXZ
?GetVisibleTabsNum@CBCGPBaseTabbedBar@@UBEHXZ
?GetTabsNum@CBCGPBaseTabbedBar@@UBEHXZ
?OnSlide@CBCGPDockingControlBar@@MAEXH@Z
?CheckStopSlideCondition@CBCGPDockingControlBar@@MAEHH@Z
?CheckAutoHideCondition@CBCGPDockingControlBar@@MAEHXZ
?SetCaptionButtons@CBCGPDockingControlBar@@MAEXXZ
?StopCaptionButtonsTracking@CBCGPDockingControlBar@@MAEXXZ
?OnTrackCaptionButtons@CBCGPDockingControlBar@@MAEXVCPoint@@@Z
?GetScrollPos@CBCGPDockingControlBar@@MBE?AVCPoint@@XZ
?OnScrollClient@CBCGPDockingControlBar@@MAEXI@Z
?ScrollVertAvailable@CBCGPDockingControlBar@@MAEHH@Z
?ScrollHorzAvailable@CBCGPDockingControlBar@@MAEHH@Z
?UpdateScrollBars@CBCGPDockingControlBar@@MAEXXZ
?AdjustBarWindowToContainer@CBCGPDockingControlBar@@MAEXPAVCBCGPSlider@@@Z
?DrawCaption@CBCGPDockingControlBar@@MAEXPAVCDC@@VCRect@@@Z
?OnEraseNCBackground@CBCGPDockingControlBar@@MAEXPAVCDC@@VCRect@@@Z
?OnPressButtons@CBCGPDockingControlBar@@MAEXI@Z
?StoreRecentTabRelatedInfo@CBCGPDockingControlBar@@MAEXXZ
?OnChangeActiveState@CBCGPBaseTabbedBar@@MAEXXZ
?CopyState@CBCGPDockingControlBar@@UAEXPAV1@@Z
?GetAHSlideMode@CBCGPDockingControlBar@@UBEIXZ
?CanAdjustLayout@CBCGPDockingControlBar@@UBEHXZ
?IsHideInAutoHideMode@CBCGPDockingControlBar@@UBEHXZ
?SetAutoHideMode@CBCGPBaseTabbedBar@@UAEPAVCBCGPAutoHideToolBar@@HKPAV2@H@Z
?DockToResentPos@CBCGPDockingControlBar@@UAEHXZ
?UnSetAutoHideMode@CBCGPDockingControlBar@@UAEXPAV1@@Z
?OnAfterDockFromMiniFrame@CBCGPDockingControlBar@@UAEXXZ
?DockContainer@CBCGPDockingControlBar@@UAEHAAVCBCGPBarContainerManager@@KW4BCGP_DOCK_METHOD@@@Z
?DockToWindow@CBCGPDockingControlBar@@UAEHPAV1@KPBUtagRECT@@@Z
?CreateTabbedControlBar@CBCGPDockingControlBar@@UAEPAVCBCGPTabbedControlBar@@XZ
?AttachToTabWnd@CBCGPDockingControlBar@@UAEPAV1@PAV1@W4BCGP_DOCK_METHOD@@HPAPAV1@@Z
?GetDockStatus@CBCGPOutlookBar@@UAE?AW4BCGP_CS_STATUS@@VCPoint@@H@Z
?Slide@CBCGPDockingControlBar@@UAEXHH@Z
?IsAutohideAllEnabled@CBCGPDockingControlBar@@UBEHXZ
?HasAutoHideMode@CBCGPBaseTabbedBar@@UBEHXZ
?CanAcceptMiniFrame@CBCGPDockingControlBar@@UBEHPAVCBCGPMiniFrameWnd@@@Z
?HitTest@CBCGPDockingControlBar@@UAEHVCPoint@@H@Z
?IsTabLocationBottom@CBCGPDockingControlBar@@UBEHXZ
?GetTabArea@CBCGPOutlookBar@@UBEXAAVCRect@@0@Z
?CreateEx@CBCGPDockingControlBar@@UAEHKPB_WPAVCWnd@@ABUtagRECT@@HIKKKPAUCCreateContext@@@Z
?Create@CBCGPDockingControlBar@@UAEHPB_WPAVCWnd@@ABUtagRECT@@HIKKKPAUCCreateContext@@@Z
?Create@CBCGPDockingControlBar@@UAEHPB_WPAVCWnd@@VCSize@@HIKKK@Z
?StoreRecentDockInfo@CBCGPBaseTabbedBar@@MAEXXZ
?EnterDragMode@CBCGPDockingControlBar@@MAEXH@Z
?Dock@CBCGPBaseTabbedBar@@MAEHPAVCBCGPBaseControlBar@@PBUtagRECT@@W4BCGP_DOCK_METHOD@@@Z
?OnAfterStretch@CBCGPControlBar@@MAEXH@Z
?OnAfterDock@CBCGPDockingControlBar@@MAEXPAVCBCGPBaseControlBar@@PBUtagRECT@@W4BCGP_DOCK_METHOD@@@Z
?OnDrawDragRect@CBCGPDockingControlBar@@MAEXPBUtagRECT@@0@Z
