| filename | user32.dll | |
|---|---|---|
| size | 1370696 (0x14ea48) | |
| md5 | cac777bad7b0e57d3378cdd8fddb117c | |
| type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | |
| mimetype | application/x-dosexec | |
| clamav | OK | |
| virustotal | → scan with virustotal.com | |
| histogram | ||
MZ Header
| signature | MZ |
| bytes_in_last_block | 0x90 |
| blocks_in_file | 3 |
| num_relocs | 0 |
| header_paragraphs | 4 |
| min_extra_paragraphs | 0 |
| max_extra_paragraphs | 0xffff |
| ss | 0 |
| sp | 0xb8 |
| checksum | 0 |
| ip | 0 |
| cs | 0 |
| reloc_table_offset | 0x40 |
| overlay_number | 0 |
| reserved0 | 0 |
| oem_id | 0 |
| oem_info | 0 |
| reserved2 | 0 |
| reserved3 | 0 |
| reserved4 | 0 |
| reserved5 | 0 |
| reserved6 | 0 |
| lfanew | 0x100 |
Rich Header
| lib id | version | times used |
|---|---|---|
| 207 | 65501 | 1 |
| 147 | 30729 | 54 |
| 1 | 0 | 387 |
| 203 | 65501 | 9 |
| 206 | 65501 | 10 |
| 202 | 65501 | 1 |
| 205 | 65501 | 7 |
| 215 | 65501 | 117 |
| 201 | 65501 | 1 |
| 204 | 65501 | 1 |
DOS stub
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
PE Header
Packer / Compiler
Sections
Data Directory
| module_name | hint | ord | function_name |
|---|---|---|---|
| ntdll.dll | 1264 | RtlSetLastWin32Error | |
| ntdll.dll | 175 | NlsAnsiCodePage | |
| ntdll.dll | 698 | RtlCaptureContext | |
| ntdll.dll | 2063 | _wtoi | |
| ntdll.dll | 2161 | wcsncpy_s | |
| ntdll.dll | 2093 | iswspace | |
| ntdll.dll | 2107 | qsort | |
| ntdll.dll | 405 | NtPowerInformation | |
| ntdll.dll | 671 | RtlAllocateHeap | |
| ntdll.dll | 111 | LdrFlushAlternateResourceModules | |
| ntdll.dll | 992 | RtlImageNtHeader | |
| ntdll.dll | 2164 | wcsrchr | |
| ntdll.dll | 1148 | RtlPcToFileHeader | |
| ntdll.dll | 474 | NtRaiseHardError | |
| ntdll.dll | 2158 | wcsncat_s | |
| ntdll.dll | 1071 | RtlIsNameLegalDOS8Dot3 | |
| ntdll.dll | 2114 | sscanf_s | |
| ntdll.dll | 2130 | strrchr | |
| ntdll.dll | 2120 | strcpy_s | |
| ntdll.dll | 1292 | RtlSizeHeap | |
| ntdll.dll | 977 | RtlGetThreadLangIdByIndex | |
| ntdll.dll | 1234 | RtlRunEncodeUnicodeString | |
| ntdll.dll | 1233 | RtlRunDecodeUnicodeString | |
| ntdll.dll | 1198 | RtlReAllocateHeap | |
| ntdll.dll | 1134 | RtlNtStatusToDosError | |
| ntdll.dll | 27 | CsrFreeCaptureBuffer | |
| ntdll.dll | 20 | CsrAllocateMessagePointer | |
| ntdll.dll | 19 | CsrAllocateCaptureBuffer | |
| ntdll.dll | 391 | NtOpenProcessToken | |
| ntdll.dll | 399 | NtOpenThreadToken | |
| ntdll.dll | 920 | RtlFreeSid | |
| ntdll.dll | 437 | NtQueryInformationToken | |
| ntdll.dll | 668 | RtlAllocateAndInitializeSid | |
| ntdll.dll | 25 | CsrClientCallServer | |
| ntdll.dll | 723 | RtlCompareUnicodeString | |
| ntdll.dll | 2103 | memmove | |
| ntdll.dll | 227 | NtCallbackReturn | |
| ntdll.dll | 1231 | RtlRetrieveNtUserPfn | |
| ntdll.dll | 1022 | RtlInitializeNtUserPfn | |
| ntdll.dll | 415 | NtProtectVirtualMemory | |
| ntdll.dll | 2051 | _wcsicmp | |
| ntdll.dll | 2028 | _stricmp | |
| ntdll.dll | 953 | RtlGetIntegerAtom | |
| ntdll.dll | 804 | RtlDeleteCriticalSection | |
| ntdll.dll | 1228 | RtlResetNtUserPfn | |
| ntdll.dll | 1162 | RtlQueryElevationFlags | |
| ntdll.dll | 461 | NtQuerySystemInformation | |
| ntdll.dll | 1014 | RtlInitializeCriticalSection | |
| ntdll.dll | 26 | CsrClientConnectToServer | |
| ntdll.dll | 1340 | RtlUnicodeToMultiByteSize | |
| ntdll.dll | 1076 | RtlIsThreadWithinLoaderCallout | |
| ntdll.dll | 612 | NtYieldExecution | |
| ntdll.dll | 1168 | RtlQueryInformationActiveActivationContext | |
