WIN64[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

WIN64.zip
Size

80.0MB
MD5

469f344e35900678fad5cef9793757c7
SHA1

81a132ba1979d1b7e2703e45bb4c255aa02ab828
SHA256

f58cde6186a91f9ebdb4bf2c1928d03f82c9603b11430512b989d7e3448d30c3
SHA512

4e085d4563301825c4a29547f69a85758388d627c676654f68396c0e89da939fb2d2ffc3437ee63971a2d6402d505ad94133605784c9262001d7b383fe375723
SSDEEP

1572864:UBQC2KbILz4paOc+phhxB7TT3P3SuLQIeMMulXnKM2F2TEPFNuE0tk:UBtrc4p7c+JxB7TDZLt7ZXKBF2T0P0i

Score

N/A

Malware Config

Signatures

Files

WIN64.zip
.zip
WIN64/CodecExtOem/DellAudioExtRT.inf
WIN64/CodecExtOem/DellAudioExtWaves.inf
WIN64/CodecExtOem/MaxxAudio_Data.cab
WIN64/CodecExtOem/dellaudioextrt.cat
WIN64/CodecExtOem/dellaudioextwaves.cat
WIN64/HDXRT.inf
WIN64/RTAIODAT.DAT
WIN64/RTKVHD64.sys
.exe windows x64

99b22dce3f38ce03b1c36db4c54ed0a4

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:20:be:3e:b8:66:52:69:27:f9:99:b9:7b:04:34:6e
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/06/2016, 00:00

Not After

24/01/2019, 12:00

Subject

SERIALNUMBER=22671299,CN=Realtek Semiconductor Corp.,O=Realtek Semiconductor Corp.,POSTALCODE=300,STREET=No. 2\, Innovation Road II\, Hsinchu Science Park,L=Hsinchu,ST=Taiwan,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:43:9b:d4:99:23:01:cb:6d:34:00:00:00:00:00:43
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/03/2017, 19:05

Not After

01/06/2018, 19:05

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8e:61:72:9f:22:d5:a2:52:04:54:b2:17:40:e6:9c:f8:95:27:6c:3c:0e:46:45:db:30:bc:0a:26:3f:9a:69:a6
Signer

Actual PE Digest

8e:61:72:9f:22:d5:a2:52:04:54:b2:17:40:e6:9c:f8:95:27:6c:3c:0e:46:45:db:30:bc:0a:26:3f:9a:69:a6

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

09/09/2022, 12:58
Valid: false

11:66:19:64:92:9f:d7:cb:d4:6c:11:e9:a0:98:42:77:02:bd:55:42
Signer

Actual PE Digest

11:66:19:64:92:9f:d7:cb:d4:6c:11:e9:a0:98:42:77:02:bd:55:42

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

SERIALNUMBER=22671299,CN=Realtek Semiconductor Corp.,O=Realtek Semiconductor Corp.,POSTALCODE=300,STREET=No. 2\, Innovation Road II\, Hsinchu Science Park,L=Hsinchu,ST=Taiwan,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

22/05/2017, 10:47
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

DbgPrint
EtwWrite
IoGetAttachedDeviceReference
IoBuildSynchronousFsdRequest
KeWaitForMultipleObjects
KeResetEvent
IoUnregisterPlugPlayNotification
IoRegisterPlugPlayNotification
ObfDereferenceObject
IofCallDriver
IoCancelIrp
KeInitializeEvent
KeDelayExecutionThread
PsTerminateSystemThread
RtlQueryRegistryValues
ExCreateCallback
IoFreeWorkItem
IoFreeMdl
ObReferenceObjectByHandle
ZwOpenKey
EtwUnregister
IoAllocateWorkItem
MmUnmapLockedPages
IoQueueWorkItem
wcsstr
KeSetPriorityThread
PoRequestPowerIrp
PsCreateSystemThread
MmMapLockedPagesSpecifyCache
_vsnwprintf
IoGetDeviceObjectPointer
IoFreeIrp
IoAllocateIrp
EtwRegister
IoGetDeviceInterfaces
KeAcquireSpinLockRaiseToDpc
KeSetTimerEx
KeFlushQueuedDpcs
KeInitializeTimerEx
KeCancelTimer
KeInitializeDpc
_purecall
KeRemoveQueueDpc
KeReleaseSpinLock
ZwCreateKey
IoOpenDeviceInterfaceRegistryKey
KeInitializeSemaphore
RtlCompareUnicodeString
RtlFreeUnicodeString
MmGetSystemRoutineAddress
KeBugCheckEx
IoRegisterDeviceInterface
ZwDeleteValueKey
ZwSetValueKey
RtlWriteRegistryValue
ExAllocatePool
RtlStringFromGUID
MmBuildMdlForNonPagedPool
IoAllocateMdl
ZwReadFile
ExRegisterCallback
IoWMIRegistrationControl
IoWMIWriteEvent
IoSetDeviceInterfaceState
IofCompleteRequest
ExEventObjectType
RtlDeleteRegistryValue
RtlCreateRegistryKey
ZwWriteFile
RtlTimeFieldsToTime
strstr
ZwQueryInformationFile
KeClearEvent
wcschr
PoUnregisterPowerSettingCallback
PoRegisterPowerSettingCallback
MmMapIoSpace
MmUnmapIoSpace
IoWMIOpenBlock
IoWMIQueryAllData
MmUnlockPages
KeReleaseSemaphore
ExFreePoolWithTag
ObReferenceObjectByPointer
IoCreateSynchronizationEvent
RtlEqualUnicodeString
ZwSetInformationFile
MmProbeAndLockPages
RtlIntegerToUnicodeString
ObfReferenceObject
RtlUnicodeStringToInteger
RtlInitAnsiString
RtlAnsiStringToUnicodeString
KeInitializeGuardedMutex
KeAcquireGuardedMutex
KeReleaseGuardedMutex
RtlCreateSecurityDescriptor
ZwCreateEvent
RtlSetDaclSecurityDescriptor
KeReleaseSpinLockFromDpcLevel
KeAcquireSpinLockAtDpcLevel
KeQueryTimeIncrement
atoi
RtlInitString
isspace
RtlCompareMemory
ZwClose
RtlInitUnicodeString
ZwQueryValueKey
RtlTimeToTimeFields
_vsnprintf
ExSystemTimeToLocalTime
ExUnregisterCallback
DbgBreakPoint
IoBuildDeviceIoControlRequest
KeSetEvent
KeReleaseMutex
KeInitializeMutex
ExAllocatePoolWithTag
KeWaitForSingleObject
ZwCreateFile
ExFreePool
RtlRaiseException
ZwOpenFile
srand
rand
__chkstk
MmIsAddressValid
RtlUnwindEx

hal

KeStallExecutionProcessor
KeQueryPerformanceCounter

ksecdd.sys

BCryptOpenAlgorithmProvider
BCryptSetProperty
BCryptGenRandom
BCryptDestroyKey
BCryptFinalizeKeyPair
BCryptDecrypt
BCryptCloseAlgorithmProvider
BCryptGetProperty
BCryptGenerateSymmetricKey
BCryptGenerateKeyPair
BCryptEncrypt
BCryptExportKey

portcls.sys

PcAddAdapterDevice
PcInitializeAdapterDriver
PcDispatchIrp
PcRegisterSubdevice
PcRegisterPhysicalConnection
PcForwardIrpSynchronous
PcNewRegistryKey
PcNewPort
PcRegisterAdapterPowerManagement

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TEXT
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CODE
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 323KB - Virtual size: 323KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 445KB - Virtual size: 662KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WIN64/SWC/RealtekAPO/RAVBg64.exe
.exe windows x64

d4dac7861cfdb552f879070d42a1f98c

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:20:be:3e:b8:66:52:69:27:f9:99:b9:7b:04:34:6e
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/06/2016, 00:00

Not After

24/01/2019, 12:00

Subject

SERIALNUMBER=22671299,CN=Realtek Semiconductor Corp.,O=Realtek Semiconductor Corp.,POSTALCODE=300,STREET=No. 2\, Innovation Road II\, Hsinchu Science Park,L=Hsinchu,ST=Taiwan,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:43:9b:d4:99:23:01:cb:6d:34:00:00:00:00:00:43
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/03/2017, 19:05

Not After

01/06/2018, 19:05

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:02:18:03:dc:55:81:c8:cf:ee:7b:3c:47:69:55:67:5c:0c:26:07:92:4c:54:d0:bd:92:39:45:3f:d2:fa:d5
Signer

Actual PE Digest

62:02:18:03:dc:55:81:c8:cf:ee:7b:3c:47:69:55:67:5c:0c:26:07:92:4c:54:d0:bd:92:39:45:3f:d2:fa:d5

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

09/09/2022, 12:58
Valid: false

b5:f5:4c:34:90:f1:3f:2d:cc:16:1a:51:72:72:7f:12:17:e3:7b:71
Signer

Actual PE Digest

b5:f5:4c:34:90:f1:3f:2d:cc:16:1a:51:72:72:7f:12:17:e3:7b:71

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

SERIALNUMBER=22671299,CN=Realtek Semiconductor Corp.,O=Realtek Semiconductor Corp.,POSTALCODE=300,STREET=No. 2\, Innovation Road II\, Hsinchu Science Park,L=Hsinchu,ST=Taiwan,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

25/04/2017, 07:47
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

wtsapi32

WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

propsys

PropVariantToUInt32
PropVariantCompareEx

setupapi

SetupDiGetClassDevsW
SetupDiGetDeviceInstanceIdW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo

version

GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

LoadLibraryExW
GetLocaleInfoW
EnumResourceLanguagesW
GetVersion
ConvertDefaultLocale
GetCurrentThread
TlsGetValue
TlsAlloc
GlobalReAlloc
GlobalHandle
TlsSetValue
LocalReAlloc
TlsFree
FileTimeToSystemTime
SetErrorMode
FileTimeToLocalFileTime
GetFileTime
GlobalFlags
GetTickCount
HeapAlloc
GetStartupInfoW
HeapReAlloc
VirtualProtect
VirtualAlloc
VirtualQuery
RtlLookupFunctionEntry
RtlUnwindEx
RtlPcToFileHeader
ExitThread
CompareStringA
HeapSize
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
RtlVirtualUnwind
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CreateFileA
SetEnvironmentVariableA
SuspendThread
SetThreadPriority
GetCurrentProcessId
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
lstrcmpW
GetModuleHandleW
GetVersionExA
GetModuleFileNameW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
lstrcmpA
FormatMessageW
MulDiv
SetLastError
RaiseException
LoadLibraryA
GetProcessHeap
HeapFree
lstrlenA
LocalAlloc
LocalFree
GetFileAttributesW
GetFirmwareEnvironmentVariableA
CreateMutexW
GetExitCodeThread
ResumeThread
DuplicateHandle
Sleep
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSection
FreeLibrary
LoadLibraryW
FindResourceExW
GetSystemInfo
GetUserDefaultUILanguage
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
WaitForMultipleObjects
SetEvent
CreateThread
CreateEventW
CreateFileW
GetLastError
DeviceIoControl
GetVersionExW
CreateProcessW
GetSystemDirectoryW
lstrlenW
GetSystemDirectoryA
WideCharToMultiByte
WaitForSingleObject
QueryFullProcessImageNameW
CloseHandle
GetCurrentProcess
OpenProcess
GetModuleHandleA
OutputDebugStringW
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
FindResourceW
LoadResource
LockResource
SizeofResource
ExitProcess

user32

CharNextW
CopyAcceleratorTableW
IsRectEmpty
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatW
PostThreadMessageW
GetCursorPos
ValidateRect
MoveWindow
SetWindowTextW
IsDialogMessageW
IsWindowEnabled
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
TabbedTextOutW
UnregisterClassA
ReleaseDC
SendDlgItemMessageA
SendDlgItemMessageW
WinHelpW
IsChild
GetCapture
GetClassNameW
GetClassLongPtrW
SetPropW
GetPropW
RemovePropW
GetFocus
IsWindow
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetLastActivePopup
SetActiveWindow
GetDlgItem
GetTopWindow
GetWindowLongPtrW
SetWindowLongPtrW
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
CreateDialogIndirectParamW
GetMenu
MessageBoxW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
EqualRect
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowLongW
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
LoadIconW
IsWindowVisible
PostQuitMessage
SendInput
MapVirtualKeyW
TranslateMessage
PeekMessageW
DispatchMessageW
KillTimer
ChangeWindowMessageFilter
UnregisterDeviceNotification
EnumDisplaySettingsW
SetTimer
CallNextHookEx
RegisterDeviceNotificationW
FindWindowExW
RegisterWindowMessageW
CharUpperW
SetWindowPos
RedrawWindow
GetSysColorBrush
DrawTextW
EnableWindow
SendMessageW
ReleaseCapture
SetCapture
UnregisterClassW
DestroyMenu
DrawFocusRect
InflateRect
LoadCursorW
SetWindowContextHelpId
MapDialogRect
DestroyWindow
SetCursor
SetRect
CopyRect
GetDesktopWindow
GetWindow
GetParent
GetWindowRect
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
EnumThreadWindows
InvalidateRect
SetForegroundWindow
GetForegroundWindow
GetWindowThreadProcessId
UnhookWindowsHookEx
UpdateWindow
SetWindowsHookExW
ShowWindow
GetWindowLongW
SystemParametersInfoW
GetSysColor
GetClientRect
PostMessageW
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
CheckMenuItem
EnableMenuItem
GetMessageW
GetActiveWindow
CreateWindowExW
GetDC

gdi32

PtVisible
RectVisible
TextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetBkColor
GetTextColor
GetRgnBox
SetMapMode
GetDeviceCaps
GetStockObject
GetViewportExtEx
GetWindowExtEx
GetMapMode
CreateCompatibleBitmap
DeleteObject
CreateDIBSection
GetObjectW
SetDIBColorTable
CreateCompatibleDC
DeleteDC
SelectObject
CreateFontW
ExtSelectClipRgn
BitBlt
SetBkMode
RestoreDC
SaveDC
CreateBitmap
CreateRectRgnIndirect
ExtTextOutW
SetBkColor
SetTextColor
GetClipBox

msimg32

AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

LookupPrivilegeValueW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
AdjustTokenPrivileges
RegCloseKey
OpenProcessToken
RegDeleteValueW
RegNotifyChangeKeyValue
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW

shell32

SHGetKnownFolderPath
ShellExecuteW
SHGetFolderPathW

comctl32

InitCommonControlsEx

shlwapi

PathIsUNCW
PathFindFileNameW
PathFindExtensionW
PathStripToRootW

oledlg

OleUIBusyW

ole32

CLSIDFromString
CoTaskMemAlloc
PropVariantClear
CoTaskMemFree
StringFromGUID2
CoCreateInstance
CoInitializeSecurity
CoUninitialize
CoInitializeEx
CreateStreamOnHGlobal
CoInitialize
CoFreeUnusedLibrariesEx
FreePropVariantArray
PropVariantCopy
CLSIDFromProgID
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoSetProxyBlanket
CoFreeUnusedLibraries

oleaut32

VariantInit
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
SysStringLen
OleCreateFontIndirect
VariantChangeType
GetErrorInfo
VariantCopy
SysFreeString
SafeArrayPutElement
SafeArrayCreateVector
SysAllocStringLen
SafeArrayAccessData
VariantClear
SysAllocString
SafeArrayUnaccessData

gdiplus

GdipGetImagePixelFormat
GdipDisposeImage
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteGraphics
GdipGetImagePaletteSize
GdipAlloc
GdiplusShutdown
GdipFree
GdiplusStartup
GdipCloneImage
GdipGetImagePalette
GdipDrawImageI
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits

Sections

.text
Size: 724KB - Virtual size: 723KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 408KB - Virtual size: 408KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WIN64/SWC/RealtekAPO/RealtekAPO.inf
WIN64/SWC/RealtekAPO/RltkAPO64.dll
.dll regsvr32 windows x64

9eb1a54d85c752921137fb03d32b3cf1

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:20:be:3e:b8:66:52:69:27:f9:99:b9:7b:04:34:6e
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/06/2016, 00:00

Not After

24/01/2019, 12:00

Subject

SERIALNUMBER=22671299,CN=Realtek Semiconductor Corp.,O=Realtek Semiconductor Corp.,POSTALCODE=300,STREET=No. 2\, Innovation Road II\, Hsinchu Science Park,L=Hsinchu,ST=Taiwan,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:43:9b:d4:99:23:01:cb:6d:34:00:00:00:00:00:43
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/03/2017, 19:05

Not After

01/06/2018, 19:05

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

11:0b:f3:a5:ea:d9:29:dd:39:bb:5a:5f:a8:97:eb:51:94:0f:cf:a4:c4:45:8d:36:06:fa:02:97:7f:82:95:d5
Signer

Actual PE Digest

11:0b:f3:a5:ea:d9:29:dd:39:bb:5a:5f:a8:97:eb:51:94:0f:cf:a4:c4:45:8d:36:06:fa:02:97:7f:82:95:d5

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

09/09/2022, 12:58
Valid: false

dd:ba:f5:5c:99:16:b4:87:d4:f9:68:52:57:85:a2:c2:80:02:22:c7
Signer

Actual PE Digest

dd:ba:f5:5c:99:16:b4:87:d4:f9:68:52:57:85:a2:c2:80:02:22:c7

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

SERIALNUMBER=22671299,CN=Realtek Semiconductor Corp.,O=Realtek Semiconductor Corp.,POSTALCODE=300,STREET=No. 2\, Innovation Road II\, Hsinchu Science Park,L=Hsinchu,ST=Taiwan,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

02/05/2017, 10:36
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_XcptFilter
_initterm
__C_specific_handler
_amsg_exit
fclose
fwrite
fsetpos
memset
realloc
_errno
_unlock
__dllonexit
_lock
_onexit
floor
atan2
powf
sqrtf
floorf
logf
__CxxFrameHandler3
tanf
memcpy
memcmp
_vsnwprintf
memmove
__iob_func
fprintf
sprintf
sprintf_s
sinf
cosf
fabs
pow
log10f
log10
exp
atan
sin
expf
log
printf
??1type_info@@UEAA@XZ
fgetpos
_wfopen_s
wcsncpy
wcscat_s
_beginthreadex
_aligned_malloc
_wcslwr_s
_aligned_free
malloc
wcsncpy_s
wcsstr
wcsrchr
wcscpy_s
calloc
_wcsupr_s
free
??2@YAPEAX_K@Z
memcpy_s
vswprintf_s
_vscwprintf
??_U@YAPEAX_K@Z
memmove_s
??_V@YAXPEAX@Z
_purecall
??3@YAXPEAX@Z
rand
ceilf
atan2f
cos
atanf
fmodf
tan
sqrt
tanh

kernel32

OpenEventA
CreateMutexA
CreateEventA
CreateFileMappingA
GetVersionExW
GetDateFormatW
GetTimeFormatW
SetFilePointer
ResumeThread
WriteFile
OutputDebugStringA
RtlCaptureContext
RtlLookupFunctionEntry
SetUnhandledExceptionFilter
MapViewOfFile
UnmapViewOfFile
WaitForSingleObject
FindResourceExW
FindResourceW
GetTimeZoneInformation
CreateMutexW
LoadResource
SystemTimeToTzSpecificLocalTime
SizeofResource
ReleaseMutex
CloseHandle
RaiseException
CreateFileMappingW
LocalFree
OpenFileMappingW
GetLastError
GetSystemTime
LockResource
GetCurrentProcess
SetThreadPriority
GetThreadPriority
GetPriorityClass
CreateWaitableTimerW
CreateEventW
CancelWaitableTimer
CreateThread
SetEvent
SetWaitableTimer
WaitForMultipleObjects
DeviceIoControl
lstrlenW
CreateFileW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
InitializeCriticalSection
MultiByteToWideChar
lstrcmpiW
FreeLibrary
InitializeSListHead
InterlockedFlushSList
SystemTimeToFileTime
GetLocalTime
InterlockedPushEntrySList
DuplicateHandle
OpenMutexW
ResetEvent
TerminateThread
VerifyVersionInfoW
VerSetConditionMask
OutputDebugStringW
SetThreadLocale
GetThreadLocale
LoadLibraryW
GetProcAddress
WaitForSingleObjectEx
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
WideCharToMultiByte
Sleep
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
RtlVirtualUnwind

ole32

StringFromCLSID
CoTaskMemRealloc
StringFromGUID2
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
PropVariantClear
CLSIDFromString

oleaut32

SysFreeString
SysStringLen
LoadTypeLi
SysAllocString
RegisterTypeLi
UnRegisterTypeLi
VarUI4FromStr

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
RegSetValueExW
RegCloseKey
RegQueryValueExW
StartServiceW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
RegOpenKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegSetKeySecurity
RegEnumValueW
RegNotifyChangeKeyValue
RegEnumKeyExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegOpenKeyExW

user32

UnregisterClassA
CharUpperW
RegisterWindowMessageW
CharNextW

audioeng

AERT_Allocate
AERT_Free

winmm

timeEndPeriod
timeBeginPeriod

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInstanceIdW
SetupDiEnumDeviceInfo
SetupDiGetDeviceInterfaceAlias
SetupDiGetClassDevsW

avrt

AvRevertMmThreadCharacteristics
AvSetMmThreadCharacteristicsW
AvSetMmThreadPriority

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 932KB - Virtual size: 931KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CODE
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 308KB - Virtual size: 944KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

RT_DATA
Size: 300KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_CONST
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WIN64/SWC/RealtekAPO/RtPgEx64.dll
.dll regsvr32 windows x64

15b9177359805e6e6fb5c59cf5df31e2

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:20:be:3e:b8:66:52:69:27:f9:99:b9:7b:04:34:6e
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/06/2016, 00:00

Not After

24/01/2019, 12:00

Subject

SERIALNUMBER=22671299,CN=Realtek Semiconductor Corp.,O=Realtek Semiconductor Corp.,POSTALCODE=300,STREET=No. 2\, Innovation Road II\, Hsinchu Science Park,L=Hsinchu,ST=Taiwan,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:43:9b:d4:99:23:01:cb:6d:34:00:00:00:00:00:43
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/03/2017, 19:05

Not After

01/06/2018, 19:05

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

63:8d:97:e7:b8:ca:8c:ae:85:fb:4f:67:b7:e5:dc:62:2f:fc:93:8e:2f:23:96:09:8f:bb:05:81:cd:35:ed:90
Signer

Actual PE Digest

63:8d:97:e7:b8:ca:8c:ae:85:fb:4f:67:b7:e5:dc:62:2f:fc:93:8e:2f:23:96:09:8f:bb:05:81:cd:35:ed:90

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

09/09/2022, 12:58
Valid: false

3a:ba:39:44:df:99:c2:81:39:57:88:d3:54:ae:79:89:ee:6e:06:53
Signer

Actual PE Digest

3a:ba:39:44:df:99:c2:81:39:57:88:d3:54:ae:79:89:ee:6e:06:53

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

SERIALNUMBER=22671299,CN=Realtek Semiconductor Corp.,O=Realtek Semiconductor Corp.,POSTALCODE=300,STREET=No. 2\, Innovation Road II\, Hsinchu Science Park,L=Hsinchu,ST=Taiwan,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

02/05/2017, 10:36
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_beginthreadex
iswspace
wcsnlen
calloc
memset
memcpy
__CxxFrameHandler3
_CxxThrowException
__C_specific_handler
_XcptFilter
_wcsupr_s
vswprintf_s
_vscwprintf
_vsnwprintf
_initterm
_amsg_exit
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_unlock
__dllonexit
_purecall
wcsstr
??2@YAPEAX_K@Z
__RTDynamicCast
memmove_s
??_U@YAPEAX_K@Z
_lock
_onexit
realloc
_errno
??3@YAXPEAX@Z
sprintf_s
free
wcscpy_s
wcsncpy_s
malloc
wcscat_s
memcpy_s
??_V@YAXPEAX@Z
memcmp

advapi32

RegNotifyChangeKeyValue
RegQueryValueExW
StartServiceW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
RegOpenKeyW
RegDeleteKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegEnumValueW

kernel32

RtlVirtualUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
SetFilePointer
GetTickCount
RtlLookupFunctionEntry
InterlockedPushEntrySList
VirtualFree
VirtualAlloc
GetTimeFormatW
GetDateFormatW
RtlCaptureContext
SetThreadPriority
QueryPerformanceCounter
GetLocalTime
GetSystemTimeAsFileTime
GetVersionExW
ResumeThread
OutputDebugStringA
InterlockedPopEntrySList
lstrlenW
LeaveCriticalSection
GetModuleHandleW
EnterCriticalSection
MultiByteToWideChar
GetLastError
GetModuleFileNameW
lstrcmpiW
InitializeCriticalSection
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
FreeLibrary
RaiseException
GetUserDefaultUILanguage
LockResource
FindResourceExW
CreateEventW
CreateThread
CloseHandle
SetEvent
WaitForMultipleObjects
CreateProcessW
CreateFileW
DeviceIoControl
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
SetLastError
CreateMutexW
WaitForSingleObject
ReleaseMutex
GetWindowsDirectoryW
GetFileAttributesW
GetSystemDirectoryW
LoadLibraryW
GetProcAddress
Sleep
TerminateThread
ResetEvent
OpenMutexW
LocalFree
LocalAlloc
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
WideCharToMultiByte
WriteFile

user32

SetWindowLongPtrW
IsDlgButtonChecked
GetParent
GetWindowLongPtrW
CreateWindowExW
SetWindowPos
GetWindowRect
GetDlgItem
CheckDlgButton
DestroyWindow
CreateDialogParamW
EnableWindow
CheckRadioButton
EndDialog
MapWindowPoints
DialogBoxParamW
SetWindowTextW
ScreenToClient
ShowWindow
MoveWindow
RegisterWindowMessageW
FindWindowExW
SetFocus
FindWindowW
SetForegroundWindow
GetWindowLongW
SetWindowLongW
LoadBitmapW
MessageBoxW
GetDlgItemTextW
GetActiveWindow
UnregisterClassA
CharNextW
GetClientRect
SendMessageW
PostMessageW
GetDlgCtrlID

ole32

PropVariantClear
CoTaskMemAlloc
CoCreateInstance
StringFromGUID2
CoTaskMemRealloc
CoTaskMemFree

oleaut32

RegisterTypeLi
VarUI4FromStr
SysStringLen
UnRegisterTypeLi
SysAllocString
SysFreeString
LoadTypeLi
LoadRegTypeLi
VarBstrCat

comctl32

DestroyPropertySheetPage
ord345
CreatePropertySheetPageW

rpcrt4

UuidCreate

shell32

ShellExecuteExW
SHGetKnownFolderPath
SHGetFolderPathW

imm32

ImmAssociateContext
ImmGetContext
ImmReleaseContext

gdi32

DeleteObject

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 876KB - Virtual size: 876KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WIN64/SWC/RealtekAPO/RtkAudioService64.exe
.exe windows x64

7fca21abc24414a5bdc583779bd736d0

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:20:be:3e:b8:66:52:69:27:f9:99:b9:7b:04:34:6e
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/06/2016, 00:00

Not After

24/01/2019, 12:00

Subject

SERIALNUMBER=22671299,CN=Realtek Semiconductor Corp.,O=Realtek Semiconductor Corp.,POSTALCODE=300,STREET=No. 2\, Innovation Road II\, Hsinchu Science Park,L=Hsinchu,ST=Taiwan,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:43:9b:d4:99:23:01:cb:6d:34:00:00:00:00:00:43
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/03/2017, 19:05

Not After

01/06/2018, 19:05

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2c:55:95:66:43:52:85:f0:c1:14:5f:f5:2b:ab:f3:87:39:3e:dc:09:0e:86:2a:37:c9:ff:7c:37:85:88:c5:b2
Signer

Actual PE Digest

2c:55:95:66:43:52:85:f0:c1:14:5f:f5:2b:ab:f3:87:39:3e:dc:09:0e:86:2a:37:c9:ff:7c:37:85:88:c5:b2

