Malicious
Classifications
Spyware
Threat Names
Mal/Generic-S Trojan.GenericKD.47065451
Dynamic Analysis Report
Created on 2021-09-28T06:37:00
4340bc1e1ddb5d268a010401be96435063de733a2601d158d13f56da9f20df5d.exe
Windows Exe (x86-32)
Remarks (1/1)
(0x0200000E): The overall sleep time of all monitored processes was truncated from "35 seconds" to "10 seconds" to reveal dormant functionality.
Remarks
(0x0200004A): One dump of 100 MB was skipped because it exceeded the maximum dump size of 16 MB.
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
| Filters: |
There are no files for this filter
There are no files in this analysis
| File Name | Category | Type | Verdict | Actions |
|---|
| C:\Users\RDhJ0CNFevzX\Desktop\4340bc1e1ddb5d268a010401be96435063de733a2601d158d13f56da9f20df5d.exe | Sample File | Binary |
malicious
|
...
|
»
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 4.89 MB |
| MD5 |
ec72a93f6279b16006f2196f330166ee
|
| SHA1 |
74b4d4a19500d3644a6a4f523ad7d4adcb1ace6f
|
| SHA256 |
4340bc1e1ddb5d268a010401be96435063de733a2601d158d13f56da9f20df5d
|
| SSDeep |
98304:8SiwHhbbp/qa7irrDRcLAs6EOZ354tnteHOBQNnPcMa:Np/qRv9qAzEPttRmcd
|
| ImpHash |
5a594319a0d69dbc452e748bcf05892e
|
File Reputation Information
»
| Verdict |
malicious
|
| Names | Mal/Generic-S |
AV Matches (1)
»
| Threat Name | Verdict |
|---|---|
| Trojan.GenericKD.47065451 |
malicious
|
PE Information
»
| Image Base | 0x400000 |
| Entry Point | 0x4b5eec |
| Size Of Code | 0xb5000 |
| Size Of Initialized Data | 0x15c00 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_gui |
| Machine Type | MachineType.i386 |
| Compile Timestamp | 2021-06-03 08:09:11+00:00 |
Version Information (8)
»
| Comments | This installation was built with Inno Setup. |
| CompanyName | XiliumHQ |
| FileDescription | Crystal Reports Extra Setup |
| FileVersion | 1.8.3.7 |
| LegalCopyright | |
| OriginalFileName | |
| ProductName | Crystal Reports Extra |
| ProductVersion | 1.8.3.7 |
Sections (10)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x401000 | 0xb361c | 0xb3800 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.36 |
| .itext | 0x4b5000 | 0x1688 | 0x1800 | 0xb3c00 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 5.97 |
| .data | 0x4b7000 | 0x37a4 | 0x3800 | 0xb5400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 5.04 |
| .bss | 0x4bb000 | 0x6de8 | 0x0 | 0x0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
| .idata | 0x4c2000 | 0xf36 | 0x1000 | 0xb8c00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 4.9 |
| .didata | 0x4c3000 | 0x1a4 | 0x200 | 0xb9c00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 2.76 |
| .edata | 0x4c4000 | 0x9a | 0x200 | 0xb9e00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 1.87 |
| .tls | 0x4c5000 | 0x18 | 0x0 | 0x0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
| .rdata | 0x4c6000 | 0x5d | 0x200 | 0xba000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 1.38 |
| .rsrc | 0x4c7000 | 0x10e00 | 0x10e00 | 0xba200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 3.71 |
Imports (7)
»
kernel32.dll (99)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetACP | - | 0x4c22e4 | 0xc20a0 | 0xb8ca0 | 0x0 |
| GetExitCodeProcess | - | 0x4c22e8 | 0xc20a4 | 0xb8ca4 | 0x0 |
| LocalFree | - | 0x4c22ec | 0xc20a8 | 0xb8ca8 | 0x0 |
| CloseHandle | - | 0x4c22f0 | 0xc20ac | 0xb8cac | 0x0 |
| SizeofResource | - | 0x4c22f4 | 0xc20b0 | 0xb8cb0 | 0x0 |
| VirtualProtect | - | 0x4c22f8 | 0xc20b4 | 0xb8cb4 | 0x0 |
| VirtualFree | - | 0x4c22fc | 0xc20b8 | 0xb8cb8 | 0x0 |
| GetFullPathNameW | - | 0x4c2300 | 0xc20bc | 0xb8cbc | 0x0 |
| ExitProcess | - | 0x4c2304 | 0xc20c0 | 0xb8cc0 | 0x0 |
| HeapAlloc | - | 0x4c2308 | 0xc20c4 | 0xb8cc4 | 0x0 |
| GetCPInfoExW | - | 0x4c230c | 0xc20c8 | 0xb8cc8 | 0x0 |
| RtlUnwind | - | 0x4c2310 | 0xc20cc | 0xb8ccc | 0x0 |
| GetCPInfo | - | 0x4c2314 | 0xc20d0 | 0xb8cd0 | 0x0 |
| GetStdHandle | - | 0x4c2318 | 0xc20d4 | 0xb8cd4 | 0x0 |
| GetModuleHandleW | - | 0x4c231c | 0xc20d8 | 0xb8cd8 | 0x0 |
| FreeLibrary | - | 0x4c2320 | 0xc20dc | 0xb8cdc | 0x0 |
| HeapDestroy | - | 0x4c2324 | 0xc20e0 | 0xb8ce0 | 0x0 |
| ReadFile | - | 0x4c2328 | 0xc20e4 | 0xb8ce4 | 0x0 |
| CreateProcessW | - | 0x4c232c | 0xc20e8 | 0xb8ce8 | 0x0 |
| GetLastError | - | 0x4c2330 | 0xc20ec | 0xb8cec | 0x0 |
| GetModuleFileNameW | - | 0x4c2334 | 0xc20f0 | 0xb8cf0 | 0x0 |
| SetLastError | - | 0x4c2338 | 0xc20f4 | 0xb8cf4 | 0x0 |
| FindResourceW | - | 0x4c233c | 0xc20f8 | 0xb8cf8 | 0x0 |
| CreateThread | - | 0x4c2340 | 0xc20fc | 0xb8cfc | 0x0 |
| CompareStringW | - | 0x4c2344 | 0xc2100 | 0xb8d00 | 0x0 |
| LoadLibraryA | - | 0x4c2348 | 0xc2104 | 0xb8d04 | 0x0 |
| ResetEvent | - | 0x4c234c | 0xc2108 | 0xb8d08 | 0x0 |
| GetVersion | - | 0x4c2350 | 0xc210c | 0xb8d0c | 0x0 |
| RaiseException | - | 0x4c2354 | 0xc2110 | 0xb8d10 | 0x0 |
| FormatMessageW | - | 0x4c2358 | 0xc2114 | 0xb8d14 | 0x0 |
| SwitchToThread | - | 0x4c235c | 0xc2118 | 0xb8d18 | 0x0 |
| GetExitCodeThread | - | 0x4c2360 | 0xc211c | 0xb8d1c | 0x0 |
| GetCurrentThread | - | 0x4c2364 | 0xc2120 | 0xb8d20 | 0x0 |
| LoadLibraryExW | - | 0x4c2368 | 0xc2124 | 0xb8d24 | 0x0 |
| LockResource | - | 0x4c236c | 0xc2128 | 0xb8d28 | 0x0 |
| GetCurrentThreadId | - | 0x4c2370 | 0xc212c | 0xb8d2c | 0x0 |
| UnhandledExceptionFilter | - | 0x4c2374 | 0xc2130 | 0xb8d30 | 0x0 |
| VirtualQuery | - | 0x4c2378 | 0xc2134 | 0xb8d34 | 0x0 |
| VirtualQueryEx | - | 0x4c237c | 0xc2138 | 0xb8d38 | 0x0 |
| Sleep | - | 0x4c2380 | 0xc213c | 0xb8d3c | 0x0 |
| EnterCriticalSection | - | 0x4c2384 | 0xc2140 | 0xb8d40 | 0x0 |
| SetFilePointer | - | 0x4c2388 | 0xc2144 | 0xb8d44 | 0x0 |
| LoadResource | - | 0x4c238c | 0xc2148 | 0xb8d48 | 0x0 |
| SuspendThread | - | 0x4c2390 | 0xc214c | 0xb8d4c | 0x0 |
| GetTickCount | - | 0x4c2394 | 0xc2150 | 0xb8d50 | 0x0 |
| GetFileSize | - | 0x4c2398 | 0xc2154 | 0xb8d54 | 0x0 |
| GetStartupInfoW | - | 0x4c239c | 0xc2158 | 0xb8d58 | 0x0 |
| GetFileAttributesW | - | 0x4c23a0 | 0xc215c | 0xb8d5c | 0x0 |
| InitializeCriticalSection | - | 0x4c23a4 | 0xc2160 | 0xb8d60 | 0x0 |
| GetThreadPriority | - | 0x4c23a8 | 0xc2164 | 0xb8d64 | 0x0 |
| SetThreadPriority | - | 0x4c23ac | 0xc2168 | 0xb8d68 | 0x0 |
| GetCurrentProcess | - | 0x4c23b0 | 0xc216c | 0xb8d6c | 0x0 |
| VirtualAlloc | - | 0x4c23b4 | 0xc2170 | 0xb8d70 | 0x0 |
| GetSystemInfo | - | 0x4c23b8 | 0xc2174 | 0xb8d74 | 0x0 |
| GetCommandLineW | - | 0x4c23bc | 0xc2178 | 0xb8d78 | 0x0 |
| LeaveCriticalSection | - | 0x4c23c0 | 0xc217c | 0xb8d7c | 0x0 |
| GetProcAddress | - | 0x4c23c4 | 0xc2180 | 0xb8d80 | 0x0 |
| ResumeThread | - | 0x4c23c8 | 0xc2184 | 0xb8d84 | 0x0 |
| GetVersionExW | - | 0x4c23cc | 0xc2188 | 0xb8d88 | 0x0 |
| VerifyVersionInfoW | - | 0x4c23d0 | 0xc218c | 0xb8d8c | 0x0 |
| HeapCreate | - | 0x4c23d4 | 0xc2190 | 0xb8d90 | 0x0 |
| GetWindowsDirectoryW | - | 0x4c23d8 | 0xc2194 | 0xb8d94 | 0x0 |
| VerSetConditionMask | - | 0x4c23dc | 0xc2198 | 0xb8d98 | 0x0 |
| GetDiskFreeSpaceW | - | 0x4c23e0 | 0xc219c | 0xb8d9c | 0x0 |
| FindFirstFileW | - | 0x4c23e4 | 0xc21a0 | 0xb8da0 | 0x0 |
| GetUserDefaultUILanguage | - | 0x4c23e8 | 0xc21a4 | 0xb8da4 | 0x0 |
| lstrlenW | - | 0x4c23ec | 0xc21a8 | 0xb8da8 | 0x0 |
| QueryPerformanceCounter | - | 0x4c23f0 | 0xc21ac | 0xb8dac | 0x0 |
| SetEndOfFile | - | 0x4c23f4 | 0xc21b0 | 0xb8db0 | 0x0 |
| HeapFree | - | 0x4c23f8 | 0xc21b4 | 0xb8db4 | 0x0 |
| WideCharToMultiByte | - | 0x4c23fc | 0xc21b8 | 0xb8db8 | 0x0 |
| FindClose | - | 0x4c2400 | 0xc21bc | 0xb8dbc | 0x0 |
| MultiByteToWideChar | - | 0x4c2404 | 0xc21c0 | 0xb8dc0 | 0x0 |
| LoadLibraryW | - | 0x4c2408 | 0xc21c4 | 0xb8dc4 | 0x0 |
| SetEvent | - | 0x4c240c | 0xc21c8 | 0xb8dc8 | 0x0 |
| CreateFileW | - | 0x4c2410 | 0xc21cc | 0xb8dcc | 0x0 |
| GetLocaleInfoW | - | 0x4c2414 | 0xc21d0 | 0xb8dd0 | 0x0 |
| GetSystemDirectoryW | - | 0x4c2418 | 0xc21d4 | 0xb8dd4 | 0x0 |
| DeleteFileW | - | 0x4c241c | 0xc21d8 | 0xb8dd8 | 0x0 |
| GetLocalTime | - | 0x4c2420 | 0xc21dc | 0xb8ddc | 0x0 |
| GetEnvironmentVariableW | - | 0x4c2424 | 0xc21e0 | 0xb8de0 | 0x0 |
| WaitForSingleObject | - | 0x4c2428 | 0xc21e4 | 0xb8de4 | 0x0 |
| WriteFile | - | 0x4c242c | 0xc21e8 | 0xb8de8 | 0x0 |
| ExitThread | - | 0x4c2430 | 0xc21ec | 0xb8dec | 0x0 |
| DeleteCriticalSection | - | 0x4c2434 | 0xc21f0 | 0xb8df0 | 0x0 |
| TlsGetValue | - | 0x4c2438 | 0xc21f4 | 0xb8df4 | 0x0 |
| GetDateFormatW | - | 0x4c243c | 0xc21f8 | 0xb8df8 | 0x0 |
| SetErrorMode | - | 0x4c2440 | 0xc21fc | 0xb8dfc | 0x0 |
| IsValidLocale | - | 0x4c2444 | 0xc2200 | 0xb8e00 | 0x0 |
| TlsSetValue | - | 0x4c2448 | 0xc2204 | 0xb8e04 | 0x0 |
| CreateDirectoryW | - | 0x4c244c | 0xc2208 | 0xb8e08 | 0x0 |
| GetSystemDefaultUILanguage | - | 0x4c2450 | 0xc220c | 0xb8e0c | 0x0 |
| EnumCalendarInfoW | - | 0x4c2454 | 0xc2210 | 0xb8e10 | 0x0 |
| LocalAlloc | - | 0x4c2458 | 0xc2214 | 0xb8e14 | 0x0 |
| GetUserDefaultLangID | - | 0x4c245c | 0xc2218 | 0xb8e18 | 0x0 |
| RemoveDirectoryW | - | 0x4c2460 | 0xc221c | 0xb8e1c | 0x0 |
| CreateEventW | - | 0x4c2464 | 0xc2220 | 0xb8e20 | 0x0 |
| SetThreadLocale | - | 0x4c2468 | 0xc2224 | 0xb8e24 | 0x0 |
| GetThreadLocale | - | 0x4c246c | 0xc2228 | 0xb8e28 | 0x0 |
comctl32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| InitCommonControls | - | 0x4c2474 | 0xc2230 | 0xb8e30 | 0x0 |
version.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetFileVersionInfoSizeW | - | 0x4c247c | 0xc2238 | 0xb8e38 | 0x0 |
| VerQueryValueW | - | 0x4c2480 | 0xc223c | 0xb8e3c | 0x0 |
| GetFileVersionInfoW | - | 0x4c2484 | 0xc2240 | 0xb8e40 | 0x0 |
user32.dll (16)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CreateWindowExW | - | 0x4c248c | 0xc2248 | 0xb8e48 | 0x0 |
| TranslateMessage | - | 0x4c2490 | 0xc224c | 0xb8e4c | 0x0 |
| CharLowerBuffW | - | 0x4c2494 | 0xc2250 | 0xb8e50 | 0x0 |
| CallWindowProcW | - | 0x4c2498 | 0xc2254 | 0xb8e54 | 0x0 |
| CharUpperW | - | 0x4c249c | 0xc2258 | 0xb8e58 | 0x0 |
| PeekMessageW | - | 0x4c24a0 | 0xc225c | 0xb8e5c | 0x0 |
| GetSystemMetrics | - | 0x4c24a4 | 0xc2260 | 0xb8e60 | 0x0 |
| SetWindowLongW | - | 0x4c24a8 | 0xc2264 | 0xb8e64 | 0x0 |
| MessageBoxW | - | 0x4c24ac | 0xc2268 | 0xb8e68 | 0x0 |
| DestroyWindow | - | 0x4c24b0 | 0xc226c | 0xb8e6c | 0x0 |
| CharUpperBuffW | - | 0x4c24b4 | 0xc2270 | 0xb8e70 | 0x0 |
| CharNextW | - | 0x4c24b8 | 0xc2274 | 0xb8e74 | 0x0 |
| MsgWaitForMultipleObjects | - | 0x4c24bc | 0xc2278 | 0xb8e78 | 0x0 |
| LoadStringW | - | 0x4c24c0 | 0xc227c | 0xb8e7c | 0x0 |
| ExitWindowsEx | - | 0x4c24c4 | 0xc2280 | 0xb8e80 | 0x0 |
| DispatchMessageW | - | 0x4c24c8 | 0xc2284 | 0xb8e84 | 0x0 |
oleaut32.dll (11)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SysAllocStringLen | - | 0x4c24d0 | 0xc228c | 0xb8e8c | 0x0 |
| SafeArrayPtrOfIndex | - | 0x4c24d4 | 0xc2290 | 0xb8e90 | 0x0 |
| VariantCopy | - | 0x4c24d8 | 0xc2294 | 0xb8e94 | 0x0 |
| SafeArrayGetLBound | - | 0x4c24dc | 0xc2298 | 0xb8e98 | 0x0 |
| SafeArrayGetUBound | - | 0x4c24e0 | 0xc229c | 0xb8e9c | 0x0 |
| VariantInit | - | 0x4c24e4 | 0xc22a0 | 0xb8ea0 | 0x0 |
| VariantClear | - | 0x4c24e8 | 0xc22a4 | 0xb8ea4 | 0x0 |
| SysFreeString | - | 0x4c24ec | 0xc22a8 | 0xb8ea8 | 0x0 |
| SysReAllocStringLen | - | 0x4c24f0 | 0xc22ac | 0xb8eac | 0x0 |
| VariantChangeType | - | 0x4c24f4 | 0xc22b0 | 0xb8eb0 | 0x0 |
| SafeArrayCreate | - | 0x4c24f8 | 0xc22b4 | 0xb8eb4 | 0x0 |
netapi32.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| NetWkstaGetInfo | - | 0x4c2500 | 0xc22bc | 0xb8ebc | 0x0 |
| NetApiBufferFree | - | 0x4c2504 | 0xc22c0 | 0xb8ec0 | 0x0 |
advapi32.dll (6)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| RegQueryValueExW | - | 0x4c250c | 0xc22c8 | 0xb8ec8 | 0x0 |
| AdjustTokenPrivileges | - | 0x4c2510 | 0xc22cc | 0xb8ecc | 0x0 |
| LookupPrivilegeValueW | - | 0x4c2514 | 0xc22d0 | 0xb8ed0 | 0x0 |
| RegCloseKey | - | 0x4c2518 | 0xc22d4 | 0xb8ed4 | 0x0 |
| OpenProcessToken | - | 0x4c251c | 0xc22d8 | 0xb8ed8 | 0x0 |
| RegOpenKeyExW | - | 0x4c2520 | 0xc22dc | 0xb8edc | 0x0 |
Exports (3)
»
| Api name | EAT Address | Ordinal |
|---|---|---|
| TMethodImplementationIntercept | 0x54060 | 0x3 |
| __dbk_fcall_wrapper | 0xd0a0 | 0x2 |
| dbkFCallWrapperAddr | 0xbe63c | 0x1 |
Memory Dumps (3)
»
| Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|---|
| 4340bc1e1ddb5d268a010401be96435063de733a2601d158d13f56da9f20df5d.exe | 1 | 0x00400000 | 0x004D7FFF | Relevant Image |
|
32-bit | 0x0040B3E8 |
|
|
...
|
| 4340bc1e1ddb5d268a010401be96435063de733a2601d158d13f56da9f20df5d.exe | 1 | 0x00400000 | 0x004D7FFF | Process Termination |
|
32-bit | - |
|
|
...
|
| 4340bc1e1ddb5d268a010401be96435063de733a2601d158d13f56da9f20df5d.exe | 3 | 0x00400000 | 0x004D7FFF | Process Termination |
|
32-bit | - |
|
|
...
|
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\is-LS2TF.tmp | Dropped File | Binary |
malicious
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\CrystalReports.exe (Dropped File) |
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 4.68 MB |
| MD5 |
11dd538f1bf5f174834dba334964a691
|
| SHA1 |
3b080fa94c71cfab65a0cd407eacac4c2b1b2378
|
| SHA256 |
1bc4b73613228169ef7f57222ef36a6d9b3a2f3347efa2228c53dc3b83559888
|
| SSDeep |
49152:dYQUcTX0/fq7b81I89fNkiiD3khqwqREQDfqtd4keAG4/lqQNOhw5XlAzmGLateC:5zB7b8O8QZrjwwhw5XlACGm8CtxARti
|
| ImpHash |
440db9d8a5f74894e973a4702e6b9e71
|
PE Information
»
| Image Base | 0x400000 |
| Entry Point | 0x685164 |
| Size Of Code | 0x365400 |
| Size Of Initialized Data | 0x149600 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_gui |
| Machine Type | MachineType.i386 |
| Compile Timestamp | 2021-09-27 18:38:41+00:00 |
Version Information (6)
»
| CompanyName | XiliumHQ |
| FileDescription | Xilium CefGlue Reporter Tool |
| LegalCopyright | Copyright © XiliumHQ 2021 |
| OriginalFilename | CefGlue |
| ProductName | Device CefGlue |
| ProductVersion | 1.8.3.7 |
Sections (4)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x401000 | 0x365396 | 0x365400 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 6.64 |
| .rdata | 0x767000 | 0x10b21c | 0x10b400 | 0x365800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.58 |
| .data | 0x873000 | 0x134c0 | 0x11c00 | 0x470c00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 4.71 |
| .rsrc | 0x887000 | 0x2c548 | 0x2c600 | 0x482800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 6.16 |
Imports (3)
»
KERNEL32.dll (155)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetModuleFileNameA | - | 0x767000 | 0x470cd0 | 0x46f4d0 | 0x276 |
| GetModuleFileNameW | - | 0x767004 | 0x470cd4 | 0x46f4d4 | 0x277 |
| LoadLibraryA | - | 0x767008 | 0x470cd8 | 0x46f4d8 | 0x3c5 |
| SetCurrentDirectoryW | - | 0x76700c | 0x470cdc | 0x46f4dc | 0x50b |
| GetWindowsDirectoryW | - | 0x767010 | 0x470ce0 | 0x46f4e0 | 0x329 |
| GetProcAddress | - | 0x767014 | 0x470ce4 | 0x46f4e4 | 0x2b1 |
| ExitProcess | - | 0x767018 | 0x470ce8 | 0x46f4e8 | 0x161 |
| OutputDebugStringA | - | 0x76701c | 0x470cec | 0x46f4ec | 0x41a |
| GetLastError | - | 0x767020 | 0x470cf0 | 0x46f4f0 | 0x264 |
| QueryPerformanceCounter | - | 0x767024 | 0x470cf4 | 0x46f4f4 | 0x44f |
| QueryPerformanceFrequency | - | 0x767028 | 0x470cf8 | 0x46f4f8 | 0x450 |
| FindClose | - | 0x76702c | 0x470cfc | 0x46f4fc | 0x178 |
| FindNextFileW | - | 0x767030 | 0x470d00 | 0x46f500 | 0x18f |
| GetSystemDirectoryW | - | 0x767034 | 0x470d04 | 0x46f504 | 0x2e3 |
| FreeLibrary | - | 0x767038 | 0x470d08 | 0x46f508 | 0x1ae |
| GetModuleHandleA | - | 0x76703c | 0x470d0c | 0x46f50c | 0x278 |
| MultiByteToWideChar | - | 0x767040 | 0x470d10 | 0x46f510 | 0x3f3 |
| WideCharToMultiByte | - | 0x767044 | 0x470d14 | 0x46f514 | 0x602 |
| LoadLibraryW | - | 0x767048 | 0x470d18 | 0x46f518 | 0x3c8 |
| GetFullPathNameW | - | 0x76704c | 0x470d1c | 0x46f51c | 0x25c |
| GetLongPathNameW | - | 0x767050 | 0x470d20 | 0x46f520 | 0x271 |
| GetShortPathNameW | - | 0x767054 | 0x470d24 | 0x46f524 | 0x2d0 |
| EnterCriticalSection | - | 0x767058 | 0x470d28 | 0x46f528 | 0x134 |
| LeaveCriticalSection | - | 0x76705c | 0x470d2c | 0x46f52c | 0x3c1 |
| Sleep | - | 0x767060 | 0x470d30 | 0x46f530 | 0x581 |
| InitializeCriticalSectionAndSpinCount | - | 0x767064 | 0x470d34 | 0x46f534 | 0x362 |
| TryEnterCriticalSection | - | 0x767068 | 0x470d38 | 0x46f538 | 0x5ab |
| DeleteCriticalSection | - | 0x76706c | 0x470d3c | 0x46f53c | 0x113 |
| GetSystemTimeAsFileTime | - | 0x767070 | 0x470d40 | 0x46f540 | 0x2ec |
| GetTimeZoneInformation | - | 0x767074 | 0x470d44 | 0x46f544 | 0x311 |
| CloseHandle | - | 0x767078 | 0x470d48 | 0x46f548 | 0x89 |
| SetEvent | - | 0x76707c | 0x470d4c | 0x46f54c | 0x518 |
| ResetEvent | - | 0x767080 | 0x470d50 | 0x46f550 | 0x4c8 |
| CreateMutexW | - | 0x767084 | 0x470d54 | 0x46f554 | 0xdd |
| CreateEventW | - | 0x767088 | 0x470d58 | 0x46f558 | 0xc2 |
| WaitForMultipleObjects | - | 0x76708c | 0x470d5c | 0x46f55c | 0x5d9 |
| FlushFileBuffers | - | 0x767090 | 0x470d60 | 0x46f560 | 0x1a2 |
| GetTickCount | - | 0x767094 | 0x470d64 | 0x46f564 | 0x30a |
| MapViewOfFile | - | 0x767098 | 0x470d68 | 0x46f568 | 0x3e2 |
| CreateFileMappingW | - | 0x76709c | 0x470d6c | 0x46f56c | 0xcb |
| FormatMessageA | - | 0x7670a0 | 0x470d70 | 0x46f570 | 0x1a9 |
| GetSystemTime | - | 0x7670a4 | 0x470d74 | 0x46f574 | 0x2ea |
| SystemTimeToFileTime | - | 0x7670a8 | 0x470d78 | 0x46f578 | 0x58c |
| GetProcessHeap | - | 0x7670ac | 0x470d7c | 0x46f57c | 0x2b7 |
| GetCurrentProcessId | - | 0x7670b0 | 0x470d80 | 0x46f580 | 0x21b |
| GetFileSize | - | 0x7670b4 | 0x470d84 | 0x46f584 | 0x24e |
| LockFileEx | - | 0x7670b8 | 0x470d88 | 0x46f588 | 0x3de |
| LocalFree | - | 0x7670bc | 0x470d8c | 0x46f58c | 0x3d3 |
| UnlockFile | - | 0x7670c0 | 0x470d90 | 0x46f590 | 0x5b2 |
| HeapDestroy | - | 0x7670c4 | 0x470d94 | 0x46f594 | 0x34b |
| HeapCompact | - | 0x7670c8 | 0x470d98 | 0x46f598 | 0x349 |
| HeapAlloc | - | 0x7670cc | 0x470d9c | 0x46f59c | 0x348 |
| GetSystemInfo | - | 0x7670d0 | 0x470da0 | 0x46f5a0 | 0x2e6 |
| HeapReAlloc | - | 0x7670d4 | 0x470da4 | 0x46f5a4 | 0x34f |
| DeleteFileW | - | 0x7670d8 | 0x470da8 | 0x46f5a8 | 0x118 |
| DeleteFileA | - | 0x7670dc | 0x470dac | 0x46f5ac | 0x115 |
| WaitForSingleObjectEx | - | 0x7670e0 | 0x470db0 | 0x46f5b0 | 0x5dc |
| CreateFileA | - | 0x7670e4 | 0x470db4 | 0x46f5b4 | 0xc6 |
| FlushViewOfFile | - | 0x7670e8 | 0x470db8 | 0x46f5b8 | 0x1a5 |
| OutputDebugStringW | - | 0x7670ec | 0x470dbc | 0x46f5bc | 0x41b |
| GetFileAttributesExW | - | 0x7670f0 | 0x470dc0 | 0x46f5c0 | 0x245 |
| GetFileAttributesA | - | 0x7670f4 | 0x470dc4 | 0x46f5c4 | 0x243 |
| GetDiskFreeSpaceA | - | 0x7670f8 | 0x470dc8 | 0x46f5c8 | 0x229 |
| FormatMessageW | - | 0x7670fc | 0x470dcc | 0x46f5cc | 0x1aa |
| GetTempPathA | - | 0x767100 | 0x470dd0 | 0x46f5d0 | 0x2f8 |
| HeapSize | - | 0x767104 | 0x470dd4 | 0x46f5d4 | 0x351 |
| HeapValidate | - | 0x767108 | 0x470dd8 | 0x46f5d8 | 0x354 |
| UnmapViewOfFile | - | 0x76710c | 0x470ddc | 0x46f5dc | 0x5b4 |
| GetFileAttributesW | - | 0x767110 | 0x470de0 | 0x46f5e0 | 0x248 |
| CreateFileW | - | 0x767114 | 0x470de4 | 0x46f5e4 | 0xce |
| GetTempPathW | - | 0x767118 | 0x470de8 | 0x46f5e8 | 0x2f9 |
| UnlockFileEx | - | 0x76711c | 0x470dec | 0x46f5ec | 0x5b3 |
| SetEndOfFile | - | 0x767120 | 0x470df0 | 0x46f5f0 | 0x512 |
| GetFullPathNameA | - | 0x767124 | 0x470df4 | 0x46f5f4 | 0x259 |
| SetFilePointer | - | 0x767128 | 0x470df8 | 0x46f5f8 | 0x524 |
| LockFile | - | 0x76712c | 0x470dfc | 0x46f5fc | 0x3dd |
| GetDiskFreeSpaceW | - | 0x767130 | 0x470e00 | 0x46f600 | 0x22c |
| WriteFile | - | 0x767134 | 0x470e04 | 0x46f604 | 0x616 |
| HeapFree | - | 0x767138 | 0x470e08 | 0x46f608 | 0x34c |
| HeapCreate | - | 0x76713c | 0x470e0c | 0x46f60c | 0x34a |
| ReadFile | - | 0x767140 | 0x470e10 | 0x46f610 | 0x475 |
| InitializeCriticalSection | - | 0x767144 | 0x470e14 | 0x46f614 | 0x361 |
| GetCurrentThreadId | - | 0x767148 | 0x470e18 | 0x46f618 | 0x21f |
| IsProcessorFeaturePresent | - | 0x76714c | 0x470e1c | 0x46f61c | 0x389 |
| UnhandledExceptionFilter | - | 0x767150 | 0x470e20 | 0x46f620 | 0x5b1 |
| SetUnhandledExceptionFilter | - | 0x767154 | 0x470e24 | 0x46f624 | 0x571 |
| GetCurrentProcess | - | 0x767158 | 0x470e28 | 0x46f628 | 0x21a |
| TerminateProcess | - | 0x76715c | 0x470e2c | 0x46f62c | 0x590 |
| GetModuleHandleW | - | 0x767160 | 0x470e30 | 0x46f630 | 0x27b |
| InitializeSListHead | - | 0x767164 | 0x470e34 | 0x46f634 | 0x366 |
| IsDebuggerPresent | - | 0x767168 | 0x470e38 | 0x46f638 | 0x382 |
| GetStartupInfoW | - | 0x76716c | 0x470e3c | 0x46f63c | 0x2d3 |
| InitializeCriticalSectionEx | - | 0x767170 | 0x470e40 | 0x46f640 | 0x363 |
| EncodePointer | - | 0x767174 | 0x470e44 | 0x46f644 | 0x130 |
| DecodePointer | - | 0x767178 | 0x470e48 | 0x46f648 | 0x10c |
| LCMapStringEx | - | 0x76717c | 0x470e4c | 0x46f64c | 0x3b4 |
| GetStringTypeW | - | 0x767180 | 0x470e50 | 0x46f650 | 0x2da |
| GetCPInfo | - | 0x767184 | 0x470e54 | 0x46f654 | 0x1c4 |
| RtlUnwind | - | 0x767188 | 0x470e58 | 0x46f658 | 0x4d5 |
| RaiseException | - | 0x76718c | 0x470e5c | 0x46f65c | 0x464 |
| InterlockedPushEntrySList | - | 0x767190 | 0x470e60 | 0x46f660 | 0x372 |
| SetLastError | - | 0x767194 | 0x470e64 | 0x46f664 | 0x534 |
| TlsAlloc | - | 0x767198 | 0x470e68 | 0x46f668 | 0x5a2 |
| TlsGetValue | - | 0x76719c | 0x470e6c | 0x46f66c | 0x5a4 |
| TlsSetValue | - | 0x7671a0 | 0x470e70 | 0x46f670 | 0x5a5 |
| TlsFree | - | 0x7671a4 | 0x470e74 | 0x46f674 | 0x5a3 |
| LoadLibraryExW | - | 0x7671a8 | 0x470e78 | 0x46f678 | 0x3c7 |
| CreateThread | - | 0x7671ac | 0x470e7c | 0x46f67c | 0xf6 |
| ExitThread | - | 0x7671b0 | 0x470e80 | 0x46f680 | 0x162 |
| ResumeThread | - | 0x7671b4 | 0x470e84 | 0x46f684 | 0x4cf |
| FreeLibraryAndExitThread | - | 0x7671b8 | 0x470e88 | 0x46f688 | 0x1af |
| GetModuleHandleExW | - | 0x7671bc | 0x470e8c | 0x46f68c | 0x27a |
| GetDriveTypeW | - | 0x7671c0 | 0x470e90 | 0x46f690 | 0x232 |
| GetFileInformationByHandle | - | 0x7671c4 | 0x470e94 | 0x46f694 | 0x24a |
| GetFileType | - | 0x7671c8 | 0x470e98 | 0x46f698 | 0x251 |
| PeekNamedPipe | - | 0x7671cc | 0x470e9c | 0x46f69c | 0x424 |
| SystemTimeToTzSpecificLocalTime | - | 0x7671d0 | 0x470ea0 | 0x46f6a0 | 0x58d |
| FileTimeToSystemTime | - | 0x7671d4 | 0x470ea4 | 0x46f6a4 | 0x16d |
| SetEnvironmentVariableW | - | 0x7671d8 | 0x470ea8 | 0x46f6a8 | 0x516 |
| GetCurrentDirectoryW | - | 0x7671dc | 0x470eac | 0x46f6ac | 0x214 |
| CreateDirectoryW | - | 0x7671e0 | 0x470eb0 | 0x46f6b0 | 0xbd |
| GetStdHandle | - | 0x7671e4 | 0x470eb4 | 0x46f6b4 | 0x2d5 |
| GetCurrentThread | - | 0x7671e8 | 0x470eb8 | 0x46f6b8 | 0x21e |
| CompareStringW | - | 0x7671ec | 0x470ebc | 0x46f6bc | 0x9e |
| LCMapStringW | - | 0x7671f0 | 0x470ec0 | 0x46f6c0 | 0x3b5 |
| GetLocaleInfoW | - | 0x7671f4 | 0x470ec4 | 0x46f6c4 | 0x268 |
| IsValidLocale | - | 0x7671f8 | 0x470ec8 | 0x46f6c8 | 0x391 |
| GetUserDefaultLCID | - | 0x7671fc | 0x470ecc | 0x46f6cc | 0x315 |
| EnumSystemLocalesW | - | 0x767200 | 0x470ed0 | 0x46f6d0 | 0x157 |
| SetFilePointerEx | - | 0x767204 | 0x470ed4 | 0x46f6d4 | 0x525 |
| GetConsoleMode | - | 0x767208 | 0x470ed8 | 0x46f6d8 | 0x1ff |
| ReadConsoleW | - | 0x76720c | 0x470edc | 0x46f6dc | 0x472 |
| GetConsoleOutputCP | - | 0x767210 | 0x470ee0 | 0x46f6e0 | 0x203 |
| GetFileSizeEx | - | 0x767214 | 0x470ee4 | 0x46f6e4 | 0x24f |
| SetStdHandle | - | 0x767218 | 0x470ee8 | 0x46f6e8 | 0x54e |
| FindFirstFileExW | - | 0x76721c | 0x470eec | 0x46f6ec | 0x17e |
| IsValidCodePage | - | 0x767220 | 0x470ef0 | 0x46f6f0 | 0x38f |
| GetACP | - | 0x767224 | 0x470ef4 | 0x46f6f4 | 0x1b5 |
| GetOEMCP | - | 0x767228 | 0x470ef8 | 0x46f6f8 | 0x29a |
| GetCommandLineA | - | 0x76722c | 0x470efc | 0x46f6fc | 0x1d9 |
| GetCommandLineW | - | 0x767230 | 0x470f00 | 0x46f700 | 0x1da |
| GetEnvironmentStringsW | - | 0x767234 | 0x470f04 | 0x46f704 | 0x23a |
| FreeEnvironmentStringsW | - | 0x767238 | 0x470f08 | 0x46f708 | 0x1ad |
| WriteConsoleW | - | 0x76723c | 0x470f0c | 0x46f70c | 0x615 |
| CreateSemaphoreA | - | 0x767240 | 0x470f10 | 0x46f710 | 0xec |
| ReleaseSemaphore | - | 0x767244 | 0x470f14 | 0x46f714 | 0x4b6 |
| CreateWaitableTimerA | - | 0x767248 | 0x470f18 | 0x46f718 | 0x100 |
| SetThreadAffinityMask | - | 0x76724c | 0x470f1c | 0x46f71c | 0x557 |
| TerminateThread | - | 0x767250 | 0x470f20 | 0x46f720 | 0x591 |
| SetThreadPriority | - | 0x767254 | 0x470f24 | 0x46f724 | 0x562 |
| SwitchToThread | - | 0x767258 | 0x470f28 | 0x46f728 | 0x58b |
| SetWaitableTimer | - | 0x76725c | 0x470f2c | 0x46f72c | 0x57a |
| CreateEventA | - | 0x767260 | 0x470f30 | 0x46f730 | 0xbf |
| AreFileApisANSI | - | 0x767264 | 0x470f34 | 0x46f734 | 0x23 |
| WaitForSingleObject | - | 0x767268 | 0x470f38 | 0x46f738 | 0x5db |
USER32.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetActiveWindow | - | 0x7673e4 | 0x4710b4 | 0x46f8b4 | 0x11a |
| MessageBoxA | - | 0x7673e8 | 0x4710b8 | 0x46f8b8 | 0x281 |
OPENGL32.dll (92)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| glLoadMatrixd | - | 0x767270 | 0x470f40 | 0x46f740 | 0xa5 |
| glMatrixMode | - | 0x767274 | 0x470f44 | 0x46f744 | 0xb5 |
| glReadBuffer | - | 0x767278 | 0x470f48 | 0x46f748 | 0xf3 |
| glColor4fv | - | 0x76727c | 0x470f4c | 0x46f74c | 0x2c |
| glColorMaterial | - | 0x767280 | 0x470f50 | 0x46f750 | 0x38 |
| glMaterialf | - | 0x767284 | 0x470f54 | 0x46f754 | 0xb1 |
| glMaterialfv | - | 0x767288 | 0x470f58 | 0x46f758 | 0xb2 |
| glBlendFunc | - | 0x76728c | 0x470f5c | 0x46f75c | 0xd |
| glGetBooleanv | - | 0x767290 | 0x470f60 | 0x46f760 | 0x6a |
| glGetTexImage | - | 0x767294 | 0x470f64 | 0x46f764 | 0x82 |
| glGetTexLevelParameteriv | - | 0x767298 | 0x470f68 | 0x46f768 | 0x84 |
| glReadPixels | - | 0x76729c | 0x470f6c | 0x46f76c | 0xf4 |
| wglGetCurrentDC | - | 0x7672a0 | 0x470f70 | 0x46f770 | 0x15f |
| wglGetProcAddress | - | 0x7672a4 | 0x470f74 | 0x46f774 | 0x163 |
| glTexImage1D | - | 0x7672a8 | 0x470f78 | 0x46f778 | 0x133 |
| glDrawArrays | - | 0x7672ac | 0x470f7c | 0x46f77c | 0x48 |
| glDeleteLists | - | 0x7672b0 | 0x470f80 | 0x46f780 | 0x41 |
| glEndList | - | 0x7672b4 | 0x470f84 | 0x46f784 | 0x52 |
| glGenLists | - | 0x7672b8 | 0x470f88 | 0x46f788 | 0x68 |
| glNewList | - | 0x7672bc | 0x470f8c | 0x46f78c | 0xb8 |
| glColor3dv | - | 0x7672c0 | 0x470f90 | 0x46f790 | 0x1a |
| glColor3fv | - | 0x7672c4 | 0x470f94 | 0x46f794 | 0x1c |
| glColor4dv | - | 0x7672c8 | 0x470f98 | 0x46f798 | 0x2a |
| glColor4ubv | - | 0x7672cc | 0x470f9c | 0x46f79c | 0x32 |
| glNormal3bv | - | 0x7672d0 | 0x470fa0 | 0x46f7a0 | 0xba |
| glNormal3dv | - | 0x7672d4 | 0x470fa4 | 0x46f7a4 | 0xbc |
| glNormal3fv | - | 0x7672d8 | 0x470fa8 | 0x46f7a8 | 0xbe |
| glNormal3sv | - | 0x7672dc | 0x470fac | 0x46f7ac | 0xc2 |
| glColorPointer | - | 0x7672e0 | 0x470fb0 | 0x46f7b0 | 0x39 |
| glDisableClientState | - | 0x7672e4 | 0x470fb4 | 0x46f7b4 | 0x47 |
| glEnableClientState | - | 0x7672e8 | 0x470fb8 | 0x46f7b8 | 0x50 |
| glNormalPointer | - | 0x7672ec | 0x470fbc | 0x46f7bc | 0xc3 |
| glTexCoordPointer | - | 0x7672f0 | 0x470fc0 | 0x46f7c0 | 0x128 |
| glVertexPointer | - | 0x7672f4 | 0x470fc4 | 0x46f7c4 | 0x155 |
| glClear | - | 0x7672f8 | 0x470fc8 | 0x46f7c8 | 0x10 |
| glClearColor | - | 0x7672fc | 0x470fcc | 0x46f7cc | 0x12 |
| glScissor | - | 0x767300 | 0x470fd0 | 0x46f7d0 | 0x102 |
| glViewport | - | 0x767304 | 0x470fd4 | 0x46f7d4 | 0x156 |
| glFinish | - | 0x767308 | 0x470fd8 | 0x46f7d8 | 0x60 |
| glFlush | - | 0x76730c | 0x470fdc | 0x46f7dc | 0x61 |
| glLightf | - | 0x767310 | 0x470fe0 | 0x46f7e0 | 0x9d |
| glLightfv | - | 0x767314 | 0x470fe4 | 0x46f7e4 | 0x9e |
| glColorMask | - | 0x767318 | 0x470fe8 | 0x46f7e8 | 0x37 |
| glDepthMask | - | 0x76731c | 0x470fec | 0x46f7ec | 0x44 |
| glPopAttrib | - | 0x767320 | 0x470ff0 | 0x46f7f0 | 0xd2 |
| glPushAttrib | - | 0x767324 | 0x470ff4 | 0x46f7f4 | 0xd7 |
| glClearAccum | - | 0x767328 | 0x470ff8 | 0x46f7f8 | 0x11 |
| glClearDepth | - | 0x76732c | 0x470ffc | 0x46f7fc | 0x13 |
| glClearStencil | - | 0x767330 | 0x471000 | 0x46f800 | 0x15 |
| glLoadIdentity | - | 0x767334 | 0x471004 | 0x46f804 | 0xa4 |
| glStencilMask | - | 0x767338 | 0x471008 | 0x46f808 | 0x106 |
| glCallList | - | 0x76733c | 0x47100c | 0x46f80c | 0xe |
| glLightModelfv | - | 0x767340 | 0x471010 | 0x46f810 | 0x9a |
| glGetIntegerv | - | 0x767344 | 0x471014 | 0x46f814 | 0x6f |
| glGetError | - | 0x767348 | 0x471018 | 0x46f818 | 0x6d |
| glEnable | - | 0x76734c | 0x47101c | 0x46f81c | 0x4f |
| glDrawElements | - | 0x767350 | 0x471020 | 0x46f820 | 0x4a |
| glDrawBuffer | - | 0x767354 | 0x471024 | 0x46f824 | 0x49 |
| glDisable | - | 0x767358 | 0x471028 | 0x46f828 | 0x46 |
| glTexEnvi | - | 0x76735c | 0x47102c | 0x46f82c | 0x12b |
| glTexEnvfv | - | 0x767360 | 0x471030 | 0x46f830 | 0x12a |
| glCopyTexSubImage2D | - | 0x767364 | 0x471034 | 0x46f834 | 0x3e |
| glCopyTexImage2D | - | 0x767368 | 0x471038 | 0x46f838 | 0x3c |
| glTexSubImage2D | - | 0x76736c | 0x47103c | 0x46f83c | 0x13a |
| glTexParameteriv | - | 0x767370 | 0x471040 | 0x46f840 | 0x138 |
| glTexParameteri | - | 0x767374 | 0x471044 | 0x46f844 | 0x137 |
| glTexParameterfv | - | 0x767378 | 0x471048 | 0x46f848 | 0x136 |
| glTexParameterf | - | 0x76737c | 0x47104c | 0x46f84c | 0x135 |
| glTexImage2D | - | 0x767380 | 0x471050 | 0x46f850 | 0x134 |
| glPixelStorei | - | 0x767384 | 0x471054 | 0x46f854 | 0xca |
| glGenTextures | - | 0x767388 | 0x471058 | 0x46f858 | 0x69 |
| glDeleteTextures | - | 0x76738c | 0x47105c | 0x46f85c | 0x42 |
| glBindTexture | - | 0x767390 | 0x471060 | 0x46f860 | 0xb |
| glRecti | - | 0x767394 | 0x471064 | 0x46f864 | 0xf9 |
| glOrtho | - | 0x767398 | 0x471068 | 0x46f868 | 0xc4 |
| glNormal3f | - | 0x76739c | 0x47106c | 0x46f86c | 0xbd |
| glGetString | - | 0x7673a0 | 0x471070 | 0x46f870 | 0x7c |
| glPolygonMode | - | 0x7673a4 | 0x471074 | 0x46f874 | 0xcf |
| glCullFace | - | 0x7673a8 | 0x471078 | 0x46f878 | 0x3f |
| glTexGendv | - | 0x7673ac | 0x47107c | 0x46f87c | 0x12e |
| glTexGeni | - | 0x7673b0 | 0x471080 | 0x46f880 | 0x131 |
| glAlphaFunc | - | 0x7673b4 | 0x471084 | 0x46f884 | 0x7 |
| glCopyTexImage1D | - | 0x7673b8 | 0x471088 | 0x46f888 | 0x3b |
| glCopyTexSubImage1D | - | 0x7673bc | 0x47108c | 0x46f88c | 0x3d |
| glScalef | - | 0x7673c0 | 0x471090 | 0x46f890 | 0x101 |
| glStencilFunc | - | 0x7673c4 | 0x471094 | 0x46f894 | 0x105 |
| glStencilOp | - | 0x7673c8 | 0x471098 | 0x46f898 | 0x107 |
| glPolygonStipple | - | 0x7673cc | 0x47109c | 0x46f89c | 0xd1 |
| glDepthFunc | - | 0x7673d0 | 0x4710a0 | 0x46f8a0 | 0x43 |
| glDepthRange | - | 0x7673d4 | 0x4710a4 | 0x46f8a4 | 0x45 |
| glColor4f | - | 0x7673d8 | 0x4710a8 | 0x46f8a8 | 0x2b |
| glLightModeli | - | 0x7673dc | 0x4710ac | 0x46f8ac | 0x9b |
| C:\Users\RDHJ0C~1\AppData\Local\Temp\is-3V8JG.tmp\4340bc1e1ddb5d268a010401be96435063de733a2601d158d13f56da9f20df5d.tmp | Dropped File | Binary |
suspicious
|
...