?OnContinueMoving@CBCGPDockingControlBar@@MAEXXZ
?OnShowControlBarMenu@CBCGPControlBar@@UAEHVCPoint@@@Z
?ConvertToTabbedDocument@CBCGPBaseTabbedBar@@UAEXH@Z
?OnPressCloseButton@CBCGPDockingControlBar@@MAEXXZ
?ToggleAutoHide@CBCGPDockingControlBar@@UAEXXZ
?OnAfterFloat@CBCGPControlBar@@UAEXXZ
?OnBeforeFloat@CBCGPDockingControlBar@@UAEHAAVCRect@@W4BCGP_DOCK_METHOD@@@Z
?IsChangeState@CBCGPDockingControlBar@@UBE?AW4BCGP_CS_STATUS@@HPAPAVCBCGPBaseControlBar@@@Z
?DockControlBarStandard@CBCGPDockingControlBar@@UAEPAVCBCGPControlBar@@AAH@Z
?CalcSize@CBCGPControlBar@@UAE?AVCSize@@H@Z
?GetBarName@CBCGPOutlookBar@@UBEXAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?AllowShowOnControlMenu@CBCGPControlBar@@UBEHXZ
?GetMinSize@CBCGPBaseTabbedBar@@UBEXAAVCSize@@@Z
?DoPaint@CBCGPBaseControlBar@@MAEXPAVCDC@@@Z
?CalcFixedLayout@CBCGPDockingControlBar@@UAE?AVCSize@@HH@Z
?OnUpdateCmdUI@CBCGPDockingControlBar@@UAEXPAVCFrameWnd@@H@Z
?UnDockControlBar@CBCGPDockingControlBar@@UAEXH@Z
?SaveState@CBCGPOutlookBar@@UAEHPB_WHI@Z
?LoadState@CBCGPOutlookBar@@UAEHPB_WHI@Z
?ShowControlBar@CBCGPDockingControlBar@@UAEXHHH@Z
?OnAfterChangeParent@CBCGPDockingControlBar@@UAEXPAVCWnd@@@Z
?OnBeforeChangeParent@CBCGPDockingControlBar@@UAEXPAVCWnd@@H@Z
?RecalcLayout@CBCGPBaseTabbedBar@@UAEXXZ
?AdjustLayout@CBCGPBaseControlBar@@UAEXXZ
?StretchControlBar@CBCGPBaseControlBar@@UAE?AVCSize@@HH@Z
?DockToFrameWindow@CBCGPDockingControlBar@@UAEHKPBUtagRECT@@KPAVCBCGPBaseControlBar@@HH@Z
?FloatControlBar@CBCGPBaseTabbedBar@@MAEHVCRect@@W4BCGP_DOCK_METHOD@@_N@Z
?EnableGripper@CBCGPDockingControlBar@@UAEXH@Z
?EnableDocking@CBCGPBaseControlBar@@UAEXK@Z
?IsAutoHideMode@CBCGPDockingControlBar@@UBEHXZ
?CanFocus@CBCGPBaseControlBar@@UBEHXZ
?CanAutoHide@CBCGPDockingControlBar@@UBEHXZ
?CanFloat@CBCGPBaseTabbedBar@@UBEHXZ
?CanBeClosed@CBCGPBaseControlBar@@UBEHXZ
?GetBarIcon@CBCGPBaseTabbedBar@@UAEPAUHICON__@@H@Z
?GetDockMode@CBCGPBaseControlBar@@UBE?AW4BCGP_DOCK_TYPE@@XZ
?IsFloatingMulti@CBCGPDockingControlBar@@UBEHXZ
?GetCaptionHeight@CBCGPDockingControlBar@@UBEHXZ
?CanBeAttached@CBCGPDockingControlBar@@UBEHXZ
?CanAcceptBar@CBCGPOutlookBar@@UBEHPBVCBCGPBaseControlBar@@@Z
?DoesAllowDynInsertBefore@CBCGPOutlookBar@@UBEHXZ
?IsVisible@CBCGPDockingControlBar@@UBEHXZ
?IsResizable@CBCGPDockingControlBar@@UBEHXZ
?IsFloating@CBCGPBaseControlBar@@UBEHXZ
?IsDocked@CBCGPDockingControlBar@@UBEHXZ
?AccNotifyObjectFocusEvent@CBCGPWnd@@UAEXH@Z
?IsAccessibilityCompatible@CBCGPDockingControlBar@@UAEHXZ
?OnSetAccData@CBCGPWnd@@UAEHJ@Z
?PreTranslateMessage@CBCGPDockingControlBar@@UAEHPAUtagMSG@@@Z
?accDoDefaultAction@CBCGPWnd@@UAEJUtagVARIANT@@@Z
?accHitTest@CBCGPWnd@@UAEJJJPAUtagVARIANT@@@Z
?accNavigate@CBCGPWnd@@UAEJJUtagVARIANT@@PAU2@@Z
?get_accState@CBCGPWnd@@UAEJUtagVARIANT@@PAU2@@Z
?get_accRole@CBCGPWnd@@UAEJUtagVARIANT@@PAU2@@Z
?get_accChild@CBCGPWnd@@UAEJUtagVARIANT@@PAPAUIDispatch@@@Z