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

09/09/2022, 12:58
Valid: false

c6:89:ef:32:05:bb:38:0e:8f:0c:82:d1:f0:96:d1:ff:49:45:03:de
Signer

Actual PE Digest

c6:89:ef:32:05:bb:38:0e:8f:0c:82:d1:f0:96:d1:ff:49:45:03:de

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

SERIALNUMBER=22671299,CN=Realtek Semiconductor Corp.,O=Realtek Semiconductor Corp.,POSTALCODE=300,STREET=No. 2\, Innovation Road II\, Hsinchu Science Park,L=Hsinchu,ST=Taiwan,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

21/03/2017, 09:11
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
CM_Get_Device_IDW
CM_Get_Next_Res_Des
CM_Free_Res_Des_Handle
CM_Get_Res_Des_Data_Size
CM_Get_DevNode_Status
CM_Get_Res_Des_Data
SetupDiGetDeviceRegistryPropertyW
CM_Get_First_Log_Conf
CM_Get_Parent
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceInstanceIdW

kernel32

GetConsoleOutputCP
FindResourceExW
FindResourceW
LoadResource
OpenProcess
SizeofResource
CreateFileW
GetLastError
Process32FirstW
ProcessIdToSessionId
GetExitCodeThread
LockResource
DeviceIoControl
Process32NextW
WTSGetActiveConsoleSessionId
CreateToolhelp32Snapshot
CloseHandle
MultiByteToWideChar
RaiseException
WaitForSingleObject
SetEvent
WriteConsoleW
CreateEventW
WaitForMultipleObjects
CreateThread
FreeLibrary
InitializeCriticalSection
GetSystemDirectoryW
LoadLibraryW
Sleep
GetProcAddress
DeleteCriticalSection
SetWaitableTimer
CancelWaitableTimer
LeaveCriticalSection
EnterCriticalSection
LocalAlloc
CreateWaitableTimerW
LocalFree
WriteConsoleA
InitializeCriticalSectionAndSpinCount
SetStdHandle
SetEndOfFile
ReadFile
CreateFileA
lstrlenA
WideCharToMultiByte
GetConsoleCP
ResetEvent
SetFilePointer
GetConsoleMode
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringA
FlushFileBuffers
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCurrentThreadId
DuplicateHandle
GetCurrentProcess
LoadLibraryA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RtlUnwindEx
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
SetLastError
FlsAlloc
HeapSetInformation
HeapCreate
LCMapStringW
RtlPcToFileHeader
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW

user32

RegisterDeviceNotificationW
UnregisterDeviceNotification

advapi32

SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
RegNotifyChangeKeyValue
RegCloseKey
AdjustTokenPrivileges
RegOpenKeyExW
DuplicateTokenEx
LookupPrivilegeValueW
SetTokenInformation
CreateProcessAsUserW
RegQueryValueExW
OpenProcessToken
RegSetValueExW

shell32

SHGetFolderPathW

ole32

CoCreateInstance
StringFromGUID2
PropVariantClear
CoTaskMemFree
CoSetProxyBlanket
CoUninitialize
CoInitializeSecurity
CoInitializeEx

oleaut32

SysFreeString
SafeArrayUnaccessData
VariantInit
SafeArrayAccessData
VariantClear
SysAllocString
VariantChangeType

Sections

.text
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WIN64/SWC/RealtekAPO/RtkNGUI64.exe
.exe windows x64

1995579ff5d3d4f0be9fcd9604c613c8

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:20:be:3e:b8:66:52:69:27:f9:99:b9:7b:04:34:6e
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/06/2016, 00:00

Not After

24/01/2019, 12:00

Subject

SERIALNUMBER=22671299,CN=Realtek Semiconductor Corp.,O=Realtek Semiconductor Corp.,POSTALCODE=300,STREET=No. 2\, Innovation Road II\, Hsinchu Science Park,L=Hsinchu,ST=Taiwan,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:43:9b:d4:99:23:01:cb:6d:34:00:00:00:00:00:43
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/03/2017, 19:05

Not After

01/06/2018, 19:05

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3a:ef:5c:60:fb:8d:fb:ea:7d:55:f4:42:22:70:17:12:66:64:85:a7:53:dc:e1:6b:e9:67:fb:34:02:fb:eb:95
Signer

Actual PE Digest

3a:ef:5c:60:fb:8d:fb:ea:7d:55:f4:42:22:70:17:12:66:64:85:a7:53:dc:e1:6b:e9:67:fb:34:02:fb:eb:95

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

09/09/2022, 12:58
Valid: false

6f:41:49:ad:c5:1f:b1:bd:a1:dd:ad:7f:05:88:3a:ad:28:ce:77:f4
Signer

Actual PE Digest

6f:41:49:ad:c5:1f:b1:bd:a1:dd:ad:7f:05:88:3a:ad:28:ce:77:f4

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

SERIALNUMBER=22671299,CN=Realtek Semiconductor Corp.,O=Realtek Semiconductor Corp.,POSTALCODE=300,STREET=No. 2\, Innovation Road II\, Hsinchu Science Park,L=Hsinchu,ST=Taiwan,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

02/05/2017, 13:08
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

dwmapi

DwmExtendFrameIntoClientArea

winmm

timeGetTime
mmioClose
mmioOpenW
mmioDescend
mmioAscend
mmioSeek
mmioRead
mciSendStringW
mmioCreateChunk
mmioWrite
mmioSetInfo
mmioAdvance
mmioGetInfo

imm32

ImmDisableIME

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

dsound

ord3
ord1
ord6

rpcrt4

UuidToStringW
RpcStringFreeW

bcrypt

BCryptImportKeyPair
BCryptDestroyKey
BCryptCloseAlgorithmProvider
BCryptEncrypt
BCryptOpenAlgorithmProvider

pdh

PdhCloseQuery
PdhGetFormattedCounterValue
PdhCollectQueryData
PdhAddCounterW
PdhOpenQueryW

kernel32

AllocConsole
GetStdHandle
WriteConsoleW
SystemTimeToFileTime
CompareFileTime
GetPrivateProfileStringW
GetFileSize
GetPrivateProfileIntW
DeviceIoControl
ResumeThread
DuplicateHandle
HeapFree
GetProcessHeap
GetSystemDirectoryA
ResetEvent
DeleteFileW
GetTempPathW
GetSystemPowerStatus
HeapAlloc
ReleaseMutex
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateDirectoryW
OpenMutexW
IsBadReadPtr
GetSystemInfo
RaiseException
lstrcmpA
GetVersionExA
lstrcmpW
CompareStringW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
CompareStringA
GetLocaleInfoW
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
SetThreadPriority
GetWindowsDirectoryW
WritePrivateProfileStringW
GetCurrentProcessId
GetThreadLocale
ReadFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetVolumeInformationW
GetFullPathNameW
FileTimeToSystemTime
FileTimeToLocalFileTime
TlsGetValue
TlsAlloc
GlobalHandle
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
SetErrorMode
GetFileTime
GetStartupInfoW
RtlPcToFileHeader
HeapReAlloc
VirtualProtect
VirtualAlloc
VirtualQuery
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
ExitThread
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
HeapSize
SetStdHandle
GetFileType
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
FlsGetValue
FlsSetValue
GetSystemTime
FlsAlloc
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
RtlVirtualUnwind
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetCurrentDirectoryA
GetDriveTypeA
CreateFileA
SetEnvironmentVariableA
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
SetThreadExecutionState
GetFileAttributesW
WaitForMultipleObjects
GetExitCodeThread
GetModuleHandleA
WriteFile
CreateFileW
Sleep
LoadLibraryA
GetSystemDirectoryW
SearchPathW
GetUserDefaultUILanguage
FindResourceExW
FreeLibrary
MulDiv
TerminateThread
CreateThread
CreateEventW
GetCPInfo
FreeResource
lstrlenA
lstrcmpiW
GetVersionExW
GetVersion
GetTickCount
FormatMessageW
SetEvent
GetModuleHandleW
SetLastError
WideCharToMultiByte
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
WaitForSingleObject
CreateProcessW
GetCurrentProcess
IsWow64Process
SetThreadUILanguage
GetCurrentThreadId
GetUserGeoID
MultiByteToWideChar
lstrcpynW
FindClose
FindNextFileW
FindFirstFileW
GetProcAddress
LoadLibraryW
LocalFree
LocalAlloc
CloseHandle
GetLastError
CreateMutexW
lstrlenW
InitializeCriticalSection
OutputDebugStringW
FindResourceW
LeaveCriticalSection
LoadResource
LockResource
GetLocalTime
SizeofResource
GetModuleFileNameW
EnterCriticalSection
DeleteCriticalSection
FlsFree
GetTimeZoneInformation
SuspendThread

user32

GetLastActivePopup
GetWindowTextW
GetWindowTextLengthW
SetFocus
RemovePropW
GetPropW
SetPropW
GetClassLongPtrW
GetCapture
WinHelpW
SendDlgItemMessageW
SendDlgItemMessageA
IsDialogMessageW
MoveWindow
IsWindowEnabled
ClientToScreen
BeginPaint
EndPaint
CheckMenuItem
EnableMenuItem
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
GetActiveWindow
GetMessageW
CharUpperW
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamW
WindowFromPoint
DestroyMenu
UnregisterClassW
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
MapWindowPoints
TrackPopupMenuEx
TrackPopupMenu
GetKeyState
GetScrollRange
GetScrollPos
GetMenu
CreateWindowExW
GetClassInfoExW
UnregisterClassA
AdjustWindowRectEx
SetScrollInfo
DefWindowProcW
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetMenuStringW
FindWindowW
UnregisterDeviceNotification
RegisterDeviceNotificationW
UnhookWindowsHookEx
GetMonitorInfoW
MonitorFromWindow
GetShellWindow
ExitWindowsEx
RegisterWindowMessageW
GetClassInfoW
SetMenuDefaultItem
SetWindowTextW
LoadIconW
IsWindow
TabbedTextOutW
CreateMenu
GetSubMenu
ModifyMenuW
DeleteMenu
GetMenuItemInfoW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetMenuState
DestroyIcon
DrawIconEx
GrayStringW
LoadBitmapW
DrawTextExW
DrawTextW
CreatePopupMenu
DrawEdge
UpdateLayeredWindow
LoadImageW
DestroyCursor
SetClassLongW
GetClassLongW
TranslateAcceleratorW
GetSysColorBrush
GetWindowLongPtrW
SetWindowLongPtrW
GetScrollInfo
CallWindowProcW
GetCursorPos
SetTimer
KillTimer
GetClassNameW
GetDlgCtrlID
SetWindowLongW
ValidateRect
ScreenToClient
FillRect
AppendMenuW
SystemParametersInfoW
EqualRect
GetComboBoxInfo
SetCursor
LoadCursorW
IntersectRect
GetDC
PtInRect
InflateRect
GetMessagePos
SetRect
SetRectEmpty
ReleaseCapture
FrameRect
IsRectEmpty
SetCapture
ReleaseDC
DispatchMessageW
TranslateMessage
PostQuitMessage
PeekMessageW
SetForegroundWindow
SetWindowPos
AttachThreadInput
GetWindowThreadProcessId
ShowWindow
GetWindowLongW
GetWindowRgn
LockWindowUpdate
SetParent
SetWindowRgn
IsWindowVisible
GetDesktopWindow
CallNextHookEx
MessageBoxW
GetForegroundWindow
SetWindowsHookExW
GetAncestor
SetActiveWindow
UnionRect
ChildWindowFromPointEx
WindowFromDC
ShowScrollBar
SetScrollPos
SetScrollRange
CopyRect
OffsetRect
GetSystemMetrics
GetParent
GetWindow
GetWindowRect
RedrawWindow
PostMessageW
FindWindowExW
SetProcessDPIAware
UpdateWindow
SendMessageW
InvalidateRect
SetCaretPos
GetCaretPos
EnableWindow
GetClientRect
GetSysColor
GetFocus
SetClassLongPtrW
RegisterClassW

gdi32

Ellipse
Escape
PatBlt
PtVisible
GetBkMode
RectVisible
TextOutW
GetPixel
CreateFontW
EnumFontFamiliesExW
GetClipBox
SetTextColor
SetBkColor
SaveDC
RestoreDC
SetBkMode
SetWindowExtEx
ScaleWindowExtEx
GetDeviceCaps
CreateBitmap
DPtoLP
SetViewportExtEx
OffsetViewportOrgEx
SetPixel
SetViewportOrgEx
CreatePen
GetCurrentObject
ExtTextOutW
CreateFontIndirectW
SetWindowOrgEx
CreateSolidBrush
GetMapMode
CreateCompatibleBitmap
SetDIBColorTable
CombineRgn
ExtCreateRegion
CreateDIBSection
GetObjectW
DeleteObject
CreateRectRgn
CreateCompatibleDC
SelectObject
SetTextAlign
MoveToEx
LineTo
DeleteDC
BitBlt
GetStockObject
GetTextExtentPoint32W
SetMapMode
ScaleViewportExtEx

msimg32

AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

RegQueryValueW
RegCloseKey
RegQueryValueExW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
RegOpenKeyExW
RegNotifyChangeKeyValue
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW

shell32

Shell_NotifyIconW
ShellExecuteExW
SHGetSpecialFolderPathW
SHGetKnownFolderPath
SHGetFolderPathW

comctl32

_TrackMouseEvent
InitCommonControlsEx
ord380

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
SHStrDupW

ole32

CoCreateInstance
CoUninitialize
CoCreateGuid
CreateStreamOnHGlobal
PropVariantClear
CoInitializeEx
CoTaskMemAlloc
PropVariantCopy
FreePropVariantArray
CoInitializeSecurity
CoFreeUnusedLibrariesEx
CoInitialize
CLSIDFromString
StringFromGUID2
CoTaskMemFree
CLSIDFromProgID