| ntdll.dll | 299 | NtDeleteValueKey | |
| ntdll.dll | 564 | NtSetValueKey | |
| ntdll.dll | 257 | NtCreateKey | |
| ntdll.dll | 2170 | wcstoul | |
| ntdll.dll | 597 | NtVdmControl | |
| ntdll.dll | 677 | RtlAnsiStringToUnicodeString | |
| ntdll.dll | 998 | RtlInitAnsiString | |
| ntdll.dll | 922 | RtlFreeUnicodeString | |
| ntdll.dll | 779 | RtlCreateUnicodeStringFromAsciiz | |
| ntdll.dll | 375 | NtOpenDirectoryObject | |
| ntdll.dll | 552 | NtSetSecurityObject | |
| ntdll.dll | 456 | NtQuerySecurityObject | |
| ntdll.dll | 434 | NtQueryInformationProcess | |
| ntdll.dll | 2168 | wcstol | |
| ntdll.dll | 2048 | _vsnwprintf | |
| ntdll.dll | 1208 | RtlReleaseActivationContext | |
| ntdll.dll | 891 | RtlFindActivationContextSectionString | |
| ntdll.dll | 791 | RtlDeactivateActivationContextUnsafeFast | |
| ntdll.dll | 640 | RtlActivateActivationContextUnsafeFast | |
| ntdll.dll | 1339 | RtlUnicodeToMultiByteN | |
| ntdll.dll | 1122 | RtlMultiByteToUnicodeN | |
| ntdll.dll | 853 | RtlEnterCriticalSection | |
| ntdll.dll | 1093 | RtlLeaveCriticalSection | |
| ntdll.dll | 2150 | wcscat_s | |
| ntdll.dll | 2154 | wcscpy_s | |
| ntdll.dll | 466 | NtQueryValueKey | |
| ntdll.dll | 311 | NtEnumerateKey | |
| ntdll.dll | 235 | NtClose | |
| ntdll.dll | 382 | NtOpenKey | |
| ntdll.dll | 1146 | RtlOpenCurrentUser | |
| ntdll.dll | 1335 | RtlUnicodeStringToInteger | |
| ntdll.dll | 1007 | RtlInitUnicodeString | |
| ntdll.dll | 2137 | swprintf_s | |
| ntdll.dll | 917 | RtlFreeHeap | |
| ntdll.dll | 1123 | RtlMultiByteToUnicodeSize | |
| ntdll.dll | 1981 | _alldiv | |
| ntdll.dll | 1983 | _allmul | |
| ntdll.dll | 1992 | _aulldvrm | |
| ntdll.dll | 2001 | _ftol2_sse | |
| ntdll.dll | 2100 | memcmp | |
| ntdll.dll | 2101 | memcpy | |
| ntdll.dll | 2105 | memset | |
| ntdll.dll | 1354 | RtlUnwind | |
| api-ms-win-core-localization-l1-2-1.dll | 39 | IsDBCSLeadByteEx | |
| api-ms-win-core-localization-l1-2-1.dll | 27 | GetThreadLocale | |
| api-ms-win-core-localization-l1-2-1.dll | 9 | GetACP | |
| api-ms-win-core-localization-l1-2-1.dll | 43 | IsValidLocale | |
| api-ms-win-core-localization-l1-2-1.dll | 31 | GetUserDefaultLCID | |
| api-ms-win-core-localization-l1-2-1.dll | 25 | GetSystemDefaultLangID | |
| api-ms-win-core-localization-l1-2-1.dll | ConvertDefaultLocale | ||
| api-ms-win-core-localization-l1-2-1.dll | 19 | GetLocaleInfoW | |
| api-ms-win-core-localization-l1-2-1.dll | 22 | GetOEMCP | |
| api-ms-win-core-localization-l1-2-1.dll | 38 | IsDBCSLeadByte | |
| api-ms-win-core-localization-l1-2-1.dll | 10 | GetCPInfo | |
| api-ms-win-core-registry-l1-1-0.dll | 31 | RegQueryInfoKeyW | |
| api-ms-win-core-registry-l1-1-0.dll | 14 | RegEnumValueW | |
| api-ms-win-core-registry-l1-1-0.dll | 40 | RegSetValueExW | |
| api-ms-win-core-registry-l1-1-0.dll | 18 | RegGetValueW | |
| api-ms-win-core-registry-l1-1-0.dll | 5 | RegDeleteKeyExW | |
| api-ms-win-core-registry-l1-1-0.dll | 3 | RegCreateKeyExW | |
| api-ms-win-core-registry-l1-1-0.dll | RegCloseKey | ||
| api-ms-win-core-registry-l1-1-0.dll | 33 | RegQueryValueExW | |
| api-ms-win-core-registry-l1-1-0.dll | 28 | RegOpenKeyExW | |
| api-ms-win-core-libraryloader-l1-2-0.dll | 22 | LoadResource | |
| api-ms-win-core-libraryloader-l1-2-0.dll | 28 | SizeofResource | |
| api-ms-win-core-libraryloader-l1-2-0.dll | 15 | GetModuleHandleA | |
| api-ms-win-core-libraryloader-l1-2-0.dll | 17 | GetModuleHandleExW | |
| api-ms-win-core-libraryloader-l1-2-0.dll | 13 | GetModuleFileNameA | |