?get_accChildCount@CBCGPWnd@@UAEJPAJ@Z
?Serialize@CBCGPBaseTabbedBar@@UAEXAAVCArchive@@@Z
?OnEraseWorkArea@CBCGPOutlookBarPane@@MAEXPAVCDC@@VCRect@@@Z
?SmartUpdate@CBCGPOutlookBarPane@@UAEHABVCObList@@@Z
?LoadLastOriginalState@CBCGPToolBar@@MAEHAAVCBCGPRegistry@@@Z
?SaveOriginalState@CBCGPToolBar@@MAEXAAVCBCGPRegistry@@@Z
?AccGetButtonsCount@CBCGPToolBar@@MAEHXZ
?OnAfterButtonDelete@CBCGPToolBar@@MAEXXZ
?AllowAltCustomization@CBCGPToolBar@@MBEHXZ
?CalcMaxButtonHeight@CBCGPToolBar@@MAEHXZ
?ShowCommandMessageString@CBCGPToolBar@@MAEXI@Z
?AddRemoveSeparator@CBCGPOutlookBarPane@@MAEXPBVCBCGPToolbarButton@@ABVCPoint@@1@Z
?OnCalcSeparatorRect@CBCGPToolBar@@MAEXPAVCBCGPToolbarButton@@AAVCRect@@H@Z
?IsPureMenuButton@CBCGPToolBar@@MBEHPAVCBCGPToolbarButton@@@Z
?EnableContextMenuItems@CBCGPOutlookBarPane@@MAEHPAVCBCGPToolbarButton@@PAVCMenu@@@Z
?OnCustomizeMode@CBCGPToolBar@@MAEXH@Z
?OnKey@CBCGPToolBar@@MAEHI@Z
?CreateDroppedButton@CBCGPOutlookBarPane@@MAEPAVCBCGPToolbarButton@@PAVCOleDataObject@@@Z
?DrawSeparator@CBCGPToolBar@@MAEXPAVCDC@@ABVCRect@@H@Z
?AlwaysSaveSelection@CBCGPToolBar@@MBEHXZ
?AllowShowOnList@CBCGPOutlookBarPane@@MBEHXZ
?AllowSelectDisabled@CBCGPToolBar@@MBEHXZ
?OnSendCommand@CBCGPToolBar@@MAEHPBVCBCGPToolbarButton@@@Z
?AdjustLocations@CBCGPOutlookBarPane@@MAEXXZ
?FindDropIndex@CBCGPToolBar@@MBEHVCPoint@@AAVCRect@@@Z
?NotifyControlCommand@CBCGPToolBar@@MAEHPAVCBCGPToolbarButton@@HHIJ@Z
?OnDragOver@CBCGPOutlookBarPane@@MAEKPAVCOleDataObject@@KVCPoint@@@Z
?OnDragLeave@CBCGPToolBar@@MAEXXZ
?OnDragEnter@CBCGPToolBar@@MAEKPAVCOleDataObject@@KVCPoint@@@Z
?OnDrop@CBCGPToolBar@@MAEHPAVCOleDataObject@@KVCPoint@@@Z
?GetCommandTarget@CBCGPToolBar@@MBEPAVCWnd@@XZ
?RebuildAccelerationKeys@CBCGPToolBar@@MAEXXZ
?DrawDragMarker@CBCGPToolBar@@MAEXPAVCDC@@@Z
?CheckForButtonImages@CBCGPToolBar@@MAEXPAVCBCGPToolbarButton@@PAPAVCBCGPToolBarImages@@@Z
?DrawButton@CBCGPToolBar@@MAEHPAVCDC@@PAVCBCGPToolbarButton@@PAVCBCGPToolBarImages@@HH@Z
?CalcLayout@CBCGPToolBar@@MAE?AVCSize@@KH@Z
?OnChangeVisualManager@CBCGPToolBar@@UAEXXZ
?OnChangeHot@CBCGPToolBar@@UAEXH@Z
?IsPopupMode@CBCGPToolBar@@UBEHXZ
?OnUserToolTip@CBCGPToolBar@@UBEHPAVCBCGPToolbarButton@@AAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?OnGlobalFontsChanged@CBCGPToolBar@@UAEXXZ
?OnFillBackground@CBCGPToolBar@@UAEXPAVCDC@@@Z
?OnSetDefaultButtonText@CBCGPToolBar@@UAEHPAVCBCGPToolbarButton@@@Z
?NextMenu@CBCGPToolBar@@UAEHXZ
?PrevMenu@CBCGPToolBar@@UAEHXZ
?TranslateChar@CBCGPToolBar@@UAEHI@Z
?HitTest@CBCGPToolBar@@UAEHVCPoint@@@Z
?OnReset@CBCGPToolBar@@UAEXXZ
?RestoreOriginalstate@CBCGPOutlookBarPane@@UAEHXZ
?CanBeRestored@CBCGPOutlookBarPane@@UBEHXZ
?RemoveStateFromRegistry@CBCGPToolBar@@UAEHPB_WHI@Z
?OnBeforeRemoveButton@CBCGPToolBar@@UAEHPAVCBCGPToolbarButton@@K@Z
?AllowChangeTextLabels@CBCGPToolBar@@UBEHXZ
?SetButtonStyle@CBCGPToolBar@@UAEXHI@Z