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantInit
SafeArrayCreate
VariantChangeType

gdiplus

GdipGetImageGraphicsContext
GdipDrawImageRectI
GdipDisposeImage
GdipCloneImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipGetImagePalette
GdipCreateBitmapFromHBITMAP
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipDrawImageI
GdipCreateFromHDC
GdipBitmapUnlockBits
GdipSetInterpolationMode
GdipBitmapLockBits
GdipCreateBitmapFromStream
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipImageRotateFlip
GdipDrawImageRectRectI
GdipDrawImageRectRect
GdipCreateBitmapFromHICON
GdipDrawImageRect
GdipSetSmoothingMode
GdipCreatePen1
GdipDeletePen
GdipDrawLineI
GdipGetLogFontW
GdipCreateFontFromDC
GdipCreateFontFromLogfontW
GdipDeleteFont
GdipMeasureString
GdipDeleteFontFamily
GdipGetFamily
GdipCreateFont
GdipGetFontUnit
GdipGetFontStyle
GdipGetFontSize
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipDeleteBrush
GdipSetStringFormatFlags
GdipSetStringFormatLineAlign
GdipCloneBrush
GdipSetTextRenderingHint
GdipDrawString
GdipCreateSolidFill
GdipDrawImage
GdipCreateBitmapFromScan0
GdipGetImageWidth
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdiplusShutdown
GdipGetImageHeight

wininet

InternetConnectW
HttpSendRequestW
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW
InternetQueryDataAvailable
HttpOpenRequestW
InternetCloseHandle

Exports

Exports

?AsSysSvr_RegisterNotify@@3P6AHPEAUHWND__@@PEB_W@ZEA
?AsSysSvr_UnregisterNotify@@3P6AHPEAUHWND__@@PEB_W@ZEA

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 502KB - Virtual size: 501KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 106KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6.5MB - Virtual size: 6.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WIN64/SWC/RealtekAPO/realtekapo.cat
WIN64/SWC/WavesAPO/MaxxAudioAPOShell64.dll
.dll windows x64

e0b3bc2fcc58f00a92103c0e0930438a

Code Sign

1b:d5:92:58:02:b3:41:20:94:7c:87:11:2a:e9:a2:b7
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/01/2015, 00:00

Not After

22/03/2018, 23:59

Subject

CN=Waves Inc,O=Waves Inc,L=Knoxville,ST=Tennessee,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

33:00:00:00:43:9b:d4:99:23:01:cb:6d:34:00:00:00:00:00:43
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/03/2017, 19:05

Not After

01/06/2018, 19:05

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5b:c2:60:23:ce:3f:a2:87:4e:9e:d7:a2:c5:5c:f4:83:27:05:f7:fa:b1:44:e1:43:f6:f0:18:13:3e:df:bb:21
Signer

Actual PE Digest

5b:c2:60:23:ce:3f:a2:87:4e:9e:d7:a2:c5:5c:f4:83:27:05:f7:fa:b1:44:e1:43:f6:f0:18:13:3e:df:bb:21

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

09/09/2022, 12:58
Valid: false

5b:c2:60:23:ce:3f:a2:87:4e:9e:d7:a2:c5:5c:f4:83:27:05:f7:fa:b1:44:e1:43:f6:f0:18:13:3e:df:bb:21
Signer

Actual PE Digest

5b:c2:60:23:ce:3f:a2:87:4e:9e:d7:a2:c5:5c:f4:83:27:05:f7:fa:b1:44:e1:43:f6:f0:18:13:3e:df:bb:21

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Waves Inc,O=Waves Inc,L=Knoxville,ST=Tennessee,C=US

09/05/2017, 13:07
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LockResource
LoadResource
FindResourceW
FindResourceExW
DecodePointer
lstrlenA
InitializeCriticalSection
CreateEventA
LoadLibraryExA
SetEvent
LoadLibraryA
WaitForSingleObject
ResetEvent
LocalFree
FormatMessageA
CreateEventW
RtlPcToFileHeader
EncodePointer
GetModuleFileNameW
GetModuleFileNameA
GetModuleHandleExW
TerminateProcess
ExitProcess
GetCurrentProcess
LoadLibraryExW
GetProcAddress
SizeofResource
GetModuleHandleA
HeapDestroy
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
GetCurrentThread
GetDateFormatW
RaiseException
CreateFileW
WriteConsoleW
CreateThread
WaitForSingleObjectEx
CloseHandle
OutputDebugStringW
OutputDebugStringA
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwindEx
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WriteFile
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetFileType
GetStdHandle
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
LoadLibraryW
UnregisterWaitEx
QueryDepthSList
VirtualProtect
GetVersionExW
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
SwitchToThread
CreateTimerQueue
DuplicateHandle
QueueUserWorkItem
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPopEntrySList
GetTimeZoneInformation
ReadConsoleW
FreeLibraryAndExitThread
ExitThread
FindFirstFileA
GetCommandLineW
SetErrorMode
FindResourceA
GetFileSize
SetFilePointer
GetLongPathNameA
GetFileAttributesA
SetEndOfFile
QueryPerformanceFrequency
SetThreadPriority
SignalObjectAndWait
ReleaseSemaphore
TryEnterCriticalSection
ConnectNamedPipe
CreateIoCompletionPort
GetSystemTime
SleepEx
GetOverlappedResult
QueueUserAPC
GetVersionExA
TerminateThread
CreateFileA
PostQueuedCompletionStatus
PeekNamedPipe
GetQueuedCompletionStatus
CreateNamedPipeA
WaitNamedPipeA
ReadFile
GetThreadPriority
FindFirstFileW
CreateProcessA
GetTickCount
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExA
FindClose
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
CreateWaitableTimerA
SetWaitableTimer
OpenFileMappingA
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
WaitForMultipleObjectsEx
OpenEventA
WaitForMultipleObjects
GetSystemPowerStatus
CreateMutexA
ReleaseMutex
Sleep
GetTickCount64
WTSGetActiveConsoleSessionId
GetDiskFreeSpaceExA

shlwapi

PathFileExistsA
SHDeleteKeyA

gdiplus

GdiplusStartup
GdiplusShutdown

user32

RegisterWindowMessageA
GetDlgItem
GetMonitorInfoA
MonitorFromWindow
GetClientRect
GetWindowRect
SetParent
SetWindowPos
MapVirtualKeyA
ShowWindow
IsWindowVisible
PostMessageA
SetWindowLongA
DestroyWindow
SetWindowLongPtrA
GetWindowLongPtrA
ScreenToClient
ReleaseDC
GetDC
UnregisterClassA
GetFocus
SendMessageA
GetUpdateRect
RedrawWindow
SystemParametersInfoA
GetClassInfoA
SetFocus
CreateWindowExA
DefWindowProcA
RegisterClassA
EndDialog
GetWindow
InvalidateRect
UpdateWindow
KillTimer
SetTimer
RegisterClipboardFormatA
GetParent
GetWindowPlacement
RegisterClassExA
CallWindowProcA
GetClassInfoExA
LoadCursorA
GetKeyState
PostQuitMessage
GetPropA
AdjustWindowRect
MoveWindow
GetTopWindow
IsChild
GetSystemMetrics
RemovePropA
EndPaint
BeginPaint

gdi32

SetPixelFormat
SwapBuffers
ChoosePixelFormat
DescribePixelFormat
GetDeviceCaps
GetTextMetricsA

advapi32

OpenProcessToken
RegEnumValueA
RegDeleteValueA
RegEnumKeyExA
RegOpenKeyA
RegCreateKeyExA
RegDeleteKeyA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
GetTokenInformation
IsValidSid
ImpersonateLoggedOnUser
ConvertSidToStringSidA
RevertToSelf
RegNotifyChangeKeyValue
OpenThreadToken
SetThreadToken
ImpersonateNamedPipeClient
LookupAccountSidA
GetUserNameA

shell32

ShellExecuteExA
ShellExecuteA
SHGetSpecialFolderPathA

ole32

CoFreeUnusedLibrariesEx
CoCreateGuid
StringFromCLSID
CoInitialize
CoUninitialize
PropVariantClear
CoCreateInstance
CoTaskMemFree

oleaut32

VariantClear
SysAllocString
SysFreeString

avrt

AvRevertMmThreadCharacteristics
AvSetMmThreadCharacteristicsA

opengl32

glLoadIdentity
wglGetProcAddress
wglDeleteContext
glFlush
wglMakeCurrent
glGetString
glOrtho
wglCreateContext
glBlendFunc
glViewport
glEnableClientState
wglGetCurrentContext
glEnable
glMatrixMode

ws2_32

WSAStartup
WSACleanup
WSAGetLastError

crypt32

CertFreeCertificateContext

wtsapi32

WTSQueryUserToken

wmvcore

WMCreateSyncReader
WMCreateWriter
WMCreateProfileManager
WMCreateEditor

winmm

PlaySoundA

Exports

Exports

WavesFX_CreatePluginWindow
WavesFX_DetachPluginWindow
WavesFX_GetChunk
WavesFX_GetParameter
WavesFX_GetParametersArray
WavesFX_GetProperty
WavesFX_GetRuntimeData_Text
WavesFX_GetRuntimeData_Value
WavesFX_Initialize
WavesFX_IsConnectionActive
WavesFX_Preset_Add
WavesFX_Preset_Delete
WavesFX_Preset_GetActive
WavesFX_Preset_GetCount
WavesFX_Preset_GetDefaultParameter
WavesFX_Preset_GetDefaultType
WavesFX_Preset_GetName
WavesFX_Preset_GetNameW
WavesFX_Preset_GetOutputName
WavesFX_Preset_GetParameter
WavesFX_Preset_GetParametersArray
WavesFX_Preset_GetSoundMode
WavesFX_Preset_GetType
WavesFX_Preset_RegisterChangeNotification
WavesFX_Preset_RegisterFile
WavesFX_Preset_RegisterMem
WavesFX_Preset_RevertToDefault
WavesFX_Preset_SaveDefault
WavesFX_Preset_SaveDefault2
WavesFX_Preset_SetActive
WavesFX_Preset_SetActive2
WavesFX_Preset_SetNameW
WavesFX_Preset_SetParameter
WavesFX_Preset_SetParametersArray
WavesFX_Preset_SetSoundMode
WavesFX_Preset_SetType
WavesFX_Preset_SetTypeEx
WavesFX_RegisterChangeNotification
WavesFX_SetBypassMode
WavesFX_SetChunk
WavesFX_SetDoubleBufferingMode
WavesFX_SetParameter
WavesFX_SetParametersArray
WavesFX_SetProperty
WavesFX_SetRuntimeData_Text
WavesFX_SetRuntimeData_Value
WavesFX_Uninitialize
WavesFX_VendorSpecific

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 692KB - Virtual size: 691KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 85KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WIN64/SWC/WavesAPO/MaxxAudioCapture64.dll
.dll regsvr32 windows x64

a65b5188c84d796e789c1c37e78571f2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1b:d5:92:58:02:b3:41:20:94:7c:87:11:2a:e9:a2:b7
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/01/2015, 00:00

Not After

22/03/2018, 23:59

Subject

CN=Waves Inc,O=Waves Inc,L=Knoxville,ST=Tennessee,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:43:9b:d4:99:23:01:cb:6d:34:00:00:00:00:00:43
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/03/2017, 19:05

Not After

01/06/2018, 19:05

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e2:66:42:f1:6e:24:52:b1:4a:e6:d8:db:9f:1b:2c:83:9e:9f:b6:f3:e3:84:d4:c0:ae:f1:b0:a1:90:bf:a1:86
Signer

Actual PE Digest

e2:66:42:f1:6e:24:52:b1:4a:e6:d8:db:9f:1b:2c:83:9e:9f:b6:f3:e3:84:d4:c0:ae:f1:b0:a1:90:bf:a1:86

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

09/09/2022, 12:58
Valid: false

b2:4f:37:75:01:59:aa:53:ff:fd:1f:ba:c1:e8:a1:7d:d5:7f:83:00
Signer

Actual PE Digest

b2:4f:37:75:01:59:aa:53:ff:fd:1f:ba:c1:e8:a1:7d:d5:7f:83:00

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Waves Inc,O=Waves Inc,L=Knoxville,ST=Tennessee,C=US

30/04/2017, 13:36
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

avrt

AvSetMmThreadCharacteristicsW
AvRevertMmThreadCharacteristics
AvSetMmThreadPriority

kernel32

LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrcmpiW
DeleteCriticalSection
DecodePointer
Sleep
SetEvent
WaitForSingleObject
SetThreadAffinityMask
GetMaximumProcessorCount
GetCurrentThread
GetThreadPriority
LocalFree
FormatMessageA
CreateEventW
CreateThread
GetCurrentThreadId
GetProcessHeap
OpenEventW
CreateMutexW
CreateFileMappingW
MapViewOfFile
MultiByteToWideChar
ResetEvent
FreeLibrary
OutputDebugStringW
WaitForMultipleObjects
GetSystemPowerStatus
GetTickCount
DuplicateHandle
GetCurrentProcess
WideCharToMultiByte
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
QueryPerformanceFrequency
EncodePointer
SetThreadLocale
GetThreadLocale
WaitForMultipleObjectsEx
GetLastError
FindResourceExW
LoadLibraryA
OpenFileMappingW
InitializeCriticalSection
GetProcessAffinityMask
GetModuleFileNameW
VerSetConditionMask
GetModuleHandleA
GetEnvironmentVariableA
GetStdHandle
TlsAlloc
TlsGetValue
TlsSetValue
QueryPerformanceCounter
HeapCreate
TlsFree
VirtualQuery
TerminateProcess
GetCurrentProcessId
TryEnterCriticalSection
LoadLibraryExA
ReleaseMutex
CreateFileMappingA
CreateMutexA
OpenProcess
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
UnmapViewOfFile
CloseHandle
GetModuleHandleW
GetProcAddress
VerifyVersionInfoA
InitializeCriticalSectionEx
GetTimeZoneInformation
SetEndOfFile
LockResource
GetConsoleCP
WriteFile
FlushFileBuffers
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetStringTypeW
LCMapStringW
CompareStringW
GetACP
GetModuleFileNameA
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetDriveTypeW
CreateFileW
ReadFile
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
IsDebuggerPresent
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
VirtualAlloc
VirtualFree
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetModuleHandleExA
RtlUnwindEx
RtlPcToFileHeader
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
ExitThread

user32

RegisterClassW
GetClassInfoW
DestroyWindow
CharNextW
UnregisterClassW
DispatchMessageW
TranslateMessage
PeekMessageW
SetWindowLongPtrW
DefWindowProcW
EndDialog
UnregisterPowerSettingNotification
RegisterClipboardFormatW
GetMessageW
RegisterPowerSettingNotification
PostMessageW
CreateWindowExW

advapi32

RegDeleteValueW
RegDeleteKeyExW
RegEnumValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegSetKeySecurity
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryValueExW
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyW

ole32

StringFromGUID2
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
PropVariantClear
CoUninitialize
CoInitialize
CoFreeUnusedLibrariesEx
StringFromCLSID
CoCreateGuid
CoTaskMemFree

oleaut32

VariantClear
RegisterTypeLi
SysFreeString
UnRegisterTypeLi
VarUI4FromStr
LoadTypeLi
SysAllocString
SysStringLen

shlwapi

SHDeleteKeyW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

RT_CODE
Size: 924KB - Virtual size: 923KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 19.6MB - Virtual size: 19.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

