8ce88b52dbac86cbdf1655356261e773[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

8ce88b52dbac86cbdf1655356261e773.bin
Size

2.9MB
MD5

645a97af07225811c4599850361c1a01
SHA1

a616a9a4613002c6a34e6939246976375cd374a0
SHA256

2f66b87534d0e252da98f11e8a2b43879298f3d9eac0b8c84f382e5c24e2f7a4
SHA512

ef56512d63bad798f450546cc59ef4d2f3f9be34ffee1523bb79e3355e2e7fea8ed30816962c440d198bff9ccac5cb5716755ce865377d78d75b256a363cbaf5
SSDEEP

49152:l0XTq7dKPaOpaxoDgSDl45e0v68ghesYesi8fiE/p0NauMa92bH:eDq7dKPaO0ubiJvN9ffZ/q4uMaAbH

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack002/mfc80u.dll
unpack002/msvcp80.dll
unpack002/msvcr80.dll

resource
unpack002/mfc80u.dll
unpack002/msvcp80.dll
unpack002/msvcr80.dll

Files

8ce88b52dbac86cbdf1655356261e773.bin
.zip

Password: infected
384d1185d248d647cc639c24f082412950b1bb2413c49e152257b8fc1a42468c.zip
.zip

Password: infected
IMHttpComm.dll
.dll windows:4 windows x86 arch:x86

Password: infected

aba56a0f7290ac5134384764b9d92e60

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

45:f8:76:94:fe:8d:19:84:71:97:96:ae:c8:03:1d:f4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24-04-2012 00:00

Not After

23-04-2015 23:59

Subject

CN=Perion Network Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Perion Network Ltd.,L=Tel Aviv,ST=Tel Aviv,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e0:2d:90:ab:e8:ab:19:6a:3c:e7:0d:51:c4:2f:a4:85:50:d2:50:29
Signer

Actual PE Digest

e0:2d:90:ab:e8:ab:19:6a:3c:e7:0d:51:c4:2f:a4:85:50:d2:50:29

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

i:\Infra\Communication\bin\release\IMHttpComm.pdb

Imports

wininet

InternetSetStatusCallback
InternetOpenA
InternetConnectA
InternetCrackUrlA
InternetReadFileExA
HttpQueryInfoA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetCloseHandle

shell32

SHCreateDirectoryExA

shlwapi

PathRemoveFileSpecA

kernel32

InterlockedExchange
CloseHandle
WriteFile
CreateFileA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
OutputDebugStringA
GetLastError
GetCurrentThreadId

user32

DefWindowProcA
CreateWindowExA
DestroyWindow
PostMessageA
SetWindowLongA
IsWindow

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

msvcr80

_except_handler4_common
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
__CxxFrameHandler3
_CxxThrowException
memset
_strnicmp
_purecall
free
malloc
memcpy
??2@YAPAXI@Z
??3@YAXPAX@Z
??_V@YAXPAX@Z
realloc
strcpy_s
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
_invalid_parameter_noinfo
_vsnprintf_s
?terminate@@YAXXZ
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook

Exports

Exports

??0CImWinInetRequest@@QAE@ABV0@@Z
??0CImWinInetRequest@@QAE@PAVCImWinInetSession@@PAX@Z
??0CImWinInetSession@@QAE@ABV0@@Z
??0CImWinInetSession@@QAE@HABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??1CImWinInetRequest@@UAE@XZ
??1CImWinInetSession@@UAE@XZ
??4CImWinInetRequest@@QAEAAV0@ABV0@@Z
??4CImWinInetSession@@QAEAAV0@ABV0@@Z
??BCImWinInetSession@@QBEPAXXZ
??_7CImWinInetRequest@@6B@
??_7CImWinInetSession@@6B@
??_FCImWinInetSession@@QAEXXZ
?Abort@CImWinInetRequest@@QAEXXZ
?AddRequest@CImWinInetSession@@AAEXPAVCImWinInetRequest@@@Z
?AsyncEvent@CImWinInetRequest@@QAEXPAUCImWinInetEnevt@@@Z
?Close@CImWinInetRequest@@AAEXXZ
?Create@CImWinInetSession@@QAEXXZ
?DoSend@CImWinInetRequest@@AAE_NXZ
?DoSendRequest@CImWinInetSession@@AAE_NPAVCImWinInetRequest@@@Z
?GetContentBuffer@CImWinInetRequest@@QAEPAXXZ
?GetContentLength@CImWinInetRequest@@QAEKXZ
?GetContext@CImWinInetRequest@@QAEPAXXZ
?GetFileName@CImWinInetRequest@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetHeadersOnly@CImWinInetRequest@@QAEHAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetHttpStatusCode@CImWinInetRequest@@QBEKXZ
?GetUrl@CImWinInetRequest@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?IsFile@CImWinInetRequest@@QAEHXZ
?IsValidRequest@CImWinInetSession@@AAE_NPAVCImWinInetRequest@@@Z
?OnBytesReceived@CImWinInetRequest@@MAEXK@Z
?OnBytesSent@CImWinInetRequest@@MAEXK@Z
?OnDataReceived@CImWinInetRequest@@AAEXK@Z
?OnDataSent@CImWinInetRequest@@AAEXK@Z
?OnDestroy@CImWinInetRequest@@MAEXXZ
?OnError@CImWinInetRequest@@MAEXK@Z
?OnHeadersAvailable@CImWinInetRequest@@MAEXXZ
?OnReceivingResponse@CImWinInetRequest@@AAEXXZ
?OnRedirect@CImWinInetRequest@@MAEXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?OnRequestClosed@CImWinInetSession@@QAEXPAVCImWinInetRequest@@@Z
?OnRequestComplete@CImWinInetRequest@@AAEXKK@Z
?OnStatusRedirect@CImWinInetRequest@@AAEXPAD@Z
?ReadData@CImWinInetRequest@@AAE_NAAK@Z
?RemoveRequest@CImWinInetSession@@AAEXPAVCImWinInetRequest@@@Z
?SaveToFile@CImWinInetRequest@@AAE_NXZ
?Send@CImWinInetRequest@@QAE_NW4eWinInetVerb@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@1PAXH@Z
?SendAsyncMessage@CImWinInetSession@@QAE_NPAUCImWinInetEnevt@@@Z
?SendRequest@CImWinInetSession@@QAE_NPAVCImWinInetRequest@@@Z
?SetDontCacheFlag@CImWinInetRequest@@QAEX_N@Z
?UrlDownloadToFile@CImWinInetRequest@@QAEHAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?WinInetCallBack@CImWinInetRequest@@CGXPAXKK0K@Z
?WindowMsgProc@CImWinInetSession@@CAJPAUHWND__@@IIJ@Z

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ImLookExU.dll
.dll windows:4 windows x86 arch:x86

Password: infected

14347c7fffee889c42c4c06be0e3d25d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

45:f8:76:94:fe:8d:19:84:71:97:96:ae:c8:03:1d:f4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24-04-2012 00:00

Not After

23-04-2015 23:59

Subject

CN=Perion Network Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Perion Network Ltd.,L=Tel Aviv,ST=Tel Aviv,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a8:64:23:c7:84:a0:8c:7b:cf:2a:89:db:8c:7f:ab:69:92:46:82:b3
Signer

Actual PE Digest

a8:64:23:c7:84:a0:8c:7b:cf:2a:89:db:8c:7f:ab:69:92:46:82:b3

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Q:\bin\ReleaseUnicode\ImLookExU.pdb

Imports

imutilsu

ord39
ord1048
ord94
ord386
ord190
ord184
ord2101
ord1354
ord931
ord952
ord1414
ord1350
ord1401
ord2081
ord1402
ord1400
ord1327
ord1362
ord2045
ord1998
ord1765
ord864
ord2047
ord2046
ord2378
ord6
ord1398
ord1383
ord1372
ord1356
ord1384
ord1395
ord1394
ord1392
ord390
ord1388
ord2339
ord1377
ord1375
ord2266
ord748
ord1141
ord1329
ord1139
ord2371
ord2368
ord1396
ord2372
ord1389
ord2367
ord1320
ord731
ord1379
ord1378
ord1917
ord1367
ord2062
ord2359
ord1254
ord875
ord66
ord2360
ord2381
ord2370
ord2369
ord1107
ord782
ord2432
ord1397
ord2364
ord2049
ord1393
ord1391
ord1390
ord2380
ord1404
ord679
ord1333
ord675
ord1335
ord83
ord242
ord65
ord1355
ord1441
ord1380
ord1382
ord1381
ord1338
ord2245
ord1336
ord1386
ord1385
ord5
ord28
ord1339
ord1416

imlooku

ord1324
ord1323
ord1380
ord708
ord688
ord892
ord1612
ord1567
ord1321
ord1594
ord1562
ord935
ord944
ord390
ord423
ord422
ord613
ord421
ord252
ord306
ord641
ord1322
ord1320
ord202
ord235
ord988
ord1761
ord1760
ord941
ord11
ord60
ord1381
ord893
ord1697
ord1003
ord1379
ord961
ord48
ord5
ord1559
ord97
ord55
ord1558
ord303
ord507
ord1560
ord1623
ord13
ord18
ord1595
ord67
ord1627
ord1376
ord1032
ord510
ord1358
ord923
ord922
ord924
ord866
ord770
ord867
ord521
ord25
ord14
ord74
ord63
ord1374
ord883
ord1126
ord1375
ord337
ord1386
ord1367
ord1369
ord1382
ord994
ord1563
ord1564
ord650
ord546
ord430
ord1048
ord996
ord991
ord243
ord201
ord232
ord233
ord598
ord599
ord263
ord1313
ord1031
ord995
ord1368
ord336
ord833
ord970
ord957
ord362
ord56
ord909
ord952
ord1640
ord1696
ord675
ord955
ord850
ord1532
ord1599
ord1603
ord1666
ord1371
ord319
ord1066
ord1067
ord1065
ord1561
ord1689
ord1690
ord1691
ord1692
ord1693
ord1694
ord987
ord1327
ord1383
ord1384
ord1510
ord1703
ord449
ord434
ord1373
ord397
ord1565
ord1566
ord1130
ord1663
ord23
ord438
ord267
ord1695
ord332
ord1601
ord9
ord1533
ord632
ord760

imwrappu

ord179
ord244
ord178
ord11
ord177
ord176
ord6
ord180
ord4
ord8
ord7
ord2
ord3

gdi32

CreateDCW
GetDeviceCaps
SelectObject
GetCurrentObject
DeleteDC
GetObjectA
OffsetRgn
CombineRgn
CreateRectRgn
CreatePatternBrush
DeleteObject
GetTextExtentPoint32W
BitBlt
CreateCompatibleDC
GetObjectW
CreateCompatibleBitmap

gdiplus

GdipDisposeImage
GdipDeleteFont
GdipDeleteGraphics
GdipDeleteStringFormat
GdipCreateStringFormat
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromScan0
GdipCreateHBITMAPFromBitmap
GdipCreateSolidFill
GdipCreateFromHDC
GdipGetImageGraphicsContext
GdipGraphicsClear
GdipDrawString
GdipMeasureString
GdipDrawImageRect
GdipDrawImagePointRectI
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipCloneBrush
GdipCloneImage
GdipSaveImageToFile
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipDeleteBrush
GdipAlloc
GdipFree

wlessfp1

?SetMovie@WindowlessFlashPlayer@@QAEXPB_W@Z
?Play@WindowlessFlashPlayer@@QAEXXZ
?GetVM1Variable@WindowlessFlashPlayer@@QAE_NPB_WPA_WH@Z
?StartDrag@WindowlessFlashPlayer@@QAEXXZ
?OnWindowsMessage@WindowlessFlashPlayer@@UAEXGJI@Z
?OnCommand@WindowlessFlashPlayer@@UAEXPB_W0@Z
?GoToFrame@WindowlessFlashPlayer@@QAEXH@Z
??1WindowlessFlashPlayer@@QAE@XZ
??0WindowlessFlashPlayer@@QAE@PA_W@Z
?Stop@WindowlessFlashPlayer@@QAEXXZ
?SetVM1Variable@WindowlessFlashPlayer@@QAEXPB_W0@Z
?SetSize@WindowlessFlashPlayer@@QAEXPBUtagSIZE@@@Z
?GetSize@WindowlessFlashPlayer@@QAEXPAUtagSIZE@@@Z
?SetAlwaysOnTop@WindowlessFlashPlayer@@QAEX_N@Z
?Hide@WindowlessFlashPlayer@@QAEXXZ
?SetPosition@WindowlessFlashPlayer@@QAEXPBUtagPOINT@@@Z
?Show@WindowlessFlashPlayer@@QAEX_N@Z
?SetCursor@WindowlessFlashPlayer@@QAEXPAUHICON__@@@Z

mfc80u

ord5708
ord1093
ord764
ord577
ord774
ord293
ord280
ord1472
ord1176
ord265
ord266
ord283
ord2340
ord1571
ord258
ord3249
ord1172
ord5316
ord6282
ord870
ord5327
ord261
ord6293
ord777
ord762
ord760
ord776
ord631
ord2271
ord3927
ord386
ord2366
ord4255
ord4480
ord3943
ord2638
ord3703
ord3713
ord3712
ord2527
ord2640
ord2534
ord2856
ord2708
ord4301
ord2829
ord2725
ord2531
ord1590
ord1646
ord1647
ord1955
ord1353
ord4961
ord3339
ord6275
ord3796
ord6273
ord1513
ord2163
ord2169
ord2399
ord2381
ord2379
ord2397
ord2409
ord2386
ord2402
ord2407
ord2390
ord2392
ord2394
ord2388
ord2404
ord2384
ord931
ord927
ord929
ord925
ord920
ord5229
ord5231
ord5956
ord1591
ord4276
ord4716
ord3397
ord5210
ord4179
ord6271
ord5067
ord1899
ord5148
ord4238
ord1393
ord3940
ord1608
ord1611
ord5911
ord6721
ord2648
ord371
ord2468
ord1178
ord5711
ord2121
ord745
ord557
ord1925
ord1476
ord1118
ord2311
ord1457
ord6061
ord4112
ord3204
ord1479
ord2895
ord6111
ord282
ord6700
ord3157
ord2362
ord3155
ord1271
ord1270
ord5633
ord2361
ord1894
ord4256
ord5196
ord5171
ord1392
ord5908
ord6720
ord1542
ord1661
ord1662
ord4884
ord5178
ord1220
ord602
ord1959
ord2254
ord347
ord6033
ord5638
ord326
ord5829
ord5485
ord6086
ord6063
ord1545
ord3756
ord3858
ord287
ord5048
ord747
ord559
ord3168
ord759
ord570
ord3330
ord4475
ord2832
ord5563
ord5209
ord5226
ord4563
ord3942
ord2240
ord5223
ord5220
ord2925
ord1911
ord1731
ord3629
ord290
ord3596
ord3627
ord3599
ord1030
ord2809
ord3946
ord3448
ord6751
ord2241
ord314
ord2244
ord2243
ord6219
ord1031
ord2560
ord4109
ord1049
ord2132
ord5707
ord5714
ord4558
ord4882
ord2282
ord4101
ord3281
ord3296
ord572
ord2985
ord5609
ord2713
ord758
ord2225
ord1416
ord567
ord588
ord328
ord3395
ord5727
ord3995
ord5637
ord4117
ord502
ord5636
ord2255
ord2261
ord4100
ord3990
ord4347
ord1087
ord6278
ord761
ord573
ord6167
ord2341
ord896
ord4074
ord4078
ord5149
ord3079
ord5053
ord3678
ord1079
ord4259
ord4271
ord1297
ord2164
ord5201
ord5144
ord3939
ord1548
ord4013
ord2418
ord2419
ord2986
ord5352
ord940
ord4898
ord2933
ord4129
ord4303
ord5006
ord5003
ord2609
ord1904
ord2237
ord5398
ord6001
ord5710
ord722
ord530
ord5440
ord3857
ord618
ord370
ord1182
ord3390
ord6749
ord1908
ord1921
ord3590
ord1168

msvcr80

_wtoi
free
malloc
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@XZ
_invalid_parameter_noinfo
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
qsort
memcpy
?terminate@@YAXXZ
_purecall
__dllonexit
_encode_pointer
memcpy_s
_onexit
_decode_pointer
_except_handler4_common
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
memset
__CxxFrameHandler3
_unlock
_lock

kernel32

GetThreadLocale
GetLocaleInfoA
GetACP
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
lstrlenW
GlobalAlloc
GlobalLock
GlobalUnlock
GetLastError
SetLastError
GetProcAddress
GetModuleHandleW
LoadLibraryW
lstrcpyW
lstrcmpW
WaitForSingleObject
Sleep
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
CreateEventW
ResetEvent
CreateThread
DeleteFileW
SetEvent
GetVersionExA

user32

GetWindowDC
SendMessageW
PostMessageW
GetParent
EnableWindow
PtInRect
InvalidateRect
IsIconic
IsZoomed
IsCharAlphaNumericW
GetKeyState
SetRect
GetWindowRgn
SetWindowRgn
FillRect
FindWindowW
IsRectEmpty
CopyRect
IsWindow
GetWindowRect
PostThreadMessageW
wsprintfW
GetCursorPos
SetCursor
LoadCursorW
MapWindowPoints
CreatePopupMenu
GetFocus
SetActiveWindow
KillTimer
SetTimer
RedrawWindow
UpdateWindow
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
GetClientRect
FrameRect

advapi32

RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey

sfttree_ix86_u_60

ord250
ord370
ord244
ord506
ord505
ord504
ord352
ord455
ord255
ord523
ord544
ord465
ord456
ord451
ord532
ord450
ord530
ord562
ord433
ord428
ord426
ord423
ord420
ord584
ord408
ord497
ord404
ord403
ord401
ord252
ord251
ord249
ord245
ord374
ord363
ord531
ord488
ord328
ord327
ord326
ord325
ord323
ord321
ord318
ord316
ord314
ord313
ord312
ord309
ord306
ord298
ord583
ord287
ord507
ord283
ord241
ord586
ord236
ord231
ord147
ord140
ord253
ord466
ord508
ord464
ord462
ord510
ord454
ord402
ord483
ord438
ord436
ord576
ord427
ord284
ord292
ord293
ord518
ord336
ord418
ord520
ord487
ord146
ord141
ord400
ord142
ord372
ord153
ord230
ord232
ord233
ord240
ord501
ord285
ord286
ord288
ord289
ord290
ord291
ord295
ord300
ord302
ord317
ord247
ord405
ord406
ord409
ord410
ord411
ord413
ord414
ord416
ord417

ole32

CreateStreamOnHGlobal
CoInitialize

oleaut32

SysFreeString

msvcp80

??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

Exports

Exports

??0WindowlessFlashPlayer@@QAE@ABV0@@Z
??4WindowlessFlashPlayer@@QAEAAV0@ABV0@@Z
??_7WindowlessFlashPlayer@@6B@
?sAscendingSort@CImList@@1HA