|
»
| Also Known As | C:\Users\RDHJ0C~1\AppData\Local\Temp\is-KV38V.tmp\4340bc1e1ddb5d268a010401be96435063de733a2601d158d13f56da9f20df5d.tmp (Dropped File) |
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 3.05 MB |
| MD5 |
eeb69f7b86959ae72b9d37443fb7f3d0
|
| SHA1 |
ea687885ff8711724639134819bfffe3934e0cc1
|
| SHA256 |
5a3ccc92f7966f8a3f8d0fbc50cef8452560341f4e23c769247b3cdd0818af11
|
| SSDeep |
49152:qEA9P+bz2cHPcUb6HSb4SOEMkBeH7nQckO6bAGx7jXTV+333TY:692bz2Eb6pd7B6bAGx7s333T
|
| ImpHash |
9825b4c9a35eb9a5c5e347cb9ca988ee
|
PE Information
»
| Image Base | 0x400000 |
| Entry Point | 0x6c4660 |
| Size Of Code | 0x2c3a00 |
| Size Of Initialized Data | 0x48000 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_gui |
| Machine Type | MachineType.i386 |
| Compile Timestamp | 2021-06-03 08:09:12+00:00 |
Version Information (8)
»
| FileDescription | Setup/Uninstall |
| FileVersion | 51.1052.0.0 |
| Comments | This installation was built with Inno Setup. |
| CompanyName | XiliumHQ |
| LegalCopyright | |
| OriginalFileName | |
| ProductName | Crystal Reports Extra |
| ProductVersion | 1.8.3.7 |
Sections (10)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x401000 | 0x2c0fac | 0x2c1000 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.41 |
| .itext | 0x6c2000 | 0x2890 | 0x2a00 | 0x2c1400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.12 |
| .data | 0x6c5000 | 0x91e0 | 0x9200 | 0x2c3e00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 6.27 |
| .bss | 0x6cf000 | 0x7900 | 0x0 | 0x0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
| .idata | 0x6d7000 | 0x3932 | 0x3a00 | 0x2cd000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 5.25 |
| .didata | 0x6db000 | 0xbde | 0xc00 | 0x2d0a00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 4.39 |
| .edata | 0x6dc000 | 0x97 | 0x200 | 0x2d1600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 1.86 |
| .tls | 0x6dd000 | 0x4c | 0x0 | 0x0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
| .rdata | 0x6de000 | 0x5d | 0x200 | 0x2d1800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 1.37 |
| .rsrc | 0x6df000 | 0x3a400 | 0x3a400 | 0x2d1a00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 3.97 |
Imports (14)
»
mpr.dll (5)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| WNetEnumResourceW | - | 0x6d79e4 | 0x2d712c | 0x2cd12c | 0x0 |
| WNetGetUniversalNameW | - | 0x6d79e8 | 0x2d7130 | 0x2cd130 | 0x0 |
| WNetGetConnectionW | - | 0x6d79ec | 0x2d7134 | 0x2cd134 | 0x0 |
| WNetCloseEnum | - | 0x6d79f0 | 0x2d7138 | 0x2cd138 | 0x0 |
| WNetOpenEnumW | - | 0x6d79f4 | 0x2d713c | 0x2cd13c | 0x0 |
comdlg32.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetSaveFileNameW | - | 0x6d79fc | 0x2d7144 | 0x2cd144 | 0x0 |
| GetOpenFileNameW | - | 0x6d7a00 | 0x2d7148 | 0x2cd148 | 0x0 |
comctl32.dll (30)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| FlatSB_SetScrollInfo | - | 0x6d7a08 | 0x2d7150 | 0x2cd150 | 0x0 |
| InitCommonControls | - | 0x6d7a0c | 0x2d7154 | 0x2cd154 | 0x0 |
| ImageList_DragMove | - | 0x6d7a10 | 0x2d7158 | 0x2cd158 | 0x0 |
| ImageList_Destroy | - | 0x6d7a14 | 0x2d715c | 0x2cd15c | 0x0 |
| _TrackMouseEvent | - | 0x6d7a18 | 0x2d7160 | 0x2cd160 | 0x0 |
| ImageList_DragShowNolock | - | 0x6d7a1c | 0x2d7164 | 0x2cd164 | 0x0 |
| ImageList_Add | - | 0x6d7a20 | 0x2d7168 | 0x2cd168 | 0x0 |
| FlatSB_SetScrollProp | - | 0x6d7a24 | 0x2d716c | 0x2cd16c | 0x0 |
| ImageList_GetDragImage | - | 0x6d7a28 | 0x2d7170 | 0x2cd170 | 0x0 |
| ImageList_Create | - | 0x6d7a2c | 0x2d7174 | 0x2cd174 | 0x0 |
| ImageList_EndDrag | - | 0x6d7a30 | 0x2d7178 | 0x2cd178 | 0x0 |
| ImageList_DrawEx | - | 0x6d7a34 | 0x2d717c | 0x2cd17c | 0x0 |
| ImageList_SetImageCount | - | 0x6d7a38 | 0x2d7180 | 0x2cd180 | 0x0 |
| FlatSB_GetScrollPos | - | 0x6d7a3c | 0x2d7184 | 0x2cd184 | 0x0 |
| FlatSB_SetScrollPos | - | 0x6d7a40 | 0x2d7188 | 0x2cd188 | 0x0 |
| InitializeFlatSB | - | 0x6d7a44 | 0x2d718c | 0x2cd18c | 0x0 |
| FlatSB_GetScrollInfo | - | 0x6d7a48 | 0x2d7190 | 0x2cd190 | 0x0 |
| ImageList_Write | - | 0x6d7a4c | 0x2d7194 | 0x2cd194 | 0x0 |
| ImageList_SetBkColor | - | 0x6d7a50 | 0x2d7198 | 0x2cd198 | 0x0 |
| ImageList_GetBkColor | - | 0x6d7a54 | 0x2d719c | 0x2cd19c | 0x0 |
| ImageList_BeginDrag | - | 0x6d7a58 | 0x2d71a0 | 0x2cd1a0 | 0x0 |
| ImageList_GetIcon | - | 0x6d7a5c | 0x2d71a4 | 0x2cd1a4 | 0x0 |
| ImageList_GetImageCount | - | 0x6d7a60 | 0x2d71a8 | 0x2cd1a8 | 0x0 |
| ImageList_DragEnter | - | 0x6d7a64 | 0x2d71ac | 0x2cd1ac | 0x0 |
| ImageList_GetIconSize | - | 0x6d7a68 | 0x2d71b0 | 0x2cd1b0 | 0x0 |
| ImageList_SetIconSize | - | 0x6d7a6c | 0x2d71b4 | 0x2cd1b4 | 0x0 |
| ImageList_Read | - | 0x6d7a70 | 0x2d71b8 | 0x2cd1b8 | 0x0 |
| ImageList_DragLeave | - | 0x6d7a74 | 0x2d71bc | 0x2cd1bc | 0x0 |
| ImageList_Draw | - | 0x6d7a78 | 0x2d71c0 | 0x2cd1c0 | 0x0 |
| ImageList_Remove | - | 0x6d7a7c | 0x2d71c4 | 0x2cd1c4 | 0x0 |
shell32.dll (8)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SHBrowseForFolderW | - | 0x6d7a84 | 0x2d71cc | 0x2cd1cc | 0x0 |
| SHGetMalloc | - | 0x6d7a88 | 0x2d71d0 | 0x2cd1d0 | 0x0 |
| SHGetFileInfoW | - | 0x6d7a8c | 0x2d71d4 | 0x2cd1d4 | 0x0 |
| SHChangeNotify | - | 0x6d7a90 | 0x2d71d8 | 0x2cd1d8 | 0x0 |
| Shell_NotifyIconW | - | 0x6d7a94 | 0x2d71dc | 0x2cd1dc | 0x0 |
| ShellExecuteW | - | 0x6d7a98 | 0x2d71e0 | 0x2cd1e0 | 0x0 |
| SHGetPathFromIDListW | - | 0x6d7a9c | 0x2d71e4 | 0x2cd1e4 | 0x0 |
| ShellExecuteExW | - | 0x6d7aa0 | 0x2d71e8 | 0x2cd1e8 | 0x0 |
user32.dll (191)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CopyImage | - | 0x6d7aa8 | 0x2d71f0 | 0x2cd1f0 | 0x0 |
| CreateWindowExW | - | 0x6d7aac | 0x2d71f4 | 0x2cd1f4 | 0x0 |
| GetMenuItemInfoW | - | 0x6d7ab0 | 0x2d71f8 | 0x2cd1f8 | 0x0 |
| SetMenuItemInfoW | - | 0x6d7ab4 | 0x2d71fc | 0x2cd1fc | 0x0 |
| DefFrameProcW | - | 0x6d7ab8 | 0x2d7200 | 0x2cd200 | 0x0 |
| GetDCEx | - | 0x6d7abc | 0x2d7204 | 0x2cd204 | 0x0 |
| GetMessageW | - | 0x6d7ac0 | 0x2d7208 | 0x2cd208 | 0x0 |
| PeekMessageW | - | 0x6d7ac4 | 0x2d720c | 0x2cd20c | 0x0 |
| MonitorFromWindow | - | 0x6d7ac8 | 0x2d7210 | 0x2cd210 | 0x0 |
| GetDlgCtrlID | - | 0x6d7acc | 0x2d7214 | 0x2cd214 | 0x0 |
| ScrollWindowEx | - | 0x6d7ad0 | 0x2d7218 | 0x2cd218 | 0x0 |
| SetTimer | - | 0x6d7ad4 | 0x2d721c | 0x2cd21c | 0x0 |
| WindowFromPoint | - | 0x6d7ad8 | 0x2d7220 | 0x2cd220 | 0x0 |
| BeginPaint | - | 0x6d7adc | 0x2d7224 | 0x2cd224 | 0x0 |
| RegisterClipboardFormatW | - | 0x6d7ae0 | 0x2d7228 | 0x2cd228 | 0x0 |
| FrameRect | - | 0x6d7ae4 | 0x2d722c | 0x2cd22c | 0x0 |
| MapVirtualKeyW | - | 0x6d7ae8 | 0x2d7230 | 0x2cd230 | 0x0 |
| OffsetRect | - | 0x6d7aec | 0x2d7234 | 0x2cd234 | 0x0 |
| IsWindowUnicode | - | 0x6d7af0 | 0x2d7238 | 0x2cd238 | 0x0 |
| RegisterWindowMessageW | - | 0x6d7af4 | 0x2d723c | 0x2cd23c | 0x0 |
| FillRect | - | 0x6d7af8 | 0x2d7240 | 0x2cd240 | 0x0 |
| GetMenuStringW | - | 0x6d7afc | 0x2d7244 | 0x2cd244 | 0x0 |
| DispatchMessageW | - | 0x6d7b00 | 0x2d7248 | 0x2cd248 | 0x0 |
| SendMessageA | - | 0x6d7b04 | 0x2d724c | 0x2cd24c | 0x0 |
| DefMDIChildProcW | - | 0x6d7b08 | 0x2d7250 | 0x2cd250 | 0x0 |
| EnumWindows | - | 0x6d7b0c | 0x2d7254 | 0x2cd254 | 0x0 |
| GetClassInfoW | - | 0x6d7b10 | 0x2d7258 | 0x2cd258 | 0x0 |
| GetSystemMenu | - | 0x6d7b14 | 0x2d725c | 0x2cd25c | 0x0 |
| WaitForInputIdle | - | 0x6d7b18 | 0x2d7260 | 0x2cd260 | 0x0 |
| ShowOwnedPopups | - | 0x6d7b1c | 0x2d7264 | 0x2cd264 | 0x0 |
| GetScrollRange | - | 0x6d7b20 | 0x2d7268 | 0x2cd268 | 0x0 |
| GetScrollPos | - | 0x6d7b24 | 0x2d726c | 0x2cd26c | 0x0 |
| SetScrollPos | - | 0x6d7b28 | 0x2d7270 | 0x2cd270 | 0x0 |
| GetActiveWindow | - | 0x6d7b2c | 0x2d7274 | 0x2cd274 | 0x0 |
| SetActiveWindow | - | 0x6d7b30 | 0x2d7278 | 0x2cd278 | 0x0 |
| DrawEdge | - | 0x6d7b34 | 0x2d727c | 0x2cd27c | 0x0 |
| InflateRect | - | 0x6d7b38 | 0x2d7280 | 0x2cd280 | 0x0 |
| GetKeyboardLayoutList | - | 0x6d7b3c | 0x2d7284 | 0x2cd284 | 0x0 |
| OemToCharBuffA | - | 0x6d7b40 | 0x2d7288 | 0x2cd288 | 0x0 |
| LoadBitmapW | - | 0x6d7b44 | 0x2d728c | 0x2cd28c | 0x0 |
| DrawFocusRect | - | 0x6d7b48 | 0x2d7290 | 0x2cd290 | 0x0 |
| EnumChildWindows | - | 0x6d7b4c | 0x2d7294 | 0x2cd294 | 0x0 |
| GetScrollBarInfo | - | 0x6d7b50 | 0x2d7298 | 0x2cd298 | 0x0 |
| SendNotifyMessageW | - | 0x6d7b54 | 0x2d729c | 0x2cd29c | 0x0 |
| ReleaseCapture | - | 0x6d7b58 | 0x2d72a0 | 0x2cd2a0 | 0x0 |
| UnhookWindowsHookEx | - | 0x6d7b5c | 0x2d72a4 | 0x2cd2a4 | 0x0 |
| LoadCursorW | - | 0x6d7b60 | 0x2d72a8 | 0x2cd2a8 | 0x0 |
| GetCapture | - | 0x6d7b64 | 0x2d72ac | 0x2cd2ac | 0x0 |
| SetCapture | - | 0x6d7b68 | 0x2d72b0 | 0x2cd2b0 | 0x0 |
| CreatePopupMenu | - | 0x6d7b6c | 0x2d72b4 | 0x2cd2b4 | 0x0 |
| ScrollWindow | - | 0x6d7b70 | 0x2d72b8 | 0x2cd2b8 | 0x0 |
| ShowCaret | - | 0x6d7b74 | 0x2d72bc | 0x2cd2bc | 0x0 |
| GetMenuItemID | - | 0x6d7b78 | 0x2d72c0 | 0x2cd2c0 | 0x0 |
| GetLastActivePopup | - | 0x6d7b7c | 0x2d72c4 | 0x2cd2c4 | 0x0 |
| CharLowerBuffW | - | 0x6d7b80 | 0x2d72c8 | 0x2cd2c8 | 0x0 |
| GetSystemMetrics | - | 0x6d7b84 | 0x2d72cc | 0x2cd2cc | 0x0 |
| SetWindowLongW | - | 0x6d7b88 | 0x2d72d0 | 0x2cd2d0 | 0x0 |
| PostMessageW | - | 0x6d7b8c | 0x2d72d4 | 0x2cd2d4 | 0x0 |
| DrawMenuBar | - | 0x6d7b90 | 0x2d72d8 | 0x2cd2d8 | 0x0 |
| SetParent | - | 0x6d7b94 | 0x2d72dc | 0x2cd2dc | 0x0 |
| IsZoomed | - | 0x6d7b98 | 0x2d72e0 | 0x2cd2e0 | 0x0 |
| CharUpperBuffW | - | 0x6d7b9c | 0x2d72e4 | 0x2cd2e4 | 0x0 |
| GetClientRect | - | 0x6d7ba0 | 0x2d72e8 | 0x2cd2e8 | 0x0 |
| IsChild | - | 0x6d7ba4 | 0x2d72ec | 0x2cd2ec | 0x0 |
| ClientToScreen | - | 0x6d7ba8 | 0x2d72f0 | 0x2cd2f0 | 0x0 |
| SetWindowPlacement | - | 0x6d7bac | 0x2d72f4 | 0x2cd2f4 | 0x0 |
| IsIconic | - | 0x6d7bb0 | 0x2d72f8 | 0x2cd2f8 | 0x0 |
| CallNextHookEx | - | 0x6d7bb4 | 0x2d72fc | 0x2cd2fc | 0x0 |
| GetMonitorInfoW | - | 0x6d7bb8 | 0x2d7300 | 0x2cd300 | 0x0 |
| ShowWindow | - | 0x6d7bbc | 0x2d7304 | 0x2cd304 | 0x0 |
| CheckMenuItem | - | 0x6d7bc0 | 0x2d7308 | 0x2cd308 | 0x0 |
| CharUpperW | - | 0x6d7bc4 | 0x2d730c | 0x2cd30c | 0x0 |
| DefWindowProcW | - | 0x6d7bc8 | 0x2d7310 | 0x2cd310 | 0x0 |
| GetForegroundWindow | - | 0x6d7bcc | 0x2d7314 | 0x2cd314 | 0x0 |
| SetForegroundWindow | - | 0x6d7bd0 | 0x2d7318 | 0x2cd318 | 0x0 |
| GetWindowTextW | - | 0x6d7bd4 | 0x2d731c | 0x2cd31c | 0x0 |
| EnableWindow | - | 0x6d7bd8 | 0x2d7320 | 0x2cd320 | 0x0 |
| DestroyWindow | - | 0x6d7bdc | 0x2d7324 | 0x2cd324 | 0x0 |
| IsDialogMessageW | - | 0x6d7be0 | 0x2d7328 | 0x2cd328 | 0x0 |
| EndMenu | - | 0x6d7be4 | 0x2d732c | 0x2cd32c | 0x0 |
| RegisterClassW | - | 0x6d7be8 | 0x2d7330 | 0x2cd330 | 0x0 |
| CharNextW | - | 0x6d7bec | 0x2d7334 | 0x2cd334 | 0x0 |
| GetWindowThreadProcessId | - | 0x6d7bf0 | 0x2d7338 | 0x2cd338 | 0x0 |
| RedrawWindow | - | 0x6d7bf4 | 0x2d733c | 0x2cd33c | 0x0 |
| GetDC | - | 0x6d7bf8 | 0x2d7340 | 0x2cd340 | 0x0 |
| GetFocus | - | 0x6d7bfc | 0x2d7344 | 0x2cd344 | 0x0 |
| SetFocus | - | 0x6d7c00 | 0x2d7348 | 0x2cd348 | 0x0 |
| EndPaint | - | 0x6d7c04 | 0x2d734c | 0x2cd34c | 0x0 |
| ExitWindowsEx | - | 0x6d7c08 | 0x2d7350 | 0x2cd350 | 0x0 |
| ReleaseDC | - | 0x6d7c0c | 0x2d7354 | 0x2cd354 | 0x0 |
| MsgWaitForMultipleObjectsEx | - | 0x6d7c10 | 0x2d7358 | 0x2cd358 | 0x0 |
| LoadKeyboardLayoutW | - | 0x6d7c14 | 0x2d735c | 0x2cd35c | 0x0 |
| GetClassLongW | - | 0x6d7c18 | 0x2d7360 | 0x2cd360 | 0x0 |
| ActivateKeyboardLayout | - | 0x6d7c1c | 0x2d7364 | 0x2cd364 | 0x0 |
| GetParent | - | 0x6d7c20 | 0x2d7368 | 0x2cd368 | 0x0 |
| CharToOemBuffA | - | 0x6d7c24 | 0x2d736c | 0x2cd36c | 0x0 |
| DrawTextW | - | 0x6d7c28 | 0x2d7370 | 0x2cd370 | 0x0 |
| SetScrollRange | - | 0x6d7c2c | 0x2d7374 | 0x2cd374 | 0x0 |
| InsertMenuItemW | - | 0x6d7c30 | 0x2d7378 | 0x2cd378 | 0x0 |
| PeekMessageA | - | 0x6d7c34 | 0x2d737c | 0x2cd37c | 0x0 |
| GetPropW | - | 0x6d7c38 | 0x2d7380 | 0x2cd380 | 0x0 |
| SetClassLongW | - | 0x6d7c3c | 0x2d7384 | 0x2cd384 | 0x0 |
| MessageBoxW | - | 0x6d7c40 | 0x2d7388 | 0x2cd388 | 0x0 |
| MessageBeep | - | 0x6d7c44 | 0x2d738c | 0x2cd38c | 0x0 |
| SetPropW | - | 0x6d7c48 | 0x2d7390 | 0x2cd390 | 0x0 |
| SetRectEmpty | - | 0x6d7c4c | 0x2d7394 | 0x2cd394 | 0x0 |
| UpdateWindow | - | 0x6d7c50 | 0x2d7398 | 0x2cd398 | 0x0 |
| RemovePropW | - | 0x6d7c54 | 0x2d739c | 0x2cd39c | 0x0 |
| GetSubMenu | - | 0x6d7c58 | 0x2d73a0 | 0x2cd3a0 | 0x0 |
| MsgWaitForMultipleObjects | - | 0x6d7c5c | 0x2d73a4 | 0x2cd3a4 | 0x0 |
| DestroyMenu | - | 0x6d7c60 | 0x2d73a8 | 0x2cd3a8 | 0x0 |
| DestroyIcon | - | 0x6d7c64 | 0x2d73ac | 0x2cd3ac | 0x0 |
| SetWindowsHookExW | - | 0x6d7c68 | 0x2d73b0 | 0x2cd3b0 | 0x0 |
| IsWindowVisible | - | 0x6d7c6c | 0x2d73b4 | 0x2cd3b4 | 0x0 |
| DispatchMessageA | - | 0x6d7c70 | 0x2d73b8 | 0x2cd3b8 | 0x0 |
| UnregisterClassW | - | 0x6d7c74 | 0x2d73bc | 0x2cd3bc | 0x0 |
| GetTopWindow | - | 0x6d7c78 | 0x2d73c0 | 0x2cd3c0 | 0x0 |
| SendMessageW | - | 0x6d7c7c | 0x2d73c4 | 0x2cd3c4 | 0x0 |
| AdjustWindowRectEx | - | 0x6d7c80 | 0x2d73c8 | 0x2cd3c8 | 0x0 |
| DrawIcon | - | 0x6d7c84 | 0x2d73cc | 0x2cd3cc | 0x0 |
| IsWindow | - | 0x6d7c88 | 0x2d73d0 | 0x2cd3d0 | 0x0 |
| EnumThreadWindows | - | 0x6d7c8c | 0x2d73d4 | 0x2cd3d4 | 0x0 |
| InvalidateRect | - | 0x6d7c90 | 0x2d73d8 | 0x2cd3d8 | 0x0 |
| GetKeyboardState | - | 0x6d7c94 | 0x2d73dc | 0x2cd3dc | 0x0 |
| DrawFrameControl | - | 0x6d7c98 | 0x2d73e0 | 0x2cd3e0 | 0x0 |
| ScreenToClient | - | 0x6d7c9c | 0x2d73e4 | 0x2cd3e4 | 0x0 |
| SendMessageTimeoutW | - | 0x6d7ca0 | 0x2d73e8 | 0x2cd3e8 | 0x0 |
| BringWindowToTop | - | 0x6d7ca4 | 0x2d73ec | 0x2cd3ec | 0x0 |
| SetCursor | - | 0x6d7ca8 | 0x2d73f0 | 0x2cd3f0 | 0x0 |
| CreateIcon | - | 0x6d7cac | 0x2d73f4 | 0x2cd3f4 | 0x0 |
| CreateMenu | - | 0x6d7cb0 | 0x2d73f8 | 0x2cd3f8 | 0x0 |
| LoadStringW | - | 0x6d7cb4 | 0x2d73fc | 0x2cd3fc | 0x0 |
| CharLowerW | - | 0x6d7cb8 | 0x2d7400 | 0x2cd400 | 0x0 |
| SetWindowPos | - | 0x6d7cbc | 0x2d7404 | 0x2cd404 | 0x0 |
| SetWindowRgn | - | 0x6d7cc0 | 0x2d7408 | 0x2cd408 | 0x0 |
| GetMenuItemCount | - | 0x6d7cc4 | 0x2d740c | 0x2cd40c | 0x0 |
| RemoveMenu | - | 0x6d7cc8 | 0x2d7410 | 0x2cd410 | 0x0 |
| AppendMenuW | - | 0x6d7ccc | 0x2d7414 | 0x2cd414 | 0x0 |
| GetSysColorBrush | - | 0x6d7cd0 | 0x2d7418 | 0x2cd418 | 0x0 |
| GetKeyboardLayoutNameW | - | 0x6d7cd4 | 0x2d741c | 0x2cd41c | 0x0 |
| GetWindowDC | - | 0x6d7cd8 | 0x2d7420 | 0x2cd420 | 0x0 |
| TranslateMessage | - | 0x6d7cdc | 0x2d7424 | 0x2cd424 | 0x0 |
| DrawTextExW | - | 0x6d7ce0 | 0x2d7428 | 0x2cd428 | 0x0 |
| MapWindowPoints | - | 0x6d7ce4 | 0x2d742c | 0x2cd42c | 0x0 |
| EnumDisplayMonitors | - | 0x6d7ce8 | 0x2d7430 | 0x2cd430 | 0x0 |
| CallWindowProcW | - | 0x6d7cec | 0x2d7434 | 0x2cd434 | 0x0 |
| DestroyCursor | - | 0x6d7cf0 | 0x2d7438 | 0x2cd438 | 0x0 |
| ReplyMessage | - | 0x6d7cf4 | 0x2d743c | 0x2cd43c | 0x0 |
| GetScrollInfo | - | 0x6d7cf8 | 0x2d7440 | 0x2cd440 | 0x0 |
| SetWindowTextW | - | 0x6d7cfc | 0x2d7444 | 0x2cd444 | 0x0 |
| GetMessageExtraInfo | - | 0x6d7d00 | 0x2d7448 | 0x2cd448 | 0x0 |
| EnableScrollBar | - | 0x6d7d04 | 0x2d744c | 0x2cd44c | 0x0 |
| GetSysColor | - | 0x6d7d08 | 0x2d7450 | 0x2cd450 | 0x0 |
| TrackPopupMenu | - | 0x6d7d0c | 0x2d7454 | 0x2cd454 | 0x0 |
| DrawIconEx | - | 0x6d7d10 | 0x2d7458 | 0x2cd458 | 0x0 |
| PostQuitMessage | - | 0x6d7d14 | 0x2d745c | 0x2cd45c | 0x0 |
| GetClassNameW | - | 0x6d7d18 | 0x2d7460 | 0x2cd460 | 0x0 |
| ShowScrollBar | - | 0x6d7d1c | 0x2d7464 | 0x2cd464 | 0x0 |
| EnableMenuItem | - | 0x6d7d20 | 0x2d7468 | 0x2cd468 | 0x0 |
| GetIconInfo | - | 0x6d7d24 | 0x2d746c | 0x2cd46c | 0x0 |
| GetMessagePos | - | 0x6d7d28 | 0x2d7470 | 0x2cd470 | 0x0 |
| LoadImageW | - | 0x6d7d2c | 0x2d7474 | 0x2cd474 | 0x0 |
| SetScrollInfo | - | 0x6d7d30 | 0x2d7478 | 0x2cd478 | 0x0 |
| GetKeyNameTextW | - | 0x6d7d34 | 0x2d747c | 0x2cd47c | 0x0 |
| GetDesktopWindow | - | 0x6d7d38 | 0x2d7480 | 0x2cd480 | 0x0 |
| GetCursorPos | - | 0x6d7d3c | 0x2d7484 | 0x2cd484 | 0x0 |
| SetCursorPos | - | 0x6d7d40 | 0x2d7488 | 0x2cd488 | 0x0 |
| HideCaret | - | 0x6d7d44 | 0x2d748c | 0x2cd48c | 0x0 |
| GetMenu | - | 0x6d7d48 | 0x2d7490 | 0x2cd490 | 0x0 |
| GetMenuState | - | 0x6d7d4c | 0x2d7494 | 0x2cd494 | 0x0 |
| SetMenu | - | 0x6d7d50 | 0x2d7498 | 0x2cd498 | 0x0 |
| SetRect | - | 0x6d7d54 | 0x2d749c | 0x2cd49c | 0x0 |
| GetKeyState | - | 0x6d7d58 | 0x2d74a0 | 0x2cd4a0 | 0x0 |
| FindWindowExW | - | 0x6d7d5c | 0x2d74a4 | 0x2cd4a4 | 0x0 |
| MonitorFromPoint | - | 0x6d7d60 | 0x2d74a8 | 0x2cd4a8 | 0x0 |
| SystemParametersInfoW | - | 0x6d7d64 | 0x2d74ac | 0x2cd4ac | 0x0 |
| LoadIconW | - | 0x6d7d68 | 0x2d74b0 | 0x2cd4b0 | 0x0 |
| GetCursor | - | 0x6d7d6c | 0x2d74b4 | 0x2cd4b4 | 0x0 |
| GetWindow | - | 0x6d7d70 | 0x2d74b8 | 0x2cd4b8 | 0x0 |
| GetWindowLongW | - | 0x6d7d74 | 0x2d74bc | 0x2cd4bc | 0x0 |
| GetWindowRect | - | 0x6d7d78 | 0x2d74c0 | 0x2cd4c0 | 0x0 |
| InsertMenuW | - | 0x6d7d7c | 0x2d74c4 | 0x2cd4c4 | 0x0 |
| KillTimer | - | 0x6d7d80 | 0x2d74c8 | 0x2cd4c8 | 0x0 |
| WaitMessage | - | 0x6d7d84 | 0x2d74cc | 0x2cd4cc | 0x0 |
| IsWindowEnabled | - | 0x6d7d88 | 0x2d74d0 | 0x2cd4d0 | 0x0 |
| IsDialogMessageA | - | 0x6d7d8c | 0x2d74d4 | 0x2cd4d4 | 0x0 |
| TranslateMDISysAccel | - | 0x6d7d90 | 0x2d74d8 | 0x2cd4d8 | 0x0 |
| GetWindowPlacement | - | 0x6d7d94 | 0x2d74dc | 0x2cd4dc | 0x0 |
| FindWindowW | - | 0x6d7d98 | 0x2d74e0 | 0x2cd4e0 | 0x0 |
| DeleteMenu | - | 0x6d7d9c | 0x2d74e4 | 0x2cd4e4 | 0x0 |
| GetKeyboardLayout | - | 0x6d7da0 | 0x2d74e8 | 0x2cd4e8 | 0x0 |
version.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetFileVersionInfoSizeW | - | 0x6d7da8 | 0x2d74f0 | 0x2cd4f0 | 0x0 |
| VerQueryValueW | - | 0x6d7dac | 0x2d74f4 | 0x2cd4f4 | 0x0 |
| GetFileVersionInfoW | - | 0x6d7db0 | 0x2d74f8 | 0x2cd4f8 | 0x0 |
oleaut32.dll (18)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SafeArrayPutElement | - | 0x6d7db8 | 0x2d7500 | 0x2cd500 | 0x0 |
| LoadTypeLib | - | 0x6d7dbc | 0x2d7504 | 0x2cd504 | 0x0 |
| GetErrorInfo | - | 0x6d7dc0 | 0x2d7508 | 0x2cd508 | 0x0 |
| VariantInit | - | 0x6d7dc4 | 0x2d750c | 0x2cd50c | 0x0 |
| VariantClear | - | 0x6d7dc8 | 0x2d7510 | 0x2cd510 | 0x0 |
| SysFreeString | - | 0x6d7dcc | 0x2d7514 | 0x2cd514 | 0x0 |
| SysReAllocStringLen | - | 0x6d7dd0 | 0x2d7518 | 0x2cd518 | 0x0 |
| SafeArrayCreate | - | 0x6d7dd4 | 0x2d751c | 0x2cd51c | 0x0 |
| SafeArrayGetElement | - | 0x6d7dd8 | 0x2d7520 | 0x2cd520 | 0x0 |
| GetActiveObject | - | 0x6d7ddc | 0x2d7524 | 0x2cd524 | 0x0 |
| SysAllocStringLen | - | 0x6d7de0 | 0x2d7528 | 0x2cd528 | 0x0 |
| SafeArrayPtrOfIndex | - | 0x6d7de4 | 0x2d752c | 0x2cd52c | 0x0 |
| SafeArrayGetUBound | - | 0x6d7de8 | 0x2d7530 | 0x2cd530 | 0x0 |
| SafeArrayGetLBound | - | 0x6d7dec | 0x2d7534 | 0x2cd534 | 0x0 |
| VariantCopy | - | 0x6d7df0 | 0x2d7538 | 0x2cd538 | 0x0 |
| RegisterTypeLib | - | 0x6d7df4 | 0x2d753c | 0x2cd53c | 0x0 |
| VariantChangeType | - | 0x6d7df8 | 0x2d7540 | 0x2cd540 | 0x0 |
| VariantCopyInd | - | 0x6d7dfc | 0x2d7544 | 0x2cd544 | 0x0 |
advapi32.dll (22)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| RegSetValueExW | - | 0x6d7e04 | 0x2d754c | 0x2cd54c | 0x0 |
| RegEnumKeyExW | - | 0x6d7e08 | 0x2d7550 | 0x2cd550 | 0x0 |
| AdjustTokenPrivileges | - | 0x6d7e0c | 0x2d7554 | 0x2cd554 | 0x0 |
| OpenThreadToken | - | 0x6d7e10 | 0x2d7558 | 0x2cd558 | 0x0 |
| GetUserNameW | - | 0x6d7e14 | 0x2d755c | 0x2cd55c | 0x0 |
| RegDeleteKeyW | - | 0x6d7e18 | 0x2d7560 | 0x2cd560 | 0x0 |
| LookupPrivilegeValueW | - | 0x6d7e1c | 0x2d7564 | 0x2cd564 | 0x0 |
| OpenProcessToken | - | 0x6d7e20 | 0x2d7568 | 0x2cd568 | 0x0 |
| RegOpenKeyExW | - | 0x6d7e24 | 0x2d756c | 0x2cd56c | 0x0 |
| RegQueryInfoKeyW | - | 0x6d7e28 | 0x2d7570 | 0x2cd570 | 0x0 |
| AllocateAndInitializeSid | - | 0x6d7e2c | 0x2d7574 | 0x2cd574 | 0x0 |
| FreeSid | - | 0x6d7e30 | 0x2d7578 | 0x2cd578 | 0x0 |
| EqualSid | - | 0x6d7e34 | 0x2d757c | 0x2cd57c | 0x0 |
| RegDeleteValueW | - | 0x6d7e38 | 0x2d7580 | 0x2cd580 | 0x0 |
| RegFlushKey | - | 0x6d7e3c | 0x2d7584 | 0x2cd584 | 0x0 |
| RegQueryValueExW | - | 0x6d7e40 | 0x2d7588 | 0x2cd588 | 0x0 |
| RegEnumValueW | - | 0x6d7e44 | 0x2d758c | 0x2cd58c | 0x0 |
| GetTokenInformation | - | 0x6d7e48 | 0x2d7590 | 0x2cd590 | 0x0 |
| InitializeSecurityDescriptor | - | 0x6d7e4c | 0x2d7594 | 0x2cd594 | 0x0 |
| RegCloseKey | - | 0x6d7e50 | 0x2d7598 | 0x2cd598 | 0x0 |
| RegCreateKeyExW | - | 0x6d7e54 | 0x2d759c | 0x2cd59c | 0x0 |
| SetSecurityDescriptorDacl | - | 0x6d7e58 | 0x2d75a0 | 0x2cd5a0 | 0x0 |
netapi32.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| NetWkstaGetInfo | - | 0x6d7e60 | 0x2d75a8 | 0x2cd5a8 | 0x0 |
| NetApiBufferFree | - | 0x6d7e64 | 0x2d75ac | 0x2cd5ac | 0x0 |
msvcrt.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| memcpy | - | 0x6d7e6c | 0x2d75b4 | 0x2cd5b4 | 0x0 |
winhttp.dll (19)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| WinHttpGetIEProxyConfigForCurrentUser | - | 0x6d7e74 | 0x2d75bc | 0x2cd5bc | 0x0 |
| WinHttpSetTimeouts | - | 0x6d7e78 | 0x2d75c0 | 0x2cd5c0 | 0x0 |
| WinHttpSetStatusCallback | - | 0x6d7e7c | 0x2d75c4 | 0x2cd5c4 | 0x0 |
| WinHttpConnect | - | 0x6d7e80 | 0x2d75c8 | 0x2cd5c8 | 0x0 |
| WinHttpReceiveResponse | - | 0x6d7e84 | 0x2d75cc | 0x2cd5cc | 0x0 |
| WinHttpQueryAuthSchemes | - | 0x6d7e88 | 0x2d75d0 | 0x2cd5d0 | 0x0 |
| WinHttpGetProxyForUrl | - | 0x6d7e8c | 0x2d75d4 | 0x2cd5d4 | 0x0 |
| WinHttpReadData | - | 0x6d7e90 | 0x2d75d8 | 0x2cd5d8 | 0x0 |
| WinHttpCloseHandle | - | 0x6d7e94 | 0x2d75dc | 0x2cd5dc | 0x0 |
| WinHttpQueryHeaders | - | 0x6d7e98 | 0x2d75e0 | 0x2cd5e0 | 0x0 |
| WinHttpOpenRequest | - | 0x6d7e9c | 0x2d75e4 | 0x2cd5e4 | 0x0 |
| WinHttpAddRequestHeaders | - | 0x6d7ea0 | 0x2d75e8 | 0x2cd5e8 | 0x0 |
| WinHttpOpen | - | 0x6d7ea4 | 0x2d75ec | 0x2cd5ec | 0x0 |
| WinHttpWriteData | - | 0x6d7ea8 | 0x2d75f0 | 0x2cd5f0 | 0x0 |
| WinHttpSetCredentials | - | 0x6d7eac | 0x2d75f4 | 0x2cd5f4 | 0x0 |
| WinHttpQueryDataAvailable | - | 0x6d7eb0 | 0x2d75f8 | 0x2cd5f8 | 0x0 |
| WinHttpSetOption | - | 0x6d7eb4 | 0x2d75fc | 0x2cd5fc | 0x0 |
| WinHttpSendRequest | - | 0x6d7eb8 | 0x2d7600 | 0x2cd600 | 0x0 |
| WinHttpQueryOption | - | 0x6d7ebc | 0x2d7604 | 0x2cd604 | 0x0 |
kernel32.dll (148)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SetFileAttributesW | - | 0x6d7ec4 | 0x2d760c | 0x2cd60c | 0x0 |
| SetFileTime | - | 0x6d7ec8 | 0x2d7610 | 0x2cd610 | 0x0 |
| GetACP | - | 0x6d7ecc | 0x2d7614 | 0x2cd614 | 0x0 |
| GetExitCodeProcess | - | 0x6d7ed0 | 0x2d7618 | 0x2cd618 | 0x0 |
| IsBadWritePtr | - | 0x6d7ed4 | 0x2d761c | 0x2cd61c | 0x0 |
| CloseHandle | - | 0x6d7ed8 | 0x2d7620 | 0x2cd620 | 0x0 |
| LocalFree | - | 0x6d7edc | 0x2d7624 | 0x2cd624 | 0x0 |
| GetCurrentProcessId | - | 0x6d7ee0 | 0x2d7628 | 0x2cd628 | 0x0 |
| SizeofResource | - | 0x6d7ee4 | 0x2d762c | 0x2cd62c | 0x0 |
| VirtualProtect | - | 0x6d7ee8 | 0x2d7630 | 0x2cd630 | 0x0 |
| TerminateThread | - | 0x6d7eec | 0x2d7634 | 0x2cd634 | 0x0 |
| QueryPerformanceFrequency | - | 0x6d7ef0 | 0x2d7638 | 0x2cd638 | 0x0 |
| IsDebuggerPresent | - | 0x6d7ef4 | 0x2d763c | 0x2cd63c | 0x0 |
| FindNextFileW | - | 0x6d7ef8 | 0x2d7640 | 0x2cd640 | 0x0 |
| GetFullPathNameW | - | 0x6d7efc | 0x2d7644 | 0x2cd644 | 0x0 |
| VirtualFree | - | 0x6d7f00 | 0x2d7648 | 0x2cd648 | 0x0 |
| HeapAlloc | - | 0x6d7f04 | 0x2d764c | 0x2cd64c | 0x0 |
| ExitProcess | - | 0x6d7f08 | 0x2d7650 | 0x2cd650 | 0x0 |
| WriteProfileStringW | - | 0x6d7f0c | 0x2d7654 | 0x2cd654 | 0x0 |
| GetCPInfoExW | - | 0x6d7f10 | 0x2d7658 | 0x2cd658 | 0x0 |
| RtlUnwind | - | 0x6d7f14 | 0x2d765c | 0x2cd65c | 0x0 |
| GetCPInfo | - | 0x6d7f18 | 0x2d7660 | 0x2cd660 | 0x0 |
| GetStdHandle | - | 0x6d7f1c | 0x2d7664 | 0x2cd664 | 0x0 |
| GetTimeZoneInformation | - | 0x6d7f20 | 0x2d7668 | 0x2cd668 | 0x0 |
| FileTimeToLocalFileTime | - | 0x6d7f24 | 0x2d766c | 0x2cd66c | 0x0 |
| GetModuleHandleW | - | 0x6d7f28 | 0x2d7670 | 0x2cd670 | 0x0 |
| FreeLibrary | - | 0x6d7f2c | 0x2d7674 | 0x2cd674 | 0x0 |
| HeapDestroy | - | 0x6d7f30 | 0x2d7678 | 0x2cd678 | 0x0 |
| CompareFileTime | - | 0x6d7f34 | 0x2d767c | 0x2cd67c | 0x0 |
| ReadFile | - | 0x6d7f38 | 0x2d7680 | 0x2cd680 | 0x0 |
| CreateProcessW | - | 0x6d7f3c | 0x2d7684 | 0x2cd684 | 0x0 |
| TransactNamedPipe | - | 0x6d7f40 | 0x2d7688 | 0x2cd688 | 0x0 |
| GetLastError | - | 0x6d7f44 | 0x2d768c | 0x2cd68c | 0x0 |
| GetModuleFileNameW | - | 0x6d7f48 | 0x2d7690 | 0x2cd690 | 0x0 |
| SetLastError | - | 0x6d7f4c | 0x2d7694 | 0x2cd694 | 0x0 |
| FindResourceW | - | 0x6d7f50 | 0x2d7698 | 0x2cd698 | 0x0 |
| OpenMutexW | - | 0x6d7f54 | 0x2d769c | 0x2cd69c | 0x0 |
| CreateThread | - | 0x6d7f58 | 0x2d76a0 | 0x2cd6a0 | 0x0 |
| CompareStringW | - | 0x6d7f5c | 0x2d76a4 | 0x2cd6a4 | 0x0 |
| CopyFileW | - | 0x6d7f60 | 0x2d76a8 | 0x2cd6a8 | 0x0 |
| CreateMutexW | - | 0x6d7f64 | 0x2d76ac | 0x2cd6ac | 0x0 |
| LoadLibraryA | - | 0x6d7f68 | 0x2d76b0 | 0x2cd6b0 | 0x0 |
| ResetEvent | - | 0x6d7f6c | 0x2d76b4 | 0x2cd6b4 | 0x0 |
| MulDiv | - | 0x6d7f70 | 0x2d76b8 | 0x2cd6b8 | 0x0 |
| FreeResource | - | 0x6d7f74 | 0x2d76bc | 0x2cd6bc | 0x0 |
| GetDriveTypeW | - | 0x6d7f78 | 0x2d76c0 | 0x2cd6c0 | 0x0 |
| GetVersion | - | 0x6d7f7c | 0x2d76c4 | 0x2cd6c4 | 0x0 |
| RaiseException | - | 0x6d7f80 | 0x2d76c8 | 0x2cd6c8 | 0x0 |
| MoveFileW | - | 0x6d7f84 | 0x2d76cc | 0x2cd6cc | 0x0 |
| GlobalAddAtomW | - | 0x6d7f88 | 0x2d76d0 | 0x2cd6d0 | 0x0 |
| GetSystemTimeAsFileTime | - | 0x6d7f8c | 0x2d76d4 | 0x2cd6d4 | 0x0 |
| FormatMessageW | - | 0x6d7f90 | 0x2d76d8 | 0x2cd6d8 | 0x0 |
| OpenProcess | - | 0x6d7f94 | 0x2d76dc | 0x2cd6dc | 0x0 |
| SwitchToThread | - | 0x6d7f98 | 0x2d76e0 | 0x2cd6e0 | 0x0 |
| GetExitCodeThread | - | 0x6d7f9c | 0x2d76e4 | 0x2cd6e4 | 0x0 |
| OutputDebugStringW | - | 0x6d7fa0 | 0x2d76e8 | 0x2cd6e8 | 0x0 |
| GetCurrentThread | - | 0x6d7fa4 | 0x2d76ec | 0x2cd6ec | 0x0 |
| GetLogicalDrives | - | 0x6d7fa8 | 0x2d76f0 | 0x2cd6f0 | 0x0 |
| LocalFileTimeToFileTime | - | 0x6d7fac | 0x2d76f4 | 0x2cd6f4 | 0x0 |
| SetNamedPipeHandleState | - | 0x6d7fb0 | 0x2d76f8 | 0x2cd6f8 | 0x0 |
| LoadLibraryExW | - | 0x6d7fb4 | 0x2d76fc | 0x2cd6fc | 0x0 |
| TerminateProcess | - | 0x6d7fb8 | 0x2d7700 | 0x2cd700 | 0x0 |
| LockResource | - | 0x6d7fbc | 0x2d7704 | 0x2cd704 | 0x0 |
| FileTimeToSystemTime | - | 0x6d7fc0 | 0x2d7708 | 0x2cd708 | 0x0 |
| GetShortPathNameW | - | 0x6d7fc4 | 0x2d770c | 0x2cd70c | 0x0 |
| GetCurrentThreadId | - | 0x6d7fc8 | 0x2d7710 | 0x2cd710 | 0x0 |
| UnhandledExceptionFilter | - | 0x6d7fcc | 0x2d7714 | 0x2cd714 | 0x0 |
| MoveFileExW | - | 0x6d7fd0 | 0x2d7718 | 0x2cd718 | 0x0 |
| GlobalFindAtomW | - | 0x6d7fd4 | 0x2d771c | 0x2cd71c | 0x0 |
| VirtualQuery | - | 0x6d7fd8 | 0x2d7720 | 0x2cd720 | 0x0 |
| GlobalFree | - | 0x6d7fdc | 0x2d7724 | 0x2cd724 | 0x0 |
| VirtualQueryEx | - | 0x6d7fe0 | 0x2d7728 | 0x2cd728 | 0x0 |
| Sleep | - | 0x6d7fe4 | 0x2d772c | 0x2cd72c | 0x0 |
| EnterCriticalSection | - | 0x6d7fe8 | 0x2d7730 | 0x2cd730 | 0x0 |
| SetFilePointer | - | 0x6d7fec | 0x2d7734 | 0x2cd734 | 0x0 |
| ReleaseMutex | - | 0x6d7ff0 | 0x2d7738 | 0x2cd738 | 0x0 |
| FlushFileBuffers | - | 0x6d7ff4 | 0x2d773c | 0x2cd73c | 0x0 |
| LoadResource | - | 0x6d7ff8 | 0x2d7740 | 0x2cd740 | 0x0 |
| SuspendThread | - | 0x6d7ffc | 0x2d7744 | 0x2cd744 | 0x0 |
| GetTickCount | - | 0x6d8000 | 0x2d7748 | 0x2cd748 | 0x0 |
| WritePrivateProfileStringW | - | 0x6d8004 | 0x2d774c | 0x2cd74c | 0x0 |
| GetFileSize | - | 0x6d8008 | 0x2d7750 | 0x2cd750 | 0x0 |
| GlobalDeleteAtom | - | 0x6d800c | 0x2d7754 | 0x2cd754 | 0x0 |
| GetStartupInfoW | - | 0x6d8010 | 0x2d7758 | 0x2cd758 | 0x0 |
| GetFileAttributesW | - | 0x6d8014 | 0x2d775c | 0x2cd75c | 0x0 |
| GetCurrentDirectoryW | - | 0x6d8018 | 0x2d7760 | 0x2cd760 | 0x0 |
| SetCurrentDirectoryW | - | 0x6d801c | 0x2d7764 | 0x2cd764 | 0x0 |
| InitializeCriticalSection | - | 0x6d8020 | 0x2d7768 | 0x2cd768 | 0x0 |
| GetThreadPriority | - | 0x6d8024 | 0x2d776c | 0x2cd76c | 0x0 |
| GetCurrentProcess | - | 0x6d8028 | 0x2d7770 | 0x2cd770 | 0x0 |
| SetThreadPriority | - | 0x6d802c | 0x2d7774 | 0x2cd774 | 0x0 |
| VirtualAlloc | - | 0x6d8030 | 0x2d7778 | 0x2cd778 | 0x0 |
| GetSystemInfo | - | 0x6d8034 | 0x2d777c | 0x2cd77c | 0x0 |
| GetCommandLineW | - | 0x6d8038 | 0x2d7780 | 0x2cd780 | 0x0 |
| LeaveCriticalSection | - | 0x6d803c | 0x2d7784 | 0x2cd784 | 0x0 |
| GetProcAddress | - | 0x6d8040 | 0x2d7788 | 0x2cd788 | 0x0 |
| ResumeThread | - | 0x6d8044 | 0x2d778c | 0x2cd78c | 0x0 |
| GetVersionExW | - | 0x6d8048 | 0x2d7790 | 0x2cd790 | 0x0 |
| VerifyVersionInfoW | - | 0x6d804c | 0x2d7794 | 0x2cd794 | 0x0 |
| HeapCreate | - | 0x6d8050 | 0x2d7798 | 0x2cd798 | 0x0 |
| GetWindowsDirectoryW | - | 0x6d8054 | 0x2d779c | 0x2cd79c | 0x0 |
| DeviceIoControl | - | 0x6d8058 | 0x2d77a0 | 0x2cd7a0 | 0x0 |
| LCMapStringW | - | 0x6d805c | 0x2d77a4 | 0x2cd7a4 | 0x0 |
| GetDiskFreeSpaceW | - | 0x6d8060 | 0x2d77a8 | 0x2cd7a8 | 0x0 |
| VerSetConditionMask | - | 0x6d8064 | 0x2d77ac | 0x2cd7ac | 0x0 |
| FindFirstFileW | - | 0x6d8068 | 0x2d77b0 | 0x2cd7b0 | 0x0 |
| GetUserDefaultUILanguage | - | 0x6d806c | 0x2d77b4 | 0x2cd7b4 | 0x0 |
| lstrlenW | - | 0x6d8070 | 0x2d77b8 | 0x2cd7b8 | 0x0 |
| QueryPerformanceCounter | - | 0x6d8074 | 0x2d77bc | 0x2cd7bc | 0x0 |
| SetEndOfFile | - | 0x6d8078 | 0x2d77c0 | 0x2cd7c0 | 0x0 |
| lstrcmpW | - | 0x6d807c | 0x2d77c4 | 0x2cd7c4 | 0x0 |
| HeapFree | - | 0x6d8080 | 0x2d77c8 | 0x2cd7c8 | 0x0 |
| WideCharToMultiByte | - | 0x6d8084 | 0x2d77cc | 0x2cd7cc | 0x0 |
| FindClose | - | 0x6d8088 | 0x2d77d0 | 0x2cd7d0 | 0x0 |
| MultiByteToWideChar | - | 0x6d808c | 0x2d77d4 | 0x2cd7d4 | 0x0 |
| LoadLibraryW | - | 0x6d8090 | 0x2d77d8 | 0x2cd7d8 | 0x0 |
| SetEvent | - | 0x6d8094 | 0x2d77dc | 0x2cd7dc | 0x0 |
| CreateFileW | - | 0x6d8098 | 0x2d77e0 | 0x2cd7e0 | 0x0 |
| GetLocaleInfoW | - | 0x6d809c | 0x2d77e4 | 0x2cd7e4 | 0x0 |
| GetSystemDirectoryW | - | 0x6d80a0 | 0x2d77e8 | 0x2cd7e8 | 0x0 |
| DeleteFileW | - | 0x6d80a4 | 0x2d77ec | 0x2cd7ec | 0x0 |
| GetEnvironmentVariableW | - | 0x6d80a8 | 0x2d77f0 | 0x2cd7f0 | 0x0 |
| GetLocalTime | - | 0x6d80ac | 0x2d77f4 | 0x2cd7f4 | 0x0 |
| WaitForSingleObject | - | 0x6d80b0 | 0x2d77f8 | 0x2cd7f8 | 0x0 |
| WriteFile | - | 0x6d80b4 | 0x2d77fc | 0x2cd7fc | 0x0 |
| CreateNamedPipeW | - | 0x6d80b8 | 0x2d7800 | 0x2cd800 | 0x0 |
| ExitThread | - | 0x6d80bc | 0x2d7804 | 0x2cd804 | 0x0 |
| DeleteCriticalSection | - | 0x6d80c0 | 0x2d7808 | 0x2cd808 | 0x0 |
| GetDateFormatW | - | 0x6d80c4 | 0x2d780c | 0x2cd80c | 0x0 |
| TlsGetValue | - | 0x6d80c8 | 0x2d7810 | 0x2cd810 | 0x0 |
| SetErrorMode | - | 0x6d80cc | 0x2d7814 | 0x2cd814 | 0x0 |
| GetComputerNameW | - | 0x6d80d0 | 0x2d7818 | 0x2cd818 | 0x0 |
| IsValidLocale | - | 0x6d80d4 | 0x2d781c | 0x2cd81c | 0x0 |
| TlsSetValue | - | 0x6d80d8 | 0x2d7820 | 0x2cd820 | 0x0 |
| CreateDirectoryW | - | 0x6d80dc | 0x2d7824 | 0x2cd824 | 0x0 |
| GetOverlappedResult | - | 0x6d80e0 | 0x2d7828 | 0x2cd828 | 0x0 |
| GetSystemDefaultUILanguage | - | 0x6d80e4 | 0x2d782c | 0x2cd82c | 0x0 |
| EnumCalendarInfoW | - | 0x6d80e8 | 0x2d7830 | 0x2cd830 | 0x0 |
| GetProfileStringW | - | 0x6d80ec | 0x2d7834 | 0x2cd834 | 0x0 |
| LocalAlloc | - | 0x6d80f0 | 0x2d7838 | 0x2cd838 | 0x0 |
| GetUserDefaultLangID | - | 0x6d80f4 | 0x2d783c | 0x2cd83c | 0x0 |
| RemoveDirectoryW | - | 0x6d80f8 | 0x2d7840 | 0x2cd840 | 0x0 |
| IsDBCSLeadByte | - | 0x6d80fc | 0x2d7844 | 0x2cd844 | 0x0 |
| CreateEventW | - | 0x6d8100 | 0x2d7848 | 0x2cd848 | 0x0 |
| GetPrivateProfileStringW | - | 0x6d8104 | 0x2d784c | 0x2cd84c | 0x0 |
| WaitForMultipleObjectsEx | - | 0x6d8108 | 0x2d7850 | 0x2cd850 | 0x0 |
| GetThreadLocale | - | 0x6d810c | 0x2d7854 | 0x2cd854 | 0x0 |
| SetThreadLocale | - | 0x6d8110 | 0x2d7858 | 0x2cd858 | 0x0 |
ole32.dll (15)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| StgCreateDocfileOnILockBytes | - | 0x6d8118 | 0x2d7860 | 0x2cd860 | 0x0 |
| CoCreateInstance | - | 0x6d811c | 0x2d7864 | 0x2cd864 | 0x0 |
| CLSIDFromString | - | 0x6d8120 | 0x2d7868 | 0x2cd868 | 0x0 |
| CoUninitialize | - | 0x6d8124 | 0x2d786c | 0x2cd86c | 0x0 |
| IsEqualGUID | - | 0x6d8128 | 0x2d7870 | 0x2cd870 | 0x0 |
| OleInitialize | - | 0x6d812c | 0x2d7874 | 0x2cd874 | 0x0 |
| CoFreeUnusedLibraries | - | 0x6d8130 | 0x2d7878 | 0x2cd878 | 0x0 |
| CreateILockBytesOnHGlobal | - | 0x6d8134 | 0x2d787c | 0x2cd87c | 0x0 |
| CLSIDFromProgID | - | 0x6d8138 | 0x2d7880 | 0x2cd880 | 0x0 |
| OleUninitialize | - | 0x6d813c | 0x2d7884 | 0x2cd884 | 0x0 |
| CoDisconnectObject | - | 0x6d8140 | 0x2d7888 | 0x2cd888 | 0x0 |
| CoInitialize | - | 0x6d8144 | 0x2d788c | 0x2cd88c | 0x0 |
| CoTaskMemFree | - | 0x6d8148 | 0x2d7890 | 0x2cd890 | 0x0 |
| CoTaskMemAlloc | - | 0x6d814c | 0x2d7894 | 0x2cd894 | 0x0 |
| StringFromCLSID | - | 0x6d8150 | 0x2d7898 | 0x2cd898 | 0x0 |
gdi32.dll (80)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| Arc | - | 0x6d8158 | 0x2d78a0 | 0x2cd8a0 | 0x0 |
| Pie | - | 0x6d815c | 0x2d78a4 | 0x2cd8a4 | 0x0 |
| SetBkMode | - | 0x6d8160 | 0x2d78a8 | 0x2cd8a8 | 0x0 |
| SelectPalette | - | 0x6d8164 | 0x2d78ac | 0x2cd8ac | 0x0 |
| CreateCompatibleBitmap | - | 0x6d8168 | 0x2d78b0 | 0x2cd8b0 | 0x0 |
| ExcludeClipRect | - | 0x6d816c | 0x2d78b4 | 0x2cd8b4 | 0x0 |
| RectVisible | - | 0x6d8170 | 0x2d78b8 | 0x2cd8b8 | 0x0 |
| SetWindowOrgEx | - | 0x6d8174 | 0x2d78bc | 0x2cd8bc | 0x0 |
| MaskBlt | - | 0x6d8178 | 0x2d78c0 | 0x2cd8c0 | 0x0 |
| AngleArc | - | 0x6d817c | 0x2d78c4 | 0x2cd8c4 | 0x0 |
| Chord | - | 0x6d8180 | 0x2d78c8 | 0x2cd8c8 | 0x0 |
| SetTextColor | - | 0x6d8184 | 0x2d78cc | 0x2cd8cc | 0x0 |
| StretchBlt | - | 0x6d8188 | 0x2d78d0 | 0x2cd8d0 | 0x0 |
| SetDIBits | - | 0x6d818c | 0x2d78d4 | 0x2cd8d4 | 0x0 |
| SetViewportOrgEx | - | 0x6d8190 | 0x2d78d8 | 0x2cd8d8 | 0x0 |
| CreateRectRgn | - | 0x6d8194 | 0x2d78dc | 0x2cd8dc | 0x0 |
| RealizePalette | - | 0x6d8198 | 0x2d78e0 | 0x2cd8e0 | 0x0 |
| SetDIBColorTable | - | 0x6d819c | 0x2d78e4 | 0x2cd8e4 | 0x0 |
| GetDIBColorTable | - | 0x6d81a0 | 0x2d78e8 | 0x2cd8e8 | 0x0 |
| RoundRect | - | 0x6d81a4 | 0x2d78ec | 0x2cd8ec | 0x0 |
| RestoreDC | - | 0x6d81a8 | 0x2d78f0 | 0x2cd8f0 | 0x0 |
| SetRectRgn | - | 0x6d81ac | 0x2d78f4 | 0x2cd8f4 | 0x0 |
| GetTextMetricsW | - | 0x6d81b0 | 0x2d78f8 | 0x2cd8f8 | 0x0 |
| RemoveFontResourceW | - | 0x6d81b4 | 0x2d78fc | 0x2cd8fc | 0x0 |
| GetWindowOrgEx | - | 0x6d81b8 | 0x2d7900 | 0x2cd900 | 0x0 |
| CreatePalette | - | 0x6d81bc | 0x2d7904 | 0x2cd904 | 0x0 |
| CreateBrushIndirect | - | 0x6d81c0 | 0x2d7908 | 0x2cd908 | 0x0 |
| PatBlt | - | 0x6d81c4 | 0x2d790c | 0x2cd90c | 0x0 |
| LineDDA | - | 0x6d81c8 | 0x2d7910 | 0x2cd910 | 0x0 |
| PolyBezierTo | - | 0x6d81cc | 0x2d7914 | 0x2cd914 | 0x0 |
| GetStockObject | - | 0x6d81d0 | 0x2d7918 | 0x2cd918 | 0x0 |
| CreateSolidBrush | - | 0x6d81d4 | 0x2d791c | 0x2cd91c | 0x0 |
| Polygon | - | 0x6d81d8 | 0x2d7920 | 0x2cd920 | 0x0 |
| Rectangle | - | 0x6d81dc | 0x2d7924 | 0x2cd924 | 0x0 |
| MoveToEx | - | 0x6d81e0 | 0x2d7928 | 0x2cd928 | 0x0 |
| DeleteDC | - | 0x6d81e4 | 0x2d792c | 0x2cd92c | 0x0 |
| SaveDC | - | 0x6d81e8 | 0x2d7930 | 0x2cd930 | 0x0 |
| BitBlt | - | 0x6d81ec | 0x2d7934 | 0x2cd934 | 0x0 |
| Ellipse | - | 0x6d81f0 | 0x2d7938 | 0x2cd938 | 0x0 |
| FrameRgn | - | 0x6d81f4 | 0x2d793c | 0x2cd93c | 0x0 |
| GetDeviceCaps | - | 0x6d81f8 | 0x2d7940 | 0x2cd940 | 0x0 |
| GetBitmapBits | - | 0x6d81fc | 0x2d7944 | 0x2cd944 | 0x0 |
| GetTextExtentPoint32W | - | 0x6d8200 | 0x2d7948 | 0x2cd948 | 0x0 |
| GetClipBox | - | 0x6d8204 | 0x2d794c | 0x2cd94c | 0x0 |
| Polyline | - | 0x6d8208 | 0x2d7950 | 0x2cd950 | 0x0 |
| IntersectClipRect | - | 0x6d820c | 0x2d7954 | 0x2cd954 | 0x0 |
| GetSystemPaletteEntries | - | 0x6d8210 | 0x2d7958 | 0x2cd958 | 0x0 |
| CreateBitmap | - | 0x6d8214 | 0x2d795c | 0x2cd95c | 0x0 |
| AddFontResourceW | - | 0x6d8218 | 0x2d7960 | 0x2cd960 | 0x0 |
| CreateDIBitmap | - | 0x6d821c | 0x2d7964 | 0x2cd964 | 0x0 |
| GetStretchBltMode | - | 0x6d8220 | 0x2d7968 | 0x2cd968 | 0x0 |
| CreateDIBSection | - | 0x6d8224 | 0x2d796c | 0x2cd96c | 0x0 |
| CreatePenIndirect | - | 0x6d8228 | 0x2d7970 | 0x2cd970 | 0x0 |
| SetStretchBltMode | - | 0x6d822c | 0x2d7974 | 0x2cd974 | 0x0 |
| GetDIBits | - | 0x6d8230 | 0x2d7978 | 0x2cd978 | 0x0 |
| CreateFontIndirectW | - | 0x6d8234 | 0x2d797c | 0x2cd97c | 0x0 |
| PolyBezier | - | 0x6d8238 | 0x2d7980 | 0x2cd980 | 0x0 |
| LineTo | - | 0x6d823c | 0x2d7984 | 0x2cd984 | 0x0 |
| GetRgnBox | - | 0x6d8240 | 0x2d7988 | 0x2cd988 | 0x0 |
| EnumFontsW | - | 0x6d8244 | 0x2d798c | 0x2cd98c | 0x0 |
| CreateHalftonePalette | - | 0x6d8248 | 0x2d7990 | 0x2cd990 | 0x0 |
| DeleteObject | - | 0x6d824c | 0x2d7994 | 0x2cd994 | 0x0 |
| SelectObject | - | 0x6d8250 | 0x2d7998 | 0x2cd998 | 0x0 |
| ExtFloodFill | - | 0x6d8254 | 0x2d799c | 0x2cd99c | 0x0 |
| UnrealizeObject | - | 0x6d8258 | 0x2d79a0 | 0x2cd9a0 | 0x0 |
| SetBkColor | - | 0x6d825c | 0x2d79a4 | 0x2cd9a4 | 0x0 |
| CreateCompatibleDC | - | 0x6d8260 | 0x2d79a8 | 0x2cd9a8 | 0x0 |
| GetObjectW | - | 0x6d8264 | 0x2d79ac | 0x2cd9ac | 0x0 |
| GetBrushOrgEx | - | 0x6d8268 | 0x2d79b0 | 0x2cd9b0 | 0x0 |
| GetCurrentPositionEx | - | 0x6d826c | 0x2d79b4 | 0x2cd9b4 | 0x0 |
| SetROP2 | - | 0x6d8270 | 0x2d79b8 | 0x2cd9b8 | 0x0 |
| GetTextExtentPointW | - | 0x6d8274 | 0x2d79bc | 0x2cd9bc | 0x0 |
| ExtTextOutW | - | 0x6d8278 | 0x2d79c0 | 0x2cd9c0 | 0x0 |
| SetBrushOrgEx | - | 0x6d827c | 0x2d79c4 | 0x2cd9c4 | 0x0 |
| GetPixel | - | 0x6d8280 | 0x2d79c8 | 0x2cd9c8 | 0x0 |
| ArcTo | - | 0x6d8284 | 0x2d79cc | 0x2cd9cc | 0x0 |
| GdiFlush | - | 0x6d8288 | 0x2d79d0 | 0x2cd9d0 | 0x0 |
| SetPixel | - | 0x6d828c | 0x2d79d4 | 0x2cd9d4 | 0x0 |
| EnumFontFamiliesExW | - | 0x6d8290 | 0x2d79d8 | 0x2cd9d8 | 0x0 |
| GetPaletteEntries | - | 0x6d8294 | 0x2d79dc | 0x2cd9dc | 0x0 |
Exports (3)
»
| Api name | EAT Address | Ordinal |
|---|---|---|
| TMethodImplementationIntercept | 0xb5e60 | 0x3 |
| __dbk_fcall_wrapper | 0x10a7c | 0x2 |
| dbkFCallWrapperAddr | 0x2d2640 | 0x1 |
Memory Dumps (4)
»
| Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|---|
| 4340bc1e1ddb5d268a010401be96435063de733a2601d158d13f56da9f20df5d.tmp | 2 | 0x00400000 | 0x00719FFF | Relevant Image |
|
32-bit | 0x0040EB94 |
|
|
...
|
| buffer | 2 | 0x00C90000 | 0x00C90FFF | First Execution |
|
32-bit | 0x00C90FE2 |
|
|
...
|
| buffer | 2 | 0x00C90000 | 0x00C90FFF | Content Changed |
|
32-bit | - |
|
|
...
|
| 4340bc1e1ddb5d268a010401be96435063de733a2601d158d13f56da9f20df5d.tmp | 2 | 0x00400000 | 0x00719FFF | Process Termination |
|
32-bit | - |
|
|
...
|
| c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\inetcache\counters.dat | Modified File | Stream |
clean
|
...
|
»
| MIME Type | application/octet-stream |
| File Size | 128 Bytes |
| MD5 |
cc90851958032b8c8bbb7b24ec6271dd
|
| SHA1 |
e027ad2ea4049374a3b01af2e3626b667dc816bc
|
| SHA256 |
c2d814a34b184b7cdf10e4e7a4311ff15db99326d6dd8d328b53bf9e19ccf858
|
| SSDeep |
3:Fl:
|
| ImpHash | - |
| C:\Users\RDHJ0C~1\AppData\Local\Temp\is-IOPSN.tmp\_isetup\_setup64.tmp | Dropped File | Binary |
clean
Known to be clean.
|
...
|
»
| Also Known As | C:\Users\RDHJ0C~1\AppData\Local\Temp\is-AQ3U0.tmp\_isetup\_setup64.tmp (Dropped File) |
| Parent File | C:\Users\RDHJ0C~1\AppData\Local\Temp\is-3V8JG.tmp\4340bc1e1ddb5d268a010401be96435063de733a2601d158d13f56da9f20df5d.tmp |
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 6.00 KB |
| MD5 |
e4211d6d009757c078a9fac7ff4f03d4
|
| SHA1 |
019cd56ba687d39d12d4b13991c9a42ea6ba03da
|
| SHA256 |
388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95
|
| SSDeep |
96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
|
| ImpHash |
f672cb51b1362b8101cc947887b02f34
|
PE Information
»
| Image Base | 0x140000000 |
| Entry Point | 0x1400014e0 |
| Size Of Code | 0x600 |
| Size Of Initialized Data | 0xe00 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_cui |
| Machine Type | MachineType.amd64 |
| Compile Timestamp | 2013-08-27 12:51:33+00:00 |
Sections (5)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x140001000 | 0x4f2 | 0x600 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 5.33 |
| .rdata | 0x140002000 | 0x47c | 0x600 | 0xa00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 3.33 |
| .data | 0x140003000 | 0x2022c | 0x0 | 0x0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
| .pdata | 0x140024000 | 0x30 | 0x200 | 0x1000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 0.44 |
| .rsrc | 0x140025000 | 0x448 | 0x600 | 0x1200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.44 |
Imports (6)
»
COMCTL32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| (by ordinal) | 0x11 | 0x140002030 | 0x21f8 | 0xbf8 | - |
SHLWAPI.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| StrToIntW | - | 0x1400020d8 | 0x22a0 | 0xca0 | 0x11a |
| StrToInt64ExW | - | 0x1400020e0 | 0x22a8 | 0xca8 | 0x116 |
KERNEL32.dll (12)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| ReadFile | - | 0x140002040 | 0x2208 | 0xc08 | 0x2b1 |
| WriteFile | - | 0x140002048 | 0x2210 | 0xc10 | 0x3aa |
| CloseHandle | - | 0x140002050 | 0x2218 | 0xc18 | 0x36 |
| SetConsoleCtrlHandler | - | 0x140002058 | 0x2220 | 0xc20 | 0x2f5 |
| SetProcessShutdownParameters | - | 0x140002060 | 0x2228 | 0xc28 | 0x33a |
| SetCurrentDirectoryW | - | 0x140002068 | 0x2230 | 0xc30 | 0x312 |
| GetSystemDirectoryW | - | 0x140002070 | 0x2238 | 0xc38 | 0x1c4 |
| SetErrorMode | - | 0x140002078 | 0x2240 | 0xc40 | 0x31c |
| ExitProcess | - | 0x140002080 | 0x2248 | 0xc48 | 0xbc |
| LocalFree | - | 0x140002088 | 0x2250 | 0xc50 | 0x258 |
| GetLastError | - | 0x140002090 | 0x2258 | 0xc58 | 0x173 |
| GetCommandLineW | - | 0x140002098 | 0x2260 | 0xc60 | 0x114 |
ADVAPI32.dll (5)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| FreeSid | - | 0x140002000 | 0x21c8 | 0xbc8 | 0xe2 |
| GetNamedSecurityInfoW | - | 0x140002008 | 0x21d0 | 0xbd0 | 0x103 |
| AllocateAndInitializeSid | - | 0x140002010 | 0x21d8 | 0xbd8 | 0x1d |
| SetNamedSecurityInfoW | - | 0x140002018 | 0x21e0 | 0xbe0 | 0x236 |
| SetEntriesInAclW | - | 0x140002020 | 0x21e8 | 0xbe8 | 0x22b |
SHELL32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CommandLineToArgvW | - | 0x1400020c8 | 0x2290 | 0xc90 | 0x7 |
OLEAUT32.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| LoadTypeLib | 0xa1 | 0x1400020a8 | 0x2270 | 0xc70 | - |
| RegisterTypeLib | 0xa3 | 0x1400020b0 | 0x2278 | 0xc78 | - |
| UnRegisterTypeLib | 0xba | 0x1400020b8 | 0x2280 | 0xc80 | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\is-S3F12.tmp | Dropped File | Binary |
clean
Known to be clean.