?GetInvalidateItemRect@CBCGPToolBar@@UBEXHPAUtagRECT@@@Z
?GetItemRect@CBCGPToolBar@@UBEXHPAUtagRECT@@@Z
?IsResourceChanged@CBCGPToolBar@@UBEHXZ
?OnLargeIconsModeChanged@CBCGPToolBar@@UAEXXZ
?RestoreFocus@CBCGPToolBar@@UAEXXZ
?Deactivate@CBCGPToolBar@@UAEXXZ
?GetColumnWidth@CBCGPToolBar@@UBEHXZ
?IsButtonExtraSizeAvailable@CBCGPToolBar@@UBEHXZ
?GetRowHeight@CBCGPToolBar@@UBEHXZ
?RemoveAllButtons@CBCGPOutlookBarPane@@UAEXXZ
?RemoveButton@CBCGPToolBar@@UAEHH@Z
?InsertSeparator@CBCGPToolBar@@UAEHH@Z
?InsertButton@CBCGPToolBar@@UAEHABVCBCGPToolbarButton@@H@Z
?InsertButton@CBCGPToolBar@@MAEHPAVCBCGPToolbarButton@@H@Z
?SetButtons@CBCGPToolBar@@UAEHPBIHH@Z
?LoadToolBarEx@CBCGPToolBar@@UAEHIAAVCBCGPToolBarParams@@H@Z
?LoadBitmapEx@CBCGPToolBar@@UAEHAAVCBCGPToolBarParams@@H@Z
?LoadToolBar@CBCGPToolBar@@UAEHIIIHIII@Z
?LoadBitmapW@CBCGPToolBar@@UAEHIIIHII@Z
?ResetImages@CBCGPToolBar@@UAEXXZ
?CreateEx@CBCGPToolBar@@UAEHPAVCWnd@@KKVCRect@@I@Z
?Create@CBCGPToolBar@@UAEHPAVCWnd@@KI@Z
?StoreRecentDockInfo@CBCGPControlBar@@MAEXXZ
?OnRTLChanged@CBCGPControlBar@@MAEXH@Z
?EnterDragMode@CBCGPControlBar@@MAEXH@Z
?Dock@CBCGPOutlookBarPane@@UAEHPAVCBCGPBaseControlBar@@PBUtagRECT@@W4BCGP_DOCK_METHOD@@@Z
?SetDragMode@CBCGPControlBar@@MAEXH@Z
?RemoveFromMiniframe@CBCGPControlBar@@MAEXPAVCWnd@@W4BCGP_DOCK_METHOD@@@Z
?OnAfterStretch@CBCGPBaseToolBar@@MAEXH@Z
?OnBeforeStretch@CBCGPControlBar@@MAEXAAH@Z
?OnAfterDock@CBCGPToolBar@@MAEXPAVCBCGPBaseControlBar@@PBUtagRECT@@W4BCGP_DOCK_METHOD@@@Z
?OnBeforeDock@CBCGPControlBar@@MAEHPAPAVCBCGPBaseControlBar@@PBUtagRECT@@W4BCGP_DOCK_METHOD@@@Z
?OnDrawDragRect@CBCGPControlBar@@MAEXPBUtagRECT@@0@Z
?OnContinueMoving@CBCGPControlBar@@MAEXXZ
?OnAfterShowControlBarMenu@CBCGPControlBar@@MAEHH@Z
?OnBeforeShowControlBarMenu@CBCGPControlBar@@MAEHAAVCMenu@@@Z
?OnShowControlBarMenu@CBCGPBaseToolBar@@MAEHVCPoint@@@Z
?ConvertToTabbedDocument@CBCGPControlBar@@UAEXH@Z
?OnPressCloseButton@CBCGPControlBar@@UAEXXZ
?ToggleAutoHide@CBCGPControlBar@@UAEXXZ
?AdjustSizeImmediate@CBCGPControlBar@@UAEXH@Z
?CalcAvailableSize@CBCGPControlBar@@UAE?AVCSize@@VCRect@@@Z
?CreateEx@CBCGPControlBar@@UAEHKPB_WKABUtagRECT@@PAVCWnd@@IKPAUCCreateContext@@@Z
?Create@CBCGPControlBar@@UAEHPB_WKABUtagRECT@@PAVCWnd@@IKPAUCCreateContext@@@Z
?OnAfterFloat@CBCGPToolBar@@MAEXXZ
?OnBeforeFloat@CBCGPOutlookBarPane@@UAEHAAVCRect@@W4BCGP_DOCK_METHOD@@@Z
?NotifyHighlightListItem@CBCGPBaseRibbonElement@@UAEXH@Z
?SetDockState@CBCGPControlBar@@UAEXPAVCBCGPDockManager@@@Z
?IsChangeState@CBCGPOutlookBarPane@@UBE?AW4BCGP_CS_STATUS@@HPAPAVCBCGPBaseControlBar@@@Z
?DockControlBarStandard@CBCGPControlBar@@UAEPAV1@AAH@Z
?StretchBar@CBCGPControlBar@@UAEHHAAPAX@Z
?MoveControlBar@CBCGPControlBar@@UAE?AVCSize@@VCRect@@HAAPAX@Z
?CalcSize@CBCGPToolBar@@UAE?AVCSize@@H@Z
?DockByMouse@CBCGPControlBar@@UAEHPAVCBCGPBaseControlBar@@@Z
?PrepareToDock@CBCGPControlBar@@UAEXPAVCBCGPDockBar@@W4BCGP_DOCK_METHOD@@@Z