| api-ms-win-core-libraryloader-l1-2-0.dll | 8 | FindResourceExW | |
| api-ms-win-core-libraryloader-l1-2-0.dll | 14 | GetModuleFileNameW | |
| api-ms-win-core-libraryloader-l1-2-0.dll | 18 | GetModuleHandleW | |
| api-ms-win-core-libraryloader-l1-2-0.dll | 1 | DisableThreadLibraryCalls | |
| api-ms-win-core-libraryloader-l1-2-0.dll | 21 | LoadLibraryExW | |
| api-ms-win-core-libraryloader-l1-2-0.dll | 5 | EnumResourceNamesExW | |
| api-ms-win-core-libraryloader-l1-2-0.dll | 10 | FreeLibrary | |
| api-ms-win-core-libraryloader-l1-2-0.dll | 19 | GetProcAddress | |
| api-ms-win-core-string-l1-1-0.dll | 3 | FoldStringW | |
| api-ms-win-core-string-l1-1-0.dll | 7 | WideCharToMultiByte | |
| api-ms-win-core-string-l1-1-0.dll | 1 | CompareStringOrdinal | |
| api-ms-win-core-string-l1-1-0.dll | 5 | GetStringTypeW | |
| api-ms-win-core-string-l1-1-0.dll | 6 | MultiByteToWideChar | |
| api-ms-win-core-string-l1-1-0.dll | 2 | CompareStringW | |
| api-ms-win-core-synch-l1-2-0.dll | 39 | SetEvent | |
| api-ms-win-core-synch-l1-2-0.dll | 50 | WaitForMultipleObjectsEx | |
| api-ms-win-core-synch-l1-2-0.dll | 43 | Sleep | |
| api-ms-win-core-file-l1-2-1.dll | 5 | CreateFileW | |
| api-ms-win-core-file-l1-2-1.dll | 75 | SetFileTime | |
| api-ms-win-core-file-l1-2-1.dll | 63 | ReadFile | |
| api-ms-win-core-file-l1-2-1.dll | 39 | GetFileSize | |
| api-ms-win-core-file-l1-2-1.dll | 22 | FindNextFileW | |
| api-ms-win-core-file-l1-2-1.dll | 11 | FindClose | |
| api-ms-win-core-file-l1-2-1.dll | 48 | GetLogicalDrives | |
| api-ms-win-core-file-l1-2-1.dll | 18 | FindFirstFileW | |
| api-ms-win-core-errorhandling-l1-1-1.dll | 10 | SetUnhandledExceptionFilter | |
| api-ms-win-core-errorhandling-l1-1-1.dll | 11 | UnhandledExceptionFilter | |
| api-ms-win-core-errorhandling-l1-1-1.dll | 9 | SetLastError | |
| api-ms-win-core-errorhandling-l1-1-1.dll | 3 | GetLastError | |
| api-ms-win-eventing-provider-l1-1-0.dll | 5 | EventUnregister | |
| api-ms-win-eventing-provider-l1-1-0.dll | 3 | EventRegister | |
| api-ms-win-eventing-provider-l1-1-0.dll | 6 | EventWrite | |
| api-ms-win-core-processthreads-l1-1-2.dll | 8 | ExitThread | |
| api-ms-win-core-processthreads-l1-1-2.dll | 19 | GetExitCodeThread | |
| api-ms-win-core-processthreads-l1-1-2.dll | 5 | CreateThread | |
| api-ms-win-core-processthreads-l1-1-2.dll | 15 | GetCurrentThread | |
| api-ms-win-core-processthreads-l1-1-2.dll | 16 | GetCurrentThreadId | |
| api-ms-win-core-processthreads-l1-1-2.dll | 24 | GetProcessMitigationPolicy | |
| api-ms-win-core-processthreads-l1-1-2.dll | 63 | TerminateProcess | |
| api-ms-win-core-processthreads-l1-1-2.dll | 45 | ProcessIdToSessionId | |
| api-ms-win-core-processthreads-l1-1-2.dll | 12 | GetCurrentProcessId | |
| api-ms-win-core-processthreads-l1-1-2.dll | 11 | GetCurrentProcess | |
| api-ms-win-core-processthreads-l1-1-2.dll | 2 | CreateProcessW | |
| api-ms-win-core-sysinfo-l1-2-1.dll | 25 | GetVersionExW | |
| api-ms-win-core-sysinfo-l1-2-1.dll | 17 | GetSystemTimeAsFileTime | |
| api-ms-win-core-sysinfo-l1-2-1.dll | 21 | GetTickCount | |
| api-ms-win-core-sysinfo-l1-2-1.dll | 20 | GetSystemWindowsDirectoryW | |
| api-ms-win-core-sysinfo-l1-2-1.dll | 12 | GetSystemDirectoryW | |
| api-ms-win-core-processenvironment-l1-2-0.dll | 16 | SearchPathW | |
| api-ms-win-core-processenvironment-l1-2-0.dll | 18 | SetCurrentDirectoryW | |
| api-ms-win-core-processenvironment-l1-2-0.dll | 7 | GetCurrentDirectoryW | |