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\FileHelpers.DLL (Dropped File) |
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 144.00 KB |
| MD5 |
d817a6ec84cc47899f249b2c03b5f985
|
| SHA1 |
5ebf96041a694c85bad7f71f0679f64700ee272e
|
| SHA256 |
0a5dc4026bceeb4afdddd73e3e16cc7224b2640e86a379d9afe6e5a81ce1ecdc
|
| SSDeep |
3072:Ju6aJX0iugleTtmPzeLmQlV9MxSh356/JwQ3QklkuSmpKFb4NbkR2:9aJX0i9PaLmQlVxhw53w5bsbk
|
| ImpHash |
dae02f32a21e03ce65412f6e56942daa
|
PE Information
»
| Image Base | 0x11000000 |
| Entry Point | 0x11022d6e |
| Size Of Code | 0x21000 |
| Size Of Initialized Data | 0x2000 |
| File Type | FileType.dll |
| Subsystem | Subsystem.windows_cui |
| Machine Type | MachineType.i386 |
| Compile Timestamp | 2007-04-10 04:44:41+00:00 |
Version Information (11)
»
| Comments | A simple to use file library for .NET that supports automatic formated file read/write operations. |
| CompanyName | Marcos Meli |
| FileDescription | FileHelpers Lib http://www.filehelpers.com |
| FileVersion | 2.0.0.0 |
| InternalName | FileHelpers.dll |
| LegalCopyright | Copyright 2005-07. Marcos Meli |
| LegalTrademarks | FileHelpers |
| OriginalFilename | FileHelpers.dll |
| ProductName | FileHelpers http://www.filehelpers.com |
| ProductVersion | 2.0.0.0 |
| Assembly Version | 2.0.0.0 |
Sections (3)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x11002000 | 0x20d74 | 0x21000 | 0x1000 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 5.43 |
| .rsrc | 0x11024000 | 0x510 | 0x1000 | 0x22000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 1.3 |
| .reloc | 0x11026000 | 0xc | 0x1000 | 0x23000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.02 |
Imports (1)
»
mscoree.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| _CorDllMain | - | 0x11002000 | 0x22d40 | 0x21d40 | 0x0 |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\is-1A9I8.tmp | Dropped File | Stream |
clean
|
...
|
»
| Also Known As |
C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\history.txt (Dropped File)
history.txt (Dropped File) |
| MIME Type | application/octet-stream |
| File Size | 411.91 KB |
| MD5 |
10f4396344e93ce328529a26cc026082
|
| SHA1 |
51895b0be7b772ebe747336e4e0f57d8bbc5d277
|
| SHA256 |
5ca366d8c7102434e6d8e80c30ba3b4fd99ab5082c629c95d7f870dd8f0f8a27
|
| SSDeep |
6144:IBv/Y6oqGY2NID1MMf07QxjopowBvBBvm:IBv/Y6oiYIup7QVopowBvBBvm
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\is-ATC4C.tmp | Dropped File | Binary |
clean
Known to be clean.
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\libbson-1.0.dll (Dropped File) |
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 179.02 KB |
| MD5 |
e9644e54c403dd5c0ef89c85ada3e295
|
| SHA1 |
a42708b2837dba534e4cb866266e4959b28da452
|
| SHA256 |
72ecd276b372487af75c67877eccc0ed4d15f2c07ffa7f631d8056038d0e8122
|
| SSDeep |
3072:8vvDF1nexZZNNi2k7EBSh2BL5BvgjTSxUCwb5bL8Bu1A5d:8nDF1nexZZBk7Rhi8jTnLMu1A/
|
| ImpHash |
734279b3e792f777a1d11d03777720fd
|
PE Information
»
| Image Base | 0x10000000 |
| Entry Point | 0x10013f11 |
| Size Of Code | 0x1fe00 |
| Size Of Initialized Data | 0xd200 |
| File Type | FileType.dll |
| Subsystem | Subsystem.windows_gui |
| Machine Type | MachineType.i386 |
| Compile Timestamp | 2017-07-28 23:12:28+00:00 |
Sections (4)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x10001000 | 0x1fc18 | 0x1fe00 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.69 |
| .rdata | 0x10021000 | 0x6506 | 0x6600 | 0x20200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.48 |
| .data | 0x10028000 | 0x4204 | 0x2600 | 0x26800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 4.45 |
| .reloc | 0x1002d000 | 0x26e0 | 0x2800 | 0x28e00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 5.74 |
Imports (2)
»
WS2_32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| gethostname | 0x39 | 0x10021138 | 0x25af0 | 0x24cf0 | - |
KERNEL32.dll (77)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetSystemTimeAsFileTime | - | 0x10021000 | 0x259b8 | 0x24bb8 | 0x24f |
| GetTickCount64 | - | 0x10021004 | 0x259bc | 0x24bbc | 0x267 |
| InterlockedCompareExchange64 | - | 0x10021008 | 0x259c0 | 0x24bc0 | 0x2bb |
| GetCurrentProcessId | - | 0x1002100c | 0x259c4 | 0x24bc4 | 0x1aa |
| InterlockedExchangeAdd | - | 0x10021010 | 0x259c8 | 0x24bc8 | 0x2be |
| InitOnceExecuteOnce | - | 0x10021014 | 0x259cc | 0x24bcc | 0x2b1 |
| SystemTimeToFileTime | - | 0x10021018 | 0x259d0 | 0x24bd0 | 0x42a |
| EnterCriticalSection | - | 0x1002101c | 0x259d4 | 0x24bd4 | 0xd9 |
| LeaveCriticalSection | - | 0x10021020 | 0x259d8 | 0x24bd8 | 0x2ef |
| UnhandledExceptionFilter | - | 0x10021024 | 0x259dc | 0x24bdc | 0x43e |
| SetUnhandledExceptionFilter | - | 0x10021028 | 0x259e0 | 0x24be0 | 0x415 |
| GetLastError | - | 0x1002102c | 0x259e4 | 0x24be4 | 0x1e6 |
| CloseHandle | - | 0x10021030 | 0x259e8 | 0x24be8 | 0x43 |
| MultiByteToWideChar | - | 0x10021034 | 0x259ec | 0x24bec | 0x31a |
| ReadFile | - | 0x10021038 | 0x259f0 | 0x24bf0 | 0x368 |
| GetFileType | - | 0x1002103c | 0x259f4 | 0x24bf4 | 0x1d7 |
| CreateFileA | - | 0x10021040 | 0x259f8 | 0x24bf8 | 0x78 |
| HeapFree | - | 0x10021044 | 0x259fc | 0x24bfc | 0x2a1 |
| HeapReAlloc | - | 0x10021048 | 0x25a00 | 0x24c00 | 0x2a4 |
| HeapAlloc | - | 0x1002104c | 0x25a04 | 0x24c04 | 0x29d |
| GetCurrentThreadId | - | 0x10021050 | 0x25a08 | 0x24c08 | 0x1ad |
| GetCommandLineA | - | 0x10021054 | 0x25a0c | 0x24c0c | 0x16f |
| GetProcAddress | - | 0x10021058 | 0x25a10 | 0x24c10 | 0x220 |
| GetModuleHandleA | - | 0x1002105c | 0x25a14 | 0x24c14 | 0x1f6 |
| SetHandleCount | - | 0x10021060 | 0x25a18 | 0x24c18 | 0x3e8 |
| GetStdHandle | - | 0x10021064 | 0x25a1c | 0x24c1c | 0x23b |
| GetStartupInfoA | - | 0x10021068 | 0x25a20 | 0x24c20 | 0x239 |
| DeleteCriticalSection | - | 0x1002106c | 0x25a24 | 0x24c24 | 0xbe |
| TerminateProcess | - | 0x10021070 | 0x25a28 | 0x24c28 | 0x42d |
| GetCurrentProcess | - | 0x10021074 | 0x25a2c | 0x24c2c | 0x1a9 |
| IsDebuggerPresent | - | 0x10021078 | 0x25a30 | 0x24c30 | 0x2d1 |
| Sleep | - | 0x1002107c | 0x25a34 | 0x24c34 | 0x421 |
| GetModuleHandleW | - | 0x10021080 | 0x25a38 | 0x24c38 | 0x1f9 |
| ExitProcess | - | 0x10021084 | 0x25a3c | 0x24c3c | 0x104 |
| WriteFile | - | 0x10021088 | 0x25a40 | 0x24c40 | 0x48d |
| GetModuleFileNameA | - | 0x1002108c | 0x25a44 | 0x24c44 | 0x1f4 |
| TlsGetValue | - | 0x10021090 | 0x25a48 | 0x24c48 | 0x434 |
| TlsAlloc | - | 0x10021094 | 0x25a4c | 0x24c4c | 0x432 |
| TlsSetValue | - | 0x10021098 | 0x25a50 | 0x24c50 | 0x435 |
| TlsFree | - | 0x1002109c | 0x25a54 | 0x24c54 | 0x433 |
| InterlockedIncrement | - | 0x100210a0 | 0x25a58 | 0x24c58 | 0x2c0 |
| SetLastError | - | 0x100210a4 | 0x25a5c | 0x24c5c | 0x3ec |
| InterlockedDecrement | - | 0x100210a8 | 0x25a60 | 0x24c60 | 0x2bc |
| GetCPInfo | - | 0x100210ac | 0x25a64 | 0x24c64 | 0x15b |
| GetACP | - | 0x100210b0 | 0x25a68 | 0x24c68 | 0x152 |
| GetOEMCP | - | 0x100210b4 | 0x25a6c | 0x24c6c | 0x213 |
| IsValidCodePage | - | 0x100210b8 | 0x25a70 | 0x24c70 | 0x2db |
| SetStdHandle | - | 0x100210bc | 0x25a74 | 0x24c74 | 0x3fc |
| SetFilePointer | - | 0x100210c0 | 0x25a78 | 0x24c78 | 0x3df |
| WideCharToMultiByte | - | 0x100210c4 | 0x25a7c | 0x24c7c | 0x47a |
| GetConsoleCP | - | 0x100210c8 | 0x25a80 | 0x24c80 | 0x183 |
| GetConsoleMode | - | 0x100210cc | 0x25a84 | 0x24c84 | 0x195 |
| SetEndOfFile | - | 0x100210d0 | 0x25a88 | 0x24c88 | 0x3cd |
| GetProcessHeap | - | 0x100210d4 | 0x25a8c | 0x24c8c | 0x223 |
| HeapCreate | - | 0x100210d8 | 0x25a90 | 0x24c90 | 0x29f |
| HeapDestroy | - | 0x100210dc | 0x25a94 | 0x24c94 | 0x2a0 |
| VirtualFree | - | 0x100210e0 | 0x25a98 | 0x24c98 | 0x457 |
| VirtualAlloc | - | 0x100210e4 | 0x25a9c | 0x24c9c | 0x454 |
| FreeEnvironmentStringsA | - | 0x100210e8 | 0x25aa0 | 0x24ca0 | 0x14a |
| GetEnvironmentStrings | - | 0x100210ec | 0x25aa4 | 0x24ca4 | 0x1bf |
| FreeEnvironmentStringsW | - | 0x100210f0 | 0x25aa8 | 0x24ca8 | 0x14b |
| GetEnvironmentStringsW | - | 0x100210f4 | 0x25aac | 0x24cac | 0x1c1 |
| QueryPerformanceCounter | - | 0x100210f8 | 0x25ab0 | 0x24cb0 | 0x354 |
| GetTickCount | - | 0x100210fc | 0x25ab4 | 0x24cb4 | 0x266 |
| InitializeCriticalSectionAndSpinCount | - | 0x10021100 | 0x25ab8 | 0x24cb8 | 0x2b5 |
| RtlUnwind | - | 0x10021104 | 0x25abc | 0x24cbc | 0x392 |
| LoadLibraryA | - | 0x10021108 | 0x25ac0 | 0x24cc0 | 0x2f1 |
| FlushFileBuffers | - | 0x1002110c | 0x25ac4 | 0x24cc4 | 0x141 |
| LCMapStringA | - | 0x10021110 | 0x25ac8 | 0x24cc8 | 0x2e1 |
| LCMapStringW | - | 0x10021114 | 0x25acc | 0x24ccc | 0x2e3 |
| GetStringTypeA | - | 0x10021118 | 0x25ad0 | 0x24cd0 | 0x23d |
| GetStringTypeW | - | 0x1002111c | 0x25ad4 | 0x24cd4 | 0x240 |
| GetLocaleInfoA | - | 0x10021120 | 0x25ad8 | 0x24cd8 | 0x1e8 |
| WriteConsoleA | - | 0x10021124 | 0x25adc | 0x24cdc | 0x482 |
| GetConsoleOutputCP | - | 0x10021128 | 0x25ae0 | 0x24ce0 | 0x199 |
| WriteConsoleW | - | 0x1002112c | 0x25ae4 | 0x24ce4 | 0x48c |
| HeapSize | - | 0x10021130 | 0x25ae8 | 0x24ce8 | 0x2a6 |
Exports (179)
»
| Api name | EAT Address | Ordinal |
|---|---|---|
| bcon_append | 0x2010 | 0x1 |
| bcon_append_ctx | 0x1f60 | 0x2 |
| bcon_append_ctx_init | 0x1ee0 | 0x3 |
| bcon_append_ctx_va | 0x19c0 | 0x4 |
| bcon_extract | 0x1ef0 | 0x5 |
| bcon_extract_ctx | 0x1f80 | 0x6 |
| bcon_extract_ctx_init | 0x1ee0 | 0x7 |
| bcon_extract_ctx_va | 0x1c90 | 0x8 |
| bcon_new | 0x1fa0 | 0x9 |
| bson_append_array | 0x4e50 | 0xa |
| bson_append_array_begin | 0x25d0 | 0xb |
| bson_append_array_end | 0x2650 | 0xc |
| bson_append_binary | 0x2750 | 0xd |
| bson_append_bool | 0x2890 | 0xe |
| bson_append_code | 0x2940 | 0xf |
| bson_append_code_with_scope | 0x4fe0 | 0x10 |
| bson_append_date_time | 0x33e0 | 0x11 |
| bson_append_dbpointer | 0x2a20 | 0x12 |
| bson_append_document | 0x2b20 | 0x13 |
| bson_append_document_begin | 0x2690 | 0x14 |
| bson_append_document_end | 0x2710 | 0x15 |
| bson_append_double | 0x2c00 | 0x16 |
| bson_append_int32 | 0x2ca0 | 0x17 |
| bson_append_int64 | 0x2d40 | 0x18 |
| bson_append_iter | 0x5140 | 0x19 |
| bson_append_maxkey | 0x2e00 | 0x1a |
| bson_append_minkey | 0x2e90 | 0x1b |
| bson_append_now_utc | 0x56f0 | 0x1c |
| bson_append_null | 0x2f20 | 0x1d |
| bson_append_oid | 0x2fb0 | 0x1e |
| bson_append_regex | 0x3080 | 0x1f |
| bson_append_symbol | 0x3230 | 0x20 |
| bson_append_time_t | 0x5690 | 0x21 |
| bson_append_timestamp | 0x3320 | 0x22 |
| bson_append_timeval | 0x34a0 | 0x23 |
| bson_append_undefined | 0x3550 | 0x24 |
| bson_append_utf8 | 0x3140 | 0x25 |
| bson_append_value | 0x57a0 | 0x26 |
| bson_array_as_json | 0x4900 | 0x27 |
| bson_as_json | 0x4770 | 0x28 |
| bson_ascii_strtoll | 0xcfe0 | 0x29 |
| bson_bcon_magic | 0x1000 | 0x2a |
| bson_bcone_magic | 0x1010 | 0x2b |
| bson_compare | 0x3e40 | 0x2c |
| bson_concat | 0x4df0 | 0x2d |
| bson_context_destroy | 0x6310 | 0x2e |
| bson_context_get_default | 0x6370 | 0x2f |
| bson_context_new | 0x62f0 | 0x30 |
| bson_copy | 0x39b0 | 0x31 |
| bson_copy_to | 0x3a10 | 0x32 |
| bson_copy_to_excluding | 0x5d30 | 0x33 |
| bson_copy_to_excluding_noinit | 0x5dd0 | 0x34 |
| bson_count_keys | 0x3c90 | 0x35 |
| bson_destroy | 0x3b50 | 0x36 |
| bson_destroy_with_steal | 0x3b80 | 0x37 |
| bson_equal | 0x3fb0 | 0x38 |
| bson_free | 0xbc80 | 0x39 |
| bson_get_data | 0x3c50 | 0x3a |
| bson_get_major_version | 0xde30 | 0x3b |
| bson_get_micro_version | 0xde40 | 0x3c |
| bson_get_minor_version | 0xde30 | 0x3d |
| bson_get_monotonic_time | 0x5f00 | 0x3e |
| bson_gettimeofday | 0x5e90 | 0x3f |
| bson_has_field | 0x3d40 | 0x40 |
| bson_init | 0x35e0 | 0x41 |
| bson_init_from_json | 0xafa0 | 0x42 |
| bson_init_static | 0x3690 | 0x43 |
| bson_iter_array | 0x7860 | 0x44 |
| bson_iter_as_bool | 0x8800 | 0x45 |
| bson_iter_as_int64 | 0x71f0 | 0x46 |
| bson_iter_binary | 0x6fe0 | 0x47 |
| bson_iter_bool | 0x70b0 | 0x48 |
| bson_iter_code | 0x7430 | 0x49 |
| bson_iter_codewscope | 0x74a0 | 0x4a |
| bson_iter_date_time | 0x7640 | 0x4b |
| bson_iter_dbpointer | 0x7540 | 0x4c |
| bson_iter_document | 0x77d0 | 0x4d |
| bson_iter_double | 0x7100 | 0x4e |
| bson_iter_dup_utf8 | 0x73b0 | 0x4f |
| bson_iter_find | 0x85e0 | 0x50 |
| bson_iter_find_case | 0x8630 | 0x51 |
| bson_iter_find_descendant | 0x86c0 | 0x52 |
| bson_iter_init | 0x6a90 | 0x53 |
| bson_iter_init_find | 0x88c0 | 0x54 |
| bson_iter_init_find_case | 0x8960 | 0x55 |
| bson_iter_int32 | 0x7160 | 0x56 |
| bson_iter_int64 | 0x71a0 | 0x57 |
| bson_iter_key | 0x6b50 | 0x58 |
| bson_iter_next | 0x6be0 | 0x59 |
| bson_iter_oid | 0x72a0 | 0x5a |
| bson_iter_overwrite_bool | 0x8020 | 0x5b |
| bson_iter_overwrite_double | 0x8100 | 0x5c |
| bson_iter_overwrite_int32 | 0x8070 | 0x5d |
| bson_iter_overwrite_int64 | 0x80b0 | 0x5e |
| bson_iter_recurse | 0x8450 | 0x5f |
| bson_iter_regex | 0x72e0 | 0x60 |
| bson_iter_symbol | 0x75d0 | 0x61 |
| bson_iter_time_t | 0x7690 | 0x62 |
| bson_iter_timestamp | 0x76f0 | 0x63 |
| bson_iter_timeval | 0x7750 | 0x64 |
| bson_iter_type | 0x6b90 | 0x65 |
| bson_iter_utf8 | 0x7340 | 0x66 |
| bson_iter_value | 0x8150 | 0x67 |
| bson_iter_visit_all | 0x78f0 | 0x68 |
| bson_json_data_reader_ingest | 0xae90 | 0x69 |
| bson_json_data_reader_new | 0xae60 | 0x6a |
| bson_json_reader_destroy | 0xadb0 | 0x6b |
| bson_json_reader_new | 0xad30 | 0x6c |
| bson_json_reader_new_from_fd | 0xb120 | 0x6d |
| bson_json_reader_new_from_file | 0xb1c0 | 0x6e |
| bson_json_reader_read | 0xabd0 | 0x6f |
| bson_malloc | 0xbbf0 | 0x70 |
| bson_malloc0 | 0xbc10 | 0x71 |
| bson_md5_append | 0xba60 | 0x72 |
| bson_md5_finish | 0xbb30 | 0x73 |
| bson_md5_init | 0xba30 | 0x74 |
| bson_mem_set_vtable | 0xbcc0 | 0x75 |
| bson_new | 0x3740 | 0x76 |
| bson_new_from_buffer | 0x38b0 | 0x77 |
| bson_new_from_data | 0x3830 | 0x78 |
| bson_new_from_json | 0xaeb0 | 0x79 |
| bson_oid_compare | 0xc240 | 0x7a |
| bson_oid_copy | 0xc2c0 | 0x7b |
| bson_oid_equal | 0xc280 | 0x7c |
| bson_oid_get_time_t | 0xc110 | 0x7d |
| bson_oid_hash | 0xc200 | 0x7e |
| bson_oid_init | 0xbfa0 | 0x7f |
| bson_oid_init_from_data | 0xc030 | 0x80 |
| bson_oid_init_from_string | 0xc080 | 0x81 |
| bson_oid_init_sequence | 0xbf40 | 0x82 |
| bson_oid_is_valid | 0xc310 | 0x83 |
| bson_oid_to_string | 0xc170 | 0x84 |
| bson_reader_destroy | 0xc730 | 0x85 |
| bson_reader_new_from_data | 0xc640 | 0x86 |
| bson_reader_new_from_fd | 0xc980 | 0x87 |
| bson_reader_new_from_file | 0xc9e0 | 0x88 |
| bson_reader_new_from_handle | 0xc8a0 | 0x89 |
| bson_reader_read | 0xc7d0 | 0x8a |
| bson_reader_set_destroy_func | 0xc4e0 | 0x8b |
| bson_reader_set_read_func | 0xc4a0 | 0x8c |
| bson_reader_tell | 0xc840 | 0x8d |
| bson_realloc | 0xbc40 | 0x8e |
| bson_realloc_ctx | 0xbc40 | 0x8f |
| bson_reinit | 0x3630 | 0x90 |
| bson_set_error | 0x6390 | 0x91 |
| bson_sized_new | 0x3770 | 0x92 |
| bson_snprintf | 0xcf90 | 0x93 |
| bson_strdup | 0xce30 | 0x94 |
| bson_strdup_printf | 0xd310 | 0x95 |
| bson_strdupv_printf | 0xd270 | 0x96 |
| bson_strerror_r | 0x63d0 | 0x97 |
| bson_strfreev | 0xcee0 | 0x98 |
| bson_string_append | 0xcbf0 | 0x99 |
| bson_string_append_c | 0xccc0 | 0x9a |
| bson_string_append_printf | 0xd350 | 0x9b |
| bson_string_append_unichar | 0xcd10 | 0x9c |
| bson_string_free | 0xcb80 | 0x9d |
| bson_string_new | 0xcae0 | 0x9e |
| bson_string_truncate | 0xcd70 | 0x9f |
| bson_strncpy | 0xcf30 | 0xa0 |
| bson_strndup | 0xce80 | 0xa1 |
| bson_strnlen | 0xcf10 | 0xa2 |
| bson_uint32_to_string | 0xb290 | 0xa3 |
| bson_utf8_escape_for_json | 0xd830 | 0xa4 |
| bson_utf8_from_unichar | 0xd6a0 | 0xa5 |
| bson_utf8_get_char | 0xd5d0 | 0xa6 |
| bson_utf8_next_char | 0xd650 | 0xa7 |
| bson_utf8_validate | 0xd430 | 0xa8 |
| bson_validate | 0x4d50 | 0xa9 |
| bson_value_copy | 0xda30 | 0xaa |
| bson_value_destroy | 0xdd50 | 0xab |
| bson_vsnprintf | 0xcf50 | 0xac |
| bson_writer_begin | 0xdeb0 | 0xad |
| bson_writer_destroy | 0xde90 | 0xae |
| bson_writer_end | 0xe010 | 0xaf |
| bson_writer_get_length | 0xdea0 | 0xb0 |
| bson_writer_new | 0xde50 | 0xb1 |
| bson_writer_rollback | 0xe070 | 0xb2 |
| bson_zero_free | 0xbc90 | 0xb3 |
Digital Signature Information
»
| Verification Status | Valid |
Certificate: Idera
»
| Issued by | Idera |
| Country Name | US |
| Valid From | 2016-03-10 01:00 (UTC+1) |
| Valid Until | 2018-04-13 01:59 (UTC+2) |
| Algorithm | sha256_rsa |
| Serial Number | 19 4B 7B C0 44 9D 1A E4 D1 6D 7D A1 D5 33 0D 6F |
| Thumbprint | 1D B3 1D A0 C1 52 E9 D4 74 5D 58 D7 38 A1 74 A5 21 B3 BE FC |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\is-6LMC9.tmp | Dropped File | Binary |
clean
Known to be clean.
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\libffi-6.dll (Dropped File) |
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 31.82 KB |
| MD5 |
f68c187d209127bb0a4487b23ec29a25
|
| SHA1 |
54726179bdde7a6bd341b2ba3464e3b79cea08c7
|
| SHA256 |
23fd4daab07107bfb9fd0950c0490ba65df2fbc21680e46d9b93800e38bd1943
|
| SSDeep |
384:5735N1fmZFO+S2uCtA2ostKbKSGQWlVsMb9XaVuXYA4iYG+mbe3FhEKoafNDhwrc:+6AuBOgPW3dasqiYGxq3FmKhrh
|
| ImpHash |
7bbb82549f5061ab873d06c6e5aef58f
|
PE Information
»
| Image Base | 0x6b740000 |
| Entry Point | 0x6b741400 |
| Size Of Code | 0x4c00 |
| Size Of Initialized Data | 0x2600 |
| Size Of Uninitialized Data | 0xe00 |
| File Type | FileType.dll |
| Subsystem | Subsystem.windows_cui |
| Machine Type | MachineType.amd64 |
| Compile Timestamp | 1970-01-01 00:00:00+00:00 |
Sections (13)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x6b741000 | 0x4b40 | 0x4c00 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.23 |
| .data | 0x6b746000 | 0x50 | 0x200 | 0x5000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.48 |
| .rdata | 0x6b747000 | 0x680 | 0x800 | 0x5200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ | 2.97 |
| /4 | 0x6b748000 | 0x35 | 0x200 | 0x5a00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ | 0.54 |
| .pdata | 0x6b749000 | 0x288 | 0x400 | 0x5c00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ | 2.74 |
| .xdata | 0x6b74a000 | 0x254 | 0x400 | 0x6000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ | 2.94 |
| .bss | 0x6b74b000 | 0xd10 | 0x0 | 0x0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
| .edata | 0x6b74c000 | 0x2e7 | 0x400 | 0x6400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ | 3.81 |
| .idata | 0x6b74d000 | 0x678 | 0x800 | 0x6800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 3.44 |
| .CRT | 0x6b74e000 | 0x58 | 0x200 | 0x7000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.2 |
| .tls | 0x6b74f000 | 0x68 | 0x200 | 0x7200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.27 |
| .reloc | 0x6b750000 | 0x48 | 0x200 | 0x7400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.58 |
| /14 | 0x6b751000 | 0x18 | 0x200 | 0x7600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.41 |
Imports (2)
»
KERNEL32.dll (25)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| DeleteCriticalSection | - | 0x6b74d19c | 0xd03c | 0x683c | 0xd8 |
| EnterCriticalSection | - | 0x6b74d1a4 | 0xd044 | 0x6844 | 0xf8 |
| GetCurrentProcess | - | 0x6b74d1ac | 0xd04c | 0x684c | 0x1cd |
| GetCurrentProcessId | - | 0x6b74d1b4 | 0xd054 | 0x6854 | 0x1ce |
| GetCurrentThreadId | - | 0x6b74d1bc | 0xd05c | 0x685c | 0x1d2 |
| GetLastError | - | 0x6b74d1c4 | 0xd064 | 0x6864 | 0x210 |
| GetSystemInfo | - | 0x6b74d1cc | 0xd06c | 0x686c | 0x284 |
| GetSystemTimeAsFileTime | - | 0x6b74d1d4 | 0xd074 | 0x6874 | 0x28a |
| GetTickCount | - | 0x6b74d1dc | 0xd07c | 0x687c | 0x2a5 |
| InitializeCriticalSection | - | 0x6b74d1e4 | 0xd084 | 0x6884 | 0x2f9 |
| LeaveCriticalSection | - | 0x6b74d1ec | 0xd08c | 0x688c | 0x34b |
| QueryPerformanceCounter | - | 0x6b74d1f4 | 0xd094 | 0x6894 | 0x3bb |
| RtlAddFunctionTable | - | 0x6b74d1fc | 0xd09c | 0x689c | 0x401 |
| RtlCaptureContext | - | 0x6b74d204 | 0xd0a4 | 0x68a4 | 0x402 |
| RtlLookupFunctionEntry | - | 0x6b74d20c | 0xd0ac | 0x68ac | 0x409 |
| RtlVirtualUnwind | - | 0x6b74d214 | 0xd0b4 | 0x68b4 | 0x410 |
| SetUnhandledExceptionFilter | - | 0x6b74d21c | 0xd0bc | 0x68bc | 0x49f |
| Sleep | - | 0x6b74d224 | 0xd0c4 | 0x68c4 | 0x4ac |
| TerminateProcess | - | 0x6b74d22c | 0xd0cc | 0x68cc | 0x4ba |
| TlsGetValue | - | 0x6b74d234 | 0xd0d4 | 0x68d4 | 0x4c1 |
| UnhandledExceptionFilter | - | 0x6b74d23c | 0xd0dc | 0x68dc | 0x4ce |
| VirtualAlloc | - | 0x6b74d244 | 0xd0e4 | 0x68e4 | 0x4e6 |
| VirtualFree | - | 0x6b74d24c | 0xd0ec | 0x68ec | 0x4e9 |
| VirtualProtect | - | 0x6b74d254 | 0xd0f4 | 0x68f4 | 0x4ec |
| VirtualQuery | - | 0x6b74d25c | 0xd0fc | 0x68fc | 0x4ee |
msvcrt.dll (17)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| __dllonexit | - | 0x6b74d26c | 0xd10c | 0x690c | 0x4e |
| __iob_func | - | 0x6b74d274 | 0xd114 | 0x6914 | 0x53 |
| _amsg_exit | - | 0x6b74d27c | 0xd11c | 0x691c | 0x78 |
| _initterm | - | 0x6b74d284 | 0xd124 | 0x6924 | 0x11c |
| _lock | - | 0x6b74d28c | 0xd12c | 0x692c | 0x182 |
| _onexit | - | 0x6b74d294 | 0xd134 | 0x6934 | 0x227 |
| _unlock | - | 0x6b74d29c | 0xd13c | 0x693c | 0x2c9 |
| abort | - | 0x6b74d2a4 | 0xd144 | 0x6944 | 0x385 |
| calloc | - | 0x6b74d2ac | 0xd14c | 0x694c | 0x392 |
| free | - | 0x6b74d2b4 | 0xd154 | 0x6954 | 0x3b5 |
| fwrite | - | 0x6b74d2bc | 0xd15c | 0x695c | 0x3c0 |
| malloc | - | 0x6b74d2c4 | 0xd164 | 0x6964 | 0x3ee |
| memcpy | - | 0x6b74d2cc | 0xd16c | 0x696c | 0x3f6 |
| signal | - | 0x6b74d2d4 | 0xd174 | 0x6974 | 0x412 |
| strlen | - | 0x6b74d2dc | 0xd17c | 0x697c | 0x425 |
| strncmp | - | 0x6b74d2e4 | 0xd184 | 0x6984 | 0x428 |
| vfprintf | - | 0x6b74d2ec | 0xd18c | 0x698c | 0x447 |
Exports (26)
»
| Api name | EAT Address | Ordinal |
|---|---|---|
| ffi_call | 0x4000 | 0x1 |
| ffi_call_win64 | 0x4370 | 0x2 |
| ffi_closure_alloc | 0x17e0 | 0x3 |
| ffi_closure_free | 0x2ff0 | 0x4 |
| ffi_closure_win64 | 0x42f0 | 0x5 |
| ffi_closure_win64_inner | 0x40a0 | 0x6 |
| ffi_prep_args | 0x3d10 | 0x7 |
| ffi_prep_cif | 0x15d0 | 0x8 |
| ffi_prep_cif_core | 0x1510 | 0x9 |
| ffi_prep_cif_machdep | 0x3f00 | 0xa |
| ffi_prep_cif_var | 0x1600 | 0xb |
| ffi_prep_closure | 0x1630 | 0xc |
| ffi_prep_closure_loc | 0x4200 | 0xd |
| ffi_type_double | 0x7020 | 0xe |
| ffi_type_float | 0x7040 | 0xf |
| ffi_type_longdouble | 0x7000 | 0x10 |
| ffi_type_pointer | 0x7060 | 0x11 |
| ffi_type_sint16 | 0x7100 | 0x12 |
| ffi_type_sint32 | 0x70c0 | 0x13 |
| ffi_type_sint64 | 0x7080 | 0x14 |
| ffi_type_sint8 | 0x7140 | 0x15 |
| ffi_type_uint16 | 0x7120 | 0x16 |
| ffi_type_uint32 | 0x70e0 | 0x17 |
| ffi_type_uint64 | 0x70a0 | 0x18 |
| ffi_type_uint8 | 0x7160 | 0x19 |
| ffi_type_void | 0x7180 | 0x1a |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\is-B14M1.tmp | Dropped File | Binary |
clean
Known to be clean.
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\libgmodule-2.0-0.dll (Dropped File) |
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 41.00 KB |
| MD5 |
4d233a220f91de3b1510d017b5481942
|
| SHA1 |
c59f449b0d09127d18268e7b07da3f7d749b2720
|
| SHA256 |
08336089e280805c8ac89f7476526f944b5868c014748b6dc29f65167e9e3ab0
|
| SSDeep |
768:bgaowTgGpoQHcE4UJmcCqr7/rz/WGc4kedF0emlBQQhpjxH:bgsppvHc1Cb7ldnmlBQkdH
|
| ImpHash |
73bd3b91f9238355b4d87ffa7539d1e2
|
PE Information
»
| Image Base | 0x6dd00000 |
| Entry Point | 0x6dd01430 |
| Size Of Code | 0x7400 |
| Size Of Initialized Data | 0xa000 |
| Size Of Uninitialized Data | 0xe00 |
| File Type | FileType.dll |
| Subsystem | Subsystem.windows_cui |
| Machine Type | MachineType.i386 |
| Compile Timestamp | 2016-01-29 15:46:15+00:00 |
Version Information (8)
»
| CompanyName | The GLib developer community |
| FileDescription | GModule |
| FileVersion | 2.42.0.0 |
| InternalName | libgmodule-2.0-0 |
| LegalCopyright | Copyright © 1998-2011 Tim Janik and others. |
| OriginalFilename | libgmodule-2.0-0.dll |
| ProductName | GLib |
| ProductVersion | 2.42.0 |
Sections (10)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x6dd01000 | 0x73e4 | 0x7400 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.28 |
| .data | 0x6dd09000 | 0x54 | 0x200 | 0x7800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.76 |
| .rdata | 0x6dd0a000 | 0xc2c | 0xe00 | 0x7a00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ | 5.2 |
| .bss | 0x6dd0b000 | 0xda4 | 0x0 | 0x0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
| .edata | 0x6dd0c000 | 0x14f | 0x200 | 0x8800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ | 3.46 |
| .idata | 0x6dd0d000 | 0xae4 | 0xc00 | 0x8a00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 4.65 |
| .CRT | 0x6dd0e000 | 0x2c | 0x200 | 0x9600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.2 |
| .tls | 0x6dd0f000 | 0x20 | 0x200 | 0x9800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.27 |
| .rsrc | 0x6dd10000 | 0x370 | 0x400 | 0x9a00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 3.02 |
| .reloc | 0x6dd11000 | 0x540 | 0x600 | 0x9e00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 6.09 |
Imports (5)
»
libglib-2.0-0.dll (28)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| g_ascii_strcasecmp | - | 0x6dd0d1e8 | 0xd078 | 0x8a78 | 0x18 |
| g_file_test_utf8 | - | 0x6dd0d1ec | 0xd07c | 0x8a7c | 0x16e |
| g_filename_display_name | - | 0x6dd0d1f0 | 0xd080 | 0x8a80 | 0x170 |
| g_free | - | 0x6dd0d1f4 | 0xd084 | 0x8a84 | 0x180 |
| g_getenv_utf8 | - | 0x6dd0d1f8 | 0xd088 | 0x8a88 | 0x1a1 |
| g_locale_from_utf8 | - | 0x6dd0d1fc | 0xd08c | 0x8a8c | 0x272 |
| g_locale_to_utf8 | - | 0x6dd0d200 | 0xd090 | 0x8a90 | 0x273 |
| g_malloc | - | 0x6dd0d204 | 0xd094 | 0x8a94 | 0x2a2 |
| g_open | - | 0x6dd0d208 | 0xd098 | 0x8a98 | 0x30d |
| g_parse_debug_string | - | 0x6dd0d20c | 0xd09c | 0x8a9c | 0x329 |
| g_path_get_dirname | - | 0x6dd0d210 | 0xd0a0 | 0x8aa0 | 0x32b |
| g_private_get | - | 0x6dd0d214 | 0xd0a4 | 0x8aa4 | 0x33d |
| g_private_replace | - | 0x6dd0d218 | 0xd0a8 | 0x8aa8 | 0x33f |
| g_rec_mutex_lock | - | 0x6dd0d21c | 0xd0ac | 0x8aac | 0x397 |
| g_rec_mutex_unlock | - | 0x6dd0d220 | 0xd0b0 | 0x8ab0 | 0x399 |
| g_return_if_fail_warning | - | 0x6dd0d224 | 0xd0b4 | 0x8ab4 | 0x3c0 |
| g_scanner_destroy | - | 0x6dd0d228 | 0xd0b8 | 0x8ab8 | 0x3ce |
| g_scanner_eof | - | 0x6dd0d22c | 0xd0bc | 0x8abc | 0x3cf |
| g_scanner_get_next_token | - | 0x6dd0d230 | 0xd0c0 | 0x8ac0 | 0x3d1 |
| g_scanner_input_file | - | 0x6dd0d234 | 0xd0c4 | 0x8ac4 | 0x3d2 |
| g_scanner_new | - | 0x6dd0d238 | 0xd0c8 | 0x8ac8 | 0x3d5 |
| g_scanner_scope_add_symbol | - | 0x6dd0d23c | 0xd0cc | 0x8acc | 0x3d7 |
| g_strconcat | - | 0x6dd0d240 | 0xd0d0 | 0x8ad0 | 0x48b |
| g_strdup | - | 0x6dd0d244 | 0xd0d4 | 0x8ad4 | 0x48e |
| g_strdup_printf | - | 0x6dd0d248 | 0xd0d8 | 0x8ad8 | 0x48f |
| g_strdup_vprintf | - | 0x6dd0d24c | 0xd0dc | 0x8adc | 0x490 |
| g_utf8_to_utf16 | - | 0x6dd0d250 | 0xd0e0 | 0x8ae0 | 0x5a2 |
| g_win32_error_message | - | 0x6dd0d254 | 0xd0e4 | 0x8ae4 | 0x657 |
libgcc_s_sjlj-1.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| __udivdi3 | - | 0x6dd0d25c | 0xd0ec | 0x8aec | 0x77 |
| __umoddi3 | - | 0x6dd0d260 | 0xd0f0 | 0x8af0 | 0x79 |
KERNEL32.dll (29)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CloseHandle | - | 0x6dd0d268 | 0xd0f8 | 0x8af8 | 0x53 |
| CreateToolhelp32Snapshot | - | 0x6dd0d26c | 0xd0fc | 0x8afc | 0xc0 |
| DeleteCriticalSection | - | 0x6dd0d270 | 0xd100 | 0x8b00 | 0xd4 |
| EnterCriticalSection | - | 0x6dd0d274 | 0xd104 | 0x8b04 | 0xef |
| FreeLibrary | - | 0x6dd0d278 | 0xd108 | 0x8b08 | 0x164 |
| GetCurrentProcess | - | 0x6dd0d27c | 0xd10c | 0x8b0c | 0x1c4 |
| GetCurrentProcessId | - | 0x6dd0d280 | 0xd110 | 0x8b10 | 0x1c5 |
| GetCurrentThreadId | - | 0x6dd0d284 | 0xd114 | 0x8b14 | 0x1c9 |
| GetLastError | - | 0x6dd0d288 | 0xd118 | 0x8b18 | 0x203 |
| GetModuleHandleA | - | 0x6dd0d28c | 0xd11c | 0x8b1c | 0x215 |
| GetProcAddress | - | 0x6dd0d290 | 0xd120 | 0x8b20 | 0x245 |
| GetSystemTimeAsFileTime | - | 0x6dd0d294 | 0xd124 | 0x8b24 | 0x27b |
| GetTickCount | - | 0x6dd0d298 | 0xd128 | 0x8b28 | 0x297 |
| InitializeCriticalSection | - | 0x6dd0d29c | 0xd12c | 0x8b2c | 0x2eb |
| IsDBCSLeadByteEx | - | 0x6dd0d2a0 | 0xd130 | 0x8b30 | 0x307 |
| LeaveCriticalSection | - | 0x6dd0d2a4 | 0xd134 | 0x8b34 | 0x326 |
| LoadLibraryW | - | 0x6dd0d2a8 | 0xd138 | 0x8b38 | 0x32c |
| Module32First | - | 0x6dd0d2ac | 0xd13c | 0x8b3c | 0x348 |
| Module32Next | - | 0x6dd0d2b0 | 0xd140 | 0x8b40 | 0x34a |
| MultiByteToWideChar | - | 0x6dd0d2b4 | 0xd144 | 0x8b44 | 0x355 |
| QueryPerformanceCounter | - | 0x6dd0d2b8 | 0xd148 | 0x8b48 | 0x393 |
| SetUnhandledExceptionFilter | - | 0x6dd0d2bc | 0xd14c | 0x8b4c | 0x467 |
| Sleep | - | 0x6dd0d2c0 | 0xd150 | 0x8b50 | 0x474 |
| TerminateProcess | - | 0x6dd0d2c4 | 0xd154 | 0x8b54 | 0x482 |
| TlsGetValue | - | 0x6dd0d2c8 | 0xd158 | 0x8b58 | 0x489 |
| UnhandledExceptionFilter | - | 0x6dd0d2cc | 0xd15c | 0x8b5c | 0x496 |
| VirtualProtect | - | 0x6dd0d2d0 | 0xd160 | 0x8b60 | 0x4b6 |
| VirtualQuery | - | 0x6dd0d2d4 | 0xd164 | 0x8b64 | 0x4b9 |
| WideCharToMultiByte | - | 0x6dd0d2d8 | 0xd168 | 0x8b68 | 0x4da |
msvcrt.dll (27)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| __dllonexit | - | 0x6dd0d2e0 | 0xd170 | 0x8b70 | 0x38 |
| __mb_cur_max | - | 0x6dd0d2e4 | 0xd174 | 0x8b74 | 0x46 |
| _amsg_exit | - | 0x6dd0d2e8 | 0xd178 | 0x8b78 | 0x8f |
| _errno | - | 0x6dd0d2ec | 0xd17c | 0x8b7c | 0xd1 |
| _initterm | - | 0x6dd0d2f0 | 0xd180 | 0x8b80 | 0x131 |
| _iob | - | 0x6dd0d2f4 | 0xd184 | 0x8b84 | 0x135 |
| _lock | - | 0x6dd0d2f8 | 0xd188 | 0x8b88 | 0x196 |
| _onexit | - | 0x6dd0d2fc | 0xd18c | 0x8b8c | 0x233 |
| _unlock | - | 0x6dd0d300 | 0xd190 | 0x8b90 | 0x2f0 |
| calloc | - | 0x6dd0d304 | 0xd194 | 0x8b94 | 0x34e |
| fputc | - | 0x6dd0d308 | 0xd198 | 0x8b98 | 0x36a |
| free | - | 0x6dd0d30c | 0xd19c | 0x8b9c | 0x36f |
| getenv | - | 0x6dd0d310 | 0xd1a0 | 0x8ba0 | 0x37f |
| localeconv | - | 0x6dd0d314 | 0xd1a4 | 0x8ba4 | 0x3a2 |
| malloc | - | 0x6dd0d318 | 0xd1a8 | 0x8ba8 | 0x3a6 |
| memcpy | - | 0x6dd0d31c | 0xd1ac | 0x8bac | 0x3ae |
| setlocale | - | 0x6dd0d320 | 0xd1b0 | 0x8bb0 | 0x3c8 |
| strchr | - | 0x6dd0d324 | 0xd1b4 | 0x8bb4 | 0x3d5 |
| strcmp | - | 0x6dd0d328 | 0xd1b8 | 0x8bb8 | 0x3d6 |
| strerror | - | 0x6dd0d32c | 0xd1bc | 0x8bbc | 0x3db |
| strlen | - | 0x6dd0d330 | 0xd1c0 | 0x8bc0 | 0x3de |
| strncmp | - | 0x6dd0d334 | 0xd1c4 | 0x8bc4 | 0x3e1 |
| strrchr | - | 0x6dd0d338 | 0xd1c8 | 0x8bc8 | 0x3e6 |
| abort | - | 0x6dd0d33c | 0xd1cc | 0x8bcc | 0x442 |
| atoi | - | 0x6dd0d340 | 0xd1d0 | 0x8bd0 | 0x44b |
| wcslen | - | 0x6dd0d344 | 0xd1d4 | 0x8bd4 | 0x476 |
| _close | - | 0x6dd0d348 | 0xd1d8 | 0x8bd8 | 0x510 |
libiconv-2.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| InterlockedCompareExchange@12 | - | 0x6dd0d350 | 0xd1e0 | 0x8be0 | 0x0 |
Exports (10)
»
| Api name | EAT Address | Ordinal |
|---|---|---|
| g_module_build_path | 0x23d0 | 0x1 |
| g_module_close | 0x16f0 | 0x2 |
| g_module_error | 0x16d0 | 0x3 |
| g_module_make_resident | 0x1690 | 0x4 |
| g_module_name | 0x2380 | 0x5 |
| g_module_name_utf8 | 0x2330 | 0x6 |
| g_module_open | 0x22d0 | 0x7 |
| g_module_open_utf8 | 0x1a30 | 0x8 |
| g_module_supported | 0x1650 | 0x9 |
| g_module_symbol | 0x1850 | 0xa |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\is-1TRI1.tmp | Dropped File | Binary |
clean
Known to be clean.
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\libgpg-error6-0.dll (Dropped File) |
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 93.00 KB |
| MD5 |
8c72fc2d0c83e1698b0fc50775310b16
|
| SHA1 |
d8c49bb33e9239cfbd76ffcce8a95485a90a46bf
|
| SHA256 |
31a3dded0e009827e09be2b2bec6fc033cb06c147af67fbe818ea82fd5541be2
|
| SSDeep |
1536:2LUkWfOuFIGlk4dltwXg2/y8fN3SOpynIS9384xZLr0alK3TVzVf1JJKDo7wvaJT:2LVWfOuSItk3/hZS1d/04CTpVf1JJKDC
|
| ImpHash |
d0e5299753d0bd9504b301864fd4c2e1
|
PE Information
»
| Image Base | 0x646c0000 |
| Entry Point | 0x646c1400 |
| Size Of Code | 0xf800 |
| Size Of Initialized Data | 0x17000 |
| Size Of Uninitialized Data | 0xe00 |
| File Type | FileType.dll |
| Subsystem | Subsystem.windows_cui |
| Machine Type | MachineType.amd64 |
| Compile Timestamp | 2014-09-30 19:29:00+00:00 |
Version Information (12)
»
| Comments | Provided under the terms of the GNU Lesser General Public License. |
| CompanyName | g10 Code GmbH |
| FileDescription | libgpg-error - Common error codes |
| FileVersion | 12.12.2.8f3187f |
| InternalName | libgpg-error |
| LegalCopyright | Copyright © 2013 g10 Code GmbH |
| LegalTrademarks | - |
| OriginalFilename | libgpg-error.dll |
| PrivateBuild | - |
| ProductName | libgpg-error |
| ProductVersion | 1.16 |
| SpecialBuild | 2014-09-30T19:20+0000 |
Sections (12)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x646c1000 | 0xf6f0 | 0xf800 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.13 |
| .data | 0x646d1000 | 0xb0 | 0x200 | 0xfc00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.58 |
| .rdata | 0x646d2000 | 0x3520 | 0x3600 | 0xfe00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ | 5.4 |
| .pdata | 0x646d6000 | 0xd68 | 0xe00 | 0x13400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ | 4.63 |
| .xdata | 0x646d7000 | 0xad4 | 0xc00 | 0x14200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ | 3.81 |
| .bss | 0x646d8000 | 0xc30 | 0x0 | 0x0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
| .edata | 0x646d9000 | 0xaa3 | 0xc00 | 0x14e00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ | 4.71 |
| .idata | 0x646da000 | 0xcd4 | 0xe00 | 0x15a00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 4.14 |
| .CRT | 0x646db000 | 0x58 | 0x200 | 0x16800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.2 |
| .tls | 0x646dc000 | 0x68 | 0x200 | 0x16a00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.27 |
| .rsrc | 0x646dd000 | 0x46c | 0x600 | 0x16c00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 2.74 |
| .reloc | 0x646de000 | 0x70 | 0x200 | 0x17200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 1.23 |
Imports (3)
»
KERNEL32.dll (40)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CloseHandle | - | 0x646da340 | 0x1a050 | 0x15a50 | 0x55 |
| CreateDirectoryA | - | 0x646da348 | 0x1a058 | 0x15a58 | 0x80 |
| CreateFileA | - | 0x646da350 | 0x1a060 | 0x15a60 | 0x8d |
| DeleteCriticalSection | - | 0x646da358 | 0x1a068 | 0x15a68 | 0xd8 |
| EnterCriticalSection | - | 0x646da360 | 0x1a070 | 0x15a70 | 0xf8 |
| GetCurrentProcess | - | 0x646da368 | 0x1a078 | 0x15a78 | 0x1cd |
| GetCurrentProcessId | - | 0x646da370 | 0x1a080 | 0x15a80 | 0x1ce |
| GetCurrentThreadId | - | 0x646da378 | 0x1a088 | 0x15a88 | 0x1d2 |
| GetFileSize | - | 0x646da380 | 0x1a090 | 0x15a90 | 0x1ff |
| GetLastError | - | 0x646da388 | 0x1a098 | 0x15a98 | 0x210 |
| GetModuleFileNameW | - | 0x646da390 | 0x1a0a0 | 0x15aa0 | 0x223 |
| GetSystemTimeAsFileTime | - | 0x646da398 | 0x1a0a8 | 0x15aa8 | 0x28a |
| GetTempPathA | - | 0x646da3a0 | 0x1a0b0 | 0x15ab0 | 0x296 |
| GetThreadLocale | - | 0x646da3a8 | 0x1a0b8 | 0x15ab8 | 0x29e |
| GetTickCount | - | 0x646da3b0 | 0x1a0c0 | 0x15ac0 | 0x2a5 |
| InitializeCriticalSection | - | 0x646da3b8 | 0x1a0c8 | 0x15ac8 | 0x2f9 |
| LeaveCriticalSection | - | 0x646da3c0 | 0x1a0d0 | 0x15ad0 | 0x34b |
| LocalAlloc | - | 0x646da3c8 | 0x1a0d8 | 0x15ad8 | 0x357 |
| LocalFree | - | 0x646da3d0 | 0x1a0e0 | 0x15ae0 | 0x35b |
| MultiByteToWideChar | - | 0x646da3d8 | 0x1a0e8 | 0x15ae8 | 0x37a |
| QueryPerformanceCounter | - | 0x646da3e0 | 0x1a0f0 | 0x15af0 | 0x3bb |
| ReadFile | - | 0x646da3e8 | 0x1a0f8 | 0x15af8 | 0x3d5 |
| RtlAddFunctionTable | - | 0x646da3f0 | 0x1a100 | 0x15b00 | 0x401 |
| RtlCaptureContext | - | 0x646da3f8 | 0x1a108 | 0x15b08 | 0x402 |
| RtlLookupFunctionEntry | - | 0x646da400 | 0x1a110 | 0x15b10 | 0x409 |
| RtlVirtualUnwind | - | 0x646da408 | 0x1a118 | 0x15b18 | 0x410 |
| SetFilePointerEx | - | 0x646da410 | 0x1a120 | 0x15b20 | 0x461 |
| SetUnhandledExceptionFilter | - | 0x646da418 | 0x1a128 | 0x15b28 | 0x49f |
| Sleep | - | 0x646da420 | 0x1a130 | 0x15b30 | 0x4ac |
| TerminateProcess | - | 0x646da428 | 0x1a138 | 0x15b38 | 0x4ba |
| TlsAlloc | - | 0x646da430 | 0x1a140 | 0x15b40 | 0x4bf |
| TlsFree | - | 0x646da438 | 0x1a148 | 0x15b48 | 0x4c0 |
| TlsGetValue | - | 0x646da440 | 0x1a150 | 0x15b50 | 0x4c1 |
| TlsSetValue | - | 0x646da448 | 0x1a158 | 0x15b58 | 0x4c2 |
| TryEnterCriticalSection | - | 0x646da450 | 0x1a160 | 0x15b60 | 0x4c8 |
| UnhandledExceptionFilter | - | 0x646da458 | 0x1a168 | 0x15b68 | 0x4ce |
| VirtualProtect | - | 0x646da460 | 0x1a170 | 0x15b70 | 0x4ec |
| VirtualQuery | - | 0x646da468 | 0x1a178 | 0x15b78 | 0x4ee |
| WideCharToMultiByte | - | 0x646da470 | 0x1a180 | 0x15b80 | 0x50e |
| WriteFile | - | 0x646da478 | 0x1a188 | 0x15b88 | 0x522 |
msvcrt.dll (50)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| __dllonexit | - | 0x646da488 | 0x1a198 | 0x15b98 | 0x4e |
| __iob_func | - | 0x646da490 | 0x1a1a0 | 0x15ba0 | 0x53 |
| _amsg_exit | - | 0x646da498 | 0x1a1a8 | 0x15ba8 | 0x78 |
| _errno | - | 0x646da4a0 | 0x1a1b0 | 0x15bb0 | 0xbc |
| _exit | - | 0x646da4a8 | 0x1a1b8 | 0x15bb8 | 0xc5 |
| _initterm | - | 0x646da4b0 | 0x1a1c0 | 0x15bc0 | 0x11a |
| _lock | - | 0x646da4b8 | 0x1a1c8 | 0x15bc8 | 0x17f |
| _lseeki64 | - | 0x646da4c0 | 0x1a1d0 | 0x15bd0 | 0x188 |
| _onexit | - | 0x646da4c8 | 0x1a1d8 | 0x15bd8 | 0x224 |
| _open_osfhandle | - | 0x646da4d0 | 0x1a1e0 | 0x15be0 | 0x226 |
| _unlock | - | 0x646da4d8 | 0x1a1e8 | 0x15be8 | 0x2c7 |
| _vsnprintf | - | 0x646da4e0 | 0x1a1f0 | 0x15bf0 | 0x2e4 |
| abort | - | 0x646da4e8 | 0x1a1f8 | 0x15bf8 | 0x382 |
| calloc | - | 0x646da4f0 | 0x1a200 | 0x15c00 | 0x38f |
| fclose | - | 0x646da4f8 | 0x1a208 | 0x15c08 | 0x39d |
| ferror | - | 0x646da500 | 0x1a210 | 0x15c10 | 0x39f |
| fflush | - | 0x646da508 | 0x1a218 | 0x15c18 | 0x3a0 |
| fprintf | - | 0x646da510 | 0x1a220 | 0x15c20 | 0x3ab |
| fread | - | 0x646da518 | 0x1a228 | 0x15c28 | 0x3b1 |
| free | - | 0x646da520 | 0x1a230 | 0x15c30 | 0x3b2 |
| fseek | - | 0x646da528 | 0x1a238 | 0x15c38 | 0x3b8 |
| ftell | - | 0x646da530 | 0x1a240 | 0x15c40 | 0x3ba |
| fwprintf | - | 0x646da538 | 0x1a248 | 0x15c48 | 0x3bb |
| fwrite | - | 0x646da540 | 0x1a250 | 0x15c50 | 0x3bd |
| getenv | - | 0x646da548 | 0x1a258 | 0x15c58 | 0x3c2 |
| malloc | - | 0x646da550 | 0x1a260 | 0x15c60 | 0x3ec |
| memchr | - | 0x646da558 | 0x1a268 | 0x15c68 | 0x3f2 |
| memcpy | - | 0x646da560 | 0x1a270 | 0x15c70 | 0x3f4 |
| memset | - | 0x646da568 | 0x1a278 | 0x15c78 | 0x3f7 |
| raise | - | 0x646da570 | 0x1a280 | 0x15c80 | 0x404 |
| realloc | - | 0x646da578 | 0x1a288 | 0x15c88 | 0x407 |
| signal | - | 0x646da580 | 0x1a290 | 0x15c90 | 0x411 |
| sprintf | - | 0x646da588 | 0x1a298 | 0x15c98 | 0x414 |
| strchr | - | 0x646da590 | 0x1a2a0 | 0x15ca0 | 0x41d |
| strcmp | - | 0x646da598 | 0x1a2a8 | 0x15ca8 | 0x41e |
| strcpy | - | 0x646da5a0 | 0x1a2b0 | 0x15cb0 | 0x420 |
| strcspn | - | 0x646da5a8 | 0x1a2b8 | 0x15cb8 | 0x422 |
| strerror | - | 0x646da5b0 | 0x1a2c0 | 0x15cc0 | 0x423 |
| strlen | - | 0x646da5b8 | 0x1a2c8 | 0x15cc8 | 0x426 |
| strncmp | - | 0x646da5c0 | 0x1a2d0 | 0x15cd0 | 0x429 |
| strrchr | - | 0x646da5c8 | 0x1a2d8 | 0x15cd8 | 0x42d |
| strspn | - | 0x646da5d0 | 0x1a2e0 | 0x15ce0 | 0x42e |
| vfprintf | - | 0x646da5d8 | 0x1a2e8 | 0x15ce8 | 0x448 |
| wcscpy | - | 0x646da5e0 | 0x1a2f0 | 0x15cf0 | 0x45a |
| _snwprintf | - | 0x646da5e8 | 0x1a2f8 | 0x15cf8 | 0x484 |
| _write | - | 0x646da5f0 | 0x1a300 | 0x15d00 | 0x499 |
| _read | - | 0x646da5f8 | 0x1a308 | 0x15d08 | 0x4c3 |
| _open | - | 0x646da600 | 0x1a310 | 0x15d10 | 0x4c9 |
| _fileno | - | 0x646da608 | 0x1a318 | 0x15d18 | 0x4de |
| _close | - | 0x646da610 | 0x1a320 | 0x15d20 | 0x4f2 |
USER32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| MessageBoxW | - | 0x646da620 | 0x1a330 | 0x15d30 | 0x1f0 |
Exports (99)
»
| Api name | EAT Address | Ordinal |
|---|---|---|
| _gpg_w32_bindtextdomain | 0x2b90 | 0xb |
| _gpg_w32_dgettext | 0x2f60 | 0xe |
| _gpg_w32_dngettext | 0x2f70 | 0xf |
| _gpg_w32_gettext | 0x2f50 | 0xd |
| _gpg_w32_gettext_localename | 0x2f80 | 0x10 |
| _gpg_w32_gettext_use_utf8 | 0x2ff0 | 0x11 |
| _gpg_w32_textdomain | 0x2ed0 | 0xc |
| _gpgrt_get_std_stream | 0xe7e0 | 0x2f |
| _gpgrt_getc_underflow | 0xe8f0 | 0x40 |
| _gpgrt_putc_overflow | 0xe910 | 0x42 |
| _gpgrt_set_std_fd | 0xe7d0 | 0x2e |
| gpg_err_code_from_errno | 0xe580 | 0x4 |
| gpg_err_code_from_syserror | 0xe5a0 | 0x7 |
| gpg_err_code_to_errno | 0xe590 | 0x5 |
| gpg_err_deinit | 0xe5c0 | 0x66 |
| gpg_err_init | 0x106b0 | 0x65 |
| gpg_err_set_errno | 0xe5b0 | 0x8 |
| gpg_error_check_version | 0xe5d0 | 0x13 |
| gpg_strerror | 0xe550 | 0x1 |
| gpg_strerror_r | 0xe560 | 0x2 |
| gpg_strsource | 0xe570 | 0x3 |
| gpgrt_asprintf | 0xebb0 | 0x5e |
| gpgrt_bsprintf | 0xebf0 | 0x60 |
| gpgrt_check_version | 0xe5e0 | 0x64 |
| gpgrt_clearerr | 0xe860 | 0x37 |
| gpgrt_clearerr_unlocked | 0xe870 | 0x38 |
| gpgrt_fclose | 0xe760 | 0x27 |
| gpgrt_fclose_snatch | 0xe770 | 0x28 |
| gpgrt_fdopen | 0xe6b0 | 0x1f |
| gpgrt_fdopen_nc | 0xe6c0 | 0x20 |
| gpgrt_feof | 0xe820 | 0x33 |
| gpgrt_feof_unlocked | 0xe830 | 0x34 |
| gpgrt_ferror | 0xe840 | 0x35 |
| gpgrt_ferror_unlocked | 0xe850 | 0x36 |
| gpgrt_fflush | 0xe880 | 0x39 |
| gpgrt_fgetc | 0xe8e0 | 0x3f |
| gpgrt_fgets | 0xe990 | 0x4a |
| gpgrt_fileno | 0xe790 | 0x2a |
| gpgrt_fileno_unlocked | 0xe7a0 | 0x2b |
| gpgrt_flockfile | 0xe7f0 | 0x30 |
| gpgrt_fname_get | 0xeba0 | 0x5d |
| gpgrt_fname_set | 0xeb90 | 0x5c |
| gpgrt_fopen | 0xe670 | 0x1b |
| gpgrt_fopencookie | 0xe720 | 0x26 |
| gpgrt_fopenmem | 0xe690 | 0x1d |
| gpgrt_fopenmem_init | 0xe6a0 | 0x1e |
| gpgrt_fpopen | 0xe6f0 | 0x23 |
| gpgrt_fpopen_nc | 0xe700 | 0x24 |
| gpgrt_fprintf | 0xeac0 | 0x50 |
| gpgrt_fprintf_unlocked | 0xeaf0 | 0x51 |
| gpgrt_fputc | 0xe900 | 0x41 |
| gpgrt_fputs | 0xe9a0 | 0x4b |
| gpgrt_fputs_unlocked | 0xe9b0 | 0x4c |
| gpgrt_fread | 0xe970 | 0x48 |
| gpgrt_free | 0xe9e0 | 0x4f |
| gpgrt_freopen | 0xe710 | 0x25 |
| gpgrt_fseek | 0xe890 | 0x3a |
| gpgrt_fseeko | 0xe8a0 | 0x3b |
| gpgrt_ftell | 0xe8b0 | 0x3c |
| gpgrt_ftello | 0xe8c0 | 0x3d |
| gpgrt_ftrylockfile | 0xe800 | 0x31 |
| gpgrt_funlockfile | 0xe810 | 0x32 |
| gpgrt_fwrite | 0xe980 | 0x49 |
| gpgrt_getline | 0xe9c0 | 0x4d |
| gpgrt_lock_destroy | 0xe650 | 0x17 |
| gpgrt_lock_init | 0xe610 | 0x14 |
| gpgrt_lock_lock | 0xe620 | 0x15 |
| gpgrt_lock_trylock | 0xe630 | 0x19 |
| gpgrt_lock_unlock | 0xe640 | 0x16 |
| gpgrt_mopen | 0xe680 | 0x1c |
| gpgrt_onclose | 0xe780 | 0x29 |
| gpgrt_opaque_get | 0xeb80 | 0x5b |
| gpgrt_opaque_set | 0xeb70 | 0x5a |
| gpgrt_printf | 0xea20 | 0x52 |
| gpgrt_printf_unlocked | 0xea70 | 0x53 |
| gpgrt_read | 0xe930 | 0x44 |
| gpgrt_read_line | 0xe9d0 | 0x4e |
| gpgrt_rewind | 0xe8d0 | 0x3e |
| gpgrt_set_alloc_func | 0xe600 | 0x67 |
| gpgrt_set_binary | 0xeb50 | 0x58 |
| gpgrt_set_syscall_clamp | 0xe5f0 | 0x1a |
| gpgrt_setbuf | 0xeb30 | 0x57 |
| gpgrt_setvbuf | 0xeb20 | 0x56 |
| gpgrt_snprintf | 0xec70 | 0x62 |
| gpgrt_syshd | 0xe7b0 | 0x2c |
| gpgrt_syshd_unlocked | 0xe7c0 | 0x2d |
| gpgrt_sysopen | 0xe6d0 | 0x21 |
| gpgrt_sysopen_nc | 0xe6e0 | 0x22 |
| gpgrt_tmpfile | 0xeb60 | 0x59 |
| gpgrt_ungetc | 0xe920 | 0x43 |
| gpgrt_vasprintf | 0xebe0 | 0x5f |
| gpgrt_vbsprintf | 0xec40 | 0x61 |
| gpgrt_vfprintf | 0xea00 | 0x54 |
| gpgrt_vfprintf_unlocked | 0xea10 | 0x55 |
| gpgrt_vsnprintf | 0xec90 | 0x63 |
| gpgrt_write | 0xe940 | 0x45 |
| gpgrt_write_hexstring | 0xe960 | 0x47 |
| gpgrt_write_sanitized | 0xe950 | 0x46 |
| gpgrt_yield | 0xe660 | 0x18 |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\is-8I2MC.tmp | Dropped File | Binary |
clean
Known to be clean.