Sections

.text
Size: 156KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ImLookU.dll
.dll windows:4 windows x86 arch:x86

Password: infected

1733b83cdf3fb5b054b258047bf2aaaf

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

45:f8:76:94:fe:8d:19:84:71:97:96:ae:c8:03:1d:f4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24-04-2012 00:00

Not After

23-04-2015 23:59

Subject

CN=Perion Network Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Perion Network Ltd.,L=Tel Aviv,ST=Tel Aviv,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ff:0e:31:d9:9e:0d:61:20:79:6d:36:1b:9c:68:b0:18:7f:5b:12:f5
Signer

Actual PE Digest

ff:0e:31:d9:9e:0d:61:20:79:6d:36:1b:9c:68:b0:18:7f:5b:12:f5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Q:\bin\ReleaseUnicode\ImLookU.pdb

Imports

imutilsu

ord2318
ord2316
ord1359
ord1356
ord1475
ord1334
ord65
ord1335
ord1336
ord5
ord1337
ord1338
ord1339
ord1917
ord1941
ord1333
ord87
ord1342
ord32
ord1344
ord1345
ord1348
ord2407
ord1349
ord1350
ord2432
ord782
ord1351
ord1347
ord1428
ord1340
ord1341
ord1343
ord1352
ord1688
ord1346
ord2319
ord952
ord1355
ord2081
ord1887
ord2079
ord1361
ord1363
ord1943
ord242
ord82
ord25
ord24
ord731
ord1072
ord1598
ord1679
ord1416
ord2225
ord1383
ord80
ord571
ord1482
ord2100
ord193
ord22
ord1775
ord1409
ord1253
ord1100
ord953
ord2102
ord78
ord580
ord1366
ord1918
ord1362
ord2314
ord2315
ord1332
ord2268
ord561
ord678
ord680
ord1916
ord23
ord667
ord81
ord517
ord637
ord2313
ord709
ord1331
ord1329
ord1142
ord1328
ord1327
ord1495
ord1326
ord165
ord1324
ord810
ord1323
ord865
ord390
ord1141
ord1353
ord1139
ord1364
ord675
ord1551
ord931
ord951
ord1322
ord386
ord28
ord1365
ord1321
ord1320
ord469
ord83

winmm

sndPlaySoundW
PlaySoundW

wlessfp1

?OnCommand@WindowlessFlashPlayer@@UAEXPB_W0@Z
?OnWindowsMessage@WindowlessFlashPlayer@@UAEXGJI@Z

mfc80u

ord2648
ord4119
ord1271
ord3204
ord1118
ord2311
ord1925
ord3155
ord3390
ord6751
ord1176
ord6749
ord1079
ord3417
ord587
ord5171
ord1921
ord774
ord6063
ord602
ord1957
ord1270
ord347
ord4882
ord1479
ord282
ord6700
ord860
ord760
ord572
ord3158
ord2985
ord5196
ord5210
ord2077
ord4109
ord4347
ord1959
ord1555
ord416
ord3990
ord4100
ord4101
ord2260
ord5727
ord2255
ord1416
ord3079
ord3395
ord2066
ord3678
ord3165
ord4228
ord1538
ord3157
ord326
ord2361
ord591
ord651
ord1472
ord3281
ord2362
ord2080
ord4092
ord1474
ord1922
ord2893
ord6219
ord4314
ord6061
ord6116
ord281
ord3983
ord5609
ord3995
ord4117
ord5637
ord502
ord4755
ord709
ord501
ord5638
ord5636
ord6033
ord1178
ord3249
ord1172
ord5316
ord266
ord265
ord6282
ord5327
ord6293
ord3600
ord3596
ord1182
ord5711
ord4920
ord2011
ord604
ord350
ord3175
ord4256
ord5199
ord4238
ord1392
ord1609
ord5908
ord6720
ord1542
ord1661
ord1662
ord4884
ord4729
ord4206
ord5178
ord4193
ord4664
ord3930
ord6075
ord2793
ord6083
ord3785
ord6253
ord2139
ord4361
ord4494
ord5511
ord3058
ord2674
ord2723
ord6157
ord2257
ord1384
ord985
ord5388
ord3706
ord3698
ord2812
ord3894
ord2636
ord1975
ord2632
ord5844
ord1220
ord6147
ord3752
ord352
ord4120
ord4018
ord4017
ord1605
ord1281
ord2560
ord2651
ord4574
ord1049
ord5821
ord2809
ord2132
ord4357
ord745
ord557
ord1476
ord2159
ord4334
ord6086
ord1386
ord2683
ord3634
ord3435
ord605
ord4112
ord2151
ord6279
ord2713
ord5633
ord356
ord354
ord6277
ord3635
ord1785
ord3434
ord1953
ord5157
ord5198
ord6265
ord5141
ord1334
ord1343
ord2068
ord2072
ord1903
ord3981
ord5351
ord3923
ord4190
ord6010
ord6044
ord3448
ord3189
ord620
ord3756
ord2254
ord5053
ord2340
ord1571
ord3453
ord630
ord385
ord4713
ord2012
ord4728
ord4205
ord4904
ord4459
ord4619
ord4458
ord4488
ord4966
ord3630
ord3082
ord3050
ord3783
ord866
ord664
ord427
ord1443
ord5342
ord3092
ord2904
ord1047
ord5091
ord556
ord4061
ord5484
ord3460
ord5161
ord4921
ord4890
ord4354
ord4902
ord4244
ord5654
ord2622
ord4293
ord4336
ord4669
ord4866
ord4946
ord1087
ord3557
ord635
ord4259
ord4271
ord1297
ord2164
ord5201
ord5144
ord3939
ord1548
ord4013
ord2418
ord2419
ord2986
ord5352
ord940
ord4898
ord2933
ord4129
ord4303
ord5006
ord5003
ord2609
ord1904
ord2237
ord4162
ord395
ord3642
ord3331
ord3471
ord648
ord410
ord4267
ord2711
ord1553
ord5162
ord1351
ord3338
ord5202
ord5147
ord1610
ord5910
ord6763
ord3968
ord4854
ord4857
ord4373
ord4378
ord4375
ord4393
ord4395
ord4380
ord4770
ord4581
ord4172
ord4165
ord4974
ord4383
ord4775
ord4198
ord4784
ord4437
ord4438
ord3734
ord4908
ord4513
ord4514
ord4914
ord4553
ord5043
ord4433
ord4362
ord4495
ord4840
ord4964
ord4523
ord4474
ord4965
ord4510
ord4194
ord4942
ord4788
ord4281
ord4370
ord4371
ord4957
ord4790
ord4704
ord4358
ord4799
ord5047
ord4958
ord4643
ord4940
ord4501
ord4955
ord4668
ord4125
ord1293
ord1999
ord4126
ord6111
ord2413
ord2414
ord2415
ord2412
ord2411
ord3644
ord2797
ord5524
ord896
ord1970
ord3296
ord1194
ord5631
ord5701
ord4234
ord2086
ord3174
ord5715
ord5917
ord5397
ord5410
ord5584
ord5519
ord5643
ord5723
ord5884
ord6053
ord4155
ord6050
ord5604
ord6056
ord5607
ord2521
ord3497
ord3238
ord2085
ord4094
ord1946
ord2365
ord1058
ord5829
ord2424
ord4628
ord2155
ord3590
ord2932
ord1156
ord715
ord3286
ord1572
ord1634
ord2652
ord3829
ord2460
ord595
ord3291
ord4959
ord6269
ord1335
ord4983
ord2030
ord1574
ord4674
ord1340
ord532
ord4290
ord3426
ord3663
ord1040
ord1183
ord1191
ord1114
ord5972
ord6058
ord1192
ord1115
ord899
ord6014
ord4762
ord1545
ord865
ord6201
ord747
ord559
ord3168
ord723
ord531
ord1931
ord3474
ord5426
ord3016
ord5465
ord4060
ord3198
ord663
ord426
ord631
ord2271
ord386
ord4074
ord548
ord1162
ord1000
ord5433
ord3414
ord736
ord3306
ord1579
ord1637
ord739
ord3309
ord1580
ord1638
ord3569
ord740
ord552
ord4275
ord4715
ord1581
ord1727
ord1735
ord5357
ord4600
ord1725
ord1937
ord6100
ord6098
ord1927
ord1912
ord2423
ord5700
ord1358
ord944
ord2008
ord2043
ord2044
ord3791
ord6142
ord2067
ord6104
ord6106
ord3797
ord5799
ord3070
ord6006
ord2826
ord4658

msvcr80

_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
__CxxFrameHandler3
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@XZ
_invalid_parameter_noinfo
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
memset
memcpy_s
_purecall
_wtol
wcscpy_s
toupper
div
memcpy
__RTDynamicCast
ceil
wcsstr
free
malloc
memmove_s
swscanf
_except_handler4_common
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter

kernel32

lstrcpynW
SetLastError
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetLastError
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
MulDiv
GetCurrentThreadId
LocalFree
LocalUnlock
LocalLock
LocalAlloc
GetProfileIntW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GlobalFree
FreeLibrary
OutputDebugStringW
SetEvent
CloseHandle
SetPriorityClass
GetCurrentProcess
CopyFileW
SetFileAttributesW
CreateThread
ResetEvent
CreateEventW
InterlockedDecrement
DeleteFileW
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
HeapFree
GetProcessHeap
lstrlenW
InterlockedExchange
Sleep
InterlockedCompareExchange
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcessId
IsDebuggerPresent

user32

TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
AppendMenuW
GetMenuItemCount
GetMenuItemInfoW
GetSubMenu
InsertMenuW
ModifyMenuW
RemoveMenu
SetMenuItemInfoW
IsMenu
LoadMenuW
GetSystemMenu
GetMenuStringW
IsChild
GetCapture
GetMenuDefaultItem
GetMenuItemID
GetMenuState
ClientToScreen
ScreenToClient
UpdateWindow
SetTimer
KillTimer
GetNextDlgTabItem
EqualRect
SetCapture
DispatchMessageW
ReleaseCapture
GetMessageW
UpdateLayeredWindow
MoveWindow
ShowWindow
DestroyWindow
GetIconInfo
MessageBoxW
DrawIconEx
LoadCursorFromFileW
DestroyCursor
IntersectRect
CreatePopupMenu
GetWindowRgn
SetWindowPos
SetWindowPlacement
GetWindowPlacement
FillRect
PrintWindow
IsDialogMessageW
GetWindowThreadProcessId
SetFocus
GetDlgCtrlID
IsWindow
GetWindowLongW
GetWindowDC
SetWindowRgn
GetKeyState
GetSysColor
SystemParametersInfoW
GetSystemMetrics
GetComboBoxInfo
InvalidateRect
ReleaseDC
GetDC
GetWindowRect
SetRectEmpty
IsRectEmpty
FrameRect
InflateRect
CopyRect
RegisterWindowMessageW
GetDesktopWindow
DestroyIcon
LoadCursorW
GetParent
GetFocus
GetActiveWindow
GetClientRect
SetCursor
OffsetRect
SetRect
DrawStateW
LoadBitmapW
PeekMessageW
EnableWindow
SetActiveWindow
PtInRect
WindowFromPoint
GetCursorPos
SetMenuDefaultItem
PostMessageW
SendMessageW
IsWindowVisible
CopyImage
ExcludeUpdateRgn
ChildWindowFromPoint
GetForegroundWindow
GetAsyncKeyState
LockWindowUpdate
IsZoomed
GetWindow
SetWindowLongW
CallWindowProcW
GetDialogBaseUnits
mouse_event
SetForegroundWindow
RedrawWindow
SetParent
IsIconic

gdi32

BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetObjectW
Rectangle
GetTextExtentPoint32W
SetViewportOrgEx
GetStockObject
CreateSolidBrush
EnumFontFamiliesExW
CreateRectRgn
SetBkMode
GetBkMode
SetBkColor
SetTextColor
CreatePatternBrush
CreateBitmap
GetTextColor
DeleteDC
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
CombineRgn
OffsetRgn
GetPixel
SetPixel
PatBlt
CreatePen
UnrealizeObject
GetBitmapBits
CreateFontW
CreateDCW
CreateRectRgnIndirect
SetRectRgn
GetRgnBox
StretchBlt
CreateDIBSection
DeleteObject

msimg32

TransparentBlt
AlphaBlend

shell32

ShellExecuteW

comctl32

_TrackMouseEvent

ole32

OleInitialize
OleUninitialize
CoCreateInstance

oleaut32

SysAllocStringLen
SysAllocStringByteLen
SysAllocString
VariantCopy
VariantClear
VariantInit
SysFreeString
SysStringLen
GetErrorInfo
VariantChangeType
SetErrorInfo
CreateErrorInfo
SysStringByteLen

msvcp80

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

gdiplus

GdipSetTextRenderingHint
GdipDrawString
GdipCloneBrush
GdipCloneImage
GdipSetStringFormatTrimming
GdipSetStringFormatHotkeyPrefix
GdipSetStringFormatLineAlign
GdipFree
GdipAlloc
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipDeleteGraphics
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipCreateHBITMAPFromBitmap
GdipSetImageAttributesColorMatrix
GdipGetImageGraphicsContext
GdipGetDC
GdipReleaseDC
GdipGraphicsClear
GdipDrawImageRectRect
GdipDrawImagePointRectI
GdipCloneBitmapAreaI
GdipSetImageAttributesColorKeys
GdipSaveImageToFile
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreateFromHDC
GdipDrawImageI
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipSetPageUnit
GdipSetPageScale
GdipDrawImageRectI
GdipDeleteBrush
GdipCreateStringFormat
GdipDeleteStringFormat
GdipDeleteFont
GdipCreateSolidFill
GdipSetStringFormatFlags
GdipGetStringFormatFlags
GdipSetStringFormatAlign

Exports

Exports

??0WindowlessFlashPlayer@@QAE@ABV0@@Z
??4WindowlessFlashPlayer@@QAEAAV0@ABV0@@Z
??_7WindowlessFlashPlayer@@6B@
?GetImStyle@CImWndExt@@QBEKXZ
?GetWindowlessContainer@CImWindowlessControl@@QBEPAVCImWndExt@@XZ
?_WlContainer@CImWndExt@@QBEPAVCImWindowlessContainer@@XZ
?_WlControl@CImWndExt@@QBEPAVCImWindowlessControl@@XZ
?_WndExtData@CImWndExt@@QBEPAVCImWndExtData@@XZ

Sections

.text
Size: 380KB - Virtual size: 377KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ImNtUtilU.dll
.dll windows:4 windows x86 arch:x86

Password: infected

ef30e239f7115e423d9c3762300d51fe

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

45:f8:76:94:fe:8d:19:84:71:97:96:ae:c8:03:1d:f4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24-04-2012 00:00

Not After

23-04-2015 23:59

Subject

CN=Perion Network Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Perion Network Ltd.,L=Tel Aviv,ST=Tel Aviv,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d8:de:62:8d:78:17:aa:f9:33:c8:b8:f9:aa:96:b9:7c:5a:4a:f2:f7
Signer

Actual PE Digest

d8:de:62:8d:78:17:aa:f9:33:c8:b8:f9:aa:96:b9:7c:5a:4a:f2:f7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Q:\bin\ReleaseUnicode\ImNtUtilU.pdb