IPPCODE
Size: 542KB - Virtual size: 542KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 177KB - Virtual size: 444KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 281KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data1
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_DATA
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

IPPDATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 41B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.trace
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug_o
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WIN64/SWC/WavesAPO/MaxxAudioPro.exe
.exe windows x64

Code Sign

1b:d5:92:58:02:b3:41:20:94:7c:87:11:2a:e9:a2:b7
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/01/2015, 00:00

Not After

22/03/2018, 23:59

Subject

CN=Waves Inc,O=Waves Inc,L=Knoxville,ST=Tennessee,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

33:00:00:00:43:9b:d4:99:23:01:cb:6d:34:00:00:00:00:00:43
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/03/2017, 19:05

Not After

01/06/2018, 19:05

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:19:a3:da:94:55:16:b5:d8:1d:69:3b:41:68:9b:2a:51:94:8f:a2:f8:60:a2:5b:6f:d1:d9:29:43:75:ed:27
Signer

Actual PE Digest

1d:19:a3:da:94:55:16:b5:d8:1d:69:3b:41:68:9b:2a:51:94:8f:a2:f8:60:a2:5b:6f:d1:d9:29:43:75:ed:27

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

09/09/2022, 12:58
Valid: false

1d:19:a3:da:94:55:16:b5:d8:1d:69:3b:41:68:9b:2a:51:94:8f:a2:f8:60:a2:5b:6f:d1:d9:29:43:75:ed:27
Signer

Actual PE Digest

1d:19:a3:da:94:55:16:b5:d8:1d:69:3b:41:68:9b:2a:51:94:8f:a2:f8:60:a2:5b:6f:d1:d9:29:43:75:ed:27

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Waves Inc,O=Waves Inc,L=Knoxville,ST=Tennessee,C=US

09/05/2017, 13:07
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 54.3MB - Virtual size: 54.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 363KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WIN64/SWC/WavesAPO/MaxxAudioRender64.dll
.dll regsvr32 windows x64

f54b210aa58cd83dba214c0914ab20aa

Code Sign

1b:d5:92:58:02:b3:41:20:94:7c:87:11:2a:e9:a2:b7
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/01/2015, 00:00

Not After

22/03/2018, 23:59

Subject

CN=Waves Inc,O=Waves Inc,L=Knoxville,ST=Tennessee,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

33:00:00:00:43:9b:d4:99:23:01:cb:6d:34:00:00:00:00:00:43
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/03/2017, 19:05

Not After

01/06/2018, 19:05

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:44:d9:47:9c:79:7f:2e:e0:de:27:7e:2b:70:4a:be:3f:b4:dc:f1:22:3a:1f:c3:03:17:e2:88:5b:b9:cd:c3
Signer

Actual PE Digest

0d:44:d9:47:9c:79:7f:2e:e0:de:27:7e:2b:70:4a:be:3f:b4:dc:f1:22:3a:1f:c3:03:17:e2:88:5b:b9:cd:c3

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

09/09/2022, 12:58
Valid: false

0d:44:d9:47:9c:79:7f:2e:e0:de:27:7e:2b:70:4a:be:3f:b4:dc:f1:22:3a:1f:c3:03:17:e2:88:5b:b9:cd:c3
Signer

Actual PE Digest

0d:44:d9:47:9c:79:7f:2e:e0:de:27:7e:2b:70:4a:be:3f:b4:dc:f1:22:3a:1f:c3:03:17:e2:88:5b:b9:cd:c3

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Waves Inc,O=Waves Inc,L=Knoxville,ST=Tennessee,C=US

09/04/2017, 11:56
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

avrt

AvSetMmThreadCharacteristicsW
AvSetMmThreadPriority
AvRevertMmThreadCharacteristics

kernel32

DeleteCriticalSection
LeaveCriticalSection
RaiseException
EnterCriticalSection
GetProcAddress
GetModuleHandleW
DecodePointer
Sleep
ResetEvent
WaitForMultipleObjects
SetEvent
WaitForSingleObject
GetCurrentThreadId
GetProcessHeap
GetThreadPriority
GetCurrentThread
LocalFree
FormatMessageA
CreateEventW
CreateThread
OpenEventW
MultiByteToWideChar
FreeLibrary
OutputDebugStringW
GetSystemPowerStatus
lstrlenW
GetTickCount64
GetMaximumProcessorCount
CreateMutexW
SignalObjectAndWait
DuplicateHandle
GetCurrentProcess
CancelWaitableTimer
SetWaitableTimer
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcmpiW
CreateWaitableTimerW
QueryPerformanceFrequency
SetThreadLocale
GetThreadLocale
EncodePointer
SetThreadAffinityMask
CloseHandle
WideCharToMultiByte
CreateFileMappingW
MapViewOfFile
LoadLibraryA
LockResource
GetModuleFileNameW
OpenFileMappingW
InitializeCriticalSection
GetProcessAffinityMask
VerifyVersionInfoA
VerSetConditionMask
GetModuleHandleA
GetEnvironmentVariableA
GetStdHandle
TlsAlloc
TlsGetValue
TlsSetValue
HeapCreate
TlsFree
VirtualQuery
TerminateProcess
GetCurrentProcessId
TryEnterCriticalSection
LoadLibraryExA
ReleaseMutex
CreateFileMappingA
CreateMutexA
OpenProcess
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
QueryPerformanceCounter
GetTickCount
InitializeCriticalSectionEx
GetLastError
FindResourceExW
UnmapViewOfFile
GetTimeZoneInformation
SetEndOfFile
WaitForMultipleObjectsEx
FlushFileBuffers
ReadConsoleW
SetFilePointerEx
GetStringTypeW
LCMapStringW
CompareStringW
GetConsoleMode
GetConsoleCP
WriteFile
GetACP
GetModuleFileNameA
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetDriveTypeW
CreateFileW
ReadFile
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
InitializeCriticalSectionAndSpinCount
SetLastError
InterlockedFlushSList
RtlPcToFileHeader
RtlUnwindEx
GetModuleHandleExA
IsDebuggerPresent
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
VirtualAlloc
VirtualFree
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
GetSystemTimeAsFileTime

user32

DefWindowProcW
SetWindowLongPtrW
DestroyWindow
UnregisterClassW
CharNextW
UnregisterPowerSettingNotification
RegisterClipboardFormatW
GetMessageW
CreateWindowExW
RegisterClassW
GetClassInfoW
EndDialog
TranslateMessage
PostMessageW
RegisterPowerSettingNotification
DispatchMessageW

advapi32

RegSetValueExW
RegDeleteKeyExW
RegEnumValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegSetKeySecurity
RegEnumKeyExW
RegDeleteValueW
RegCreateKeyExW
RegQueryValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExW
RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyW

ole32

CoCreateInstance
StringFromGUID2
CoUninitialize
CoInitialize
CoTaskMemFree
CoCreateGuid
PropVariantClear
CoTaskMemRealloc
CoFreeUnusedLibrariesEx
StringFromCLSID
CLSIDFromString
CoTaskMemAlloc

oleaut32

SysStringLen
SysAllocString
LoadTypeLi
SysFreeString
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
VariantClear

tbb_waves

?add_filter@pipeline@tbb@@QEAAXAEAVfilter@2@@Z
?observe@task_scheduler_observer_v3@internal@tbb@@QEAAX_N@Z
??1filter@tbb@@UEAA@XZ
?terminate@task_scheduler_init@tbb@@QEAAXXZ
?default_num_threads@task_scheduler_init@tbb@@SAHXZ
?initialize@task_scheduler_init@tbb@@QEAAXH_K@Z
?run@pipeline@tbb@@QEAAX_K@Z
??0pipeline@tbb@@QEAA@XZ

shlwapi

SHDeleteKeyW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

RT_CODE
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 17.6MB - Virtual size: 17.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

IPPCODE
Size: 526KB - Virtual size: 525KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 184KB - Virtual size: 455KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

RT_CONST
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data1
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_DATA
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

IPPDATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 41B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.trace
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug_o
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WIN64/SWC/WavesAPO/MaxxAudioRenderAVX64.dll
.dll regsvr32 windows x64

f54b210aa58cd83dba214c0914ab20aa

Code Sign

1b:d5:92:58:02:b3:41:20:94:7c:87:11:2a:e9:a2:b7
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/01/2015, 00:00

Not After

22/03/2018, 23:59

Subject

CN=Waves Inc,O=Waves Inc,L=Knoxville,ST=Tennessee,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

33:00:00:00:43:9b:d4:99:23:01:cb:6d:34:00:00:00:00:00:43
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/03/2017, 19:05

Not After

01/06/2018, 19:05

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

31:fc:41:a0:eb:a2:0b:09:8d:a7:67:be:c8:9f:89:ac:f1:1e:f6:ec:7e:2f:0b:cd:61:f9:ce:16:76:f6:0a:bf
Signer

Actual PE Digest

31:fc:41:a0:eb:a2:0b:09:8d:a7:67:be:c8:9f:89:ac:f1:1e:f6:ec:7e:2f:0b:cd:61:f9:ce:16:76:f6:0a:bf

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

09/09/2022, 12:58
Valid: false

31:fc:41:a0:eb:a2:0b:09:8d:a7:67:be:c8:9f:89:ac:f1:1e:f6:ec:7e:2f:0b:cd:61:f9:ce:16:76:f6:0a:bf
Signer

Actual PE Digest

31:fc:41:a0:eb:a2:0b:09:8d:a7:67:be:c8:9f:89:ac:f1:1e:f6:ec:7e:2f:0b:cd:61:f9:ce:16:76:f6:0a:bf

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Waves Inc,O=Waves Inc,L=Knoxville,ST=Tennessee,C=US

09/04/2017, 11:56
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

avrt

AvSetMmThreadCharacteristicsW
AvSetMmThreadPriority
AvRevertMmThreadCharacteristics

kernel32

DeleteCriticalSection
LeaveCriticalSection
RaiseException
EnterCriticalSection
GetProcAddress
GetModuleHandleW
DecodePointer
Sleep
ResetEvent
WaitForMultipleObjects
SetEvent
WaitForSingleObject
GetCurrentThreadId
GetProcessHeap
GetThreadPriority
GetCurrentThread
LocalFree
FormatMessageA
CreateEventW
CreateThread
OpenEventW
MultiByteToWideChar
FreeLibrary
OutputDebugStringW
GetSystemPowerStatus
lstrlenW
GetTickCount64
GetMaximumProcessorCount
CreateMutexW
SignalObjectAndWait
DuplicateHandle
GetCurrentProcess
CancelWaitableTimer
SetWaitableTimer
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcmpiW
CreateWaitableTimerW
QueryPerformanceFrequency
SetThreadLocale
GetThreadLocale
EncodePointer
SetThreadAffinityMask
CloseHandle
WideCharToMultiByte
CreateFileMappingW
MapViewOfFile
LoadLibraryA
LockResource
GetModuleFileNameW
OpenFileMappingW
InitializeCriticalSection
GetProcessAffinityMask
VerifyVersionInfoA
VerSetConditionMask
GetModuleHandleA
GetEnvironmentVariableA
GetStdHandle
TlsAlloc
TlsGetValue
TlsSetValue
HeapCreate
TlsFree
VirtualQuery
TerminateProcess
GetCurrentProcessId
TryEnterCriticalSection
LoadLibraryExA
ReleaseMutex
CreateFileMappingA
CreateMutexA
OpenProcess
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
QueryPerformanceCounter
GetTickCount
InitializeCriticalSectionEx
GetLastError
FindResourceExW
UnmapViewOfFile
GetTimeZoneInformation
SetEndOfFile
WaitForMultipleObjectsEx
FlushFileBuffers
ReadConsoleW
SetFilePointerEx
GetStringTypeW
LCMapStringW
CompareStringW
GetConsoleMode
GetConsoleCP
WriteFile
GetACP
GetModuleFileNameA
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetDriveTypeW
CreateFileW
ReadFile
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
InitializeCriticalSectionAndSpinCount
SetLastError
InterlockedFlushSList
RtlPcToFileHeader
RtlUnwindEx
GetModuleHandleExA
IsDebuggerPresent
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
VirtualAlloc
VirtualFree
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
GetSystemTimeAsFileTime

user32

DefWindowProcW
SetWindowLongPtrW
DestroyWindow
UnregisterClassW
CharNextW
UnregisterPowerSettingNotification
RegisterClipboardFormatW
GetMessageW
CreateWindowExW
RegisterClassW
GetClassInfoW
EndDialog
TranslateMessage
PostMessageW
RegisterPowerSettingNotification
DispatchMessageW

advapi32

RegSetValueExW
RegDeleteKeyExW
RegEnumValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegSetKeySecurity
RegEnumKeyExW
RegDeleteValueW
RegCreateKeyExW
RegQueryValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExW
RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyW

ole32

CoCreateInstance
StringFromGUID2
CoUninitialize
CoInitialize
CoTaskMemFree
CoCreateGuid
PropVariantClear
CoTaskMemRealloc
CoFreeUnusedLibrariesEx
StringFromCLSID
CLSIDFromString
CoTaskMemAlloc

oleaut32

SysStringLen
SysAllocString
LoadTypeLi
SysFreeString
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
VariantClear

tbb_waves

?add_filter@pipeline@tbb@@QEAAXAEAVfilter@2@@Z
?observe@task_scheduler_observer_v3@internal@tbb@@QEAAX_N@Z
??1filter@tbb@@UEAA@XZ
?terminate@task_scheduler_init@tbb@@QEAAXXZ
?default_num_threads@task_scheduler_init@tbb@@SAHXZ
?initialize@task_scheduler_init@tbb@@QEAAXH_K@Z
?run@pipeline@tbb@@QEAAX_K@Z
??0pipeline@tbb@@QEAA@XZ

shlwapi

SHDeleteKeyW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

RT_CODE
Size: 1021KB - Virtual size: 1020KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 17.6MB - Virtual size: 17.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