| api-ms-win-core-processenvironment-l1-2-0.dll | 1 | ExpandEnvironmentStringsW | |
| api-ms-win-security-base-l1-2-0.dll | 27 | CheckTokenMembership | |
| api-ms-win-core-string-l2-1-0.dll | 7 | IsCharAlphaW | |
| api-ms-win-core-string-l2-1-0.dll | CharLowerBuffW | ||
| api-ms-win-core-string-l2-1-0.dll | 2 | CharNextW | |
| api-ms-win-core-string-l2-1-0.dll | 3 | CharPrevW | |
| api-ms-win-core-string-l2-1-0.dll | 4 | CharUpperBuffW | |
| api-ms-win-core-string-l2-1-0.dll | 8 | IsCharLowerW | |
| api-ms-win-core-string-l2-1-0.dll | 5 | CharUpperW | |
| api-ms-win-core-string-l2-1-0.dll | 6 | IsCharAlphaNumericW | |
| api-ms-win-core-string-l2-1-0.dll | 1 | CharLowerW | |
| api-ms-win-core-string-l2-1-0.dll | 9 | IsCharUpperW | |
| api-ms-win-core-handle-l1-1-0.dll | CloseHandle | ||
| api-ms-win-core-memory-l1-1-2.dll | 15 | MapViewOfFileEx | |
| api-ms-win-core-memory-l1-1-2.dll | 4 | CreateFileMappingW | |
| api-ms-win-core-memory-l1-1-2.dll | 14 | MapViewOfFile | |
| api-ms-win-core-memory-l1-1-2.dll | 25 | UnmapViewOfFile | |
| api-ms-win-core-memory-l1-1-2.dll | 37 | VirtualQueryEx | |
| api-ms-win-core-memory-l1-1-2.dll | 17 | OpenFileMappingW | |
| api-ms-win-core-profile-l1-1-0.dll | 1 | QueryPerformanceFrequency | |
| api-ms-win-core-profile-l1-1-0.dll | QueryPerformanceCounter | ||
| api-ms-win-core-privateprofile-l1-1-1.dll | 5 | GetPrivateProfileStringW | |
| api-ms-win-core-privateprofile-l1-1-1.dll | 15 | WritePrivateProfileStringW | |
| api-ms-win-core-heap-obsolete-l1-1-0.dll | 8 | LocalAlloc | |
| api-ms-win-core-heap-obsolete-l1-1-0.dll | 14 | LocalUnlock | |
| api-ms-win-core-heap-obsolete-l1-1-0.dll | 13 | LocalSize | |
| api-ms-win-core-heap-obsolete-l1-1-0.dll | 6 | GlobalSize | |
| api-ms-win-core-heap-obsolete-l1-1-0.dll | 4 | GlobalLock | |
| api-ms-win-core-heap-obsolete-l1-1-0.dll | 7 | GlobalUnlock | |
| api-ms-win-core-heap-obsolete-l1-1-0.dll | 3 | GlobalHandle | |
| api-ms-win-core-heap-obsolete-l1-1-0.dll | 11 | LocalLock | |
| api-ms-win-core-heap-obsolete-l1-1-0.dll | 12 | LocalReAlloc | |
| api-ms-win-core-heap-obsolete-l1-1-0.dll | 1 | GlobalFlags | |
| api-ms-win-core-heap-obsolete-l1-1-0.dll | 2 | GlobalFree | |
| api-ms-win-core-heap-obsolete-l1-1-0.dll | 5 | GlobalReAlloc | |
| api-ms-win-core-heap-obsolete-l1-1-0.dll | GlobalAlloc | ||
| api-ms-win-core-heap-obsolete-l1-1-0.dll | 10 | LocalFree | |
| api-ms-win-core-atoms-l1-1-0.dll | 2 | DeleteAtom | |
| api-ms-win-core-atoms-l1-1-0.dll | 1 | AddAtomW | |
| api-ms-win-core-atoms-l1-1-0.dll | 14 | GlobalGetAtomNameA | |
| api-ms-win-core-atoms-l1-1-0.dll | 13 | GlobalFindAtomW | |
| api-ms-win-core-atoms-l1-1-0.dll | AddAtomA | ||
| api-ms-win-core-atoms-l1-1-0.dll | 11 | GlobalDeleteAtom | |
| api-ms-win-core-atoms-l1-1-0.dll | 15 | GlobalGetAtomNameW | |
| api-ms-win-core-atoms-l1-1-0.dll | 7 | GlobalAddAtomA | |
| api-ms-win-core-atoms-l1-1-0.dll | 12 | GlobalFindAtomA | |
| api-ms-win-core-atoms-l1-1-0.dll | 6 | GetAtomNameW | |
| api-ms-win-core-atoms-l1-1-0.dll | 5 | GetAtomNameA | |
| api-ms-win-core-atoms-l1-1-0.dll | 10 | GlobalAddAtomW | |
| api-ms-win-core-string-obsolete-l1-1-0.dll | 4 | lstrcmpiW | |
| api-ms-win-core-string-obsolete-l1-1-0.dll | 8 | lstrlenA | |
| api-ms-win-core-string-obsolete-l1-1-0.dll | 9 | lstrlenW | |
| api-ms-win-core-localization-obsolete-l1-2-0.dll | 5 | GetStringTypeA | |
| api-ms-win-core-stringansi-l1-1-0.dll | 11 | IsCharUpperA | |
| api-ms-win-core-stringansi-l1-1-0.dll | 1 | CharLowerBuffA | |
| api-ms-win-core-stringansi-l1-1-0.dll | CharLowerA | ||
| api-ms-win-core-stringansi-l1-1-0.dll | 6 | CharUpperA | |
| api-ms-win-core-stringansi-l1-1-0.dll | 2 | CharNextA | |
| api-ms-win-core-stringansi-l1-1-0.dll | 3 | CharNextExA | |
| api-ms-win-core-stringansi-l1-1-0.dll | 4 | CharPrevA | |
| api-ms-win-core-stringansi-l1-1-0.dll | 5 | CharPrevExA | |
| api-ms-win-core-stringansi-l1-1-0.dll | 7 | CharUpperBuffA | |
| api-ms-win-core-stringansi-l1-1-0.dll | 9 | IsCharAlphaNumericA | |
| api-ms-win-core-stringansi-l1-1-0.dll | 10 | IsCharLowerA | |
| api-ms-win-core-stringansi-l1-1-0.dll | 8 | IsCharAlphaA | |
| api-ms-win-core-kernel32-private-l1-1-1.dll | 5 | RegisterWaitForInputIdle | |
| api-ms-win-core-sidebyside-l1-1-0.dll | 7 | QueryActCtxSettingsW | |
| api-ms-win-core-windowserrorreporting-l1-1-0.dll | 9 | WerpNotifyUseStringResource | |
| api-ms-win-core-windowserrorreporting-l1-1-0.dll | 8 | WerpNotifyLoadStringResource | |
| KERNELBASE.dll | 157 | LoadStringBaseExW | |
| api-ms-win-core-kernel32-legacy-l1-1-1.dll | 19 | FindResourceExA | |
| api-ms-win-core-kernel32-legacy-l1-1-1.dll | 49 | MulDiv | |
| api-ms-win-core-appinit-l1-1-0.dll | LoadAppInitDlls | ||
| GDI32.dll | 445 | GdiProcessSetup | |
| GDI32.dll | 732 | SetBkMode | |
| GDI32.dll | 724 | SelectObject | |
| GDI32.dll | 603 | IntersectClipRect | |
| GDI32.dll | 539 | GetMapMode | |
| GDI32.dll | 530 | GetHFONT | |
| GDI32.dll | 350 | ExtSelectClipRgn | |
| GDI32.dll | 491 | GetClipRgn | |
| GDI32.dll | 746 | SetGraphicsMode | |
| GDI32.dll | 490 | GetClipBox | |
| GDI32.dll | 81 | CreateRectRgnIndirect | |
| GDI32.dll | 80 | CreateRectRgn | |
| GDI32.dll | 469 | GetBoundsRect | |
| GDI32.dll | 750 | SetLayout | |
| GDI32.dll | 638 | PlayEnhMetaFile | |
| GDI32.dll | 345 | ExcludeClipRect | |
| GDI32.dll | 277 | Ellipse | |
| GDI32.dll | 57 | CreateEllipticRgn | |
| GDI32.dll | 498 | GetDCOrgEx | |
| GDI32.dll | 413 | GdiFixUpHandle | |
| GDI32.dll | 660 | Rectangle | |
| GDI32.dll | 76 | CreatePen | |
| GDI32.dll | 45 | CreateBrushIndirect | |
| GDI32.dll | 646 | PolyPatBlt | |
| GDI32.dll | 774 | SetViewportOrgEx | |
| GDI32.dll | 596 | GetViewportOrgEx | |
| GDI32.dll | 495 | GetCurrentObject | |
| GDI32.dll | 576 | GetTextCharacterExtra | |
| GDI32.dll | 770 | SetTextCharacterExtra | |
| GDI32.dll | 733 | SetBoundsRect | |
| GDI32.dll | 38 | CopyEnhMetaFileW | |
| GDI32.dll | 40 | CopyMetaFileW | |
| GDI32.dll | 759 | SetPaletteEntries | |
| GDI32.dll | 74 | CreatePalette | |
| GDI32.dll | 555 | GetPaletteEntries | |
| GDI32.dll | 559 | GetPixel | |
| GDI32.dll | 578 | GetTextCharsetInfo | |
| GDI32.dll | 656 | QueryFontAssocStatus | |
| GDI32.dll | 351 | ExtTextOutA | |
| GDI32.dll | 486 | GetCharWidthInfo | |
| GDI32.dll | 482 | GetCharWidthA | |
| GDI32.dll | 591 | GetTextFaceW | |
| GDI32.dll | 479 | GetCharABCWidthsW | |
| GDI32.dll | 475 | GetCharABCWidthsA | |
| GDI32.dll | 735 | SetBrushOrgEx | |
| GDI32.dll | 590 | GetTextFaceAliasW | |
| GDI32.dll | 336 | EnumFontsW | |
| GDI32.dll | 65 | CreateFontIndirectW | |
| GDI32.dll | 579 | GetTextColor | |
| GDI32.dll | 593 | GetTextMetricsW | |
| GDI32.dll | 598 | GetWindowExtEx | |
| GDI32.dll | 595 | GetViewportExtEx | |
| GDI32.dll | 468 | GetBkMode | |
| GDI32.dll | 418 | GdiGetCharDimensions | |
| GDI32.dll | 577 | GetTextCharset | |
| GDI32.dll | 419 | GdiGetCodePage | |
| GDI32.dll | 444 | GdiPrinterThunk | |
| GDI32.dll | 437 | GdiLoadType1Fonts | |
| GDI32.dll | 368 | GdiAddFontResourceW | |
| GDI32.dll | 791 | TranslateCharsetInfo | |
| GDI32.dll | 352 | ExtTextOutW | |
| GDI32.dll | 670 | RestoreDC | |
| GDI32.dll | 628 | OffsetWindowOrgEx | |
| GDI32.dll | 677 | SaveDC | |
| GDI32.dll | 501 | GetDIBits | |
| GDI32.dll | 741 | SetDIBits | |
| GDI32.dll | 767 | SetStretchBltMode | |
| GDI32.dll | 54 | CreateDIBSection | |
| GDI32.dll | 48 | CreateCompatibleBitmap | |
| GDI32.dll | 55 | CreateDIBitmap | |
| GDI32.dll | 51 | CreateDCW | |
| GDI32.dll | 267 | DeleteDC | |
| GDI32.dll | 461 | GdiValidateHandle | |
| GDI32.dll | 86 | CreateSolidBrush | |
| GDI32.dll | 49 | CreateCompatibleDC | |
| GDI32.dll | 769 | SetTextAlign | |
| GDI32.dll | 393 | GdiDllInitialize | |
| GDI32.dll | 568 | GetStockObject | |
| GDI32.dll | 374 | GdiClearStockObjectCache | |
| GDI32.dll | 567 | GetRgnBox | |
| GDI32.dll | 621 | MirrorRgn | |
| GDI32.dll | 626 | OffsetRgn | |
| GDI32.dll | 34 | CombineRgn | |
| GDI32.dll | 347 | ExtCreateRegion | |
| GDI32.dll | 565 | GetRegionData | |
| GDI32.dll | 278 | EnableEUDC | |
| GDI32.dll | 387 | GdiConvertToDevmodeW | |
| GDI32.dll | 19 | BitBlt | |
| GDI32.dll | 790 | TextOutW | |
| GDI32.dll | 789 | TextOutA | |
| GDI32.dll | 635 | PatBlt | |
| GDI32.dll | 751 | SetLayoutWidth | |
| GDI32.dll | 41 | CreateBitmap | |
| GDI32.dll | 588 | GetTextExtentPointW | |
| GDI32.dll | 586 | GetTextExtentPointA | |
| GDI32.dll | 784 | StretchBlt | |
| GDI32.dll | 551 | GetObjectType | |
| GDI32.dll | 377 | GdiConvertAndCheckDC | |
| GDI32.dll | 765 | SetRectRgn | |
| GDI32.dll | 575 | GetTextAlign | |
| GDI32.dll | 731 | SetBkColor | |
| GDI32.dll | 449 | GdiReleaseDC | |
| GDI32.dll | 771 | SetTextColor | |
| GDI32.dll | 382 | GdiConvertEnhMetaFile | |
| GDI32.dll | 384 | GdiConvertMetaFilePict | |
| GDI32.dll | 388 | GdiCreateLocalEnhMetaFile | |
| GDI32.dll | 389 | GdiCreateLocalMetaFilePict | |
| GDI32.dll | 379 | GdiConvertBitmapV5 | |
| GDI32.dll | 268 | DeleteEnhMetaFile | |
| GDI32.dll | 269 | DeleteMetaFile | |
| GDI32.dll | 270 | DeleteObject | |
| GDI32.dll | 785 | StretchDIBits | |
| GDI32.dll | 502 | GetDeviceCaps | |
| GDI32.dll | 500 | GetDIBColorTable | |
| GDI32.dll | 417 | GdiGetBitmapBitsSize | |
| GDI32.dll | 536 | GetLayout | |
| GDI32.dll | 467 | GetBkColor | |
| GDI32.dll | 552 | GetObjectW | |
| api-ms-win-core-delayload-l1-1-1.dll | DelayLoadFailureHook | ||
| api-ms-win-core-delayload-l1-1-1.dll | 1 | ResolveDelayLoadedAPI |
StringTable 040904B0
| CompanyName | Microsoft Corporation |
| FileDescription | Multi-User Windows USER API Client DLL |
| FileVersion | 6.3.9600.16384 (winblue_rtm.130821-1623) |
| InternalName | user32 |
| LegalCopyright | © Microsoft Corporation. All rights reserved. |
| OriginalFilename | user32 |
| ProductName | Microsoft® Windows® Operating System |
| ProductVersion | 6.3.9600.16384 |
VS_FIXEDFILEINFO
| FileVersion | 6.3.9600.16384 |
| ProductVersion | 6.3.9600.16384 |
| StrucVersion | 0x10000 |
| FileFlagsMask | 0x3f |
| FileFlags | 0 |
| FileOS | 0x40004 |
| FileType | 2 |
| FileSubtype | 0 |
Signers (1)
issuer: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Windows Production PCA 2011
serial: 330000002418FC0B689E7399D0000000000024
Certificates (2)
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
33:00:00:00:24:18:fc:0b:68:9e:73:99:d0:00:00:00:00:00:24
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011
Validity
Not Before: Jun 17 21:43:38 2013 GMT
Not After : Sep 17 21:43:38 2014 GMT
Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d9:ce:62:a4:93:12:5c:45:cb:53:46:d0:41:f4:
3a:dc:59:c8:55:7f:2c:c3:c0:ea:9d:78:a0:55:84:
d1:97:e8:c8:a1:a8:43:e4:7f:f7:a8:0e:34:b5:da:
44:c5:70:92:8a:4b:7f:f3:05:5f:b3:bd:ea:e5:a8:
f1:8b:fc:db:3c:7d:5d:d3:9f:0f:82:b3:9e:a8:18:
53:b8:91:a1:1f:41:19:42:a5:81:93:6e:ae:73:69:
13:72:53:53:03:4f:e8:48:78:b8:8e:f0:31:95:b8:
cc:23:5c:74:f3:26:9d:9d:b4:c8:16:e2:99:7d:d9:
88:e6:f5:01:60:30:44:87:d7:c6:e7:3b:98:e8:8b:
d8:04:0a:d4:56:f1:54:ea:5f:4f:d8:8f:0d:8c:07:
e3:7f:e2:40:28:85:a4:3a:bd:5b:68:fa:f7:69:74:
ac:9c:71:5e:69:22:0b:c5:2b:fb:12:43:54:f2:9d:
c9:fd:b0:52:53:62:b8:6a:11:3c:c1:b5:d2:5e:76:
1f:c0:ab:bc:c0:bc:0f:cb:98:3b:70:68:7f:16:87:
ef:f1:7c:a9:f9:b4:61:f1:9b:06:fa:56:2b:f1:54:
a6:96:27:fb:f5:10:cd:27:b8:0e:12:fa:87:dd:1d:
15:5e:7f:ca:ad:b6:d0:fa:c7:8d:1c:54:e6:35:45:
26:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Extended Key Usage:
Code Signing, 1.3.6.1.4.1.311.10.3.6
X509v3 Subject Key Identifier:
A8:90:49:53:DC:95:20:69:43:28:FD:28:26:6F:DE:33:73:E4:26:81
X509v3 Subject Alternative Name:
DirName:/OU=MOPR/serialNumber=31612\+09a6d5f3-8125-416a-b9b1-447d2c25afa9
X509v3 Authority Key Identifier:
A9:29:02:39:8E:16:C4:97:78:CD:90:F9:9E:4F:9A:E1:7C:55:AF:53
X509v3 CRL Distribution Points:
Full Name:
URI:http://www.microsoft.com/pkiops/crl/MicWinProPCA2011_2011-10-19.crl
Authority Information Access:
CA Issuers - URI:http://www.microsoft.com/pkiops/certs/MicWinProPCA2011_2011-10-19.crt
X509v3 Basic Constraints: critical
CA:FALSE
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
78:26:9c:4b:43:26:8a:fb:c7:32:9a:21:65:3f:df:54:27:c5:
1d:15:6b:d9:b2:be:4f:c3:ce:06:c9:fe:48:6a:d2:8f:a1:a5:
56:98:ac:c8:61:77:33:a5:d9:b6:8b:3f:69:ab:82:d8:d6:08:
57:a0:cf:33:04:34:70:3b:2a:f4:3b:30:58:ee:c8:91:f8:95:
15:a9:ac:f8:c2:9a:eb:dc:ab:c8:67:16:30:a1:d2:2f:a5:17:
20:ab:95:39:3c:38:8e:3f:be:d2:d4:2e:ca:2b:ce:4f:3a:c0:
3b:e5:be:68:ec:fe:7f:44:a6:d3:87:17:82:ab:d7:cc:3f:8c:
22:30:05:36:bd:24:a1:39:34:47:4b:c0:cf:c2:f1:47:99:91:
b9:91:f3:28:cb:5a:80:d0:6c:10:46:a9:24:9b:8d:d8:74:7b:
3c:87:e5:49:46:f2:8c:0b:df:14:c0:42:56:62:64:fb:f9:47:
58:59:b2:21:d0:43:46:03:ab:5f:65:55:51:43:7b:e8:eb:21:
19:2f:14:3d:17:3b:04:2f:13:9c:e5:53:88:8c:f0:53:4f:9d:
2f:09:0c:1e:db:f1:0d:ef:82:7a:27:4a:fe:eb:a1:0c:2b:47:
25:b0:62:8a:27:22:d5:f2:09:be:4f:9e:3d:2d:81:04:a8:96:
df:82:07:2d
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
61:07:76:56:00:00:00:00:00:08
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
Validity
Not Before: Oct 19 18:41:42 2011 GMT
Not After : Oct 19 18:51:42 2026 GMT
Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:dd:0c:bb:a2:e4:2e:09:e3:e7:c5:f7:96:69:bc:
00:21:bd:69:33:33:ef:ad:04:cb:54:80:ee:06:83:
bb:c5:20:84:d9:f7:d2:8b:f3:38:b0:ab:a4:ad:2d:
7c:62:79:05:ff:e3:4a:3f:04:35:20:70:e3:c4:e7:
6b:e0:9c:c0:36:75:e9:8a:31:dd:8d:70:e5:dc:37:
b5:74:46:96:28:5b:87:60:23:2c:bf:dc:47:a5:67:
f7:51:27:9e:72:eb:07:a6:c9:b9:1e:3b:53:35:7c:
e5:d3:ec:27:b9:87:1c:fe:b9:c9:23:09:6f:a8:46:
91:c1:6e:96:3c:41:d3:cb:a3:3f:5d:02:6a:4d:ec:
69:1f:25:28:5c:36:ff:fd:43:15:0a:94:e0:19:b4:
cf:df:c2:12:e2:c2:5b:27:ee:27:78:30:8b:5b:2a:
09:6b:22:89:53:60:16:2c:c0:68:1d:53:ba:ec:49:
f3:9d:61:8c:85:68:09:73:44:5d:7d:a2:54:2b:dd:
79:f7:15:cf:35:5d:6c:1c:2b:5c:ce:bc:9c:23:8b:
6f:6e:b5:26:d9:36:13:c3:4f:d6:27:ae:b9:32:3b:
41:92:2c:e1:c7:cd:77:e8:aa:54:4e:f7:5c:0b:04:
87:65:b4:43:18:a8:b2:e0:6d:19:77:ec:5a:24:fa:
48:03
Exponent: 65537 (0x10001)
X509v3 extensions:
1.3.6.1.4.1.311.21.1:
...
X509v3 Subject Key Identifier:
A9:29:02:39:8E:16:C4:97:78:CD:90:F9:9E:4F:9A:E1:7C:55:AF:53
1.3.6.1.4.1.311.20.2:
.
.S.u.b.C.A
X509v3 Key Usage:
Digital Signature, Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Authority Key Identifier:
D5:F6:56:CB:8F:E8:A2:5C:62:68:D1:3D:94:90:5B:D7:CE:9A:18:C4
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
Authority Information Access:
CA Issuers - URI:http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
14:fc:7c:71:51:a5:79:c2:6e:b2:ef:39:3e:bc:3c:52:0f:6e:
2b:3f:10:13:73:fe:a8:68:d0:48:a6:34:4d:8a:96:05:26:ee:
31:46:90:61:79:d6:ff:38:2e:45:6b:f4:c0:e5:28:b8:da:1d:
8f:8a:db:09:d7:1a:c7:4c:0a:36:66:6a:8c:ec:1b:d7:04:90:
a8:18:17:a4:9b:b9:e2:40:32:36:76:c4:c1:5a:c6:bf:e4:04:
c0:ea:16:d3:ac:c3:68:ef:62:ac:dd:54:6c:50:30:58:a6:eb:
7c:fe:94:a7:4e:8e:f4:ec:7c:86:73:57:c2:52:21:73:34:5a:
f3:a3:8a:56:c8:04:da:07:09:ed:f8:8b:e3:ce:f4:7e:8e:ae:
f0:f6:0b:8a:08:fb:3f:c9:1d:72:7f:53:b8:eb:be:63:e0:e3:
3d:31:65:b0:81:e5:f2:ac:cd:16:a4:9f:3d:a8:b1:9b:c2:42:
d0:90:84:5f:54:1d:ff:89:ea:ba:1d:47:90:6f:b0:73:4e:41:
9f:40:9f:5f:e5:a1:2a:b2:11:91:73:8a:21:28:f0:ce:de:73:
39:5f:3e:ab:5c:60:ec:df:03:10:a8:d3:09:e9:f4:f6:96:85:
b6:7f:51:88:66:47:19:8d:a2:b0:12:3d:81:2a:68:05:77:bb:
91:4c:62:7b:b6:c1:07:c7:ba:7a:87:34:03:0e:4b:62:7a:99:
e9:ca:fc:ce:4a:37:c9:2d:a4:57:7c:1c:fe:3d:dc:b8:0f:5a:
fa:d6:c4:b3:02:85:02:3a:ea:b3:d9:6e:e4:69:21:37:de:81:
d1:f6:75:19:05:67:d3:93:57:5e:29:1b:39:c8:ee:2d:e1:cd:
e4:45:73:5b:d0:d2:ce:7a:ab:16:19:82:46:58:d0:5e:9d:81:
b3:67:af:6c:35:f2:bc:e5:3f:24:e2:35:a2:0a:75:06:f6:18:
56:99:d4:78:2c:d1:05:1b:eb:d0:88:01:9d:aa:10:f1:05:df:
ba:7e:2c:63:b7:06:9b:23:21:c4:f9:78:6c:e2:58:17:06:36:
2b:91:12:03:cc:a4:d9:f2:2d:ba:f9:94:9d:40:ed:18:45:f1:
ce:8a:5c:6b:3e:ab:03:d3:70:18:2a:0a:6a:e0:5f:47:d1:d5:
63:0a:32:f2:af:d7:36:1f:2a:70:5a:e5:42:59:08:71:4b:57:
ba:7e:83:81:f0:21:3c:f4:1c:c1:c5:b9:90:93:0e:88:45:93:
86:e9:b1:20:99:be:98:cb:c5:95:a4:5d:62:d6:a0:63:08:20:
bd:75:10:77:7d:3d:f3:45:b9:9f:97:9f:cb:57:80:6f:33:a9:
04:cf:77:a4:62:1c:59:7e
undefined method `first' for #
| offset | size | type | comment | |
|---|---|---|---|---|
| 0 | 1350144 | DLL | 08/22/2013 02:49:19 | # |
| 15c1 | 15 | HTM | # | |
| d9c50 | 49962 | PNG | (256 x 256) | # |
| 149a00 | 20552 | PKCS7 | Authenticode Signature | # |
 |
| Please donate some bucks to keep this site up and running: | |
| Ko-fi | |
|---|---|
| Yandex.Money | |
| Thank you! | |
[?] ignoring invalid PEdump::BITMAPINFOHEADER