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\libgthread-2.0-0.dll (Dropped File) |
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 35.50 KB |
| MD5 |
cf2571c125fa1d2ec55b9977054f380a
|
| SHA1 |
91014dd50f0eeb0d3d1faed77541c76a05b712b8
|
| SHA256 |
02b817b6db18db2dfccefdd08eed64a696e2bf326f4120ee7e93ae6aa73bccb3
|
| SSDeep |
768:bKZB2wewH8k43RncCqCbj9zAwLc0N+eD5JemQRR5Q7:bKZr5H8VmuECDGmQRR5Q7
|
| ImpHash |
043a667fc39795eac633ad95b76e1dcb
|
PE Information
»
| Image Base | 0x65c40000 |
| Entry Point | 0x65c41430 |
| Size Of Code | 0x6400 |
| Size Of Initialized Data | 0x8a00 |
| Size Of Uninitialized Data | 0xe00 |
| File Type | FileType.dll |
| Subsystem | Subsystem.windows_cui |
| Machine Type | MachineType.i386 |
| Compile Timestamp | 2016-01-29 15:46:15+00:00 |
Version Information (8)
»
| CompanyName | The GLib developer community |
| FileDescription | GThread |
| FileVersion | 2.42.0.0 |
| InternalName | libgthread-2.0-0 |
| LegalCopyright | Copyright © 1995-2011 Peter Mattis, Spencer Kimball, Josh MacDonald, Sebastian Wilhelmi and others. |
| OriginalFilename | libgthread-2.0-0.dll |
| ProductName | GLib |
| ProductVersion | 2.42.0 |
Sections (10)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x65c41000 | 0x62e4 | 0x6400 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.29 |
| .data | 0x65c48000 | 0x44 | 0x200 | 0x6800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.71 |
| .rdata | 0x65c49000 | 0xb2c | 0xc00 | 0x6a00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ | 5.28 |
| .bss | 0x65c4a000 | 0xd84 | 0x0 | 0x0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
| .edata | 0x65c4b000 | 0x85 | 0x200 | 0x7600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ | 1.58 |
| .idata | 0x65c4c000 | 0x6bc | 0x800 | 0x7800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 4.31 |
| .CRT | 0x65c4d000 | 0x2c | 0x200 | 0x8000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.2 |
| .tls | 0x65c4e000 | 0x20 | 0x200 | 0x8200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.27 |
| .rsrc | 0x65c4f000 | 0x3e0 | 0x400 | 0x8400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 3.35 |
| .reloc | 0x65c50000 | 0x414 | 0x600 | 0x8800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 5.0 |
Imports (5)
»
libglib-2.0-0.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| g_assertion_message_expr | - | 0x65c4c160 | 0xc078 | 0x7878 | 0x28 |
| g_log | - | 0x65c4c164 | 0xc07c | 0x787c | 0x274 |
libgcc_s_sjlj-1.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| __udivdi3 | - | 0x65c4c16c | 0xc084 | 0x7884 | 0x77 |
| __umoddi3 | - | 0x65c4c170 | 0xc088 | 0x7888 | 0x79 |
KERNEL32.dll (24)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| DeleteCriticalSection | - | 0x65c4c178 | 0xc090 | 0x7890 | 0xd4 |
| EnterCriticalSection | - | 0x65c4c17c | 0xc094 | 0x7894 | 0xef |
| GetCurrentProcess | - | 0x65c4c180 | 0xc098 | 0x7898 | 0x1c4 |
| GetCurrentProcessId | - | 0x65c4c184 | 0xc09c | 0x789c | 0x1c5 |
| GetCurrentThreadId | - | 0x65c4c188 | 0xc0a0 | 0x78a0 | 0x1c9 |
| GetLastError | - | 0x65c4c18c | 0xc0a4 | 0x78a4 | 0x203 |
| GetModuleHandleA | - | 0x65c4c190 | 0xc0a8 | 0x78a8 | 0x215 |
| GetProcAddress | - | 0x65c4c194 | 0xc0ac | 0x78ac | 0x245 |
| GetSystemTimeAsFileTime | - | 0x65c4c198 | 0xc0b0 | 0x78b0 | 0x27b |
| GetTickCount | - | 0x65c4c19c | 0xc0b4 | 0x78b4 | 0x297 |
| InitializeCriticalSection | - | 0x65c4c1a0 | 0xc0b8 | 0x78b8 | 0x2eb |
| IsDBCSLeadByteEx | - | 0x65c4c1a4 | 0xc0bc | 0x78bc | 0x307 |
| LeaveCriticalSection | - | 0x65c4c1a8 | 0xc0c0 | 0x78c0 | 0x326 |
| LoadLibraryW | - | 0x65c4c1ac | 0xc0c4 | 0x78c4 | 0x32c |
| MultiByteToWideChar | - | 0x65c4c1b0 | 0xc0c8 | 0x78c8 | 0x355 |
| QueryPerformanceCounter | - | 0x65c4c1b4 | 0xc0cc | 0x78cc | 0x393 |
| SetUnhandledExceptionFilter | - | 0x65c4c1b8 | 0xc0d0 | 0x78d0 | 0x467 |
| Sleep | - | 0x65c4c1bc | 0xc0d4 | 0x78d4 | 0x474 |
| TerminateProcess | - | 0x65c4c1c0 | 0xc0d8 | 0x78d8 | 0x482 |
| TlsGetValue | - | 0x65c4c1c4 | 0xc0dc | 0x78dc | 0x489 |
| UnhandledExceptionFilter | - | 0x65c4c1c8 | 0xc0e0 | 0x78e0 | 0x496 |
| VirtualProtect | - | 0x65c4c1cc | 0xc0e4 | 0x78e4 | 0x4b6 |
| VirtualQuery | - | 0x65c4c1d0 | 0xc0e8 | 0x78e8 | 0x4b9 |
| WideCharToMultiByte | - | 0x65c4c1d4 | 0xc0ec | 0x78ec | 0x4da |
msvcrt.dll (24)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| __dllonexit | - | 0x65c4c1dc | 0xc0f4 | 0x78f4 | 0x38 |
| __mb_cur_max | - | 0x65c4c1e0 | 0xc0f8 | 0x78f8 | 0x46 |
| _amsg_exit | - | 0x65c4c1e4 | 0xc0fc | 0x78fc | 0x8f |
| _errno | - | 0x65c4c1e8 | 0xc100 | 0x7900 | 0xd1 |
| _initterm | - | 0x65c4c1ec | 0xc104 | 0x7904 | 0x131 |
| _iob | - | 0x65c4c1f0 | 0xc108 | 0x7908 | 0x135 |
| _lock | - | 0x65c4c1f4 | 0xc10c | 0x790c | 0x196 |
| _onexit | - | 0x65c4c1f8 | 0xc110 | 0x7910 | 0x233 |
| _unlock | - | 0x65c4c1fc | 0xc114 | 0x7914 | 0x2f0 |
| calloc | - | 0x65c4c200 | 0xc118 | 0x7918 | 0x34e |
| fputc | - | 0x65c4c204 | 0xc11c | 0x791c | 0x36a |
| free | - | 0x65c4c208 | 0xc120 | 0x7920 | 0x36f |
| getenv | - | 0x65c4c20c | 0xc124 | 0x7924 | 0x37f |
| localeconv | - | 0x65c4c210 | 0xc128 | 0x7928 | 0x3a2 |
| malloc | - | 0x65c4c214 | 0xc12c | 0x792c | 0x3a6 |
| memcpy | - | 0x65c4c218 | 0xc130 | 0x7930 | 0x3ae |
| setlocale | - | 0x65c4c21c | 0xc134 | 0x7934 | 0x3c8 |
| strchr | - | 0x65c4c220 | 0xc138 | 0x7938 | 0x3d5 |
| strerror | - | 0x65c4c224 | 0xc13c | 0x793c | 0x3db |
| strlen | - | 0x65c4c228 | 0xc140 | 0x7940 | 0x3de |
| strncmp | - | 0x65c4c22c | 0xc144 | 0x7944 | 0x3e1 |
| abort | - | 0x65c4c230 | 0xc148 | 0x7948 | 0x442 |
| atoi | - | 0x65c4c234 | 0xc14c | 0x794c | 0x44b |
| wcslen | - | 0x65c4c238 | 0xc150 | 0x7950 | 0x476 |
libiconv-2.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| InterlockedCompareExchange@12 | - | 0x65c4c240 | 0xc158 | 0x7958 | 0x0 |
Exports (2)
»
| Api name | EAT Address | Ordinal |
|---|---|---|
| g_thread_init | 0x14e0 | 0x1 |
| g_thread_init_with_errorcheck_mutexes | 0x1510 | 0x2 |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\is-VEM58.tmp | Dropped File | Binary |
clean
Known to be clean.
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\libintl-8.dll (Dropped File) |
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 117.94 KB |
| MD5 |
082a8171c726e58c1618da3781ab7833
|
| SHA1 |
5d74e7f8f5e14c1a70331a03456c68bb33ac17e2
|
| SHA256 |
ae1a1179289d1ab3b406f4bb347284464123c51be50c1bcf38f2b5dd691e065c
|
| SSDeep |
3072:nPE0Yx2cwD/Dtixvr6FkTwCD4N8FBKd8UR:sMzD/amFE4NQKd8UR
|
| ImpHash |
4ad7e3b82867330a065d5f9f869aa9cf
|
PE Information
»
| Image Base | 0x61cc0000 |
| Entry Point | 0x61cc1400 |
| Size Of Code | 0x11000 |
| Size Of Initialized Data | 0xb200 |
| Size Of Uninitialized Data | 0xe00 |
| File Type | FileType.dll |
| Subsystem | Subsystem.windows_cui |
| Machine Type | MachineType.amd64 |
| Compile Timestamp | 2058-03-16 06:57:36+00:00 |
Version Information (10)
»
| Comments | This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA |
| CompanyName | Free Software Foundation |
| FileDescription | LGPLed libintl for Windows NT/2000/XP/Vista/7 and Windows 95/98/ME |
| FileVersion | 0.18.1 |
| InternalName | intl.dll |
| LegalCopyright | Copyright (C) 1995-2010 |
| LegalTrademarks | - |
| OriginalFilename | intl.dll |
| ProductName | libintl: accessing NLS message catalogs |
| ProductVersion | 0.18.1 |
Sections (14)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x61cc1000 | 0x10e60 | 0x11000 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.2 |
| .data | 0x61cd2000 | 0x510 | 0x600 | 0x11400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 1.1 |
| .rdata | 0x61cd3000 | 0x6880 | 0x6a00 | 0x11a00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ | 5.13 |
| /4 | 0x61cda000 | 0x35 | 0x200 | 0x18400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ | 0.55 |
| .pdata | 0x61cdb000 | 0x7e0 | 0x800 | 0x18600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ | 4.74 |
| .xdata | 0x61cdc000 | 0x794 | 0x800 | 0x18e00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ | 4.15 |
| .bss | 0x61cdd000 | 0xcd0 | 0x0 | 0x0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
| .edata | 0x61cde000 | 0xa83 | 0xc00 | 0x19600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ | 4.76 |
| .idata | 0x61cdf000 | 0xe78 | 0x1000 | 0x1a200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 4.2 |
| .CRT | 0x61ce0000 | 0x58 | 0x200 | 0x1b200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.17 |
| .tls | 0x61ce1000 | 0x68 | 0x200 | 0x1b400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.26 |
| .rsrc | 0x61ce2000 | 0x6c8 | 0x800 | 0x1b600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 3.02 |
| .reloc | 0x61ce3000 | 0x7c4 | 0x800 | 0x1be00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 5.33 |
| /14 | 0x61ce4000 | 0x18 | 0x200 | 0x1c600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.44 |
Imports (3)
»
ADVAPI32.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| RegCloseKey | - | 0x61cdf3a0 | 0x1f050 | 0x1a250 | 0x230 |
| RegOpenKeyExA | - | 0x61cdf3a8 | 0x1f058 | 0x1a258 | 0x260 |
| RegQueryValueExA | - | 0x61cdf3b0 | 0x1f060 | 0x1a260 | 0x26d |
KERNEL32.dll (40)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CloseHandle | - | 0x61cdf3c0 | 0x1f070 | 0x1a270 | 0x55 |
| CreateEventA | - | 0x61cdf3c8 | 0x1f078 | 0x1a278 | 0x86 |
| DeleteCriticalSection | - | 0x61cdf3d0 | 0x1f080 | 0x1a280 | 0xd8 |
| EnterCriticalSection | - | 0x61cdf3d8 | 0x1f088 | 0x1a288 | 0xf8 |
| EnumResourceLanguagesA | - | 0x61cdf3e0 | 0x1f090 | 0x1a290 | 0x106 |
| FreeLibrary | - | 0x61cdf3e8 | 0x1f098 | 0x1a298 | 0x16e |
| GetACP | - | 0x61cdf3f0 | 0x1f0a0 | 0x1a2a0 | 0x174 |
| GetCPInfo | - | 0x61cdf3f8 | 0x1f0a8 | 0x1a2a8 | 0x17f |
| GetCurrentProcess | - | 0x61cdf400 | 0x1f0b0 | 0x1a2b0 | 0x1cd |
| GetCurrentProcessId | - | 0x61cdf408 | 0x1f0b8 | 0x1a2b8 | 0x1ce |
| GetCurrentThreadId | - | 0x61cdf410 | 0x1f0c0 | 0x1a2c0 | 0x1d2 |
| GetLastError | - | 0x61cdf418 | 0x1f0c8 | 0x1a2c8 | 0x210 |
| GetLocaleInfoA | - | 0x61cdf420 | 0x1f0d0 | 0x1a2d0 | 0x213 |
| GetModuleFileNameA | - | 0x61cdf428 | 0x1f0d8 | 0x1a2d8 | 0x222 |
| GetModuleHandleA | - | 0x61cdf430 | 0x1f0e0 | 0x1a2e0 | 0x224 |
| GetProcAddress | - | 0x61cdf438 | 0x1f0e8 | 0x1a2e8 | 0x256 |
| GetSystemTimeAsFileTime | - | 0x61cdf440 | 0x1f0f0 | 0x1a2f0 | 0x28a |
| GetThreadLocale | - | 0x61cdf448 | 0x1f0f8 | 0x1a2f8 | 0x29e |
| GetTickCount | - | 0x61cdf450 | 0x1f100 | 0x1a300 | 0x2a5 |
| InitializeCriticalSection | - | 0x61cdf458 | 0x1f108 | 0x1a308 | 0x2f9 |
| IsDBCSLeadByteEx | - | 0x61cdf460 | 0x1f110 | 0x1a310 | 0x310 |
| IsValidCodePage | - | 0x61cdf468 | 0x1f118 | 0x1a318 | 0x31b |
| LeaveCriticalSection | - | 0x61cdf470 | 0x1f120 | 0x1a320 | 0x34b |
| LoadLibraryA | - | 0x61cdf478 | 0x1f128 | 0x1a328 | 0x34e |
| MultiByteToWideChar | - | 0x61cdf480 | 0x1f130 | 0x1a330 | 0x37a |
| QueryPerformanceCounter | - | 0x61cdf488 | 0x1f138 | 0x1a338 | 0x3bb |
| RtlAddFunctionTable | - | 0x61cdf490 | 0x1f140 | 0x1a340 | 0x401 |
| RtlCaptureContext | - | 0x61cdf498 | 0x1f148 | 0x1a348 | 0x402 |
| RtlLookupFunctionEntry | - | 0x61cdf4a0 | 0x1f150 | 0x1a350 | 0x409 |
| RtlVirtualUnwind | - | 0x61cdf4a8 | 0x1f158 | 0x1a358 | 0x410 |
| SetEvent | - | 0x61cdf4b0 | 0x1f160 | 0x1a360 | 0x453 |
| SetUnhandledExceptionFilter | - | 0x61cdf4b8 | 0x1f168 | 0x1a368 | 0x49f |
| Sleep | - | 0x61cdf4c0 | 0x1f170 | 0x1a370 | 0x4ac |
| TerminateProcess | - | 0x61cdf4c8 | 0x1f178 | 0x1a378 | 0x4ba |
| TlsGetValue | - | 0x61cdf4d0 | 0x1f180 | 0x1a380 | 0x4c1 |
| UnhandledExceptionFilter | - | 0x61cdf4d8 | 0x1f188 | 0x1a388 | 0x4ce |
| VirtualProtect | - | 0x61cdf4e0 | 0x1f190 | 0x1a390 | 0x4ec |
| VirtualQuery | - | 0x61cdf4e8 | 0x1f198 | 0x1a398 | 0x4ee |
| WaitForSingleObject | - | 0x61cdf4f0 | 0x1f1a0 | 0x1a3a0 | 0x4f6 |
| WideCharToMultiByte | - | 0x61cdf4f8 | 0x1f1a8 | 0x1a3a8 | 0x50e |
msvcrt.dll (60)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| ___lc_codepage_func | - | 0x61cdf508 | 0x1f1b8 | 0x1a3b8 | 0x3f |
| __dllonexit | - | 0x61cdf510 | 0x1f1c0 | 0x1a3c0 | 0x4e |
| __iob_func | - | 0x61cdf518 | 0x1f1c8 | 0x1a3c8 | 0x53 |
| __mb_cur_max | - | 0x61cdf520 | 0x1f1d0 | 0x1a3d0 | 0x5b |
| _amsg_exit | - | 0x61cdf528 | 0x1f1d8 | 0x1a3d8 | 0x78 |
| _errno | - | 0x61cdf530 | 0x1f1e0 | 0x1a3e0 | 0xbc |
| _fstat64 | - | 0x61cdf538 | 0x1f1e8 | 0x1a3e8 | 0xea |
| _initterm | - | 0x61cdf540 | 0x1f1f0 | 0x1a3f0 | 0x11c |
| _lock | - | 0x61cdf548 | 0x1f1f8 | 0x1a3f8 | 0x182 |
| _onexit | - | 0x61cdf550 | 0x1f200 | 0x1a400 | 0x227 |
| _stricmp | - | 0x61cdf558 | 0x1f208 | 0x1a408 | 0x288 |
| _strnicmp | - | 0x61cdf560 | 0x1f210 | 0x1a410 | 0x292 |
| _unlock | - | 0x61cdf568 | 0x1f218 | 0x1a418 | 0x2c9 |
| _vsnprintf | - | 0x61cdf570 | 0x1f220 | 0x1a420 | 0x2e6 |
| _vsnwprintf | - | 0x61cdf578 | 0x1f228 | 0x1a428 | 0x2ec |
| abort | - | 0x61cdf580 | 0x1f230 | 0x1a430 | 0x385 |
| atoi | - | 0x61cdf588 | 0x1f238 | 0x1a438 | 0x38e |
| bsearch | - | 0x61cdf590 | 0x1f240 | 0x1a440 | 0x390 |
| calloc | - | 0x61cdf598 | 0x1f248 | 0x1a448 | 0x392 |
| fclose | - | 0x61cdf5a0 | 0x1f250 | 0x1a450 | 0x3a0 |
| feof | - | 0x61cdf5a8 | 0x1f258 | 0x1a458 | 0x3a1 |
| fgets | - | 0x61cdf5b0 | 0x1f260 | 0x1a460 | 0x3a6 |
| fopen | - | 0x61cdf5b8 | 0x1f268 | 0x1a468 | 0x3ac |
| fputwc | - | 0x61cdf5c0 | 0x1f270 | 0x1a470 | 0x3b2 |
| free | - | 0x61cdf5c8 | 0x1f278 | 0x1a478 | 0x3b5 |
| fwrite | - | 0x61cdf5d0 | 0x1f280 | 0x1a480 | 0x3c0 |
| getenv | - | 0x61cdf5d8 | 0x1f288 | 0x1a488 | 0x3c5 |
| isalnum | - | 0x61cdf5e0 | 0x1f290 | 0x1a490 | 0x3cc |
| isalpha | - | 0x61cdf5e8 | 0x1f298 | 0x1a498 | 0x3cd |
| isspace | - | 0x61cdf5f0 | 0x1f2a0 | 0x1a4a0 | 0x3d5 |
| malloc | - | 0x61cdf5f8 | 0x1f2a8 | 0x1a4a8 | 0x3ee |
| memcpy | - | 0x61cdf600 | 0x1f2b0 | 0x1a4b0 | 0x3f6 |
| memmove | - | 0x61cdf608 | 0x1f2b8 | 0x1a4b8 | 0x3f7 |
| memset | - | 0x61cdf610 | 0x1f2c0 | 0x1a4c0 | 0x3f9 |
| putc | - | 0x61cdf618 | 0x1f2c8 | 0x1a4c8 | 0x3ff |
| qsort | - | 0x61cdf620 | 0x1f2d0 | 0x1a4d0 | 0x404 |
| realloc | - | 0x61cdf628 | 0x1f2d8 | 0x1a4d8 | 0x408 |
| setlocale | - | 0x61cdf630 | 0x1f2e0 | 0x1a4e0 | 0x410 |
| signal | - | 0x61cdf638 | 0x1f2e8 | 0x1a4e8 | 0x412 |
| sprintf | - | 0x61cdf640 | 0x1f2f0 | 0x1a4f0 | 0x415 |
| strchr | - | 0x61cdf648 | 0x1f2f8 | 0x1a4f8 | 0x41d |
| strcmp | - | 0x61cdf650 | 0x1f300 | 0x1a500 | 0x41e |
| strcpy | - | 0x61cdf658 | 0x1f308 | 0x1a508 | 0x420 |
| strcspn | - | 0x61cdf660 | 0x1f310 | 0x1a510 | 0x422 |
| strlen | - | 0x61cdf668 | 0x1f318 | 0x1a518 | 0x425 |
| strncmp | - | 0x61cdf670 | 0x1f320 | 0x1a520 | 0x428 |
| strncpy | - | 0x61cdf678 | 0x1f328 | 0x1a528 | 0x429 |
| strstr | - | 0x61cdf680 | 0x1f330 | 0x1a530 | 0x42e |
| strtoul | - | 0x61cdf688 | 0x1f338 | 0x1a538 | 0x433 |
| tolower | - | 0x61cdf690 | 0x1f340 | 0x1a540 | 0x441 |
| vfprintf | - | 0x61cdf698 | 0x1f348 | 0x1a548 | 0x447 |
| vfwprintf | - | 0x61cdf6a0 | 0x1f350 | 0x1a550 | 0x449 |
| vsprintf | - | 0x61cdf6a8 | 0x1f358 | 0x1a558 | 0x44c |
| wcschr | - | 0x61cdf6b0 | 0x1f360 | 0x1a560 | 0x454 |
| wcslen | - | 0x61cdf6b8 | 0x1f368 | 0x1a568 | 0x45b |
| _strdup | - | 0x61cdf6c0 | 0x1f370 | 0x1a570 | 0x4b2 |
| _read | - | 0x61cdf6c8 | 0x1f378 | 0x1a578 | 0x4c1 |
| _open | - | 0x61cdf6d0 | 0x1f380 | 0x1a580 | 0x4c7 |
| _getcwd | - | 0x61cdf6d8 | 0x1f388 | 0x1a588 | 0x4d6 |
| _close | - | 0x61cdf6e0 | 0x1f390 | 0x1a590 | 0x4f0 |
Exports (85)
»
| Api name | EAT Address | Ordinal |
|---|---|---|
| _nl_expand_alias | 0x3200 | 0x1 |
| _nl_explode_name | 0x3b90 | 0x2 |
| _nl_find_domain | 0x1880 | 0x3 |
| _nl_find_msg | 0x3fe0 | 0x4 |
| _nl_language_preferences_default | 0x6670 | 0x5 |
| _nl_load_domain | 0x1b80 | 0x6 |
| _nl_locale_name | 0x81f0 | 0x7 |
| _nl_locale_name_canonicalize | 0x69f0 | 0x8 |
| _nl_locale_name_default | 0x81d0 | 0x9 |
| _nl_locale_name_environ | 0x8160 | 0xa |
| _nl_locale_name_from_win32_LANGID | 0x6a60 | 0xb |
| _nl_locale_name_from_win32_LCID | 0x8130 | 0xc |
| _nl_locale_name_posix | 0x81c0 | 0xd |
| _nl_locale_name_thread | 0x8150 | 0xe |
| _nl_locale_name_thread_unsafe | 0x8140 | 0xf |
| _nl_log_untranslated | 0x82f0 | 0x10 |
| _nl_make_l10nflist | 0x3430 | 0x11 |
| _nl_msg_cat_cntr | 0x1dc80 | 0x12 |
| _nl_normalize_codeset | 0x3a40 | 0x13 |
| _nl_state_lock | 0x12140 | 0x14 |
| bind_textdomain_codeset | 0xe130 | 0x15 |
| bindtextdomain | 0xe120 | 0x16 |
| dcgettext | 0xe0d0 | 0x17 |
| dcngettext | 0xe100 | 0x18 |
| dgettext | 0xe0c0 | 0x19 |
| dngettext | 0xe0f0 | 0x1a |
| gettext | 0xe0b0 | 0x1b |
| libintl_asprintf | 0xafe0 | 0x1c |
| libintl_bind_textdomain_codeset | 0x17e0 | 0x1d |
| libintl_bindtextdomain | 0x1780 | 0x1e |
| libintl_dcgettext | 0x1830 | 0x1f |
| libintl_dcigettext | 0x47a0 | 0x20 |
| libintl_dcngettext | 0x4eb0 | 0x21 |
| libintl_dgettext | 0x1860 | 0x22 |
| libintl_dngettext | 0x4ee0 | 0x23 |
| libintl_fprintf | 0xad20 | 0x24 |
| libintl_fwprintf | 0xd7e0 | 0x25 |
| libintl_gettext | 0x1870 | 0x26 |
| libintl_gettext_extract_plural | 0x5710 | 0x27 |
| libintl_gettext_free_exp | 0x4f30 | 0x28 |
| libintl_gettext_germanic_plural | 0x12240 | 0x29 |
| libintl_gettextparse | 0x50b0 | 0x2a |
| libintl_hash_string | 0x1b50 | 0x2b |
| libintl_lock_destroy_func | 0x5a60 | 0x2c |
| libintl_lock_init_func | 0x59a0 | 0x2d |
| libintl_lock_lock_func | 0x59c0 | 0x2e |
| libintl_lock_unlock_func | 0x5a30 | 0x2f |
| libintl_ngettext | 0x4f00 | 0x30 |
| libintl_nl_current_default_domain | 0x121a8 | 0x31 |
| libintl_nl_default_default_domain | 0x13194 | 0x32 |
| libintl_nl_default_dirname | 0x13160 | 0x33 |
| libintl_nl_domain_bindings | 0x1dc88 | 0x34 |
| libintl_once_func | 0x6100 | 0x35 |
| libintl_printf | 0xad80 | 0x36 |
| libintl_recursive_lock_destroy_func | 0x60c0 | 0x37 |
| libintl_recursive_lock_init_func | 0x5f70 | 0x38 |
| libintl_recursive_lock_lock_func | 0x5fa0 | 0x39 |
| libintl_recursive_lock_unlock_func | 0x6060 | 0x3a |
| libintl_relocate | 0x6340 | 0x3b |
| libintl_rwlock_destroy_func | 0x5ef0 | 0x3c |
| libintl_rwlock_init_func | 0x5aa0 | 0x3d |
| libintl_rwlock_rdlock_func | 0x5b00 | 0x3e |
| libintl_rwlock_unlock_func | 0x5dd0 | 0x3f |
| libintl_rwlock_wrlock_func | 0x5c70 | 0x40 |
| libintl_set_relocation_prefix | 0x6280 | 0x41 |
| libintl_setlocale | 0xde80 | 0x42 |
| libintl_snprintf | 0xaf50 | 0x43 |
| libintl_sprintf | 0xae50 | 0x44 |
| libintl_swprintf | 0xd960 | 0x45 |
| libintl_textdomain | 0x3350 | 0x46 |
| libintl_vasnprintf | 0x8640 | 0x47 |
| libintl_vasnwprintf | 0xb010 | 0x48 |
| libintl_vasprintf | 0xaf70 | 0x49 |
| libintl_version | 0x122e0 | 0x4a |
| libintl_vfprintf | 0xac70 | 0x4b |
| libintl_vfwprintf | 0xd700 | 0x4c |
| libintl_vprintf | 0xad50 | 0x4d |
| libintl_vsnprintf | 0xae80 | 0x4e |
| libintl_vsprintf | 0xadb0 | 0x4f |
| libintl_vswprintf | 0xd870 | 0x50 |
| libintl_vwprintf | 0xd810 | 0x51 |
| libintl_wprintf | 0xd840 | 0x52 |
| locale_charset | 0x57f0 | 0x53 |
| ngettext | 0xe0e0 | 0x54 |
| textdomain | 0xe110 | 0x55 |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\is-RKEE0.tmp | Dropped File | Binary |
clean
Known to be clean.
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\libmongoc-1.0.dll (Dropped File) |
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 227.52 KB |
| MD5 |
a80d629d6329dc31d5cb1157d853afab
|
| SHA1 |
a2fa781452106cdf17a83e3e59c6fe50d557e62c
|
| SHA256 |
500ee04865dbb7beb9474e0c2aebd6713df4407c849ec134457c7d0ca289faf0
|
| SSDeep |
6144:VBx0S/dXV86pr06/oG5NMR2jzm1YunTcUmAe0I70s0cYJyUqQmoUjW2v4ZzuFdA:hldXVjTD/m1YunTcZAe0I70s0cYQUqoX
|
| ImpHash |
0f6ee4cfd578e6af037eba78388b8ae2
|
PE Information
»
| Image Base | 0x10000000 |
| Entry Point | 0x1001e958 |
| Size Of Code | 0x2aa00 |
| Size Of Initialized Data | 0xe800 |
| File Type | FileType.dll |
| Subsystem | Subsystem.windows_gui |
| Machine Type | MachineType.i386 |
| Compile Timestamp | 2017-07-28 23:12:40+00:00 |
Sections (4)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x10001000 | 0x2a870 | 0x2aa00 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.54 |
| .rdata | 0x1002c000 | 0x8c63 | 0x8e00 | 0x2ae00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.31 |
| .data | 0x10035000 | 0x3244 | 0x1600 | 0x33c00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 3.15 |
| .reloc | 0x10039000 | 0x241c | 0x2600 | 0x35200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 5.77 |
Imports (3)
»
libbson-1.0.dll (90)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| bson_iter_overwrite_int32 | - | 0x1002c1b4 | 0x31c90 | 0x30a90 | 0x5c |
| bson_append_oid | - | 0x1002c1b8 | 0x31c94 | 0x30a94 | 0x1d |
| bson_md5_init | - | 0x1002c1bc | 0x31c98 | 0x30a98 | 0x73 |
| bson_md5_append | - | 0x1002c1c0 | 0x31c9c | 0x30a9c | 0x71 |
| bson_md5_finish | - | 0x1002c1c4 | 0x31ca0 | 0x30aa0 | 0x72 |
| bson_utf8_validate | - | 0x1002c1c8 | 0x31ca4 | 0x30aa4 | 0xa7 |
| bson_string_append_unichar | - | 0x1002c1cc | 0x31ca8 | 0x30aa8 | 0x9b |
| bson_zero_free | - | 0x1002c1d0 | 0x31cac | 0x30aac | 0xb2 |
| bson_strndup | - | 0x1002c1d4 | 0x31cb0 | 0x30ab0 | 0xa0 |
| bson_utf8_get_char | - | 0x1002c1d8 | 0x31cb4 | 0x30ab4 | 0xa5 |
| bson_utf8_next_char | - | 0x1002c1dc | 0x31cb8 | 0x30ab8 | 0xa6 |
| bson_count_keys | - | 0x1002c1e0 | 0x31cbc | 0x30abc | 0x34 |
| bson_iter_int64 | - | 0x1002c1e4 | 0x31cc0 | 0x30ac0 | 0x56 |
| bson_iter_find_descendant | - | 0x1002c1e8 | 0x31cc4 | 0x30ac4 | 0x51 |
| bson_gettimeofday | - | 0x1002c1ec | 0x31cc8 | 0x30ac8 | 0x3e |
| bson_strdupv_printf | - | 0x1002c1f0 | 0x31ccc | 0x30acc | 0x95 |
| bson_iter_binary | - | 0x1002c1f4 | 0x31cd0 | 0x30ad0 | 0x46 |
| bson_sized_new | - | 0x1002c1f8 | 0x31cd4 | 0x30ad4 | 0x91 |
| bson_append_binary | - | 0x1002c1fc | 0x31cd8 | 0x30ad8 | 0xc |
| bson_value_destroy | - | 0x1002c200 | 0x31cdc | 0x30adc | 0xaa |
| bson_oid_init | - | 0x1002c204 | 0x31ce0 | 0x30ae0 | 0x7e |
| bson_value_copy | - | 0x1002c208 | 0x31ce4 | 0x30ae4 | 0xa9 |
| bson_iter_date_time | - | 0x1002c20c | 0x31ce8 | 0x30ae8 | 0x4a |
| bson_iter_array | - | 0x1002c210 | 0x31cec | 0x30aec | 0x43 |
| bson_append_date_time | - | 0x1002c214 | 0x31cf0 | 0x30af0 | 0x10 |
| bson_iter_value | - | 0x1002c218 | 0x31cf4 | 0x30af4 | 0x66 |
| bson_uint32_to_string | - | 0x1002c21c | 0x31cf8 | 0x30af8 | 0xa2 |
| bson_append_value | - | 0x1002c220 | 0x31cfc | 0x30afc | 0x25 |
| bson_bcon_magic | - | 0x1002c224 | 0x31d00 | 0x30b00 | 0x29 |
| bcon_new | - | 0x1002c228 | 0x31d04 | 0x30b04 | 0x8 |
| bson_string_append_c | - | 0x1002c22c | 0x31d08 | 0x30b08 | 0x99 |
| bson_string_append | - | 0x1002c230 | 0x31d0c | 0x30b0c | 0x98 |
| bson_copy_to_excluding_noinit | - | 0x1002c234 | 0x31d10 | 0x30b10 | 0x33 |
| bson_reader_read | - | 0x1002c238 | 0x31d14 | 0x30b14 | 0x89 |
| bson_reader_new_from_data | - | 0x1002c23c | 0x31d18 | 0x30b18 | 0x85 |
| bson_reader_destroy | - | 0x1002c240 | 0x31d1c | 0x30b1c | 0x84 |
| bson_has_field | - | 0x1002c244 | 0x31d20 | 0x30b20 | 0x3f |
| bson_strncpy | - | 0x1002c248 | 0x31d24 | 0x30b24 | 0x9f |
| bson_append_array_begin | - | 0x1002c24c | 0x31d28 | 0x30b28 | 0xa |
| bson_append_double | - | 0x1002c250 | 0x31d2c | 0x30b2c | 0x15 |
| bson_append_array_end | - | 0x1002c254 | 0x31d30 | 0x30b30 | 0xb |
| bson_append_array | - | 0x1002c258 | 0x31d34 | 0x30b34 | 0x9 |
| bson_reinit | - | 0x1002c25c | 0x31d38 | 0x30b38 | 0x8f |
| bson_append_bool | - | 0x1002c260 | 0x31d3c | 0x30b3c | 0xd |
| bson_append_iter | - | 0x1002c264 | 0x31d40 | 0x30b40 | 0x18 |
| bson_new | - | 0x1002c268 | 0x31d44 | 0x30b44 | 0x75 |
| bson_append_document_begin | - | 0x1002c26c | 0x31d48 | 0x30b48 | 0x13 |
| bson_append_document_end | - | 0x1002c270 | 0x31d4c | 0x30b4c | 0x14 |
| bson_string_new | - | 0x1002c274 | 0x31d50 | 0x30b50 | 0x9d |
| bson_string_append_printf | - | 0x1002c278 | 0x31d54 | 0x30b54 | 0x9a |
| bson_string_free | - | 0x1002c27c | 0x31d58 | 0x30b58 | 0x9c |
| bson_append_document | - | 0x1002c280 | 0x31d5c | 0x30b5c | 0x12 |
| bson_append_int64 | - | 0x1002c284 | 0x31d60 | 0x30b60 | 0x17 |
| bson_concat | - | 0x1002c288 | 0x31d64 | 0x30b64 | 0x2c |
| bson_iter_as_int64 | - | 0x1002c28c | 0x31d68 | 0x30b68 | 0x45 |
| bson_append_utf8 | - | 0x1002c290 | 0x31d6c | 0x30b6c | 0x24 |
| bson_iter_as_bool | - | 0x1002c294 | 0x31d70 | 0x30b70 | 0x44 |
| bson_iter_recurse | - | 0x1002c298 | 0x31d74 | 0x30b74 | 0x5e |
| bson_iter_document | - | 0x1002c29c | 0x31d78 | 0x30b78 | 0x4c |
| bson_init_static | - | 0x1002c2a0 | 0x31d7c | 0x30b7c | 0x42 |
| bson_iter_dup_utf8 | - | 0x1002c2a4 | 0x31d80 | 0x30b80 | 0x4e |
| bson_malloc | - | 0x1002c2a8 | 0x31d84 | 0x30b84 | 0x6f |
| bson_strdup_printf | - | 0x1002c2ac | 0x31d88 | 0x30b88 | 0x94 |
| bson_iter_find | - | 0x1002c2b0 | 0x31d8c | 0x30b8c | 0x4f |
| bson_copy_to | - | 0x1002c2b4 | 0x31d90 | 0x30b90 | 0x31 |
| bson_append_int32 | - | 0x1002c2b8 | 0x31d94 | 0x30b94 | 0x16 |
| bson_iter_bool | - | 0x1002c2bc | 0x31d98 | 0x30b98 | 0x47 |
| bson_get_data | - | 0x1002c2c0 | 0x31d9c | 0x30b9c | 0x39 |
| bson_copy | - | 0x1002c2c4 | 0x31da0 | 0x30ba0 | 0x30 |
| bson_destroy | - | 0x1002c2c8 | 0x31da4 | 0x30ba4 | 0x35 |
| bson_iter_double | - | 0x1002c2cc | 0x31da8 | 0x30ba8 | 0x4d |
| bson_iter_init_find | - | 0x1002c2d0 | 0x31dac | 0x30bac | 0x53 |
| bson_iter_utf8 | - | 0x1002c2d4 | 0x31db0 | 0x30bb0 | 0x65 |
| bson_iter_init_find_case | - | 0x1002c2d8 | 0x31db4 | 0x30bb4 | 0x54 |
| bson_iter_type | - | 0x1002c2dc | 0x31db8 | 0x30bb8 | 0x64 |
| bson_iter_int32 | - | 0x1002c2e0 | 0x31dbc | 0x30bbc | 0x55 |
| bson_get_monotonic_time | - | 0x1002c2e4 | 0x31dc0 | 0x30bc0 | 0x3d |
| bson_snprintf | - | 0x1002c2e8 | 0x31dc4 | 0x30bc4 | 0x92 |
| bson_strerror_r | - | 0x1002c2ec | 0x31dc8 | 0x30bc8 | 0x96 |
| bson_realloc_ctx | - | 0x1002c2f0 | 0x31dcc | 0x30bcc | 0x8e |
| bson_set_error | - | 0x1002c2f4 | 0x31dd0 | 0x30bd0 | 0x90 |
| bson_init | - | 0x1002c2f8 | 0x31dd4 | 0x30bd4 | 0x40 |
| bson_iter_init | - | 0x1002c2fc | 0x31dd8 | 0x30bd8 | 0x52 |
| bson_iter_next | - | 0x1002c300 | 0x31ddc | 0x30bdc | 0x58 |
| bson_iter_key | - | 0x1002c304 | 0x31de0 | 0x30be0 | 0x57 |
| bson_validate | - | 0x1002c308 | 0x31de4 | 0x30be4 | 0xa8 |
| bson_strdup | - | 0x1002c30c | 0x31de8 | 0x30be8 | 0x93 |
| bson_realloc | - | 0x1002c310 | 0x31dec | 0x30bec | 0x8d |
| bson_free | - | 0x1002c314 | 0x31df0 | 0x30bf0 | 0x38 |
| bson_malloc0 | - | 0x1002c318 | 0x31df4 | 0x30bf4 | 0x70 |
WS2_32.dll (23)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| WSACleanup | 0x74 | 0x1002c154 | 0x31c30 | 0x30a30 | - |
| WSAStartup | 0x73 | 0x1002c158 | 0x31c34 | 0x30a34 | - |
| ioctlsocket | 0xa | 0x1002c15c | 0x31c38 | 0x30a38 | - |
| WSAGetLastError | 0x6f | 0x1002c160 | 0x31c3c | 0x30a3c | - |
| WSAPoll | - | 0x1002c164 | 0x31c40 | 0x30a40 | 0x41 |
| setsockopt | 0x15 | 0x1002c168 | 0x31c44 | 0x30a44 | - |
| closesocket | 0x3 | 0x1002c16c | 0x31c48 | 0x30a48 | - |
| accept | 0x1 | 0x1002c170 | 0x31c4c | 0x30a4c | - |
| bind | 0x2 | 0x1002c174 | 0x31c50 | 0x30a50 | - |
| shutdown | 0x16 | 0x1002c178 | 0x31c54 | 0x30a54 | - |
| getsockopt | 0x7 | 0x1002c17c | 0x31c58 | 0x30a58 | - |
| connect | 0x4 | 0x1002c180 | 0x31c5c | 0x30a5c | - |
| listen | 0xd | 0x1002c184 | 0x31c60 | 0x30a60 | - |
| socket | 0x17 | 0x1002c188 | 0x31c64 | 0x30a64 | - |
| recv | 0x10 | 0x1002c18c | 0x31c68 | 0x30a68 | - |
| send | 0x13 | 0x1002c190 | 0x31c6c | 0x30a6c | - |
| WSASend | - | 0x1002c194 | 0x31c70 | 0x30a70 | 0x49 |
| getsockname | 0x6 | 0x1002c198 | 0x31c74 | 0x30a74 | - |
| getnameinfo | - | 0x1002c19c | 0x31c78 | 0x30a78 | 0x8d |
| getpeername | 0x5 | 0x1002c1a0 | 0x31c7c | 0x30a7c | - |
| inet_ntop | - | 0x1002c1a4 | 0x31c80 | 0x30a80 | 0x99 |
| freeaddrinfo | - | 0x1002c1a8 | 0x31c84 | 0x30a84 | 0x88 |
| getaddrinfo | - | 0x1002c1ac | 0x31c88 | 0x30a88 | 0x89 |
KERNEL32.dll (84)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SetEnvironmentVariableA | - | 0x1002c000 | 0x31adc | 0x308dc | 0x3d0 |
| CompareStringW | - | 0x1002c004 | 0x31ae0 | 0x308e0 | 0x55 |
| CompareStringA | - | 0x1002c008 | 0x31ae4 | 0x308e4 | 0x52 |
| GetLocaleInfoA | - | 0x1002c00c | 0x31ae8 | 0x308e8 | 0x1e8 |
| GetStringTypeW | - | 0x1002c010 | 0x31aec | 0x308ec | 0x240 |
| GetStringTypeA | - | 0x1002c014 | 0x31af0 | 0x308f0 | 0x23d |
| LoadLibraryA | - | 0x1002c018 | 0x31af4 | 0x308f4 | 0x2f1 |
| VirtualAlloc | - | 0x1002c01c | 0x31af8 | 0x308f8 | 0x454 |
| HeapReAlloc | - | 0x1002c020 | 0x31afc | 0x308fc | 0x2a4 |
| RtlUnwind | - | 0x1002c024 | 0x31b00 | 0x30900 | 0x392 |
| InitializeCriticalSectionAndSpinCount | - | 0x1002c028 | 0x31b04 | 0x30904 | 0x2b5 |
| GetTickCount | - | 0x1002c02c | 0x31b08 | 0x30908 | 0x266 |
| QueryPerformanceCounter | - | 0x1002c030 | 0x31b0c | 0x3090c | 0x354 |
| VirtualFree | - | 0x1002c034 | 0x31b10 | 0x30910 | 0x457 |
| HeapDestroy | - | 0x1002c038 | 0x31b14 | 0x30914 | 0x2a0 |
| HeapCreate | - | 0x1002c03c | 0x31b18 | 0x30918 | 0x29f |
| GetEnvironmentStringsW | - | 0x1002c040 | 0x31b1c | 0x3091c | 0x1c1 |
| FreeEnvironmentStringsW | - | 0x1002c044 | 0x31b20 | 0x30920 | 0x14b |
| GetEnvironmentStrings | - | 0x1002c048 | 0x31b24 | 0x30924 | 0x1bf |
| FreeEnvironmentStringsA | - | 0x1002c04c | 0x31b28 | 0x30928 | 0x14a |
| LCMapStringW | - | 0x1002c050 | 0x31b2c | 0x3092c | 0x2e3 |
| LCMapStringA | - | 0x1002c054 | 0x31b30 | 0x30930 | 0x2e1 |
| GetProcessHeap | - | 0x1002c058 | 0x31b34 | 0x30934 | 0x223 |
| SetEndOfFile | - | 0x1002c05c | 0x31b38 | 0x30938 | 0x3cd |
| WriteConsoleW | - | 0x1002c060 | 0x31b3c | 0x3093c | 0x48c |
| GetConsoleOutputCP | - | 0x1002c064 | 0x31b40 | 0x30940 | 0x199 |
| WriteConsoleA | - | 0x1002c068 | 0x31b44 | 0x30944 | 0x482 |
| SetFilePointer | - | 0x1002c06c | 0x31b48 | 0x30948 | 0x3df |
| SetStdHandle | - | 0x1002c070 | 0x31b4c | 0x3094c | 0x3fc |
| HeapAlloc | - | 0x1002c074 | 0x31b50 | 0x30950 | 0x29d |
| GetTimeZoneInformation | - | 0x1002c078 | 0x31b54 | 0x30954 | 0x26b |
| HeapSize | - | 0x1002c07c | 0x31b58 | 0x30958 | 0x2a6 |
| IsValidCodePage | - | 0x1002c080 | 0x31b5c | 0x3095c | 0x2db |
| GetOEMCP | - | 0x1002c084 | 0x31b60 | 0x30960 | 0x213 |
| GetACP | - | 0x1002c088 | 0x31b64 | 0x30964 | 0x152 |
| GetCPInfo | - | 0x1002c08c | 0x31b68 | 0x30968 | 0x15b |
| InterlockedDecrement | - | 0x1002c090 | 0x31b6c | 0x3096c | 0x2bc |
| SetLastError | - | 0x1002c094 | 0x31b70 | 0x30970 | 0x3ec |
| InterlockedIncrement | - | 0x1002c098 | 0x31b74 | 0x30974 | 0x2c0 |
| TlsFree | - | 0x1002c09c | 0x31b78 | 0x30978 | 0x433 |
| TlsSetValue | - | 0x1002c0a0 | 0x31b7c | 0x3097c | 0x435 |
| TlsAlloc | - | 0x1002c0a4 | 0x31b80 | 0x30980 | 0x432 |
| TlsGetValue | - | 0x1002c0a8 | 0x31b84 | 0x30984 | 0x434 |
| GetModuleHandleA | - | 0x1002c0ac | 0x31b88 | 0x30988 | 0x1f6 |
| GetModuleFileNameA | - | 0x1002c0b0 | 0x31b8c | 0x3098c | 0x1f4 |
| ExitProcess | - | 0x1002c0b4 | 0x31b90 | 0x30990 | 0x104 |
| GetProcAddress | - | 0x1002c0b8 | 0x31b94 | 0x30994 | 0x220 |
| GetModuleHandleW | - | 0x1002c0bc | 0x31b98 | 0x30998 | 0x1f9 |
| HeapFree | - | 0x1002c0c0 | 0x31b9c | 0x3099c | 0x2a1 |
| Sleep | - | 0x1002c0c4 | 0x31ba0 | 0x309a0 | 0x421 |
| IsDebuggerPresent | - | 0x1002c0c8 | 0x31ba4 | 0x309a4 | 0x2d1 |
| GetCurrentProcess | - | 0x1002c0cc | 0x31ba8 | 0x309a8 | 0x1a9 |
| TerminateProcess | - | 0x1002c0d0 | 0x31bac | 0x309ac | 0x42d |
| GetStartupInfoA | - | 0x1002c0d4 | 0x31bb0 | 0x309b0 | 0x239 |
| GetStdHandle | - | 0x1002c0d8 | 0x31bb4 | 0x309b4 | 0x23b |
| SetHandleCount | - | 0x1002c0dc | 0x31bb8 | 0x309b8 | 0x3e8 |
| GetCommandLineA | - | 0x1002c0e0 | 0x31bbc | 0x309bc | 0x16f |
| GetCurrentThreadId | - | 0x1002c0e4 | 0x31bc0 | 0x309c0 | 0x1ad |
| CreateFileA | - | 0x1002c0e8 | 0x31bc4 | 0x309c4 | 0x78 |
| GetFileType | - | 0x1002c0ec | 0x31bc8 | 0x309c8 | 0x1d7 |
| GetConsoleMode | - | 0x1002c0f0 | 0x31bcc | 0x309cc | 0x195 |
| GetConsoleCP | - | 0x1002c0f4 | 0x31bd0 | 0x309d0 | 0x183 |
| WideCharToMultiByte | - | 0x1002c0f8 | 0x31bd4 | 0x309d4 | 0x47a |
| WriteFile | - | 0x1002c0fc | 0x31bd8 | 0x309d8 | 0x48d |
| ReadFile | - | 0x1002c100 | 0x31bdc | 0x309dc | 0x368 |
| MultiByteToWideChar | - | 0x1002c104 | 0x31be0 | 0x309e0 | 0x31a |
| FlushFileBuffers | - | 0x1002c108 | 0x31be4 | 0x309e4 | 0x141 |
| CloseHandle | - | 0x1002c10c | 0x31be8 | 0x309e8 | 0x43 |
| GetLastError | - | 0x1002c110 | 0x31bec | 0x309ec | 0x1e6 |
| GetDateFormatA | - | 0x1002c114 | 0x31bf0 | 0x309f0 | 0x1ae |
| GetTimeFormatA | - | 0x1002c118 | 0x31bf4 | 0x309f4 | 0x268 |
| GetCurrentProcessId | - | 0x1002c11c | 0x31bf8 | 0x309f8 | 0x1aa |
| GetSystemTimeAsFileTime | - | 0x1002c120 | 0x31bfc | 0x309fc | 0x24f |
| SetUnhandledExceptionFilter | - | 0x1002c124 | 0x31c00 | 0x30a00 | 0x415 |
| UnhandledExceptionFilter | - | 0x1002c128 | 0x31c04 | 0x30a04 | 0x43e |
| InitOnceExecuteOnce | - | 0x1002c12c | 0x31c08 | 0x30a08 | 0x2b1 |
| GetSystemInfo | - | 0x1002c130 | 0x31c0c | 0x30a0c | 0x249 |
| WakeConditionVariable | - | 0x1002c134 | 0x31c10 | 0x30a10 | 0x46d |
| EnterCriticalSection | - | 0x1002c138 | 0x31c14 | 0x30a14 | 0xd9 |
| SleepConditionVariableCS | - | 0x1002c13c | 0x31c18 | 0x30a18 | 0x422 |
| LeaveCriticalSection | - | 0x1002c140 | 0x31c1c | 0x30a1c | 0x2ef |
| DeleteCriticalSection | - | 0x1002c144 | 0x31c20 | 0x30a20 | 0xbe |
| InterlockedCompareExchange64 | - | 0x1002c148 | 0x31c24 | 0x30a24 | 0x2bb |
| InitializeCriticalSection | - | 0x1002c14c | 0x31c28 | 0x30a28 | 0x2b4 |
Exports (225)
»
| Api name | EAT Address | Ordinal |
|---|---|---|
| mongoc_bulk_operation_delete | 0x13d0 | 0x1 |
| mongoc_bulk_operation_delete_one | 0x13e0 | 0x2 |
| mongoc_bulk_operation_destroy | 0x11d0 | 0x3 |
| mongoc_bulk_operation_execute | 0x1960 | 0x4 |
| mongoc_bulk_operation_insert | 0x13f0 | 0x5 |
| mongoc_bulk_operation_new | 0x1130 | 0x6 |
| mongoc_bulk_operation_remove | 0x1250 | 0x7 |
| mongoc_bulk_operation_remove_one | 0x1310 | 0x8 |
| mongoc_bulk_operation_replace_one | 0x14c0 | 0x9 |
| mongoc_bulk_operation_set_client | 0x1c00 | 0xa |
| mongoc_bulk_operation_set_collection | 0x1bb0 | 0xb |
| mongoc_bulk_operation_set_database | 0x1b60 | 0xc |
| mongoc_bulk_operation_set_hint | 0x1c40 | 0xd |
| mongoc_bulk_operation_set_write_concern | 0x1b00 | 0xe |
| mongoc_bulk_operation_update | 0x1600 | 0xf |
| mongoc_bulk_operation_update_one | 0x17b0 | 0x10 |
| mongoc_cleanup | 0xdaf0 | 0x11 |
| mongoc_client_command | 0x31c0 | 0x12 |
| mongoc_client_command_simple | 0x3280 | 0x13 |
| mongoc_client_destroy | 0x2e20 | 0x14 |
| mongoc_client_find_databases | 0x33a0 | 0x15 |
| mongoc_client_get_collection | 0x2ef0 | 0x16 |
| mongoc_client_get_database | 0x2ea0 | 0x17 |
| mongoc_client_get_database_names | 0x3640 | 0x18 |
| mongoc_client_get_gridfs | 0x2f50 | 0x19 |
| mongoc_client_get_max_bson_size | 0x34a0 | 0x1a |
| mongoc_client_get_max_message_size | 0x3470 | 0x1b |
| mongoc_client_get_read_prefs | 0x3050 | 0x1c |
| mongoc_client_get_server_status | 0x34d0 | 0x1d |
| mongoc_client_get_uri | 0x2e70 | 0x1e |
| mongoc_client_get_write_concern | 0x2fb0 | 0x1f |
| mongoc_client_kill_cursor | 0x3300 | 0x20 |
| mongoc_client_new | 0x2c60 | 0x21 |
| mongoc_client_new_from_uri | 0x2de0 | 0x22 |
| mongoc_client_pool_destroy | 0x39b0 | 0x23 |
| mongoc_client_pool_new | 0x3830 | 0x24 |
| mongoc_client_pool_pop | 0x3a40 | 0x25 |
| mongoc_client_pool_push | 0x3b50 | 0x26 |
| mongoc_client_pool_try_pop | 0x3ae0 | 0x27 |
| mongoc_client_set_read_prefs | 0x3080 | 0x28 |
| mongoc_client_set_stream_initiator | 0x35d0 | 0x29 |
| mongoc_client_set_write_concern | 0x2fe0 | 0x2a |
| mongoc_collection_aggregate | 0x9180 | 0x2b |
| mongoc_collection_command | 0x7640 | 0x2c |
| mongoc_collection_command_simple | 0x7750 | 0x2d |
| mongoc_collection_count | 0x95d0 | 0x2e |
| mongoc_collection_count_with_opts | 0x77a0 | 0x2f |
| mongoc_collection_create_bulk_operation | 0x8f00 | 0x30 |
| mongoc_collection_create_index | 0x98e0 | 0x31 |
| mongoc_collection_delete | 0x8770 | 0x32 |
| mongoc_collection_destroy | 0x74e0 | 0x33 |
| mongoc_collection_drop | 0x79d0 | 0x34 |
| mongoc_collection_drop_index | 0x7ad0 | 0x35 |
| mongoc_collection_ensure_index | 0x9e40 | 0x36 |
| mongoc_collection_find | 0x7580 | 0x37 |
| mongoc_collection_find_and_modify | 0x8f60 | 0x38 |
| mongoc_collection_find_indexes | 0x7df0 | 0x39 |
| mongoc_collection_get_last_error | 0x88f0 | 0x3a |
| mongoc_collection_get_name | 0x88e0 | 0x3b |
| mongoc_collection_get_read_prefs | 0x8780 | 0x3c |
| mongoc_collection_get_write_concern | 0x8830 | 0x3d |
| mongoc_collection_insert | 0x81a0 | 0x3e |
| mongoc_collection_insert_bulk | 0x7ff0 | 0x3f |
| mongoc_collection_keys_to_index_string | 0x7bd0 | 0x40 |
| mongoc_collection_remove | 0x8620 | 0x41 |
| mongoc_collection_rename | 0x8ad0 | 0x42 |
| mongoc_collection_save | 0x8500 | 0x43 |
| mongoc_collection_set_read_prefs | 0x87c0 | 0x44 |
| mongoc_collection_set_write_concern | 0x8870 | 0x45 |
| mongoc_collection_stats | 0x8d50 | 0x46 |
| mongoc_collection_update | 0x8310 | 0x47 |
| mongoc_collection_validate | 0x8930 | 0x48 |
| mongoc_cursor_clone | 0xb800 | 0x49 |
| mongoc_cursor_current | 0xb5e0 | 0x4a |
| mongoc_cursor_destroy | 0xb6f0 | 0x4b |
| mongoc_cursor_error | 0xb710 | 0x4c |
| mongoc_cursor_get_batch_size | 0xb660 | 0x4d |
| mongoc_cursor_get_hint | 0xb6a0 | 0x4e |
| mongoc_cursor_get_host | 0xb7e0 | 0x4f |
| mongoc_cursor_get_id | 0xb6d0 | 0x50 |
| mongoc_cursor_is_alive | 0xb580 | 0x51 |
| mongoc_cursor_more | 0xb7c0 | 0x52 |
| mongoc_cursor_next | 0xb760 | 0x53 |
| mongoc_cursor_set_batch_size | 0xb620 | 0x54 |
| mongoc_database_add_user | 0xc890 | 0x55 |
| mongoc_database_command | 0xc1e0 | 0x56 |
| mongoc_database_command_simple | 0xc230 | 0x57 |
| mongoc_database_create_collection | 0xd310 | 0x58 |
| mongoc_database_destroy | 0xc170 | 0x59 |
| mongoc_database_drop | 0xc270 | 0x5a |
| mongoc_database_find_collections | 0xcfa0 | 0x5b |
| mongoc_database_get_collection | 0xd7f0 | 0x5c |
| mongoc_database_get_collection_names | 0xd1b0 | 0x5d |
| mongoc_database_get_name | 0xd840 | 0x5e |
| mongoc_database_get_read_prefs | 0xcb20 | 0x5f |
| mongoc_database_get_write_concern | 0xcbd0 | 0x60 |
| mongoc_database_has_collection | 0xd870 | 0x61 |
| mongoc_database_remove_all_users | 0xc730 | 0x62 |
| mongoc_database_remove_user | 0xc580 | 0x63 |
| mongoc_database_set_read_prefs | 0xcb60 | 0x64 |
| mongoc_database_set_write_concern | 0xcc10 | 0x65 |
| mongoc_gridfs_create_file | 0xdf50 | 0x66 |
| mongoc_gridfs_create_file_from_stream | 0xde60 | 0x67 |
| mongoc_gridfs_destroy | 0xdd30 | 0x68 |
| mongoc_gridfs_drop | 0xdcf0 | 0x69 |
| mongoc_gridfs_file_destroy | 0xef00 | 0x6a |
| mongoc_gridfs_file_error | 0xf6d0 | 0x6b |
| mongoc_gridfs_file_get_aliases | 0xe520 | 0x6c |
| mongoc_gridfs_file_get_chunk_size | 0xf750 | 0x6d |
| mongoc_gridfs_file_get_content_type | 0xe4c0 | 0x6e |
| mongoc_gridfs_file_get_filename | 0xe460 | 0x6f |
| mongoc_gridfs_file_get_length | 0xf710 | 0x70 |
| mongoc_gridfs_file_get_md5 | 0xe400 | 0x71 |
| mongoc_gridfs_file_get_metadata | 0xe590 | 0x72 |
| mongoc_gridfs_file_get_upload_date | 0xf790 | 0x73 |
| mongoc_gridfs_file_list_destroy | 0xfcb0 | 0x74 |
| mongoc_gridfs_file_list_error | 0xfca0 | 0x75 |
| mongoc_gridfs_file_list_next | 0xfc70 | 0x76 |
| mongoc_gridfs_file_readv | 0xf910 | 0x77 |
| mongoc_gridfs_file_remove | 0xf7d0 | 0x78 |
| mongoc_gridfs_file_save | 0xe600 | 0x79 |
| mongoc_gridfs_file_seek | 0xf580 | 0x7a |
| mongoc_gridfs_file_set_aliases | 0xe550 | 0x7b |
| mongoc_gridfs_file_set_content_type | 0xe4e0 | 0x7c |
| mongoc_gridfs_file_set_filename | 0xe480 | 0x7d |
| mongoc_gridfs_file_set_md5 | 0xe420 | 0x7e |
| mongoc_gridfs_file_set_metadata | 0xe5c0 | 0x7f |
| mongoc_gridfs_file_tell | 0xf6b0 | 0x80 |
| mongoc_gridfs_file_writev | 0xf9f0 | 0x81 |
| mongoc_gridfs_find | 0xdd60 | 0x82 |
| mongoc_gridfs_find_one | 0xdd80 | 0x83 |
| mongoc_gridfs_find_one_by_filename | 0xddc0 | 0x84 |
| mongoc_gridfs_get_chunks | 0xdfc0 | 0x85 |
| mongoc_gridfs_get_files | 0xdf90 | 0x86 |
| mongoc_gridfs_remove_by_filename | 0xdff0 | 0x87 |
| mongoc_index_opt_geo_get_default | 0xfce0 | 0x88 |
| mongoc_index_opt_geo_init | 0xfd20 | 0x89 |
| mongoc_index_opt_get_default | 0xfcd0 | 0x8a |
| mongoc_index_opt_init | 0xfd00 | 0x8b |
| mongoc_index_opt_wt_get_default | 0xfcf0 | 0x8c |
| mongoc_index_opt_wt_init | 0xfd40 | 0x8d |
| mongoc_init | 0xdac0 | 0x8e |
| mongoc_log | 0xfe70 | 0x8f |
| mongoc_log_default_handler | 0xff60 | 0x90 |
| mongoc_log_level_str | 0xff00 | 0x91 |
| mongoc_log_set_handler | 0xfe30 | 0x92 |
| mongoc_matcher_destroy | 0x108b0 | 0x93 |
| mongoc_matcher_match | 0x10890 | 0x94 |
| mongoc_matcher_new | 0x107e0 | 0x95 |
| mongoc_read_prefs_add_tag | 0x12200 | 0x96 |
| mongoc_read_prefs_copy | 0x128d0 | 0x97 |
| mongoc_read_prefs_destroy | 0x128b0 | 0x98 |
| mongoc_read_prefs_get_mode | 0x12100 | 0x99 |
| mongoc_read_prefs_get_tags | 0x12170 | 0x9a |
| mongoc_read_prefs_is_valid | 0x122c0 | 0x9b |
| mongoc_read_prefs_new | 0x120d0 | 0x9c |
| mongoc_read_prefs_set_mode | 0x12130 | 0x9d |
| mongoc_read_prefs_set_tags | 0x121a0 | 0x9e |
| mongoc_socket_accept | 0x13b40 | 0x9f |
| mongoc_socket_bind | 0x13ca0 | 0xa0 |
| mongoc_socket_check_closed | 0x14480 | 0xa1 |
| mongoc_socket_close | 0x13d20 | 0xa2 |
| mongoc_socket_connect | 0x13da0 | 0xa3 |
| mongoc_socket_destroy | 0x13e90 | 0xa4 |
| mongoc_socket_errno | 0x13b10 | 0xa5 |
| mongoc_socket_getnameinfo | 0x143c0 | 0xa6 |
| mongoc_socket_getsockname | 0x14360 | 0xa7 |
| mongoc_socket_inet_ntop | 0x14540 | 0xa8 |
| mongoc_socket_listen | 0x13eb0 | 0xa9 |
| mongoc_socket_new | 0x13f10 | 0xaa |
| mongoc_socket_recv | 0x13f90 | 0xab |
| mongoc_socket_send | 0x14600 | 0xac |
| mongoc_socket_sendv | 0x14200 | 0xad |
| mongoc_socket_setsockopt | 0x14080 | 0xae |
| mongoc_stream_buffered_new | 0x14d00 | 0xaf |
| mongoc_stream_check_closed | 0x14a00 | 0xb0 |
| mongoc_stream_close | 0x14680 | 0xb1 |
| mongoc_stream_destroy | 0x146f0 | 0xb2 |
| mongoc_stream_file_get_fd | 0x15000 | 0xb3 |
| mongoc_stream_file_new | 0x14f20 | 0xb4 |
| mongoc_stream_file_new_for_path | 0x14f90 | 0xb5 |
| mongoc_stream_flush | 0x14760 | 0xb6 |
| mongoc_stream_get_base_stream | 0x149c0 | 0xb7 |
| mongoc_stream_gridfs_new | 0x15180 | 0xb8 |
| mongoc_stream_read | 0x14910 | 0xb9 |
| mongoc_stream_readv | 0x148a0 | 0xba |
| mongoc_stream_setsockopt | 0x14980 | 0xbb |
| mongoc_stream_socket_get_socket | 0x154a0 | 0xbc |
| mongoc_stream_socket_new | 0x15510 | 0xbd |
| mongoc_stream_write | 0x14830 | 0xbe |
| mongoc_stream_writev | 0x147a0 | 0xbf |
| mongoc_uri_copy | 0x16e20 | 0xc0 |
| mongoc_uri_destroy | 0x15fb0 | 0xc1 |
| mongoc_uri_get_auth_mechanism | 0x15aa0 | 0xc2 |
| mongoc_uri_get_auth_source | 0x15ec0 | 0xc3 |
| mongoc_uri_get_credentials | 0x15a60 | 0xc4 |
| mongoc_uri_get_database | 0x15e90 | 0xc5 |
| mongoc_uri_get_hosts | 0x15990 | 0xc6 |
| mongoc_uri_get_mechanism_properties | 0x15b50 | 0xc7 |
| mongoc_uri_get_options | 0x15f80 | 0xc8 |
| mongoc_uri_get_password | 0x15e60 | 0xc9 |
| mongoc_uri_get_read_prefs | 0x16090 | 0xca |
| mongoc_uri_get_replica_set | 0x159c0 | 0xcb |
| mongoc_uri_get_ssl | 0x16270 | 0xcc |
| mongoc_uri_get_string | 0x16060 | 0xcd |
| mongoc_uri_get_username | 0x15e30 | 0xce |
| mongoc_uri_get_write_concern | 0x16230 | 0xcf |
| mongoc_uri_new | 0x16d20 | 0xd0 |
| mongoc_uri_new_for_host_port | 0x16db0 | 0xd1 |
| mongoc_uri_unescape | 0x160d0 | 0xd2 |
| mongoc_write_concern_copy | 0x19ba0 | 0xd3 |
| mongoc_write_concern_destroy | 0x19c00 | 0xd4 |
| mongoc_write_concern_get_fsync | 0x19c50 | 0xd5 |
| mongoc_write_concern_get_journal | 0x19cf0 | 0xd6 |
| mongoc_write_concern_get_w | 0x19d90 | 0xd7 |
| mongoc_write_concern_get_wmajority | 0x19ee0 | 0xd8 |
| mongoc_write_concern_get_wtag | 0x19f80 | 0xd9 |
| mongoc_write_concern_get_wtimeout | 0x19e50 | 0xda |
| mongoc_write_concern_new | 0x19b80 | 0xdb |
| mongoc_write_concern_set_fsync | 0x19c90 | 0xdc |
| mongoc_write_concern_set_journal | 0x19d30 | 0xdd |
| mongoc_write_concern_set_w | 0x19dd0 | 0xde |
| mongoc_write_concern_set_wmajority | 0x19f20 | 0xdf |
| mongoc_write_concern_set_wtag | 0x19fc0 | 0xe0 |
| mongoc_write_concern_set_wtimeout | 0x19e80 | 0xe1 |
Digital Signature Information
»
| Verification Status | Valid |
Certificate: Idera
»
| Issued by | Idera |
| Country Name | US |
| Valid From | 2016-03-10 01:00 (UTC+1) |
| Valid Until | 2018-04-13 01:59 (UTC+2) |
| Algorithm | sha256_rsa |
| Serial Number | 19 4B 7B C0 44 9D 1A E4 D1 6D 7D A1 D5 33 0D 6F |
| Thumbprint | 1D B3 1D A0 C1 52 E9 D4 74 5D 58 D7 38 A1 74 A5 21 B3 BE FC |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\is-I92GT.tmp | Dropped File | Binary |
clean
Known to be clean.