?GetExclusiveRowMode@CBCGPControlBar@@UBEHXZ
?SetExclusiveRowMode@CBCGPControlBar@@UAEXH@Z
?SetActiveInGroup@CBCGPControlBar@@UAEXH@Z
?GetBarName@CBCGPControlBar@@UBEXAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?AllowShowOnControlMenu@CBCGPOutlookBarPane@@MBEHXZ
?CopyState@CBCGPControlBar@@UAEXPAV1@@Z
?DoesAllowSiblingBars@CBCGPControlBar@@UBEHXZ
?GetAvailableStretchSize@CBCGPControlBar@@UBEHXZ
?GetAvailableExpandSize@CBCGPControlBar@@UBEHXZ
?GetResizeStep@CBCGPControlBar@@UBEHXZ
?GetMinLength@CBCGPControlBar@@UBEHXZ
?GetMinSize@CBCGPBaseToolBar@@UBEXAAVCSize@@@Z
?IsDragMode@CBCGPControlBar@@UBEHXZ
?AdjustDockingLayout@CBCGPBaseControlBar@@UAEXPAX@Z
?DoPaint@CBCGPOutlookBarPane@@MAEXPAVCDC@@@Z
?CalcFixedLayout@CBCGPOutlookBarPane@@MAE?AVCSize@@HH@Z
?CreateEx@CBCGPBaseControlBar@@UAEHKPB_W0KABUtagRECT@@PAVCWnd@@IKPAUCCreateContext@@@Z
?HideInFullScreenMode@CBCGPBaseControlBar@@UBEHXZ
?HideInPrintPreviewMode@CBCGPBaseControlBar@@UBEHXZ
?OnControlBarContextMenu@CBCGPBaseControlBar@@UAEXPAVCWnd@@VCPoint@@@Z
?OnUpdateCmdUI@CBCGPToolBar@@UAEXPAVCFrameWnd@@H@Z
?UnDockControlBar@CBCGPControlBar@@UAEXH@Z
?CopyState@CBCGPBaseControlBar@@UAEXPAV1@@Z
?SetWindowPos@CBCGPBaseControlBar@@UAEPAXPBVCWnd@@HHHHIPAX@Z
?MoveWindow@CBCGPBaseControlBar@@UAEPAXAAVCRect@@HPAX@Z
?SaveState@CBCGPToolBar@@UAEHPB_WHI@Z
?LoadState@CBCGPToolBar@@UAEHPB_WHI@Z
?GetParentMiniFrame@CBCGPBaseControlBar@@UBEPAVCBCGPMiniFrameWnd@@H@Z
?ShowControlBar@CBCGPBaseControlBar@@UAEXHHH@Z
?OnAfterChangeParent@CBCGPBaseToolBar@@UAEXPAVCWnd@@@Z
?OnBeforeChangeParent@CBCGPToolBar@@MAEXPAVCWnd@@H@Z
?OnRemoveFromMiniFrame@CBCGPBaseControlBar@@UAEXPAVCBCGPMiniFrameWnd@@@Z
?CreateDefaultMiniframe@CBCGPControlBar@@UAEPAVCBCGPMiniFrameWnd@@VCRect@@@Z
?RecalcLayout@CBCGPControlBar@@UAEXXZ
?StretchControlBar@CBCGPToolBar@@UAE?AVCSize@@HH@Z
?OnMoveSlider@CBCGPBaseControlBar@@UAEXPAVCBCGPSlider@@@Z
?DockToFrameWindow@CBCGPControlBar@@UAEHKPBUtagRECT@@KPAVCBCGPBaseControlBar@@HH@Z
?FloatControlBar@CBCGPControlBar@@UAEHVCRect@@W4BCGP_DOCK_METHOD@@_N@Z
?DockControlBar@CBCGPControlBar@@UAEHPAVCBCGPBaseControlBar@@PBUtagRECT@@W4BCGP_DOCK_METHOD@@@Z
?OnDrawCaption@CBCGPBaseControlBar@@UAEXXZ
?EnableGripper@CBCGPBaseControlBar@@UAEXH@Z
?EnableDocking@CBCGPToolBar@@UAEXK@Z
?SetBCGStyle@CBCGPBaseControlBar@@UAEXK@Z
?SetBarStyle@CBCGPBaseControlBar@@UAEXK@Z
?SetBarAlignment@CBCGPBaseControlBar@@UAEXK@Z
?IsAutoHideMode@CBCGPBaseControlBar@@UBEHXZ
?CanFocus@CBCGPToolBar@@UBEHXZ
?CanAutoHide@CBCGPBaseControlBar@@UBEHXZ
?CanBeResized@CBCGPBaseControlBar@@UBEHXZ
?CanFloat@CBCGPOutlookBarPane@@MBEHXZ
?CanBeClosed@CBCGPToolBar@@UBEHXZ
?GetBCGStyle@CBCGPBaseControlBar@@UBEKXZ
?GetBarStyle@CBCGPBaseControlBar@@UBEKXZ
?GetBarIcon@CBCGPBaseControlBar@@UAEPAUHICON__@@H@Z
?GetDockMode@CBCGPBaseToolBar@@UBE?AW4BCGP_DOCK_TYPE@@XZ
?SetRestoredFromRegistry@CBCGPBaseControlBar@@UAEXH@Z