IPPCODE
Size: 526KB - Virtual size: 525KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 184KB - Virtual size: 455KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

RT_CONST
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data1
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_DATA
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

IPPDATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 41B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.trace
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug_o
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WIN64/SWC/WavesAPO/WavesAPO.inf
WIN64/SWC/WavesAPO/WavesSvc64.exe
.exe windows x64

181f5b3a6b302776cbbfbc6a2369570d

Code Sign

1b:d5:92:58:02:b3:41:20:94:7c:87:11:2a:e9:a2:b7
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/01/2015, 00:00

Not After

22/03/2018, 23:59

Subject

CN=Waves Inc,O=Waves Inc,L=Knoxville,ST=Tennessee,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

33:00:00:00:43:9b:d4:99:23:01:cb:6d:34:00:00:00:00:00:43
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/03/2017, 19:05

Not After

01/06/2018, 19:05

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9d:f0:ad:45:a7:57:fb:0b:a6:d2:db:c3:cd:71:d8:d1:8f:64:08:3d:66:6f:a2:6a:92:f6:b9:5e:1e:a0:39:a8
Signer

Actual PE Digest

9d:f0:ad:45:a7:57:fb:0b:a6:d2:db:c3:cd:71:d8:d1:8f:64:08:3d:66:6f:a2:6a:92:f6:b9:5e:1e:a0:39:a8

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

09/09/2022, 12:58
Valid: false

9d:f0:ad:45:a7:57:fb:0b:a6:d2:db:c3:cd:71:d8:d1:8f:64:08:3d:66:6f:a2:6a:92:f6:b9:5e:1e:a0:39:a8
Signer

Actual PE Digest

9d:f0:ad:45:a7:57:fb:0b:a6:d2:db:c3:cd:71:d8:d1:8f:64:08:3d:66:6f:a2:6a:92:f6:b9:5e:1e:a0:39:a8

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Waves Inc,O=Waves Inc,L=Knoxville,ST=Tennessee,C=US

09/05/2017, 13:07
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

setupapi

SetupDiGetDeviceInstanceIdA
CM_Get_DevNode_Status_Ex
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
CM_Get_Parent
SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
CM_Get_Device_IDA
SetupDiDestroyDeviceInfoList

avrt

AvRevertMmThreadCharacteristics
AvSetMmThreadCharacteristicsA

powrprof

PowerReadDCValue
PowerGetActiveScheme

kernel32

ResetEvent
SizeofResource
LockResource
FindResourceExW
LoadResource
FindResourceW
GetTempPathW
DeleteFileA
GetTempFileNameW
GetModuleHandleA
lstrlenA
QueryPerformanceFrequency
QueryPerformanceCounter
UnmapViewOfFile
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
LocalFree
FormatMessageA
GetModuleFileNameA
SetWaitableTimer
SetLastError
EnterCriticalSection
LeaveCriticalSection
CreateMutexA
GetCurrentThreadId
ReleaseMutex
Sleep
CreateWaitableTimerA
CreateProcessA
GetCurrentProcess
GetProcAddress
DeviceIoControl
CreateFileA
WaitForSingleObjectEx
GetCurrentThread
GetThreadPriority
LoadLibraryA
FreeLibrary
GetSystemPowerStatus
CreateFileW
WriteConsoleW
DeleteCriticalSection
SetFilePointerEx
GetConsoleMode
GetConsoleCP
SetStdHandle
WaitForMultipleObjects
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
OutputDebugStringA
FindNextFileA
FindFirstFileExA
FindClose
LCMapStringW
GetStringTypeW
GetFileType
GetACP
WriteFile
GetStdHandle
GetModuleHandleExW
ExitProcess
GetCommandLineW
GetCommandLineA
RtlUnwindEx
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlPcToFileHeader
GetSystemTimeAsFileTime
GetCurrentProcessId
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
CreateEventW
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
HeapDestroy
OutputDebugStringW
CreateThread
SetEvent
WaitForSingleObject
CreateEventA
CloseHandle
QueryFullProcessImageNameA
K32GetModuleFileNameExA
OpenProcess
FreeEnvironmentStringsW
K32EnumProcessModulesEx
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
MultiByteToWideChar
HeapSize
InitializeCriticalSectionEx
HeapFree
WideCharToMultiByte
IsValidCodePage
GetProcessHeap
IsDebuggerPresent
FlushFileBuffers

user32

KillTimer
GetWindowLongPtrA
DefWindowProcA
CallWindowProcA
SetTimer
CharUpperA
SetWindowLongPtrA
PostMessageA
UnregisterClassA
EndDialog
LoadImageA
SetWindowPos
FillRect
ShowWindow
DrawTextA
SetWindowLongA
SetCursor
InvalidateRect
RegisterWindowMessageA
PeekMessageA
LoadCursorA
GetClassInfoExA
RegisterClassExA
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
GetMessageA
DispatchMessageA
CallNextHookEx
PostThreadMessageA
SetWindowsHookExA
UnhookWindowsHookEx
TranslateMessage
MsgWaitForMultipleObjectsEx
GetWindowTextA
GetWindowLongA
GetClassInfoA
SendMessageA
CreateDialogParamA
GetDlgItem
LoadMenuA
DestroyWindow
TrackPopupMenu
GetSubMenu
RegisterClassA
DestroyMenu
CreateWindowExA
LoadIconA
SetForegroundWindow
GetCursorPos

gdi32

GetDIBColorTable
CreateCompatibleDC
StretchBlt
DeleteDC
SetTextColor
SetBkMode
DeleteObject
CreateSolidBrush
GetObjectA
SelectObject

advapi32

RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegNotifyChangeKeyValue
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

SHGetSpecialFolderPathA
ShellExecuteExA
Shell_NotifyIconA
SHGetFolderPathA

ole32

PropVariantClear
CoCreateInstance
CoTaskMemFree
StringFromCLSID
CoFreeUnusedLibrariesEx
CoInitialize
CoUninitialize

oleaut32

SysFreeString

maxxaudioaposhell64

WavesFX_SetRuntimeData_Value
WavesFX_Preset_RevertToDefault
WavesFX_GetParameter
WavesFX_Preset_SetParameter
WavesFX_GetRuntimeData_Value
WavesFX_Preset_GetType
WavesFX_Preset_GetParameter
WavesFX_Preset_SetActive
WavesFX_SetDoubleBufferingMode
WavesFX_Initialize
WavesFX_Uninitialize
WavesFX_Preset_SetTypeEx
WavesFX_Preset_GetCount
WavesFX_Preset_SetSoundMode
WavesFX_RegisterChangeNotification
WavesFX_Preset_GetActive
WavesFX_GetProperty
WavesFX_Preset_SetType

shlwapi

PathFileExistsA

gdiplus

GdiplusShutdown

msimg32

AlphaBlend
TransparentBlt

Sections

.text
Size: 306KB - Virtual size: 306KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 490KB - Virtual size: 490KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WIN64/SWC/WavesAPO/WavesSysSvc64.exe
.exe windows x64

3379145d0b9dab6b7b235b98caec460a

Code Sign

1b:d5:92:58:02:b3:41:20:94:7c:87:11:2a:e9:a2:b7
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/01/2015, 00:00

Not After

22/03/2018, 23:59

Subject

CN=Waves Inc,O=Waves Inc,L=Knoxville,ST=Tennessee,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

33:00:00:00:43:9b:d4:99:23:01:cb:6d:34:00:00:00:00:00:43
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/03/2017, 19:05

Not After

01/06/2018, 19:05

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:f0:7a:4c:74:12:0e:fb:0e:94:e0:b5:01:95:25:15:10:30:68:8d:59:7a:2d:0f:b7:11:39:53:7d:98:95:65
Signer

Actual PE Digest

48:f0:7a:4c:74:12:0e:fb:0e:94:e0:b5:01:95:25:15:10:30:68:8d:59:7a:2d:0f:b7:11:39:53:7d:98:95:65

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

09/09/2022, 12:58
Valid: false

48:f0:7a:4c:74:12:0e:fb:0e:94:e0:b5:01:95:25:15:10:30:68:8d:59:7a:2d:0f:b7:11:39:53:7d:98:95:65
Signer

Actual PE Digest

48:f0:7a:4c:74:12:0e:fb:0e:94:e0:b5:01:95:25:15:10:30:68:8d:59:7a:2d:0f:b7:11:39:53:7d:98:95:65

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Waves Inc,O=Waves Inc,L=Knoxville,ST=Tennessee,C=US

09/05/2017, 13:07
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

wtsapi32

WTSQueryUserToken

powrprof

PowerGetActiveScheme
PowerSetActiveScheme
PowerWriteACValueIndex
PowerWriteDCValueIndex
PowerReadDCValueIndex
PowerReadFriendlyName
PowerReadACValueIndex

kernel32

LoadLibraryA
FreeLibrary
SetLastError
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetTickCount
GetModuleFileNameW
InitializeCriticalSection
LocalAlloc
GetCurrentProcess
OpenFileMappingW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
Sleep
DeviceIoControl
WaitForSingleObjectEx
TerminateProcess
K32GetModuleFileNameExW
GetSystemPowerStatus
LoadLibraryW
GetThreadId
SetFileAttributesW
CreateTimerQueueTimer
DeleteTimerQueueEx
DeleteTimerQueueTimer
CreateTimerQueue
FreeEnvironmentStringsW
lstrlenW
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetConsoleCP
LCMapStringW
CompareStringW
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetStringTypeW
GetFileType
GetACP
GetStdHandle
GetModuleHandleExW
ExitProcess
GetCommandLineW
GetCommandLineA
ReadFile
RtlUnwindEx
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteFileW
GetTempPathW
CreateFileW
WriteFile
GetExitCodeProcess
GetModuleHandleW
CreateProcessW
GetCurrentProcessId
WTSGetActiveConsoleSessionId
GetProcAddress
ProcessIdToSessionId
MultiByteToWideChar
ResetEvent
WideCharToMultiByte
WaitForMultipleObjects
FindResourceW
LoadResource
FindResourceExW
LockResource
SizeofResource
CreateThread
CloseHandle
VirtualQuery
SetEvent
OutputDebugStringW
CreateEventW
WaitForSingleObject
LocalFree
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
HeapFree
SetEnvironmentVariableW
SetStdHandle
FlushFileBuffers
WriteConsoleW
SetEndOfFile
GetSystemInfo
VirtualProtect
GetEnvironmentStringsW
RtlPcToFileHeader
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
EncodePointer
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

user32

UnregisterClassW
PostThreadMessageW
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
GetMessageW
CallWindowProcW
PostMessageW
SetWindowLongPtrW
GetWindowLongPtrW
RegisterClassExW
DispatchMessageW
CharUpperW
TranslateMessage
LoadCursorW
KillTimer
GetClassInfoExW
DefWindowProcW
DestroyWindow
CreateWindowExW
SetTimer

advapi32

AllocateAndInitializeSid
SetEntriesInAclW
RegisterServiceCtrlHandlerExW
CreateServiceW
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
SetServiceStatus
ChangeServiceConfig2W
DeleteService
ControlService
StartServiceW
StartServiceCtrlDispatcherW
OpenServiceW
RegDeleteKeyW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
CryptDestroyKey
CryptAcquireContextW
CryptDecrypt
CryptCreateHash
CryptDeriveKey
CryptHashData
CryptDestroyHash
CryptReleaseContext
RegCloseKey
RegCreateKeyExW
RegSetKeySecurity
CreateProcessAsUserW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

SHGetSpecialFolderPathW
ShellExecuteExW

ole32

CoUninitialize
CoTaskMemFree
StringFromCLSID
PropVariantClear
CoCreateInstance
CoFreeUnusedLibrariesEx
CoInitializeEx
CoInitialize

maxxaudioaposhell64

WavesFX_SetChunk
WavesFX_SetParameter
WavesFX_VendorSpecific
WavesFX_Preset_GetOutputName
WavesFX_SetRuntimeData_Value
WavesFX_GetRuntimeData_Value
WavesFX_Preset_RegisterChangeNotification
WavesFX_GetChunk
WavesFX_Preset_SetActive2
WavesFX_IsConnectionActive
WavesFX_RegisterChangeNotification
WavesFX_GetParameter
WavesFX_Preset_GetParameter
WavesFX_Preset_SetType
WavesFX_Preset_GetType
WavesFX_Preset_GetCount
WavesFX_Initialize
WavesFX_Uninitialize
WavesFX_Preset_SetActive

shlwapi

PathFileExistsW
PathRemoveFileSpecW

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
CM_Get_Parent
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdW
CM_Get_Device_IDW
CM_Get_DevNode_Status_Ex
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

mfplat

MFGetStrideForBitmapInfoHeader
MFCreateAttributes
MFShutdown
MFStartup

mf

MFCreateDeviceSource
MFEnumDeviceSources

mfreadwrite

MFCreateSourceReaderFromMediaSource

Sections

.text
Size: 286KB - Virtual size: 286KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WIN64/SWC/WavesAPO/tbb_waves.dll
.dll windows x64

a41f34286220e498454e0655bd516ff3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1b:d5:92:58:02:b3:41:20:94:7c:87:11:2a:e9:a2:b7
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/01/2015, 00:00

Not After

22/03/2018, 23:59

Subject

CN=Waves Inc,O=Waves Inc,L=Knoxville,ST=Tennessee,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:43:9b:d4:99:23:01:cb:6d:34:00:00:00:00:00:43
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/03/2017, 19:05

Not After

01/06/2018, 19:05

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b2:fc:72:23:cc:79:0b:77:c2:96:15:81:ff:b1:59:17:e6:b6:88:22:1a:03:ef:81:96:b1:54:00:be:d9:5b:cd
Signer