Imports

kernel32

InterlockedDecrement
SetLastError
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
HeapFree
GetProcessHeap
lstrlenW
InterlockedExchange
Sleep
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetLastError

ole32

CoCreateInstance

oleaut32

SysStringLen
SysAllocString
SysFreeString
VariantClear
SetErrorInfo
CreateErrorInfo
GetErrorInfo
VariantChangeType
VariantInit

mfc80u

ord910
ord1908
ord667
ord584
ord1961
ord2901
ord1425
ord317
ord432
ord6184
ord433
ord3054
ord924
ord482
ord1965
ord1717
ord577
ord1479
ord870
ord2895
ord282
ord6700
ord1472
ord1182
ord1178
ord6001
ord5710
ord1161
ord5711
ord776
ord866
ord762
ord1194
ord807
ord4100
ord899
ord774
ord5558
ord860
ord3990
ord2260
ord3927
ord283
ord664
ord427
ord5427
ord2121
ord4061
ord293
ord2311
ord1220
ord629
ord1430
ord5319
ord2897
ord5083
ord384
ord1168
ord371
ord1093
ord3017
ord778
ord1079
ord5337
ord6299
ord5709
ord1176
ord6000
ord5672
ord3248
ord443
ord676
ord265
ord266
ord764
ord6002

msvcr80

_CxxThrowException
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_except_handler4_common
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__clean_type_info_names_internal
_wtol
_purecall
strchr
swscanf_s
__CxxFrameHandler3
qsort
calloc
realloc
malloc
free
memmove
memcpy
memset

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ImPackr.exe
.exe windows:4 windows x86 arch:x86

Password: infected

43f42f46ebdb4dc3b78f4cacbca38f6c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

45:f8:76:94:fe:8d:19:84:71:97:96:ae:c8:03:1d:f4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24-04-2012 00:00

Not After

23-04-2015 23:59

Subject

CN=Perion Network Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Perion Network Ltd.,L=Tel Aviv,ST=Tel Aviv,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b1:da:ca:0b:b3:d4:0b:0a:cd:fe:fe:25:52:cf:c1:1c:f3:6b:17:0c
Signer

Actual PE Digest

b1:da:ca:0b:b3:d4:0b:0a:cd:fe:fe:25:52:cf:c1:1c:f3:6b:17:0c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Q:\bin\ReleaseUnicode\ImPackr.pdb

Imports

imlooku

ord204
ord1579
ord1586
ord1584
ord1606
ord909
ord952
ord1640
ord833
ord675
ord362
ord955
ord850
ord1532
ord1599
ord1603
ord1666
ord1371
ord1066
ord1067
ord1065
ord1561
ord650
ord546
ord430
ord1048
ord996
ord991
ord243
ord201
ord232
ord233
ord598
ord899
ord1689
ord1690
ord1691
ord1692
ord1693
ord1694
ord987
ord1327
ord263
ord1313
ord1031
ord632
ord970
ord1383
ord1384
ord1510
ord1703
ord1698
ord24
ord8
ord9
ord35
ord1369
ord521
ord336
ord581
ord1076
ord1533
ord760
ord1367
ord4
ord1340
ord219
ord314
ord1696
ord1306
ord1587
ord1585
ord1605
ord54
ord84
ord57
ord73
ord58
ord599
ord56

imlookexu

ord5
ord156
ord435
ord147
ord106
ord6
ord63
ord16
ord15
ord463
ord462
ord214

imutilsu

ord1802
ord51
ord605
ord1996
ord830
ord738
ord363
ord895
ord106
ord388
ord1781
ord675
ord1569
ord1359
ord695
ord1409
ord1350
ord1322
ord865
ord1702
ord1333
ord1356
ord65
ord1335
ord1336
ord1804
ord5
ord951
ord931
ord2258
ord1929
ord1481
ord86
ord314
ord1594
ord1596
ord31
ord1801
ord1809
ord72
ord1800
ord13
ord66
ord2266
ord874
ord2359
ord2063
ord1372
ord6

gdiplus

GdiplusShutdown
GdiplusStartup

mfc80u

ord3943
ord2638
ord3703
ord3713
ord3712
ord2527
ord2640
ord2534
ord4475
ord2708
ord4301
ord2829
ord2725
ord2531
ord5209
ord5226
ord5222
ord5220
ord2925
ord1911
ord3826
ord5378
ord6215
ord5096
ord1007
ord3800
ord5579
ord2009
ord2054
ord4320
ord6274
ord3795
ord6272
ord4008
ord4032
ord1049
ord6086
ord860
ord2895
ord1058
ord4256
ord4480
ord2856
ord5196
ord1590
ord1646
ord1647
ord1955
ord5171
ord1353
ord3339
ord6275
ord3796
ord6273
ord1513
ord2163
ord2169
ord2399
ord2381
ord2379
ord2397
ord2409
ord2386
ord2402
ord2407
ord2390
ord2392
ord2394
ord2388
ord2404
ord2384
ord931
ord927
ord929
ord925
ord920
ord5229
ord5231
ord5956
ord1591
ord4276
ord4716
ord3397
ord4179
ord5067
ord1899
ord5148
ord4238
ord1392
ord3940
ord1608
ord1611
ord5908
ord6720
ord1542
ord1661
ord1662
ord4884
ord5178
ord4743
ord709
ord501
ord1220
ord894
ord5558
ord3927
ord5484
ord6063
ord6061
ord776
ord774
ord1476
ord2261
ord1176
ord5711
ord1271
ord1785
ord5609
ord5524
ord3756
ord283
ord2155
ord1479
ord282
ord6700
ord6111
ord1472
ord2366
ord1299
ord2167
ord3051
ord5398
ord2468
ord630
ord266
ord280
ord3990
ord3032
ord2012
ord3050
ord265
ord385
ord631
ord2271
ord386
ord899
ord6278
ord5829
ord6171
ord745
ord6002
ord557
ord2121
ord3249
ord1178
ord1172
ord5316
ord6282
ord3082
ord4100
ord896
ord5327
ord6293
ord4255
ord4535
ord3590
ord3155
ord3204
ord1925
ord293
ord2311
ord870
ord1118
ord577
ord1079
ord764
ord2832
ord1198

msvcr80

__p__commode
__p__fmode
_encode_pointer
__set_app_type
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
memcpy_s
memset
__CxxFrameHandler3
_adjust_fdiv

kernel32

IsDebuggerPresent
UnhandledExceptionFilter
DeleteFileW
CopyFileW
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
Sleep

user32

GetFocus
GetWindowRect
LoadBitmapW
RegisterWindowMessageW
EnableWindow
LoadIconW
GetClientRect
IsIconic
SendMessageW
DrawIcon
PostQuitMessage
GetSystemMetrics

shell32

SHGetPathFromIDListW
ShellExecuteW
SHBrowseForFolderW

ole32

CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SysFreeString

sfttree_ix86_u_60

ord417
ord414
ord413
ord401
ord487
ord372
ord353
ord289
ord427
ord436
ord411
ord438
ord253
ord466
ord462
ord454
ord354
ord130
ord400
ord131
ord146
ord141
ord483

Exports

Exports

??0WindowlessFlashPlayer@@QAE@ABV0@@Z
??4WindowlessFlashPlayer@@QAEAAV0@ABV0@@Z
??_7WindowlessFlashPlayer@@6B@

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ImUtilsU.dll
.dll windows:4 windows x86 arch:x86

Password: infected

d5653a4bfda719bffeba69a4f5d86bc8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

45:f8:76:94:fe:8d:19:84:71:97:96:ae:c8:03:1d:f4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24-04-2012 00:00

Not After

23-04-2015 23:59

Subject

CN=Perion Network Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Perion Network Ltd.,L=Tel Aviv,ST=Tel Aviv,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:a0:b3:c5:e6:88:e9:9b:6d:df:e2:c6:91:51:5b:fd:be:6a:5d:f0
Signer

Actual PE Digest

03:a0:b3:c5:e6:88:e9:9b:6d:df:e2:c6:91:51:5b:fd:be:6a:5d:f0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Q:\bin\ReleaseUnicode\ImUtilsU.pdb

Imports

imntutilu

ord284
ord239
ord238
ord237
ord240
ord6
ord67
ord18
ord57
ord236
ord234
ord232
ord231
ord233
ord235
ord229
ord228
ord227
ord226
ord230
ord7
ord19
ord66
ord59
ord190
ord214
ord213
ord191
ord143
ord60
ord96
ord130
ord45
ord65
ord54
ord56
ord52
ord2
ord63
ord64
ord15
ord53

kernel32

SetProcessWorkingSetSize
GetACP
MultiByteToWideChar
WideCharToMultiByte
ExpandEnvironmentStringsW
GetDiskFreeSpaceW
GetShortPathNameW
GetLongPathNameW
GetFileAttributesW
TerminateThread
GetDriveTypeW
GetLogicalDriveStringsW
GetLocaleInfoW
MoveFileW
LockResource
LoadResource
SizeofResource
FindResourceExW
GetEnvironmentVariableW
MoveFileExW
GetTempFileNameW
FindResourceW
lstrcmpW
GetPrivateProfileSectionNamesW
GetPrivateProfileIntW
GetPrivateProfileStringW
CreateThread
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
RaiseException
HeapSize
HeapReAlloc
HeapDestroy
GetModuleHandleW
IsBadReadPtr
VirtualProtect
VirtualQuery
GetCurrentProcess
DeleteFileW
CreateDirectoryW
SetFileAttributesW
InterlockedDecrement
RemoveDirectoryW
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
GetLastError
GetCurrentProcessId
WinExec
_lclose
_lopen
_lread
_llseek
_lcreat
_lwrite
GetWindowsDirectoryA
GetVolumeInformationA
DeviceIoControl
FileTimeToSystemTime
GetFileTime
SystemTimeToFileTime
GetVersionExA
lstrlenA
FindFirstChangeNotificationW
FindNextChangeNotification
FindCloseChangeNotification
InterlockedExchange
InterlockedCompareExchange
UnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetLocaleInfoA
GetThreadLocale
OutputDebugStringA
FlushFileBuffers
CreateSemaphoreW
ReleaseSemaphore
SetFilePointer
LoadLibraryExW
LocalLock
GetFileAttributesExW
InterlockedIncrement
WritePrivateProfileStringW
CreateFileW
CloseHandle
GetModuleFileNameW
FreeLibrary
LoadLibraryW
GetTickCount
GetCurrentThreadId
GetTempPathW
GetLocalTime
GetCurrentThread
SetUnhandledExceptionFilter
GetProcAddress
GetSystemDirectoryW
FindFirstFileW
FindClose
lstrlenW
HeapAlloc
GetProcessHeap
HeapFree
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesA
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetFileAttributesA
GlobalReAlloc
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetModuleHandleExW
CreateMutexW
ReleaseMutex
CreateEventW
WaitForMultipleObjects
SetEvent
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
Sleep
GetVersionExW
OpenProcess
WaitForSingleObject
TerminateProcess
GetCurrentDirectoryW
SetCurrentDirectoryW
CopyFileW
GetFileSize
ReadFile
WriteFile
CreateFileA
FormatMessageW
LocalAlloc
LocalFree
SetLastError
OutputDebugStringW

user32

MessageBoxA
UnregisterClassA
DestroyWindow
FindWindowA
SendMessageA
PeekMessageA
DispatchMessageA
CreateWindowExA
RegisterClassA
DefWindowProcW
CreateWindowExW
DefWindowProcA
EndDialog
LoadCursorW
SetCursor
SendDlgItemMessageW
SendMessageW
ShowWindow
SetDlgItemTextW
SystemParametersInfoW
GetWindowRect
SetWindowPos
wsprintfW
SetWindowTextW
GetCapture
CopyRect
DialogBoxIndirectParamW
SetWindowLongW
IsZoomed
MessageBoxW
LoadImageW
GetWindowDC
MonitorFromWindow
GetMonitorInfoW
MsgWaitForMultipleObjects
PostThreadMessageW
FindWindowExW
PeekMessageW
TranslateMessage
DispatchMessageW
PtInRect
OffsetRect
GetSystemMetrics
IsWindowVisible
KillTimer
SetTimer
CharLowerW
GetWindow
GetForegroundWindow
SetForegroundWindow
ShowWindowAsync
GetKeyboardLayout
IsRectEmpty
RegisterWindowMessageW
CallNextHookEx
IsWindow
UnhookWindowsHookEx
SetWindowsHookExW
EnableWindow
ReleaseDC
GetDC
GetClientRect
FillRect
GetSysColorBrush
FindWindowW
EnumWindows
GetWindowLongW
GetParent
GetWindowThreadProcessId
PostMessageW
GetSysColor
DrawIconEx
GetDlgItem
InvalidateRect
DestroyIcon
GetKeyState
CreateDialogIndirectParamW

gdi32

GetCurrentObject
GetTextMetricsW
GetTextExtentPoint32W
GetStockObject
SelectPalette
RealizePalette
GetDIBits
GetSystemPaletteEntries
CreatePalette
StretchBlt
CreateDCW
CreateCompatibleDC
GetDeviceCaps
CreateCompatibleBitmap
BitBlt
DeleteDC
GetObjectW
SetBkColor
ExtTextOutW
CreatePen
SelectObject
MoveToEx
LineTo
DeleteObject

advapi32

RegSetValueExA
RegCreateKeyA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
GetSecurityInfo
AllocateAndInitializeSid
SetEntriesInAclW
SetSecurityInfo
LookupPrivilegeNameW
LookupPrivilegeValueW
AdjustTokenPrivileges
GetUserNameW
RegEnumKeyW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyW
RegGetKeySecurity
RegSetKeySecurity
RegEnumValueW
RegEnumKeyExW
GetTokenInformation
OpenProcessToken
RegQueryInfoKeyW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
CreateProcessAsUserW
SetTokenInformation
DuplicateTokenEx
RegOpenKeyA

shell32

SHGetDesktopFolder
SHFileOperationW
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHAppBarMessage
ShellExecuteW
ShellExecuteExW
SHGetFileInfoW
SHGetMalloc
SHGetPathFromIDListW

ole32

OleRun
CoUninitialize
CoCreateInstance
CoInitialize
CreateStreamOnHGlobal
CoTaskMemFree
ProgIDFromCLSID
CoFreeUnusedLibraries
CoTaskMemAlloc
StringFromCLSID
CLSIDFromString
CoCreateGuid
OleInitialize
OleUninitialize

oleaut32

SetErrorInfo
VariantChangeType
GetErrorInfo
SysAllocString
SysStringLen
SysFreeString
VariantClear
SysAllocStringByteLen
VariantCopy
GetActiveObject
RegisterActiveObject
CreateErrorInfo
VariantInit
SysStringByteLen

winmm

PlaySoundW
timeGetTime

mpr

WNetGetConnectionA

netapi32

Netbios

wininet

InternetCloseHandle
InternetCrackUrlW
HttpQueryInfoA
InternetSetOptionA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
HttpEndRequestW
InternetWriteFile
HttpSendRequestExW
InternetSetCookieW
InternetGetCookieW
InternetOpenA
HttpAddRequestHeadersA

shlwapi

PathIsDirectoryW
PathIsURLW
StrStrIW
PathFindExtensionW
PathSearchAndQualifyW
UrlEscapeW
PathAddBackslashW
PathRemoveFileSpecW
UrlUnescapeW
SHCopyKeyW
PathFileExistsW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

gdiplus

GdipFree
GdipAlloc
GdipDeleteGraphics
GdipCreateFontFamilyFromName
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipDisposeImage
GdipCreateBitmapFromFile
GdipSaveImageToFile
GdipGetImageEncoders
GdipCreateBitmapFromHBITMAP
GdipCreateHBITMAPFromBitmap
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateFromHDC
GdipSetTextRenderingHint
GdipSetPageUnit
GdipMeasureString
GdipCloneFont
GdipCloneImage
GdipCreateBitmapFromScan0
GdipGetImageEncodersSize
GdipCreateBitmapFromFileICM

dbghelp

MiniDumpWriteDump

psapi

GetProcessMemoryInfo

mfc80u

ord2011
ord2587
ord2709
ord1609
ord3634
ord1386
ord4729
ord1605
ord4206
ord3902
ord1355
ord3930
ord6075
ord2793
ord6083
ord3785
ord6253
ord2139
ord4361
ord4494
ord5511
ord6147
ord3058
ord2674
ord4573
ord2723
ord6157
ord2257
ord2159
ord6086
ord1384
ord985
ord5388
ord3706
ord352
ord4193
ord3698
ord604
ord4664
ord2812
ord4357
ord3894
ord2636
ord1975
ord2632
ord5844
ord3829
ord3175
ord6094
ord384
ord1425
ord1430
ord423
ord3013
ord660
ord3016
ord1523
ord862
ord1154
ord1202
ord1156
ord3678
ord3331
ord5468
ord3019
ord5429
ord1067
ord314
ord6751
ord1086
ord1047
ord1021
ord670
ord5136
ord5088
ord5087
ord5086
ord5085
ord3388
ord2465
ord1437
ord2302
ord915
ord6209
ord4052
ord6289
ord5323
ord2902
ord5876
ord5624
ord2114
ord5083
ord2744
ord2747
ord2740
ord3090
ord3242
ord489
ord3590
ord4038
ord3383
ord6009
ord3435
ord3946
ord3983
ord6096
ord2167
ord1299
ord347
ord1959
ord764
ord577
ord870
ord287
ord1176
ord2340
ord266
ord265
ord283
ord1472
ord3249
ord1172
ord5316
ord6282
ord1571
ord258
ord896
ord899
ord5327
ord6293
ord293
ord261
ord762
ord1027
ord2297
ord3508
ord5337
ord593
ord334
ord5119
ord2250
ord1908
ord629
ord584
ord317
ord383
ord3927
ord2311
ord5118
ord1476
ord6167
ord774
ord2260
ord280
ord6161
ord2895
ord4100
ord3990
ord5398
ord2460
ord5712
ord5711
ord776
ord866
ord664
ord5558
ord5524
ord5484
ord5705
ord860
ord4078
ord4061
ord631
ord745
ord557
ord2271
ord386
ord1479
ord282
ord6700
ord6111
ord427
ord2880
ord2898
ord2745
ord3925
ord2279
ord4074
ord744
ord6291
ord1443
ord5325
ord2904
ord5091
ord556
ord1002
ord2266
ord777
ord1431
ord2261
ord6166
ord6173
ord897
ord2121
ord1161
ord1717
ord5485
ord900
ord288
ord1182
ord1178
ord894
ord6172
ord6002
ord865
ord4060
ord663
ord426
ord5426
ord747
ord559
ord3168
ord3204
ord1118
ord1925
ord3157
ord1271
ord2361
ord2366
ord1894
ord760
ord572
ord3158
ord4255
ord4480
ord3943
ord2638
ord3703
ord3713
ord3712
ord2985
ord2527
ord2640
ord2534
ord2856
ord2708
ord4301
ord2829
ord2725
ord2531
ord5196
ord1590
ord1646
ord1647
ord1955
ord5171
ord1353
ord4961
ord3339
ord6275
ord3796
ord6273
ord1513
ord2163
ord2169
ord2399
ord2381
ord2379
ord2397
ord2409
ord2386
ord2402
ord2407
ord2390
ord2392
ord2394
ord2388
ord2404
ord2384
ord931
ord927
ord929
ord925
ord920
ord5229
ord5231
ord5956
ord1591
ord4276
ord4716
ord3397
ord5210
ord4179
ord6271
ord5067
ord1899
ord5148
ord4226
ord1393
ord3940
ord1608
ord1611
ord5911
ord6721
ord1536
ord2077
ord587
ord1194
ord630
ord3050
ord385
ord3194
ord4256
ord4713
ord5199
ord4238
ord1392
ord5908
ord6720
ord1542
ord1661
ord1662
ord2012
ord4884
ord4728
ord4205
ord5178
ord4904
ord4619
ord4578
ord4488
ord4966
ord1785
ord2651
ord6061
ord5609
ord4347
ord4459
ord3630
ord1416
ord707
ord4574
ord2876
ord3082
ord4458
ord5516
ord3054
ord6201
ord6306
ord548
ord2321
ord5465
ord2681
ord5233
ord482
ord284
ord1220
ord868
ord4063
ord2742
ord429
ord666
ord578
ord2313
ord310
ord432
ord1707
ord300
ord5466
ord4101
ord2444
ord772
ord2282
ord277
ord6165
ord807
ord795
ord496
ord3842
ord1906
ord1457
ord1079
ord3460
ord5161
ord4336
ord4293
ord2468
ord733
ord635
ord545
ord395
ord4259
ord4271
ord1297
ord2164
ord5201
ord5144
ord3939
ord1548
ord4013
ord2418
ord2419
ord2986
ord5352
ord940
ord4898
ord2933
ord4129
ord4303
ord5006
ord5003
ord2609
ord1904
ord2237
ord2155
ord3642
ord5707
ord6171
ord5342
ord675
ord442
ord3586
ord757
ord566
ord4475
ord2832
ord3824
ord5562
ord5209
ord5226
ord4562
ord2239
ord5222
ord5220
ord2925
ord1911
ord3826
ord5378
ord6215
ord5096
ord1007
ord3800
ord5579
ord2009
ord2054
ord4320
ord6274
ord3795
ord6272
ord4008
ord4032
ord3677
ord3942
ord5442
ord3858
ord5414
ord5708
ord1168
ord371
ord1093
ord3841
ord1087
ord6014
ord3092
ord2362
ord3155
ord1270
ord5633
ord1235
ord1236
ord602
ord6063

msvcr80

_mktime64
fwprintf
_wfopen
strncpy
strpbrk
_localtime64_s
_wstat32
_wstat64
wcstol
iswgraph
_wstrdate
iswalpha
iswascii
printf
_CIlog
ceil
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
_ltow
memmove_s
qsort
fputws
fgetws
fseek
wcsftime
strcpy
toupper
_access
strcmp
strlen
strcat
strrchr
_getdrive
strncmp
fopen
fgets
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
_except_handler4_common
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_recalloc
_wcslwr_s
_wcsnicmp
memcpy_s
wcsncmp
_strupr
isspace
fwscanf
_wfsopen
fputc
fgetc
fwrite
fread
_fseeki64
fflush
fclose
feof
_ftelli64
iswdigit
_memicmp
swprintf_s
strcat_s
_tempnam
_tell
_write
strcpy_s
remove
_lseek
_close
_read
?_open@@YAHPBDHH@Z
_errno
strstr
_ftime32
_ctime32
setlocale
_wsetlocale
_stat32
_beginthread
malloc
_wcslwr
_itow
_purecall
_swprintf
wcschr
wcsncat
wcscat_s
calloc
free
wcscpy_s
wcsstr
wcsncpy
_wtol
_vsnwprintf
_vswprintf
wcsrchr
srand
rand
atoi
wcstok
_wtoi64
sprintf_s
swscanf
_time64
_invalid_parameter_noinfo
_time32
_wtoi
memset
memcpy
__CxxFrameHandler3
_wcsicmp
_wstat64i32
__RTDynamicCast
_ui64tow_s
fgetwc
vswprintf_s
_wfopen_s
_wgetenv_s
_wcstoui64
iswspace
realloc
_vswprintf_c_l
mbstowcs_s
_snprintf
sprintf
_stricmp

urlmon

FindMimeFromData
URLDownloadToFileW
URLDownloadToCacheFileW

msvcp80

?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@V32@0@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIPB_W@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?find_first_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?find_last_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
??_D?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
?str@?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@N@Z
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?capacity@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?is_open@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QBE_NXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?eq@?$char_traits@D@std@@SA_NABD0@Z
?open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXPB_WHH@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?compare@?$char_traits@D@std@@SAHPBD0I@Z
?is_open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@JH@Z
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHPB_W@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
??$?6_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?length@?$char_traits@_W@std@@SAIPB_W@Z
??1locale@std@@QAE@XZ
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?flags@ios_base@std@@QBEHXZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEHPB_WH@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?width@ios_base@std@@QBEHXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
?width@ios_base@std@@QAEHH@Z
?eq_int_type@?$char_traits@_W@std@@SA_NABG0@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WXZ
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W0@Z
?eof@?$char_traits@_W@std@@SAGXZ
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??Bid@locale@std@@QAEIXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?uncaught_exception@std@@YA_NXZ
?_Incref@facet@locale@std@@QAEXXZ
??_D?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IBEPB_WXZ
?widen@?$ctype@_W@std@@QBE_WD@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?_Register@facet@locale@std@@QAEXXZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IBEPBDXZ
??1_Lockit@std@@QAE@XZ
?str@?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??0_Lockit@std@@QAE@H@Z
?rdstate@ios_base@std@@QBEHXZ
?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ
?good@ios_base@std@@QBE_NXZ
?id@?$ctype@_W@std@@2V0locale@2@A
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBD@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xran@_String_base@std@@SAXXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z

imhttpcomm

?Abort@CImWinInetRequest@@QAEXXZ
?Create@CImWinInetSession@@QAEXXZ
?OnRedirect@CImWinInetRequest@@MAEXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0CImWinInetSession@@QAE@HABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??1CImWinInetSession@@UAE@XZ
?SetDontCacheFlag@CImWinInetRequest@@QAEX_N@Z
?Send@CImWinInetRequest@@QAE_NW4eWinInetVerb@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@1PAXH@Z
?GetContext@CImWinInetRequest@@QAEPAXXZ
?GetContentBuffer@CImWinInetRequest@@QAEPAXXZ
?GetHttpStatusCode@CImWinInetRequest@@QBEKXZ
??0CImWinInetRequest@@QAE@PAVCImWinInetSession@@PAX@Z
??1CImWinInetRequest@@UAE@XZ

Exports

Exports

??0CImTimeStamp@@QAE@ABV0@@Z
??0CImTimeStamp@@QAE@XZ
??1CImTimeStamp@@UAE@XZ
??4CImTimeStamp@@QAEAAV0@ABV0@@Z
??_7CImTimeStamp@@6B@
?DeleteTimeStamp@CImTimeStamp@@QAEXPB_W0@Z
?GetGdiPlusFontFromDc@@YAPAVFont@Gdiplus@@PAVCDC@@@Z
?GetMainWindow@CIncrediGlobals@@QAEPAUHWND__@@XZ
?GetNewTimeStamp@CImTimeStamp@@QAEKXZ
?GetTimeSpan@CImTimeStamp@@QBE?AVCTimeSpan@ATL@@XZ
?GetTimeStamp@CImTimeStamp@@QAEKXZ
?ImGetComFactory@@YAJPAUIUnknown@@PAPAU1@@Z
?ImSysFreeString@@YAXAAPA_W@Z
?IsKeyDown@@YA_NH@Z
?LoadTimeStamp@CImTimeStamp@@QAEHPB_W0H@Z
?SaveTimeStamp@CImTimeStamp@@QAEXPB_W0@Z
?ValidateCRC@CImTimeStamp@@QAEHPB_W0@Z
?m_bAllowRestart@CIncrediWinApp@@1HA

Sections

.text
Size: 960KB - Virtual size: 956KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 300KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ve_share
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ImWrappU.dll
.dll windows:4 windows x86 arch:x86

Password: infected

287b69957bb146b544ac10550435a913

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

45:f8:76:94:fe:8d:19:84:71:97:96:ae:c8:03:1d:f4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24-04-2012 00:00

Not After

23-04-2015 23:59

Subject

CN=Perion Network Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Perion Network Ltd.,L=Tel Aviv,ST=Tel Aviv,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a0:d9:82:d9:46:03:47:ef:3e:29:b7:d4:ec:9c:2a:66:b8:ef:2c:23
Signer

Actual PE Digest

a0:d9:82:d9:46:03:47:ef:3e:29:b7:d4:ec:9c:2a:66:b8:ef:2c:23

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Q:\bin\ReleaseUnicode\ImWrappU.pdb

Imports

mfc80u

ord3901
ord293
ord5406
ord461
ord462
ord460
ord3590
ord760
ord572
ord4255
ord4480
ord3943
ord2638
ord3703
ord3713
ord3712
ord2985
ord2527
ord2640
ord2534
ord2856
ord2708
ord4301
ord2829
ord2725
ord2531
ord5196
ord1646
ord1647
ord1955
ord5171
ord1353
ord4961
ord3339
ord6275
ord3796
ord6273
ord1513
ord2163
ord2169
ord2399
ord2381
ord2379
ord2397
ord2409
ord2386
ord2402
ord2407
ord2390
ord2392
ord2394
ord2388
ord2404
ord2384
ord931
ord927
ord929
ord925
ord920
ord1093
ord5231
ord5956
ord1591
ord4276
ord4716
ord3397
ord5210
ord4179
ord6271
ord5067
ord1899
ord5148
ord4238
ord1393
ord3940
ord1608
ord1611
ord5911
ord6721
ord1605
ord3902
ord765
ord763
ord4451
ord1600
ord6726
ord6718
ord5156
ord5137
ord6099
ord1619
ord1620
ord3913
ord684
ord452
ord3163
ord4475
ord2936
ord2641
ord2842
ord1316
ord2278
ord2432
ord5612
ord4970
ord1395
ord1402
ord2650
ord2649
ord2653
ord2655
ord5650
ord5800
ord5802
ord3921
ord3772
ord3774
ord4748
ord6719
ord371
ord1168
ord557
ord745
ord283
ord5711
ord1178
ord1182
ord577
ord762
ord870
ord1472
ord5229
ord764

msvcr80

?terminate@@YAXXZ
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_initterm
__CppXcptFilter
_encoded_null
free
_malloc_crt
_encode_pointer
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
_invalid_parameter_noinfo
??0exception@std@@QAE@XZ
?what@exception@std@@UBEPBDXZ
__CxxFrameHandler3
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
_adjust_fdiv
_amsg_exit
_decode_pointer
_initterm_e

kernel32

InterlockedExchange
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep

user32

EnableWindow

oleaut32

SysFreeString
SysAllocString

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

Sections

.text
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Microsoft.VC80.CRT.manifest
Microsoft.VC80.MFC.manifest
SftTree_IX86_U_60.dll
.dll windows:4 windows x86 arch:x86

dc5b8b306de44dcf78b82c94946f3bf7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

45:f8:76:94:fe:8d:19:84:71:97:96:ae:c8:03:1d:f4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24-04-2012 00:00

Not After

23-04-2015 23:59

Subject

CN=Perion Network Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Perion Network Ltd.,L=Tel Aviv,ST=Tel Aviv,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

86:c9:e3:f7:19:c3:41:eb:ac:f6:9a:7e:ff:a1:2a:18:26:97:7f:0a
Signer

Actual PE Digest

86:c9:e3:f7:19:c3:41:eb:ac:f6:9a:7e:ff:a1:2a:18:26:97:7f:0a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comdlg32

ChooseFontA
ChooseFontW
PrintDlgW
PrintDlgA

kernel32

RemoveDirectoryW
GetTempPathA
GetTempPathW
GetTempFileNameA
GetTempFileNameW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
LoadLibraryW
CreateProcessA
CreateProcessW
LCMapStringW
LCMapStringA
GetCPInfo
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
SetFileAttributesA
TerminateProcess
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
ExitProcess
RemoveDirectoryA
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCommandLineA
InterlockedIncrement
InterlockedDecrement
GetLocalTime
GetSystemTime
GetTimeZoneInformation
HeapReAlloc
RtlUnwind
HeapAlloc
HeapFree
SetCurrentDirectoryW
SetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrentDirectoryA
FindNextFileW
FindNextFileA
FindFirstFileW
CreateFileA
CreateDirectoryW
CreateDirectoryA
GetWindowsDirectoryW
GetWindowsDirectoryA
GetOEMCP
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
SetStdHandle
GetSystemDirectoryW
WritePrivateProfileStringW
WritePrivateProfileStringA
GetPrivateProfileStringW
GetPrivateProfileStringA
lstrcmpW
lstrcmpA
CompareStringW
CompareStringA
OutputDebugStringW
OutputDebugStringA
DeleteFileW
DeleteFileA
LeaveCriticalSection
SetFileAttributesW
GlobalAlloc
GlobalLock
GlobalHandle
GlobalUnlock
GlobalFree
lstrcpyA
lstrcatA
GetModuleFileNameA
GetComputerNameA
GetCurrentProcessId
GetCurrentProcess
FindFirstFileA
SetFilePointer
WinExec
GetCurrentThreadId
GetVersion
MulDiv
LocalAlloc
LocalFree
SetErrorMode
FindClose
FreeLibrary
FindResourceW
SizeofResource
LoadResource
LockResource
GetLastError
WriteFile
GetVersionExA
GetSystemDirectoryA
LoadLibraryA
CreateFileW
GetFileSize
ReadFile
CloseHandle
lstrcpyW
lstrcatW
GetACP
lstrlenW
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
GetProcAddress
FlushFileBuffers
SetEnvironmentVariableA
InterlockedExchange
HeapSize
RaiseException

user32

CharLowerA
SetPropW
SetPropA
GetPropW
GetPropA
DrawTextW
DrawTextA
LoadCursorW
LoadCursorA
LoadBitmapW
LoadBitmapA
SetWindowTextW
SetWindowTextA
GetWindowTextLengthW
GetWindowTextLengthA
GetWindowTextW
GetWindowTextA
SetWindowLongW
SetWindowLongA
GetWindowLongW
GetWindowLongA
CreateWindowExW
GetClassNameW
GetClassNameA
CharLowerW
GetClassInfoA
UnregisterClassW
UnregisterClassA
AppendMenuW
RegisterClassA
SetWindowsHookExW
SetWindowsHookExA
SendMessageW
SendMessageA
PostMessageW
PostMessageA
PeekMessageW
PeekMessageA
DispatchMessageW
DispatchMessageA
RegisterWindowMessageW
RegisterWindowMessageA
AdjustWindowRectEx
SetCursorPos
GetWindowDC
GetSysColorBrush
ReleaseCapture
GetDoubleClickTime
IsWindowEnabled
CharUpperA
CharUpperW
LoadStringA
LoadStringW
GetClassInfoW
AppendMenuA
wsprintfA
MessageBoxW
UnhookWindowsHookEx
GetKeyboardLayout
GetKeyboardState
ToUnicodeEx
VkKeyScanExW
CallNextHookEx
ScrollWindowEx
LoadMenuA
LoadMenuW
CallWindowProcA
CallWindowProcW
DefWindowProcA
DefWindowProcW
RegisterClassW
ScrollWindow
IsWindowVisible
SetParent
EnableWindow
ClientToScreen
EqualRect
SetCursor
SetCapture
MessageBeep
UnionRect
GetActiveWindow
GetKeyState
SetFocus
GetFocus
GetDlgCtrlID
BeginPaint
EndPaint
GetClientRect
MapWindowPoints
ShowWindow
AdjustWindowRect
OffsetRect
SetWindowRgn
SystemParametersInfoW
MoveWindow
EnumDisplaySettingsA
GetCapture
GetCursorPos
PtInRect
WindowFromPoint
IsChild
IsWindow
UpdateWindow
SetTimer
KillTimer
RemovePropW
InvalidateRect
ValidateRect
IsRectEmpty
IntersectRect
DrawFocusRect
SetRectEmpty
DestroyWindow
DrawIconEx
FrameRect
InflateRect
DrawFrameControl
GetIconInfo
GetDC
ReleaseDC
SetRect
FillRect
GetSysColor
GetParent
GetWindowRect
GetWindow
GetDesktopWindow
SetWindowPos
GetSystemMetrics
CreateWindowExA

gdi32

GetTextColor
CreateRectRgnIndirect
SetWindowOrgEx
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetMapMode
LPtoDP
TextOutW
GetClipRgn
CreateRectRgn
GetBkColor
GetObjectW
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextMetricsA
GetTextMetricsW
CreateFontA
CreateFontW
CreateFontIndirectA
CreateFontIndirectW
ExtTextOutA
ExtTextOutW
MoveToEx
LineTo
CreatePen
LineDDA
SetPixel
GetStockObject
SelectClipRgn
SetBkMode
GetObjectA
GetDeviceCaps
SetStretchBltMode
StretchBlt
SetTextColor
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetPixel
CreateBitmap
CreateSolidBrush
ExcludeClipRect
SetBkColor
DeleteObject

imm32

ImmGetCompositionStringW
ImmGetContext
ImmGetOpenStatus

advapi32

RegQueryValueExW
RegOpenKeyExW
RegQueryValueExA
RegOpenKeyExA
GetUserNameA
RegCreateKeyExA
RegCreateKeyExW
RegSetValueExA
RegSetValueExW
RegCloseKey

shell32

ShellExecuteW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW
VerQueryValueA

ole32

CoCreateInstance

comctl32

ImageList_GetIconSize
ImageList_DrawEx
ImageList_Draw
ImageList_DragMove
ImageList_DragEnter
ImageList_DragLeave
ImageList_Destroy
ImageList_EndDrag
ImageList_Add
ImageList_Create
ImageList_BeginDrag

Exports

Exports

SftTreeScrlT_WndProc
SftTreeSplit_AddString_A
SftTreeSplit_AddString_W
SftTreeSplit_AdjustCellEditRect
SftTreeSplit_CalcCellFromPoint
SftTreeSplit_CalcColumnFromPoint
SftTreeSplit_CalcColumnFromPointEx
SftTreeSplit_CalcIndexFromPoint
SftTreeSplit_CalcIndexFromPointEx
SftTreeSplit_CalcOptimalColumnWidth
SftTreeSplit_CalcOptimalRowHeaderWidth
SftTreeSplit_Collapse
SftTreeSplit_CopyItem
SftTreeSplit_CopyItems
SftTreeSplit_DeleteDependents
SftTreeSplit_DeleteString
SftTreeSplit_DrawSelectionOutline
SftTreeSplit_EnterResizeMode
SftTreeSplit_Expand
SftTreeSplit_FindItem
SftTreeSplit_FindStringExact_A
SftTreeSplit_FindStringExact_W
SftTreeSplit_FindString_A
SftTreeSplit_FindString_W
SftTreeSplit_GetAccessColumn
SftTreeSplit_GetAutoExpand
SftTreeSplit_GetAutoExpandItem
SftTreeSplit_GetCalcLimit
SftTreeSplit_GetCalcVisibleOnly
SftTreeSplit_GetCaretColumn
SftTreeSplit_GetCaretIndex
SftTreeSplit_GetCellEditWindow
SftTreeSplit_GetCellInfo
SftTreeSplit_GetCellRectInfo
SftTreeSplit_GetCellRectInfoEx
SftTreeSplit_GetCharSearchMode
SftTreeSplit_GetClickAgainPos
SftTreeSplit_GetColumnEx
SftTreeSplit_GetColumns
SftTreeSplit_GetColumnsEx
SftTreeSplit_GetControlData
SftTreeSplit_GetControlInfo
SftTreeSplit_GetCount
SftTreeSplit_GetCrossColumnResize
SftTreeSplit_GetCtlColors
SftTreeSplit_GetCurSel
SftTreeSplit_GetDependent
SftTreeSplit_GetDependentCount
SftTreeSplit_GetDisableNoScroll
SftTreeSplit_GetDisplayCellRect
SftTreeSplit_GetDisplayCellRectForItem
SftTreeSplit_GetDisplayColumn
SftTreeSplit_GetDisplayHeaderRect
SftTreeSplit_GetDragBitmaps
SftTreeSplit_GetDragImage
SftTreeSplit_GetDragInfo
SftTreeSplit_GetDragType
SftTreeSplit_GetDropHighlight
SftTreeSplit_GetDropHighlightStyle
SftTreeSplit_GetEditColumnRect
SftTreeSplit_GetExpandCollapseButtonRect
SftTreeSplit_GetExpandCollapseIndex
SftTreeSplit_GetFirstDisplayColumn
SftTreeSplit_GetFlyby
SftTreeSplit_GetForwardChildMsgs
SftTreeSplit_GetGDIPlusAvailable
SftTreeSplit_GetGridStyle
SftTreeSplit_GetHeaderButton
SftTreeSplit_GetHeaderFont
SftTreeSplit_GetHeaderLength
SftTreeSplit_GetHeaderRect
SftTreeSplit_GetHeader_A
SftTreeSplit_GetHeader_W
SftTreeSplit_GetHorizontalExtent
SftTreeSplit_GetHorizontalOffset
SftTreeSplit_GetIndentation
SftTreeSplit_GetInheritBgColor
SftTreeSplit_GetItemBitmap
SftTreeSplit_GetItemBitmapAlign
SftTreeSplit_GetItemData
SftTreeSplit_GetItemEditIgnore
SftTreeSplit_GetItemExpand
SftTreeSplit_GetItemExpandCollapseButton
SftTreeSplit_GetItemExpandable
SftTreeSplit_GetItemHeight
SftTreeSplit_GetItemHeightMinMax
SftTreeSplit_GetItemHeightVar
SftTreeSplit_GetItemID
SftTreeSplit_GetItemIgnore
SftTreeSplit_GetItemIndex
SftTreeSplit_GetItemLabel
SftTreeSplit_GetItemLabelPicture
SftTreeSplit_GetItemLevel
SftTreeSplit_GetItemLines
SftTreeSplit_GetItemPicture
SftTreeSplit_GetItemRect
SftTreeSplit_GetItemShown
SftTreeSplit_GetItemStatus
SftTreeSplit_GetItemsShown
SftTreeSplit_GetItemsShownComplete
SftTreeSplit_GetKeyHandling
SftTreeSplit_GetLastCursorPos
SftTreeSplit_GetLastDisplayColumn
SftTreeSplit_GetLeftWindow
SftTreeSplit_GetMultilineHeader
SftTreeSplit_GetNextShown
SftTreeSplit_GetNoFocus
SftTreeSplit_GetNoFocusStyle
SftTreeSplit_GetNoSelection
SftTreeSplit_GetOpenEnded
SftTreeSplit_GetOverheadWidth
SftTreeSplit_GetParent
SftTreeSplit_GetPictures
SftTreeSplit_GetPrevShown
SftTreeSplit_GetRealColumn
SftTreeSplit_GetReflectBase
SftTreeSplit_GetReorderColumns
SftTreeSplit_GetReorderColumnsOldCursor
SftTreeSplit_GetResizeColumn
SftTreeSplit_GetResizeHeader
SftTreeSplit_GetRightWindow
SftTreeSplit_GetRowColBitmap
SftTreeSplit_GetRowColBitmapStyle
SftTreeSplit_GetRowColHeaderButton
SftTreeSplit_GetRowColHeaderRect
SftTreeSplit_GetRowColHeaderStyle
SftTreeSplit_GetRowColPicture
SftTreeSplit_GetRowColTextLength
SftTreeSplit_GetRowColText_A
SftTreeSplit_GetRowColText_W
SftTreeSplit_GetRowHeaderFont
SftTreeSplit_GetRowHeaderLines
SftTreeSplit_GetRowHeaderRect
SftTreeSplit_GetRowHeaderStyle
SftTreeSplit_GetRowHeaderWidth
SftTreeSplit_GetRowInfo
SftTreeSplit_GetRowTextLength
SftTreeSplit_GetRowText_A
SftTreeSplit_GetRowText_W
SftTreeSplit_GetRubberbandSelection
SftTreeSplit_GetScrollTips
SftTreeSplit_GetSel
SftTreeSplit_GetSelCount
SftTreeSplit_GetSelItems
SftTreeSplit_GetSelItemsArray
SftTreeSplit_GetSelTextOnly
SftTreeSplit_GetSelectMouseOver
SftTreeSplit_GetSelectionArea
SftTreeSplit_GetSelectionStyle
SftTreeSplit_GetShow3D
SftTreeSplit_GetShowBitmaps
SftTreeSplit_GetShowButton0
SftTreeSplit_GetShowButtons
SftTreeSplit_GetShowFocus
SftTreeSplit_GetShowGrid
SftTreeSplit_GetShowHeader
SftTreeSplit_GetShowHeaderButtons
SftTreeSplit_GetShowLabels
SftTreeSplit_GetShowPlusMinus
SftTreeSplit_GetShowRowColHeaderButton
SftTreeSplit_GetShowRowHeader
SftTreeSplit_GetShowTreeLines
SftTreeSplit_GetShowTruncated
SftTreeSplit_GetSibling
SftTreeSplit_GetSizeBox
SftTreeSplit_GetSizeBoxActive
SftTreeSplit_GetSplitColumn
SftTreeSplit_GetSplitterRect
SftTreeSplit_GetSplitterWidth
SftTreeSplit_GetTabKeyIntercept
SftTreeSplit_GetTextLength
SftTreeSplit_GetText_A
SftTreeSplit_GetText_W
SftTreeSplit_GetToolTipAlways
SftTreeSplit_GetToolTipsUseEntireCell
SftTreeSplit_GetTopIndex
SftTreeSplit_GetTopParent
SftTreeSplit_GetTreeLineStyle
SftTreeSplit_GetUpdateCaretExpandCollapse
SftTreeSplit_GetUseSmoothScroll
SftTreeSplit_GetUseThemes
SftTreeSplit_GetVAlign
SftTreeSplit_GetVirtualUserData
SftTreeSplit_InsertString_A
SftTreeSplit_InsertString_W
SftTreeSplit_MakeCellVisible
SftTreeSplit_MakeColumnOptimal
SftTreeSplit_MakeColumnVisible
SftTreeSplit_MakeContentWindow
SftTreeSplit_MakeIntegralHeight
SftTreeSplit_MakeRowVisible
SftTreeSplit_MakeSplitterOptimal
SftTreeSplit_MoveItem
SftTreeSplit_MoveItems
SftTreeSplit_RecalcHorizontalExtent
SftTreeSplit_ResetContent
SftTreeSplit_SelItemRange
SftTreeSplit_SelectStringExact_A
SftTreeSplit_SelectStringExact_W
SftTreeSplit_SelectString_A
SftTreeSplit_SelectString_W
SftTreeSplit_SetAccessColumn
SftTreeSplit_SetAutoExpand
SftTreeSplit_SetBackgroundBitmap
SftTreeSplit_SetBitmaps
SftTreeSplit_SetButtons
SftTreeSplit_SetCalcLimit
SftTreeSplit_SetCalcVisibleOnly
SftTreeSplit_SetCaretIndex
SftTreeSplit_SetCellInfo
SftTreeSplit_SetCharSearchMode
SftTreeSplit_SetColumns
SftTreeSplit_SetColumnsEx
SftTreeSplit_SetControlData
SftTreeSplit_SetControlInfo
SftTreeSplit_SetCrossColumnResize
SftTreeSplit_SetCtlColors
SftTreeSplit_SetCurSel
SftTreeSplit_SetCustomCode
SftTreeSplit_SetDeleteCallback
SftTreeSplit_SetDisableNoScroll
SftTreeSplit_SetDragBitmaps
SftTreeSplit_SetDragType
SftTreeSplit_SetDrawInfoCallback
SftTreeSplit_SetDropHighlight
SftTreeSplit_SetDropHighlightStyle
SftTreeSplit_SetFlyby
SftTreeSplit_SetForwardChildMsgs
SftTreeSplit_SetGridStyle
SftTreeSplit_SetHeaderButton
SftTreeSplit_SetHeaderFont
SftTreeSplit_SetHeader_A
SftTreeSplit_SetHeader_W
SftTreeSplit_SetHorizontalExtent
SftTreeSplit_SetHorizontalOffset
SftTreeSplit_SetIndentation
SftTreeSplit_SetInheritBgColor
SftTreeSplit_SetItemBitmap
SftTreeSplit_SetItemBitmapAlign
SftTreeSplit_SetItemData
SftTreeSplit_SetItemEditIgnore
SftTreeSplit_SetItemExpand
SftTreeSplit_SetItemExpandCollapseButton
SftTreeSplit_SetItemExpandable
SftTreeSplit_SetItemHeightMinMax
SftTreeSplit_SetItemID
SftTreeSplit_SetItemIgnore
SftTreeSplit_SetItemLabel
SftTreeSplit_SetItemLabelPicture
SftTreeSplit_SetItemLevel
SftTreeSplit_SetItemLines
SftTreeSplit_SetItemPicture
SftTreeSplit_SetItemShown
SftTreeSplit_SetItemStatus
SftTreeSplit_SetKeyHandling
SftTreeSplit_SetMultilineHeader
SftTreeSplit_SetNoFocus
SftTreeSplit_SetNoFocusStyle
SftTreeSplit_SetNoSelection
SftTreeSplit_SetOpenEnded
SftTreeSplit_SetOwnerDrawCallback
SftTreeSplit_SetPictures
SftTreeSplit_SetPlusMinus
SftTreeSplit_SetReflectBase
SftTreeSplit_SetReorderColumns
SftTreeSplit_SetReorderColumnsOldCursor
SftTreeSplit_SetResizeHeader
SftTreeSplit_SetRowColBitmap
SftTreeSplit_SetRowColBitmapStyle
SftTreeSplit_SetRowColHeaderButton
SftTreeSplit_SetRowColHeaderStyle
SftTreeSplit_SetRowColPicture
SftTreeSplit_SetRowColText_A
SftTreeSplit_SetRowColText_W
SftTreeSplit_SetRowHeaderFont
SftTreeSplit_SetRowHeaderLines
SftTreeSplit_SetRowHeaderStyle
SftTreeSplit_SetRowHeaderWidth
SftTreeSplit_SetRowInfo
SftTreeSplit_SetRowText_A
SftTreeSplit_SetRowText_W
SftTreeSplit_SetRubberbandSelection
SftTreeSplit_SetScrollTips
SftTreeSplit_SetSel
SftTreeSplit_SetSelTextOnly
SftTreeSplit_SetSelectMouseOver
SftTreeSplit_SetSelectionArea
SftTreeSplit_SetSelectionStyle
SftTreeSplit_SetShow3D
SftTreeSplit_SetShowButton0
SftTreeSplit_SetShowButtons
SftTreeSplit_SetShowFocus
SftTreeSplit_SetShowGrid
SftTreeSplit_SetShowHeader
SftTreeSplit_SetShowHeaderButtons
SftTreeSplit_SetShowRowColHeaderButton
SftTreeSplit_SetShowRowHeader
SftTreeSplit_SetShowTreeLines
SftTreeSplit_SetShowTruncated
SftTreeSplit_SetSizeBox
SftTreeSplit_SetSplitColumn
SftTreeSplit_SetSplitterOffset
SftTreeSplit_SetSplitterWidth
SftTreeSplit_SetTabKeyIntercept
SftTreeSplit_SetText_A
SftTreeSplit_SetText_W
SftTreeSplit_SetToolTipAlways
SftTreeSplit_SetToolTipsCallback
SftTreeSplit_SetToolTipsUseEntireCell
SftTreeSplit_SetTopIndex
SftTreeSplit_SetTreeLineStyle
SftTreeSplit_SetUpdateCaretExpandCollapse
SftTreeSplit_SetUseSmoothScroll
SftTreeSplit_SetUseThemes
SftTreeSplit_SetVAlign
SftTreeSplit_SortDependents
SftTreeSplit_SortDependentsCellData
SftTreeSplit_SortDependentsEx
SftTreeSplit_SortDependentsItem
SftTreeSplit_StartAutoExpandTimer
SftTreeSplit_StopAutoExpandTimer
SftTreeSplit_VirtualCount
SftTreeSplit_VirtualFlush
SftTreeSplit_VirtualInitialize
SftTreeSplit_VirtualItemChanged
SftTreeSplit_WndProc
SftTreeTT_WndProc
SftTree_AddString_A
SftTree_AddString_W
SftTree_AdjustCellEditRect
SftTree_AppInfo
SftTree_AutoExpandTimerProc
SftTree_CalcCellFromPoint
SftTree_CalcColumnFromPoint
SftTree_CalcColumnFromPointEx
SftTree_CalcIndexFromPoint
SftTree_CalcIndexFromPointEx
SftTree_CalcOptimalColumnWidth
SftTree_CalcOptimalRowHeaderWidth
SftTree_CaretIndexMakeVisibleTimerProc
SftTree_CharSearchTimerProc
SftTree_ClickAgainTimerProc
SftTree_Collapse
SftTree_CopyItem
SftTree_CopyItems
SftTree_DeleteDependents
SftTree_DeleteString
SftTree_DrawSelectionOutline
SftTree_Expand
SftTree_FindItem
SftTree_FindStringExact_A
SftTree_FindStringExact_W
SftTree_FindString_A
SftTree_FindString_W
SftTree_FlybyTimerProc
SftTree_FreeGDIPlusImageLoadedFromResource
SftTree_GetAccessColumn
SftTree_GetAutoExpand
SftTree_GetAutoExpandItem
SftTree_GetCalcLimit
SftTree_GetCalcVisibleOnly
SftTree_GetCaretColumn
SftTree_GetCaretIndex
SftTree_GetCellEditWindow
SftTree_GetCellInfo
SftTree_GetCellRectInfo
SftTree_GetCellRectInfoEx
SftTree_GetCharSearchMode
SftTree_GetClickAgainPos
SftTree_GetColumnEx
SftTree_GetColumns
SftTree_GetColumnsEx
SftTree_GetControlData
SftTree_GetControlInfo
SftTree_GetCount
SftTree_GetCrossColumnResize
SftTree_GetCtlColors
SftTree_GetCurSel
SftTree_GetDependent
SftTree_GetDependentCount
SftTree_GetDisableNoScroll
SftTree_GetDisplayCellRect
SftTree_GetDisplayCellRectForItem
SftTree_GetDisplayColumn
SftTree_GetDisplayHeaderRect
SftTree_GetDragBitmaps
SftTree_GetDragImage
SftTree_GetDragInfo
SftTree_GetDragType
SftTree_GetDropHighlight
SftTree_GetDropHighlightStyle
SftTree_GetEditColumnRect
SftTree_GetExpandCollapseButtonRect
SftTree_GetExpandCollapseIndex
SftTree_GetFirstDisplayColumn
SftTree_GetFlyby
SftTree_GetForwardChildMsgs
SftTree_GetGDIPlusAvailable
SftTree_GetGridStyle
SftTree_GetHeaderButton
SftTree_GetHeaderFont
SftTree_GetHeaderLength
SftTree_GetHeaderRect
SftTree_GetHeader_A
SftTree_GetHeader_W
SftTree_GetHorizontalExtent
SftTree_GetHorizontalOffset
SftTree_GetIndentation
SftTree_GetInheritBgColor
SftTree_GetItemBitmap
SftTree_GetItemBitmapAlign
SftTree_GetItemData
SftTree_GetItemEditIgnore
SftTree_GetItemExpand
SftTree_GetItemExpandCollapseButton
SftTree_GetItemExpandable
SftTree_GetItemHeight
SftTree_GetItemHeightMinMax
SftTree_GetItemHeightVar
SftTree_GetItemID
SftTree_GetItemIgnore
SftTree_GetItemIndex
SftTree_GetItemLabel
SftTree_GetItemLabelPicture
SftTree_GetItemLevel
SftTree_GetItemLines
SftTree_GetItemPicture
SftTree_GetItemRect
SftTree_GetItemShown
SftTree_GetItemStatus
SftTree_GetItemsShown
SftTree_GetItemsShownComplete
SftTree_GetKeyHandling
SftTree_GetLastCursorPos
SftTree_GetLastDisplayColumn
SftTree_GetMultilineHeader
SftTree_GetNextShown
SftTree_GetNoFocus
SftTree_GetNoFocusStyle
SftTree_GetNoSelection
SftTree_GetOpenEnded
SftTree_GetOverheadWidth
SftTree_GetParent
SftTree_GetPictures
SftTree_GetPrevShown
SftTree_GetRealColumn
SftTree_GetReflectBase
SftTree_GetReorderColumns
SftTree_GetReorderColumnsOldCursor
SftTree_GetResizeColumn
SftTree_GetResizeHeader
SftTree_GetRowColBitmap
SftTree_GetRowColBitmapStyle
SftTree_GetRowColHeaderButton
SftTree_GetRowColHeaderRect
SftTree_GetRowColHeaderStyle
SftTree_GetRowColPicture
SftTree_GetRowColTextLength
SftTree_GetRowColText_A
SftTree_GetRowColText_W
SftTree_GetRowHeaderFont
SftTree_GetRowHeaderLines
SftTree_GetRowHeaderRect
SftTree_GetRowHeaderStyle
SftTree_GetRowHeaderWidth
SftTree_GetRowInfo
SftTree_GetRowTextLength
SftTree_GetRowText_A
SftTree_GetRowText_W
SftTree_GetRubberbandSelection
SftTree_GetScrollTips
SftTree_GetSel
SftTree_GetSelCount
SftTree_GetSelItems
SftTree_GetSelItemsArray
SftTree_GetSelTextOnly
SftTree_GetSelectMouseOver
SftTree_GetSelectionArea
SftTree_GetSelectionStyle
SftTree_GetShow3D
SftTree_GetShowBitmaps
SftTree_GetShowButton0
SftTree_GetShowButtons
SftTree_GetShowFocus
SftTree_GetShowGrid
SftTree_GetShowHeader
SftTree_GetShowHeaderButtons
SftTree_GetShowLabels
SftTree_GetShowPlusMinus
SftTree_GetShowRowColHeaderButton
SftTree_GetShowRowHeader
SftTree_GetShowTreeLines
SftTree_GetShowTruncated
SftTree_GetSibling
SftTree_GetSizeBox
SftTree_GetSizeBoxActive
SftTree_GetSplitColumn
SftTree_GetTabKeyIntercept
SftTree_GetTextLength
SftTree_GetText_A

Sections

.text
Size: 448KB - Virtual size: 445KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
chamiso.sql
mfc80u.dll
.dll windows:4 windows x86 arch:x86

45cba60d0833bef75d882d15b2d5a2cd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

MFC80U.i386.pdb

Imports

msvcr80

?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
?terminate@@YAXXZ
strcpy_s
_itow_s
_ultow_s
_ltow_s
iswdigit
ceil
wcsncmp
_wcsnicmp
_wfullpath
_wtol
__argc
swscanf_s
__wargv
_beginthreadex
_endthreadex
_wcsdup
_wtoi
_expand
wcstod
wcstoul
wcstol
_mbsrchr
_resetstkoflw
_recalloc
_wmakepath_s
_wsplitpath_s
_snwscanf_s
_vsnwprintf_s
labs
abs
calloc
_msize
wcscat_s
_snwprintf_s
_errno
_purecall
_mktime64
_localtime64_s
realloc
fputws
fwrite
clearerr_s
ferror
feof
fread
__doserrno
_fdopen
_open_osfhandle
_fileno
_get_osfhandle
fclose
fflush
ftell
fseek
fgetws
wcscpy_s
abort
memcmp
swprintf_s
wcsncpy_s
malloc
_wcsupr_s
_mbsicoll
vsprintf_s
wcslen
_mbsinc
wcsstr
_wcslwr_s
_mbsrev
memset
_mbscoll
_mbslwr_s
_vscwprintf
_mbscspn
_mbscmp
memmove
iswspace
_mbsicmp
wcsrchr
wcspbrk
_wcsrev
wcschr
wcscspn
_mbsupr_s
memcpy_s
_mbsspn
vswprintf_s
_wcsicoll
_wcsicmp
memcpy
_mbschr
free
_mbspbrk
wcsspn
wcscoll
memmove_s
_ismbcspace
strlen
_mbsstr
_vscprintf
_CxxThrowException
wcscmp
__clean_type_info_names_internal
__CxxFrameHandler3

kernel32

GetLocaleInfoA
GetSystemTimeAsFileTime
GetLastError
MultiByteToWideChar
FindResourceExW
GetEnvironmentVariableW
SizeofResource
LockResource
FormatMessageW
FindResourceW
WideCharToMultiByte
GetEnvironmentVariableA
LocalFree
FormatMessageA
LoadResource
SetLastError
GetAtomNameW
GlobalGetAtomNameW
lstrlenW
lstrcmpA
lstrlenA
DuplicateHandle
GetCurrentProcess
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
CreateFileW
FindClose
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
lstrcmpiW
CloseHandle
LockFile
GetThreadLocale
UnlockFile
GetStringTypeExW
SetEndOfFile
GetFileSize
MoveFileW
DeleteFileW
GetModuleFileNameW
GetShortPathNameW
LoadLibraryW
GetProcAddress
GlobalLock
GlobalSize
GlobalAlloc
GlobalUnlock
GlobalReAlloc
GlobalFree
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileAttributesW
SetFileTime
GetFileTime
GetFileAttributesW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetModuleHandleW
FreeLibrary
InterlockedDecrement
TlsGetValue
LocalReAlloc
TlsSetValue
LocalAlloc
TlsAlloc
InitializeCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
CreateSemaphoreW
ReleaseSemaphore
CreateMutexW
ReleaseMutex
CreateEventW
WaitForMultipleObjects
GlobalAddAtomW
GetCurrentThreadId
GetVersionExA
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomW
CompareStringW
GetCurrentProcessId
GetVersion
MulDiv
GetVersionExW
GetProfileIntW
LoadLibraryA
VirtualProtect
GetModuleHandleA
RaiseException
GlobalFlags
GetDiskFreeSpaceW
GetTempFileNameW
LocalLock
LocalUnlock
GetTempPathW
SearchPathW
SetEvent
SetThreadPriority
ResumeThread
SuspendThread
GetLocaleInfoW
CompareStringA
ConvertDefaultLocale
EnumResourceLanguagesW
GetCurrentThread
InterlockedExchange
SetErrorMode
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetCurrentDirectoryW
InterlockedIncrement
FindNextFileW
GetTickCount
CopyFileW
GetUserDefaultLCID
IsDBCSLeadByte
lstrcpyW
lstrcpyA
GetSystemTime
LoadLibraryExW
Sleep
InterlockedCompareExchange
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetACP

gdi32

GetBkMode
GetClipBox
OffsetRgn
SetBrushOrgEx
GetRgnBox
CreateMetaFileW
CopyMetaFileW
Ellipse
CreateEllipticRgn
LPtoDP
AbortDoc
EndDoc
EndPage
StartPage
SetAbortProc
DPtoLP
SetRectRgn
CombineRgn
GetMapMode
PolylineTo
PolyDraw
SetArcDirection
StartDocW
ArcTo
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
LineTo
OffsetClipRgn
GetPixel
ExcludeClipRect
SelectClipRgn
OffsetWindowOrgEx
EnumMetaFile
PlayMetaFile
ModifyWorldTransform
PlayMetaFileRecord
SetWorldTransform
GetObjectType
SetGraphicsMode
ExtSelectClipRgn
SetStretchBltMode
CreateDIBPatternBrushPt
GetClipRgn
SetROP2
CreateRectRgn
SetPolyFillMode
CreateHatchBrush
SelectClipPath
SetBkMode
CreateSolidBrush
PolyBezierTo
ExtCreatePen
SelectPalette
SetColorAdjustment
EnumFontFamiliesExW
CreateDCW
BitBlt
CreateRectRgnIndirect
PatBlt
UnrealizeObject
Rectangle
CreatePen
CreatePatternBrush
CreateBitmap
DeleteMetaFile
CloseMetaFile
TextOutW
GetViewportOrgEx
GetDeviceCaps
GetTextColor
Escape
GetStretchBltMode
GetPolyFillMode
RectVisible
ExtTextOutW
PtVisible
MoveToEx
GetCurrentPositionEx
GetROP2
GetTextAlign
GetTextExtentPoint32A
ScaleWindowExtEx
RestoreDC
SetWindowExtEx
ScaleViewportExtEx
SaveDC
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
GetNearestColor
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
CreateFontIndirectW
SetWindowOrgEx
GetWindowOrgEx
GetTextFaceW
GetStockObject
GetTextMetricsW
GetTextExtentPoint32W
DeleteObject
GetCharWidthW
CreateFontW
DeleteDC
StretchDIBits
SelectObject
GetBkColor
CreateCompatibleDC
CreateCompatibleBitmap
SetBkColor
GetObjectW
SetTextColor

user32

IsWindow
IsChild
DeferWindowPos
GetClassNameW
GetClientRect
GetLastActivePopup
GetClassInfoW
AdjustWindowRectEx
MapWindowPoints
MessageBoxW
SetPropW
GetFocus
GetForegroundWindow
RegisterClassW
GetTopWindow
SetWindowsHookExW
SetActiveWindow
SetForegroundWindow
SetFocus
SetScrollPos
GetMessageTime
CreateWindowExW
SendDlgItemMessageW
SendDlgItemMessageA
GetScrollPos
GetMessagePos
RegisterWindowMessageW
SetScrollRange
UpdateWindow
DestroyWindow
GetKeyState
GetScrollRange
WinHelpW
GetDlgCtrlID
ShowScrollBar
PostMessageW
SendMessageW
IsIconic
GetCapture
DefWindowProcW
GetWindowTextLengthW
SetScrollInfo
LoadIconW
GetWindowPlacement
GetWindowTextW
GetScrollInfo
GetWindowRect
GetPropW
GetDlgItem
IsWindowVisible
SystemParametersInfoA
CallWindowProcW
SetWindowPlacement
ScrollWindow
PtInRect
RemovePropW
TrackPopupMenu
OffsetRect
TrackPopupMenuEx
GetWindowLongW
IntersectRect
GetMenuItemCount
PeekMessageW
SetWindowLongW
BeginDeferWindowPos
CallNextHookEx
DispatchMessageW
SetWindowPos
CopyRect
GetClassLongW
GetSubMenu
EndDeferWindowPos
GetMenuItemID
ScreenToClient
GetSysColor
EnableWindow
TranslateAcceleratorW
InsertMenuItemW
ReleaseCapture
BringWindowToTop
UnpackDDElParam
SetCursor
ReuseDDElParam
GetDesktopWindow
IsWindowEnabled
ShowWindow
GetWindowThreadProcessId
GetActiveWindow
LoadMenuW
DestroyMenu
CreatePopupMenu
InvalidateRect
SetMenu
SetRectEmpty
LoadAcceleratorsW
LoadCursorW
EqualRect
WaitMessage
WindowFromPoint
SetCapture
ClientToScreen
GetMessageW
TranslateMessage
DrawMenuBar
DefMDIChildProcW
RedrawWindow
DefFrameProcW
TranslateMDISysAccel
InflateRect
KillTimer
SetTimer
SetRect
GetDC
ReleaseDC
IsZoomed
SetParent
IsRectEmpty
GetSystemMenu
DeleteMenu
AppendMenuW
GetDCEx
LockWindowUpdate
GetTabbedTextExtentA
DrawTextW
DrawTextExW
GrayStringW
UnionRect
MapVirtualKeyW
GetKeyNameTextW
DrawFocusRect
LoadBitmapW
FillRect
CreateDialogIndirectParamW
EndDialog
GetNextDlgTabItem
GetAsyncKeyState
MapDialogRect
GetDialogBaseUnits
TabbedTextOutW
GetWindowDC
BeginPaint
EndPaint
GetMenuStringW
SystemParametersInfoW
GetMenuItemInfoW
GetSysColorBrush
SetWindowTextW
CheckRadioButton
GetDlgItemInt
GetDlgItemTextW
SetDlgItemInt
SetDlgItemTextW
IsDlgButtonChecked
ScrollWindowEx
IsDialogMessageW
MoveWindow
CheckDlgButton
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
ModifyMenuW
GetMenuCheckMarkDimensions
DestroyIcon
DestroyCursor
SetCursorPos
DrawIcon
FindWindowW
SetWindowRgn
GetTabbedTextExtentW
MessageBeep
IsClipboardFormatAvailable
RemoveMenu
ValidateRect
PostQuitMessage
UnregisterClassW
ShowOwnedPopups
InsertMenuW
RegisterClipboardFormatW
SendNotifyMessageW
CopyAcceleratorTableW
InSendMessage
PostThreadMessageW
CreateMenu
WindowFromDC
CountClipboardFormats
SetWindowContextHelpId
CharNextW
InvalidateRgn
GetNextDlgGroupItem
ClipCursor
DrawEdge
EnumChildWindows
GetWindow
GetMenu
GetClassInfoExW
GetParent
MsgWaitForMultipleObjects
UnhookWindowsHookEx
GetCursorPos
CharUpperW
OemToCharBuffA
UnregisterClassA
CharToOemBuffA
GetSystemMetrics

shlwapi

UrlUnescapeW
PathFindFileNameW
PathRemoveExtensionW
PathFindExtensionW
PathStripToRootW
PathIsUNCW

Sections

.text
Size: 924KB - Virtual size: 923KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msvcp80.dll
.dll windows:4 windows x86 arch:x86

6488997e312be12f8300ea7b1c34d497

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msvcp80.i386.pdb

Imports

msvcr80

setvbuf
fwrite
??0exception@std@@QAE@XZ
_Getdays
_Getmonths
fgetpos
fseek
fsetpos
fclose
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
__iob_func
_invoke_watson
_fsopen
wcstombs_s
_wfsopen
_get_osplatform
mbstowcs_s
atan2
cos
exp
ldexp
log
pow
sin
sqrt
tan
fgetwc
fputwc
ungetwc
_Strftime
strcspn
_strtoi64
_strtoui64
sprintf_s
abort
??0exception@std@@QAE@ABQBDH@Z
_realloc_crt
setlocale
_malloc_crt
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
fputs
fflush
towlower
towupper
strcmp
_create_locale
_ui64toa_s
_free_locale
__pctype_func
_errno
___mb_cur_max_l_func
___lc_codepage_func
___lc_handle_func
__crtCompareStringA
___lc_collate_cp_func
__crtLCMapStringA
memcpy
isupper
_calloc_crt
islower
__crtGetStringTypeW
__crtLCMapStringW
__crtCompareStringW
isspace
tolower
strtod
isdigit
isalnum
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_crt_debugger_hook
__clean_type_info_names_internal
ungetc
fputc
fgetc
__CxxFrameHandler3
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
??2@YAPAXI@Z
_invalid_parameter_noinfo
??_V@YAXPAX@Z
_Gettnames
localeconv
free
memset
memchr
strlen
memcmp
wcslen
memmove_s
memcpy_s
??3@YAXPAX@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
__uncaught_exception
??0exception@std@@QAE@ABQBD@Z

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
Sleep
InterlockedDecrement
InterlockedIncrement
GetLocaleInfoA
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
InterlockedCompareExchange
GetSystemTimeAsFileTime

Exports

Exports

??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAD@Z
??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAD@Z
??$?5DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?5GU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAG@Z
??$?5GU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@PAG@Z
??$?5GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?5MDU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$complex@M@0@@Z
??$?5MGU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$complex@M@0@@Z
??$?5M_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$complex@M@0@@Z
??$?5NDU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$complex@N@0@@Z
??$?5NGU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$complex@N@0@@Z
??$?5N_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$complex@N@0@@Z
??$?5ODU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$complex@O@0@@Z
??$?5OGU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$complex@O@0@@Z
??$?5O_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$complex@O@0@@Z
??$?5U?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAC@Z
??$?5U?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAE@Z
??$?5U?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAC@Z
??$?5U?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAE@Z
??$?5_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AA_W@Z
??$?5_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@PA_W@Z
??$?5_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?6GU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@G@Z
??$?6GU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@PBG@Z
??$?6GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?6MDU?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$complex@M@0@@Z
??$?6MGU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$complex@M@0@@Z
??$?6M_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$complex@M@0@@Z
??$?6NDU?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$complex@N@0@@Z
??$?6NGU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$complex@N@0@@Z
??$?6N_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$complex@N@0@@Z
??$?6ODU?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$complex@O@0@@Z
??$?6OGU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$complex@O@0@@Z
??$?6O_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$complex@O@0@@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@C@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@E@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBC@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBE@Z
??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z
??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@_W@Z
??$?6_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?8M@std@@YA_NABMABV?$complex@M@0@@Z
??$?8M@std@@YA_NABV?$complex@M@0@0@Z
??$?8M@std@@YA_NABV?$complex@M@0@ABM@Z
??$?8N@std@@YA_NABNABV?$complex@N@0@@Z
??$?8N@std@@YA_NABV?$complex@N@0@0@Z
??$?8N@std@@YA_NABV?$complex@N@0@ABN@Z
??$?8O@std@@YA_NABOABV?$complex@O@0@@Z
??$?8O@std@@YA_NABV?$complex@O@0@0@Z
??$?8O@std@@YA_NABV?$complex@O@0@ABO@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?9M@std@@YA_NABMABV?$complex@M@0@@Z
??$?9M@std@@YA_NABV?$complex@M@0@0@Z
??$?9M@std@@YA_NABV?$complex@M@0@ABM@Z
??$?9N@std@@YA_NABNABV?$complex@N@0@@Z
??$?9N@std@@YA_NABV?$complex@N@0@0@Z
??$?9N@std@@YA_NABV?$complex@N@0@ABN@Z
??$?9O@std@@YA_NABOABV?$complex@O@0@@Z
??$?9O@std@@YA_NABV?$complex@O@0@0@Z
??$?9O@std@@YA_NABV?$complex@O@0@ABO@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?DM@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$?DM@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$?DM@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$?DN@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$?DN@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$?DN@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$?DO@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$?DO@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$?DO@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$?GM@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$?GM@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$?GM@std@@YA?AV?$complex@M@0@ABV10@@Z
??$?GM@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$?GN@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$?GN@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$?GN@std@@YA?AV?$complex@N@0@ABV10@@Z
??$?GN@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$?GO@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$?GO@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$?GO@std@@YA?AV?$complex@O@0@ABV10@@Z
??$?GO@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@DABV10@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@G@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@GABV10@@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z
??$?HM@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$?HM@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$?HM@std@@YA?AV?$complex@M@0@ABV10@@Z
??$?HM@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$?HN@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$?HN@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$?HN@std@@YA?AV?$complex@N@0@ABV10@@Z
??$?HN@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$?HO@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$?HO@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$?HO@std@@YA?AV?$complex@O@0@ABV10@@Z
??$?HO@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@_WABV10@@Z
??$?KM@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$?KM@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$?KM@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$?KN@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$?KN@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$?KN@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$?KO@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$?KO@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$?KO@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?NDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?NDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?NDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?NGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?NGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?NGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?N_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?N_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?N_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?ODU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?ODU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?ODU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?OGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?OGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?OGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?O_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?O_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?O_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?PDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?PDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?PDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?PGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?PGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?PGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?P_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?P_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?P_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$_Fabs@M@std@@YAMABV?$complex@M@0@PAH@Z
??$_Fabs@N@std@@YANABV?$complex@N@0@PAH@Z
??$_Fabs@O@std@@YAOABV?$complex@O@0@PAH@Z
??$abs@M@std@@YAMABV?$complex@M@0@@Z
??$abs@N@std@@YANABV?$complex@N@0@@Z
??$abs@O@std@@YAOABV?$complex@O@0@@Z
??$arg@M@std@@YAMABV?$complex@M@0@@Z
??$arg@N@std@@YANABV?$complex@N@0@@Z
??$arg@O@std@@YAOABV?$complex@O@0@@Z
??$conj@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$conj@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$conj@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$cos@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$cos@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$cos@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$cosh@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$cosh@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$cosh@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$exp@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$exp@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$exp@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@D@Z
??$getline@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$getline@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@G@Z
??$getline@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$getline@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@_W@Z
??$imag@M@std@@YAMABV?$complex@M@0@@Z
??$imag@N@std@@YANABV?$complex@N@0@@Z
??$imag@O@std@@YAOABV?$complex@O@0@@Z
??$log10@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$log10@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$log10@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$log@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$log@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$log@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$norm@M@std@@YAMABV?$complex@M@0@@Z
??$norm@N@std@@YANABV?$complex@N@0@@Z
??$norm@O@std@@YAOABV?$complex@O@0@@Z
??$polar@M@std@@YA?AV?$complex@M@0@ABM0@Z
??$polar@M@std@@YA?AV?$complex@M@0@ABM@Z
??$polar@N@std@@YA?AV?$complex@N@0@ABN0@Z
??$polar@N@std@@YA?AV?$complex@N@0@ABN@Z
??$polar@O@std@@YA?AV?$complex@O@0@ABO0@Z
??$polar@O@std@@YA?AV?$complex@O@0@ABO@Z
??$pow@M@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$pow@M@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$pow@M@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$pow@M@std@@YA?AV?$complex@M@0@ABV10@H@Z
??$pow@N@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$pow@N@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$pow@N@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$pow@N@std@@YA?AV?$complex@N@0@ABV10@H@Z
??$pow@O@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$pow@O@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$pow@O@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$pow@O@std@@YA?AV?$complex@O@0@ABV10@H@Z
??$real@M@std@@YAMABV?$complex@M@0@@Z
??$real@N@std@@YANABV?$complex@N@0@@Z
??$real@O@std@@YAOABV?$complex@O@0@@Z
??$sin@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$sin@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$sin@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$sinh@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$sinh@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$sinh@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$sqrt@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$sqrt@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$sqrt@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$tan@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$tan@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$tan@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$tanh@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$tanh@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$tanh@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??0?$_Complex_base@MU_C_float_complex@@@std@@QAE@ABM0@Z
??0?$_Complex_base@NU_C_double_complex@@@std@@QAE@ABN0@Z
??0?$_Complex_base@OU_C_ldouble_complex@@@std@@QAE@ABO0@Z
??0?$_Mpunct@D@std@@IAE@PBDI_N@Z
??0?$_Mpunct@D@std@@QAE@ABV_Locinfo@1@I_N@Z
??0?$_Mpunct@D@std@@QAE@I_N@Z
??0?$_Mpunct@G@std@@IAE@PBDI_N@Z
??0?$_Mpunct@G@std@@QAE@ABV_Locinfo@1@I_N@Z
??0?$_Mpunct@G@std@@QAE@I_N@Z
??0?$_Mpunct@_W@std@@IAE@PBDI_N@Z
??0?$_Mpunct@_W@std@@QAE@ABV_Locinfo@1@I_N@Z
??0?$_Mpunct@_W@std@@QAE@I_N@Z
??0?$_String_val@DV?$allocator@D@std@@@std@@IAE@V?$allocator@D@1@@Z
??0?$_String_val@DV?$allocator@D@std@@@std@@QAE@ABV01@@Z
??0?$_String_val@GV?$allocator@G@std@@@std@@IAE@V?$allocator@G@1@@Z
??0?$_String_val@GV?$allocator@G@std@@@std@@QAE@ABV01@@Z
??0?$_String_val@_WV?$allocator@_W@std@@@std@@IAE@V?$allocator@_W@1@@Z
??0?$_String_val@_WV?$allocator@_W@std@@@std@@QAE@ABV01@@Z
??0?$allocator@D@std@@QAE@ABV01@@Z
??0?$allocator@D@std@@QAE@XZ
??0?$allocator@G@std@@QAE@ABV01@@Z
??0?$allocator@G@std@@QAE@XZ
??0?$allocator@X@std@@QAE@ABV01@@Z
??0?$allocator@X@std@@QAE@XZ
??0?$allocator@_W@std@@QAE@ABV01@@Z
??0?$allocator@_W@std@@QAE@XZ
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_filebuf@GU?$char_traits@G@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_filebuf@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_filebuf@_WU?$char_traits@_W@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_filebuf@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PBGHH@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PB_WHH@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@PBDHH@Z
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@PBGHH@Z
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@PB_WHH@Z
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@XZ
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAE@PBDHH@Z
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAE@PBGHH@Z
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAE@PB_WHH@Z
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAE@XZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBGHH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PB_WHH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@PBDHH@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@PBGHH@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@PB_WHH@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@XZ
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAE@PBDHH@Z
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAE@PBGHH@Z
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAE@PB_WHH@Z
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N1@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N1@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_istringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@H@Z
??0?$basic_istringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBGHH@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PB_WHH@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@PBDHH@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@PBGHH@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@PB_WHH@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@XZ
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAE@PBDHH@Z
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAE@PBGHH@Z
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAE@PB_WHH@Z
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@_N@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@H@Z
??0?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@IIABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@V?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@1@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@II@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@IIABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IGABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG0@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGIABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@V?$_String_const_iterator@GU?$char_traits@G@std@@V?$allocator@G@2@@1@0@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@II@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@IIABV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@I_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@I_WABV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WABV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WIABV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@V?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_stringbuf@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@H@Z
??0?$basic_stringbuf@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@H@Z
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??0?$codecvt@DDH@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@DDH@std@@QAE@I@Z
??0?$codecvt@GDH@std@@IAE@PBDI@Z
??0?$codecvt@GDH@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@GDH@std@@QAE@I@Z
??0?$codecvt@_WDH@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@_WDH@std@@QAE@I@Z
??0?$collate@D@std@@IAE@PBDI@Z
??0?$collate@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$collate@D@std@@QAE@I@Z
??0?$collate@G@std@@IAE@PBDI@Z
??0?$collate@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$collate@G@std@@QAE@I@Z
??0?$collate@_W@std@@IAE@PBDI@Z
??0?$collate@_W@std@@QAE@ABV_Locinfo@1@I@Z
??0?$collate@_W@std@@QAE@I@Z
??0?$complex@M@std@@QAE@ABM0@Z
??0?$complex@M@std@@QAE@ABU_C_float_complex@@@Z
??0?$complex@M@std@@QAE@ABV?$complex@N@1@@Z
??0?$complex@M@std@@QAE@ABV?$complex@O@1@@Z
??0?$complex@N@std@@QAE@ABN0@Z
??0?$complex@N@std@@QAE@ABU_C_double_complex@@@Z
??0?$complex@N@std@@QAE@ABV?$complex@M@1@@Z
??0?$complex@N@std@@QAE@ABV?$complex@O@1@@Z
??0?$complex@O@std@@QAE@ABO0@Z
??0?$complex@O@std@@QAE@ABU_C_ldouble_complex@@@Z
??0?$complex@O@std@@QAE@ABV?$complex@M@1@@Z
??0?$complex@O@std@@QAE@ABV?$complex@N@1@@Z
??0?$ctype@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@D@std@@QAE@PBF_NI@Z
??0?$ctype@G@std@@IAE@PBDI@Z
??0?$ctype@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@G@std@@QAE@I@Z
??0?$ctype@_W@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@_W@std@@QAE@I@Z
??0?$messages@D@std@@IAE@PBDI@Z
??0?$messages@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$messages@D@std@@QAE@I@Z
??0?$messages@G@std@@IAE@PBDI@Z
??0?$messages@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$messages@G@std@@QAE@I@Z
??0?$messages@_W@std@@IAE@PBDI@Z
??0?$messages@_W@std@@QAE@ABV_Locinfo@1@I@Z
??0?$messages@_W@std@@QAE@I@Z
??0?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$money_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$money_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$money_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0?$moneypunct@D$00@std@@IAE@PBDI@Z
??0?$moneypunct@D$00@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@D$00@std@@QAE@I@Z
??0?$moneypunct@D$0A@@std@@IAE@PBDI@Z
??0?$moneypunct@D$0A@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@D$0A@@std@@QAE@I@Z
??0?$moneypunct@G$00@std@@IAE@PBDI@Z
??0?$moneypunct@G$00@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@G$00@std@@QAE@I@Z
??0?$moneypunct@G$0A@@std@@IAE@PBDI@Z
??0?$moneypunct@G$0A@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@G$0A@@std@@QAE@I@Z
??0?$moneypunct@_W$00@std@@IAE@PBDI@Z
??0?$moneypunct@_W$00@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@_W$00@std@@QAE@I@Z
??0?$moneypunct@_W$0A@@std@@IAE@PBDI@Z
??0?$moneypunct@_W$0A@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@_W$0A@@std@@QAE@I@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z

Sections

.text
Size: 208KB - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 292KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msvcr80.dll
.dll windows:4 windows x86 arch:x86

7fecbc4a16a5dc85a5394a1df6217680

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msvcr80.i386.pdb

Imports

msvcrt

_getdrives

kernel32

GetStringTypeA
GetLocalTime
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetSystemDirectoryW
GetLongPathNameW
GetCurrentThreadId
TlsGetValue
DebugBreak
OutputDebugStringA
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ExitThread
CloseHandle
GetLastError
ResumeThread
CreateThread
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThread
FindNextFileA
FindFirstFileA
FindClose
FindNextFileW
FindFirstFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
Sleep
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
HeapReAlloc
VirtualAlloc
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteConsoleW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSection
MultiByteToWideChar
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
WideCharToMultiByte
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
SetLocalTime
GetStringTypeW
LoadLibraryW
GetLocaleInfoA
GetLocaleInfoW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
RtlUnwind
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
SetStdHandle
CreateFileA
CompareStringA
CompareStringW
Beep
GetDiskFreeSpaceA
GetLogicalDrives
SetErrorMode
GetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetFileAttributesA
GetFullPathNameA
GetDriveTypeA
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
DeleteFileW
MoveFileW
RemoveDirectoryW
GetDriveTypeW
MoveFileA
RaiseException
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
CreateProcessW
HeapValidate
HeapCompact
HeapWalk
VirtualProtect
GetSystemInfo
VirtualQuery
IsDBCSLeadByteEx
ReadConsoleA
ReadConsoleW
SetConsoleMode
SetEndOfFile
DuplicateHandle
GetFileInformationByHandle
PeekNamedPipe
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
ReadConsoleInputW
LockFile
UnlockFile
CreatePipe
ReadFile
CreateFileW
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime

Exports

Exports

$I10_OUTPUT
??0__non_rtti_object@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
??0bad_typeid@std@@QAE@ABV01@@Z
??0bad_typeid@std@@QAE@PBD@Z
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABQBDH@Z
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
??1__non_rtti_object@std@@UAE@XZ
??1bad_cast@std@@UAE@XZ
??1bad_typeid@std@@UAE@XZ
??1exception@std@@UAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??2@YAPAXIHPBDH@Z
??3@YAXPAX@Z
??4__non_rtti_object@std@@QAEAAV01@ABV01@@Z
??4bad_cast@std@@QAEAAV01@ABV01@@Z
??4bad_typeid@std@@QAEAAV01@ABV01@@Z
??4exception@std@@QAEAAV01@ABV01@@Z
??8type_info@@QBE_NABV0@@Z
??9type_info@@QBE_NABV0@@Z
??_7__non_rtti_object@std@@6B@
??_7bad_cast@std@@6B@
??_7bad_typeid@std@@6B@
??_7exception@@6B@
??_7exception@std@@6B@
??_Fbad_cast@std@@QAEXXZ
??_Fbad_typeid@std@@QAEXXZ
??_U@YAPAXI@Z
??_U@YAPAXIHPBDH@Z
??_V@YAXPAX@Z
?_Name_base@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z
?_Name_base_internal@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z
?_Type_info_dtor@type_info@@CAXPAV1@@Z
?_Type_info_dtor_internal@type_info@@CAXPAV1@@Z
?_ValidateExecute@@YAHP6GHXZ@Z
?_ValidateRead@@YAHPBXI@Z
?_ValidateWrite@@YAHPAXI@Z
?_inconsistency@@YAXXZ
?_invalid_parameter@@YAXPBG00II@Z
?_is_exception_typeof@@YAHABVtype_info@@PAU_EXCEPTION_POINTERS@@@Z
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
?_open@@YAHPBDHH@Z
?_query_new_handler@@YAP6AHI@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AHI@ZH@Z
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?_sopen@@YAHPBDHHH@Z
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?_wopen@@YAHPB_WHH@Z
?_wsopen@@YAHPB_WHHH@Z
?before@type_info@@QBEHABV1@@Z
?name@type_info@@QBEPBDPAU__type_info_node@@@Z
?raw_name@type_info@@QBEPBDXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZH@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZH@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?swprintf@@YAHPAGIPBGZZ
?swprintf@@YAHPA_WIPB_WZZ
?terminate@@YAXXZ
?unexpected@@YAXXZ
?vswprintf@@YAHPA_WIPB_WPAD@Z
?what@exception@std@@UBEPBDXZ
@_calloc_crt@8
@_malloc_crt@4
@_realloc_crt@8
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CRT_RTC_INIT
_CRT_RTC_INITW
_CreateFrameInfo
_CxxThrowException
_EH_prolog
_FindAndUnlinkFrame
_Getdays
_Getmonths
_Gettnames
_HUGE
_IsExceptionObjectToBeDestroyed
_NLG_Dispatch2
_NLG_Return
_NLG_Return2
_Strftime
_XcptFilter
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__CppXcptFilter
__CxxCallUnwindDelDtor
__CxxCallUnwindDtor
__CxxCallUnwindStdDelDtor
__CxxCallUnwindVecDtor
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
__STRINGTOLD_L
__TypeMatch
___fls_getvalue@4
___fls_setvalue@8
___lc_codepage_func
___lc_collate_cp_func
___lc_handle_func
___mb_cur_max_func
___mb_cur_max_l_func
___setlc_active_func
___unguarded_readlc_active_add_func
__argc
__argv
__badioinfo
__clean_type_info_names_internal
__control87_2
__create_locale
__crtCompareStringA
__crtCompareStringW
__crtGetLocaleInfoW
__crtGetStringTypeW
__crtLCMapStringA
__crtLCMapStringW
__daylight
__dllonexit
__doserrno
__dstbias
__fpecode
__free_locale
__get_app_type
__get_current_locale
__get_flsindex
__get_tlsindex
__getmainargs
__initenv
__iob_func
__isascii
__iscsym
__iscsymf
__iswcsym
__iswcsymf
__lc_clike
__lc_codepage
__lc_collate_cp
__lc_handle
__lconv
__lconv_init
__libm_sse2_acos
__libm_sse2_acosf
__libm_sse2_asin
__libm_sse2_asinf
__libm_sse2_atan
__libm_sse2_atan2
__libm_sse2_atanf
__libm_sse2_cos
__libm_sse2_cosf
__libm_sse2_exp
__libm_sse2_expf
__libm_sse2_log
__libm_sse2_log10
__libm_sse2_log10f
__libm_sse2_logf
__libm_sse2_pow
__libm_sse2_powf
__libm_sse2_sin
__libm_sse2_sinf
__libm_sse2_tan
__libm_sse2_tanf
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__amblksiz
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__osplatform
__p__osver
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__winmajor
__p__winminor
__p__winver
__p__wpgmptr
__pctype_func
__pioinfo
__pwctype_func
__pxcptinfoptrs
__report_gsfailure
__set_app_type
__set_flsgetvalue
__setlc_active
__setusermatherr
__strncnt
__swprintf_l
__sys_errlist
__sys_nerr
__threadhandle
__threadid
__timezone
__toascii
__tzname
__unDName
__unDNameEx
__unDNameHelper
__uncaught_exception
__unguarded_readlc_active
__vswprintf_l
__wargv
__wcserror
__wcserror_s
__wcsncnt
__wgetmainargs
__winitenv
_abnormal_termination
_abs64
_access
_access_s
_acmdln
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_adjust_fdiv
_aexit_rtn
_aligned_free
_aligned_malloc
_aligned_msize
_aligned_offset_malloc
_aligned_offset_realloc
_aligned_offset_recalloc
_aligned_realloc
_aligned_recalloc
_amsg_exit
_assert
_atodbl
_atodbl_l
_atof_l
_atoflt
_atoflt_l
_atoi64
_atoi64_l
_atoi_l
_atol_l
_atoldbl
_atoldbl_l
_beep
_beginthread
_beginthreadex
_byteswap_uint64
_byteswap_ulong
_byteswap_ushort
_c_exit
_cabs
_callnewh
_calloc_crt
_cexit
_cgets
_cgets_s
_cgetws
_cgetws_s
_chdir
_chdrive
_chgsign
_chkesp
_chmod
_chsize
_chsize_s
_clearfp
_close
_commit
_commode
_configthreadlocale
_control87
_controlfp
_controlfp_s
_copysign
_cprintf
_cprintf_l
_cprintf_p
_cprintf_p_l
_cprintf_s
_cprintf_s_l
_cputs
_cputws
_creat
_create_locale
_crt_debugger_hook
_cscanf
_cscanf_l
_cscanf_s
_cscanf_s_l
_ctime32
_ctime32_s
_ctime64
_ctime64_s
_cwait
_cwprintf
_cwprintf_l
_cwprintf_p
_cwprintf_p_l
_cwprintf_s
_cwprintf_s_l
_cwscanf
_cwscanf_l
_cwscanf_s
_cwscanf_s_l
_daylight
_decode_pointer
_difftime32
_difftime64
_dosmaperr
_dstbias
_dup
_dup2
_dupenv_s
_ecvt
_ecvt_s
_encode_pointer
_encoded_null
_endthread
_endthreadex
_environ
_eof
_errno
_except_handler2
_except_handler3
_except_handler4_common
_execl
_execle
_execlp
_execlpe
_execv
_execve
_execvp
_execvpe
_exit
_expand
_fclose_nolock
_fcloseall
_fcvt
_fcvt_s
_fdopen
_fflush_nolock
_fgetchar
_fgetwc_nolock
_fgetwchar
_filbuf
_filelength
_filelengthi64
_fileno
_findclose
_findfirst32
_findfirst32i64
_findfirst64
_findfirst64i32
_findnext32
_findnext32i64
_findnext64
_findnext64i32
_finite
_flsbuf
_flushall
_fmode
_fpclass
_fpieee_flt
_fpreset
_fprintf_l
_fprintf_p
_fprintf_p_l
_fprintf_s_l
_fputchar
_fputwc_nolock
_fputwchar
_fread_nolock
_fread_nolock_s
_free_locale
_freea
_freea_s
_freefls
_fscanf_l
_fscanf_s_l
_fseek_nolock
_fseeki64
_fseeki64_nolock
_fsopen
_fstat32
_fstat32i64
_fstat64
_fstat64i32
_ftell_nolock
_ftelli64
_ftelli64_nolock
_ftime32
_ftime32_s
_ftime64
_ftime64_s
_ftol
_fullpath
_futime32
_futime64
_fwprintf_l
_fwprintf_p
_fwprintf_p_l
_fwprintf_s_l
_fwrite_nolock
_fwscanf_l
_fwscanf_s_l
_gcvt
_gcvt_s
_get_amblksiz
_get_current_locale
_get_daylight
_get_doserrno
_get_dstbias
_get_errno
_get_fmode
_get_heap_handle
_get_invalid_parameter_handler
_get_osfhandle
_get_osplatform
_get_osver
_get_output_format
_get_pgmptr
_get_printf_count_output
_get_purecall_handler
_get_sbh_threshold
_get_terminate
_get_timezone
_get_tzname
_get_unexpected
_get_winmajor
_get_winminor
_get_winver
_get_wpgmptr
_getch
_getch_nolock
_getche
_getche_nolock
_getcwd
_getdcwd
_getdcwd_nolock
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp

Sections

.text
Size: 396KB - Virtual size: 393KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
torpor.zip
wlessfp1.dll
.dll windows:4 windows x86 arch:x86

27546f66548d6eaef1e89e2953982807

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

45:f8:76:94:fe:8d:19:84:71:97:96:ae:c8:03:1d:f4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24-04-2012 00:00

Not After

23-04-2015 23:59

Subject

CN=Perion Network Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Perion Network Ltd.,L=Tel Aviv,ST=Tel Aviv,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:0f:bf:5e:51:59:b2:05:7f:fb:5a:53:bb:76:b7:83:81:91:e7:67
Signer

Actual PE Digest

5e:0f:bf:5e:51:59:b2:05:7f:fb:5a:53:bb:76:b7:83:81:91:e7:67

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

urlmon

CreateURLMoniker

kernel32

CreateFileMappingA
GlobalUnlock
GlobalLock
CreateFileW
LoadLibraryA
GetCurrentProcess
TerminateProcess
MapViewOfFile
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
InterlockedCompareExchange
Sleep
InterlockedExchange
UnhandledExceptionFilter
GetFileSize
UnmapViewOfFile
CloseHandle
VirtualProtect
GlobalSize
OutputDebugStringW
LoadLibraryW
GetProcAddress
FreeLibrary
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
IsDebuggerPresent

user32

SetWindowLongA
InvalidateRect
GetWindowRect
SetFocus
EndPaint
BeginPaint
UpdateWindow
SetCursor
DefWindowProcA
ReleaseCapture
DestroyWindow
RegisterClassExA
CreateWindowExA
ShowWindow
SetWindowRgn
GetCursorPos
ScreenToClient
SetCapture
ShowWindowAsync
SendMessageA
GetWindowLongA
UpdateLayeredWindow
SetWindowPos

gdi32

CreateDIBSection
CombineRgn
CreateRectRgnIndirect
CreateRectRgn
SelectClipRgn
DeleteDC
SelectObject
CreateCompatibleDC
GetRgnBox
BitBlt
DeleteObject

ole32

CoGetMalloc
CreateStreamOnHGlobal

oleaut32

LoadTypeLibEx
SysFreeString
SysAllocString
DispInvoke
VariantClear

msvcr80

malloc
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
_malloc_crt
_encode_pointer
free
memcpy
_vswprintf
memset
wcsncpy
??3@YAXPAX@Z
_wtoi64
wcsncmp
??2@YAPAXI@Z
_stricmp
strncpy
__CxxFrameHandler3
_crt_debugger_hook

Exports

Exports

??0WindowlessFlashPlayer@@QAE@ABV0@@Z
??0WindowlessFlashPlayer@@QAE@PA_W@Z
??1WindowlessFlashPlayer@@QAE@XZ
??4WindowlessFlashPlayer@@QAEAAV0@ABV0@@Z
??_7WindowlessFlashPlayer@@6B@
?GetFrameNumber@WindowlessFlashPlayer@@QAEJXZ
?GetMovieVersion@WindowlessFlashPlayer@@SAHPAX@Z
?GetMovieVersion@WindowlessFlashPlayer@@SAHPB_W@Z
?GetPosition@WindowlessFlashPlayer@@QAEXPAUtagPOINT@@@Z
?GetSize@WindowlessFlashPlayer@@QAEXPAUtagSIZE@@@Z
?GetVM1Variable@WindowlessFlashPlayer@@QAE_NPB_WPA_WH@Z
?GoToFrame@WindowlessFlashPlayer@@QAEXH@Z
?Hide@WindowlessFlashPlayer@@QAEXXZ
?OnCommand@WindowlessFlashPlayer@@UAEXPB_W0@Z
?OnWindowsMessage@WindowlessFlashPlayer@@UAEXGJI@Z
?Play@WindowlessFlashPlayer@@QAEXXZ
?SetAlwaysOnTop@WindowlessFlashPlayer@@QAEX_N@Z
?SetCursor@WindowlessFlashPlayer@@QAEXPAUHICON__@@@Z
?SetMovie@WindowlessFlashPlayer@@QAEXPAX@Z
?SetMovie@WindowlessFlashPlayer@@QAEXPB_W@Z
?SetParameter@WindowlessFlashPlayer@@QAEXPB_W0@Z
?SetPosition@WindowlessFlashPlayer@@QAEXPBUtagPOINT@@@Z
?SetRegion@WindowlessFlashPlayer@@QAEXPAUHRGN__@@@Z
?SetSize@WindowlessFlashPlayer@@QAEXPBUtagSIZE@@@Z
?SetVM1Variable@WindowlessFlashPlayer@@QAEXPB_W0@Z
?Show@WindowlessFlashPlayer@@QAEX_N@Z
?StartDrag@WindowlessFlashPlayer@@QAEXXZ
?Stop@WindowlessFlashPlayer@@QAEXXZ

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Password: infected

aba56a0f7290ac5134384764b9d92e60

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

45:f8:76:94:fe:8d:19:84:71:97:96:ae:c8:03:1d:f4Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

e0:2d:90:ab:e8:ab:19:6a:3c:e7:0d:51:c4:2f:a4:85:50:d2:50:29Signer

Headers

File Characteristics

PDB Paths

Imports

wininet

shell32

shlwapi

kernel32

user32

msvcp80

msvcr80

Exports

Exports

Sections

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

Password: infected

14347c7fffee889c42c4c06be0e3d25d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

45:f8:76:94:fe:8d:19:84:71:97:96:ae:c8:03:1d:f4Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

a8:64:23:c7:84:a0:8c:7b:cf:2a:89:db:8c:7f:ab:69:92:46:82:b3Signer

Headers

File Characteristics

PDB Paths

Imports

imutilsu

imlooku

imwrappu

gdi32

gdiplus

wlessfp1

mfc80u

msvcr80

kernel32

user32

advapi32

sfttree_ix86_u_60

ole32

oleaut32

msvcp80

Exports

Exports

Sections

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

45:f8:76:94:fe:8d:19:84:71:97:96:ae:c8:03:1d:f4
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

e0:2d:90:ab:e8:ab:19:6a:3c:e7:0d:51:c4:2f:a4:85:50:d2:50:29
Signer

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

45:f8:76:94:fe:8d:19:84:71:97:96:ae:c8:03:1d:f4
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

a8:64:23:c7:84:a0:8c:7b:cf:2a:89:db:8c:7f:ab:69:92:46:82:b3
Signer

.text
Size: 156KB - Virtual size: 154KB

.rdata
Size: 68KB - Virtual size: 64KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 20KB - Virtual size: 16KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

45:f8:76:94:fe:8d:19:84:71:97:96:ae:c8:03:1d:f4
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

ff:0e:31:d9:9e:0d:61:20:79:6d:36:1b:9c:68:b0:18:7f:5b:12:f5
Signer

.text
Size: 380KB - Virtual size: 377KB

.rdata
Size: 144KB - Virtual size: 141KB

.data
Size: 8KB - Virtual size: 10KB

.rsrc
Size: 20KB - Virtual size: 17KB

.reloc
Size: 44KB - Virtual size: 41KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

45:f8:76:94:fe:8d:19:84:71:97:96:ae:c8:03:1d:f4
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

d8:de:62:8d:78:17:aa:f9:33:c8:b8:f9:aa:96:b9:7c:5a:4a:f2:f7
Signer