?IsRestoredFromRegistry@CBCGPBaseControlBar@@UBEHXZ
?GetRecentVisibleState@CBCGPBaseControlBar@@UBEHXZ
?IsFloatingMulti@CBCGPControlBar@@UBEHXZ
?GetCaptionHeight@CBCGPBaseControlBar@@UBEHXZ
?GetParentDockBar@CBCGPBaseControlBar@@UBEPAVCBCGPDockBar@@XZ
?GetDockSite@CBCGPBaseControlBar@@UBEPAVCWnd@@XZ
?GetCurrentAlignment@CBCGPOutlookBarPane@@MBEKXZ
?CanBeTabbedDocument@CBCGPControlBar@@UBEHXZ
?CanBeAttached@CBCGPOutlookBarPane@@UBEHXZ
?GetEnabledAlignment@CBCGPBaseControlBar@@UBEKXZ
?CanBeDocked@CBCGPControlBar@@UBEHPAVCBCGPBaseControlBar@@@Z
?CanAcceptBar@CBCGPBaseControlBar@@UBEHPBV1@@Z
?DoesAllowDynInsertBefore@CBCGPBaseControlBar@@UBEHXZ
?IsVisible@CBCGPBaseControlBar@@UBEHXZ
?IsResizable@CBCGPControlBar@@UBEHXZ
?IsMDITabbed@CBCGPBaseControlBar@@UBEHXZ
?IsFloating@CBCGPToolBar@@UBEHXZ
?IsTabbed@CBCGPControlBar@@UBEHXZ
?IsDocked@CBCGPBaseControlBar@@UBEHXZ
?GetCurrentAlignment@CBCGPBaseControlBar@@UBEKXZ
?IsHorizontal@CBCGPBaseControlBar@@UBEHXZ
?AccNotifyObjectFocusEvent@CBCGPToolBar@@MAEXH@Z
?IsAccessibilityCompatible@CBCGPWnd@@UAEHXZ
?OnSetAccData@CBCGPToolBar@@MAEHJ@Z
?WindowProc@CBCGPBaseControlBar@@MAEJIIJ@Z
?PreTranslateMessage@CBCGPOutlookBarPane@@MAEHPAUtagMSG@@@Z
?OnCommand@CBCGPToolBar@@MAEHIJ@Z
?put_accValue@CBCGPWnd@@UAEJUtagVARIANT@@PA_W@Z
?put_accName@CBCGPWnd@@UAEJUtagVARIANT@@PA_W@Z
?accDoDefaultAction@CBCGPToolBar@@MAEJUtagVARIANT@@@Z
?accHitTest@CBCGPToolBar@@MAEJJJPAUtagVARIANT@@@Z
?accNavigate@CBCGPToolBar@@MAEJJUtagVARIANT@@PAU2@@Z
?accLocation@CBCGPWnd@@UAEJPAJ000UtagVARIANT@@@Z
?accSelect@CBCGPWnd@@UAEJJUtagVARIANT@@@Z
?get_accDefaultAction@CBCGPWnd@@UAEJUtagVARIANT@@PAPA_W@Z
?get_accSelection@CBCGPWnd@@UAEJPAUtagVARIANT@@@Z
?get_accFocus@CBCGPWnd@@UAEJPAUtagVARIANT@@@Z
?get_accKeyboardShortcut@CBCGPWnd@@UAEJUtagVARIANT@@PAPA_W@Z
?get_accHelpTopic@CBCGPWnd@@UAEJPAPA_WUtagVARIANT@@PAJ@Z
?get_accHelp@CBCGPWnd@@UAEJUtagVARIANT@@PAPA_W@Z
?get_accState@CBCGPToolBar@@MAEJUtagVARIANT@@PAU2@@Z
?get_accRole@CBCGPToolBar@@MAEJUtagVARIANT@@PAU2@@Z
?get_accDescription@CBCGPWnd@@UAEJUtagVARIANT@@PAPA_W@Z
?get_accValue@CBCGPWnd@@UAEJUtagVARIANT@@PAPA_W@Z
?get_accName@CBCGPWnd@@UAEJUtagVARIANT@@PAPA_W@Z
?get_accChild@CBCGPToolBar@@MAEJUtagVARIANT@@PAPAUIDispatch@@@Z
?get_accChildCount@CBCGPToolBar@@MAEJPAJ@Z
?get_accParent@CBCGPWnd@@UAEJPAPAUIDispatch@@@Z
?OnToolHitTest@CBCGPToolBar@@MBEHVCPoint@@PAUtagTOOLINFOW@@@Z
?Serialize@CBCGPToolBar@@UAEXAAVCArchive@@@Z
?GetRuntimeClass@CBCGPOutlookBarPane@@UBEPAUCRuntimeClass@@XZ
?OnCreate@CBCGPOutlookBarPane@@IAEHPAUtagCREATESTRUCTW@@@Z
?GetThisMessageMap@CBCGPOutlookBarPane@@KGPBUAFX_MSGMAP@@XZ
?AdjustLayout@CBCGPToolBar@@UAEXXZ
?EnableAnimation@CBCGPOutlookWnd@@SAXH@Z
?EnableTextLabels@CBCGPToolBar@@QAEXH@Z
?SetOriginal@CBCGPRibbonButton@@MAEXPAVCBCGPBaseRibbonElement@@@Z
?SetParentMenu@CBCGPRibbonButton@@UAEXPAVCBCGPRibbonPanelMenuBar@@@Z