Actual PE Digest

b2:fc:72:23:cc:79:0b:77:c2:96:15:81:ff:b1:59:17:e6:b6:88:22:1a:03:ef:81:96:b1:54:00:be:d9:5b:cd

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

09/09/2022, 12:58
Valid: false

b7:2d:05:43:5d:ae:2b:d7:35:49:07:25:bd:48:71:96:f1:2a:56:a3
Signer

Actual PE Digest

b7:2d:05:43:5d:ae:2b:d7:35:49:07:25:bd:48:71:96:f1:2a:56:a3

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Waves Inc,O=Waves Inc,L=Knoxville,ST=Tennessee,C=US

27/05/2016, 12:45
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetEvent
CloseHandle
WaitForSingleObjectEx
SwitchToThread
FreeLibrary
GetLastError
GetProcAddress
LoadLibraryA
SetErrorMode
GetModuleHandleExA
GetModuleFileNameA
LeaveCriticalSection
GetCurrentThreadId
EnterCriticalSection
InitializeCriticalSection
lstrcmpA
lstrcpynA
GetEnvironmentVariableA
TlsSetValue
ReleaseSemaphore
TlsAlloc
CreateSemaphoreW
TlsGetValue
TlsFree
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TryEnterCriticalSection
QueryPerformanceFrequency
SetLastError
ResetEvent
CreateEventA
Sleep
QueryPerformanceCounter
ResumeThread
FormatMessageA
GetCurrentThread
GetProcessAffinityMask
GetCurrentProcess
GetNativeSystemInfo
CreateEventW
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
DecodePointer
EncodePointer
HeapAlloc
HeapFree
ExitThread
CreateThread
GetModuleHandleW
ExitProcess
FlsSetValue
GetCommandLineA
FlsGetValue
FlsFree
FlsAlloc
WriteFile
GetStdHandle
GetModuleFileNameW
GetLocaleInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
SetHandleCount
GetFileType
GetStartupInfoW
FatalAppExitA
SetConsoleCtrlHandler
LoadLibraryW
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
CompareStringW
MultiByteToWideChar
SetEnvironmentVariableA
WriteConsoleW
SetFilePointer
SetStdHandle
LCMapStringW
GetStringTypeW
CreateFileW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale

Exports

Exports

??0concurrent_queue_base@internal@tbb@@IEAA@_K@Z
??0concurrent_queue_base_v3@internal@tbb@@IEAA@_K@Z
??0concurrent_queue_iterator_base@internal@tbb@@IEAA@AEBVconcurrent_queue_base@12@@Z
??0concurrent_queue_iterator_base_v3@internal@tbb@@IEAA@AEBVconcurrent_queue_base_v3@12@@Z
??0concurrent_queue_iterator_base_v3@internal@tbb@@IEAA@AEBVconcurrent_queue_base_v3@12@_K@Z
??0pipeline@tbb@@QEAA@XZ
??1captured_exception@tbb@@UEAA@XZ
??1concurrent_queue_base@internal@tbb@@MEAA@XZ
??1concurrent_queue_base_v3@internal@tbb@@MEAA@XZ
??1concurrent_queue_iterator_base@internal@tbb@@IEAA@XZ
??1concurrent_queue_iterator_base_v3@internal@tbb@@IEAA@XZ
??1concurrent_vector_base_v3@internal@tbb@@IEAA@XZ
??1filter@tbb@@UEAA@XZ
??1pipeline@tbb@@UEAA@XZ
??1task_group_context@tbb@@QEAA@XZ
??_7pipeline@tbb@@6B@
?NFS_Allocate@internal@tbb@@YAPEAX_K0PEAX@Z
?NFS_Free@internal@tbb@@YAXPEAX@Z
?NFS_GetLineSize@internal@tbb@@YA_KXZ
?acquire@scoped_lock@queuing_mutex@tbb@@QEAAXAEAV23@@Z
?acquire@scoped_lock@queuing_rw_mutex@tbb@@QEAAXAEAV23@_N@Z
?active_value@global_control@interface9@tbb@@CA_KH@Z
?add_filter@pipeline@tbb@@QEAAXAEAVfilter@2@@Z
?advance@concurrent_queue_iterator_base@internal@tbb@@IEAAXXZ
?advance@concurrent_queue_iterator_base_v3@internal@tbb@@IEAAXXZ
?allocate@allocate_additional_child_of_proxy@internal@tbb@@QEBAAEAVtask@3@_K@Z
?allocate@allocate_child_proxy@internal@tbb@@QEBAAEAVtask@3@_K@Z
?allocate@allocate_continuation_proxy@internal@tbb@@QEBAAEAVtask@3@_K@Z
?allocate@allocate_root_proxy@internal@tbb@@SAAEAVtask@3@_K@Z
?allocate@allocate_root_with_context_proxy@internal@tbb@@QEBAAEAVtask@3@_K@Z
?allocate_closure_v3@internal@tbb@@YAPEAX_K@Z
?allocate_via_handler_v3@internal@tbb@@YAPEAX_K@Z
?assertion_failure@tbb@@YAXPEBDH00@Z
?assign@concurrent_queue_base_v3@internal@tbb@@IEAAXAEBV123@@Z
?assign@concurrent_queue_iterator_base@internal@tbb@@IEAAXAEBV123@@Z
?assign@concurrent_queue_iterator_base_v3@internal@tbb@@IEAAXAEBV123@@Z
?call_itt_notify_v5@internal@tbb@@YAXHPEAX@Z
?cancel_group_execution@task_group_context@tbb@@QEAA_NXZ
?capture_fp_settings@task_group_context@tbb@@QEAAXXZ
?change_group@task@tbb@@QEAAXAEAVtask_group_context@2@@Z
?clear@captured_exception@tbb@@QEAAXXZ
?clear@pipeline@tbb@@QEAAXXZ
?deallocate_via_handler_v3@internal@tbb@@YAXPEAX@Z
?default_num_threads@task_scheduler_init@tbb@@SAHXZ
?destroy@captured_exception@tbb@@UEAAXXZ
?destroy@task@tbb@@QEAAXAEAV12@@Z
?destroy@task_base@internal@interface5@tbb@@SAXAEAVtask@4@@Z
?detach@tbb_thread_v3@internal@tbb@@QEAAXXZ
?downgrade_to_reader@scoped_lock@queuing_rw_mutex@tbb@@QEAA_NXZ
?free@allocate_additional_child_of_proxy@internal@tbb@@QEBAXAEAVtask@3@@Z
?free@allocate_child_proxy@internal@tbb@@QEBAXAEAVtask@3@@Z
?free@allocate_continuation_proxy@internal@tbb@@QEBAXAEAVtask@3@@Z
?free@allocate_root_proxy@internal@tbb@@SAXAEAVtask@3@@Z
?free@allocate_root_with_context_proxy@internal@tbb@@QEBAXAEAVtask@3@@Z
?free_closure_v3@internal@tbb@@YAXPEAX@Z
?get_initial_auto_partitioner_divisor@internal@tbb@@YA_KXZ
?handle_perror@internal@tbb@@YAXHPEBD@Z
?hardware_concurrency@tbb_thread_v3@internal@tbb@@SAIXZ
?init@task_group_context@tbb@@IEAAXXZ
?initialize@task_scheduler_init@tbb@@QEAAXH@Z
?initialize@task_scheduler_init@tbb@@QEAAXH_K@Z
?inject_token@pipeline@tbb@@AEAAXAEAVtask@2@@Z
?internal_abort@concurrent_queue_base_v3@internal@tbb@@IEAAXXZ
?internal_acquire@scoped_lock@mutex@tbb@@AEAAXAEAV23@@Z
?internal_acquire@scoped_lock@recursive_mutex@tbb@@AEAAXAEAV23@@Z
?internal_acquire@scoped_lock@spin_mutex@tbb@@AEAAXAEAV23@@Z
?internal_acquire_reader@spin_rw_mutex@tbb@@CAXPEAV12@@Z
?internal_acquire_reader@spin_rw_mutex_v3@tbb@@AEAAXXZ
?internal_acquire_reader@x86_rtm_rw_mutex@internal@interface8@tbb@@AEAAXAEAVscoped_lock@1234@_N@Z
?internal_acquire_writer@spin_rw_mutex@tbb@@CA_NPEAV12@@Z
?internal_acquire_writer@spin_rw_mutex_v3@tbb@@AEAA_NXZ
?internal_acquire_writer@x86_rtm_rw_mutex@internal@interface8@tbb@@AEAAXAEAVscoped_lock@1234@_N@Z
?internal_assign@concurrent_vector_base@internal@tbb@@IEAAXAEBV123@_KP6AXPEAX1@ZP6AX2PEBX1@Z5@Z
?internal_assign@concurrent_vector_base_v3@internal@tbb@@IEAAXAEBV123@_KP6AXPEAX1@ZP6AX2PEBX1@Z5@Z
?internal_capacity@concurrent_vector_base@internal@tbb@@IEBA_KXZ
?internal_capacity@concurrent_vector_base_v3@internal@tbb@@IEBA_KXZ
?internal_clear@concurrent_vector_base@internal@tbb@@IEAAXP6AXPEAX_K@Z_N@Z
?internal_clear@concurrent_vector_base_v3@internal@tbb@@IEAA_KP6AXPEAX_K@Z@Z
?internal_compact@concurrent_vector_base_v3@internal@tbb@@IEAAPEAX_KPEAXP6AX10@ZP6AX1PEBX0@Z@Z
?internal_condition_variable_notify_all@internal@interface5@tbb@@YAXAEATcondvar_impl_t@123@@Z
?internal_condition_variable_notify_one@internal@interface5@tbb@@YAXAEATcondvar_impl_t@123@@Z
?internal_condition_variable_wait@internal@interface5@tbb@@YA_NAEATcondvar_impl_t@123@PEAVmutex@3@PEBVinterval_t@tick_count@3@@Z
?internal_construct@critical_section_v4@internal@tbb@@QEAAXXZ
?internal_construct@mutex@tbb@@AEAAXXZ
?internal_construct@queuing_mutex@tbb@@QEAAXXZ
?internal_construct@queuing_rw_mutex@tbb@@QEAAXXZ
?internal_construct@reader_writer_lock@interface5@tbb@@AEAAXXZ
?internal_construct@recursive_mutex@tbb@@AEAAXXZ
?internal_construct@scoped_lock@reader_writer_lock@interface5@tbb@@AEAAXAEAV234@@Z
?internal_construct@scoped_lock_read@reader_writer_lock@interface5@tbb@@AEAAXAEAV234@@Z
?internal_construct@spin_mutex@tbb@@QEAAXXZ
?internal_construct@spin_rw_mutex_v3@tbb@@AEAAXXZ
?internal_construct@x86_rtm_rw_mutex@internal@interface8@tbb@@AEAAXXZ
?internal_copy@concurrent_vector_base@internal@tbb@@IEAAXAEBV123@_KP6AXPEAXPEBX1@Z@Z
?internal_copy@concurrent_vector_base_v3@internal@tbb@@IEAAXAEBV123@_KP6AXPEAXPEBX1@Z@Z
?internal_create@global_control@interface9@tbb@@AEAAXXZ
?internal_current_slot@task_arena_base@internal@interface7@tbb@@KAHXZ
?internal_decrement_ref_count@task@tbb@@AEAA_JXZ
?internal_destroy@global_control@interface9@tbb@@AEAAXXZ
?internal_destroy@mutex@tbb@@AEAAXXZ
?internal_destroy@reader_writer_lock@interface5@tbb@@AEAAXXZ
?internal_destroy@recursive_mutex@tbb@@AEAAXXZ
?internal_destroy@scoped_lock@reader_writer_lock@interface5@tbb@@AEAAXXZ
?internal_destroy@scoped_lock_read@reader_writer_lock@interface5@tbb@@AEAAXXZ
?internal_destroy_condition_variable@internal@interface5@tbb@@YAXAEATcondvar_impl_t@123@@Z
?internal_downgrade@spin_rw_mutex@tbb@@CAXPEAV12@@Z
?internal_downgrade@spin_rw_mutex_v3@tbb@@AEAAXXZ
?internal_downgrade@x86_rtm_rw_mutex@internal@interface8@tbb@@AEAA_NAEAVscoped_lock@1234@@Z
?internal_empty@concurrent_queue_base_v3@internal@tbb@@IEBA_NXZ
?internal_enqueue@task_arena_base@internal@interface7@tbb@@IEBAXAEAVtask@4@_J@Z
?internal_execute@task_arena_base@internal@interface7@tbb@@IEBAXAEAVdelegate_base@234@@Z
?internal_finish_clear@concurrent_queue_base_v3@internal@tbb@@IEAAXXZ
?internal_grow_by@concurrent_vector_base@internal@tbb@@IEAA_K_K0P6AXPEAX0@Z@Z
?internal_grow_by@concurrent_vector_base_v3@internal@tbb@@IEAA_K_K0P6AXPEAXPEBX0@Z2@Z
?internal_grow_predicate@hash_map_segment_base@internal@tbb@@QEBA_NXZ
?internal_grow_to_at_least@concurrent_vector_base@internal@tbb@@IEAAX_K0P6AXPEAX0@Z@Z
?internal_grow_to_at_least@concurrent_vector_base_v3@internal@tbb@@IEAAX_K0P6AXPEAXPEBX0@Z2@Z
?internal_grow_to_at_least_with_result@concurrent_vector_base_v3@internal@tbb@@IEAA_K_K0P6AXPEAXPEBX0@Z2@Z
?internal_initialize@task_arena_base@internal@interface7@tbb@@IEAAXXZ
?internal_initialize_condition_variable@internal@interface5@tbb@@YAXAEATcondvar_impl_t@123@@Z
?internal_itt_releasing@spin_rw_mutex@tbb@@CAXPEAV12@@Z
?internal_pop@concurrent_queue_base@internal@tbb@@IEAAXPEAX@Z
?internal_pop@concurrent_queue_base_v3@internal@tbb@@IEAAXPEAX@Z
?internal_pop_if_present@concurrent_queue_base@internal@tbb@@IEAA_NPEAX@Z
?internal_pop_if_present@concurrent_queue_base_v3@internal@tbb@@IEAA_NPEAX@Z
?internal_push@concurrent_queue_base@internal@tbb@@IEAAXPEBX@Z
?internal_push@concurrent_queue_base_v3@internal@tbb@@IEAAXPEBX@Z
?internal_push_back@concurrent_vector_base@internal@tbb@@IEAAPEAX_KAEA_K@Z
?internal_push_back@concurrent_vector_base_v3@internal@tbb@@IEAAPEAX_KAEA_K@Z
?internal_push_if_not_full@concurrent_queue_base@internal@tbb@@IEAA_NPEBX@Z
?internal_push_if_not_full@concurrent_queue_base_v3@internal@tbb@@IEAA_NPEBX@Z
?internal_push_move@concurrent_queue_base_v8@internal@tbb@@IEAAXPEBX@Z
?internal_push_move_if_not_full@concurrent_queue_base_v8@internal@tbb@@IEAA_NPEBX@Z
?internal_release@scoped_lock@mutex@tbb@@AEAAXXZ
?internal_release@scoped_lock@recursive_mutex@tbb@@AEAAXXZ
?internal_release@scoped_lock@spin_mutex@tbb@@AEAAXXZ
?internal_release@x86_rtm_rw_mutex@internal@interface8@tbb@@AEAAXAEAVscoped_lock@1234@@Z
?internal_release_reader@spin_rw_mutex@tbb@@CAXPEAV12@@Z
?internal_release_reader@spin_rw_mutex_v3@tbb@@AEAAXXZ
?internal_release_writer@spin_rw_mutex@tbb@@CAXPEAV12@@Z
?internal_release_writer@spin_rw_mutex_v3@tbb@@AEAAXXZ
?internal_reserve@concurrent_vector_base@internal@tbb@@IEAAX_K00@Z
?internal_reserve@concurrent_vector_base_v3@internal@tbb@@IEAAX_K00@Z
?internal_resize@concurrent_vector_base_v3@internal@tbb@@IEAAX_K00PEBXP6AXPEAX0@ZP6AX210@Z@Z
?internal_set_capacity@concurrent_queue_base@internal@tbb@@IEAAX_J_K@Z
?internal_set_capacity@concurrent_queue_base_v3@internal@tbb@@IEAAX_J_K@Z
?internal_set_ref_count@task@tbb@@AEAAXH@Z
?internal_size@concurrent_queue_base@internal@tbb@@IEBA_JXZ
?internal_size@concurrent_queue_base_v3@internal@tbb@@IEBA_JXZ
?internal_start@tbb_thread_v3@internal@tbb@@AEAAXP6AIPEAX@Z0@Z
?internal_swap@concurrent_vector_base_v3@internal@tbb@@IEAAXAEAV123@@Z
?internal_terminate@task_arena_base@internal@interface7@tbb@@IEAAXXZ
?internal_throw_exception@concurrent_queue_base_v3@internal@tbb@@IEBAXXZ
?internal_throw_exception@concurrent_vector_base_v3@internal@tbb@@IEBAX_K@Z
?internal_try_acquire@scoped_lock@mutex@tbb@@AEAA_NAEAV23@@Z
?internal_try_acquire@scoped_lock@recursive_mutex@tbb@@AEAA_NAEAV23@@Z
?internal_try_acquire@scoped_lock@spin_mutex@tbb@@AEAA_NAEAV23@@Z
?internal_try_acquire_reader@spin_rw_mutex@tbb@@CA_NPEAV12@@Z
?internal_try_acquire_reader@spin_rw_mutex_v3@tbb@@AEAA_NXZ
?internal_try_acquire_writer@spin_rw_mutex@tbb@@CA_NPEAV12@@Z
?internal_try_acquire_writer@spin_rw_mutex_v3@tbb@@AEAA_NXZ
?internal_try_acquire_writer@x86_rtm_rw_mutex@internal@interface8@tbb@@AEAA_NAEAVscoped_lock@1234@@Z
?internal_upgrade@spin_rw_mutex@tbb@@CA_NPEAV12@@Z
?internal_upgrade@spin_rw_mutex_v3@tbb@@AEAA_NXZ
?internal_upgrade@x86_rtm_rw_mutex@internal@interface8@tbb@@AEAA_NAEAVscoped_lock@1234@@Z
?internal_wait@task_arena_base@internal@interface7@tbb@@IEBAXXZ
?is_group_execution_cancelled@task_group_context@tbb@@QEBA_NXZ
?is_malloc_used_v3@internal@tbb@@YA_NXZ
?is_owned_by_current_thread@task@tbb@@QEBA_NXZ
?itt_load_pointer_v3@internal@tbb@@YAPEAXPEBX@Z
?itt_load_pointer_with_acquire_v3@internal@tbb@@YAPEAXPEBX@Z
?itt_set_sync_name_v3@internal@tbb@@YAXPEAXPEB_W@Z
?itt_store_pointer_with_release_v3@internal@tbb@@YAXPEAX0@Z
?join@tbb_thread_v3@internal@tbb@@QEAAXXZ
?lock@reader_writer_lock@interface5@tbb@@QEAAXXZ
?lock_read@reader_writer_lock@interface5@tbb@@QEAAXXZ
?move@captured_exception@tbb@@UEAAPEAV12@XZ
?move_content@concurrent_queue_base_v8@internal@tbb@@IEAAXAEAV123@@Z
?move_v3@internal@tbb@@YAXAEAVtbb_thread_v3@12@0@Z
?name@captured_exception@tbb@@UEBAPEBDXZ
?note_affinity@task@tbb@@UEAAXG@Z
?observe@task_scheduler_observer_v3@internal@tbb@@QEAAX_N@Z
?priority@task_group_context@tbb@@QEBA?AW4priority_t@2@XZ
?process_item@thread_bound_filter@tbb@@QEAA?AW4result_type@12@XZ
?register_pending_exception@task_group_context@tbb@@QEAAXXZ
?release@scoped_lock@queuing_mutex@tbb@@QEAAXXZ
?release@scoped_lock@queuing_rw_mutex@tbb@@QEAAXXZ
?reset@task_group_context@tbb@@QEAAXXZ
?resize@affinity_partitioner_base_v3@internal@tbb@@AEAAXI@Z
?run@pipeline@tbb@@QEAAX_K@Z
?run@pipeline@tbb@@QEAAX_KAEAVtask_group_context@2@@Z
?runtime_warning@internal@tbb@@YAXPEBDZZ
?self@task@tbb@@SAAEAV12@XZ
?set@captured_exception@tbb@@QEAAXPEBD0@Z
?set_assertion_handler@tbb@@YAP6AXPEBDH00@ZP6AX0H00@Z@Z
?set_end_of_input@filter@tbb@@IEAAXXZ
?set_priority@task_group_context@tbb@@QEAAXW4priority_t@2@@Z
?spawn_and_wait_for_all@task@tbb@@QEAAXAEAVtask_list@2@@Z
?terminate@task_scheduler_init@tbb@@QEAAXXZ
?thread_get_id_v3@internal@tbb@@YA?AVid@tbb_thread_v3@12@XZ
?thread_sleep_v3@internal@tbb@@YAXAEBVinterval_t@tick_count@2@@Z
?thread_yield_v3@internal@tbb@@YAXXZ
?throw_bad_last_alloc_exception_v4@internal@tbb@@YAXXZ
?throw_exception_v4@internal@tbb@@YAXW4exception_id@12@@Z
?try_acquire@scoped_lock@queuing_mutex@tbb@@QEAA_NAEAV23@@Z
?try_acquire@scoped_lock@queuing_rw_mutex@tbb@@QEAA_NAEAV23@_N@Z
?try_lock@reader_writer_lock@interface5@tbb@@QEAA_NXZ
?try_lock_read@reader_writer_lock@interface5@tbb@@QEAA_NXZ
?try_process_item@thread_bound_filter@tbb@@QEAA?AW4result_type@12@XZ
?unlock@reader_writer_lock@interface5@tbb@@QEAAXXZ
?upgrade_to_writer@scoped_lock@queuing_rw_mutex@tbb@@QEAA_NXZ
?what@bad_last_alloc@tbb@@UEBAPEBDXZ
?what@captured_exception@tbb@@UEBAPEBDXZ
?what@improper_lock@tbb@@UEBAPEBDXZ
?what@invalid_multiple_scheduling@tbb@@UEBAPEBDXZ
?what@missing_wait@tbb@@UEBAPEBDXZ
?what@user_abort@tbb@@UEBAPEBDXZ
TBB_runtime_interface_version
__TBB_machine_cmpswp1
__TBB_machine_cmpswp2
__TBB_machine_fetchadd1
__TBB_machine_fetchadd2
__TBB_machine_fetchstore1
__TBB_machine_fetchstore2
__TBB_machine_is_in_transaction
__TBB_machine_pause
__TBB_machine_try_lock_elided
__TBB_machine_unlock_elided

Sections

.text
Size: 330KB - Virtual size: 330KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data1
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debug_o
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WIN64/SWC/WavesAPO/wavesapo.cat
WIN64/hdxrt.cat

Sharing

General

Malware Config

Signatures

Files

99b22dce3f38ce03b1c36db4c54ed0a4

Code Sign

61:20:4d:b4:00:00:00:00:00:27Certificate

Key Usages

03:20:be:3e:b8:66:52:69:27:f9:99:b9:7b:04:34:6eCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

33:00:00:00:43:9b:d4:99:23:01:cb:6d:34:00:00:00:00:00:43Certificate

Extended Key Usages

61:0b:aa:c1:00:00:00:00:00:09Certificate

Key Usages

8e:61:72:9f:22:d5:a2:52:04:54:b2:17:40:e6:9c:f8:95:27:6c:3c:0e:46:45:db:30:bc:0a:26:3f:9a:69:a6Signer

Signature Validations

Verification

09/09/2022, 12:58 Valid: false

11:66:19:64:92:9f:d7:cb:d4:6c:11:e9:a0:98:42:77:02:bd:55:42Signer

Signature Validations

Verification

22/05/2017, 10:47 Valid: false

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

ksecdd.sys

portcls.sys

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

TEXT Size: 4KB - Virtual size: 3KB

CODE Size: 67KB - Virtual size: 67KB

.rdata Size: 323KB - Virtual size: 323KB

.data Size: 445KB - Virtual size: 662KB

.pdata Size: 95KB - Virtual size: 94KB

PAGE Size: 3.0MB - Virtual size: 3.0MB

INIT Size: 5KB - Virtual size: 4KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 44KB - Virtual size: 44KB

d4dac7861cfdb552f879070d42a1f98c

Code Sign

61:20:4d:b4:00:00:00:00:00:27Certificate

Key Usages

03:20:be:3e:b8:66:52:69:27:f9:99:b9:7b:04:34:6eCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

33:00:00:00:43:9b:d4:99:23:01:cb:6d:34:00:00:00:00:00:43Certificate

Extended Key Usages

61:0b:aa:c1:00:00:00:00:00:09Certificate

Key Usages

62:02:18:03:dc:55:81:c8:cf:ee:7b:3c:47:69:55:67:5c:0c:26:07:92:4c:54:d0:bd:92:39:45:3f:d2:fa:d5Signer

Signature Validations

Verification

09/09/2022, 12:58 Valid: false

b5:f5:4c:34:90:f1:3f:2d:cc:16:1a:51:72:72:7f:12:17:e3:7b:71Signer

Signature Validations

Verification

25/04/2017, 07:47 Valid: false

Headers

61:20:4d:b4:00:00:00:00:00:27
Certificate

03:20:be:3e:b8:66:52:69:27:f9:99:b9:7b:04:34:6e
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

33:00:00:00:43:9b:d4:99:23:01:cb:6d:34:00:00:00:00:00:43
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

8e:61:72:9f:22:d5:a2:52:04:54:b2:17:40:e6:9c:f8:95:27:6c:3c:0e:46:45:db:30:bc:0a:26:3f:9a:69:a6
Signer

09/09/2022, 12:58
Valid: false

11:66:19:64:92:9f:d7:cb:d4:6c:11:e9:a0:98:42:77:02:bd:55:42
Signer

22/05/2017, 10:47
Valid: false

.text
Size: 1.6MB - Virtual size: 1.6MB

TEXT
Size: 4KB - Virtual size: 3KB

CODE
Size: 67KB - Virtual size: 67KB

.rdata
Size: 323KB - Virtual size: 323KB

.data
Size: 445KB - Virtual size: 662KB

.pdata
Size: 95KB - Virtual size: 94KB

PAGE
Size: 3.0MB - Virtual size: 3.0MB

INIT
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 44KB - Virtual size: 44KB

61:20:4d:b4:00:00:00:00:00:27
Certificate

03:20:be:3e:b8:66:52:69:27:f9:99:b9:7b:04:34:6e
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

33:00:00:00:43:9b:d4:99:23:01:cb:6d:34:00:00:00:00:00:43
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

62:02:18:03:dc:55:81:c8:cf:ee:7b:3c:47:69:55:67:5c:0c:26:07:92:4c:54:d0:bd:92:39:45:3f:d2:fa:d5
Signer

09/09/2022, 12:58
Valid: false

b5:f5:4c:34:90:f1:3f:2d:cc:16:1a:51:72:72:7f:12:17:e3:7b:71
Signer

25/04/2017, 07:47
Valid: false

.text
Size: 724KB - Virtual size: 723KB

.rdata
Size: 228KB - Virtual size: 227KB

.data
Size: 25KB - Virtual size: 54KB

.pdata
Size: 46KB - Virtual size: 46KB

.rsrc
Size: 408KB - Virtual size: 408KB

61:20:4d:b4:00:00:00:00:00:27
Certificate

03:20:be:3e:b8:66:52:69:27:f9:99:b9:7b:04:34:6e
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

33:00:00:00:43:9b:d4:99:23:01:cb:6d:34:00:00:00:00:00:43
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

11:0b:f3:a5:ea:d9:29:dd:39:bb:5a:5f:a8:97:eb:51:94:0f:cf:a4:c4:45:8d:36:06:fa:02:97:7f:82:95:d5
Signer

09/09/2022, 12:58
Valid: false

dd:ba:f5:5c:99:16:b4:87:d4:f9:68:52:57:85:a2:c2:80:02:22:c7
Signer

02/05/2017, 10:36
Valid: false