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\libnettle-4-6.dll (Dropped File) |
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 178.09 KB |
| MD5 |
854c550450beddebaafe1dd74f073641
|
| SHA1 |
3db1545773ea7756d6a87b3693148abcd1cdab86
|
| SHA256 |
8561d32e30b3dec9ffd24b1bd87e96444fd6d3d304d64f80c6d99e112411dc48
|
| SSDeep |
3072:FiP8zpgWMwBsaEcWfsUGPWTSMqqDVw7P3FwBP1ELFy:Fu8NsgsidwxqqDVMFwBaFy
|
| ImpHash |
cc865c6dc9276f58de973bb620408123
|
PE Information
»
| Image Base | 0x6a700000 |
| Entry Point | 0x6a701400 |
| Size Of Code | 0x1ae00 |
| Size Of Initialized Data | 0x10c00 |
| Size Of Uninitialized Data | 0xa00 |
| File Type | FileType.dll |
| Subsystem | Subsystem.windows_cui |
| Machine Type | MachineType.amd64 |
| Compile Timestamp | 1970-01-03 05:51:54+00:00 |
Sections (13)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x6a701000 | 0x1acc0 | 0x1ae00 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.59 |
| .data | 0x6a71c000 | 0x50 | 0x200 | 0x1b200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.48 |
| .rdata | 0x6a71d000 | 0xbba0 | 0xbc00 | 0x1b400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ | 6.95 |
| /4 | 0x6a729000 | 0x35 | 0x200 | 0x27000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ | 0.57 |
| .pdata | 0x6a72a000 | 0xcb4 | 0xe00 | 0x27200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ | 4.74 |
| .xdata | 0x6a72b000 | 0xcb0 | 0xe00 | 0x28000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ | 4.11 |
| .bss | 0x6a72c000 | 0x930 | 0x0 | 0x0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
| .edata | 0x6a72d000 | 0x1ff7 | 0x2000 | 0x28e00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ | 5.26 |
| .idata | 0x6a72f000 | 0x760 | 0x800 | 0x2ae00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 4.1 |
| .CRT | 0x6a730000 | 0x58 | 0x200 | 0x2b600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.21 |
| .tls | 0x6a731000 | 0x68 | 0x200 | 0x2b800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.26 |
| .reloc | 0x6a732000 | 0x21c | 0x400 | 0x2ba00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 3.4 |
| /14 | 0x6a733000 | 0x1c | 0x200 | 0x2be00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.5 |
Imports (3)
»
KERNEL32.dll (23)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| DeleteCriticalSection | - | 0x6a72f1e8 | 0x2f050 | 0x2ae50 | 0xd8 |
| EnterCriticalSection | - | 0x6a72f1f0 | 0x2f058 | 0x2ae58 | 0xf8 |
| GetCurrentProcess | - | 0x6a72f1f8 | 0x2f060 | 0x2ae60 | 0x1cd |
| GetCurrentProcessId | - | 0x6a72f200 | 0x2f068 | 0x2ae68 | 0x1ce |
| GetCurrentThreadId | - | 0x6a72f208 | 0x2f070 | 0x2ae70 | 0x1d2 |
| GetLastError | - | 0x6a72f210 | 0x2f078 | 0x2ae78 | 0x210 |
| GetModuleFileNameW | - | 0x6a72f218 | 0x2f080 | 0x2ae80 | 0x223 |
| GetSystemTimeAsFileTime | - | 0x6a72f220 | 0x2f088 | 0x2ae88 | 0x28a |
| GetTickCount | - | 0x6a72f228 | 0x2f090 | 0x2ae90 | 0x2a5 |
| InitializeCriticalSection | - | 0x6a72f230 | 0x2f098 | 0x2ae98 | 0x2f9 |
| LeaveCriticalSection | - | 0x6a72f238 | 0x2f0a0 | 0x2aea0 | 0x34b |
| QueryPerformanceCounter | - | 0x6a72f240 | 0x2f0a8 | 0x2aea8 | 0x3bb |
| RtlAddFunctionTable | - | 0x6a72f248 | 0x2f0b0 | 0x2aeb0 | 0x401 |
| RtlCaptureContext | - | 0x6a72f250 | 0x2f0b8 | 0x2aeb8 | 0x402 |
| RtlLookupFunctionEntry | - | 0x6a72f258 | 0x2f0c0 | 0x2aec0 | 0x409 |
| RtlVirtualUnwind | - | 0x6a72f260 | 0x2f0c8 | 0x2aec8 | 0x410 |
| SetUnhandledExceptionFilter | - | 0x6a72f268 | 0x2f0d0 | 0x2aed0 | 0x49f |
| Sleep | - | 0x6a72f270 | 0x2f0d8 | 0x2aed8 | 0x4ac |
| TerminateProcess | - | 0x6a72f278 | 0x2f0e0 | 0x2aee0 | 0x4ba |
| TlsGetValue | - | 0x6a72f280 | 0x2f0e8 | 0x2aee8 | 0x4c1 |
| UnhandledExceptionFilter | - | 0x6a72f288 | 0x2f0f0 | 0x2aef0 | 0x4ce |
| VirtualProtect | - | 0x6a72f290 | 0x2f0f8 | 0x2aef8 | 0x4ec |
| VirtualQuery | - | 0x6a72f298 | 0x2f100 | 0x2af00 | 0x4ee |
msvcrt.dll (24)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| __dllonexit | - | 0x6a72f2a8 | 0x2f110 | 0x2af10 | 0x4e |
| __iob_func | - | 0x6a72f2b0 | 0x2f118 | 0x2af18 | 0x53 |
| _amsg_exit | - | 0x6a72f2b8 | 0x2f120 | 0x2af20 | 0x78 |
| _exit | - | 0x6a72f2c0 | 0x2f128 | 0x2af28 | 0xc5 |
| _initterm | - | 0x6a72f2c8 | 0x2f130 | 0x2af30 | 0x11c |
| _lock | - | 0x6a72f2d0 | 0x2f138 | 0x2af38 | 0x182 |
| _onexit | - | 0x6a72f2d8 | 0x2f140 | 0x2af40 | 0x227 |
| _snwprintf | - | 0x6a72f2e0 | 0x2f148 | 0x2af48 | 0x265 |
| _unlock | - | 0x6a72f2e8 | 0x2f150 | 0x2af50 | 0x2c9 |
| abort | - | 0x6a72f2f0 | 0x2f158 | 0x2af58 | 0x385 |
| calloc | - | 0x6a72f2f8 | 0x2f160 | 0x2af60 | 0x392 |
| free | - | 0x6a72f300 | 0x2f168 | 0x2af68 | 0x3b5 |
| fwprintf | - | 0x6a72f308 | 0x2f170 | 0x2af70 | 0x3be |
| fwrite | - | 0x6a72f310 | 0x2f178 | 0x2af78 | 0x3c0 |
| malloc | - | 0x6a72f318 | 0x2f180 | 0x2af80 | 0x3ee |
| memcpy | - | 0x6a72f320 | 0x2f188 | 0x2af88 | 0x3f6 |
| memset | - | 0x6a72f328 | 0x2f190 | 0x2af90 | 0x3f9 |
| raise | - | 0x6a72f330 | 0x2f198 | 0x2af98 | 0x406 |
| realloc | - | 0x6a72f338 | 0x2f1a0 | 0x2afa0 | 0x408 |
| signal | - | 0x6a72f340 | 0x2f1a8 | 0x2afa8 | 0x412 |
| strlen | - | 0x6a72f348 | 0x2f1b0 | 0x2afb0 | 0x425 |
| strncmp | - | 0x6a72f350 | 0x2f1b8 | 0x2afb8 | 0x428 |
| vfprintf | - | 0x6a72f358 | 0x2f1c0 | 0x2afc0 | 0x447 |
| wcscpy | - | 0x6a72f360 | 0x2f1c8 | 0x2afc8 | 0x457 |
USER32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| MessageBoxW | - | 0x6a72f370 | 0x2f1d8 | 0x2afd8 | 0x1f0 |
Exports (256)
»
| Api name | EAT Address | Ordinal |
|---|---|---|
| _nettle_aes_decrypt | 0x1450 | 0x1 |
| _nettle_aes_encrypt | 0x1750 | 0x2 |
| _nettle_aes_encrypt_table | 0x1e180 | 0x3 |
| _nettle_camellia_crypt | 0x2e30 | 0x4 |
| _nettle_camellia_table | 0x20120 | 0x5 |
| _nettle_md5_compress | 0xadf0 | 0x6 |
| _nettle_ripemd160_compress | 0xcef0 | 0x7 |
| _nettle_salsa20_core | 0xe570 | 0x8 |
| _nettle_sha1_compress | 0xf060 | 0x9 |
| _nettle_sha256_compress | 0x10690 | 0xa |
| _nettle_sha3_pad | 0x12be0 | 0xb |
| _nettle_sha3_update | 0x12b00 | 0xc |
| _nettle_sha512_compress | 0x11b50 | 0xd |
| _nettle_umac_l2 | 0x175d0 | 0xe |
| _nettle_umac_l2_final | 0x177d0 | 0xf |
| _nettle_umac_l2_init | 0x175a0 | 0x10 |
| _nettle_umac_l3 | 0x179f0 | 0x11 |
| _nettle_umac_l3_init | 0x17990 | 0x12 |
| _nettle_umac_nh | 0x17130 | 0x13 |
| _nettle_umac_nh_n | 0x171a0 | 0x14 |
| _nettle_umac_poly128 | 0x17cf0 | 0x15 |
| _nettle_umac_poly64 | 0x17b20 | 0x16 |
| _nettle_umac_set_key | 0x17fb0 | 0x17 |
| _nettle_write_be32 | 0x1a070 | 0x18 |
| _nettle_write_le32 | 0x1a100 | 0x19 |
| _nettle_write_le64 | 0x1a190 | 0x1a |
| memxor | 0x1a250 | 0x1b |
| memxor3 | 0x1a270 | 0x1c |
| nettle_MD5Final | 0xb690 | 0x1d |
| nettle_MD5Init | 0xb670 | 0x1e |
| nettle_MD5Update | 0xb680 | 0x1f |
| nettle_aes128 | 0x1f780 | 0x20 |
| nettle_aes192 | 0x1f740 | 0x21 |
| nettle_aes256 | 0x1f700 | 0x22 |
| nettle_aes_decrypt | 0x16f0 | 0x23 |
| nettle_aes_encrypt | 0x19f0 | 0x24 |
| nettle_aes_invert_key | 0x1c00 | 0x25 |
| nettle_aes_set_decrypt_key | 0x1d00 | 0x26 |
| nettle_aes_set_encrypt_key | 0x1a50 | 0x27 |
| nettle_arcfour128 | 0x1f840 | 0x28 |
| nettle_arcfour_crypt | 0x1df0 | 0x29 |
| nettle_arcfour_set_key | 0x1d20 | 0x2a |
| nettle_arctwo128 | 0x1fa80 | 0x2b |
| nettle_arctwo40 | 0x1fb40 | 0x2c |
| nettle_arctwo64 | 0x1fae0 | 0x2d |
| nettle_arctwo_decrypt | 0x2050 | 0x2e |
| nettle_arctwo_encrypt | 0x1e80 | 0x2f |
| nettle_arctwo_gutmann128 | 0x1fa20 | 0x30 |
| nettle_arctwo_set_key | 0x2400 | 0x31 |
| nettle_arctwo_set_key_ekb | 0x2220 | 0x32 |
| nettle_arctwo_set_key_gutmann | 0x2410 | 0x33 |
| nettle_armors | 0x27a40 | 0x34 |
| nettle_base16 | 0x1fd40 | 0x35 |
| nettle_base16_decode_final | 0x2670 | 0x36 |
| nettle_base16_decode_init | 0x24a0 | 0x37 |
| nettle_base16_decode_single | 0x24b0 | 0x38 |
| nettle_base16_decode_update | 0x2580 | 0x39 |
| nettle_base16_encode_single | 0x2420 | 0x3a |
| nettle_base16_encode_update | 0x2450 | 0x3b |
| nettle_base64 | 0x20040 | 0x3c |
| nettle_base64_decode_final | 0x2d90 | 0x3d |
| nettle_base64_decode_init | 0x2b90 | 0x3e |
| nettle_base64_decode_single | 0x2bb0 | 0x3f |
| nettle_base64_decode_update | 0x2ca0 | 0x40 |
| nettle_base64_encode_final | 0x2ae0 | 0x41 |
| nettle_base64_encode_group | 0x2870 | 0x42 |
| nettle_base64_encode_init | 0x28c0 | 0x43 |
| nettle_base64_encode_raw | 0x26e0 | 0x44 |
| nettle_base64_encode_single | 0x28d0 | 0x45 |
| nettle_base64_encode_update | 0x2960 | 0x46 |
| nettle_blowfish_decrypt | 0x5a80 | 0x47 |
| nettle_blowfish_encrypt | 0x5980 | 0x48 |
| nettle_blowfish_set_key | 0x5f00 | 0x49 |
| nettle_buffer_clear | 0x19ef0 | 0x4a |
| nettle_buffer_copy | 0x19fc0 | 0x4b |
| nettle_buffer_grow | 0x19e30 | 0x4c |
| nettle_buffer_init | 0x19fd0 | 0x4d |
| nettle_buffer_init_realloc | 0x19eb0 | 0x4e |
| nettle_buffer_init_size | 0x19ed0 | 0x4f |
| nettle_buffer_reset | 0x19f30 | 0x50 |
| nettle_buffer_space | 0x19f40 | 0x51 |
| nettle_buffer_write | 0x19f80 | 0x52 |
| nettle_camellia128 | 0x21200 | 0x53 |
| nettle_camellia192 | 0x211a0 | 0x54 |
| nettle_camellia256 | 0x21140 | 0x55 |
| nettle_camellia_crypt | 0x2dd0 | 0x56 |
| nettle_camellia_invert_key | 0x43f0 | 0x57 |
| nettle_camellia_set_decrypt_key | 0x4470 | 0x58 |
| nettle_camellia_set_encrypt_key | 0x3480 | 0x59 |
| nettle_cast128 | 0x23280 | 0x5a |
| nettle_cast128_decrypt | 0x4980 | 0x5b |
| nettle_cast128_encrypt | 0x4490 | 0x5c |
| nettle_cast128_set_key | 0x4e20 | 0x5d |
| nettle_cbc_decrypt | 0x61c0 | 0x5e |
| nettle_cbc_encrypt | 0x60f0 | 0x5f |
| nettle_ciphers | 0x279a0 | 0x60 |
| nettle_ctr_crypt | 0x6480 | 0x61 |
| nettle_des3_decrypt | 0x9030 | 0x62 |
| nettle_des3_encrypt | 0x8fe0 | 0x63 |
| nettle_des3_set_key | 0x8f90 | 0x64 |
| nettle_des_check_parity | 0x7390 | 0x65 |
| nettle_des_decrypt | 0x83e0 | 0x66 |
| nettle_des_encrypt | 0x7850 | 0x67 |
| nettle_des_fix_parity | 0x7400 | 0x68 |
| nettle_des_set_key | 0x7440 | 0x69 |
| nettle_gcm_aes_decrypt | 0x7310 | 0x6a |
| nettle_gcm_aes_digest | 0x7350 | 0x6b |
| nettle_gcm_aes_encrypt | 0x72d0 | 0x6c |
| nettle_gcm_aes_set_iv | 0x7290 | 0x6d |
| nettle_gcm_aes_set_key | 0x7260 | 0x6e |
| nettle_gcm_aes_update | 0x72b0 | 0x6f |
| nettle_gcm_decrypt | 0x7140 | 0x70 |
| nettle_gcm_digest | 0x71d0 | 0x71 |
| nettle_gcm_encrypt | 0x70b0 | 0x72 |
| nettle_gcm_set_iv | 0x6f40 | 0x73 |
| nettle_gcm_set_key | 0x6da0 | 0x74 |
| nettle_gcm_update | 0x7020 | 0x75 |
| nettle_gosthash94 | 0x1fba0 | 0x76 |
| nettle_gosthash94_digest | 0xcaf0 | 0x77 |
| nettle_gosthash94_init | 0xc990 | 0x78 |
| nettle_gosthash94_update | 0xca20 | 0x79 |
| nettle_hashes | 0x27940 | 0x7a |
| nettle_hmac_digest | 0x9600 | 0x7b |
| nettle_hmac_md5_digest | 0x96d0 | 0x7c |
| nettle_hmac_md5_set_key | 0x9690 | 0x7d |
| nettle_hmac_md5_update | 0x96c0 | 0x7e |
| nettle_hmac_ripemd160_digest | 0x9740 | 0x7f |
| nettle_hmac_ripemd160_set_key | 0x9700 | 0x80 |
| nettle_hmac_ripemd160_update | 0x9730 | 0x81 |
| nettle_hmac_set_key | 0x9490 | 0x82 |
| nettle_hmac_sha1_digest | 0x97b0 | 0x83 |
| nettle_hmac_sha1_set_key | 0x9770 | 0x84 |
| nettle_hmac_sha1_update | 0x97a0 | 0x85 |
| nettle_hmac_sha224_digest | 0x9810 | 0x86 |
| nettle_hmac_sha224_set_key | 0x97e0 | 0x87 |
| nettle_hmac_sha256_digest | 0x9880 | 0x88 |
| nettle_hmac_sha256_set_key | 0x9840 | 0x89 |
| nettle_hmac_sha256_update | 0x9870 | 0x8a |
| nettle_hmac_sha384_digest | 0x98e0 | 0x8b |
| nettle_hmac_sha384_set_key | 0x98b0 | 0x8c |
| nettle_hmac_sha512_digest | 0x9950 | 0x8d |
| nettle_hmac_sha512_set_key | 0x9910 | 0x8e |
| nettle_hmac_sha512_update | 0x9940 | 0x8f |
| nettle_hmac_update | 0x95f0 | 0x90 |
| nettle_knuth_lfib_get | 0x9de0 | 0x91 |
| nettle_knuth_lfib_get_array | 0x9e80 | 0x92 |
| nettle_knuth_lfib_init | 0x9c00 | 0x93 |
| nettle_knuth_lfib_random | 0x9ec0 | 0x94 |
| nettle_md2 | 0x25460 | 0x95 |
| nettle_md2_digest | 0xa130 | 0x96 |
| nettle_md2_init | 0x9fd0 | 0x97 |
| nettle_md2_update | 0xa060 | 0x98 |
| nettle_md4 | 0x25500 | 0x99 |
| nettle_md4_digest | 0xa9e0 | 0x9a |
| nettle_md4_init | 0xa8a0 | 0x9b |
| nettle_md4_update | 0xa8f0 | 0x9c |
| nettle_md5 | 0x255a0 | 0x9d |
| nettle_md5_digest | 0xaca0 | 0x9e |
| nettle_md5_init | 0xab60 | 0x9f |
| nettle_md5_update | 0xabb0 | 0xa0 |
| nettle_openssl_des_cbc_cksum | 0x9150 | 0xa1 |
| nettle_openssl_des_cbc_encrypt | 0x92c0 | 0xa2 |
| nettle_openssl_des_check_key | 0x2c010 | 0xa3 |
| nettle_openssl_des_ecb3_encrypt | 0x9100 | 0xa4 |
| nettle_openssl_des_ecb_encrypt | 0x92f0 | 0xa5 |
| nettle_openssl_des_ede3_cbc_encrypt | 0x9320 | 0xa6 |
| nettle_openssl_des_is_weak_key | 0x9460 | 0xa7 |
| nettle_openssl_des_key_sched | 0x93f0 | 0xa8 |
| nettle_openssl_des_ncbc_encrypt | 0x9240 | 0xa9 |
| nettle_openssl_des_set_odd_parity | 0x93d0 | 0xaa |
| nettle_pbkdf2 | 0x9980 | 0xab |
| nettle_pbkdf2_hmac_sha1 | 0x9b00 | 0xac |
| nettle_pbkdf2_hmac_sha256 | 0x9b80 | 0xad |
| nettle_realloc | 0x19fe0 | 0xae |
| nettle_ripemd160 | 0x266c0 | 0xaf |
| nettle_ripemd160_digest | 0xcd70 | 0xb0 |
| nettle_ripemd160_init | 0xcc40 | 0xb1 |
| nettle_ripemd160_update | 0xcc80 | 0xb2 |
| nettle_salsa20_crypt | 0xe7b0 | 0xb3 |
| nettle_salsa20_set_iv | 0xed60 | 0xb4 |
| nettle_salsa20_set_key | 0xeba0 | 0xb5 |
| nettle_salsa20r12_crypt | 0xeaf0 | 0xb6 |
| nettle_serpent128 | 0x271e0 | 0xb7 |
| nettle_serpent192 | 0x27180 | 0xb8 |
| nettle_serpent256 | 0x27120 | 0xb9 |
| nettle_serpent_decrypt | 0x152b0 | 0xba |
| nettle_serpent_encrypt | 0x14190 | 0xbb |
| nettle_serpent_set_key | 0x13990 | 0xbc |
| nettle_sha1 | 0x26800 | 0xbd |
| nettle_sha1_digest | 0xeef0 | 0xbe |
| nettle_sha1_init | 0xedc0 | 0xbf |
| nettle_sha1_update | 0xee00 | 0xc0 |
| nettle_sha224 | 0x26a00 | 0xc1 |
| nettle_sha224_digest | 0x10630 | 0xc2 |
| nettle_sha224_init | 0x105e0 | 0xc3 |
| nettle_sha256 | 0x26a60 | 0xc4 |
| nettle_sha256_digest | 0x10580 | 0xc5 |
| nettle_sha256_init | 0x10430 | 0xc6 |
| nettle_sha256_update | 0x10480 | 0xc7 |
| nettle_sha384 | 0x26e40 | 0xc8 |
| nettle_sha384_digest | 0x11a90 | 0xc9 |
| nettle_sha384_init | 0x11a10 | 0xca |
| nettle_sha3_224 | 0x26f40 | 0xcb |
| nettle_sha3_224_digest | 0x13420 | 0xcc |
| nettle_sha3_224_init | 0x13350 | 0xcd |
| nettle_sha3_224_update | 0x133e0 | 0xce |
| nettle_sha3_256 | 0x26fa0 | 0xcf |
| nettle_sha3_256_digest | 0x135b0 | 0xd0 |
| nettle_sha3_256_init | 0x134e0 | 0xd1 |
| nettle_sha3_256_update | 0x13570 | 0xd2 |
| nettle_sha3_384 | 0x27000 | 0xd3 |
| nettle_sha3_384_digest | 0x13740 | 0xd4 |
| nettle_sha3_384_init | 0x13670 | 0xd5 |
| nettle_sha3_384_update | 0x13700 | 0xd6 |
| nettle_sha3_512 | 0x27060 | 0xd7 |
| nettle_sha3_512_digest | 0x138d0 | 0xd8 |
| nettle_sha3_512_init | 0x13800 | 0xd9 |
| nettle_sha3_512_update | 0x13890 | 0xda |
| nettle_sha3_permute | 0x12c50 | 0xdb |
| nettle_sha512 | 0x26ea0 | 0xdc |
| nettle_sha512_digest | 0x11950 | 0xdd |
| nettle_sha512_init | 0x117c0 | 0xde |
| nettle_sha512_update | 0x11840 | 0xdf |
| nettle_twofish128 | 0x27620 | 0xe0 |
| nettle_twofish192 | 0x275c0 | 0xe1 |
| nettle_twofish256 | 0x27560 | 0xe2 |
| nettle_twofish_decrypt | 0x16eb0 | 0xe3 |
| nettle_twofish_encrypt | 0x16c20 | 0xe4 |
| nettle_twofish_set_key | 0x166a0 | 0xe5 |
| nettle_umac128_digest | 0x194b0 | 0xe6 |
| nettle_umac128_set_key | 0x191b0 | 0xe7 |
| nettle_umac128_set_nonce | 0x19230 | 0xe8 |
| nettle_umac128_update | 0x192c0 | 0xe9 |
| nettle_umac32_digest | 0x183c0 | 0xea |
| nettle_umac32_set_key | 0x180d0 | 0xeb |
| nettle_umac32_set_nonce | 0x18160 | 0xec |
| nettle_umac32_update | 0x18210 | 0xed |
| nettle_umac64_digest | 0x18960 | 0xee |
| nettle_umac64_set_key | 0x18650 | 0xef |
| nettle_umac64_set_nonce | 0x186e0 | 0xf0 |
| nettle_umac64_update | 0x18790 | 0xf1 |
| nettle_umac96_digest | 0x18f30 | 0xf2 |
| nettle_umac96_set_key | 0x18c30 | 0xf3 |
| nettle_umac96_set_nonce | 0x18cb0 | 0xf4 |
| nettle_umac96_update | 0x18d40 | 0xf5 |
| nettle_xrealloc | 0x1a010 | 0xf6 |
| nettle_yarrow256_fast_reseed | 0x19830 | 0xf7 |
| nettle_yarrow256_init | 0x197a0 | 0xf8 |
| nettle_yarrow256_is_seeded | 0x19d20 | 0xf9 |
| nettle_yarrow256_needed_sources | 0x19d30 | 0xfa |
| nettle_yarrow256_random | 0x19c40 | 0xfb |
| nettle_yarrow256_seed | 0x199d0 | 0xfc |
| nettle_yarrow256_slow_reseed | 0x19a20 | 0xfd |
| nettle_yarrow256_update | 0x19aa0 | 0xfe |
| nettle_yarrow_key_event_estimate | 0x19dc0 | 0xff |
| nettle_yarrow_key_event_init | 0x19d90 | 0x100 |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\is-Q6KJO.tmp | Dropped File | Binary |
clean
Known to be clean.
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\libogg-0.dll (Dropped File) |
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 45.50 KB |
| MD5 |
84e8e72572d53558d52403011fa0d388
|
| SHA1 |
865160da7dbfaaea224541eb44e9430e1a7b7b20
|
| SHA256 |
ca717b5cf2a7b0e047aabad985c631278941c58f16e2e9650ca12c3a331fcd4f
|
| SSDeep |
768:BZIF0ff+vrzUHQH/E4zR2cCqz7iDz3Kocq8eeIKKem+nH3g/i3/:BWFsf+vrzUwH/15EzFeIWm+H3R3
|
| ImpHash |
a8a7ae1c51e4b4bed37de4cada732113
|
PE Information
»
| Image Base | 0x70680000 |
| Entry Point | 0x70681430 |
| Size Of Code | 0x8600 |
| Size Of Initialized Data | 0xb200 |
| Size Of Uninitialized Data | 0xe00 |
| File Type | FileType.dll |
| Subsystem | Subsystem.windows_cui |
| Machine Type | MachineType.i386 |
| Compile Timestamp | 2016-01-29 15:46:16+00:00 |
Sections (9)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x70681000 | 0x8564 | 0x8600 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.33 |
| .data | 0x7068a000 | 0x44 | 0x200 | 0x8a00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.71 |
| .rdata | 0x7068b000 | 0xfa4 | 0x1000 | 0x8c00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ | 6.37 |
| .bss | 0x7068c000 | 0xd84 | 0x0 | 0x0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
| .edata | 0x7068d000 | 0x7bc | 0x800 | 0x9c00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ | 4.88 |
| .idata | 0x7068e000 | 0x650 | 0x800 | 0xa400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 4.14 |
| .CRT | 0x7068f000 | 0x2c | 0x200 | 0xac00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.2 |
| .tls | 0x70690000 | 0x20 | 0x200 | 0xae00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.24 |
| .reloc | 0x70691000 | 0x42c | 0x600 | 0xb000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 5.08 |
Imports (3)
»
libgcc_s_sjlj-1.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| __udivdi3 | - | 0x7068e134 | 0xe050 | 0xa450 | 0x77 |
| __umoddi3 | - | 0x7068e138 | 0xe054 | 0xa454 | 0x79 |
KERNEL32.dll (24)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| DeleteCriticalSection | - | 0x7068e140 | 0xe05c | 0xa45c | 0xd4 |
| EnterCriticalSection | - | 0x7068e144 | 0xe060 | 0xa460 | 0xef |
| GetCurrentProcess | - | 0x7068e148 | 0xe064 | 0xa464 | 0x1c4 |
| GetCurrentProcessId | - | 0x7068e14c | 0xe068 | 0xa468 | 0x1c5 |
| GetCurrentThreadId | - | 0x7068e150 | 0xe06c | 0xa46c | 0x1c9 |
| GetLastError | - | 0x7068e154 | 0xe070 | 0xa470 | 0x203 |
| GetModuleHandleA | - | 0x7068e158 | 0xe074 | 0xa474 | 0x215 |
| GetProcAddress | - | 0x7068e15c | 0xe078 | 0xa478 | 0x245 |
| GetSystemTimeAsFileTime | - | 0x7068e160 | 0xe07c | 0xa47c | 0x27b |
| GetTickCount | - | 0x7068e164 | 0xe080 | 0xa480 | 0x297 |
| InitializeCriticalSection | - | 0x7068e168 | 0xe084 | 0xa484 | 0x2eb |
| IsDBCSLeadByteEx | - | 0x7068e16c | 0xe088 | 0xa488 | 0x307 |
| LeaveCriticalSection | - | 0x7068e170 | 0xe08c | 0xa48c | 0x326 |
| LoadLibraryW | - | 0x7068e174 | 0xe090 | 0xa490 | 0x32c |
| MultiByteToWideChar | - | 0x7068e178 | 0xe094 | 0xa494 | 0x355 |
| QueryPerformanceCounter | - | 0x7068e17c | 0xe098 | 0xa498 | 0x393 |
| SetUnhandledExceptionFilter | - | 0x7068e180 | 0xe09c | 0xa49c | 0x467 |
| Sleep | - | 0x7068e184 | 0xe0a0 | 0xa4a0 | 0x474 |
| TerminateProcess | - | 0x7068e188 | 0xe0a4 | 0xa4a4 | 0x482 |
| TlsGetValue | - | 0x7068e18c | 0xe0a8 | 0xa4a8 | 0x489 |
| UnhandledExceptionFilter | - | 0x7068e190 | 0xe0ac | 0xa4ac | 0x496 |
| VirtualProtect | - | 0x7068e194 | 0xe0b0 | 0xa4b0 | 0x4b6 |
| VirtualQuery | - | 0x7068e198 | 0xe0b4 | 0xa4b4 | 0x4b9 |
| WideCharToMultiByte | - | 0x7068e19c | 0xe0b8 | 0xa4b8 | 0x4da |
msvcrt.dll (28)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| __dllonexit | - | 0x7068e1a4 | 0xe0c0 | 0xa4c0 | 0x38 |
| __mb_cur_max | - | 0x7068e1a8 | 0xe0c4 | 0xa4c4 | 0x46 |
| _amsg_exit | - | 0x7068e1ac | 0xe0c8 | 0xa4c8 | 0x8f |
| _errno | - | 0x7068e1b0 | 0xe0cc | 0xa4cc | 0xd1 |
| _initterm | - | 0x7068e1b4 | 0xe0d0 | 0xa4d0 | 0x131 |
| _iob | - | 0x7068e1b8 | 0xe0d4 | 0xa4d4 | 0x135 |
| _lock | - | 0x7068e1bc | 0xe0d8 | 0xa4d8 | 0x196 |
| _onexit | - | 0x7068e1c0 | 0xe0dc | 0xa4dc | 0x233 |
| _unlock | - | 0x7068e1c4 | 0xe0e0 | 0xa4e0 | 0x2f0 |
| calloc | - | 0x7068e1c8 | 0xe0e4 | 0xa4e4 | 0x34e |
| fputc | - | 0x7068e1cc | 0xe0e8 | 0xa4e8 | 0x36a |
| free | - | 0x7068e1d0 | 0xe0ec | 0xa4ec | 0x36f |
| getenv | - | 0x7068e1d4 | 0xe0f0 | 0xa4f0 | 0x37f |
| localeconv | - | 0x7068e1d8 | 0xe0f4 | 0xa4f4 | 0x3a2 |
| malloc | - | 0x7068e1dc | 0xe0f8 | 0xa4f8 | 0x3a6 |
| memchr | - | 0x7068e1e0 | 0xe0fc | 0xa4fc | 0x3ac |
| memcmp | - | 0x7068e1e4 | 0xe100 | 0xa500 | 0x3ad |
| memcpy | - | 0x7068e1e8 | 0xe104 | 0xa504 | 0x3ae |
| memmove | - | 0x7068e1ec | 0xe108 | 0xa508 | 0x3af |
| realloc | - | 0x7068e1f0 | 0xe10c | 0xa50c | 0x3c1 |
| setlocale | - | 0x7068e1f4 | 0xe110 | 0xa510 | 0x3c8 |
| strchr | - | 0x7068e1f8 | 0xe114 | 0xa514 | 0x3d5 |
| strerror | - | 0x7068e1fc | 0xe118 | 0xa518 | 0x3db |
| strlen | - | 0x7068e200 | 0xe11c | 0xa51c | 0x3de |
| strncmp | - | 0x7068e204 | 0xe120 | 0xa520 | 0x3e1 |
| abort | - | 0x7068e208 | 0xe124 | 0xa524 | 0x442 |
| atoi | - | 0x7068e20c | 0xe128 | 0xa528 | 0x44b |
| wcslen | - | 0x7068e210 | 0xe12c | 0xa52c | 0x476 |
Exports (71)
»
| Api name | EAT Address | Ordinal |
|---|---|---|
| InterlockedCompareExchange@12 | 0x9500 | 0x1 |
| _InterlockedCompareExchange | 0x94e0 | 0x2 |
| ogg_packet_clear | 0x2b70 | 0x3 |
| ogg_page_bos | 0x1620 | 0x4 |
| ogg_page_checksum_set | 0x1a30 | 0x5 |
| ogg_page_continued | 0x1610 | 0x6 |
| ogg_page_eos | 0x1640 | 0x7 |
| ogg_page_granulepos | 0x1660 | 0x8 |
| ogg_page_packets | 0x1740 | 0x9 |
| ogg_page_pageno | 0x1710 | 0xa |
| ogg_page_serialno | 0x16e0 | 0xb |
| ogg_page_version | 0x1600 | 0xc |
| ogg_stream_check | 0x1770 | 0xd |
| ogg_stream_clear | 0x1790 | 0xe |
| ogg_stream_destroy | 0x1a00 | 0xf |
| ogg_stream_eos | 0x2160 | 0x10 |
| ogg_stream_flush | 0x20e0 | 0x11 |
| ogg_stream_init | 0x1830 | 0x12 |
| ogg_stream_iovecin | 0x1e40 | 0x13 |
| ogg_stream_packetin | 0x2090 | 0x14 |
| ogg_stream_packetout | 0x2b10 | 0x15 |
| ogg_stream_packetpeek | 0x2b40 | 0x16 |
| ogg_stream_pagein | 0x2580 | 0x17 |
| ogg_stream_pageout | 0x2100 | 0x18 |
| ogg_stream_reset | 0x29e0 | 0x19 |
| ogg_stream_reset_serialno | 0x2a70 | 0x1a |
| ogg_sync_buffer | 0x22b0 | 0x1b |
| ogg_sync_check | 0x22a0 | 0x1c |
| ogg_sync_clear | 0x21f0 | 0x1d |
| ogg_sync_destroy | 0x2270 | 0x1e |
| ogg_sync_init | 0x2180 | 0x1f |
| ogg_sync_pageout | 0x2520 | 0x20 |
| ogg_sync_pageseek | 0x2380 | 0x21 |
| ogg_sync_reset | 0x29a0 | 0x22 |
| ogg_sync_wrote | 0x2350 | 0x23 |
| oggpackB_adv | 0x3410 | 0x24 |
| oggpackB_adv1 | 0x3470 | 0x25 |
| oggpackB_bits | 0x3780 | 0x26 |
| oggpackB_bytes | 0x3760 | 0x27 |
| oggpackB_get_buffer | 0x37a0 | 0x28 |
| oggpackB_look | 0x32d0 | 0x29 |
| oggpackB_look1 | 0x33b0 | 0x2a |
| oggpackB_read | 0x3590 | 0x2b |
| oggpackB_read1 | 0x36e0 | 0x2c |
| oggpackB_readinit | 0x3200 | 0x2d |
| oggpackB_reset | 0x2d30 | 0x2e |
| oggpackB_write | 0x2ee0 | 0x2f |
| oggpackB_writealign | 0x2ff0 | 0x30 |
| oggpackB_writecheck | 0x2c60 | 0x31 |
| oggpackB_writeclear | 0x31c0 | 0x32 |
| oggpackB_writecopy | 0x3190 | 0x33 |
| oggpackB_writeinit | 0x2c30 | 0x34 |
| oggpackB_writetrunc | 0x2cc0 | 0x35 |
| oggpack_adv | 0x33e0 | 0x36 |
| oggpack_adv1 | 0x3440 | 0x37 |
| oggpack_bits | 0x3750 | 0x38 |
| oggpack_bytes | 0x3730 | 0x39 |
| oggpack_get_buffer | 0x3790 | 0x3a |
| oggpack_look | 0x3230 | 0x3b |
| oggpack_look1 | 0x3380 | 0x3c |
| oggpack_read | 0x34a0 | 0x3d |
| oggpack_read1 | 0x3690 | 0x3e |
| oggpack_readinit | 0x31d0 | 0x3f |
| oggpack_reset | 0x2d00 | 0x40 |
| oggpack_write | 0x2da0 | 0x41 |
| oggpack_writealign | 0x2eb0 | 0x42 |
| oggpack_writecheck | 0x2c40 | 0x43 |
| oggpack_writeclear | 0x2d60 | 0x44 |
| oggpack_writecopy | 0x3160 | 0x45 |
| oggpack_writeinit | 0x2be0 | 0x46 |
| oggpack_writetrunc | 0x2c80 | 0x47 |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\is-P6R77.tmp | Dropped File | Binary |
clean
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\libssl-40.dll (Dropped File) |
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 4.30 MB |
| MD5 |
bd67b10210cee1ec1f07a6cfd1954c77
|
| SHA1 |
6df09d5d96bf13f7a1515031ac5df116f1159a48
|
| SHA256 |
ec6c0f1448e3c2a27bc67c354e1315a1e9088e4e517d099f87036e728b084ad2
|
| SSDeep |
98304:FNk4pd+tbCY0HAYYid0wHYNkzi5bbTGksCWj:Yud+tWYOYezi5rGkn6
|
| ImpHash |
cbcc840e017642712e2e1a60b858720b
|
PE Information
»
| Image Base | 0x10000000 |
| Entry Point | 0x101ceae5 |
| Size Of Code | 0x326200 |
| Size Of Initialized Data | 0x125c00 |
| File Type | FileType.dll |
| Subsystem | Subsystem.windows_gui |
| Machine Type | MachineType.i386 |
| Compile Timestamp | 2021-09-27 18:50:29+00:00 |
Version Information (7)
»
| CompanyName | DusanRodina |
| FileDescription | Ideas Modeler Engine |
| InternalName | LANManagementModelerexport |
| LegalCopyright | Copyright © Dusan Rodina 2021 - 2021 |
| OriginalFilename | Modeler |
| ProductName | Software Ideas Management Modeler export tools |
| ProductVersion | 3.3.1.14 |
Sections (5)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x10001000 | 0x326155 | 0x326200 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.79 |
| .rdata | 0x10328000 | 0xd7b32 | 0xd7c00 | 0x326600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 6.09 |
| .data | 0x10400000 | 0xfdc0 | 0xba00 | 0x3fe200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 4.63 |
| .rsrc | 0x10410000 | 0x1d0f8 | 0x1d200 | 0x409c00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 6.62 |
| .reloc | 0x1042e000 | 0x25254 | 0x25400 | 0x426e00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 6.55 |
Imports (9)
»
KERNEL32.dll (149)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SetThreadPriority | - | 0x1032806c | 0x3fe2a0 | 0x3fc8a0 | 0x562 |
| InitializeCriticalSection | - | 0x10328070 | 0x3fe2a4 | 0x3fc8a4 | 0x361 |
| EnterCriticalSection | - | 0x10328074 | 0x3fe2a8 | 0x3fc8a8 | 0x134 |
| LeaveCriticalSection | - | 0x10328078 | 0x3fe2ac | 0x3fc8ac | 0x3c1 |
| GetCurrentThreadId | - | 0x1032807c | 0x3fe2b0 | 0x3fc8b0 | 0x21f |
| GetLastError | - | 0x10328080 | 0x3fe2b4 | 0x3fc8b4 | 0x264 |
| FormatMessageA | - | 0x10328084 | 0x3fe2b8 | 0x3fc8b8 | 0x1a9 |
| LoadLibraryExA | - | 0x10328088 | 0x3fe2bc | 0x3fc8bc | 0x3c6 |
| SetLastError | - | 0x1032808c | 0x3fe2c0 | 0x3fc8c0 | 0x534 |
| GetSystemTime | - | 0x10328090 | 0x3fe2c4 | 0x3fc8c4 | 0x2ea |
| SystemTimeToFileTime | - | 0x10328094 | 0x3fe2c8 | 0x3fc8c8 | 0x58c |
| QueryPerformanceCounter | - | 0x10328098 | 0x3fe2cc | 0x3fc8cc | 0x44f |
| QueryPerformanceFrequency | - | 0x1032809c | 0x3fe2d0 | 0x3fc8d0 | 0x450 |
| FindClose | - | 0x103280a0 | 0x3fe2d4 | 0x3fc8d4 | 0x178 |
| FindFirstFileW | - | 0x103280a4 | 0x3fe2d8 | 0x3fc8d8 | 0x183 |
| FindNextFileW | - | 0x103280a8 | 0x3fe2dc | 0x3fc8dc | 0x18f |
| GetSystemDirectoryW | - | 0x103280ac | 0x3fe2e0 | 0x3fc8e0 | 0x2e3 |
| GetWindowsDirectoryW | - | 0x103280b0 | 0x3fe2e4 | 0x3fc8e4 | 0x329 |
| FreeLibrary | - | 0x103280b4 | 0x3fe2e8 | 0x3fc8e8 | 0x1ae |
| GetModuleFileNameW | - | 0x103280b8 | 0x3fe2ec | 0x3fc8ec | 0x277 |
| GetProcAddress | - | 0x103280bc | 0x3fe2f0 | 0x3fc8f0 | 0x2b1 |
| MultiByteToWideChar | - | 0x103280c0 | 0x3fe2f4 | 0x3fc8f4 | 0x3f3 |
| WideCharToMultiByte | - | 0x103280c4 | 0x3fe2f8 | 0x3fc8f8 | 0x602 |
| LoadLibraryW | - | 0x103280c8 | 0x3fe2fc | 0x3fc8fc | 0x3c8 |
| GetFullPathNameW | - | 0x103280cc | 0x3fe300 | 0x3fc900 | 0x25c |
| GetLongPathNameW | - | 0x103280d0 | 0x3fe304 | 0x3fc904 | 0x271 |
| GetShortPathNameW | - | 0x103280d4 | 0x3fe308 | 0x3fc908 | 0x2d0 |
| WaitForSingleObjectEx | - | 0x103280d8 | 0x3fe30c | 0x3fc90c | 0x5dc |
| Sleep | - | 0x103280dc | 0x3fe310 | 0x3fc910 | 0x581 |
| SwitchToThread | - | 0x103280e0 | 0x3fe314 | 0x3fc914 | 0x58b |
| InitializeCriticalSectionEx | - | 0x103280e4 | 0x3fe318 | 0x3fc918 | 0x363 |
| GetSystemTimeAsFileTime | - | 0x103280e8 | 0x3fe31c | 0x3fc91c | 0x2ec |
| GetModuleHandleW | - | 0x103280ec | 0x3fe320 | 0x3fc920 | 0x27b |
| DeleteCriticalSection | - | 0x103280f0 | 0x3fe324 | 0x3fc924 | 0x113 |
| EncodePointer | - | 0x103280f4 | 0x3fe328 | 0x3fc928 | 0x130 |
| DecodePointer | - | 0x103280f8 | 0x3fe32c | 0x3fc92c | 0x10c |
| LocalFree | - | 0x103280fc | 0x3fe330 | 0x3fc930 | 0x3d3 |
| LCMapStringEx | - | 0x10328100 | 0x3fe334 | 0x3fc934 | 0x3b4 |
| TryEnterCriticalSection | - | 0x10328104 | 0x3fe338 | 0x3fc938 | 0x5ab |
| GetLocaleInfoEx | - | 0x10328108 | 0x3fe33c | 0x3fc93c | 0x267 |
| GetStringTypeW | - | 0x1032810c | 0x3fe340 | 0x3fc940 | 0x2da |
| GetCPInfo | - | 0x10328110 | 0x3fe344 | 0x3fc944 | 0x1c4 |
| UnhandledExceptionFilter | - | 0x10328114 | 0x3fe348 | 0x3fc948 | 0x5b1 |
| SetUnhandledExceptionFilter | - | 0x10328118 | 0x3fe34c | 0x3fc94c | 0x571 |
| GetCurrentProcess | - | 0x1032811c | 0x3fe350 | 0x3fc950 | 0x21a |
| SetThreadAffinityMask | - | 0x10328120 | 0x3fe354 | 0x3fc954 | 0x557 |
| IsProcessorFeaturePresent | - | 0x10328124 | 0x3fe358 | 0x3fc958 | 0x389 |
| InitializeCriticalSectionAndSpinCount | - | 0x10328128 | 0x3fe35c | 0x3fc95c | 0x362 |
| SetEvent | - | 0x1032812c | 0x3fe360 | 0x3fc960 | 0x518 |
| ResetEvent | - | 0x10328130 | 0x3fe364 | 0x3fc964 | 0x4c8 |
| CreateEventW | - | 0x10328134 | 0x3fe368 | 0x3fc968 | 0xc2 |
| InitializeSListHead | - | 0x10328138 | 0x3fe36c | 0x3fc96c | 0x366 |
| GetCurrentProcessId | - | 0x1032813c | 0x3fe370 | 0x3fc970 | 0x21b |
| IsDebuggerPresent | - | 0x10328140 | 0x3fe374 | 0x3fc974 | 0x382 |
| GetStartupInfoW | - | 0x10328144 | 0x3fe378 | 0x3fc978 | 0x2d3 |
| RtlUnwind | - | 0x10328148 | 0x3fe37c | 0x3fc97c | 0x4d5 |
| RaiseException | - | 0x1032814c | 0x3fe380 | 0x3fc980 | 0x464 |
| InterlockedPushEntrySList | - | 0x10328150 | 0x3fe384 | 0x3fc984 | 0x372 |
| InterlockedFlushSList | - | 0x10328154 | 0x3fe388 | 0x3fc988 | 0x36f |
| TlsAlloc | - | 0x10328158 | 0x3fe38c | 0x3fc98c | 0x5a2 |
| TlsGetValue | - | 0x1032815c | 0x3fe390 | 0x3fc990 | 0x5a4 |
| TlsSetValue | - | 0x10328160 | 0x3fe394 | 0x3fc994 | 0x5a5 |
| TlsFree | - | 0x10328164 | 0x3fe398 | 0x3fc998 | 0x5a3 |
| LoadLibraryExW | - | 0x10328168 | 0x3fe39c | 0x3fc99c | 0x3c7 |
| ExitProcess | - | 0x1032816c | 0x3fe3a0 | 0x3fc9a0 | 0x161 |
| GetModuleHandleExW | - | 0x10328170 | 0x3fe3a4 | 0x3fc9a4 | 0x27a |
| CreateFileW | - | 0x10328174 | 0x3fe3a8 | 0x3fc9a8 | 0xce |
| GetDriveTypeW | - | 0x10328178 | 0x3fe3ac | 0x3fc9ac | 0x232 |
| GetFileInformationByHandle | - | 0x1032817c | 0x3fe3b0 | 0x3fc9b0 | 0x24a |
| GetFileType | - | 0x10328180 | 0x3fe3b4 | 0x3fc9b4 | 0x251 |
| PeekNamedPipe | - | 0x10328184 | 0x3fe3b8 | 0x3fc9b8 | 0x424 |
| SystemTimeToTzSpecificLocalTime | - | 0x10328188 | 0x3fe3bc | 0x3fc9bc | 0x58d |
| FileTimeToSystemTime | - | 0x1032818c | 0x3fe3c0 | 0x3fc9c0 | 0x16d |
| GetFileAttributesExW | - | 0x10328190 | 0x3fe3c4 | 0x3fc9c4 | 0x245 |
| SetEnvironmentVariableW | - | 0x10328194 | 0x3fe3c8 | 0x3fc9c8 | 0x516 |
| GetCurrentDirectoryW | - | 0x10328198 | 0x3fe3cc | 0x3fc9cc | 0x214 |
| CreateDirectoryW | - | 0x1032819c | 0x3fe3d0 | 0x3fc9d0 | 0xbd |
| CreateThread | - | 0x103281a0 | 0x3fe3d4 | 0x3fc9d4 | 0xf6 |
| ExitThread | - | 0x103281a4 | 0x3fe3d8 | 0x3fc9d8 | 0x162 |
| ResumeThread | - | 0x103281a8 | 0x3fe3dc | 0x3fc9dc | 0x4cf |
| FreeLibraryAndExitThread | - | 0x103281ac | 0x3fe3e0 | 0x3fc9e0 | 0x1af |
| HeapAlloc | - | 0x103281b0 | 0x3fe3e4 | 0x3fc9e4 | 0x348 |
| HeapFree | - | 0x103281b4 | 0x3fe3e8 | 0x3fc9e8 | 0x34c |
| GetCurrentThread | - | 0x103281b8 | 0x3fe3ec | 0x3fc9ec | 0x21e |
| GetStdHandle | - | 0x103281bc | 0x3fe3f0 | 0x3fc9f0 | 0x2d5 |
| HeapReAlloc | - | 0x103281c0 | 0x3fe3f4 | 0x3fc9f4 | 0x34f |
| CompareStringW | - | 0x103281c4 | 0x3fe3f8 | 0x3fc9f8 | 0x9e |
| LCMapStringW | - | 0x103281c8 | 0x3fe3fc | 0x3fc9fc | 0x3b5 |
| GetLocaleInfoW | - | 0x103281cc | 0x3fe400 | 0x3fca00 | 0x268 |
| IsValidLocale | - | 0x103281d0 | 0x3fe404 | 0x3fca04 | 0x391 |
| GetUserDefaultLCID | - | 0x103281d4 | 0x3fe408 | 0x3fca08 | 0x315 |
| EnumSystemLocalesW | - | 0x103281d8 | 0x3fe40c | 0x3fca0c | 0x157 |
| FlushFileBuffers | - | 0x103281dc | 0x3fe410 | 0x3fca10 | 0x1a2 |
| WriteFile | - | 0x103281e0 | 0x3fe414 | 0x3fca14 | 0x616 |
| GetConsoleOutputCP | - | 0x103281e4 | 0x3fe418 | 0x3fca18 | 0x203 |
| GetConsoleMode | - | 0x103281e8 | 0x3fe41c | 0x3fca1c | 0x1ff |
| SetConsoleCtrlHandler | - | 0x103281ec | 0x3fe420 | 0x3fca20 | 0x4eb |
| SetStdHandle | - | 0x103281f0 | 0x3fe424 | 0x3fca24 | 0x54e |
| GetFileSizeEx | - | 0x103281f4 | 0x3fe428 | 0x3fca28 | 0x24f |
| SetFilePointerEx | - | 0x103281f8 | 0x3fe42c | 0x3fca2c | 0x525 |
| ReadConsoleW | - | 0x103281fc | 0x3fe430 | 0x3fca30 | 0x472 |
| GetTimeZoneInformation | - | 0x10328200 | 0x3fe434 | 0x3fca34 | 0x311 |
| FindFirstFileExW | - | 0x10328204 | 0x3fe438 | 0x3fca38 | 0x17e |
| IsValidCodePage | - | 0x10328208 | 0x3fe43c | 0x3fca3c | 0x38f |
| GetACP | - | 0x1032820c | 0x3fe440 | 0x3fca40 | 0x1b5 |
| GetOEMCP | - | 0x10328210 | 0x3fe444 | 0x3fca44 | 0x29a |
| GetCommandLineA | - | 0x10328214 | 0x3fe448 | 0x3fca48 | 0x1d9 |
| GetCommandLineW | - | 0x10328218 | 0x3fe44c | 0x3fca4c | 0x1da |
| GetEnvironmentStringsW | - | 0x1032821c | 0x3fe450 | 0x3fca50 | 0x23a |
| FreeEnvironmentStringsW | - | 0x10328220 | 0x3fe454 | 0x3fca54 | 0x1ad |
| GetProcessHeap | - | 0x10328224 | 0x3fe458 | 0x3fca58 | 0x2b7 |
| HeapSize | - | 0x10328228 | 0x3fe45c | 0x3fca5c | 0x351 |
| WriteConsoleW | - | 0x1032822c | 0x3fe460 | 0x3fca60 | 0x615 |
| OutputDebugStringW | - | 0x10328230 | 0x3fe464 | 0x3fca64 | 0x41b |
| SetEndOfFile | - | 0x10328234 | 0x3fe468 | 0x3fca68 | 0x512 |
| CreateSemaphoreA | - | 0x10328238 | 0x3fe46c | 0x3fca6c | 0xec |
| DeleteFileW | - | 0x1032823c | 0x3fe470 | 0x3fca70 | 0x118 |
| WaitForMultipleObjects | - | 0x10328240 | 0x3fe474 | 0x3fca74 | 0x5d9 |
| WaitForSingleObject | - | 0x10328244 | 0x3fe478 | 0x3fca78 | 0x5db |
| SleepEx | - | 0x10328248 | 0x3fe47c | 0x3fca7c | 0x584 |
| MoveFileExA | - | 0x1032824c | 0x3fe480 | 0x3fca80 | 0x3eb |
| DeviceIoControl | - | 0x10328250 | 0x3fe484 | 0x3fca84 | 0x120 |
| RemoveDirectoryA | - | 0x10328254 | 0x3fe488 | 0x3fca88 | 0x4b8 |
| GetFileAttributesExA | - | 0x10328258 | 0x3fe48c | 0x3fca8c | 0x244 |
| GetFileAttributesA | - | 0x1032825c | 0x3fe490 | 0x3fca90 | 0x243 |
| CreateDirectoryA | - | 0x10328260 | 0x3fe494 | 0x3fca94 | 0xb8 |
| ReadConsoleA | - | 0x10328264 | 0x3fe498 | 0x3fca98 | 0x468 |
| SetConsoleMode | - | 0x10328268 | 0x3fe49c | 0x3fca9c | 0x4fb |
| LoadLibraryA | - | 0x1032826c | 0x3fe4a0 | 0x3fcaa0 | 0x3c5 |
| ConvertThreadToFiber | - | 0x10328270 | 0x3fe4a4 | 0x3fcaa4 | 0xa7 |
| ConvertFiberToThread | - | 0x10328274 | 0x3fe4a8 | 0x3fcaa8 | 0xa4 |
| GetEnvironmentVariableW | - | 0x10328278 | 0x3fe4ac | 0x3fcaac | 0x23c |
| CreateFiber | - | 0x1032827c | 0x3fe4b0 | 0x3fcab0 | 0xc3 |
| DeleteFiber | - | 0x10328280 | 0x3fe4b4 | 0x3fcab4 | 0x114 |
| SwitchToFiber | - | 0x10328284 | 0x3fe4b8 | 0x3fcab8 | 0x58a |
| CreateWaitableTimerA | - | 0x10328288 | 0x3fe4bc | 0x3fcabc | 0x100 |
| GetSystemInfo | - | 0x1032828c | 0x3fe4c0 | 0x3fcac0 | 0x2e6 |
| SetWaitableTimer | - | 0x10328290 | 0x3fe4c4 | 0x3fcac4 | 0x57a |
| OpenEventA | - | 0x10328294 | 0x3fe4c8 | 0x3fcac8 | 0x402 |
| CreateEventA | - | 0x10328298 | 0x3fe4cc | 0x3fcacc | 0xbf |
| ReleaseSemaphore | - | 0x1032829c | 0x3fe4d0 | 0x3fcad0 | 0x4b6 |
| TerminateThread | - | 0x103282a0 | 0x3fe4d4 | 0x3fcad4 | 0x591 |
| GetFileSize | - | 0x103282a4 | 0x3fe4d8 | 0x3fcad8 | 0x24e |
| CloseHandle | - | 0x103282a8 | 0x3fe4dc | 0x3fcadc | 0x89 |
| DisableThreadLibraryCalls | - | 0x103282ac | 0x3fe4e0 | 0x3fcae0 | 0x121 |
| CreateFileA | - | 0x103282b0 | 0x3fe4e4 | 0x3fcae4 | 0xc6 |
| GetModuleHandleA | - | 0x103282b4 | 0x3fe4e8 | 0x3fcae8 | 0x278 |
| TerminateProcess | - | 0x103282b8 | 0x3fe4ec | 0x3fcaec | 0x590 |
| ReadFile | - | 0x103282bc | 0x3fe4f0 | 0x3fcaf0 | 0x475 |
WS2_32.dll (16)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| recv | 0x10 | 0x10328464 | 0x3fe698 | 0x3fcc98 | - |
| getsockopt | 0x7 | 0x10328468 | 0x3fe69c | 0x3fcc9c | - |
| getsockname | 0x6 | 0x1032846c | 0x3fe6a0 | 0x3fcca0 | - |
| connect | 0x4 | 0x10328470 | 0x3fe6a4 | 0x3fcca4 | - |
| closesocket | 0x3 | 0x10328474 | 0x3fe6a8 | 0x3fcca8 | - |
| setsockopt | 0x15 | 0x10328478 | 0x3fe6ac | 0x3fccac | - |
| WSASetLastError | 0x70 | 0x1032847c | 0x3fe6b0 | 0x3fccb0 | - |
| WSAGetLastError | 0x6f | 0x10328480 | 0x3fe6b4 | 0x3fccb4 | - |
| WSAIoctl | - | 0x10328484 | 0x3fe6b8 | 0x3fccb8 | 0x3a |
| select | 0x12 | 0x10328488 | 0x3fe6bc | 0x3fccbc | - |
| socket | 0x17 | 0x1032848c | 0x3fe6c0 | 0x3fccc0 | - |
| WSAStartup | 0x73 | 0x10328490 | 0x3fe6c4 | 0x3fccc4 | - |
| send | 0x13 | 0x10328494 | 0x3fe6c8 | 0x3fccc8 | - |
| gethostbyname | 0x34 | 0x10328498 | 0x3fe6cc | 0x3fcccc | - |
| ioctlsocket | 0xa | 0x1032849c | 0x3fe6d0 | 0x3fccd0 | - |
| WSACleanup | 0x74 | 0x103284a0 | 0x3fe6d4 | 0x3fccd4 | - |
Secur32.dll (5)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| FreeCredentialsHandle | - | 0x1032843c | 0x3fe670 | 0x3fcc70 | 0x18 |
| FreeContextBuffer | - | 0x10328440 | 0x3fe674 | 0x3fcc74 | 0x17 |
| InitializeSecurityContextA | - | 0x10328444 | 0x3fe678 | 0x3fcc78 | 0x23 |
| AcquireCredentialsHandleA | - | 0x10328448 | 0x3fe67c | 0x3fcc7c | 0x1 |
| DeleteSecurityContext | - | 0x1032844c | 0x3fe680 | 0x3fcc80 | 0x10 |
ADVAPI32.dll (18)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CryptDecrypt | - | 0x10328000 | 0x3fe234 | 0x3fc834 | 0xc5 |
| DeregisterEventSource | - | 0x10328004 | 0x3fe238 | 0x3fc838 | 0xed |
| RegisterEventSourceW | - | 0x10328008 | 0x3fe23c | 0x3fc83c | 0x2ae |
| ReportEventW | - | 0x1032800c | 0x3fe240 | 0x3fc840 | 0x2c0 |
| CryptAcquireContextW | - | 0x10328010 | 0x3fe244 | 0x3fc844 | 0xc2 |
| CryptReleaseContext | - | 0x10328014 | 0x3fe248 | 0x3fc848 | 0xdc |
| CryptGenRandom | - | 0x10328018 | 0x3fe24c | 0x3fc84c | 0xd2 |
| CryptAcquireContextA | - | 0x1032801c | 0x3fe250 | 0x3fc850 | 0xc1 |
| CryptEnumProvidersW | - | 0x10328020 | 0x3fe254 | 0x3fc854 | 0xcf |
| CryptSignHashW | - | 0x10328024 | 0x3fe258 | 0x3fc858 | 0xe5 |
| CryptDestroyHash | - | 0x10328028 | 0x3fe25c | 0x3fc85c | 0xc7 |
| CryptCreateHash | - | 0x1032802c | 0x3fe260 | 0x3fc860 | 0xc4 |
| GetUserNameA | - | 0x10328030 | 0x3fe264 | 0x3fc864 | 0x17a |
| CryptExportKey | - | 0x10328034 | 0x3fe268 | 0x3fc868 | 0xd0 |
| CryptGetUserKey | - | 0x10328038 | 0x3fe26c | 0x3fc86c | 0xd8 |
| CryptGetProvParam | - | 0x1032803c | 0x3fe270 | 0x3fc870 | 0xd7 |
| CryptSetHashParam | - | 0x10328040 | 0x3fe274 | 0x3fc874 | 0xdd |
| CryptDestroyKey | - | 0x10328044 | 0x3fe278 | 0x3fc878 | 0xc8 |
SHELL32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SHGetFolderPathA | - | 0x10328434 | 0x3fe668 | 0x3fcc68 | 0x14b |
OPENGL32.dll (91)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| wglGetProcAddress | - | 0x103282c4 | 0x3fe4f8 | 0x3fcaf8 | 0x163 |
| glTexImage1D | - | 0x103282c8 | 0x3fe4fc | 0x3fcafc | 0x133 |
| glDrawArrays | - | 0x103282cc | 0x3fe500 | 0x3fcb00 | 0x48 |
| glDeleteLists | - | 0x103282d0 | 0x3fe504 | 0x3fcb04 | 0x41 |
| glEndList | - | 0x103282d4 | 0x3fe508 | 0x3fcb08 | 0x52 |
| glGenLists | - | 0x103282d8 | 0x3fe50c | 0x3fcb0c | 0x68 |
| glNewList | - | 0x103282dc | 0x3fe510 | 0x3fcb10 | 0xb8 |
| glColor3dv | - | 0x103282e0 | 0x3fe514 | 0x3fcb14 | 0x1a |
| glColor3fv | - | 0x103282e4 | 0x3fe518 | 0x3fcb18 | 0x1c |
| glColor4dv | - | 0x103282e8 | 0x3fe51c | 0x3fcb1c | 0x2a |
| glColor4ubv | - | 0x103282ec | 0x3fe520 | 0x3fcb20 | 0x32 |
| glNormal3bv | - | 0x103282f0 | 0x3fe524 | 0x3fcb24 | 0xba |
| glNormal3dv | - | 0x103282f4 | 0x3fe528 | 0x3fcb28 | 0xbc |
| glNormal3fv | - | 0x103282f8 | 0x3fe52c | 0x3fcb2c | 0xbe |
| glNormal3sv | - | 0x103282fc | 0x3fe530 | 0x3fcb30 | 0xc2 |
| glColorPointer | - | 0x10328300 | 0x3fe534 | 0x3fcb34 | 0x39 |
| glDisableClientState | - | 0x10328304 | 0x3fe538 | 0x3fcb38 | 0x47 |
| glEnableClientState | - | 0x10328308 | 0x3fe53c | 0x3fcb3c | 0x50 |
| glNormalPointer | - | 0x1032830c | 0x3fe540 | 0x3fcb40 | 0xc3 |
| glTexCoordPointer | - | 0x10328310 | 0x3fe544 | 0x3fcb44 | 0x128 |
| glVertexPointer | - | 0x10328314 | 0x3fe548 | 0x3fcb48 | 0x155 |
| glClear | - | 0x10328318 | 0x3fe54c | 0x3fcb4c | 0x10 |
| glClearColor | - | 0x1032831c | 0x3fe550 | 0x3fcb50 | 0x12 |
| glScissor | - | 0x10328320 | 0x3fe554 | 0x3fcb54 | 0x102 |
| glViewport | - | 0x10328324 | 0x3fe558 | 0x3fcb58 | 0x156 |
| glFinish | - | 0x10328328 | 0x3fe55c | 0x3fcb5c | 0x60 |
| glFlush | - | 0x1032832c | 0x3fe560 | 0x3fcb60 | 0x61 |
| glLightf | - | 0x10328330 | 0x3fe564 | 0x3fcb64 | 0x9d |
| glLightfv | - | 0x10328334 | 0x3fe568 | 0x3fcb68 | 0x9e |
| glColorMask | - | 0x10328338 | 0x3fe56c | 0x3fcb6c | 0x37 |
| glDepthMask | - | 0x1032833c | 0x3fe570 | 0x3fcb70 | 0x44 |
| glPopAttrib | - | 0x10328340 | 0x3fe574 | 0x3fcb74 | 0xd2 |
| glPushAttrib | - | 0x10328344 | 0x3fe578 | 0x3fcb78 | 0xd7 |
| glClearAccum | - | 0x10328348 | 0x3fe57c | 0x3fcb7c | 0x11 |
| glClearDepth | - | 0x1032834c | 0x3fe580 | 0x3fcb80 | 0x13 |
| glClearStencil | - | 0x10328350 | 0x3fe584 | 0x3fcb84 | 0x15 |
| glLoadIdentity | - | 0x10328354 | 0x3fe588 | 0x3fcb88 | 0xa4 |
| glStencilMask | - | 0x10328358 | 0x3fe58c | 0x3fcb8c | 0x106 |
| glCallList | - | 0x1032835c | 0x3fe590 | 0x3fcb90 | 0xe |
| glLightModelfv | - | 0x10328360 | 0x3fe594 | 0x3fcb94 | 0x9a |
| glRecti | - | 0x10328364 | 0x3fe598 | 0x3fcb98 | 0xf9 |
| glOrtho | - | 0x10328368 | 0x3fe59c | 0x3fcb9c | 0xc4 |
| glNormal3f | - | 0x1032836c | 0x3fe5a0 | 0x3fcba0 | 0xbd |
| glColor4f | - | 0x10328370 | 0x3fe5a4 | 0x3fcba4 | 0x2b |
| glDepthRange | - | 0x10328374 | 0x3fe5a8 | 0x3fcba8 | 0x45 |
| glDepthFunc | - | 0x10328378 | 0x3fe5ac | 0x3fcbac | 0x43 |
| glPolygonStipple | - | 0x1032837c | 0x3fe5b0 | 0x3fcbb0 | 0xd1 |
| glStencilOp | - | 0x10328380 | 0x3fe5b4 | 0x3fcbb4 | 0x107 |
| glReadPixels | - | 0x10328384 | 0x3fe5b8 | 0x3fcbb8 | 0xf4 |
| glGetTexLevelParameteriv | - | 0x10328388 | 0x3fe5bc | 0x3fcbbc | 0x84 |
| glGetTexImage | - | 0x1032838c | 0x3fe5c0 | 0x3fcbc0 | 0x82 |
| glGetBooleanv | - | 0x10328390 | 0x3fe5c4 | 0x3fcbc4 | 0x6a |
| glBlendFunc | - | 0x10328394 | 0x3fe5c8 | 0x3fcbc8 | 0xd |
| glMaterialfv | - | 0x10328398 | 0x3fe5cc | 0x3fcbcc | 0xb2 |
| glMaterialf | - | 0x1032839c | 0x3fe5d0 | 0x3fcbd0 | 0xb1 |
| glColorMaterial | - | 0x103283a0 | 0x3fe5d4 | 0x3fcbd4 | 0x38 |
| glStencilFunc | - | 0x103283a4 | 0x3fe5d8 | 0x3fcbd8 | 0x105 |
| glScalef | - | 0x103283a8 | 0x3fe5dc | 0x3fcbdc | 0x101 |
| glColor4fv | - | 0x103283ac | 0x3fe5e0 | 0x3fcbe0 | 0x2c |
| glReadBuffer | - | 0x103283b0 | 0x3fe5e4 | 0x3fcbe4 | 0xf3 |
| glMatrixMode | - | 0x103283b4 | 0x3fe5e8 | 0x3fcbe8 | 0xb5 |
| glLoadMatrixd | - | 0x103283b8 | 0x3fe5ec | 0x3fcbec | 0xa5 |
| glGetString | - | 0x103283bc | 0x3fe5f0 | 0x3fcbf0 | 0x7c |
| glGetIntegerv | - | 0x103283c0 | 0x3fe5f4 | 0x3fcbf4 | 0x6f |
| glGetError | - | 0x103283c4 | 0x3fe5f8 | 0x3fcbf8 | 0x6d |
| glEnable | - | 0x103283c8 | 0x3fe5fc | 0x3fcbfc | 0x4f |
| glDrawElements | - | 0x103283cc | 0x3fe600 | 0x3fcc00 | 0x4a |
| glDrawBuffer | - | 0x103283d0 | 0x3fe604 | 0x3fcc04 | 0x49 |
| glDisable | - | 0x103283d4 | 0x3fe608 | 0x3fcc08 | 0x46 |
| glTexEnvi | - | 0x103283d8 | 0x3fe60c | 0x3fcc0c | 0x12b |
| glTexEnvfv | - | 0x103283dc | 0x3fe610 | 0x3fcc10 | 0x12a |
| glCopyTexSubImage2D | - | 0x103283e0 | 0x3fe614 | 0x3fcc14 | 0x3e |
| glCopyTexImage2D | - | 0x103283e4 | 0x3fe618 | 0x3fcc18 | 0x3c |
| glTexSubImage2D | - | 0x103283e8 | 0x3fe61c | 0x3fcc1c | 0x13a |
| glTexParameteriv | - | 0x103283ec | 0x3fe620 | 0x3fcc20 | 0x138 |
| glTexParameteri | - | 0x103283f0 | 0x3fe624 | 0x3fcc24 | 0x137 |
| glTexParameterfv | - | 0x103283f4 | 0x3fe628 | 0x3fcc28 | 0x136 |
| glTexParameterf | - | 0x103283f8 | 0x3fe62c | 0x3fcc2c | 0x135 |
| glTexImage2D | - | 0x103283fc | 0x3fe630 | 0x3fcc30 | 0x134 |
| glPixelStorei | - | 0x10328400 | 0x3fe634 | 0x3fcc34 | 0xca |
| glGenTextures | - | 0x10328404 | 0x3fe638 | 0x3fcc38 | 0x69 |
| glDeleteTextures | - | 0x10328408 | 0x3fe63c | 0x3fcc3c | 0x42 |
| glBindTexture | - | 0x1032840c | 0x3fe640 | 0x3fcc40 | 0xb |
| glCopyTexSubImage1D | - | 0x10328410 | 0x3fe644 | 0x3fcc44 | 0x3d |
| glCopyTexImage1D | - | 0x10328414 | 0x3fe648 | 0x3fcc48 | 0x3b |
| glAlphaFunc | - | 0x10328418 | 0x3fe64c | 0x3fcc4c | 0x7 |
| glTexGeni | - | 0x1032841c | 0x3fe650 | 0x3fcc50 | 0x131 |
| glTexGendv | - | 0x10328420 | 0x3fe654 | 0x3fcc54 | 0x12e |
| glPolygonMode | - | 0x10328424 | 0x3fe658 | 0x3fcc58 | 0xcf |
| wglGetCurrentDC | - | 0x10328428 | 0x3fe65c | 0x3fcc5c | 0x15f |
| glLightModeli | - | 0x1032842c | 0x3fe660 | 0x3fcc60 | 0x9b |
CRYPT32.dll (7)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CertDuplicateCertificateContext | - | 0x1032804c | 0x3fe280 | 0x3fc880 | 0x25 |
| CertFindCertificateInStore | - | 0x10328050 | 0x3fe284 | 0x3fc884 | 0x35 |
| CertEnumCertificatesInStore | - | 0x10328054 | 0x3fe288 | 0x3fc888 | 0x2c |
| CertFreeCertificateContext | - | 0x10328058 | 0x3fe28c | 0x3fc88c | 0x40 |
| CertOpenStore | - | 0x1032805c | 0x3fe290 | 0x3fc890 | 0x59 |
| CertGetCertificateContextProperty | - | 0x10328060 | 0x3fe294 | 0x3fc894 | 0x46 |
| CertCloseStore | - | 0x10328064 | 0x3fe298 | 0x3fc898 | 0x12 |
bcrypt.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| BCryptGenRandom | - | 0x103284a8 | 0x3fe6dc | 0x3fccdc | 0x1d |
USER32.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| MessageBoxW | - | 0x10328454 | 0x3fe688 | 0x3fcc88 | 0x288 |
| GetUserObjectInformationW | - | 0x10328458 | 0x3fe68c | 0x3fcc8c | 0x1d6 |
| GetProcessWindowStation | - | 0x1032845c | 0x3fe690 | 0x3fcc90 | 0x1ac |
Exports (1)
»
| Api name | EAT Address | Ordinal |
|---|---|---|
| libicon_close | 0x50fcb | 0x1 |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\is-EJ12O.tmp | Dropped File | Binary |
clean
Known to be clean.
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\libtasn1-6.dll (Dropped File) |
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 78.76 KB |
| MD5 |
266fa5bac8fab45a57b3eb68495334f4
|
| SHA1 |
c845b88a5f2279e348886e4d6246f855acaa85b9
|
| SHA256 |
c8a3b86d6e930b21f428a3cac3cc8fb432716d16043824df886731565bfe8a23
|
| SSDeep |
1536:K7jqZI3jgg9IJgo+wrcKl8l2gdejHL8jT7x8ZKQi3uh:yUojggfo+wgl2gGHLYXx80T3uh
|
| ImpHash |
68f631bf3ac16fd77a46491896f6014e
|
PE Information
»
| Image Base | 0x65f00000 |
| Entry Point | 0x65f01400 |
| Size Of Code | 0xd600 |
| Size Of Initialized Data | 0x5600 |
| Size Of Uninitialized Data | 0xc00 |
| File Type | FileType.dll |
| Subsystem | Subsystem.windows_cui |
| Machine Type | MachineType.amd64 |
| Compile Timestamp | 1970-01-01 00:00:00+00:00 |
Sections (13)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x65f01000 | 0xd480 | 0xd600 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.14 |
| .data | 0x65f0f000 | 0x60 | 0x200 | 0xda00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.5 |
| .rdata | 0x65f10000 | 0x2c40 | 0x2e00 | 0xdc00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ | 5.13 |
| /4 | 0x65f13000 | 0x35 | 0x200 | 0x10a00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ | 0.57 |
| .pdata | 0x65f14000 | 0x5c4 | 0x600 | 0x10c00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ | 4.52 |
| .xdata | 0x65f15000 | 0x608 | 0x800 | 0x11200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ | 3.77 |
| .bss | 0x65f16000 | 0xbf0 | 0x0 | 0x0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
| .edata | 0x65f17000 | 0x436 | 0x600 | 0x11a00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ | 3.94 |
| .idata | 0x65f18000 | 0x828 | 0xa00 | 0x12000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 3.71 |
| .CRT | 0x65f19000 | 0x58 | 0x200 | 0x12a00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.2 |
| .tls | 0x65f1a000 | 0x68 | 0x200 | 0x12c00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.27 |
| .reloc | 0x65f1b000 | 0x1d8 | 0x200 | 0x12e00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 4.84 |
| /14 | 0x65f1c000 | 0x1c | 0x200 | 0x13000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.47 |
Imports (2)
»
KERNEL32.dll (22)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| DeleteCriticalSection | - | 0x65f18214 | 0x1803c | 0x1203c | 0xd8 |
| EnterCriticalSection | - | 0x65f1821c | 0x18044 | 0x12044 | 0xf8 |
| GetCurrentProcess | - | 0x65f18224 | 0x1804c | 0x1204c | 0x1cd |
| GetCurrentProcessId | - | 0x65f1822c | 0x18054 | 0x12054 | 0x1ce |
| GetCurrentThreadId | - | 0x65f18234 | 0x1805c | 0x1205c | 0x1d2 |
| GetLastError | - | 0x65f1823c | 0x18064 | 0x12064 | 0x210 |
| GetSystemTimeAsFileTime | - | 0x65f18244 | 0x1806c | 0x1206c | 0x28a |
| GetTickCount | - | 0x65f1824c | 0x18074 | 0x12074 | 0x2a5 |
| InitializeCriticalSection | - | 0x65f18254 | 0x1807c | 0x1207c | 0x2f9 |
| LeaveCriticalSection | - | 0x65f1825c | 0x18084 | 0x12084 | 0x34b |
| QueryPerformanceCounter | - | 0x65f18264 | 0x1808c | 0x1208c | 0x3bb |
| RtlAddFunctionTable | - | 0x65f1826c | 0x18094 | 0x12094 | 0x401 |
| RtlCaptureContext | - | 0x65f18274 | 0x1809c | 0x1209c | 0x402 |
| RtlLookupFunctionEntry | - | 0x65f1827c | 0x180a4 | 0x120a4 | 0x409 |
| RtlVirtualUnwind | - | 0x65f18284 | 0x180ac | 0x120ac | 0x410 |
| SetUnhandledExceptionFilter | - | 0x65f1828c | 0x180b4 | 0x120b4 | 0x49f |
| Sleep | - | 0x65f18294 | 0x180bc | 0x120bc | 0x4ac |
| TerminateProcess | - | 0x65f1829c | 0x180c4 | 0x120c4 | 0x4ba |
| TlsGetValue | - | 0x65f182a4 | 0x180cc | 0x120cc | 0x4c1 |
| UnhandledExceptionFilter | - | 0x65f182ac | 0x180d4 | 0x120d4 | 0x4ce |
| VirtualProtect | - | 0x65f182b4 | 0x180dc | 0x120dc | 0x4ec |
| VirtualQuery | - | 0x65f182bc | 0x180e4 | 0x120e4 | 0x4ee |
msvcrt.dll (35)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| __dllonexit | - | 0x65f182cc | 0x180f4 | 0x120f4 | 0x4e |
| __iob_func | - | 0x65f182d4 | 0x180fc | 0x120fc | 0x53 |
| _amsg_exit | - | 0x65f182dc | 0x18104 | 0x12104 | 0x78 |
| _initterm | - | 0x65f182e4 | 0x1810c | 0x1210c | 0x11c |
| _lock | - | 0x65f182ec | 0x18114 | 0x12114 | 0x182 |
| _onexit | - | 0x65f182f4 | 0x1811c | 0x1211c | 0x227 |
| _unlock | - | 0x65f182fc | 0x18124 | 0x12124 | 0x2c9 |
| _vsnprintf | - | 0x65f18304 | 0x1812c | 0x1212c | 0x2e6 |
| abort | - | 0x65f1830c | 0x18134 | 0x12134 | 0x385 |
| calloc | - | 0x65f18314 | 0x1813c | 0x1213c | 0x392 |
| fclose | - | 0x65f1831c | 0x18144 | 0x12144 | 0x3a0 |
| fgetc | - | 0x65f18324 | 0x1814c | 0x1214c | 0x3a4 |
| fopen | - | 0x65f1832c | 0x18154 | 0x12154 | 0x3ac |
| fprintf | - | 0x65f18334 | 0x1815c | 0x1215c | 0x3ae |
| fputc | - | 0x65f1833c | 0x18164 | 0x12164 | 0x3b0 |
| fputs | - | 0x65f18344 | 0x1816c | 0x1216c | 0x3b1 |
| free | - | 0x65f1834c | 0x18174 | 0x12174 | 0x3b5 |
| fwrite | - | 0x65f18354 | 0x1817c | 0x1217c | 0x3c0 |
| malloc | - | 0x65f1835c | 0x18184 | 0x12184 | 0x3ee |
| memcmp | - | 0x65f18364 | 0x1818c | 0x1218c | 0x3f5 |
| memcpy | - | 0x65f1836c | 0x18194 | 0x12194 | 0x3f6 |
| memmove | - | 0x65f18374 | 0x1819c | 0x1219c | 0x3f7 |
| realloc | - | 0x65f1837c | 0x181a4 | 0x121a4 | 0x408 |
| signal | - | 0x65f18384 | 0x181ac | 0x121ac | 0x412 |
| strcat | - | 0x65f1838c | 0x181b4 | 0x121b4 | 0x41b |
| strchr | - | 0x65f18394 | 0x181bc | 0x121bc | 0x41d |
| strcmp | - | 0x65f1839c | 0x181c4 | 0x121c4 | 0x41e |
| strcpy | - | 0x65f183a4 | 0x181cc | 0x121cc | 0x420 |
| strlen | - | 0x65f183ac | 0x181d4 | 0x121d4 | 0x425 |
| strncat | - | 0x65f183b4 | 0x181dc | 0x121dc | 0x426 |
| strncmp | - | 0x65f183bc | 0x181e4 | 0x121e4 | 0x428 |
| strtol | - | 0x65f183c4 | 0x181ec | 0x121ec | 0x432 |
| strtoul | - | 0x65f183cc | 0x181f4 | 0x121f4 | 0x433 |
| ungetc | - | 0x65f183d4 | 0x181fc | 0x121fc | 0x445 |
| vfprintf | - | 0x65f183dc | 0x18204 | 0x12204 | 0x447 |
Exports (35)
»
| Api name | EAT Address | Ordinal |
|---|---|---|
| asn1_array2tree | 0xb3c0 | 0x1 |
| asn1_bit_der | 0x3f10 | 0x2 |
| asn1_check_version | 0xcc20 | 0x3 |
| asn1_copy_node | 0xcb30 | 0x4 |
| asn1_create_element | 0xb8f0 | 0x5 |
| asn1_decode_simple_der | 0x8de0 | 0x6 |
| asn1_delete_element | 0xb700 | 0x7 |
| asn1_delete_structure | 0xb610 | 0x8 |
| asn1_der_coding | 0x3fd0 | 0x9 |
| asn1_der_decoding | 0x5f70 | 0xa |
| asn1_der_decoding_element | 0x6d70 | 0xb |
| asn1_der_decoding_startEnd | 0x8110 | 0xc |
| asn1_encode_simple_der | 0x3e20 | 0xd |
| asn1_expand_any_defined_by | 0x8720 | 0xe |
| asn1_expand_octet_string | 0x8b60 | 0xf |
| asn1_find_node | 0xa1a0 | 0x10 |
| asn1_find_structure_from_oid | 0xca00 | 0x11 |
| asn1_get_bit_der | 0x5ee0 | 0x12 |
| asn1_get_length_ber | 0x5ab0 | 0x13 |
| asn1_get_length_der | 0x5350 | 0x14 |
| asn1_get_octet_der | 0x5e60 | 0x15 |
| asn1_get_tag_der | 0x58f0 | 0x16 |
| asn1_length_der | 0x3d80 | 0x17 |
| asn1_number_of_elements | 0xc990 | 0x18 |
| asn1_octet_der | 0x3da0 | 0x19 |
| asn1_parser2array | 0x3940 | 0x1a |
| asn1_parser2tree | 0x3800 | 0x1b |
| asn1_perror | 0x9fb0 | 0x1c |
| asn1_print_structure | 0xbd50 | 0x1d |
| asn1_read_node_value | 0x9f90 | 0x1e |
| asn1_read_tag | 0x9e40 | 0x1f |
| asn1_read_value | 0x9e20 | 0x20 |
| asn1_read_value_type | 0x99d0 | 0x21 |
| asn1_strerror | 0xa020 | 0x22 |
| asn1_write_value | 0x9120 | 0x23 |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\is-09UFK.tmp | Dropped File | Text |
clean
Known to be clean.
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\License.txt (Dropped File) |
| MIME Type | text/plain |
| File Size | 14.75 KB |
| MD5 |
d13ade1829c8b1a1621db24d91f2d082
|
| SHA1 |
a7bd24e809ef9be6a37ef2bd01d23d4465e979dd
|
| SHA256 |
079952dc637dbaa9806c40a001bf5837079ade9066f8aa18c80d23507b7e3da3
|
| SSDeep |
192:s4HVPM3N2zi6547iYOE6k+jLPv4IdQQXyAOiDaoL8HZwM3fxEq/Sl4eAxjf+6:s4Hmv7iE6kY4I9yAO2NL8OMBI4eAxTV
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\is-I9Q09.tmp | Dropped File | Binary |
clean
Known to be clean.
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\Microsoft.ReportViewer.ProcessingObjectModel.dll (Dropped File) |
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 52.00 KB |
| MD5 |
253bc53169ad46b1eafb92982ba7268e
|
| SHA1 |
3f2f8c6324480b1f39c7bc06b8503feedfe5def4
|
| SHA256 |
ca513f09b64f8e3dc8ee09663854adf7e4e84544133d07a3a2ef55701abfad4c
|
| SSDeep |
384:Lo5zW/Z0L39rAzRdjfNnCuYE0myI+Stu1OooEoZj1ofV5dkn67vc6ea3bKyEeJPG:LorLSpl2HJ3orWB3F9JUsm/n
|
| ImpHash |
dae02f32a21e03ce65412f6e56942daa
|
PE Information
»
| Image Base | 0x10000000 |
| Entry Point | 0x1000b40e |
| Size Of Code | 0xa000 |
| Size Of Initialized Data | 0x2000 |
| File Type | FileType.dll |
| Subsystem | Subsystem.windows_cui |
| Machine Type | MachineType.i386 |
| Compile Timestamp | 2007-11-07 04:38:49+00:00 |
Version Information (10)
»
| Comments | Microsoft.ReportViewer.ProcessingObjectModel.dll |
| CompanyName | Microsoft Corporation |
| FileDescription | Microsoft.ReportViewer.ProcessingObjectModel.dll |
| FileVersion | 9.0.21022.8 |
| InternalName | Microsoft.ReportViewer.ProcessingObjectModel.dll |
| LegalCopyright | © Microsoft Corporation. All rights reserved. |
| OriginalFilename | Microsoft.ReportViewer.ProcessingObjectModel.dll |
| ProductName | Microsoft (R) Visual Studio (R) 2008 |
| ProductVersion | 9.0.21022.8 |
| Assembly Version | 9.0.0.0 |
Sections (3)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x10002000 | 0x9414 | 0xa000 | 0x1000 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 5.43 |
| .rsrc | 0x1000c000 | 0x530 | 0x1000 | 0xb000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 1.35 |
| .reloc | 0x1000e000 | 0xc | 0x1000 | 0xc000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.01 |
Imports (1)
»
mscoree.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| _CorDllMain | - | 0x10002000 | 0xb3e0 | 0xa3e0 | 0x0 |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\is-83M4S.tmp | Dropped File | Binary |
clean
Known to be clean.
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\mingwm10.dll (Dropped File) |
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 7.01 KB |
| MD5 |
a5a239c980d6791086b7fe0e2ca38974
|
| SHA1 |
dbd8e70db07ac78e007b13cc8ae80c9a3885a592
|
| SHA256 |
fb33c708c2f83c188dc024b65cb620d7e2c3939c155bc1c15dc73dccebe256b7
|
| SSDeep |
96:AT0nsNJmBwoCtrOEhXpOITI151ihv2idiG:83KwoCtrOESITI151ihvtp
|
| ImpHash |
39a59277c38bf7ac63744580b3564bac
|
PE Information
»
| Image Base | 0x6fbc0000 |
| Entry Point | 0x6fbc10c0 |
| Size Of Code | 0xa00 |
| Size Of Initialized Data | 0x1800 |
| Size Of Uninitialized Data | 0x200 |
| File Type | FileType.dll |
| Subsystem | Subsystem.windows_cui |
| Machine Type | MachineType.i386 |
| Compile Timestamp | 2016-01-29 15:46:15+00:00 |
Sections (8)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x6fbc1000 | 0x860 | 0xa00 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 5.42 |
| .data | 0x6fbc2000 | 0x8 | 0x200 | 0xe00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.08 |
| .rdata | 0x6fbc3000 | 0x110 | 0x200 | 0x1000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ | 3.3 |
| /4 | 0x6fbc4000 | 0x4 | 0x200 | 0x1200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ | 0.0 |
| .bss | 0x6fbc5000 | 0xb4 | 0x0 | 0x0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
| .edata | 0x6fbc6000 | 0x78 | 0x200 | 0x1400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ | 1.38 |
| .idata | 0x6fbc7000 | 0x29c | 0x400 | 0x1600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 3.15 |
| .reloc | 0x6fbc8000 | 0xc0 | 0x200 | 0x1a00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 2.83 |
Imports (2)
»
msvcrt.dll (11)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| __dllonexit | - | 0x6fbc7098 | 0x703c | 0x163c | 0x34 |
| _errno | - | 0x6fbc709c | 0x7040 | 0x1640 | 0xb6 |
| _iob | - | 0x6fbc70a0 | 0x7044 | 0x1644 | 0x10a |
| abort | - | 0x6fbc70a4 | 0x7048 | 0x1648 | 0x247 |
| calloc | - | 0x6fbc70a8 | 0x704c | 0x164c | 0x253 |
| fflush | - | 0x6fbc70ac | 0x7050 | 0x1650 | 0x262 |
| free | - | 0x6fbc70b0 | 0x7054 | 0x1654 | 0x271 |
| fwrite | - | 0x6fbc70b4 | 0x7058 | 0x1658 | 0x279 |
| malloc | - | 0x6fbc70b8 | 0x705c | 0x165c | 0x2a4 |
| memcpy | - | 0x6fbc70bc | 0x7060 | 0x1660 | 0x2aa |
| vfprintf | - | 0x6fbc70c0 | 0x7064 | 0x1664 | 0x2ec |
KERNEL32.dll (10)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| DeleteCriticalSection | - | 0x6fbc70c8 | 0x706c | 0x166c | 0x6b |
| EnterCriticalSection | - | 0x6fbc70cc | 0x7070 | 0x1670 | 0x7e |
| GetLastError | - | 0x6fbc70d0 | 0x7074 | 0x1674 | 0x145 |
| GetModuleHandleA | - | 0x6fbc70d4 | 0x7078 | 0x1678 | 0x151 |
| GetProcAddress | - | 0x6fbc70d8 | 0x707c | 0x167c | 0x16c |
| InitializeCriticalSection | - | 0x6fbc70dc | 0x7080 | 0x1680 | 0x1ec |
| LeaveCriticalSection | - | 0x6fbc70e0 | 0x7084 | 0x1684 | 0x20b |
| TlsGetValue | - | 0x6fbc70e4 | 0x7088 | 0x1688 | 0x2fd |
| VirtualProtect | - | 0x6fbc70e8 | 0x708c | 0x168c | 0x31e |
| VirtualQuery | - | 0x6fbc70ec | 0x7090 | 0x1690 | 0x321 |
Exports (2)
»
| Api name | EAT Address | Ordinal |
|---|---|---|
| __mingwthr_key_dtor | 0x12c0 | 0x2 |
| __mingwthr_remove_key_dtor | 0x1250 | 0x1 |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\is-O37I0.tmp | Dropped File | Binary |
clean
Known to be clean.
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\pthreadGC2.dll (Dropped File) |
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 35.50 KB |
| MD5 |
928c9eea653311af8efc155da5a1d6a5
|
| SHA1 |
27300fcd5c22245573f5595ecbd64fce89c53750
|
| SHA256 |
6dc4bee625a2c5e3499e36fe7c6ff8ead92adf6aae40c4099fdc8ef82e85b387
|
| SSDeep |
384:RHKAwDe/yMw0U0GuOI+KDYZ1EWsLKkSqPmMmg2oes9yzCuFYh3oDqLjBISO0IqMU:RHKAm0UsO76WsxDmELsCDIMiH3YN
|
| ImpHash |
4ed4b97c004af0f3c95aeb69c247d60b
|
PE Information
»
| Image Base | 0x61180000 |
| Entry Point | 0x61181000 |
| Size Of Code | 0x6600 |
| Size Of Initialized Data | 0x8a00 |
| Size Of Uninitialized Data | 0x200 |
| File Type | FileType.dll |
| Subsystem | Subsystem.windows_cui |
| Machine Type | MachineType.i386 |
| Compile Timestamp | 2016-01-29 15:46:15+00:00 |
Version Information (10)
»
| FileDescription | POSIX Threads for Windows32 Library |
| ProductVersion | 2, 8, 0, 0 |
| FileVersion | 2, 8, 0, 0 |
| InternalName | pthreadGC |
| OriginalFilename | pthreadGC |
| CompanyName | Open Source Software community project |
| LegalCopyright | Copyright (C) Project contributors 1998-2004 |
| Licence | LGPL |
| Info | http://sources.redhat.com/pthreads-win32/ |
| Comment | GNU C build -- longjmp thread exiting |
Sections (7)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x61181000 | 0x6594 | 0x6600 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.24 |
| .data | 0x61188000 | 0x80 | 0x200 | 0x6a00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.42 |
| .bss | 0x61189000 | 0x170 | 0x0 | 0x0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
| .edata | 0x6118a000 | 0xea3 | 0x1000 | 0x6c00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ | 4.7 |
| .idata | 0x6118b000 | 0x6f8 | 0x800 | 0x7c00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 4.16 |
| .rsrc | 0x6118c000 | 0x464 | 0x600 | 0x8400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 2.71 |
| .reloc | 0x6118d000 | 0x2e4 | 0x400 | 0x8a00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 5.24 |
Imports (3)
»
KERNEL32.dll (40)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| AddAtomA | - | 0x6118b148 | 0xb054 | 0x7c54 | 0x0 |
| CloseHandle | - | 0x6118b14c | 0xb058 | 0x7c58 | 0x1c |
| CreateEventA | - | 0x6118b150 | 0xb05c | 0x7c5c | 0x33 |
| CreateSemaphoreA | - | 0x6118b154 | 0xb060 | 0x7c60 | 0x49 |
| DeleteCriticalSection | - | 0x6118b158 | 0xb064 | 0x7c64 | 0x57 |
| DuplicateHandle | - | 0x6118b15c | 0xb068 | 0x7c68 | 0x63 |
| EnterCriticalSection | - | 0x6118b160 | 0xb06c | 0x7c6c | 0x66 |
| FindAtomA | - | 0x6118b164 | 0xb070 | 0x7c70 | 0x94 |
| FreeLibrary | - | 0x6118b168 | 0xb074 | 0x7c74 | 0xba |
| GetAtomNameA | - | 0x6118b16c | 0xb078 | 0x7c78 | 0xc1 |
| GetCurrentProcess | - | 0x6118b170 | 0xb07c | 0x7c7c | 0xfb |
| GetCurrentProcessId | - | 0x6118b174 | 0xb080 | 0x7c80 | 0xfc |
| GetCurrentThread | - | 0x6118b178 | 0xb084 | 0x7c84 | 0xfd |
| GetCurrentThreadId | - | 0x6118b17c | 0xb088 | 0x7c88 | 0xfe |
| GetLastError | - | 0x6118b180 | 0xb08c | 0x7c8c | 0x11f |
| GetProcAddress | - | 0x6118b184 | 0xb090 | 0x7c90 | 0x143 |
| GetProcessAffinityMask | - | 0x6118b188 | 0xb094 | 0x7c94 | 0x144 |
| GetThreadContext | - | 0x6118b18c | 0xb098 | 0x7c98 | 0x16f |
| GetThreadPriority | - | 0x6118b190 | 0xb09c | 0x7c9c | 0x171 |
| InitializeCriticalSection | - | 0x6118b194 | 0xb0a0 | 0x7ca0 | 0x1b4 |
| InterlockedDecrement | - | 0x6118b198 | 0xb0a4 | 0x7ca4 | 0x1b7 |
| InterlockedExchangeAdd | - | 0x6118b19c | 0xb0a8 | 0x7ca8 | 0x1b9 |
| LeaveCriticalSection | - | 0x6118b1a0 | 0xb0ac | 0x7cac | 0x1cc |
| LoadLibraryA | - | 0x6118b1a4 | 0xb0b0 | 0x7cb0 | 0x1cd |
| OpenProcess | - | 0x6118b1a8 | 0xb0b4 | 0x7cb4 | 0x1fc |
| ReleaseSemaphore | - | 0x6118b1ac | 0xb0b8 | 0x7cb8 | 0x231 |
| ResetEvent | - | 0x6118b1b0 | 0xb0bc | 0x7cbc | 0x236 |
| ResumeThread | - | 0x6118b1b4 | 0xb0c0 | 0x7cc0 | 0x237 |
| SetEvent | - | 0x6118b1b8 | 0xb0c4 | 0x7cc4 | 0x26c |
| SetLastError | - | 0x6118b1bc | 0xb0c8 | 0x7cc8 | 0x278 |
| SetThreadContext | - | 0x6118b1c0 | 0xb0cc | 0x7ccc | 0x28a |
| SetThreadPriority | - | 0x6118b1c4 | 0xb0d0 | 0x7cd0 | 0x28e |
| Sleep | - | 0x6118b1c8 | 0xb0d4 | 0x7cd4 | 0x29d |
| SuspendThread | - | 0x6118b1cc | 0xb0d8 | 0x7cd8 | 0x29f |
| TlsAlloc | - | 0x6118b1d0 | 0xb0dc | 0x7cdc | 0x2a9 |
| TlsFree | - | 0x6118b1d4 | 0xb0e0 | 0x7ce0 | 0x2aa |
| TlsGetValue | - | 0x6118b1d8 | 0xb0e4 | 0x7ce4 | 0x2ab |
| TlsSetValue | - | 0x6118b1dc | 0xb0e8 | 0x7ce8 | 0x2ac |
| WaitForMultipleObjects | - | 0x6118b1e0 | 0xb0ec | 0x7cec | 0x2d3 |
| WaitForSingleObject | - | 0x6118b1e4 | 0xb0f0 | 0x7cf0 | 0x2d5 |
msvcrt.dll (13)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| __dllonexit | - | 0x6118b1f0 | 0xb0fc | 0x7cfc | 0x24 |
| _beginthreadex | - | 0x6118b1f4 | 0xb100 | 0x7d00 | 0x72 |
| _endthreadex | - | 0x6118b1f8 | 0xb104 | 0x7d04 | 0x90 |
| _errno | - | 0x6118b1fc | 0xb108 | 0x7d08 | 0x93 |
| _ftime | - | 0x6118b200 | 0xb10c | 0x7d0c | 0xbb |
| _setjmp | - | 0x6118b204 | 0xb110 | 0x7d10 | 0x171 |
| abort | - | 0x6118b208 | 0xb114 | 0x7d14 | 0x1fe |
| calloc | - | 0x6118b20c | 0xb118 | 0x7d18 | 0x20a |
| exit | - | 0x6118b210 | 0xb11c | 0x7d1c | 0x213 |
| fflush | - | 0x6118b214 | 0xb120 | 0x7d20 | 0x219 |
| free | - | 0x6118b218 | 0xb124 | 0x7d24 | 0x228 |
| longjmp | - | 0x6118b21c | 0xb128 | 0x7d28 | 0x25a |
| malloc | - | 0x6118b220 | 0xb12c | 0x7d2c | 0x25b |
WSOCK32.DLL (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| WSAGetLastError | - | 0x6118b22c | 0xb138 | 0x7d38 | 0x1a |
| WSASetLastError | - | 0x6118b230 | 0xb13c | 0x7d3c | 0x1e |
Exports (115)
»
| Api name | EAT Address | Ordinal |
|---|---|---|
| pthreadCancelableTimedWait | 0x2ce0 | 0x1 |
| pthreadCancelableWait | 0x2cc0 | 0x2 |
| pthread_attr_destroy | 0x15f0 | 0x3 |
| pthread_attr_getdetachstate | 0x1640 | 0x4 |
| pthread_attr_getinheritsched | 0x4900 | 0x5 |
| pthread_attr_getschedparam | 0x4870 | 0x6 |
| pthread_attr_getschedpolicy | 0x47b0 | 0x7 |
| pthread_attr_getscope | 0x17e0 | 0x8 |
| pthread_attr_getstackaddr | 0x16e0 | 0x9 |
| pthread_attr_getstacksize | 0x1760 | 0xa |
| pthread_attr_init | 0x1580 | 0xb |
| pthread_attr_setdetachstate | 0x1690 | 0xc |
| pthread_attr_setinheritsched | 0x48b0 | 0xd |
| pthread_attr_setschedparam | 0x4800 | 0xe |
| pthread_attr_setschedpolicy | 0x4770 | 0xf |
| pthread_attr_setscope | 0x1800 | 0x10 |
| pthread_attr_setstackaddr | 0x1720 | 0x11 |
| pthread_attr_setstacksize | 0x17a0 | 0x12 |
| pthread_barrier_destroy | 0x18f0 | 0x13 |
| pthread_barrier_init | 0x1830 | 0x14 |
| pthread_barrier_wait | 0x1970 | 0x15 |
| pthread_barrierattr_destroy | 0x1a50 | 0x16 |
| pthread_barrierattr_getpshared | 0x1a90 | 0x17 |
| pthread_barrierattr_init | 0x1a10 | 0x18 |
| pthread_barrierattr_setpshared | 0x1ac0 | 0x19 |
| pthread_cancel | 0x1d90 | 0x1a |
| pthread_cond_broadcast | 0x2440 | 0x1b |
| pthread_cond_destroy | 0x2200 | 0x1c |
| pthread_cond_init | 0x20b0 | 0x1d |
| pthread_cond_signal | 0x2420 | 0x1e |
| pthread_cond_timedwait | 0x2400 | 0x1f |
| pthread_cond_wait | 0x23e0 | 0x20 |
| pthread_condattr_destroy | 0x2010 | 0x21 |
| pthread_condattr_getpshared | 0x2050 | 0x22 |
| pthread_condattr_init | 0x1fd0 | 0x23 |
| pthread_condattr_setpshared | 0x2080 | 0x24 |
| pthread_create | 0x2460 | 0x25 |
| pthread_delay_np | 0x3560 | 0x26 |
| pthread_detach | 0x56c0 | 0x27 |
| pthread_equal | 0x2ab0 | 0x28 |
| pthread_exit | 0x26b0 | 0x29 |
| pthread_getconcurrency | 0x2b00 | 0x2a |
| pthread_getschedparam | 0x4a70 | 0x2b |
| pthread_getspecific | 0x5bc0 | 0x2c |
| pthread_getw32threadhandle_np | 0x3550 | 0x2d |
| pthread_join | 0x5820 | 0x2e |
| pthread_key_create | 0x5900 | 0x2f |
| pthread_key_delete | 0x5970 | 0x30 |
| pthread_kill | 0x2740 | 0x31 |
| pthread_mutex_destroy | 0x2db0 | 0x32 |
| pthread_mutex_init | 0x2cf0 | 0x33 |
| pthread_mutex_lock | 0x2fd0 | 0x34 |
| pthread_mutex_timedlock | 0x31a0 | 0x35 |
| pthread_mutex_trylock | 0x3420 | 0x36 |
| pthread_mutex_unlock | 0x3350 | 0x37 |
| pthread_mutexattr_destroy | 0x2ed0 | 0x38 |
| pthread_mutexattr_getkind_np | 0x3540 | 0x39 |
| pthread_mutexattr_getpshared | 0x2f10 | 0x3a |
| pthread_mutexattr_gettype | 0x2fa0 | 0x3b |
| pthread_mutexattr_init | 0x2e90 | 0x3c |
| pthread_mutexattr_setkind_np | 0x3530 | 0x3d |
| pthread_mutexattr_setpshared | 0x2f40 | 0x3e |
| pthread_mutexattr_settype | 0x2f70 | 0x3f |
| pthread_num_processors_np | 0x36c0 | 0x40 |
| pthread_once | 0x27a0 | 0x41 |
| pthread_rwlock_destroy | 0x3d50 | 0x42 |
| pthread_rwlock_init | 0x3c70 | 0x43 |
| pthread_rwlock_rdlock | 0x3fa0 | 0x44 |
| pthread_rwlock_timedrdlock | 0x40b0 | 0x45 |
| pthread_rwlock_timedwrlock | 0x4330 | 0x46 |
| pthread_rwlock_tryrdlock | 0x4530 | 0x47 |
| pthread_rwlock_trywrlock | 0x4640 | 0x48 |
| pthread_rwlock_unlock | 0x4490 | 0x49 |
| pthread_rwlock_wrlock | 0x41d0 | 0x4a |
| pthread_rwlockattr_destroy | 0x3f00 | 0x4b |
| pthread_rwlockattr_getpshared | 0x3f40 | 0x4c |
| pthread_rwlockattr_init | 0x3ec0 | 0x4d |
| pthread_rwlockattr_setpshared | 0x3f70 | 0x4e |
| pthread_self | 0x29f0 | 0x4f |
| pthread_setcancelstate | 0x1af0 | 0x50 |
| pthread_setcanceltype | 0x1be0 | 0x51 |
| pthread_setconcurrency | 0x2ae0 | 0x52 |
| pthread_setschedparam | 0x4940 | 0x53 |
| pthread_setspecific | 0x5a50 | 0x54 |
| pthread_spin_destroy | 0x53f0 | 0x55 |
| pthread_spin_init | 0x52d0 | 0x56 |
| pthread_spin_lock | 0x54b0 | 0x57 |
| pthread_spin_trylock | 0x55f0 | 0x58 |
| pthread_spin_unlock | 0x5580 | 0x59 |
| pthread_testcancel | 0x1cd0 | 0x5a |
| pthread_timechange_handler_np | 0x3c00 | 0x5b |
| pthread_win32_process_attach_np | 0x3770 | 0x5c |
| pthread_win32_process_detach_np | 0x39c0 | 0x5d |
| pthread_win32_test_features_np | 0x3be0 | 0x5e |
| pthread_win32_thread_attach_np | 0x3ad0 | 0x5f |
| pthread_win32_thread_detach_np | 0x3ae0 | 0x60 |
| ptw32_get_exception_services_code | 0x1570 | 0x61 |
| ptw32_pop_cleanup | 0x1f30 | 0x62 |
| ptw32_push_cleanup | 0x1f90 | 0x63 |
| sched_get_priority_max | 0x4ac0 | 0x64 |
| sched_get_priority_min | 0x4af0 | 0x65 |
| sched_getscheduler | 0x4b90 | 0x66 |
| sched_setscheduler | 0x4b20 | 0x67 |
| sched_yield | 0x4bf0 | 0x68 |
| sem_close | 0x5290 | 0x69 |
| sem_destroy | 0x4ce0 | 0x6a |
| sem_getvalue | 0x5200 | 0x6b |
| sem_init | 0x4c10 | 0x6c |
| sem_open | 0x5270 | 0x6d |
| sem_post | 0x5080 | 0x6e |
| sem_post_multiple | 0x5120 | 0x6f |
| sem_timedwait | 0x4f10 | 0x70 |
| sem_trywait | 0x4dc0 | 0x71 |
| sem_unlink | 0x52b0 | 0x72 |
| sem_wait | 0x4e50 | 0x73 |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\is-LLU2T.tmp | Dropped File | Binary |
clean
Known to be clean.
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\tsharkdecode.dll (Dropped File) |
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 68.00 KB |
| MD5 |
8e8285aac0ef77a6cede53eafe9c5298
|
| SHA1 |
8a4715c1c8591b83b925282af5ba72832c1ca0fc
|
| SHA256 |
3a94a8e5f9ab0eca82611f95dc78c07c5093574c772b9c19d590f8e959191973
|
| SSDeep |
1536:1qkfBMFLAlVQtlJR5E7kGJasMaooupW51+SXKl6U22Ol2B:RZ4LRa7ksasM3f4C6d2Ol2B
|
| ImpHash |
a723ce91f66acffc40edab6af76afb01
|
PE Information
»
| Image Base | 0x180000000 |
| Entry Point | 0x18000bc88 |
| Size Of Code | 0xbe00 |
| Size Of Initialized Data | 0x4e00 |
| File Type | FileType.dll |
| Subsystem | Subsystem.windows_gui |
| Machine Type | MachineType.amd64 |
| Compile Timestamp | 2015-09-08 02:54:41+00:00 |
Sections (6)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x180001000 | 0xbc8c | 0xbe00 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.22 |
| .rdata | 0x18000d000 | 0x3bed | 0x3c00 | 0xc200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.31 |
| .data | 0x180011000 | 0x920 | 0x400 | 0xfe00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 4.27 |
| .pdata | 0x180012000 | 0x9cc | 0xa00 | 0x10200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.55 |
| .rsrc | 0x180013000 | 0x1b4 | 0x200 | 0x10c00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.11 |
| .reloc | 0x180014000 | 0x112 | 0x200 | 0x10e00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 1.45 |
Imports (3)
»
KERNEL32.dll (22)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| MultiByteToWideChar | - | 0x18000d000 | 0x10470 | 0xf670 | 0x369 |
| CreatePipe | - | 0x18000d008 | 0x10478 | 0xf678 | 0xa1 |
| CreateProcessW | - | 0x18000d010 | 0x10480 | 0xf680 | 0xa8 |
| CloseHandle | - | 0x18000d018 | 0x10488 | 0xf688 | 0x52 |
| ReadFile | - | 0x18000d020 | 0x10490 | 0xf690 | 0x3c3 |
| GetCurrentProcessId | - | 0x18000d028 | 0x10498 | 0xf698 | 0x1c7 |
| GetCurrentThreadId | - | 0x18000d030 | 0x104a0 | 0xf6a0 | 0x1cb |
| GetTickCount | - | 0x18000d038 | 0x104a8 | 0xf6a8 | 0x29a |
| QueryPerformanceCounter | - | 0x18000d040 | 0x104b0 | 0xf6b0 | 0x3a9 |
| DisableThreadLibraryCalls | - | 0x18000d048 | 0x104b8 | 0xf6b8 | 0xe2 |
| RtlCaptureContext | - | 0x18000d050 | 0x104c0 | 0xf6c0 | 0x418 |
| RtlLookupFunctionEntry | - | 0x18000d058 | 0x104c8 | 0xf6c8 | 0x41f |
| RtlVirtualUnwind | - | 0x18000d060 | 0x104d0 | 0xf6d0 | 0x426 |
| IsDebuggerPresent | - | 0x18000d068 | 0x104d8 | 0xf6d8 | 0x302 |
| SetUnhandledExceptionFilter | - | 0x18000d070 | 0x104e0 | 0xf6e0 | 0x4b3 |
| UnhandledExceptionFilter | - | 0x18000d078 | 0x104e8 | 0xf6e8 | 0x4e2 |
| GetCurrentProcess | - | 0x18000d080 | 0x104f0 | 0xf6f0 | 0x1c6 |
| TerminateProcess | - | 0x18000d088 | 0x104f8 | 0xf6f8 | 0x4ce |
| Sleep | - | 0x18000d090 | 0x10500 | 0xf700 | 0x4c0 |
| DecodePointer | - | 0x18000d098 | 0x10508 | 0xf708 | 0xcb |
| EncodePointer | - | 0x18000d0a0 | 0x10510 | 0xf710 | 0xee |
| GetSystemTimeAsFileTime | - | 0x18000d0a8 | 0x10518 | 0xf718 | 0x280 |
MSVCP100.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| ?_Xout_of_range@std@@YAXPEBD@Z | - | 0x18000d0b8 | 0x10528 | 0xf728 | 0x28e |
| ?_Xlength_error@std@@YAXPEBD@Z | - | 0x18000d0c0 | 0x10530 | 0xf730 | 0x28c |
| ?_Xfunc@tr1@std@@YAXXZ | - | 0x18000d0c8 | 0x10538 | 0xf738 | 0x28a |
MSVCR100.dll (36)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| _swprintf | - | 0x18000d0d8 | 0x10548 | 0xf748 | 0x431 |
| wcstol | - | 0x18000d0e0 | 0x10550 | 0xf750 | 0x629 |
| _wcsnicmp | - | 0x18000d0e8 | 0x10558 | 0xf758 | 0x4b0 |
| ?terminate@@YAXXZ | - | 0x18000d0f0 | 0x10560 | 0xf760 | 0x100 |
| __C_specific_handler | - | 0x18000d0f8 | 0x10568 | 0xf768 | 0x11e |
| _malloc_crt | - | 0x18000d100 | 0x10570 | 0xf770 | 0x307 |
| _initterm | - | 0x18000d108 | 0x10578 | 0xf778 | 0x286 |
| _initterm_e | - | 0x18000d110 | 0x10580 | 0xf780 | 0x287 |
| free | - | 0x18000d118 | 0x10588 | 0xf788 | 0x563 |
| _encoded_null | - | 0x18000d120 | 0x10590 | 0xf790 | 0x1f2 |
| _amsg_exit | - | 0x18000d128 | 0x10598 | 0xf798 | 0x19e |
| __CppXcptFilter | - | 0x18000d130 | 0x105a0 | 0xf7a0 | 0x11f |
| ?_type_info_dtor_internal_method@type_info@@QEAAXXZ | - | 0x18000d138 | 0x105a8 | 0xf7a8 | 0xee |
| __clean_type_info_names_internal | - | 0x18000d140 | 0x105b0 | 0xf7b0 | 0x140 |
| _unlock | - | 0x18000d148 | 0x105b8 | 0xf7b8 | 0x45b |
| __dllonexit | - | 0x18000d150 | 0x105c0 | 0xf7c0 | 0x148 |
| _lock | - | 0x18000d158 | 0x105c8 | 0xf7c8 | 0x2f6 |
| _onexit | - | 0x18000d160 | 0x105d0 | 0xf7d0 | 0x39d |
| wcschr | - | 0x18000d168 | 0x105d8 | 0xf7d8 | 0x612 |
| _purecall | - | 0x18000d170 | 0x105e0 | 0xf7e0 | 0x3a9 |
| ?what@exception@std@@UEBAPEBDXZ | - | 0x18000d178 | 0x105e8 | 0xf7e8 | 0x10a |
| ??2@YAPEAX_K@Z | - | 0x18000d180 | 0x105f0 | 0xf7f0 | 0x63 |
| ??0exception@std@@QEAA@AEBV01@@Z | - | 0x18000d188 | 0x105f8 | 0xf7f8 | 0x24 |
| ??_V@YAXPEAX@Z | - | 0x18000d190 | 0x10600 | 0xf800 | 0x7a |
| memmove | - | 0x18000d198 | 0x10608 | 0xf808 | 0x5ab |
| ??3@YAXPEAX@Z | - | 0x18000d1a0 | 0x10610 | 0xf810 | 0x65 |
| ??1exception@std@@UEAA@XZ | - | 0x18000d1a8 | 0x10618 | 0xf818 | 0x5d |
| ??0exception@std@@QEAA@AEBQEBD@Z | - | 0x18000d1b0 | 0x10620 | 0xf820 | 0x22 |
| __crt_debugger_hook | - | 0x18000d1b8 | 0x10628 | 0xf828 | 0x146 |
| wcsncmp | - | 0x18000d1c0 | 0x10630 | 0xf830 | 0x61c |
| _waccess | - | 0x18000d1c8 | 0x10638 | 0xf838 | 0x498 |
| memcpy | - | 0x18000d1d0 | 0x10640 | 0xf840 | 0x5a9 |
| _CxxThrowException | - | 0x18000d1d8 | 0x10648 | 0xf848 | 0x10e |
| __CxxFrameHandler3 | - | 0x18000d1e0 | 0x10650 | 0xf850 | 0x128 |
| memset | - | 0x18000d1e8 | 0x10658 | 0xf858 | 0x5ad |
| __RTDynamicCast | - | 0x18000d1f0 | 0x10660 | 0xf860 | 0x131 |
Exports (2)
»
| Api name | EAT Address | Ordinal |
|---|---|---|
| ?CreateTsharkDecoder@@YAPEAUtshark_decoder@@XZ | 0xac10 | 0x1 |
| ?ReleaseTsharkDecoder@@YAXPEAUtshark_decoder@@@Z | 0xac50 | 0x2 |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\dat\is-GJK3N.tmp | Dropped File | Image |
clean
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\dat\enc.ico (Dropped File) |
| MIME Type | image/vnd.microsoft.icon |
| File Size | 24.62 KB |
| MD5 |
e149094555dd89fe88d8836a51090de6
|
| SHA1 |
eece6539c9fad65b0dac035aef6b9920866941b0
|
| SHA256 |
7d6206d8f7da57bc2e4a69804cc5796a146af98c920bb6801bbebe4335b09e32
|
| SSDeep |
192:FzvfVE74IjYKZ4FQfJ43urjtpQqP7xTTqWV:hC4IjYKZ4Fs7rjtpQa3
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\dat\is-FT54V.tmp | Dropped File | Image |
clean
Known to be clean.
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\dat\ico48.ico (Dropped File) |
| MIME Type | image/vnd.microsoft.icon |
| File Size | 14.73 KB |
| MD5 |
423ca0b47b073150089226a3e616702e
|
| SHA1 |
62c33784525890c31c6ac65e29d22e4d304025b3
|
| SHA256 |
1732898bcce38fc7724677f884c7643bba1ca690302831557a134e18035c4718
|
| SSDeep |
96:VFv6swSQHlNxbFlswv1EhGRjI5iMGgqexHw3eugeEeNesDeP4eTe02eVtVe7eEDu:tOzVFlssuIlvMvQwXeuD0Udl47m6zk
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\dat\is-RRGTH.tmp | Dropped File | Image |
clean
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\dat\PDF_32x32.ico (Dropped File) |
| MIME Type | image/vnd.microsoft.icon |
| File Size | 24.62 KB |
| MD5 |
0bf18abdc53fc1ae4db2545abbb486fa
|
| SHA1 |
a333d0aeb07c3996e65bb9dc0682415026131f99
|
| SHA256 |
d85fee8448f26fc990d3c54caed42cffb98c06109f2d55f645fd0490e0dc25ba
|
| SSDeep |
96:Vlc4sGlhLesCncGE45m8sPaxrOSzv1H29K1KgoJC+t6szu0NO0IPENMx9x4alGJa:DtrJZ6serDeJqMUf4JkYl6
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\doc\is-HN4JH.tmp | Dropped File | Text |
clean
Known to be clean.
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\doc\ABOUT-NLS (Dropped File) |
| MIME Type | text/plain |
| File Size | 74.71 KB |
| MD5 |
b5a080b27b5b4c1a160d2bed1fcfaf9f
|
| SHA1 |
b50287b75a3b098301455e34c8d8e52a09fa8938
|
| SHA256 |
4c825530ca79e944b63c56ed30be58ef792b4adab6f7f38abab8c054432f4a86
|
| SSDeep |
384:cvXuypQc+jWYla0GOtQBknkYVM/kLR78k/RPfkRr06uUxKQH6k+9i:c2aEWyZztmknkeM/kd78k5Pfk086kl
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\doc\is-9NB9P.tmp | Dropped File | Text |
clean
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\doc\AUTHORS (Dropped File) |
| MIME Type | text/plain |
| File Size | 4.29 KB |
| MD5 |
4b8e4f960d80b0458acbeea70d025895
|
| SHA1 |
8222d99b7f2cc775471bf0b55502627a457202b5
|
| SHA256 |
37d3194dbd584985c5544e805e293c3f2a8833d7ccaf0935ac8678895665dcb3
|
| SSDeep |
48:bGKA1YUK6lqGCNsdksZXnA2TZUIZABZpA5DtDVr36ko18dpeQqCvQ48SN7N3kPCz:KKA1HCNsdk5QpvRqCvaw1kPC3flcL+
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\doc\is-7NA29.tmp | Dropped File | Text |
clean
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\doc\ChangeLog (Dropped File) |
| MIME Type | text/plain |
| File Size | 29.02 KB |
| MD5 |
dd4e1b9708ef55f30d06198198ad2b03
|
| SHA1 |
34092f4338fd69e66f8c4525201bcf760fd55019
|
| SHA256 |
07dec805477121755d2c4309547017bbf6ae4a439c8d3925b7d928cab2ffeea7
|
| SSDeep |
384:smHYO2QyLSEN5KmtCVtaMmy8dnMQxWMW0bbyyuE1T0+bTh1qWBHXYzI1W5L4V8Gd:1aQHej26aWvm6cC0WFmPY
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\doc\is-M2UB2.tmp | Dropped File | Text |
clean
Known to be clean.
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\doc\COPYING (Dropped File) |
| MIME Type | text/plain |
| File Size | 14.78 KB |
| MD5 |
cbbd794e2a0a289b9dfcc9f513d1996e
|
| SHA1 |
2d29c273fda30310211bbf6a24127d589be09b6c
|
| SHA256 |
67f82e045cf7acfef853ea0f426575a8359161a0a325e19f02b529a87c4b6c34
|
| SSDeep |
384:AEUwi5rRL67cyV12rPd34FomzM2/R+qWG:A7FCExGFzeqt
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\doc\is-4EFU7.tmp | Dropped File | HTML |
clean
Known to be clean.
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\doc\howtotheme.html (Dropped File) |
| MIME Type | text/html |
| File Size | 11.80 KB |
| MD5 |
4c5fddc1be71c19d6e1ae718916f5878
|
| SHA1 |
4f8df91ebf3df62f98b4fc92836d1cb36a986de5
|
| SHA256 |
83bb9ea4e0e5609a959e8ed34d56ab6dd7cba40d449ec22077abfd2173a22ed8
|
| SSDeep |
192:GJJ6dzAFbjDECAUYMfPCpBjUipqr6n1LcVm+QdmG/x1L5/lNGI7:e6dzAN3/fCnpK6nlc0+gbF7
|
| ImpHash | - |
| Parser Error Remark | Static engine was unable to completely parse the analyzed file |
Extracted URLs (2)
»
| URL | WHOIS Data | Reputation Status | Recursively Submitted | Actions |
|---|---|---|---|---|
| http://tux4kids.alioth.debian.org |
Show WHOIS
|
clean
Known to be clean.
|
- |
...
|
| http://alioth.debian.org/forum/?group_id=31080 |
Show WHOIS
|
clean
Known to be clean.
|
- |
...
|
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\doc\is-KED27.tmp | Dropped File | Text |
clean
Known to be clean.
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\doc\INSTALL (Dropped File) |
| MIME Type | text/plain |
| File Size | 10.39 KB |
| MD5 |
8fb227c6e1b6375d0afd0deed289e0b4
|
| SHA1 |
8c30d1e996821d2ba9e84e86214f24cbc094a005
|
| SHA256 |
c4add274c0889e61f7f6b591c601842f9f9c3e7c17d36e4374afef4e1f899a50
|
| SSDeep |
192:ZwDpWkkNH3WhWdWjPpAcWaprsKtFd2W7688zIOKBRqB:ZwDpWkCXWhWdWbp7WapTtyW7n0oRqB
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\doc\is-QP0BH.tmp | Dropped File | HTML |
clean
Known to be clean.
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\doc\lesson_scripting_reference.html (Dropped File) |
| MIME Type | text/html |
| File Size | 35.31 KB |
| MD5 |
aadcc5c24b7aa66773a82c8dcf90dc3f
|
| SHA1 |
35ab43174c9489801e957ed0e19e50abd6ed655d
|
| SHA256 |
9c8c1508e4255c98c0ecbffb6184c50711e32b2b150346ce2b53aa58bd5749dc
|
| SSDeep |
192:n6RclftgswUxW/UJT57VEhtiS06VkndpfZsZKZgZjZo9qR9ILWZUZyZFZaZMZ7ZJ:BTgswUR7VEhGyBN
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\doc\is-L2H4B.tmp | Dropped File | Text |
clean
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\doc\OFL (Dropped File) |
| MIME Type | text/plain |
| File Size | 4.49 KB |
| MD5 |
969851e3a70122069a4d9ee61dd5a2ed
|
| SHA1 |
c450c836db375b12ab7a4c10b09375513d905a68
|
| SHA256 |
ce243fd4a62b1b76c959ffba6ec16a7a3146b2362d441ae4f9f7f32fc3750d6c
|
| SSDeep |
96:rmgAmgnPUibMxxUDfGkKnjfRU88f+BktjVKvR1wyQeQHDZoN:yiXsMPZW88f+XvR9QHtE
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\doc\is-SAUJN.tmp | Dropped File | Text |
clean
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\doc\README (Dropped File) |
| MIME Type | text/plain |
| File Size | 3.53 KB |
| MD5 |
f5e6311a96b7bd0715ffdd86cf1e1553
|
| SHA1 |
bb80358a88f84f8e6a310d9920b92d8f30ff4c14
|
| SHA256 |
f5259f91c0d622d456fa99be940184bd1eeb8ebd9d4ec28b44669bdd98176b45
|
| SSDeep |
96:PxyP+cp7u0m7yLhA5hnmQi+8Eea67yrzb4GeC3xLGRLyynj:Pwmw7uh95fiEeVOP41EEyo
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\doc\is-KCA0Q.tmp | Dropped File | Text |
clean
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\doc\TODO (Dropped File) |
| MIME Type | text/plain |
| File Size | 1.02 KB |
| MD5 |
4d1b4bfad0c4d377505c3c14b7b60ebb
|
| SHA1 |
07cbb76c647e8334506d1d63855689d4d001c4e2
|
| SHA256 |
d00691de52a7961695100061c9717e57cffaa2d390a9a25311fb6775122830d5
|
| SSDeep |
24:NPVQRBFhBOKsV1+BBMKXOweWYK8dcxTJtXiwyfhpk:NuhBOKM1+BBMKdeLaJRr
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\doc\is-RFJ3G.tmp | Dropped File | Text |
clean
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\doc\TuxType_port_Mac.txt (Dropped File) |
| MIME Type | text/plain |
| File Size | 3.96 KB |
| MD5 |
12cd9a17b7741cb9989fea8aebf82c6f
|
| SHA1 |
b321c8b0122548853c9fcede1dca4640c13711dd
|
| SHA256 |
685964cbda0311a79d10b315c503b15a7ce3ef9ec60c62ad8ce73dba21a5986b
|
| SSDeep |
96:88AMGX2Jjro4obNTSdO7BUz6pZRgrKGTg:tApGJHoZtSw7arTTg
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\Docs\is-ENON6.tmp | Dropped File |
clean
Known to be clean.
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\Docs\Quick Start.pdf (Dropped File) |
| MIME Type | application/pdf |
| File Size | 98.85 KB |
| MD5 |
1bddb792fec19750ccbbb8352b2b8ffe
|
| SHA1 |
dd300cb011e0d9abd57f41503e31367167fddd68
|
| SHA256 |
58045223424d936adcefc09c06f635c30a1aaba0335fc5d5954b43833b53fd72
|
| SSDeep |
1536:loTqjohGkVSC9aZHu40Y7w58PxeVPM6b24k8frIP4T8m0qd4gBE:1lHfEU03kPm8m0qzBE
|
| ImpHash | - |
PDF Information
»
| Title | - |
| Subject | - |
| Author | - |
| Creator | Adobe InCopy CS5 (7.0) |
| Keywords | - |
| Producer | Adobe PDF Library 9.9 |
| Page Count | 3 |
| Encrypted |
|
| Create Time | 2010-05-21 13:47:48-04:00 |
| Modify Time | 2010-05-21 13:47:48-04:00 |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\Filters\is-05LOQ.tmp | Dropped File | Binary |
clean
Known to be clean.
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\Filters\LC.dll (Dropped File) |
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 76.00 KB |
| MD5 |
6316c4082cacf8f3f4f22daef56cb15c
|
| SHA1 |
cea3de90b20396b092797ec8c7e241e822c8faed
|
| SHA256 |
5594b08c79a4d188a674713011cd516618fa36d2f988f7d353fb3370939a4062
|
| SSDeep |
1536:amAnsoKlNNzfkEMqqU+2bbbAV2/S2eVLVUJfKFjJ:aooKlNNQEMqqDL2/MJUJfKFjJ
|
| ImpHash |
21a2dc8a98a4f07efd1fe85dd01a19bc
|
PE Information
»
| Image Base | 0x10000000 |
| Entry Point | 0x10006610 |
| Size Of Code | 0x7000 |
| Size Of Initialized Data | 0xb000 |
| File Type | FileType.dll |
| Subsystem | Subsystem.windows_gui |
| Machine Type | MachineType.i386 |
| Compile Timestamp | 2006-05-17 05:06:30+00:00 |
Version Information (12)
»
| Comments | - |
| CompanyName | MainConcept AG |
| FileDescription | Licence Control |
| FileVersion | 1, 0, 21, 60517 |
| InternalName | LC |
| LegalCopyright | Copyright © 2006 MainConcept AG |
| LegalTrademarks | - |
| OriginalFilename | LC.dll |
| PrivateBuild | - |
| ProductName | Licence Control |
| ProductVersion | 1, 0, 21, 60517 |
| SpecialBuild | - |
Sections (6)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x10001000 | 0x61f5 | 0x7000 | 0x1000 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.03 |
| .rdata | 0x10008000 | 0x656b | 0x7000 | 0x8000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.8 |
| .data | 0x1000f000 | 0xc4c | 0x1000 | 0xf000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 1.29 |
| .CRT | 0x10010000 | 0x4 | 0x1000 | 0x10000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.01 |
| .rsrc | 0x10011000 | 0x3d0 | 0x1000 | 0x11000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 1.01 |
| .reloc | 0x10012000 | 0xd9a | 0x1000 | 0x12000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 2.81 |
Imports (7)
»
VERSION.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetFileVersionInfoSizeA | - | 0x10008120 | 0xdfb0 | 0xdfb0 | 0x1 |
| VerQueryValueA | - | 0x10008124 | 0xdfb4 | 0xdfb4 | 0xa |
| GetFileVersionInfoA | - | 0x10008128 | 0xdfb8 | 0xdfb8 | 0x0 |
KERNEL32.dll (24)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| lstrcpyA | - | 0x1000803c | 0xdecc | 0xdecc | 0x302 |
| GetSystemTime | - | 0x10008040 | 0xded0 | 0xded0 | 0x15d |
| CompareFileTime | - | 0x10008044 | 0xded4 | 0xded4 | 0x20 |
| GetSystemTimeAsFileTime | - | 0x10008048 | 0xded8 | 0xded8 | 0x15f |
| FileTimeToSystemTime | - | 0x1000804c | 0xdedc | 0xdedc | 0x8a |
| SystemTimeToFileTime | - | 0x10008050 | 0xdee0 | 0xdee0 | 0x29b |
| GetACP | - | 0x10008054 | 0xdee4 | 0xdee4 | 0xb9 |
| GetLastError | - | 0x10008058 | 0xdee8 | 0xdee8 | 0x11a |
| WideCharToMultiByte | - | 0x1000805c | 0xdeec | 0xdeec | 0x2d2 |
| MultiByteToWideChar | - | 0x10008060 | 0xdef0 | 0xdef0 | 0x1e4 |
| GetVersionExW | - | 0x10008064 | 0xdef4 | 0xdef4 | 0x176 |
| DisableThreadLibraryCalls | - | 0x10008068 | 0xdef8 | 0xdef8 | 0x5d |
| lstrlenW | - | 0x1000806c | 0xdefc | 0xdefc | 0x309 |
| InterlockedIncrement | - | 0x10008070 | 0xdf00 | 0xdf00 | 0x1b0 |
| FreeLibrary | - | 0x10008074 | 0xdf04 | 0xdf04 | 0xb4 |
| InterlockedDecrement | - | 0x10008078 | 0xdf08 | 0xdf08 | 0x1ad |
| CreateFileA | - | 0x1000807c | 0xdf0c | 0xdf0c | 0x34 |
| GetFileSize | - | 0x10008080 | 0xdf10 | 0xdf10 | 0x112 |
| CreateFileMappingA | - | 0x10008084 | 0xdf14 | 0xdf14 | 0x35 |
| CloseHandle | - | 0x10008088 | 0xdf18 | 0xdf18 | 0x1b |
| MapViewOfFile | - | 0x1000808c | 0xdf1c | 0xdf1c | 0x1d6 |
| UnmapViewOfFile | - | 0x10008090 | 0xdf20 | 0xdf20 | 0x2b0 |
| GetModuleFileNameA | - | 0x10008094 | 0xdf24 | 0xdf24 | 0x124 |
| lstrlenA | - | 0x10008098 | 0xdf28 | 0xdf28 | 0x308 |
USER32.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| wsprintfW | - | 0x10008110 | 0xdfa0 | 0xdfa0 | 0x2ad |
| wsprintfA | - | 0x10008114 | 0xdfa4 | 0xdfa4 | 0x2ac |
| MessageBoxA | - | 0x10008118 | 0xdfa8 | 0xdfa8 | 0x1be |
ADVAPI32.dll (14)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| RegCreateKeyW | - | 0x10008000 | 0xde90 | 0xde90 | 0x161 |
| RegSetValueW | - | 0x10008004 | 0xde94 | 0xde94 | 0x188 |
| RegSetValueExW | - | 0x10008008 | 0xde98 | 0xde98 | 0x187 |
| RegOpenKeyExW | - | 0x1000800c | 0xde9c | 0xde9c | 0x173 |
| RegEnumKeyExW | - | 0x10008010 | 0xdea0 | 0xdea0 | 0x168 |
| RegDeleteKeyW | - | 0x10008014 | 0xdea4 | 0xdea4 | 0x163 |
| RegSetValueA | - | 0x10008018 | 0xdea8 | 0xdea8 | 0x185 |
| RegCreateKeyA | - | 0x1000801c | 0xdeac | 0xdeac | 0x15e |
| RegCloseKey | - | 0x10008020 | 0xdeb0 | 0xdeb0 | 0x15b |
| RegDeleteValueA | - | 0x10008024 | 0xdeb4 | 0xdeb4 | 0x164 |
| RegQueryValueExA | - | 0x10008028 | 0xdeb8 | 0xdeb8 | 0x17b |
| RegEnumKeyA | - | 0x1000802c | 0xdebc | 0xdebc | 0x166 |
| RegOpenKeyA | - | 0x10008030 | 0xdec0 | 0xdec0 | 0x171 |
| RegSetValueExA | - | 0x10008034 | 0xdec4 | 0xdec4 | 0x186 |
ole32.dll (7)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| StringFromGUID2 | - | 0x10008130 | 0xdfc0 | 0xdfc0 | 0x10d |
| CoUninitialize | - | 0x10008134 | 0xdfc4 | 0xdfc4 | 0x53 |
| StringFromIID | - | 0x10008138 | 0xdfc8 | 0xdfc8 | 0x10e |
| CoFreeUnusedLibraries | - | 0x1000813c | 0xdfcc | 0xdfcc | 0x16 |
| CoCreateInstance | - | 0x10008140 | 0xdfd0 | 0xdfd0 | 0xd |
| CoInitialize | - | 0x10008144 | 0xdfd4 | 0xdfd4 | 0x2d |
| IIDFromString | - | 0x10008148 | 0xdfd8 | 0xdfd8 | 0xa1 |
OLEAUT32.dll (4)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| VariantClear | 0x9 | 0x100080fc | 0xdf8c | 0xdf8c | - |
| SysAllocStringLen | 0x4 | 0x10008100 | 0xdf90 | 0xdf90 | - |
| SysAllocString | 0x2 | 0x10008104 | 0xdf94 | 0xdf94 | - |
| SysFreeString | 0x6 | 0x10008108 | 0xdf98 | 0xdf98 | - |
MSVCRT.dll (22)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| rand | - | 0x100080a0 | 0xdf30 | 0xdf30 | 0x2a6 |
| sprintf | - | 0x100080a4 | 0xdf34 | 0xdf34 | 0x2b2 |
| strncpy | - | 0x100080a8 | 0xdf38 | 0xdf38 | 0x2c1 |
| strncat | - | 0x100080ac | 0xdf3c | 0xdf3c | 0x2bf |
| toupper | - | 0x100080b0 | 0xdf40 | 0xdf40 | 0x2d4 |
| ??3@YAXPAX@Z | - | 0x100080b4 | 0xdf44 | 0xdf44 | 0x10 |
| ??2@YAPAXI@Z | - | 0x100080b8 | 0xdf48 | 0xdf48 | 0xf |
| sscanf | - | 0x100080bc | 0xdf4c | 0xdf4c | 0x2b5 |
| _itoa | - | 0x100080c0 | 0xdf50 | 0xdf50 | 0x134 |
| _strnicmp | - | 0x100080c4 | 0xdf54 | 0xdf54 | 0x1c5 |
| _stricmp | - | 0x100080c8 | 0xdf58 | 0xdf58 | 0x1c1 |
| _purecall | - | 0x100080cc | 0xdf5c | 0xdf5c | 0x192 |
| __dllonexit | - | 0x100080d0 | 0xdf60 | 0xdf60 | 0x55 |
| _onexit | - | 0x100080d4 | 0xdf64 | 0xdf64 | 0x186 |
| strchr | - | 0x100080d8 | 0xdf68 | 0xdf68 | 0x2b7 |
| _strupr | - | 0x100080dc | 0xdf6c | 0xdf6c | 0x1cb |
| _strdup | - | 0x100080e0 | 0xdf70 | 0xdf70 | 0x1bf |
| free | - | 0x100080e4 | 0xdf74 | 0xdf74 | 0x25e |
| wcscpy | - | 0x100080e8 | 0xdf78 | 0xdf78 | 0x2e3 |
| __CxxFrameHandler | - | 0x100080ec | 0xdf7c | 0xdf7c | 0x49 |
| wcslen | - | 0x100080f0 | 0xdf80 | 0xdf80 | 0x2e6 |
| atoi | - | 0x100080f4 | 0xdf84 | 0xdf84 | 0x23d |
Exports (4)
»
| Api name | EAT Address | Ordinal |
|---|---|---|
| DllCanUnloadNow | 0x65f0 | 0x1 |
| DllGetClassObject | 0x6500 | 0x2 |
| DllRegisterServer | 0x2d50 | 0x3 |
| DllUnregisterServer | 0x2f30 | 0x4 |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\Filters\is-1BJT9.tmp | Dropped File | RTF |
clean
Known to be clean.
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\Filters\License.rtf (Dropped File) |
| MIME Type | text/rtf |
| File Size | 62.65 KB |
| MD5 |
8b1e3300d8671530e75c4ea201945457
|
| SHA1 |
a7933ae925175f0cf6876506f56583cbbc18e966
|
| SHA256 |
ab5e632345d9ced4f8bcb210bf6e0922a18479e0620943acd613d7b5c68f473d
|
| SSDeep |
768:zgv96cAAxEzYDlHnnDx2QAAw44RmkXOQQrWU0CW246jm/grBT8UojwKA7npBL4Cc:apRyHEQmtmMy4uIxju0TfTRY
|
| ImpHash | - |
Office Information
»
| Title | ELECARD END USER LICENSE AGREEMENT |
| Creator | Boris Shirokov |
| Revision | 1 |
| Create Time | 2005-11-25 18:32:00+00:00 |
| Modify Time | 2005-11-25 18:34:00+00:00 |
| App Version | 24689 |
| Company | Moonlight Russia |
| Editing Time | 2.0 |
| Page Count | 4 |
| Word Count | 2722 |
| Character Count | 15520 |
| Chars With Spaces | 18206 |
| operator | Boris Shirokov |
Document Content Snippet
»
ELECARDEND USER LICENSE AGREEMENT
This End User License Agreement (" EULA ") is a legal binding agreement between you (in case hereby you act as individual) or your employer (in case hereby you act as employee) and Elecard Ltd 1027000873569, a company duly incorporated under the laws of Russian Federation with its principal offices at 10/3 Akademicheskiy Ave., Tomsk, 634055, Russia (" Elecard "). In case you act as an employee, your employer hereby should be considered as proper licensee, even if you are the only person familiar with this EULA .
We recommend that you fully understand what you are installing before you install this Elecard's Software that is conducting this EULA. “ Elecard's Software " means all of the contents of the files, disk(s), CD-ROM(s) or other media with which this EULA is provided, including but not limited to (i) Elecard's or third party computer information or software; (ii) digital images, stock photographs, clip art, so ...
|
Extracted URLs (2)
»
| URL | WHOIS Data | Reputation Status | Recursively Submitted | Actions |
|---|---|---|---|---|
| http://www.elecard.com |
Show WHOIS
|
N/A
|
- |
...
|
| http://www.mpegla.com |
Show WHOIS
|
N/A
|
- |
...
|
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\Filters\is-6FJ0T.tmp | Dropped File | Text |
clean
Known to be clean.
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\Filters\register.cmd (Dropped File) |
| MIME Type | text/plain |
| File Size | 88 Bytes |
| MD5 |
26cb1034edd008abd00d7a1f935b61c5
|
| SHA1 |
2e45fddd2280a14a96b8cb1ed8b8e4c9707f9c41
|
| SHA256 |
f4e0fbc265020d01aaf4f451ffd9319ab3742aeef949af7a38260790ff6e4670
|
| SSDeep |
3:5jFPvXJjFPwqBjFjmdUjFLGLEU:7b1/qKGwU
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\Filters\is-5O0L8.tmp | Dropped File | Text |
clean
Known to be clean.
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\Filters\unregister.cmd (Dropped File) |
| MIME Type | text/plain |
| File Size | 98 Bytes |
| MD5 |
db1bd76ff52fe427a03204673a307b12
|
| SHA1 |
72232d601dbeee8e448af0cc41d2d517aa56296d
|
| SHA256 |
6c3cefca10c5e5676a6ef14e8ca472f8f0a11c3ded7391b14acb24bf3d7b727c
|
| SSDeep |
3:5lF5lvXJlFQIdwqBlFQJUmdUlFQJoGLEd:NWId1e6qnKGwd
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\fonts\is-MJ768.tmp | Dropped File | Unknown |
clean
Known to be clean.
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\fonts\Kedage-n.ttf (Dropped File) |
| MIME Type | font/sfnt |
| File Size | 97.71 KB |
| MD5 |
16024bea0eb7a59995c59edf5df20d8f
|
| SHA1 |
33710d5ceea4684ce09c4616dbe03b881058640f
|
| SHA256 |
9ac4c694374e9bdd49c74e5852a990eaf1256d92de859e6f2cbc42272102c1a5
|
| SSDeep |
1536:f2IGmE7hw5dfZZx1NoA/U5c/H4yQcAa+CrSV/DiU+XB6xAY3DG2NLyPGfGT85Sfx:f2xwLZZxb/U5PyQnaZ2ewrDGiLyPv
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\fonts\is-J3RJD.tmp | Dropped File | Unknown |
clean
Known to be clean.
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\fonts\lohit_hi.ttf (Dropped File) |
| MIME Type | font/sfnt |
| File Size | 74.80 KB |
| MD5 |
4808ddf3a48dc3b6a4f93dbd3d17eb4e
|
| SHA1 |
0629a606cf59c08ebcf53dcd9535ae0d30755903
|
| SHA256 |
5ea6d5af952385a37b83eb3821253d46542af509673add90075e7feaf1d8b453
|
| SSDeep |
1536:V6ksURZ3E0fWPnVV9X15POG/EVy0Mft4tb1a7Il/6gbScGTDI1uw44f:VpvPRfWPVXj1EVut4V1a7GygGgr
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\fonts\is-R2CEH.tmp | Dropped File | Unknown |
clean
Known to be clean.
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\fonts\lohit_pa.ttf (Dropped File) |
| MIME Type | font/sfnt |
| File Size | 56.88 KB |
| MD5 |
cc2ee1b756fc72a58c52294854fa35d7
|
| SHA1 |
58e6658240c710dd7eb9de46fdd8515390219196
|
| SHA256 |
b9920211b0e1d19b55fbef3cb602248fa8f0ff87598878769188209cbb7f6eac
|
| SSDeep |
1536:Q42z0R0cX1S641B6rG+Xp+jPAh7n/pOkfH4r:2QWcXEpX6a+Xp+jo1/pOUHi
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\fonts\is-PKUKC.tmp | Dropped File | Unknown |
clean
Known to be clean.
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\fonts\lohit_ta.ttf (Dropped File) |
| MIME Type | font/sfnt |
| File Size | 63.24 KB |
| MD5 |
2e6070e9b26ac1377f9208c320d62591
|
| SHA1 |
a5c6d4ac71748c0979968a40180a575f611c73d4
|
| SHA256 |
9499f3b7446292dc164a7acdabd8b6b38ae3d94b9d092004c1ed48dcbb83bb44
|
| SSDeep |
1536:/JkO5XuoOM3qn3RDWuLHmBET8La0O5dGXwZR:x75Xu5n3BWubmST8ufdGAz
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\imageformats\is-4PN8O.tmp | Dropped File | Binary |
clean
Known to be clean.
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\imageformats\qgif4.dll (Dropped File) |
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 49.50 KB |
| MD5 |
b690fdd8fcd1c2700f35388e9b1e5974
|
| SHA1 |
51669dd917b3f81b7d4526af36938dcf8c0aa7d9
|
| SHA256 |
3d5a5623cdea823a14102a43cac78902a73840434ba0fe9447aa8f37f887af4a
|
| SSDeep |
1536:LBv1ky0ucs9y43wtHs9AjOQ0oHmfFDbJfhSuH:LBq4pyv29wMoHkFDbJfhf
|
| ImpHash |
ddf812732b908395c1e10bf2d6c75763
|
PE Information
»
| Image Base | 0x62a00000 |
| Entry Point | 0x62a01430 |
| Size Of Code | 0x8c00 |
| Size Of Initialized Data | 0xc200 |
| Size Of Uninitialized Data | 0xe00 |
| File Type | FileType.dll |
| Subsystem | Subsystem.windows_cui |
| Machine Type | MachineType.i386 |
| Compile Timestamp | 2016-01-29 15:46:16+00:00 |
Version Information (6)
»
| CompanyName | Nokia Corporation and/or its subsidiary(-ies) |
| FileDescription | C++ application development framework. |
| FileVersion | 4.8.3.0 |
| LegalCopyright | Copyright (C) 2012 Nokia Corporation and/or its subsidiary(-ies). |
| OriginalFilename | qgif4.dll |
| ProductName | Qt4 |
Sections (10)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x62a01000 | 0x8bd4 | 0x8c00 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.36 |
| .data | 0x62a0a000 | 0x44 | 0x200 | 0x9000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.71 |
| .rdata | 0x62a0b000 | 0xe60 | 0x1000 | 0x9200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ | 5.24 |
| .bss | 0x62a0c000 | 0xd84 | 0x0 | 0x0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
| .edata | 0x62a0d000 | 0x7b | 0x200 | 0xa200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ | 1.44 |
| .idata | 0x62a0e000 | 0x124c | 0x1400 | 0xa400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 5.15 |
| .CRT | 0x62a10000 | 0x2c | 0x200 | 0xb800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.2 |
| .tls | 0x62a11000 | 0x20 | 0x200 | 0xba00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.26 |
| .rsrc | 0x62a12000 | 0x3a8 | 0x400 | 0xbc00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 3.2 |
| .reloc | 0x62a13000 | 0x5dc | 0x600 | 0xc000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 6.43 |
Imports (6)
»
libgcc_s_sjlj-1.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| __udivdi3 | - | 0x62a0e284 | 0xe08c | 0xa48c | 0x77 |
| __umoddi3 | - | 0x62a0e288 | 0xe090 | 0xa490 | 0x79 |
KERNEL32.dll (24)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| DeleteCriticalSection | - | 0x62a0e290 | 0xe098 | 0xa498 | 0xd4 |
| EnterCriticalSection | - | 0x62a0e294 | 0xe09c | 0xa49c | 0xef |
| GetCurrentProcess | - | 0x62a0e298 | 0xe0a0 | 0xa4a0 | 0x1c4 |
| GetCurrentProcessId | - | 0x62a0e29c | 0xe0a4 | 0xa4a4 | 0x1c5 |
| GetCurrentThreadId | - | 0x62a0e2a0 | 0xe0a8 | 0xa4a8 | 0x1c9 |
| GetLastError | - | 0x62a0e2a4 | 0xe0ac | 0xa4ac | 0x203 |
| GetModuleHandleA | - | 0x62a0e2a8 | 0xe0b0 | 0xa4b0 | 0x215 |
| GetProcAddress | - | 0x62a0e2ac | 0xe0b4 | 0xa4b4 | 0x245 |
| GetSystemTimeAsFileTime | - | 0x62a0e2b0 | 0xe0b8 | 0xa4b8 | 0x27b |
| GetTickCount | - | 0x62a0e2b4 | 0xe0bc | 0xa4bc | 0x297 |
| InitializeCriticalSection | - | 0x62a0e2b8 | 0xe0c0 | 0xa4c0 | 0x2eb |
| IsDBCSLeadByteEx | - | 0x62a0e2bc | 0xe0c4 | 0xa4c4 | 0x307 |
| LeaveCriticalSection | - | 0x62a0e2c0 | 0xe0c8 | 0xa4c8 | 0x326 |
| LoadLibraryW | - | 0x62a0e2c4 | 0xe0cc | 0xa4cc | 0x32c |
| MultiByteToWideChar | - | 0x62a0e2c8 | 0xe0d0 | 0xa4d0 | 0x355 |
| QueryPerformanceCounter | - | 0x62a0e2cc | 0xe0d4 | 0xa4d4 | 0x393 |
| SetUnhandledExceptionFilter | - | 0x62a0e2d0 | 0xe0d8 | 0xa4d8 | 0x467 |
| Sleep | - | 0x62a0e2d4 | 0xe0dc | 0xa4dc | 0x474 |
| TerminateProcess | - | 0x62a0e2d8 | 0xe0e0 | 0xa4e0 | 0x482 |
| TlsGetValue | - | 0x62a0e2dc | 0xe0e4 | 0xa4e4 | 0x489 |
| UnhandledExceptionFilter | - | 0x62a0e2e0 | 0xe0e8 | 0xa4e8 | 0x496 |
| VirtualProtect | - | 0x62a0e2e4 | 0xe0ec | 0xa4ec | 0x4b6 |
| VirtualQuery | - | 0x62a0e2e8 | 0xe0f0 | 0xa4f0 | 0x4b9 |
| WideCharToMultiByte | - | 0x62a0e2ec | 0xe0f4 | 0xa4f4 | 0x4da |
msvcrt.dll (25)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| __dllonexit | - | 0x62a0e2f4 | 0xe0fc | 0xa4fc | 0x38 |
| __mb_cur_max | - | 0x62a0e2f8 | 0xe100 | 0xa500 | 0x46 |
| _amsg_exit | - | 0x62a0e2fc | 0xe104 | 0xa504 | 0x8f |
| _errno | - | 0x62a0e300 | 0xe108 | 0xa508 | 0xd1 |
| _initterm | - | 0x62a0e304 | 0xe10c | 0xa50c | 0x131 |
| _iob | - | 0x62a0e308 | 0xe110 | 0xa510 | 0x135 |
| _lock | - | 0x62a0e30c | 0xe114 | 0xa514 | 0x196 |
| _onexit | - | 0x62a0e310 | 0xe118 | 0xa518 | 0x233 |
| _unlock | - | 0x62a0e314 | 0xe11c | 0xa51c | 0x2f0 |
| calloc | - | 0x62a0e318 | 0xe120 | 0xa520 | 0x34e |
| fputc | - | 0x62a0e31c | 0xe124 | 0xa524 | 0x36a |
| free | - | 0x62a0e320 | 0xe128 | 0xa528 | 0x36f |
| getenv | - | 0x62a0e324 | 0xe12c | 0xa52c | 0x37f |
| localeconv | - | 0x62a0e328 | 0xe130 | 0xa530 | 0x3a2 |
| malloc | - | 0x62a0e32c | 0xe134 | 0xa534 | 0x3a6 |
| memcpy | - | 0x62a0e330 | 0xe138 | 0xa538 | 0x3ae |
| memset | - | 0x62a0e334 | 0xe13c | 0xa53c | 0x3b1 |
| setlocale | - | 0x62a0e338 | 0xe140 | 0xa540 | 0x3c8 |
| strchr | - | 0x62a0e33c | 0xe144 | 0xa544 | 0x3d5 |
| strerror | - | 0x62a0e340 | 0xe148 | 0xa548 | 0x3db |
| strlen | - | 0x62a0e344 | 0xe14c | 0xa54c | 0x3de |
| strncmp | - | 0x62a0e348 | 0xe150 | 0xa550 | 0x3e1 |
| abort | - | 0x62a0e34c | 0xe154 | 0xa554 | 0x442 |
| atoi | - | 0x62a0e350 | 0xe158 | 0xa558 | 0x44b |
| wcslen | - | 0x62a0e354 | 0xe15c | 0xa55c | 0x476 |
libstdc++-6.dll (9)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| _ZTVN10__cxxabiv117__class_type_infoE | - | 0x62a0e35c | 0xe164 | 0xa564 | 0xd05 |
| _ZTVN10__cxxabiv120__si_class_type_infoE | - | 0x62a0e360 | 0xe168 | 0xa568 | 0xd09 |
| _ZTVN10__cxxabiv121__vmi_class_type_infoE | - | 0x62a0e364 | 0xe16c | 0xa56c | 0xd0a |
| _ZdaPv | - | 0x62a0e368 | 0xe170 | 0xa570 | 0xdb0 |
| _ZdlPv | - | 0x62a0e36c | 0xe174 | 0xa574 | 0xdb2 |
| _Znaj | - | 0x62a0e370 | 0xe178 | 0xa578 | 0xdb4 |
| _Znwj | - | 0x62a0e374 | 0xe17c | 0xa57c | 0xdb6 |
| __cxa_guard_acquire | - | 0x62a0e378 | 0xe180 | 0xa580 | 0xdca |
| __cxa_guard_release | - | 0x62a0e37c | 0xe184 | 0xa584 | 0xdcb |
QtCore4.dll (34)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| _Z5qFreePv | - | 0x62a0e384 | 0xe18c | 0xa58c | 0x44 |
| _Z7qstrcmpRK10QByteArrayPKc | - | 0x62a0e388 | 0xe190 | 0xa590 | 0x5e |
| _Z8qWarningPKcz | - | 0x62a0e38c | 0xe194 | 0xa594 | 0x67 |
| _ZN10QByteArray11shared_nullE | - | 0x62a0e390 | 0xe198 | 0xa598 | 0x7d |
| _ZN10QByteArray6appendERKS_ | - | 0x62a0e394 | 0xe19c | 0xa59c | 0x86 |
| _ZN10QByteArray6removeEii | - | 0x62a0e398 | 0xe1a0 | 0xa5a0 | 0x93 |
| _ZN10QByteArrayC1EPKc | - | 0x62a0e39c | 0xe1a4 | 0xa5a4 | 0xac |
| _ZN10QByteArrayaSERKS_ | - | 0x62a0e3a0 | 0xe1a8 | 0xa5a8 | 0xb8 |
| _ZN11QMetaObject11changeGuardEPP7QObjectS1_ | - | 0x62a0e3a4 | 0xe1ac | 0xa5ac | 0x142 |
| _ZN11QMetaObject11removeGuardEPP7QObject | - | 0x62a0e3a8 | 0xe1b0 | 0xa5b0 | 0x143 |
| _ZN11QVectorData10reallocateEPS_iii | - | 0x62a0e3ac | 0xe1b4 | 0xa5b4 | 0x1c9 |
| _ZN11QVectorData11shared_nullE | - | 0x62a0e3b0 | 0xe1b8 | 0xa5b8 | 0x1ca |
| _ZN11QVectorData4freeEPS_i | - | 0x62a0e3b4 | 0xe1bc | 0xa5bc | 0x1cb |
| _ZN11QVectorData4growEiiib | - | 0x62a0e3b8 | 0xe1c0 | 0xa5c0 | 0x1cc |
| _ZN11QVectorData8allocateEii | - | 0x62a0e3bc | 0xe1c4 | 0xa5c4 | 0x1ce |
| _ZN7QObject10childEventEP11QChildEvent | - | 0x62a0e3c0 | 0xe1c8 | 0xa5c8 | 0x8cc |
| _ZN7QObject10timerEventEP11QTimerEvent | - | 0x62a0e3c4 | 0xe1cc | 0xa5cc | 0x8d1 |
| _ZN7QObject11customEventEP6QEvent | - | 0x62a0e3c8 | 0xe1d0 | 0xa5d0 | 0x8d2 |
| _ZN7QObject11eventFilterEPS_P6QEvent | - | 0x62a0e3cc | 0xe1d4 | 0xa5d4 | 0x8d4 |
| _ZN7QObject13connectNotifyEPKc | - | 0x62a0e3d0 | 0xe1d8 | 0xa5d8 | 0x8db |
| _ZN7QObject16disconnectNotifyEPKc | - | 0x62a0e3d4 | 0xe1dc | 0xa5dc | 0x8df |
| _ZN7QObject5eventEP6QEvent | - | 0x62a0e3d8 | 0xe1e0 | 0xa5e0 | 0x8e7 |
| _ZN7QString11shared_nullE | - | 0x62a0e3dc | 0xe1e4 | 0xa5e4 | 0x910 |
| _ZN7QString17fromLatin1_helperEPKci | - | 0x62a0e3e0 | 0xe1e8 | 0xa5e8 | 0x919 |
| _ZN7QString4freeEPNS_4DataE | - | 0x62a0e3e4 | 0xe1ec | 0xa5ec | 0x91e |
| _ZN8QVariantC1ERK5QSize | - | 0x62a0e3e8 | 0xe1f0 | 0xa5f0 | 0xa10 |
| _ZN8QVariantC1Eb | - | 0x62a0e3ec | 0xe1f4 | 0xa5f4 | 0xa1d |
| _ZN9QIODevice4peekEPcx | - | 0x62a0e3f0 | 0xe1f8 | 0xa5f8 | 0xaab |
| _ZN9QIODevice4readEx | - | 0x62a0e3f4 | 0xe1fc | 0xa5fc | 0xaae |
| _ZN9QListData11detach_growEPii | - | 0x62a0e3f8 | 0xe200 | 0xa600 | 0xaca |
| _ZN9QListData11shared_nullE | - | 0x62a0e3fc | 0xe204 | 0xa604 | 0xacb |
| _ZN9QListData6appendEv | - | 0x62a0e400 | 0xe208 | 0xa608 | 0xad0 |
| _ZN9QListData6detachEi | - | 0x62a0e404 | 0xe20c | 0xa60c | 0xad1 |
| _ZNK9QIODevice10isReadableEv | - | 0x62a0e408 | 0xe210 | 0xa610 | 0x100d |
QtGui4.dll (26)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| _ZN14QImageIOPlugin11qt_metacallEN11QMetaObject4CallEiPPv | - | 0x62a0e410 | 0xe218 | 0xa618 | 0xd1d |
| _ZN14QImageIOPlugin11qt_metacastEPKc | - | 0x62a0e414 | 0xe21c | 0xa61c | 0xd1e |
| _ZN14QImageIOPluginC2EP7QObject | - | 0x62a0e418 | 0xe220 | 0xa620 | 0xd23 |
| _ZN14QImageIOPluginD2Ev | - | 0x62a0e41c | 0xe224 | 0xa624 | 0xd26 |
| _ZN15QImageIOHandler11jumpToImageEi | - | 0x62a0e420 | 0xe228 | 0xa628 | 0xf99 |
| _ZN15QImageIOHandler15jumpToNextImageEv | - | 0x62a0e424 | 0xe22c | 0xa62c | 0xf9a |
| _ZN15QImageIOHandler9setDeviceEP9QIODevice | - | 0x62a0e428 | 0xe230 | 0xa630 | 0xf9d |
| _ZN15QImageIOHandler9setFormatERK10QByteArray | - | 0x62a0e42c | 0xe234 | 0xa634 | 0xf9e |
| _ZN15QImageIOHandlerC2Ev | - | 0x62a0e430 | 0xe238 | 0xa638 | 0xfa3 |
| _ZN15QImageIOHandlerD2Ev | - | 0x62a0e434 | 0xe23c | 0xa63c | 0xfa6 |
| _ZN6QImage4bitsEv | - | 0x62a0e438 | 0xe240 | 0xa640 | 0x1b84 |
| _ZN6QImage6detachEv | - | 0x62a0e43c | 0xe244 | 0xa644 | 0x1b8a |
| _ZN6QImage8scanLineEi | - | 0x62a0e440 | 0xe248 | 0xa648 | 0x1b90 |
| _ZN6QImageC1EiiNS_6FormatE | - | 0x62a0e444 | 0xe24c | 0xa64c | 0x1b9d |
| _ZN6QImageC1Ev | - | 0x62a0e448 | 0xe250 | 0xa650 | 0x1b9e |
| _ZN6QImageD1Ev | - | 0x62a0e44c | 0xe254 | 0xa654 | 0x1bab |
| _ZN6QImageaSERKS_ | - | 0x62a0e450 | 0xe258 | 0xa658 | 0x1bad |
| _ZNK14QImageIOPlugin10metaObjectEv | - | 0x62a0e454 | 0xe25c | 0xa65c | 0x29c0 |
| _ZNK15QImageIOHandler16currentImageRectEv | - | 0x62a0e458 | 0xe260 | 0xa660 | 0x2aa5 |
| _ZNK15QImageIOHandler6deviceEv | - | 0x62a0e45c | 0xe264 | 0xa664 | 0x2aa9 |
| _ZNK15QImageIOHandler9setFormatERK10QByteArray | - | 0x62a0e460 | 0xe268 | 0xa668 | 0x2aad |
| _ZNK6QImage12bytesPerLineEv | - | 0x62a0e464 | 0xe26c | 0xa66c | 0x2fa5 |
| _ZNK6QImage5widthEv | - | 0x62a0e468 | 0xe270 | 0xa670 | 0x2fc2 |
| _ZNK6QImage6heightEv | - | 0x62a0e46c | 0xe274 | 0xa674 | 0x2fc4 |
| _ZNK6QImage6isNullEv | - | 0x62a0e470 | 0xe278 | 0xa678 | 0x2fc5 |
| _ZNK6QImage9byteCountEv | - | 0x62a0e474 | 0xe27c | 0xa67c | 0x2fd2 |
Exports (2)
»
| Api name | EAT Address | Ordinal |
|---|---|---|
| qt_plugin_instance | 0x38f0 | 0x1 |
| qt_plugin_query_verification_data | 0x38e0 | 0x2 |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\imageformats\is-0OF2U.tmp | Dropped File | Binary |
clean
Known to be clean.
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\imageformats\qjpeg4.dll (Dropped File) |
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 224.00 KB |
| MD5 |
b7c7bc0c790c4ba8ae2e7c8608710c3e
|
| SHA1 |
8cbe580b7d6c67963563ed69495ff6387edb0f0e
|
| SHA256 |
6c8b148b4a223d9372d7b56a2bfd5af5db0ab9bef74c3423de8b2d4e335c3e85
|
| SSDeep |
3072:hNj+F2PYTwAEbc8NnQPgd/5LV9Saotx2xhz4lzZoIWpJatWCETGBxdxz0dIAJo9o:NBQdgdhLV02m8pJYETywe9sibJZw
|
| ImpHash |
5e152a982a36b02a54b551a236c27797
|
PE Information
»
| Image Base | 0x63a00000 |
| Entry Point | 0x63a01430 |
| Size Of Code | 0x30a00 |
| Size Of Initialized Data | 0x37c00 |
| Size Of Uninitialized Data | 0xe00 |
| File Type | FileType.dll |
| Subsystem | Subsystem.windows_cui |
| Machine Type | MachineType.i386 |
| Compile Timestamp | 2016-01-29 15:46:16+00:00 |
Version Information (6)
»
| CompanyName | Nokia Corporation and/or its subsidiary(-ies) |
| FileDescription | C++ application development framework. |
| FileVersion | 4.8.3.0 |
| LegalCopyright | Copyright (C) 2012 Nokia Corporation and/or its subsidiary(-ies). |
| OriginalFilename | qjpeg4.dll |
| ProductName | Qt4 |
Sections (10)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x63a01000 | 0x308f4 | 0x30a00 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.32 |
| .data | 0x63a32000 | 0x48 | 0x200 | 0x30e00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.78 |
| .rdata | 0x63a33000 | 0x3fc8 | 0x4000 | 0x31000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ | 5.71 |
| .bss | 0x63a37000 | 0xd84 | 0x0 | 0x0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
| .edata | 0x63a38000 | 0x7c | 0x200 | 0x35000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ | 1.58 |
| .idata | 0x63a39000 | 0x16fc | 0x1800 | 0x35200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 5.6 |
| .CRT | 0x63a3b000 | 0x2c | 0x200 | 0x36a00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.21 |
| .tls | 0x63a3c000 | 0x20 | 0x200 | 0x36c00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.27 |
| .rsrc | 0x63a3d000 | 0x3ac | 0x400 | 0x36e00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 3.21 |
| .reloc | 0x63a3e000 | 0xc44 | 0xe00 | 0x37200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 6.08 |
Imports (6)
»
libgcc_s_sjlj-1.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| __udivdi3 | - | 0x63a392fc | 0x3908c | 0x3528c | 0x77 |
| __umoddi3 | - | 0x63a39300 | 0x39090 | 0x35290 | 0x79 |
KERNEL32.dll (24)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| DeleteCriticalSection | - | 0x63a39308 | 0x39098 | 0x35298 | 0xd4 |
| EnterCriticalSection | - | 0x63a3930c | 0x3909c | 0x3529c | 0xef |
| GetCurrentProcess | - | 0x63a39310 | 0x390a0 | 0x352a0 | 0x1c4 |
| GetCurrentProcessId | - | 0x63a39314 | 0x390a4 | 0x352a4 | 0x1c5 |
| GetCurrentThreadId | - | 0x63a39318 | 0x390a8 | 0x352a8 | 0x1c9 |
| GetLastError | - | 0x63a3931c | 0x390ac | 0x352ac | 0x203 |
| GetModuleHandleA | - | 0x63a39320 | 0x390b0 | 0x352b0 | 0x215 |
| GetProcAddress | - | 0x63a39324 | 0x390b4 | 0x352b4 | 0x245 |
| GetSystemTimeAsFileTime | - | 0x63a39328 | 0x390b8 | 0x352b8 | 0x27b |
| GetTickCount | - | 0x63a3932c | 0x390bc | 0x352bc | 0x297 |
| InitializeCriticalSection | - | 0x63a39330 | 0x390c0 | 0x352c0 | 0x2eb |
| IsDBCSLeadByteEx | - | 0x63a39334 | 0x390c4 | 0x352c4 | 0x307 |
| LeaveCriticalSection | - | 0x63a39338 | 0x390c8 | 0x352c8 | 0x326 |
| LoadLibraryW | - | 0x63a3933c | 0x390cc | 0x352cc | 0x32c |
| MultiByteToWideChar | - | 0x63a39340 | 0x390d0 | 0x352d0 | 0x355 |
| QueryPerformanceCounter | - | 0x63a39344 | 0x390d4 | 0x352d4 | 0x393 |
| SetUnhandledExceptionFilter | - | 0x63a39348 | 0x390d8 | 0x352d8 | 0x467 |
| Sleep | - | 0x63a3934c | 0x390dc | 0x352dc | 0x474 |
| TerminateProcess | - | 0x63a39350 | 0x390e0 | 0x352e0 | 0x482 |
| TlsGetValue | - | 0x63a39354 | 0x390e4 | 0x352e4 | 0x489 |
| UnhandledExceptionFilter | - | 0x63a39358 | 0x390e8 | 0x352e8 | 0x496 |
| VirtualProtect | - | 0x63a3935c | 0x390ec | 0x352ec | 0x4b6 |
| VirtualQuery | - | 0x63a39360 | 0x390f0 | 0x352f0 | 0x4b9 |
| WideCharToMultiByte | - | 0x63a39364 | 0x390f4 | 0x352f4 | 0x4da |
msvcrt.dll (35)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| __dllonexit | - | 0x63a3936c | 0x390fc | 0x352fc | 0x38 |
| __mb_cur_max | - | 0x63a39370 | 0x39100 | 0x35300 | 0x46 |
| _amsg_exit | - | 0x63a39374 | 0x39104 | 0x35304 | 0x8f |
| _errno | - | 0x63a39378 | 0x39108 | 0x35308 | 0xd1 |
| _initterm | - | 0x63a3937c | 0x3910c | 0x3530c | 0x131 |
| _iob | - | 0x63a39380 | 0x39110 | 0x35310 | 0x135 |
| _lock | - | 0x63a39384 | 0x39114 | 0x35314 | 0x196 |
| _onexit | - | 0x63a39388 | 0x39118 | 0x35318 | 0x233 |
| _setjmp3 | - | 0x63a3938c | 0x3911c | 0x3531c | 0x268 |
| _unlock | - | 0x63a39390 | 0x39120 | 0x35320 | 0x2f0 |
| calloc | - | 0x63a39394 | 0x39124 | 0x35324 | 0x34e |
| exit | - | 0x63a39398 | 0x39128 | 0x35328 | 0x358 |
| ferror | - | 0x63a3939c | 0x3912c | 0x3532c | 0x35d |
| fflush | - | 0x63a393a0 | 0x39130 | 0x35330 | 0x35e |
| fprintf | - | 0x63a393a4 | 0x39134 | 0x35334 | 0x368 |
| fputc | - | 0x63a393a8 | 0x39138 | 0x35338 | 0x36a |
| fread | - | 0x63a393ac | 0x3913c | 0x3533c | 0x36e |
| free | - | 0x63a393b0 | 0x39140 | 0x35340 | 0x36f |
| fwrite | - | 0x63a393b4 | 0x39144 | 0x35344 | 0x37a |
| getenv | - | 0x63a393b8 | 0x39148 | 0x35348 | 0x37f |
| localeconv | - | 0x63a393bc | 0x3914c | 0x3534c | 0x3a2 |
| malloc | - | 0x63a393c0 | 0x39150 | 0x35350 | 0x3a6 |
| memcpy | - | 0x63a393c4 | 0x39154 | 0x35354 | 0x3ae |
| memset | - | 0x63a393c8 | 0x39158 | 0x35358 | 0x3b1 |
| setlocale | - | 0x63a393cc | 0x3915c | 0x3535c | 0x3c8 |
| sprintf | - | 0x63a393d0 | 0x39160 | 0x35360 | 0x3cd |
| sscanf | - | 0x63a393d4 | 0x39164 | 0x35364 | 0x3d1 |
| strchr | - | 0x63a393d8 | 0x39168 | 0x35368 | 0x3d5 |
| strerror | - | 0x63a393dc | 0x3916c | 0x3536c | 0x3db |
| strlen | - | 0x63a393e0 | 0x39170 | 0x35370 | 0x3de |
| strncmp | - | 0x63a393e4 | 0x39174 | 0x35374 | 0x3e1 |
| abort | - | 0x63a393e8 | 0x39178 | 0x35378 | 0x442 |
| atoi | - | 0x63a393ec | 0x3917c | 0x3537c | 0x44b |
| wcslen | - | 0x63a393f0 | 0x39180 | 0x35380 | 0x476 |
| longjmp | - | 0x63a393f4 | 0x39184 | 0x35384 | 0x4a7 |
libstdc++-6.dll (9)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| _ZTVN10__cxxabiv117__class_type_infoE | - | 0x63a393fc | 0x3918c | 0x3538c | 0xd05 |
| _ZTVN10__cxxabiv120__si_class_type_infoE | - | 0x63a39400 | 0x39190 | 0x35390 | 0xd09 |
| _ZTVN10__cxxabiv121__vmi_class_type_infoE | - | 0x63a39404 | 0x39194 | 0x35394 | 0xd0a |
| _ZdaPv | - | 0x63a39408 | 0x39198 | 0x35398 | 0xdb0 |
| _ZdlPv | - | 0x63a3940c | 0x3919c | 0x3539c | 0xdb2 |
| _Znaj | - | 0x63a39410 | 0x391a0 | 0x353a0 | 0xdb4 |
| _Znwj | - | 0x63a39414 | 0x391a4 | 0x353a4 | 0xdb6 |
| __cxa_guard_acquire | - | 0x63a39418 | 0x391a8 | 0x353a8 | 0xdca |
| __cxa_guard_release | - | 0x63a3941c | 0x391ac | 0x353ac | 0xdcb |
QtCore4.dll (40)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| _Z18qDetectCPUFeaturesv | - | 0x63a39424 | 0x391b4 | 0x353b4 | 0x29 |
| _Z5qFreePv | - | 0x63a39428 | 0x391b8 | 0x353b8 | 0x44 |
| _Z7qstrcmpRK10QByteArrayPKc | - | 0x63a3942c | 0x391bc | 0x353bc | 0x5e |
| _Z8qWarningPKcz | - | 0x63a39430 | 0x391c0 | 0x353c0 | 0x67 |
| _ZN10QByteArrayC1EPKc | - | 0x63a39434 | 0x391c4 | 0x353c4 | 0xac |
| _ZN11QMetaObject11changeGuardEPP7QObjectS1_ | - | 0x63a39438 | 0x391c8 | 0x353c8 | 0x142 |
| _ZN11QMetaObject11removeGuardEPP7QObject | - | 0x63a3943c | 0x391cc | 0x353cc | 0x143 |
| _ZN11QVectorData4freeEPS_i | - | 0x63a39440 | 0x391d0 | 0x353d0 | 0x1cb |
| _ZN7QBuffer16staticMetaObjectE | - | 0x63a39444 | 0x391d4 | 0x353d4 | 0x8a4 |
| _ZN7QObject10childEventEP11QChildEvent | - | 0x63a39448 | 0x391d8 | 0x353d8 | 0x8cc |
| _ZN7QObject10timerEventEP11QTimerEvent | - | 0x63a3944c | 0x391dc | 0x353dc | 0x8d1 |
| _ZN7QObject11customEventEP6QEvent | - | 0x63a39450 | 0x391e0 | 0x353e0 | 0x8d2 |
| _ZN7QObject11eventFilterEPS_P6QEvent | - | 0x63a39454 | 0x391e4 | 0x353e4 | 0x8d4 |
| _ZN7QObject13connectNotifyEPKc | - | 0x63a39458 | 0x391e8 | 0x353e8 | 0x8db |
| _ZN7QObject16disconnectNotifyEPKc | - | 0x63a3945c | 0x391ec | 0x353ec | 0x8df |
| _ZN7QObject5eventEP6QEvent | - | 0x63a39460 | 0x391f0 | 0x353f0 | 0x8e7 |
| _ZN7QString17fromLatin1_helperEPKci | - | 0x63a39464 | 0x391f4 | 0x353f4 | 0x919 |
| _ZN7QString4freeEPNS_4DataE | - | 0x63a39468 | 0x391f8 | 0x353f8 | 0x91e |
| _ZN8QVariantC1ERK5QRect | - | 0x63a3946c | 0x391fc | 0x353fc | 0xa0f |
| _ZN8QVariantC1ERK5QSize | - | 0x63a39470 | 0x39200 | 0x35400 | 0xa10 |
| _ZN8QVariantC1ERKS_ | - | 0x63a39474 | 0x39204 | 0x35404 | 0xa1c |
| _ZN8QVariantC1Ei | - | 0x63a39478 | 0x39208 | 0x35408 | 0xa20 |
| _ZN8QVariantD1Ev | - | 0x63a3947c | 0x3920c | 0x3540c | 0xa4c |
| _ZN8QVariantaSERKS_ | - | 0x63a39480 | 0x39210 | 0x35410 | 0xa4e |
| _ZN9QIODevice4peekEPcx | - | 0x63a39484 | 0x39214 | 0x35414 | 0xaab |
| _ZN9QIODevice4readEPcx | - | 0x63a39488 | 0x39218 | 0x35418 | 0xaad |
| _ZN9QIODevice5writeEPKcx | - | 0x63a3948c | 0x3921c | 0x3541c | 0xab3 |
| _ZN9QListData11detach_growEPii | - | 0x63a39490 | 0x39220 | 0x35420 | 0xaca |
| _ZN9QListData11shared_nullE | - | 0x63a39494 | 0x39224 | 0x35424 | 0xacb |
| _ZN9QListData6appendEv | - | 0x63a39498 | 0x39228 | 0x35428 | 0xad0 |
| _ZN9QListData6detachEi | - | 0x63a3949c | 0x3922c | 0x3542c | 0xad1 |
| _ZNK11QMetaObject4castEP7QObject | - | 0x63a394a0 | 0x39230 | 0x35430 | 0xbf0 |
| _ZNK5QRectanERKS_ | - | 0x63a394a4 | 0x39234 | 0x35434 | 0xe68 |
| _ZNK7QBuffer4dataEv | - | 0x63a394a8 | 0x39238 | 0x35438 | 0xea9 |
| _ZNK8QVariant5toIntEPb | - | 0x63a394ac | 0x3923c | 0x3543c | 0xfa6 |
| _ZNK8QVariant6toRectEv | - | 0x63a394b0 | 0x39240 | 0x35440 | 0xfb1 |
| _ZNK8QVariant6toSizeEv | - | 0x63a394b4 | 0x39244 | 0x35444 | 0xfb2 |
| _ZNK9QIODevice10isReadableEv | - | 0x63a394b8 | 0x39248 | 0x35448 | 0x100d |
| _ZNK9QIODevice10isWritableEv | - | 0x63a394bc | 0x3924c | 0x3544c | 0x100e |
| _ZNK9QIODevice6isOpenEv | - | 0x63a394c0 | 0x39250 | 0x35450 | 0x101a |
QtGui4.dll (40)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| _Z32qt_convert_rgb888_to_rgb32_ssse3PjPKhi | - | 0x63a394c8 | 0x39258 | 0x35458 | 0x3c |
| _ZN14QImageIOPlugin11qt_metacallEN11QMetaObject4CallEiPPv | - | 0x63a394cc | 0x3925c | 0x3545c | 0xd1d |
| _ZN14QImageIOPlugin11qt_metacastEPKc | - | 0x63a394d0 | 0x39260 | 0x35460 | 0xd1e |
| _ZN14QImageIOPluginC2EP7QObject | - | 0x63a394d4 | 0x39264 | 0x35464 | 0xd23 |
| _ZN14QImageIOPluginD2Ev | - | 0x63a394d8 | 0x39268 | 0x35468 | 0xd26 |
| _ZN15QImageIOHandler11jumpToImageEi | - | 0x63a394dc | 0x3926c | 0x3546c | 0xf99 |
| _ZN15QImageIOHandler15jumpToNextImageEv | - | 0x63a394e0 | 0x39270 | 0x35470 | 0xf9a |
| _ZN15QImageIOHandler9setDeviceEP9QIODevice | - | 0x63a394e4 | 0x39274 | 0x35474 | 0xf9d |
| _ZN15QImageIOHandler9setFormatERK10QByteArray | - | 0x63a394e8 | 0x39278 | 0x35478 | 0xf9e |
| _ZN15QImageIOHandlerC2Ev | - | 0x63a394ec | 0x3927c | 0x3547c | 0xfa3 |
| _ZN15QImageIOHandlerD2Ev | - | 0x63a394f0 | 0x39280 | 0x35480 | 0xfa6 |
| _ZN6QImage13setColorCountEi | - | 0x63a394f4 | 0x39284 | 0x35484 | 0x1b7f |
| _ZN6QImage16setDotsPerMeterXEi | - | 0x63a394f8 | 0x39288 | 0x35488 | 0x1b82 |
| _ZN6QImage16setDotsPerMeterYEi | - | 0x63a394fc | 0x3928c | 0x3548c | 0x1b83 |
| _ZN6QImage8scanLineEi | - | 0x63a39500 | 0x39290 | 0x35490 | 0x1b90 |
| _ZN6QImage8setColorEij | - | 0x63a39504 | 0x39294 | 0x35494 | 0x1b91 |
| _ZN6QImageC1ERK5QSizeNS_6FormatE | - | 0x63a39508 | 0x39298 | 0x35498 | 0x1b9a |
| _ZN6QImageD1Ev | - | 0x63a3950c | 0x3929c | 0x3549c | 0x1bab |
| _ZN6QImageaSERKS_ | - | 0x63a39510 | 0x392a0 | 0x354a0 | 0x1bad |
| _ZNK14QImageIOPlugin10metaObjectEv | - | 0x63a39514 | 0x392a4 | 0x354a4 | 0x29c0 |
| _ZNK15QImageIOHandler10imageCountEv | - | 0x63a39518 | 0x392a8 | 0x354a8 | 0x2aa2 |
| _ZNK15QImageIOHandler14nextImageDelayEv | - | 0x63a3951c | 0x392ac | 0x354ac | 0x2aa3 |
| _ZNK15QImageIOHandler16currentImageRectEv | - | 0x63a39520 | 0x392b0 | 0x354b0 | 0x2aa5 |
| _ZNK15QImageIOHandler18currentImageNumberEv | - | 0x63a39524 | 0x392b4 | 0x354b4 | 0x2aa6 |
| _ZNK15QImageIOHandler6deviceEv | - | 0x63a39528 | 0x392b8 | 0x354b8 | 0x2aa9 |
| _ZNK15QImageIOHandler9loopCountEv | - | 0x63a3952c | 0x392bc | 0x354bc | 0x2aac |
| _ZNK15QImageIOHandler9setFormatERK10QByteArray | - | 0x63a39530 | 0x392c0 | 0x354c0 | 0x2aad |
| _ZNK6QImage10colorCountEv | - | 0x63a39534 | 0x392c4 | 0x354c4 | 0x2f9b |
| _ZNK6QImage10colorTableEv | - | 0x63a39538 | 0x392c8 | 0x354c8 | 0x2f9c |
| _ZNK6QImage13constScanLineEi | - | 0x63a3953c | 0x392cc | 0x354cc | 0x2fa8 |
| _ZNK6QImage13dotsPerMeterXEv | - | 0x63a39540 | 0x392d0 | 0x354d0 | 0x2fa9 |
| _ZNK6QImage13dotsPerMeterYEv | - | 0x63a39544 | 0x392d4 | 0x354d4 | 0x2faa |
| _ZNK6QImage15convertToFormatENS_6FormatE6QFlagsIN2Qt19ImageConversionFlagEE | - | 0x63a39548 | 0x392d8 | 0x354d8 | 0x2fae |
| _ZNK6QImage4copyERK5QRect | - | 0x63a3954c | 0x392dc | 0x354dc | 0x2fb5 |
| _ZNK6QImage4sizeEv | - | 0x63a39550 | 0x392e0 | 0x354e0 | 0x2fba |
| _ZNK6QImage5widthEv | - | 0x63a39554 | 0x392e4 | 0x354e4 | 0x2fc2 |
| _ZNK6QImage6formatEv | - | 0x63a39558 | 0x392e8 | 0x354e8 | 0x2fc3 |
| _ZNK6QImage6heightEv | - | 0x63a3955c | 0x392ec | 0x354ec | 0x2fc4 |
| _ZNK6QImage6isNullEv | - | 0x63a39560 | 0x392f0 | 0x354f0 | 0x2fc5 |
| _ZNK6QImage6scaledERK5QSizeN2Qt15AspectRatioModeENS3_18TransformationModeE | - | 0x63a39564 | 0x392f4 | 0x354f4 | 0x2fc8 |
Exports (2)
»
| Api name | EAT Address | Ordinal |
|---|---|---|
| qt_plugin_instance | 0x2b630 | 0x1 |
| qt_plugin_query_verification_data | 0x2b620 | 0x2 |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\czech\is-MGTB3.tmp | Dropped File | Text |
clean
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\czech\keyboard.lst (Dropped File) |
| MIME Type | text/plain |
| File Size | 340 Bytes |
| MD5 |
2e5417f883e221dad966c8c7851294c2
|
| SHA1 |
ab1b82343073a226cd8d12875e2abab05249c6a9
|
| SHA256 |
440e0557c735d1af2dc425c5fb095f3df4b3a12bb95f65ce04cad9ccdd5fca2d
|
| SSDeep |
6:uCohGf+wnvVEk6ubLCG3jOQU4uDCpN+ODaJ/CMt1lyvYs1vyQ:Ah7qvVR+aOeuDeNNaZ/wvB1vn
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\czech\is-5I0E7.tmp | Dropped File | Text |
clean
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\czech\settings.txt (Dropped File) |
| MIME Type | text/plain |
| File Size | 61 Bytes |
| MD5 |
97c705d1301f982e0010876c8fda614e
|
| SHA1 |
acdb1d10a6b7aea47932a100d36a6f9d867c40c1
|
| SHA256 |
db42c3bc77f54b145d013c395509a5496da3b5a8d4730c5f593e2835f1f2d7f5
|
| SSDeep |
3:U96Q+ALu3LRRDJNtfEFju9m/LJ:UYQ+WGRxEFqWt
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\czech\words\is-LS313.tmp | Dropped File | Text |
clean
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\czech\words\abeceda.txt (Dropped File) |
| MIME Type | text/plain |
| File Size | 78 Bytes |
| MD5 |
ca1d4315a55a43ce742942bd35034034
|
| SHA1 |
5149927e633b4320d00600fdd5a12a367956d49e
|
| SHA256 |
77891560cac7b7f2ed6ae01e7bfc979efc1af6ab686c534f03cfbcaeab002a3b
|
| SSDeep |
3:O81Y5qTivtvmfBy7UlWf2vxvwvzv8N+nPyn:ONCilmZiOa2Bw7OKPyn
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\czech\words\is-BGNFJ.tmp | Dropped File | Text |
clean
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\czech\words\prsty.txt (Dropped File) |
| MIME Type | text/plain |
| File Size | 166 Bytes |
| MD5 |
b237fa0e4fdb0c0154545e11ad7bbade
|
| SHA1 |
e35f41a43984fa817f4e239681aa3f1eea85c64e
|
| SHA256 |
94c63c7bd4828b56a6994c28c70c9bce6b1a6671354332febccfdda663367846
|
| SSDeep |
3:kBpSjxcanNd3uOwgr5UyRvtE58iUKrmN9Gj/DV9xav3L+4yqZvex1Czsvvn:kBpkVnNd3trWOE9UKrmv0rIv3L+9KveB
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\czech\words\is-7RB9C.tmp | Dropped File | Text |
clean
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\czech\words\rostliny.txt (Dropped File) |
| MIME Type | text/plain |
| File Size | 231 Bytes |
| MD5 |
f59629e4fe79fc69680066bc6a48f0aa
|
| SHA1 |
d39d19bd3a9359c17d02e8001d11a9dfbdafa361
|
| SHA256 |
ac129a9634fe2722a065f706992e09d36f12429de39138da4cbf8ab1e09c7583
|
| SSDeep |
6:zJ9jqyYngl3Mkf9LNKtjsCA6ukyVqF+M2W1Sg93z:PqMuq9LNJLFkyVqF+MzLl
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\czech\words\is-OQQ0K.tmp | Dropped File | Text |
clean
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\czech\words\slova2.txt (Dropped File) |
| MIME Type | text/plain |
| File Size | 189 Bytes |
| MD5 |
339977ca0c3b1c337d71a31dfa04834f
|
| SHA1 |
647a92dc735f8f3e400b859a919a0f1940a6d099
|
| SHA256 |
01c5b4a09727217f99997b5e9e19ee81f26346315426e9781e80d71c2a3ed1c2
|
| SSDeep |
3:FTExsuIPA5vBUJhJYzn+vuqx8y7MwpK0Dq1vXm10OW28xpKEWMhyQj:FIGvA5gyzQ3ZpKSq1vXC0D2gkEWMv
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\czech\words\is-4A640.tmp | Dropped File | Text |
clean
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\czech\words\slova3.txt (Dropped File) |
| MIME Type | text/plain |
| File Size | 260 Bytes |
| MD5 |
edbbe4cb460f6e0bd02eec2116198725
|
| SHA1 |
94ed9a1bcddb42e62b0290093d3aba073645e5f0
|
| SHA256 |
73e6ec11601e300184a19a15bf2d123e46ee98966b9a49f4aeace731b941df13
|
| SSDeep |
6:FIGhr9/b0Qy/vnpgWaKkptUWdLWM5FH6sg5HUdvJlkvrpoLSv/c:nX/b0f/vIQMJgCv+2SvE
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\czech\words\is-K8N14.tmp | Dropped File | Text |
clean
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\czech\words\slova4.txt (Dropped File) |
| MIME Type | text/plain |
| File Size | 312 Bytes |
| MD5 |
1e9e1243c3eae2633d21725160f452f9
|
| SHA1 |
ce5fc2cc98d90df0510a3c928224e3d2df6062a1
|
| SHA256 |
7edc11f8a650e4b1bdb28bc352e43d4609c82bbd04a5c1bbd4b10691ae0b114f
|
| SSDeep |
6:FIGexCy/fnIjb19vCAzTA8Iy47jWfOoOxvwNwEFLB7HxVV3n77:neBm/zE8Iye6fOo8YNpBFL377
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\czech\words\is-PDPG4.tmp | Dropped File | Text |
clean
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\czech\words\slova5.txt (Dropped File) |
| MIME Type | text/plain |
| File Size | 357 Bytes |
| MD5 |
22177d7d3c82010c035445e0e9c28555
|
| SHA1 |
c6c47d95424fd007ca7ca2c6307ca53874bc158f
|
| SHA256 |
4158f01679d9edebf87334751870106e227c121655061a63b2f41b2721c1f340
|
| SSDeep |
6:FIGwAwkocsn7xUgspqOfgkUkYtBw/Z38g5IpNdlgvfS1qril1kvwptRvVRpvx6gP:n1w2G7xUgsVgkUkYzwh82IpNdlgva1qS
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\deutsch\is-TAJD8.tmp | Dropped File | Text |
clean
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\deutsch\keyboard.lst (Dropped File) |
| MIME Type | text/plain |
| File Size | 347 Bytes |
| MD5 |
73e29cd1bbf3a6420a590f85a288f5dd
|
| SHA1 |
f21fe09f412f784231a5759fe09da29857dec9ce
|
| SHA256 |
9198fd4883326b94f1a0c7a6ccdf0314f78dec4a2ac7f415e6e11c58d5d8a1c1
|
| SSDeep |
6:SuFJAxMGf+wnvVEk6ubLCG3jOQU4n+4rc/m8YzaY1oxv:PFawqvVR+aOenKu8UOv
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\deutsch\is-760Q7.tmp | Dropped File | Text |
clean
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\deutsch\settings.txt (Dropped File) |
| MIME Type | text/plain |
| File Size | 30 Bytes |
| MD5 |
776994ab6ea8743809d4ba88f52f179b
|
| SHA1 |
3bc5391ab61a9b351be40bf00b3f0e1c00fb7550
|
| SHA256 |
e3f5998ed37d340074e22a6ecfcfe7f0ded18e42e93fed4768f91a767f792bbe
|
| SSDeep |
3:U96EFjpfhOKIt:UYEFyt
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\deutsch\words\is-3B73A.tmp | Dropped File | Text |
clean
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\deutsch\words\kurz2-3-mit.txt (Dropped File) |
| MIME Type | text/plain |
| File Size | 262 Bytes |
| MD5 |
d932b1ffc8b5321ee9c7a9ef7cbb8bfa
|
| SHA1 |
5e6ace040d0a3291687dc129a2ab02db4dc5c1fc
|
| SHA256 |
041068a572c5265693a0369e79e2080055f5eddce35a80024985ed45d150a2c4
|
| SSDeep |
6:/f+KNStZIyeh6FM/AgvRTSxtvT4cmLCirYZq2Npv5QBf2lWd:/GKNStZIyehKQAQ0bMcmmUYZLjRlU
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\deutsch\words\is-M1UQ1.tmp | Dropped File | Text |
clean
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\deutsch\words\kurz2-3.txt (Dropped File) |
| MIME Type | text/plain |
| File Size | 748 Bytes |
| MD5 |
3c435e36363e652943c29cd86f2c8818
|
| SHA1 |
cf6b7a8a8731730d21407affe40d06b94415d28b
|
| SHA256 |
d55885604a0bc9b1e7767ada1982a4c788a03160165326caaae29207ddd47847
|
| SSDeep |
12:/GKNZIyehKQAQ0bMcmmUYZAafAmk7df5oUj7/KV5FdjBYfZ10t5AHpBkR9Cxiuoq:/XNVeYVQ0bRmgnImw5oUj7/KVFjSL03Y
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\deutsch\words\is-6KMPT.tmp | Dropped File | Text |
clean
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\deutsch\words\lang7-8-mit.txt (Dropped File) |
| MIME Type | text/plain |
| File Size | 242 Bytes |
| MD5 |
e63923b036913f744510158e945a14c5
|
| SHA1 |
ad80e651c2306ca30645374737bbb5436b092d8d
|
| SHA256 |
216d1522d74e45e1ea8efdf164a22d72a1990f3476e1235e786419d10040c259
|
| SSDeep |
6:w11KNStZIyeh6FM/AgvRTSxtvT4cmLCirYZX3ys7IVwUomv:w/KNStZIyehKQAQ0bMcmmUYZ/7KwUoY
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\deutsch\words\is-CDU0H.tmp | Dropped File | Text |
clean
Known to be clean.
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\deutsch\words\lang7-8.txt (Dropped File) |
| MIME Type | text/plain |
| File Size | 1.06 KB |
| MD5 |
d77608eb7bde2aac8eebccc6d2f8e74c
|
| SHA1 |
7d536d5049e56945782c6c12a63e398496cf12f9
|
| SHA256 |
f3afe957c497ed75e6254531f343c5c4b63b1c68ec9de552b7eca5a2f59dc7f3
|
| SSDeep |
24:PNVeYVQ0bRmg/aDuoCYIFwRWfTi5R+vA6tYHXsRKT8:PNVeYVmFPOwcGL+vA6Dm8
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\deutsch\words\is-I4M5T.tmp | Dropped File | Text |
clean
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\deutsch\words\mittel4-6-mit.txt (Dropped File) |
| MIME Type | text/plain |
| File Size | 454 Bytes |
| MD5 |
ddc9476957886517205d29154b3d7404
|
| SHA1 |
7e9a6e86ad4556dcf050f82a10097f61dbd73968
|
| SHA256 |
6c0afe6326b00996fe6fa6ff7ec5def39fc2f77965fb6d0c4f910ef433584891
|
| SSDeep |
12:hoxOKNStZIyehKQAQ0bMcmmUYZCLKaVWECplBT26xpFmY6Mbb:hopNCVeYVQ0bRmgsLKaPCn7DmY6Mbb
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\deutsch\words\is-MTRLU.tmp | Dropped File | Text |
clean
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\deutsch\words\mittel4-6.txt (Dropped File) |
| MIME Type | text/plain |
| File Size | 3.28 KB |
| MD5 |
804387e652c9d0e72ebedaabef18b01b
|
| SHA1 |
2429d742ad9c922cbe4a6d06e3c9d2612b3b40c0
|
| SHA256 |
9218c1ee78710fab0d37b439f2b5357a30de145345ec53719a160aea4d440b03
|
| SSDeep |
96:k7eWpc/g/2aIMK1MYyQvIMR6+mnfHZoEkGbNrXoN:k7eWO4uaILTyX1+mf+EkGbNr4N
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\espanol\is-DTUGB.tmp | Dropped File | Text |
clean
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\espanol\keyboard.lst (Dropped File) |
| MIME Type | text/plain |
| File Size | 253 Bytes |
| MD5 |
b10b2b44f8137740e14363e0ce4b7e47
|
| SHA1 |
f13d25f608b9f73a38d0f17ed53c82d4bbdc3eb2
|
| SHA256 |
5fd920d2a0c23d4eb0d5704b676e48726a50db7122e8ed2dbb740f2c71144822
|
| SSDeep |
3:SEHKEtJCDEX4AjnqMGPZ5XXZgPQeSDVhjnvTdZ15pvtSgVvTWd0AqWUjXbvKG3Tr:SuFJAd5MGf+wnvVEk6ubLCG3jOQU4ylg
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\espanol\is-HRP7M.tmp | Dropped File | Text |
clean
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\espanol\settings.txt (Dropped File) |
| MIME Type | text/plain |
| File Size | 30 Bytes |
| MD5 |
4cb8e60a5cedcfb9e32cd29c91e4d33d
|
| SHA1 |
2d3cdb0fe9a5a849749c9153bed521aeffd42a1d
|
| SHA256 |
bad115f66d65fe3617d43911ced596d67f4e826759e9538393a48d451350ef9a
|
| SSDeep |
3:U96EFjoW6Kq:UYEFsUq
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\espanol\images\is-DV5SK.tmp | Dropped File | Image |
clean
Known to be clean.
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\espanol\images\map.png (Dropped File) |
| MIME Type | image/png |
| File Size | 1.11 KB |
| MD5 |
30a29eb1970d70f3e7630e2f6129b623
|
| SHA1 |
fe02af80d8d9bbbc4231a1fcf3f43f105eb1ab44
|
| SHA256 |
445d653649defcca4d8f72b2e91cfa5ef7c39d2eb660b23f5d45d937d4eecba0
|
| SSDeep |
24:H+0a7qHaoWXZPfYw5bts9CupfTaEN1296SCGf/1:oSVyZPAw5KccTail09
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\espanol\words\is-FVG6H.tmp | Dropped File | Text |
clean
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\espanol\words\words1.txt (Dropped File) |
| MIME Type | text/plain |
| File Size | 142 Bytes |
| MD5 |
8a3514ad4f81c6b9b9b746a33a67c76f
|
| SHA1 |
9fbd6b0f32dcfdd097180dc99793091b866ea443
|
| SHA256 |
996de48b37c5aeeb01efb32c25b8b4845507068be844fc5e985af3e6b67fc746
|
| SSDeep |
3:OK+osvVxvo+i2vz3oorzgpkoT3ojyZvwtw+o8qovdTtvzdn:CvVxvor2r1rmrojyWw+dx5n
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\espanol\words\is-5N2U9.tmp | Dropped File | Text |
clean
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\espanol\words\words2.txt (Dropped File) |
| MIME Type | text/plain |
| File Size | 199 Bytes |
| MD5 |
f9c58618d446e7b389fb8e02c6273040
|
| SHA1 |
42dccdd29c96f3563873c01a5f384fe8bf460aaa
|
| SHA256 |
abbd3e51aabe561d95ca78d723c4468c97cb7163a29346d9efaefe74464d37dd
|
| SSDeep |
6:aMAzuV9sQcamrHUoDZut5SrqaG/bqn3xon3koa:xSD8MrqaG/bcBon4
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\espanol\words\is-M94KD.tmp | Dropped File | Text |
clean
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\espanol\words\words3.txt (Dropped File) |
| MIME Type | text/plain |
| File Size | 239 Bytes |
| MD5 |
f8ab21cc0d2ea6ade87fb7e1176f5ec5
|
| SHA1 |
6f141fcba7dab4a5628bc4700be2cb46425b8f18
|
| SHA256 |
f8d4125233fd26a293f7cc8374382b9441ff2cf9c759800387d7c1414bfbb493
|
| SSDeep |
6:KXz1kFyyygeqX+LzdhvV+nIr0UFq/ymomOqqQaf/IxKy:g1kFyYeqXArvUI1qdoHqqj3IxD
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\french\is-JN8V7.tmp | Dropped File | Text |
clean
Known to be clean.
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\french\keyboard.lst (Dropped File) |
| MIME Type | text/plain |
| File Size | 314 Bytes |
| MD5 |
981b6c37967966f0bd3b7395c0304f30
|
| SHA1 |
4bfbe224c64178c33dfa435612e0916ca49962a7
|
| SHA256 |
c844b1474570fb7af91b16614801168a6b14cb8883dbb4a59c107f2925a2db4d
|
| SSDeep |
6:SEhOCCAJAVohGf+wnvVEk6ubLCG3jOQU4yBKqWm8YzaYUw:pOC/aih7qvVR+aOeC8Ud
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\french\is-O5I2I.tmp | Dropped File | Text |
clean
Known to be clean.
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\french\settings.txt (Dropped File) |
| MIME Type | text/plain |
| File Size | 29 Bytes |
| MD5 |
4c5ef6c036e9e5d3d858f64f08a0e3bd
|
| SHA1 |
2622ba2140891f0dba0d79486f098ce998389cd5
|
| SHA256 |
4a3b872870116053bc40a3d552d6113eaa3c050a2d0856b0c2f86b879e0cf153
|
| SSDeep |
3:U96EFjrY+t:UYEFV
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\french\scripts\is-P88LG.tmp | Dropped File | HTML |
clean
Known to be clean.
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\french\scripts\les_jours_de_la_semaine.xml (Dropped File) |
| MIME Type | text/html |
| File Size | 1.37 KB |
| MD5 |
ee7088a04b51a20bc21db311b2f80abc
|
| SHA1 |
ac8d413b24d1401c7d23083c5ca5bae1af69bcd8
|
| SHA256 |
0b5271f60333791b776e16c321950e7e9010a4f9ad9d5cdfe7685668e5bb0334
|
| SSDeep |
24:bGGTdNUnfgiV7GbNUXqbHGtHGk6rrrL9lxZf7jJbdteneiXB9f:9Td+nfnVCb+X50frrrL9lxZzjJrenZBp
|
| ImpHash | - |
| Parser Error Remark | Static engine was unable to completely parse the analyzed file |
Extracted JavaScripts (1)
»
JavaScript #1
»
<page title="Introduction to Example Lesson">
<text align="center">Les jours de la semaine</text>
<text align="center" y="300"> PRESS SPACE TO START THE LESSON!</text>
<waitforinput/>
</page>
<page title="The a Key" bgcolor="#3f7f3f">
<img src="/keyboard/keyboard-us.png" x="45" y="220"/>
<text align="center">Les jours de la semaine</text>
<text align="center">To start practicing hit the p key</text>
<text color="#000000" x="100" y="273">A</text>
<text color="#000000" x="130" y="273">S</text>
<waitforchar/>
<prac>lundi mardi mercredi jeudi vendredi samedi dimanche lundi mardi mercredi jeudi vendredi samedi dimanche lundi mardi mercredi jeudi vendredi samedi dimanche lundi mardi mercredi jeudi vendredi samedi dimanche</prac>
</page>
<!--HACK: there is some undesired behavior in scripting.c, this fixes it for now-->
<page>
</page>
<page>
<img src="keyboard/space.png" x="200" y="160"/>
<img src="keyboard/larrow.png" x="460" y="18"/>
<img src="keyboard/esc.png" x="515" y="50"/>
<text align="center">Great Job!</text>
<text align="left"></text>
<text align="center">To go back to the main menu</text>
<text align="center">Press Space</text>
<waitforinput/>
</page>
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\french\scripts\is-48EVF.tmp | Dropped File | HTML |
clean
Known to be clean.
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\french\scripts\les_mois_de_l_annee.xml (Dropped File) |
| MIME Type | text/html |
| File Size | 1.35 KB |
| MD5 |
3f0fb8747e3f0520746ac7a192adcfca
|
| SHA1 |
10225aa8c67c4d35583c65b9347cf49a54a37994
|
| SHA256 |
484ca3ea97b87b0d6dd6983c19ba5e28fa365b5d4ba6b16a2b03706861bdbb78
|
| SSDeep |
24:bGGlb7v7v7gd6Ghbb7qMUHG2UHG9TM4UHQSM4UHQSM4UHQalxGrf7QIJbnc97neb:9lfzz0hbfJ2VM9HhM9HhM9HPlxGrzQIb
|
| ImpHash | - |
| Parser Error Remark | Static engine was unable to completely parse the analyzed file |
Extracted JavaScripts (1)
»
JavaScript #1
»
<page title="Introduction to Example Lesson">
<text align="center">Les mois de l'année</text>
<text align="center"> </text>
<text align="center"> </text>
<text align="center" y="300"> PRESS SPACE TO START THE LESSON!</text>
<waitforinput/>
</page>
<page title="The a Key" bgcolor="#3f7f3f">
<img src="/keyboard/keyboard-us.png" x="45" y="220"/>
<text align="center">Les mois de l'année</text>
<text align="center">To start practicing hit the p key</text>
<text color="#000000" x="100" y="273">A</text>
<text color="#000000" x="130" y="273">S</text>
<waitforchar/>
<prac>janvier février mars avril mai juin juillet août septembre octobre novembre décembre janvier février mars avril mai juin juillet août septembre octobre novembre décembre janvier février mars avril mai juin juillet août septembre octobre novembre décembre</prac>
</page>
<!--HACK: there is some undesired behavior in scripting.c, this fixes it for now-->
<page>
</page>
<page>
<img src="keyboard/space.png" x="200" y="160"/>
<img src="keyboard/larrow.png" x="460" y="18"/>
<img src="keyboard/esc.png" x="515" y="50"/>
<text align="center">Great Job!</text>
<text align="left"></text>
<text align="center">To go back to the main menu</text>
<text align="center">Press Space</text>
<waitforinput/>
</page>
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\french\words\is-BQ19F.tmp | Dropped File | Text |
clean
Known to be clean.
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\french\words\fingers.txt (Dropped File) |
| MIME Type | text/plain |
| File Size | 184 Bytes |
| MD5 |
54f52456338c263b32636aa9ec295678
|
| SHA1 |
0c8b9e5b3e003ec12ace1917503b25b80ed0900e
|
| SHA256 |
7907b6ded9db9e28883ecf76cca4fdd3820702cebe8f49551176aa7c04307489
|
| SSDeep |
3:YVMG7gdyd5fq8HfuBawwnaozyQlwgqvi45kgK4mKCqjuN1XxujUj/ov:YVTr5bmBaja3gD4qdq6N1XxujNv
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\french\words\is-J52KQ.tmp | Dropped File | Text |
clean
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\french\words\months.txt (Dropped File) |
| MIME Type | text/plain |
| File Size | 106 Bytes |
| MD5 |
e708f0600d08742d2857896fe9d7733a
|
| SHA1 |
98c08fa4fe2615fad0ffa0c99af0d52a053207ec
|
| SHA256 |
d398af298c3b5841d5a7abe3fb9b93ddb320984b5439af29eadbf167b3b709a1
|
| SSDeep |
3:MK4rSZ6FGbIwksJ7xpevkRkcqdG3QcQZt3q:L4qUKJ7xpwCxAgQc06
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\french\words\is-ITEBN.tmp | Dropped File | Text |
clean
Known to be clean.
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\french\words\names.txt (Dropped File) |
| MIME Type | text/plain |
| File Size | 273 Bytes |
| MD5 |
a2df62904cf38d31be1927ad30aab330
|
| SHA1 |
3ecd8a0e4a5c01c02a9d6d8802c7dcd96db8a9eb
|
| SHA256 |
18db547c7f295223a8c9c5074bdb9ba8c5059311e4fc468bbc237c9f20477d51
|
| SSDeep |
6:xIc4Tp4d2ez/8sCYBBSvAHRVB8+2qg2QZ9smhRv:+Tp4d2eL9CcwA9891SmhRv
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\french\words\is-039LJ.tmp | Dropped File | Text |
clean
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\french\words\weekdays.txt (Dropped File) |
| MIME Type | text/plain |
| File Size | 76 Bytes |
| MD5 |
d2487bd9c1d8aa304be56eb78da5e3e6
|
| SHA1 |
4731803748944748ee610bac2f61935ddf9aa995
|
| SHA256 |
34f468b3e540a381e7b711d58e6fd36aef209d6d9b5d0f0b724e42863f651483
|
| SSDeep |
3:BisJ2yrEB9kAizu3lv277Fe:BFZrEoLu3lu7w
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\french\words\is-LRTR4.tmp | Dropped File | Text |
clean
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\french\words\words1.txt (Dropped File) |
| MIME Type | text/plain |
| File Size | 818 Bytes |
| MD5 |
948b6d1c989f99dc0140e33683c2d8d5
|
| SHA1 |
5d74a0948818555f0a273caf53a0e2af6fac99dc
|
| SHA256 |
cf5339d67770e9992e34400dd9c3801d7276999a28db545c2981cd57f3ff694a
|
| SSDeep |
12:4IGwz4cln2Fr1Nn4gmJe3f3KBlo5pkwCAxRsvk/MVw1XYJzBGKYQ/CMWmwxpeF60:4az4clnA4g73f3KQH+yKeYJFGKY3VXTG
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\french\words\is-9S4S0.tmp | Dropped File | Text |
clean
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\french\words\words2.txt (Dropped File) |
| MIME Type | text/plain |
| File Size | 958 Bytes |
| MD5 |
797d991059542589ea4655cb1e3c74f4
|
| SHA1 |
e3192b37af97c8765ef9acae631cd8039277b5dd
|
| SHA256 |
8e6457a134e81bb285a46cc0ebeadf0603cf6dea75a08d226ea129f5c168471a
|
| SSDeep |
24:VpkEkEzy05dAX5SMwg7kZkb6QwFj1v6wCrs9rIL69:Vq6PdY5kSbbL8jF6R4dIG
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\french\words\is-D3QQN.tmp | Dropped File | Text |
clean
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\french\words\words3.txt (Dropped File) |
| MIME Type | text/plain |
| File Size | 728 Bytes |
| MD5 |
848587af617b126953aebbefa0ebddfe
|
| SHA1 |
9347ddd496be7abbee9cf33824b54aa2f02344b2
|
| SHA256 |
5527f932886ee6ef4c5547c57bda8e8deb7e756c8a32c90f7644fc51181b8e43
|
| SSDeep |
12:KCId1iRorTyw2DJM/x4cwopjo8qeA79Ch3gdUIvLZ0aCkQIlVLDruY21mn:K8R2b2D0qcbpn+9C/KLrC7+VL3qgn
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\french\words\is-ADENH.tmp | Dropped File | Text |
clean
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\themes\french\words\words4.txt (Dropped File) |
| MIME Type | text/plain |
| File Size | 806 Bytes |
| MD5 |
cefe2fbb3b99bdda4abea03c407685aa
|
| SHA1 |
20eb7dbb809f27bf3c477f546250d642d3320c8c
|
| SHA256 |
c3a4438b54217981191000fc79e36fac02d9ab99a0e0b151d0892bd163a0fe8f
|
| SSDeep |
24:K+M3LaZBzeze7CdgiwObaBKWNht3t9x8Vfx:KhEJeze7auOba3jOfx
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\words\is-ROONT.tmp | Dropped File | Text |
clean
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\words\alphabet.txt (Dropped File) |
| MIME Type | text/plain |
| File Size | 61 Bytes |
| MD5 |
712b83a5039b83e8ea588c5fad1103ed
|
| SHA1 |
41eaa1481fdf1fbdafd223628b59137a01eccdc8
|
| SHA256 |
8cb96dae0b17ac655c0dc6ae5d5c90c28fd393841a11074d59a6f10d0f22b8c7
|
| SSDeep |
3:Aur+v5qTivtvsvvvgBy7UlWf2vxvwvzv8N+nn:AW+xCilsfOiOa2Bw7OKn
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\words\is-7HJAT.tmp | Dropped File | Text |
clean
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\words\animals.txt (Dropped File) |
| MIME Type | text/plain |
| File Size | 893 Bytes |
| MD5 |
c9ff7015cba0a58728c49b05fa99993a
|
| SHA1 |
9b6b8341a6bbb3f8fc4608f74bb67914f7fa9606
|
| SHA256 |
13cb97c43586c2167e7487554e98850bef9b3fba26d7ce5cf208461b704a4d0e
|
| SSDeep |
24:KbP7ohYAegvAwqZASWvVagm62F5xclQL7bX5FL2:I6YAegv86a562f2lcnbL2
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\words\is-P8B07.tmp | Dropped File | Text |
clean
Known to be clean.
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\words\astronomy.txt (Dropped File) |
| MIME Type | text/plain |
| File Size | 488 Bytes |
| MD5 |
18406efa6ef1a905f31541276638583d
|
| SHA1 |
0738f28bec885de8c51f08f9cfdd5ba01a0097bd
|
| SHA256 |
7d1c0767de14b8e1836293253433496568aa9d98ef54ea0147b71e011cb4311d
|
| SSDeep |
12:p2mUlUp1ok9BtTeHqhw6iq3q3jOpz5u3u+VQwv:+lEyruw6J4y3kVQ4
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\words\is-GT6Q2.tmp | Dropped File | Text |
clean
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\words\colors.txt (Dropped File) |
| MIME Type | text/plain |
| File Size | 144 Bytes |
| MD5 |
70febe5a878cd95e91b69aff631a7681
|
| SHA1 |
8d86eb3dab81588a3e7ec319b3c209c0a702ec9e
|
| SHA256 |
4a6b55d4e6d3cbcdc703fd6aeddd432e914abe730b30ad8e54a7c771afe6f11f
|
| SSDeep |
3:IFergnedhsV+xnhvUgSMB3RrkB9G81wT9ryHJEg+vp6vPu+lv:genPzfv5JYNO9WHJEbx6vPPlv
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\words\is-BCL7I.tmp | Dropped File | Text |
clean
Known to be clean.
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\words\fingers.txt (Dropped File) |
| MIME Type | text/plain |
| File Size | 131 Bytes |
| MD5 |
ccc1ab4d4f6d68e026916b785700131b
|
| SHA1 |
0e1151c2e660ae43e5d10f79c02b2ba818df2c61
|
| SHA256 |
578a87637f227ee95c41fe11d084ef4e85cb8833a270a9864ee533e4bcbc25e0
|
| SSDeep |
3:+7XGJYxanNd3uOwgr5UyRvtE58iUKrmN9Gj/DV9xav3Lv:+KDnNd3trWOE9UKrmv0rIv3Lv
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\words\is-OHM88.tmp | Dropped File | Text |
clean
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\words\fruit.txt (Dropped File) |
| MIME Type | text/plain |
| File Size | 140 Bytes |
| MD5 |
06de8967661f6d2bb8d9e2c0bc817d8b
|
| SHA1 |
7f6a460872a05f4ab3215c8d36f266581ce1cec5
|
| SHA256 |
78674120d9b926fe8169fa676fb61b4d7d65631439da51e641bd8181db6f8a35
|
| SSDeep |
3:LvgqMi1yj0R2k3osqrvDxX5vq4sGx+3k5+pwDkkZ1vUp6ysH:Lvgo1yjkosq7ZM4eg+pw4kHvHf
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\words\is-G6VU0.tmp | Dropped File | Text |
clean
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\words\geography.txt (Dropped File) |
| MIME Type | text/plain |
| File Size | 120 Bytes |
| MD5 |
a4abb7b3436df111ee40af6725b18113
|
| SHA1 |
9283ad1362accce89e48abcedd9628c208b23abc
|
| SHA256 |
31ea6b1aed3aa363f1332f4265915ce5d5ee738d1d7573834b592b79d18c9838
|
| SSDeep |
3:zLBFmKLBRWv+yVsKLreoysYjXgaUt8wwpu8xpklsosjyJUm:nKKLWvlr3mpUmF9pklBs+JUm
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\words\is-EOF5U.tmp | Dropped File | Text |
clean
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\words\numbers.txt (Dropped File) |
| MIME Type | text/plain |
| File Size | 217 Bytes |
| MD5 |
d9aa0da39a6b34ee90ea32611a299f13
|
| SHA1 |
ab2124f619fcb95f08d5ccb660db3169055c7d7a
|
| SHA256 |
f87ce850717850fce7785ce2bfa92d1977dbc13d4fc2718bf11ac85e04da0e63
|
| SSDeep |
3:gis2yqrlvjzxc6/xg7gO4wPZ7bggQuOgX1k638KHnhzKgEmsZpp7n:YVC1jzxcN7Owh7bg1wl1bnhzKVmMpp7n
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\words\is-ULTLS.tmp | Dropped File | Text |
clean
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\words\plants.txt (Dropped File) |
| MIME Type | text/plain |
| File Size | 380 Bytes |
| MD5 |
8c46ec2c88aa5a7bfd6692ee0c28108c
|
| SHA1 |
86bb8766833577f9d4f5d5dce7682abdb3589fca
|
| SHA256 |
302fcd53959886124c7581520dd47ecafa33b68a1ea66fdcfb8894ec9ea2c63b
|
| SSDeep |
6:YoVGI0/lm6CgwGr4DJW2iXHfZyRmqF+8PsWp0nvpq81vr7oaLCABXUyv7+8vBuNG:d6Qlg/F2iXHiF+8PsuQBP1QQCARUyvh5
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\words\is-GNPEQ.tmp | Dropped File | Text |
clean
Known to be clean.
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\words\shapes.txt (Dropped File) |
| MIME Type | text/plain |
| File Size | 221 Bytes |
| MD5 |
de83d926582a70bec34ba5ead0dc5596
|
| SHA1 |
82aecf434269c753b4cf61640cfb4e6b946e99f4
|
| SHA256 |
f55a24660ba9612c1d51af0d87a5fa78ffd14351bca4119012eabae8b9055db1
|
| SSDeep |
6:/q6y2qbCDv/5PZUIY3rpUSILFQvp1p7ANOq:/qX2LD5PZUXiF6p1KD
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\words\is-7RCPP.tmp | Dropped File | Text |
clean
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\words\trees.txt (Dropped File) |
| MIME Type | text/plain |
| File Size | 112 Bytes |
| MD5 |
c15ccd7186e2e7c43734d04743e906d6
|
| SHA1 |
079dd846eee93cc9ff2da505863d4753363cdff6
|
| SHA256 |
9b16af270fee449753caefdd989461556178ed6c6f4438684fdc51f417d4309a
|
| SSDeep |
3:ErpqGtrvuq4Bj7oesvok5+WdHJgkr1rvn:GVavt7orvf/h5rv
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\words\is-66VNS.tmp | Dropped File | Text |
clean
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\words\words1.txt (Dropped File) |
| MIME Type | text/plain |
| File Size | 882 Bytes |
| MD5 |
861cabfdc0a36f9665146b15de26807c
|
| SHA1 |
cc63fe7d78a3b6f3aedeb43b061b954a0b4267f5
|
| SHA256 |
a3806caaf1ba12893a9d85c8cf12d2e890145a13a34848ffd0107c2128c7d058
|
| SSDeep |
24:qOUGKuqd7IUZbKg0UpZKUC5tB2eD0xGriqvjl7aDAksITd+Y:qjuw7IKKVUpS5tB2eDaGuqvVaDAHITdL
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\words\is-1G1IJ.tmp | Dropped File | Text |
clean
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\words\words2.txt (Dropped File) |
| MIME Type | text/plain |
| File Size | 1.41 KB |
| MD5 |
d34724b8d9935413fe501f71bfc63eed
|
| SHA1 |
8bad3be97b83a2b5671c42c1912a5acb57357102
|
| SHA256 |
a2aca8e9d7e56d37ddbf127c863b40d11c9db4a7a59347936c8448e2ec87ce13
|
| SSDeep |
24:8g8muteQTW5d+ew52s0UjH/CpIdTrhhI+amefWxNc1xTiF9HKOkdsaHFrQDeqZRO:8g/FQTW574xjH/gIVV6mmuQToKeDtU
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\words\is-6L2DB.tmp | Dropped File | Text |
clean
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\Crystal Reports Extra\words\words3.txt (Dropped File) |
| MIME Type | text/plain |
| File Size | 1.76 KB |
| MD5 |
926fa7d82a70961d83c7b9dc051ee7b8
|
| SHA1 |
d21672084c88f203f26d1f53e7dc952876cc1d35
|
| SHA256 |
fafd9879344108a0a5196df58b643f97ad1b07b2bdeee54706fdf37022d79f09
|
| SSDeep |
48:/wI/M3lxB6KAk7Ft58tROSaSmcpioeqfUAE/S:/NqBGkJt58tcdAbeqfUp/S
|
| ImpHash | - |
| c:\lsarpc | Dropped File | Unknown |
clean
|
...
|
»
| MIME Type | - |
| File Size | 0 Bytes |
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SSDeep |
3::
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crystal Reports Extra\Crystal Reports Extra.lnk | Dropped File | Shortcut |
clean
|
...
|
»
| MIME Type | application/x-ms-shortcut |
| File Size | 1.09 KB |
| MD5 |
f3588e477d4d71440cf2de6536a46c33
|
| SHA1 |
e022c4f25ab14c3b376df0378a03336db9e5e0c1
|
| SHA256 |
ecf10240886c59f4f4483ab0108410c7f610a943094c2dab713e72aff2b657be
|
| SSDeep |
24:8mmjsCO6pc/QTEo+M8L1CpuCokjloHBm:8mfCO4c/0Eo+MACbokBoHB
|
| ImpHash | - |