msvcp100

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_BADOFF@std@@3_JB
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ

wsock32

WSAGetLastError
inet_addr
ioctlsocket

Sections

.text
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 236KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
License.txt
MediaInfo.dll
.dll windows:5 windows x86 arch:x86

497e3864e078fa536a0b2196aafbf627

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WideCharToMultiByte
MultiByteToWideChar
GetFullPathNameW
GetFullPathNameA
FindFirstFileW
GetFileAttributesA
GetFileAttributesW
FindFirstFileA
FindClose
FindNextFileA
FindNextFileW
Sleep
CloseHandle
ResumeThread
CreateThread
CreateFileA
GetFileSize
SetFilePointer
WriteFile
ReadFile
GetTimeZoneInformation
CreateFileW
GetLastError
GetFileTime
GetVersion
GetProcessHeap
SetEndOfFile
WriteConsoleW
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
LoadLibraryW
HeapReAlloc
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
GetCurrentThreadId
GetCommandLineA
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
RaiseException
GetCPInfo
RtlUnwind
LCMapStringW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapSize
GetProcAddress
GetModuleHandleW
ExitProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
InitializeCriticalSectionAndSpinCount
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetModuleFileNameW

Exports

Exports

MediaInfoA_Close
MediaInfoA_Count_Get
MediaInfoA_Delete
MediaInfoA_Get
MediaInfoA_GetI
MediaInfoA_Inform
MediaInfoA_New
MediaInfoA_New_Quick
MediaInfoA_Open
MediaInfoA_Open_Buffer
MediaInfoA_Open_Buffer_Continue
MediaInfoA_Open_Buffer_Continue_GoTo_Get
MediaInfoA_Open_Buffer_Finalize
MediaInfoA_Open_Buffer_Init
MediaInfoA_Open_NextPacket
MediaInfoA_Option
MediaInfoA_Output_Buffer_Get
MediaInfoA_Output_Buffer_GetI
MediaInfoA_Save
MediaInfoA_Set
MediaInfoA_SetI
MediaInfoA_State_Get
MediaInfoListA_Close
MediaInfoListA_Count_Get
MediaInfoListA_Count_Get_Files
MediaInfoListA_Delete
MediaInfoListA_Get
MediaInfoListA_GetI
MediaInfoListA_Inform
MediaInfoListA_New
MediaInfoListA_New_Quick
MediaInfoListA_Open
MediaInfoListA_Open_Buffer
MediaInfoListA_Option
MediaInfoListA_Save
MediaInfoListA_Set
MediaInfoListA_SetI
MediaInfoListA_State_Get
MediaInfoList_Close
MediaInfoList_Count_Get
MediaInfoList_Count_Get_Files
MediaInfoList_Delete
MediaInfoList_Get
MediaInfoList_GetI
MediaInfoList_Inform
MediaInfoList_New
MediaInfoList_New_Quick
MediaInfoList_Open
MediaInfoList_Open_Buffer
MediaInfoList_Option
MediaInfoList_Save
MediaInfoList_Set
MediaInfoList_SetI
MediaInfoList_State_Get
MediaInfo_Close
MediaInfo_Count_Get
MediaInfo_Delete
MediaInfo_Get
MediaInfo_GetI
MediaInfo_Info_Version
MediaInfo_Inform
MediaInfo_New
MediaInfo_New_Quick
MediaInfo_Open
MediaInfo_Open_Buffer
MediaInfo_Open_Buffer_Continue
MediaInfo_Open_Buffer_Continue_GoTo_Get
MediaInfo_Open_Buffer_Finalize
MediaInfo_Open_Buffer_Init
MediaInfo_Open_NextPacket
MediaInfo_Option
MediaInfo_Output_Buffer_Get
MediaInfo_Output_Buffer_GetI
MediaInfo_Save
MediaInfo_Set
MediaInfo_SetI
MediaInfo_State_Get

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 502KB - Virtual size: 501KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ShellEx64_101.dll
.dll regsvr32 windows:5 windows x64 arch:x64

2c775f71f048cf66c85a2800909eb31a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\prg\FormatFactory\Bin\ShellEx64_101.pdb

Imports

shlwapi

SHDeleteKeyW

kernel32

ResumeThread
TerminateThread
GetModuleFileNameA
OutputDebugStringA
WideCharToMultiByte
MultiByteToWideChar
CreateFileW
FlushFileBuffers
ReadFile
WriteFile
SetFilePointer
GetFileSize
SetEndOfFile
CopyFileW
DeleteFileW
MoveFileW
OpenThread
SetFileTime
GetFileAttributesW
GetDriveTypeW
RemoveDirectoryW
FindClose
FindFirstFileW
FindNextFileW
CreateDirectoryW
GetDiskFreeSpaceExW
GetCurrentThreadId
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
CloseHandle
SuspendThread
CreateThread
GetEnvironmentVariableW
GetNativeSystemInfo
GetSystemDefaultLangID
GetTickCount
GetTempPathW
GlobalUnlock
GlobalLock
GetModuleFileNameW
CreateProcessW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetFileTime
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
Sleep
DecodePointer
EncodePointer

user32

InsertMenuW
wsprintfW
GetSystemMetrics
LoadImageW
SetMenuItemBitmaps

gdi32

DeleteObject

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegDeleteValueA
RegDeleteKeyA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA

shell32

DragQueryFileW

ole32

CoTaskMemFree
ReleaseStgMedium
StringFromCLSID

msvcr100

??3@YAXPEAX@Z
wcscpy_s
_wtol
strchr
strrchr
wcschr
wcsrchr
strcpy_s
strcat_s
__CxxFrameHandler3
vsprintf_s
vswprintf_s
sprintf_s
swprintf_s
memcmp
swscanf_s
sscanf_s
memcpy
memset
_malloc_crt
_initterm
_initterm_e
free
_encoded_null
_amsg_exit
__C_specific_handler
__CppXcptFilter
__crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
??2@YAPEAX_K@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 642B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ShellEx_101.dll
.dll regsvr32 windows:5 windows x86 arch:x86

d7caf458322538d421a1e9194414fb67

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\prg\FormatFactory\Bin\ShellEx_101.pdb

Imports

shlwapi

SHDeleteKeyW

kernel32

SuspendThread
OpenThread
ResumeThread
TerminateThread
GetModuleFileNameA
OutputDebugStringA
WideCharToMultiByte
MultiByteToWideChar
CreateFileW
FlushFileBuffers
ReadFile
WriteFile
SetFilePointer
GetFileSize
SetEndOfFile
CopyFileW
DeleteFileW
CloseHandle
GetFileTime
SetFileTime
GetFileAttributesW
GetDriveTypeW
RemoveDirectoryW
FindClose
FindFirstFileW
FindNextFileW
CreateDirectoryW
GetDiskFreeSpaceExW
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetEnvironmentVariableW
CreateThread
GetNativeSystemInfo
GetSystemDefaultLangID
GetTickCount
GetTempPathW
GlobalUnlock
GlobalLock
GetModuleFileNameW
CreateProcessW
IsProcessorFeaturePresent
InterlockedDecrement
InterlockedIncrement
GetSystemTimeAsFileTime
MoveFileW
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer

user32

InsertMenuW
wsprintfW
GetSystemMetrics
LoadImageW
SetMenuItemBitmaps

gdi32

DeleteObject

advapi32

RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegDeleteValueA
RegDeleteKeyA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA

shell32

DragQueryFileW

ole32

CoTaskMemFree
ReleaseStgMedium
StringFromCLSID

msvcr100

??3@YAXPAX@Z
wcscpy_s
_wtol
strchr
strrchr
strcpy_s
wcschr
wcsrchr
strcat_s
__CxxFrameHandler3
vsprintf_s
vswprintf_s
sprintf_s
swprintf_s
swscanf_s
sscanf_s
memcpy
memset
_malloc_crt
free
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
??2@YAPAXI@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updatelog.txt

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 100KB

.rsrc Size: 100KB - Virtual size: 100KB

741b6bafe355b63a372d737b30543a95

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 188B

.reloc Size: 512B - Virtual size: 436B

b711f65a9aff6a22fb2f57f0ac8bda33

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

65:16:5e:50:24:9f:f6:ad:03:9d:77:06:ec:59:bf:8dCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 109KB

.ndata Size: - Virtual size: 32KB

.rsrc Size: 9KB - Virtual size: 12KB

8cb73f23fc4ffce04345bba981c347fe

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

65:16:5e:50:24:9f:f6:ad:03:9d:77:06:ec:59:bf:8dCertificate

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 100KB

.rsrc
Size: 100KB - Virtual size: 100KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 188B

.reloc
Size: 512B - Virtual size: 436B

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

65:16:5e:50:24:9f:f6:ad:03:9d:77:06:ec:59:bf:8d
Certificate

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 109KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 9KB - Virtual size: 12KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

65:16:5e:50:24:9f:f6:ad:03:9d:77:06:ec:59:bf:8d
Certificate

.text
Size: 68KB - Virtual size: 67KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 24KB - Virtual size: 20KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

65:16:5e:50:24:9f:f6:ad:03:9d:77:06:ec:59:bf:8d
Certificate

.text
Size: 876KB - Virtual size: 875KB

.rdata
Size: 157KB - Virtual size: 157KB

.data
Size: 28KB - Virtual size: 37KB

.rsrc
Size: 56KB - Virtual size: 55KB

.reloc
Size: 39KB - Virtual size: 38KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate