mal[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

mal.rar
Size

52.1MB
MD5

e0e125959549ba2fb3d4c818cda77dc2
SHA1

15a56d5cad2106955b1f422da4c156fcc61d3ece
SHA256

0be97bec765895d40d74fcd87db7a13b7032c060f8ea2fdaba01a95a64d086e2
SHA512

8453e59153115581280e235fb9487d74d6c234ae5806a1aff4b1abd9b27fc60b9a4acc99afd344a7ab977fa5f42905dd58aff219b0dbdf23b3d32ee4ecb13109
SSDEEP

1572864:BZ9WKM42dMjKEzQHCDGwwv0QWFKoaXRnA7WGH:T9Wg23EsiqwKBWPaqH

Score

N/A

Malware Config

Signatures

Files

mal.rar
.rar

Password: 10101
AppSetup.rar
.rar

Password: 10101
Cursors/SortDefault.nls
Cursors/SortServer2003Compat.nls
Cursors/SortServer2008Compat.nls
Cursors/SortVistaCompat.nls
Cursors/SortWindows61.nls
Drivers Pack/HyphenationDictionaries/MsHy7ca.lex
Drivers Pack/HyphenationDictionaries/MsHy7cs.lex
Drivers Pack/HyphenationDictionaries/MsHy7da.lex
Drivers Pack/HyphenationDictionaries/MsHy7de.lex
Drivers Pack/HyphenationDictionaries/MsHy7en.lex
Drivers Pack/HyphenationDictionaries/MsHy7es.lex
Drivers Pack/HyphenationDictionaries/MsHy7fr.lex
Drivers Pack/HyphenationDictionaries/MsHy7it.lex
Drivers Pack/HyphenationDictionaries/MsHy7nb.lex
Drivers Pack/HyphenationDictionaries/MsHy7nl.lex
Drivers Pack/HyphenationDictionaries/MsHy7nn.lex
Drivers Pack/HyphenationDictionaries/MsHy7pl.lex
Drivers Pack/HyphenationDictionaries/MsHy7pt-BR.lex
Drivers Pack/HyphenationDictionaries/MsHy7pt-PT.lex
Drivers Pack/HyphenationDictionaries/MsHy7ru.lex
Drivers Pack/HyphenationDictionaries/MsHy7sv.lex
Drivers Pack/HyphenationDictionaries/MsHy7tr.lex
Drivers Pack/SpellDictionaries/MsSp7ar.acl
Drivers Pack/SpellDictionaries/MsSp7ar.dub
Drivers Pack/SpellDictionaries/MsSp7ar.lex
.dll windows x64

Password: 10101

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rsrc
Size: 8.7MB - Virtual size: 8.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Drivers Pack/SpellDictionaries/MsSp7bg.acl
Drivers Pack/SpellDictionaries/MsSp7bg.dub
Drivers Pack/SpellDictionaries/MsSp7bg.lex
.dll windows x64

Password: 10101

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rsrc
Size: 549KB - Virtual size: 549KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Drivers Pack/SpellDictionaries/MsSp7ca.acl
Drivers Pack/SpellDictionaries/MsSp7ca.dub
Drivers Pack/SpellDictionaries/MsSp7ca.lex
.dll windows x64

Password: 10101

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Drivers Pack/SpellDictionaries/MsSp7cs.acl
Drivers Pack/SpellDictionaries/MsSp7cs.dub
Drivers Pack/SpellDictionaries/MsSp7cs.lex
.dll windows x64

Password: 10101

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Drivers Pack/SpellDictionaries/MsSp7da.acl
Drivers Pack/SpellDictionaries/MsSp7da.dub
Drivers Pack/SpellDictionaries/MsSp7da.lex
.dll windows x64

Password: 10101

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Drivers Pack/SpellDictionaries/MsSp7de.acl
Drivers Pack/SpellDictionaries/MsSp7de.dub
Drivers Pack/SpellDictionaries/MsSp7de.lex
.dll windows x64

Password: 10101

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rsrc
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Drivers Pack/SpellDictionaries/MsSp7el.acl
Drivers Pack/SpellDictionaries/MsSp7el.dub
Drivers Pack/SpellDictionaries/MsSp7el.lex
.dll windows x64

Password: 10101

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rsrc
Size: 618KB - Virtual size: 618KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Drivers Pack/SpellDictionaries/MsSp7en.acl
Drivers Pack/SpellDictionaries/MsSp7en.dub
Drivers Pack/SpellDictionaries/MsSp7en.lex
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Drivers Pack/SpellDictionaries/MsSp7es.acl
Drivers Pack/SpellDictionaries/MsSp7es.dub
Drivers Pack/SpellDictionaries/MsSp7es.lex
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Drivers Pack/SpellDictionaries/MsSp7et.acl
Drivers Pack/SpellDictionaries/MsSp7et.dub
Drivers Pack/SpellDictionaries/MsSp7et.lex
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rsrc
Size: 641KB - Virtual size: 641KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Drivers Pack/SpellDictionaries/MsSp7eu.acl
Drivers Pack/SpellDictionaries/MsSp7eu.dub
Drivers Pack/SpellDictionaries/MsSp7eu.lex
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rsrc
Size: 705KB - Virtual size: 705KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Drivers Pack/SpellDictionaries/MsSp7fi.acl
Drivers Pack/SpellDictionaries/MsSp7fi.dub
Drivers Pack/SpellDictionaries/MsSp7fi.lex
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Drivers Pack/SpellDictionaries/MsSp7fr.acl
Drivers Pack/SpellDictionaries/MsSp7fr.dub
Drivers Pack/SpellDictionaries/MsSp7fr.lex
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Drivers Pack/SpellDictionaries/MsSp7gl.acl
Drivers Pack/SpellDictionaries/MsSp7gl.dub
Drivers Pack/SpellDictionaries/MsSp7gl.lex
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rsrc
Size: 412KB - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Drivers Pack/SpellDictionaries/MsSp7he.acl
Drivers Pack/SpellDictionaries/MsSp7he.dub
Drivers Pack/SpellDictionaries/MsSp7he.lex
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rsrc
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Drivers Pack/SpellDictionaries/MsSp7hi.acl
Drivers Pack/SpellDictionaries/MsSp7hi.dub
Drivers Pack/SpellDictionaries/MsSp7hi.lex
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rsrc
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Drivers Pack/SpellDictionaries/MsSp7hr.acl
Drivers Pack/SpellDictionaries/MsSp7hr.dub
Drivers Pack/SpellDictionaries/MsSp7hr.lex
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rsrc
Size: 598KB - Virtual size: 597KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Drivers Pack/SpellDictionaries/MsSp7id.acl
Drivers Pack/SpellDictionaries/MsSp7id.dub
Drivers Pack/SpellDictionaries/MsSp7id.lex
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rsrc
Size: 615KB - Virtual size: 615KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Drivers Pack/SpellDictionaries/MsSp7it.acl
Drivers Pack/SpellDictionaries/MsSp7it.dub
Drivers Pack/SpellDictionaries/MsSp7it.lex
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Drivers Pack/SpellDictionaries/MsSp7lt.acl
Drivers Pack/SpellDictionaries/MsSp7lt.dub
Drivers Pack/SpellDictionaries/MsSp7lt.lex
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Drivers Pack/SpellDictionaries/MsSp7lv.acl
Drivers Pack/SpellDictionaries/MsSp7lv.dub
Drivers Pack/SpellDictionaries/MsSp7lv.lex
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rsrc
Size: 997KB - Virtual size: 996KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Drivers Pack/SpellDictionaries/MsSp7nb.acl
Drivers Pack/SpellDictionaries/MsSp7nb.dub
Drivers Pack/SpellDictionaries/MsSp7nb.lex
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Drivers Pack/SpellDictionaries/MsSp7nl.acl
Drivers Pack/SpellDictionaries/MsSp7nl.dub
Drivers Pack/SpellDictionaries/MsSp7nl.lex
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Drivers Pack/SpellDictionaries/MsSp7nn.acl
Drivers Pack/SpellDictionaries/MsSp7nn.dub
Drivers Pack/SpellDictionaries/MsSp7nn.lex
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rsrc
Size: 1020KB - Virtual size: 1020KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Drivers Pack/SpellDictionaries/MsSp7pl.acl
Drivers Pack/SpellDictionaries/MsSp7pl.dub
Drivers Pack/SpellDictionaries/MsSp7pl.lex
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rsrc
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Drivers Pack/SpellDictionaries/MsSp7pt-BR.acl
Drivers Pack/SpellDictionaries/MsSp7pt-BR.dub
Drivers Pack/SpellDictionaries/MsSp7pt-BR.lex
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rsrc
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Drivers Pack/SpellDictionaries/MsSp7pt-PT.acl
Drivers Pack/SpellDictionaries/MsSp7pt-PT.dub
Drivers Pack/SpellDictionaries/MsSp7pt-PT.lex
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Drivers Pack/SpellDictionaries/MsSp7ro.acl
Drivers Pack/SpellDictionaries/MsSp7ro.dub
Drivers Pack/SpellDictionaries/MsSp7ro.lex
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rsrc
Size: 642KB - Virtual size: 642KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Drivers Pack/SpellDictionaries/MsSp7ru.acl
Drivers Pack/SpellDictionaries/MsSp7ru.dub
Drivers Pack/SpellDictionaries/MsSp7ru.lex
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Drivers Pack/SpellDictionaries/MsSp7sk.acl
Drivers Pack/SpellDictionaries/MsSp7sk.dub
Drivers Pack/SpellDictionaries/MsSp7sk.lex
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Drivers Pack/SpellDictionaries/MsSp7sl.acl
Drivers Pack/SpellDictionaries/MsSp7sl.dub
Drivers Pack/SpellDictionaries/MsSp7sl.lex
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rsrc
Size: 651KB - Virtual size: 651KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Drivers Pack/SpellDictionaries/MsSp7sr-Cyrl.acl
Drivers Pack/SpellDictionaries/MsSp7sr-Cyrl.dub
Drivers Pack/SpellDictionaries/MsSp7sr-Cyrl.lex
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rsrc
Size: 894KB - Virtual size: 893KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Drivers Pack/SpellDictionaries/MsSp7sr-Latn.acl
Drivers Pack/SpellDictionaries/MsSp7sr-Latn.dub
Drivers Pack/SpellDictionaries/MsSp7sr-Latn.lex
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rsrc
Size: 902KB - Virtual size: 901KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Drivers Pack/SpellDictionaries/MsSp7sv.acl
Drivers Pack/SpellDictionaries/MsSp7sv.dub
Drivers Pack/SpellDictionaries/MsSp7sv.lex
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Drivers Pack/SpellDictionaries/MsSp7tr.acl
Drivers Pack/SpellDictionaries/MsSp7tr.dub
Drivers Pack/SpellDictionaries/MsSp7tr.lex
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rsrc
Size: 813KB - Virtual size: 813KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Drivers Pack/SpellDictionaries/MsSp7uk.acl
Drivers Pack/SpellDictionaries/MsSp7uk.dub
Drivers Pack/SpellDictionaries/MsSp7uk.lex
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Drivers Pack/Transliteration/Hans-To-Hant.nlt
Drivers Pack/Transliteration/Hant-To-Hans.nlt
Drivers Pack/Transliteration/bengali-to-latin.nlt
Drivers Pack/Transliteration/cyrl-to-latin.nlt
Drivers Pack/Transliteration/decompose-hangul.nlt
Drivers Pack/Transliteration/devanagari-to-latin.nlt
Drivers Pack/Transliteration/malayalam-to-latin.nlt
Globalization/Time Zone/timezoneMapping.xml
Globalization/Time Zone/timezones.xml
InstallerAppSetup.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

09:95:9f:e7:c3:8f:87:51:bc:99:fc:a2:be:9d:fb:e7
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/11/2020, 00:00

Not After

29/11/2023, 23:59

Subject

CN=Bitdefender SRL,OU=DEVSUP CLINSTALLER,O=Bitdefender SRL,L=Bucharest,C=RO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:5d:e2:c7:af:11:69:4f:b9:3e:8f:05:3d:a6:e9:19
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

14/12/2020, 00:00

Not After

29/11/2023, 23:59

Subject

CN=Bitdefender SRL,OU=DEVSUP CLINSTALLER,O=Bitdefender SRL,L=Bucharest,C=RO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

9d:39:97:c9:37:71:52:37:6b:de:90:34:4a:99:41:73:6c:73:10:ea:9a:c4:a2:1a:b9:4f:80:48:03:45:53:b6
Signer

Actual PE Digest

9d:39:97:c9:37:71:52:37:6b:de:90:34:4a:99:41:73:6c:73:10:ea:9a:c4:a2:1a:b9:4f:80:48:03:45:53:b6

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Bitdefender SRL,OU=DEVSUP CLINSTALLER,O=Bitdefender SRL,L=Bucharest,C=RO

24/10/2022, 10:45
Valid: true

Chain 1

CN=Bitdefender SRL,OU=DEVSUP CLINSTALLER,O=Bitdefender SRL,L=Bucharest,C=RO

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

7a:37:e0:15:46:2a:f5:c5:27:99:06:2f:0c:e1:9e:8f:8e:c0:25:a1
Signer

Actual PE Digest

7a:37:e0:15:46:2a:f5:c5:27:99:06:2f:0c:e1:9e:8f:8e:c0:25:a1

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Bitdefender SRL,OU=DEVSUP CLINSTALLER,O=Bitdefender SRL,L=Bucharest,C=RO

24/10/2022, 10:45
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Resource files/ActiveXInstallService.admx
Resource files/AddRemovePrograms.admx
Resource files/AppCompat.admx
Resource files/AppXRuntime.admx
.xml
Resource files/AppxPackageManager.admx
Resource files/AttachmentManager.admx
Resource files/AuditSettings.admx
.xml
Resource files/AutoPlay.admx
Resource files/Biometrics.admx
Resource files/CEIPEnable.admx
Resource files/COM.admx
Resource files/CipherSuiteOrder.admx
Resource files/ControlPanel.admx
Resource files/Cpls.admx
Resource files/CredUI.admx
Resource files/CredentialProviders.admx
Resource files/CtrlAltDel.admx
Resource files/DCOM.admx
Resource files/DFS.admx
Resource files/DWM.admx
Resource files/DeviceCompat.admx
Resource files/DeviceSetup.admx
Resource files/DigitalLocker.admx
Resource files/DiskDiagnostic.admx
Resource files/DiskNVCache.admx
Resource files/DiskQuota.admx
Resource files/DistributedLinkTracking.admx
Resource files/EAIME.admx
Resource files/EarlyLaunchAM.admx
Resource files/EdgeUI.admx
Resource files/EncryptFilesonMove.admx
Resource files/EventForwarding.admx
.xml
Resource files/EventViewer.admx
Resource files/Explorer.admx
Resource files/ExternalBoot.admx
.xml
Resource files/FileHistory.admx
Resource files/FileRecovery.admx
Resource files/FileRevocation.admx
Resource files/FileServerVSSProvider.admx
Resource files/FileSys.admx
.xml
Resource files/FolderRedirection.admx
Resource files/FramePanes.admx
Resource files/GameExplorer.admx
Resource files/GroupPolicy-Server.admx
Resource files/Help.admx
Resource files/HelpAndSupport.admx
Resource files/IIS.admx
Resource files/InkWatson.admx
Resource files/Kerberos.admx
Resource files/LanmanServer.admx
Resource files/LeakDiagnostic.admx
Resource files/LinkLayerTopologyDiscovery.admx
Resource files/LocationProviderAdm.admx
Resource files/MMC.admx
Resource files/MMCSnapIns2.admx
Resource files/MSDT.admx
Resource files/MediaCenter.admx
Resource files/MobilePCMobilityCenter.admx
Resource files/MobilePCPresentationSettings.admx
Resource files/Msi-FileRecovery.admx
Resource files/NAPXPQec.admx
Resource files/NCSI.admx
Resource files/NetworkIsolation.admx
Resource files/NetworkProjection.admx
Resource files/P2P-pnrp.admx
Resource files/ParentalControls.admx
Resource files/PeerToPeerCaching.admx
Resource files/PenTraining.admx
Resource files/PerformanceDiagnostics.admx
Resource files/PerformancePerftrack.admx
Resource files/PowerShellExecutionPolicy.admx
Resource files/PreviousVersions.admx
Resource files/Programs.admx
Resource files/PswdSync.admx
Resource files/RPC.admx
Resource files/RacWmiProv.admx
Resource files/Radar.admx
Resource files/ReAgent.admx
Resource files/Reliability.admx
Resource files/RemoteAssistance.admx
Resource files/Scripts.admx
Resource files/Securitycenter.admx
Resource files/Sensors.admx
Resource files/ServerManager.admx
Resource files/Servicing.admx
Resource files/Setup.admx
Resource files/SharedFolders.admx
Resource files/Sharing.admx
Resource files/Shell-CommandPrompt-RegEditTools.admx
Resource files/ShellWelcomeCenter.admx
Resource files/Sidebar.admx
Resource files/SkyDrive.admx
.xml
Resource files/Snis.admx
Resource files/Snmp.admx
Resource files/SoundRec.admx
Resource files/SystemRestore.admx
Resource files/TPM.admx
Resource files/TaskScheduler.admx
Resource files/Thumbnails.admx
Resource files/TouchInput.admx
Resource files/W32Time.admx
Resource files/WCM.admx
Resource files/WDI.admx
Resource files/WPN.admx
Resource files/WinCal.admx
.xml
Resource files/WinInit.admx
Resource files/WinLogon.admx
Resource files/WindowsAnytimeUpgrade.admx
Resource files/WindowsBackup.admx
Resource files/WindowsColorSystem.admx
Resource files/WindowsConnectNow.admx
Resource files/WindowsFileProtection.admx
Resource files/WindowsMail.admx
Resource files/WindowsMediaDRM.admx
Resource files/WindowsMessenger.admx
Resource files/WindowsProducts.admx
Resource files/WindowsRemoteShell.admx
Resource files/WindowsServer.admx
Resource files/Winsrv.admx
Resource files/WordWheel.admx
Resource files/WorkFolders-Client.admx
Resource files/WorkplaceJoin.admx
.xml
Resource files/fthsvc.admx
Resource files/hotspotauth.admx
Resource files/iSCSI.admx
Resource files/kdc.admx
Resource files/msched.admx
.xml
Resource files/nca.admx
Resource files/pca.admx
Resource files/sdiageng.admx
Resource files/srm-fci.admx
Resource files/wlansvc.admx
.xml
Resource files/wwansvc.admx
.xml
Uses of Additional Files/WinAll/BeholdTV/amd64/bhkspex.x64
.dll regsvr32 windows x64

c2b63eb78a633a8cf029f36d00413c44

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

??3@YAXPEAX@Z
??2@YAPEAX_K@Z
sprintf
_vsnwprintf
memcmp
memcpy
memset
wcsncat

ole32

CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
StringFromGUID2

comctl32

ImageList_Destroy
ImageList_Create

comdlg32

GetSaveFileNameA
GetOpenFileNameA

user32

GetDesktopWindow
GetWindowRect
LoadStringW
DefWindowProcW
GetWindowLongW
SetWindowLongW
DestroyWindow
InvalidateRect
MoveWindow
CreateDialogParamW
GetWindowLongPtrW
GetDlgItemInt
SetTimer
SendDlgItemMessageA
KillTimer
SendMessageA
SetDlgItemInt
GetWindowLongA
GetDlgItem
CheckDlgButton
ShowWindow
IsDlgButtonChecked
EnableWindow
SetDlgItemTextA
SetWindowLongPtrW
MessageBoxA

kernel32

RtlVirtualUnwind
SetUnhandledExceptionFilter
GetCurrentProcessId
QueryPerformanceCounter
RtlCaptureContext
GetSystemTimeAsFileTime
TerminateProcess
RtlLookupFunctionEntry
GetFileSize
GetTickCount
GetCurrentThreadId
GetCurrentProcess
UnhandledExceptionFilter
FreeLibrary
GetModuleFileNameA
GetLastError
lstrlenA
MultiByteToWideChar
lstrlenW
WideCharToMultiByte
CreateFileA
DisableThreadLibraryCalls
WriteFile
GetFileAttributesA
ReadFile
CloseHandle
GetVersionExW

advapi32

RegSetValueExA
RegDeleteKeyA
RegCreateKeyExA
RegCreateKeyW
RegSetValueW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegCloseKey

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Uses of Additional Files/WinAll/BeholdTV/amd64/cx2310x.sys
.exe windows x64

ded2398681571d460a573fbec8267082

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoAllocateErrorLogEntry
KeInitializeTimer
KeSetTimerEx
ZwCreateFile
PsCreateSystemThread
PsTerminateSystemThread
IoGetCurrentProcess
ObReferenceObjectByHandle
KeWaitForSingleObject
ObfDereferenceObject
KeCancelTimer
ZwQueryInformationFile
ZwCreateKey
KeReleaseSpinLock
IoBuildDeviceIoControlRequest
IofCallDriver
KeInitializeMutex
KeReleaseMutex
IoCancelIrp
IoFreeIrp
IoAllocateIrp
KeWaitForMultipleObjects
KeRemoveQueueDpc
KeInsertQueueDpc
KeBugCheckEx
RtlStringFromGUID
KeInitializeDpc
KeInitializeEvent
KeSetEvent
ZwReadFile
strncmp
IoWriteErrorLogEntry
KeClearEvent
_stricmp
IoOpenDeviceRegistryKey
IoGetDeviceInterfaces
ZwClose
ExFreePool
ZwQueryValueKey
wcsstr
RtlFreeUnicodeString
_wcslwr
ZwSetValueKey
RtlInitAnsiString
IoOpenDeviceInterfaceRegistryKey
strchr
RtlInitUnicodeString
KeAcquireSpinLockRaiseToDpc
RtlAnsiStringToUnicodeString
ExFreePoolWithTag
ExAllocatePoolWithTag
IofCompleteRequest
IoGetDeviceProperty
toupper
IoIsWdmVersionAvailable
_vsnprintf
KeDelayExecutionThread
RtlCompareMemory

hal

KeStallExecutionProcessor
KeQueryPerformanceCounter

ks.sys

KsGetDeviceForDeviceObject
KsInitializeDriver
KsAcquireDevice
KsReleaseDevice
KsCreateFilterFactory
KsFilterFactoryUpdateCacheData
KsGetPinFromIrp
KsPinGetAndGate
KsStreamPointerDelete
KsStreamPointerClone
KsPinReleaseProcessingMutex
KsPinAcquireProcessingMutex
KsPinAttemptProcessing
KsGetFilterFromIrp
KsPinGetParentFilter
KsGetDevice
_KsEdit
KsStreamPointerAdvance
KsPinGetLeadingEdgeStreamPointer
KsStreamPointerUnlock
KsPinGetReferenceClockInterface

usbd.sys

USBD_ParseConfigurationDescriptorEx
USBD_CreateConfigurationRequestEx

bdasup.sys

BdaStartChanges
BdaFilterFactoryUpdateCacheData
BdaCreateFilterFactoryEx
BdaValidateNodeProperty
BdaGetChangeState
BdaCheckChanges
BdaInitFilter
BdaCommitChanges

Sections

.text
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Uses of Additional Files/WinAll/BeholdTV/amd64/cxpolir.sys
.exe windows x64

ea7483a8eb714ec3ea508bf58b81a559

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExFreePool
ZwClose
IoGetDeviceInterfaces
KeClearEvent
IoWriteErrorLogEntry
KeSetEvent
KeInitializeEvent
KeInitializeDpc
IoAllocateErrorLogEntry
KeInitializeTimer
KeSetTimerEx
RtlStringFromGUID
wcsstr
KeWaitForSingleObject
KeCancelTimer
ExFreePoolWithTag
ExAllocatePoolWithTag
IoBuildDeviceIoControlRequest
KeDelayExecutionThread
IofCallDriver
IoCancelIrp
IoFreeIrp
IoAllocateIrp
KeInitializeMutex
KeReleaseMutex
KeBugCheckEx
IofCompleteRequest
RtlFreeUnicodeString
_wcslwr
ZwSetValueKey
RtlInitAnsiString
IoOpenDeviceInterfaceRegistryKey
RtlInitUnicodeString
RtlAnsiStringToUnicodeString
IoGetDeviceProperty
_vsnprintf

hal

KeStallExecutionProcessor
KeQueryPerformanceCounter

ks.sys

KsGetDeviceForDeviceObject
KsInitializeDriver
KsAcquireDevice
KsReleaseDevice
KsCreateFilterFactory
_KsEdit
KsFilterFactoryUpdateCacheData
KsGetFilterFromIrp
KsGetDevice

usbd.sys

USBD_ParseConfigurationDescriptorEx
USBD_CreateConfigurationRequestEx

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 384B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 896B - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 174B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Uses of Additional Files/WinAll/BeholdTV/amd64/saa713x.sys
.exe windows x64

e43ebc442a44b98402c01aa44cd9766e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

hal

KeStallExecutionProcessor
KeQueryPerformanceCounter

ntoskrnl.exe

ZwSetValueKey
_wcslwr
RtlFreeUnicodeString
wcsstr
ZwQueryValueKey
ExFreePool
ZwClose
IoGetDeviceInterfaces
IoOpenDeviceRegistryKey
RtlDeleteRegistryValue
KeInitializeTimer
KeInitializeMutex
RtlInitAnsiString
KeCancelTimer
PsCreateSystemThread
PsTerminateSystemThread
ObReferenceObjectByHandle
_stricmp
IoWriteErrorLogEntry
strncmp
ZwReadFile
IoAllocateErrorLogEntry
ZwCreateFile
IoGetCurrentProcess
ZwQueryInformationFile
KeBugCheckEx
_vsnprintf
strchr
IoOpenDeviceInterfaceRegistryKey
RtlInitUnicodeString
RtlAnsiStringToUnicodeString
ZwCreateKey
RtlStringFromGUID
KeReleaseMutex
KeSynchronizeExecution
KeInsertQueueDpc
KeInitializeDpc
KeRemoveQueueDpc
ExFreePoolWithTag
ExAllocatePoolWithTag
IofCallDriver
IoGetDeviceProperty
ObfDereferenceObject
IoIsWdmVersionAvailable
IoGetAttachedDeviceReference
MmMapIoSpace
MmUnmapIoSpace
IoBuildSynchronousFsdRequest
IoGetDmaAdapter
IofCompleteRequest
KeSetTimer
KeWaitForSingleObject
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
KeWaitForMultipleObjects
KeInitializeEvent
KeSetEvent
KeClearEvent
RtlCompareMemory
KeDelayExecutionThread
KeSetTimerEx
MmGetSystemRoutineAddress
IoConnectInterrupt
IoDisconnectInterrupt
KeQueryActiveProcessors
memcmp

ks.sys

KsAcquireDevice
KsReleaseDevice
KsCreateFilterFactory
KsDeviceRegisterAdapterObject
KsGetOuterUnknown
KsFilterFactoryUpdateCacheData
KsGetDeviceForDeviceObject
KsInitializeDriver
KsStreamPointerDelete
KsStreamPointerClone
KsPinReleaseProcessingMutex
KsPinAcquireProcessingMutex
KsGetFilterFromIrp
KsPinGetParentFilter
KsGetDevice
KsPinGetAndGate
KsPinAttemptProcessing
KsGetPinFromIrp
KsStreamPointerAdvance
KsPinGetLeadingEdgeStreamPointer
KsStreamPointerUnlock
_KsEdit
KsPinGetReferenceClockInterface

bdasup.sys

BdaValidateNodeProperty
BdaGetChangeState
BdaCheckChanges
BdaInitFilter
BdaStartChanges
BdaCommitChanges
BdaFilterFactoryUpdateCacheData
BdaCreateFilterFactoryEx

Sections

.text
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Uses of Additional Files/WinAll/BeholdTV/amd64/saa7231.sys
.exe windows x64

2d0e9e8011b8f2a5023ebc8f741f9c49

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

KeInitializeDpc
KeReleaseSpinLock
IoAllocateErrorLogEntry
KeInitializeTimer
KeSetTimerEx
ZwCreateFile
PsCreateSystemThread
PsTerminateSystemThread
ObReferenceObjectByHandle
KeSetTimer
ZwReadFile
ZwQueryInformationFile
IoWriteErrorLogEntry
KeAcquireSpinLockRaiseToDpc
MmMapIoSpace
KeRemoveQueueDpc
KeInsertQueueDpc
MmUnmapIoSpace
KeInitializeMutex
KeReleaseMutex
KeSynchronizeExecution
KeWaitForMultipleObjects
KeBugCheckEx
KeClearEvent
IoOpenDeviceRegistryKey
IoGetDeviceInterfaces
ZwClose
ExFreePool
ZwQueryValueKey
wcsstr
RtlFreeUnicodeString
_wcslwr
ZwSetValueKey
RtlInitAnsiString
strchr
IoOpenDeviceInterfaceRegistryKey
RtlInitUnicodeString
RtlAnsiStringToUnicodeString
ZwCreateKey
RtlStringFromGUID
ExFreePoolWithTag
ExAllocatePoolWithTag
IofCompleteRequest
IoGetDeviceProperty
IoIsWdmVersionAvailable
_vsnprintf
KeSetEvent
KeDelayExecutionThread
IoGetDmaAdapter
IofCallDriver
ObfDereferenceObject
IoGetAttachedDeviceReference
KeWaitForSingleObject
KeInitializeEvent
IoBuildSynchronousFsdRequest
KeCancelTimer
RtlCompareMemory
MmGetSystemRoutineAddress
IoConnectInterrupt
IoDisconnectInterrupt
KeQueryActiveProcessors

hal

KeStallExecutionProcessor
KeQueryPerformanceCounter

ks.sys

KsReleaseDevice
KsCreateFilterFactory
KsDeviceRegisterAdapterObject
KsGetOuterUnknown
KsFilterFactoryUpdateCacheData
KsGetPinFromIrp
KsPinGetAndGate
KsStreamPointerDelete
KsStreamPointerClone
KsPinReleaseProcessingMutex
KsPinAcquireProcessingMutex
KsAcquireDevice
KsPinAttemptProcessing
KsGetFilterFromIrp
KsPinGetParentFilter
KsGetDevice
KsPinGetReferenceClockInterface
_KsEdit
KsAcquireControl
KsReleaseControl
KsStreamPointerAdvance
KsPinGetLeadingEdgeStreamPointer
KsStreamPointerUnlock
KsInitializeDriver
KsGetDeviceForDeviceObject

bdasup.sys

BdaGetChangeState
BdaCheckChanges
BdaInitFilter
BdaStartChanges
BdaCommitChanges
BdaFilterFactoryUpdateCacheData
BdaCreateFilterFactoryEx
BdaValidateNodeProperty

Sections

.text
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Uses of Additional Files/WinAll/BeholdTV/amd64/ttm6010.sys
.exe windows x64

647437779ebf46177e2c6e415361ea9b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

_stricmp
IoWriteErrorLogEntry
strncmp
KeInitializeDpc
KeReleaseSpinLock
IoAllocateErrorLogEntry
KeInitializeTimer
PsCreateSystemThread
PsTerminateSystemThread
IoGetCurrentProcess
ObReferenceObjectByHandle
KeInitializeMutex
IoOpenDeviceRegistryKey
KeCancelTimer
ZwQueryInformationFile
KeSetEvent
KeAcquireSpinLockRaiseToDpc
IoBuildDeviceIoControlRequest
IofCallDriver
IoCancelIrp
IoFreeIrp
IoAllocateIrp
KeRemoveQueueDpc
KeInsertQueueDpc
KeBugCheckEx
RtlInitUnicodeString
IoGetDeviceInterfaces
ExFreePool
ZwQueryValueKey
wcsstr
RtlFreeUnicodeString
_wcslwr
ZwSetValueKey
RtlInitAnsiString
strchr
IoOpenDeviceInterfaceRegistryKey
RtlAnsiStringToUnicodeString
ZwCreateKey
RtlStringFromGUID
ExFreePoolWithTag
ExAllocatePoolWithTag
IofCompleteRequest
ZwWriteFile
KeWaitForMultipleObjects
KeWaitForSingleObject
ZwCreateFile
ZwClose
KeReleaseMutex
ObfDereferenceObject
KeInitializeEvent
KeClearEvent
IoGetDeviceProperty
toupper
IoIsWdmVersionAvailable
_vsnprintf
KeDelayExecutionThread
ZwReadFile
KeSetTimer
RtlCompareMemory

hal

KeStallExecutionProcessor

ks.sys

KsGetDeviceForDeviceObject
KsInitializeDriver
KsAcquireDevice
KsReleaseDevice
KsCreateFilterFactory
KsFilterFactoryUpdateCacheData
KsGetPinFromIrp
KsPinGetAndGate
KsStreamPointerDelete
KsStreamPointerClone
KsPinReleaseProcessingMutex
KsPinAcquireProcessingMutex
KsPinAttemptProcessing
KsGetFilterFromIrp
KsPinGetParentFilter
KsGetDevice
_KsEdit
KsStreamPointerAdvance
KsPinGetLeadingEdgeStreamPointer
KsStreamPointerUnlock
KsPinGetReferenceClockInterface

usbd.sys

USBD_ParseConfigurationDescriptorEx
USBD_CreateConfigurationRequestEx

bdasup.sys

BdaCreateFilterFactoryEx
BdaValidateNodeProperty
BdaGetChangeState
BdaCheckChanges
BdaInitFilter
BdaStartChanges
BdaCommitChanges
BdaFilterFactoryUpdateCacheData

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Uses of Additional Files/WinAll/BeholdTV/beholder.bin
Uses of Additional Files/WinAll/BeholdTV/beholder.cat
Uses of Additional Files/WinAll/BeholdTV/beholder.inf
Uses of Additional Files/WinAll/BeholdTV/bhkspex.dll
.dll regsvr32 windows x86

24ed8993fd619d7b830ee8a6485904da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
??2@YAPAXI@Z
??3@YAXPAX@Z
sprintf
memcpy
_vsnwprintf
wcsncat

ole32

CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
StringFromGUID2

comctl32

ImageList_Destroy
ImageList_Create

comdlg32

GetSaveFileNameA
GetOpenFileNameA

user32

GetDesktopWindow
GetWindowRect
LoadStringW
DefWindowProcW
DestroyWindow
InvalidateRect
MoveWindow
CreateDialogParamW
SetWindowLongW
MessageBoxA
SendMessageA
GetWindowLongA
IsDlgButtonChecked
SetTimer
KillTimer
ShowWindow
SetDlgItemTextA
SendDlgItemMessageA
CheckDlgButton
SetDlgItemInt
EnableWindow
GetDlgItem
GetWindowLongW
GetDlgItemInt

kernel32

QueryPerformanceCounter
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
GetTickCount
GetCurrentThreadId
GetCurrentProcess
FreeLibrary
TerminateProcess
InterlockedIncrement
GetModuleFileNameA
GetLastError
WideCharToMultiByte
CloseHandle
ReadFile
GetFileSize
lstrlenA
CreateFileA
GetFileAttributesA
GetVersionExW
DisableThreadLibraryCalls
InterlockedDecrement
lstrlenW
MultiByteToWideChar

advapi32

RegCreateKeyExA
RegDeleteKeyA
RegCloseKey
RegCreateKeyW
RegSetValueW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegSetValueExA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Uses of Additional Files/WinAll/BeholdTV/bhkspex.x64
.dll regsvr32 windows x64

c2b63eb78a633a8cf029f36d00413c44

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

??3@YAXPEAX@Z
??2@YAPEAX_K@Z
sprintf
_vsnwprintf
memcmp
memcpy
memset
wcsncat

ole32

CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
StringFromGUID2

comctl32

ImageList_Destroy
ImageList_Create

comdlg32

GetSaveFileNameA
GetOpenFileNameA

user32

GetDesktopWindow
GetWindowRect
LoadStringW
DefWindowProcW
GetWindowLongW
SetWindowLongW
DestroyWindow
InvalidateRect
MoveWindow
CreateDialogParamW
GetWindowLongPtrW
GetDlgItemInt
SetTimer
SendDlgItemMessageA
KillTimer
SendMessageA
SetDlgItemInt
GetWindowLongA
GetDlgItem
CheckDlgButton
ShowWindow
IsDlgButtonChecked
EnableWindow
SetDlgItemTextA
SetWindowLongPtrW
MessageBoxA

kernel32

RtlVirtualUnwind
SetUnhandledExceptionFilter
GetCurrentProcessId
QueryPerformanceCounter
RtlCaptureContext
GetSystemTimeAsFileTime
TerminateProcess
RtlLookupFunctionEntry
GetFileSize
GetTickCount
GetCurrentThreadId
GetCurrentProcess
UnhandledExceptionFilter
FreeLibrary
GetModuleFileNameA
GetLastError
lstrlenA
MultiByteToWideChar
lstrlenW
WideCharToMultiByte
CreateFileA
DisableThreadLibraryCalls
WriteFile
GetFileAttributesA
ReadFile
CloseHandle
GetVersionExW

advapi32

RegSetValueExA
RegDeleteKeyA
RegCreateKeyExA
RegCreateKeyW
RegSetValueW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegCloseKey

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Uses of Additional Files/WinAll/BeholdTV/cx2310x.sys
.exe windows x86

72758abb4fd59d040b279c65c0752ea7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeInitializeEvent
ObfDereferenceObject
KeWaitForSingleObject
KeSetEvent
PsTerminateSystemThread
IofCompleteRequest
ZwQueryInformationFile
ZwCreateFile
ZwReadFile
strncmp
IoGetCurrentProcess
KeInitializeTimer
KeInitializeDpc
ObReferenceObjectByHandle
IoIsWdmVersionAvailable
KeClearEvent
_stricmp
KeSetTimerEx
IoAllocateErrorLogEntry
IofCallDriver
IoBuildDeviceIoControlRequest
KeInitializeMutex
KeReleaseMutex
IoCancelIrp
IoFreeIrp
IoAllocateIrp
InterlockedCompareExchange
KeWaitForMultipleObjects
KeInsertQueueDpc
KeRemoveQueueDpc
KeTickCount
KeBugCheckEx
IoGetDeviceProperty
RtlUnwind
KeCancelTimer
ExFreePoolWithTag
ExAllocatePoolWithTag
ZwQueryValueKey
IoGetDeviceInterfaces
ExFreePool
_wcslwr
wcsstr
IoOpenDeviceRegistryKey
strchr
ZwCreateKey
RtlStringFromGUID
RtlFreeUnicodeString
RtlInitUnicodeString
ZwSetValueKey
IoOpenDeviceInterfaceRegistryKey
ZwClose
RtlInitAnsiString
IoWriteErrorLogEntry
KeDelayExecutionThread
RtlAnsiStringToUnicodeString
toupper
_vsnprintf
KeInitializeSpinLock
InterlockedDecrement
InterlockedIncrement
memset
InterlockedExchange
memcpy
PsCreateSystemThread
RtlCompareMemory

hal

KfAcquireSpinLock
KeGetCurrentIrql
KfReleaseSpinLock
KeQueryPerformanceCounter
KeStallExecutionProcessor

ks.sys

KsPinGetReferenceClockInterface
KsInitializeDriver
KsGetDeviceForDeviceObject
KsAcquireDevice
KsCreateFilterFactory
KsReleaseDevice
KsFilterFactoryUpdateCacheData
KsPinGetAndGate
KsPinAttemptProcessing
KsStreamPointerClone
KsStreamPointerDelete
KsPinAcquireProcessingMutex
KsPinReleaseProcessingMutex
KsGetPinFromIrp
KsPinGetParentFilter
KsGetFilterFromIrp
KsGetDevice
_KsEdit
KsPinGetLeadingEdgeStreamPointer
KsStreamPointerAdvance
KsStreamPointerUnlock

usbd.sys

USBD_CreateConfigurationRequestEx
USBD_ParseConfigurationDescriptorEx

bdasup.sys

BdaFilterFactoryUpdateCacheData
BdaValidateNodeProperty
BdaInitFilter
BdaCommitChanges
BdaGetChangeState
BdaCheckChanges
BdaStartChanges
BdaCreateFilterFactoryEx

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Uses of Additional Files/WinAll/BeholdTV/cxpolir.sys
.exe windows x86

42c0ab85aed4e3f6e63353e7577f9e01

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

wcsstr
_wcslwr
ExFreePool
IoGetDeviceInterfaces
ExFreePoolWithTag
ExAllocatePoolWithTag
KeCancelTimer
KeSetTimerEx
KeInitializeEvent
InterlockedExchange
KeWaitForSingleObject
KeSetEvent
InterlockedDecrement
InterlockedIncrement
KeInitializeTimer
KeInitializeDpc
KeClearEvent
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
IofCompleteRequest
IofCallDriver
IoBuildDeviceIoControlRequest
KeDelayExecutionThread
IoFreeIrp
IoCancelIrp
IoAllocateIrp
KeInitializeMutex
KeReleaseMutex
InterlockedCompareExchange
KeTickCount
KeBugCheckEx
IoGetDeviceProperty
RtlUnwind
RtlStringFromGUID
RtlFreeUnicodeString
RtlInitUnicodeString
ZwSetValueKey
IoOpenDeviceInterfaceRegistryKey
ZwClose
RtlInitAnsiString
RtlAnsiStringToUnicodeString
memcpy
memset
_vsnprintf

hal

KeQueryPerformanceCounter
KeGetCurrentIrql
KeStallExecutionProcessor

ks.sys

KsInitializeDriver
KsGetDeviceForDeviceObject
_KsEdit
KsAcquireDevice
KsCreateFilterFactory
KsReleaseDevice
KsFilterFactoryUpdateCacheData
KsGetFilterFromIrp
KsGetDevice

usbd.sys

USBD_CreateConfigurationRequestEx
USBD_ParseConfigurationDescriptorEx

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Uses of Additional Files/WinAll/BeholdTV/i386/bhkspex.dll
.dll regsvr32 windows x86

24ed8993fd619d7b830ee8a6485904da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
??2@YAPAXI@Z
??3@YAXPAX@Z
sprintf
memcpy
_vsnwprintf
wcsncat

ole32

CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
StringFromGUID2

comctl32

ImageList_Destroy
ImageList_Create

comdlg32

GetSaveFileNameA
GetOpenFileNameA

user32

GetDesktopWindow
GetWindowRect
LoadStringW
DefWindowProcW
DestroyWindow
InvalidateRect
MoveWindow
CreateDialogParamW
SetWindowLongW
MessageBoxA
SendMessageA
GetWindowLongA
IsDlgButtonChecked
SetTimer
KillTimer
ShowWindow
SetDlgItemTextA
SendDlgItemMessageA
CheckDlgButton
SetDlgItemInt
EnableWindow
GetDlgItem
GetWindowLongW
GetDlgItemInt

kernel32

QueryPerformanceCounter
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
GetTickCount
GetCurrentThreadId
GetCurrentProcess
FreeLibrary
TerminateProcess
InterlockedIncrement
GetModuleFileNameA
GetLastError
WideCharToMultiByte
CloseHandle
ReadFile
GetFileSize
lstrlenA
CreateFileA
GetFileAttributesA
GetVersionExW
DisableThreadLibraryCalls
InterlockedDecrement
lstrlenW
MultiByteToWideChar

advapi32

RegCreateKeyExA
RegDeleteKeyA
RegCloseKey
RegCreateKeyW
RegSetValueW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegSetValueExA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Uses of Additional Files/WinAll/BeholdTV/i386/cx2310x.sys
.exe windows x86

72758abb4fd59d040b279c65c0752ea7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeInitializeEvent
ObfDereferenceObject
KeWaitForSingleObject
KeSetEvent
PsTerminateSystemThread
IofCompleteRequest
ZwQueryInformationFile
ZwCreateFile
ZwReadFile
strncmp
IoGetCurrentProcess
KeInitializeTimer
KeInitializeDpc
ObReferenceObjectByHandle
IoIsWdmVersionAvailable
KeClearEvent
_stricmp
KeSetTimerEx
IoAllocateErrorLogEntry
IofCallDriver
IoBuildDeviceIoControlRequest
KeInitializeMutex
KeReleaseMutex
IoCancelIrp
IoFreeIrp
IoAllocateIrp
InterlockedCompareExchange
KeWaitForMultipleObjects
KeInsertQueueDpc
KeRemoveQueueDpc
KeTickCount
KeBugCheckEx
IoGetDeviceProperty
RtlUnwind
KeCancelTimer
ExFreePoolWithTag
ExAllocatePoolWithTag
ZwQueryValueKey
IoGetDeviceInterfaces
ExFreePool
_wcslwr
wcsstr
IoOpenDeviceRegistryKey
strchr
ZwCreateKey
RtlStringFromGUID
RtlFreeUnicodeString
RtlInitUnicodeString
ZwSetValueKey
IoOpenDeviceInterfaceRegistryKey
ZwClose
RtlInitAnsiString
IoWriteErrorLogEntry
KeDelayExecutionThread
RtlAnsiStringToUnicodeString
toupper
_vsnprintf
KeInitializeSpinLock
InterlockedDecrement
InterlockedIncrement
memset
InterlockedExchange
memcpy
PsCreateSystemThread
RtlCompareMemory

hal

KfAcquireSpinLock
KeGetCurrentIrql
KfReleaseSpinLock
KeQueryPerformanceCounter
KeStallExecutionProcessor

ks.sys

KsPinGetReferenceClockInterface
KsInitializeDriver
KsGetDeviceForDeviceObject
KsAcquireDevice
KsCreateFilterFactory
KsReleaseDevice
KsFilterFactoryUpdateCacheData
KsPinGetAndGate
KsPinAttemptProcessing
KsStreamPointerClone
KsStreamPointerDelete
KsPinAcquireProcessingMutex
KsPinReleaseProcessingMutex
KsGetPinFromIrp
KsPinGetParentFilter
KsGetFilterFromIrp
KsGetDevice
_KsEdit
KsPinGetLeadingEdgeStreamPointer
KsStreamPointerAdvance
KsStreamPointerUnlock

usbd.sys

USBD_CreateConfigurationRequestEx
USBD_ParseConfigurationDescriptorEx

bdasup.sys

BdaFilterFactoryUpdateCacheData
BdaValidateNodeProperty
BdaInitFilter
BdaCommitChanges
BdaGetChangeState
BdaCheckChanges
BdaStartChanges
BdaCreateFilterFactoryEx

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Uses of Additional Files/WinAll/BeholdTV/i386/cxpolir.sys
.exe windows x86

42c0ab85aed4e3f6e63353e7577f9e01

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

wcsstr
_wcslwr
ExFreePool
IoGetDeviceInterfaces
ExFreePoolWithTag
ExAllocatePoolWithTag
KeCancelTimer
KeSetTimerEx
KeInitializeEvent
InterlockedExchange
KeWaitForSingleObject
KeSetEvent
InterlockedDecrement
InterlockedIncrement
KeInitializeTimer
KeInitializeDpc
KeClearEvent
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
IofCompleteRequest
IofCallDriver
IoBuildDeviceIoControlRequest
KeDelayExecutionThread
IoFreeIrp
IoCancelIrp
IoAllocateIrp
KeInitializeMutex
KeReleaseMutex
InterlockedCompareExchange
KeTickCount
KeBugCheckEx
IoGetDeviceProperty
RtlUnwind
RtlStringFromGUID
RtlFreeUnicodeString
RtlInitUnicodeString
ZwSetValueKey
IoOpenDeviceInterfaceRegistryKey
ZwClose
RtlInitAnsiString
RtlAnsiStringToUnicodeString
memcpy
memset
_vsnprintf

hal

KeQueryPerformanceCounter
KeGetCurrentIrql
KeStallExecutionProcessor

ks.sys

KsInitializeDriver
KsGetDeviceForDeviceObject
_KsEdit
KsAcquireDevice
KsCreateFilterFactory
KsReleaseDevice
KsFilterFactoryUpdateCacheData
KsGetFilterFromIrp
KsGetDevice

usbd.sys

USBD_CreateConfigurationRequestEx
USBD_ParseConfigurationDescriptorEx

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Uses of Additional Files/WinAll/BeholdTV/i386/saa713x.sys
.exe windows x86

dccc7d9930f7acdf7504c66ef621047a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

hal

KeGetCurrentIrql
KeStallExecutionProcessor
KeQueryPerformanceCounter
KfReleaseSpinLock
KfAcquireSpinLock

ntoskrnl.exe

KeRemoveQueueDpc
memmove
KeWaitForMultipleObjects
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwClose
RtlDeleteRegistryValue
IoOpenDeviceInterfaceRegistryKey
ZwSetValueKey
RtlInitUnicodeString
RtlFreeUnicodeString
RtlStringFromGUID
ZwCreateKey
strchr
IoOpenDeviceRegistryKey
wcsstr
KeSetEvent
ExFreePool
IoGetDeviceInterfaces
KeInitializeDpc
ZwQueryValueKey
KeSetTimer
KeCancelTimer
KeSetTimerEx
KeInitializeTimer
PsTerminateSystemThread
ObReferenceObjectByHandle
PsCreateSystemThread
ZwQueryInformationFile
ZwCreateFile
ZwReadFile
strncmp
IoGetCurrentProcess
_stricmp
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
KeTickCount
KeBugCheckEx
KeClearEvent
RtlUnwind
KeInsertQueueDpc
KeSynchronizeExecution
WRITE_REGISTER_UCHAR
WRITE_REGISTER_USHORT
WRITE_REGISTER_ULONG
READ_REGISTER_UCHAR
READ_REGISTER_USHORT
READ_REGISTER_ULONG
ExAllocatePoolWithTag
ExFreePoolWithTag
IoIsWdmVersionAvailable
IoGetDeviceProperty
IoGetDmaAdapter
IoGetAttachedDeviceReference
IoBuildSynchronousFsdRequest
ObfDereferenceObject
IofCallDriver
MmUnmapIoSpace
MmMapIoSpace
IofCompleteRequest
KeReleaseMutex
KeWaitForSingleObject
KeInitializeMutex
_vsnprintf
KeInitializeSpinLock
KeInitializeEvent
memcpy
RtlCompareMemory
memset
InterlockedDecrement
InterlockedIncrement
KeDelayExecutionThread
InterlockedExchange
_wcslwr
MmGetSystemRoutineAddress
IoConnectInterrupt
IoDisconnectInterrupt
KeQueryActiveProcessors

ks.sys

KsAcquireDevice
KsCreateFilterFactory
KsReleaseDevice
KsFilterFactoryUpdateCacheData
KsDeviceRegisterAdapterObject
KsGetOuterUnknown
KsInitializeDriver
KsGetDeviceForDeviceObject
KsStreamPointerClone
KsPinAcquireProcessingMutex
KsPinReleaseProcessingMutex
KsStreamPointerDelete
KsPinGetParentFilter
KsGetFilterFromIrp
KsGetDevice
KsPinGetAndGate
KsPinAttemptProcessing
KsGetPinFromIrp
KsPinGetLeadingEdgeStreamPointer
KsStreamPointerAdvance
KsStreamPointerUnlock
_KsEdit
KsPinGetReferenceClockInterface

bdasup.sys

BdaValidateNodeProperty
BdaInitFilter
BdaCreateFilterFactoryEx
BdaCommitChanges
BdaGetChangeState
BdaCheckChanges
BdaStartChanges
BdaFilterFactoryUpdateCacheData

Sections

.text
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Uses of Additional Files/WinAll/BeholdTV/i386/saa7231.sys
.exe windows x86

4e6dd13ddad7dd7d1927110593fdd162

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwQueryValueKey
KeInitializeSpinLock
IoGetDeviceInterfaces
KeSetTimer
KeCancelTimer
KeSetTimerEx
KeSetEvent
PsTerminateSystemThread
ExFreePool
ZwQueryInformationFile
ZwCreateFile
ZwReadFile
KeInitializeTimer
_wcslwr
ObReferenceObjectByHandle
PsCreateSystemThread
KeClearEvent
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
MmMapIoSpace
KeRemoveQueueDpc
KeInsertQueueDpc
READ_REGISTER_ULONG
WRITE_REGISTER_ULONG
MmUnmapIoSpace
KeInitializeMutex
KeReleaseMutex
KeSynchronizeExecution
KeWaitForMultipleObjects
KeTickCount
KeBugCheckEx
wcsstr
RtlUnwind
IoOpenDeviceRegistryKey
strchr
ZwCreateKey
RtlStringFromGUID
RtlFreeUnicodeString
RtlInitUnicodeString
ZwSetValueKey
IoOpenDeviceInterfaceRegistryKey
ZwClose
RtlInitAnsiString
RtlAnsiStringToUnicodeString
ExAllocatePoolWithTag
ExFreePoolWithTag
IofCompleteRequest
IoIsWdmVersionAvailable
IoGetDmaAdapter
IoGetDeviceProperty
KeDelayExecutionThread
_vsnprintf
InterlockedDecrement
InterlockedIncrement
IoGetAttachedDeviceReference
IoBuildSynchronousFsdRequest
KeInitializeEvent
ObfDereferenceObject
IofCallDriver
KeWaitForSingleObject
InterlockedCompareExchange
memset
InterlockedExchange
memcpy
KeInitializeDpc
RtlCompareMemory
MmGetSystemRoutineAddress
IoConnectInterrupt
IoDisconnectInterrupt
KeQueryActiveProcessors

hal

KfAcquireSpinLock
KeQueryPerformanceCounter
KfReleaseSpinLock
KeGetCurrentIrql
KeStallExecutionProcessor

ks.sys

KsReleaseDevice
KsFilterFactoryUpdateCacheData
KsCreateFilterFactory
KsGetOuterUnknown
KsStreamPointerClone
KsStreamPointerDelete
KsPinAcquireProcessingMutex
KsPinReleaseProcessingMutex
KsAcquireDevice
KsPinAttemptProcessing
KsGetPinFromIrp
KsPinGetParentFilter
KsGetFilterFromIrp
KsGetDevice
KsPinGetReferenceClockInterface
_KsEdit
KsReleaseControl
KsAcquireControl
KsPinGetLeadingEdgeStreamPointer
KsStreamPointerAdvance
KsStreamPointerUnlock
KsDeviceRegisterAdapterObject
KsInitializeDriver
KsGetDeviceForDeviceObject
KsPinGetAndGate

bdasup.sys

BdaInitFilter
BdaCommitChanges
BdaGetChangeState
BdaCheckChanges
BdaStartChanges
BdaCreateFilterFactoryEx
BdaFilterFactoryUpdateCacheData
BdaValidateNodeProperty

Sections

.text
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Uses of Additional Files/WinAll/BeholdTV/i386/ttm6010.sys
.exe windows x86

1e8df125497f0e9c4f965b821e5f1dcb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_wcslwr
ExFreePool
IoGetDeviceInterfaces
ZwQueryValueKey
KeSetEvent
KeReleaseMutex
KeSetTimer
KeCancelTimer
ObfDereferenceObject
PsTerminateSystemThread
KeWaitForSingleObject
ZwQueryInformationFile
strncmp
KeInitializeMutex
KeInitializeTimer
KeInitializeDpc
wcsstr
PsCreateSystemThread
_stricmp
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
IofCallDriver
IoBuildDeviceIoControlRequest
IoCancelIrp
memmove
IoAllocateIrp
IoFreeIrp
KeInsertQueueDpc
KeRemoveQueueDpc
KeTickCount
KeBugCheckEx
IoIsWdmVersionAvailable
RtlUnwind
IoOpenDeviceRegistryKey
strchr
ZwCreateKey
RtlStringFromGUID
RtlFreeUnicodeString
ZwSetValueKey
IoOpenDeviceInterfaceRegistryKey
RtlInitAnsiString
RtlAnsiStringToUnicodeString
ExAllocatePoolWithTag
ExFreePoolWithTag
IofCompleteRequest
KeClearEvent
KeWaitForMultipleObjects
ZwWriteFile
KeInitializeEvent
RtlInitUnicodeString
ZwCreateFile
ZwReadFile
ObReferenceObjectByHandle
ZwClose
IoGetDeviceProperty
KeDelayExecutionThread
toupper
_vsnprintf
KeInitializeSpinLock
InterlockedDecrement
InterlockedIncrement
memset
InterlockedExchange
memcpy
IoGetCurrentProcess
RtlCompareMemory

hal

KeStallExecutionProcessor
KfReleaseSpinLock
KeGetCurrentIrql
KfAcquireSpinLock

ks.sys

KsInitializeDriver
KsGetDeviceForDeviceObject
KsAcquireDevice
KsCreateFilterFactory
KsReleaseDevice
KsFilterFactoryUpdateCacheData
KsPinGetAndGate
KsPinAttemptProcessing
KsStreamPointerClone
KsStreamPointerDelete
KsPinAcquireProcessingMutex
KsPinReleaseProcessingMutex
KsGetPinFromIrp
KsPinGetParentFilter
KsGetFilterFromIrp
KsGetDevice
_KsEdit
KsPinGetLeadingEdgeStreamPointer
KsStreamPointerAdvance
KsStreamPointerUnlock
KsPinGetReferenceClockInterface

usbd.sys

USBD_ParseConfigurationDescriptorEx
USBD_CreateConfigurationRequestEx

bdasup.sys

BdaFilterFactoryUpdateCacheData
BdaValidateNodeProperty
BdaGetChangeState
BdaCommitChanges
BdaCheckChanges
BdaStartChanges
BdaInitFilter
BdaCreateFilterFactoryEx

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Uses of Additional Files/WinAll/BeholdTV/install.x64
.exe windows x64

5292520ce02adff7057028b73fd61d03

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mfc42

ord4087
ord3173
ord4381
ord4992
ord4779
ord3926
ord659
ord1063
ord318
ord5645
ord622
ord834
ord2529
ord2858
ord5639
ord1469
ord2407
ord6448
ord4375
ord1792
ord4761
ord5670
ord2413
ord5595
ord6818
ord4703
ord5719
ord4027
ord5238
ord4798
ord2682
ord2074
ord6820
ord3943
ord5493
ord1749
ord5690
ord2471
ord2154
ord4093
ord3544
ord4997
ord3904
ord665
ord1035
ord2598
ord4750
ord3753
ord822
ord3784
ord867
ord1447
ord3877
ord996
ord5694
ord4730
ord5254
ord5415
ord6445
ord1791
ord5709
ord4780
ord3771
ord852
ord2343
ord4567
ord2673
ord6622
ord2677
ord4558
ord5086
ord984
ord525
ord4434
ord337
ord6620
ord6824
ord1595
ord4092
ord3055
ord3175
ord3061
ord3375
ord3240
ord4824
ord3371
ord3252
ord3058
ord6060
ord5718
ord5737
ord5074
ord4378
ord2764
ord5731
ord5729
ord3477
ord2426
ord5624
ord1392
ord4201
ord6078
ord2527
ord2571
ord4845
ord6819
ord4608
ord5048
ord1265
ord1263
ord1122
ord5611
ord3449
ord5814
ord1991
ord286
ord5912
ord371
ord4008
ord6560
ord877
ord6890
ord4483
ord367
ord626
ord1124
ord1040
ord3790
ord3231
ord5993
ord6891
ord3840
ord5706
ord1585

msvcrt

sprintf
memset
strncpy
strstr
_strupr
_stricmp
_purecall
__C_specific_handler
_XcptFilter
_c_exit
_exit
_cexit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_commode
_fmode
__set_app_type
??1type_info@@UEAA@XZ
__dllonexit
_onexit
?terminate@@YAXXZ
_strnicmp
__CxxFrameHandler
_setmbcp

advapi32

ControlService
LookupPrivilegeValueA
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegCloseKey
RegSetValueExA
RegCreateKeyExA
OpenSCManagerA
OpenServiceA
QueryServiceStatus
AdjustTokenPrivileges
CloseServiceHandle
RegOpenKeyExA
RegDeleteKeyA

kernel32

CloseHandle
GetLastError
GetCurrentProcess
SetLastError
FindClose
FindFirstFileA
GetProcAddress
GetModuleHandleA
lstrlenA
GetModuleFileNameA
GetWindowsDirectoryA
MoveFileExA
GetTempFileNameA
GetTempPathA
Sleep
WaitForSingleObject
CreateProcessA
FindNextFileA
GetSystemDirectoryA
FreeLibrary
LoadLibraryA
GetVersionExA
GetTickCount
GetFullPathNameA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStartupInfoA
CopyFileA

user32

TranslateMessage
DispatchMessageA
PeekMessageA
ExitWindowsEx
GetSystemMetrics
LoadIconA
EnableWindow
SetForegroundWindow
GetClientRect
IsIconic
SendMessageA
DrawIcon
FindWindowA
PostMessageA
MessageBoxA

setupapi

SetupDiGetDeviceInstallParamsA
SetupDiEnumDeviceInfo
SetupDiOpenDevRegKey
SetupDiGetDeviceRegistryPropertyA
SetupDiRemoveDevice
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA

shell32

SHBrowseForFolderA
SHGetMalloc
SHGetPathFromIDListA

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Uses of Additional Files/WinAll/BeholdTV/saa713x.sys
.exe windows x86

dccc7d9930f7acdf7504c66ef621047a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

hal

KeGetCurrentIrql
KeStallExecutionProcessor
KeQueryPerformanceCounter
KfReleaseSpinLock
KfAcquireSpinLock

ntoskrnl.exe

KeRemoveQueueDpc
memmove
KeWaitForMultipleObjects
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwClose
RtlDeleteRegistryValue
IoOpenDeviceInterfaceRegistryKey
ZwSetValueKey
RtlInitUnicodeString
RtlFreeUnicodeString
RtlStringFromGUID
ZwCreateKey
strchr
IoOpenDeviceRegistryKey
wcsstr
KeSetEvent
ExFreePool
IoGetDeviceInterfaces
KeInitializeDpc
ZwQueryValueKey
KeSetTimer
KeCancelTimer
KeSetTimerEx
KeInitializeTimer
PsTerminateSystemThread
ObReferenceObjectByHandle
PsCreateSystemThread
ZwQueryInformationFile
ZwCreateFile
ZwReadFile
strncmp
IoGetCurrentProcess
_stricmp
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
KeTickCount
KeBugCheckEx
KeClearEvent
RtlUnwind
KeInsertQueueDpc
KeSynchronizeExecution
WRITE_REGISTER_UCHAR
WRITE_REGISTER_USHORT
WRITE_REGISTER_ULONG
READ_REGISTER_UCHAR
READ_REGISTER_USHORT
READ_REGISTER_ULONG
ExAllocatePoolWithTag
ExFreePoolWithTag
IoIsWdmVersionAvailable
IoGetDeviceProperty
IoGetDmaAdapter
IoGetAttachedDeviceReference
IoBuildSynchronousFsdRequest
ObfDereferenceObject
IofCallDriver
MmUnmapIoSpace
MmMapIoSpace
IofCompleteRequest
KeReleaseMutex
KeWaitForSingleObject
KeInitializeMutex
_vsnprintf
KeInitializeSpinLock
KeInitializeEvent
memcpy
RtlCompareMemory
memset
InterlockedDecrement
InterlockedIncrement
KeDelayExecutionThread
InterlockedExchange
_wcslwr
MmGetSystemRoutineAddress
IoConnectInterrupt
IoDisconnectInterrupt
KeQueryActiveProcessors

ks.sys

KsAcquireDevice
KsCreateFilterFactory
KsReleaseDevice
KsFilterFactoryUpdateCacheData
KsDeviceRegisterAdapterObject
KsGetOuterUnknown
KsInitializeDriver
KsGetDeviceForDeviceObject
KsStreamPointerClone
KsPinAcquireProcessingMutex
KsPinReleaseProcessingMutex
KsStreamPointerDelete
KsPinGetParentFilter
KsGetFilterFromIrp
KsGetDevice
KsPinGetAndGate
KsPinAttemptProcessing
KsGetPinFromIrp
KsPinGetLeadingEdgeStreamPointer
KsStreamPointerAdvance
KsStreamPointerUnlock
_KsEdit
KsPinGetReferenceClockInterface

bdasup.sys

BdaValidateNodeProperty
BdaInitFilter
BdaCreateFilterFactoryEx
BdaCommitChanges
BdaGetChangeState
BdaCheckChanges
BdaStartChanges
BdaFilterFactoryUpdateCacheData

Sections

.text
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Uses of Additional Files/WinAll/BeholdTV/saa7231.sys
.exe windows x86

4e6dd13ddad7dd7d1927110593fdd162

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwQueryValueKey
KeInitializeSpinLock
IoGetDeviceInterfaces
KeSetTimer
KeCancelTimer
KeSetTimerEx
KeSetEvent
PsTerminateSystemThread
ExFreePool
ZwQueryInformationFile
ZwCreateFile
ZwReadFile
KeInitializeTimer
_wcslwr
ObReferenceObjectByHandle
PsCreateSystemThread
KeClearEvent
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
MmMapIoSpace
KeRemoveQueueDpc
KeInsertQueueDpc
READ_REGISTER_ULONG
WRITE_REGISTER_ULONG
MmUnmapIoSpace
KeInitializeMutex
KeReleaseMutex
KeSynchronizeExecution
KeWaitForMultipleObjects
KeTickCount
KeBugCheckEx
wcsstr
RtlUnwind
IoOpenDeviceRegistryKey
strchr
ZwCreateKey
RtlStringFromGUID
RtlFreeUnicodeString
RtlInitUnicodeString
ZwSetValueKey
IoOpenDeviceInterfaceRegistryKey
ZwClose
RtlInitAnsiString
RtlAnsiStringToUnicodeString
ExAllocatePoolWithTag
ExFreePoolWithTag
IofCompleteRequest
IoIsWdmVersionAvailable
IoGetDmaAdapter
IoGetDeviceProperty
KeDelayExecutionThread
_vsnprintf
InterlockedDecrement
InterlockedIncrement
IoGetAttachedDeviceReference
IoBuildSynchronousFsdRequest
KeInitializeEvent
ObfDereferenceObject
IofCallDriver
KeWaitForSingleObject
InterlockedCompareExchange
memset
InterlockedExchange
memcpy
KeInitializeDpc
RtlCompareMemory
MmGetSystemRoutineAddress
IoConnectInterrupt
IoDisconnectInterrupt
KeQueryActiveProcessors

hal

KfAcquireSpinLock
KeQueryPerformanceCounter
KfReleaseSpinLock
KeGetCurrentIrql
KeStallExecutionProcessor

ks.sys

KsReleaseDevice
KsFilterFactoryUpdateCacheData
KsCreateFilterFactory
KsGetOuterUnknown
KsStreamPointerClone
KsStreamPointerDelete
KsPinAcquireProcessingMutex
KsPinReleaseProcessingMutex
KsAcquireDevice
KsPinAttemptProcessing
KsGetPinFromIrp
KsPinGetParentFilter
KsGetFilterFromIrp
KsGetDevice
KsPinGetReferenceClockInterface
_KsEdit
KsReleaseControl
KsAcquireControl
KsPinGetLeadingEdgeStreamPointer
KsStreamPointerAdvance
KsStreamPointerUnlock
KsDeviceRegisterAdapterObject
KsInitializeDriver
KsGetDeviceForDeviceObject
KsPinGetAndGate

bdasup.sys

BdaInitFilter
BdaCommitChanges
BdaGetChangeState
BdaCheckChanges
BdaStartChanges
BdaCreateFilterFactoryEx
BdaFilterFactoryUpdateCacheData
BdaValidateNodeProperty

Sections

.text
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Uses of Additional Files/WinAll/BeholdTV/ttm6010.sys
.exe windows x86

1e8df125497f0e9c4f965b821e5f1dcb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_wcslwr
ExFreePool
IoGetDeviceInterfaces
ZwQueryValueKey
KeSetEvent
KeReleaseMutex
KeSetTimer
KeCancelTimer
ObfDereferenceObject
PsTerminateSystemThread
KeWaitForSingleObject
ZwQueryInformationFile
strncmp
KeInitializeMutex
KeInitializeTimer
KeInitializeDpc
wcsstr
PsCreateSystemThread
_stricmp
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
IofCallDriver
IoBuildDeviceIoControlRequest
IoCancelIrp
memmove
IoAllocateIrp
IoFreeIrp
KeInsertQueueDpc
KeRemoveQueueDpc
KeTickCount
KeBugCheckEx
IoIsWdmVersionAvailable
RtlUnwind
IoOpenDeviceRegistryKey
strchr
ZwCreateKey
RtlStringFromGUID
RtlFreeUnicodeString
ZwSetValueKey
IoOpenDeviceInterfaceRegistryKey
RtlInitAnsiString
RtlAnsiStringToUnicodeString
ExAllocatePoolWithTag
ExFreePoolWithTag
IofCompleteRequest
KeClearEvent
KeWaitForMultipleObjects
ZwWriteFile
KeInitializeEvent
RtlInitUnicodeString
ZwCreateFile
ZwReadFile
ObReferenceObjectByHandle
ZwClose
IoGetDeviceProperty
KeDelayExecutionThread
toupper
_vsnprintf
KeInitializeSpinLock
InterlockedDecrement
InterlockedIncrement
memset
InterlockedExchange
memcpy
IoGetCurrentProcess
RtlCompareMemory

hal

KeStallExecutionProcessor
KfReleaseSpinLock
KeGetCurrentIrql
KfAcquireSpinLock

ks.sys

KsInitializeDriver
KsGetDeviceForDeviceObject
KsAcquireDevice
KsCreateFilterFactory
KsReleaseDevice
KsFilterFactoryUpdateCacheData
KsPinGetAndGate
KsPinAttemptProcessing
KsStreamPointerClone
KsStreamPointerDelete
KsPinAcquireProcessingMutex
KsPinReleaseProcessingMutex
KsGetPinFromIrp
KsPinGetParentFilter
KsGetFilterFromIrp
KsGetDevice
_KsEdit
KsPinGetLeadingEdgeStreamPointer
KsStreamPointerAdvance
KsStreamPointerUnlock
KsPinGetReferenceClockInterface

usbd.sys

USBD_ParseConfigurationDescriptorEx
USBD_CreateConfigurationRequestEx

bdasup.sys

BdaFilterFactoryUpdateCacheData
BdaValidateNodeProperty
BdaGetChangeState
BdaCommitChanges
BdaCheckChanges
BdaStartChanges
BdaInitFilter
BdaCreateFilterFactoryEx

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
config.txt
Readme.txt

Sharing

General

Malware Config

Signatures

Files

Password: 10101

Password: 10101

Password: 10101

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 8.7MB - Virtual size: 8.7MB

Password: 10101

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 549KB - Virtual size: 549KB

Password: 10101

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 1.3MB - Virtual size: 1.3MB

Password: 10101

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 2.5MB - Virtual size: 2.5MB

Password: 10101

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 1.2MB - Virtual size: 1.2MB

Password: 10101

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 4.2MB - Virtual size: 4.2MB

Password: 10101

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 618KB - Virtual size: 618KB

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 1.3MB - Virtual size: 1.3MB

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 1.9MB - Virtual size: 1.9MB

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 641KB - Virtual size: 641KB

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 705KB - Virtual size: 705KB

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 2.2MB - Virtual size: 2.2MB

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 1.7MB - Virtual size: 1.7MB

Headers

.rsrc
Size: 8.7MB - Virtual size: 8.7MB

.rsrc
Size: 549KB - Virtual size: 549KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.rsrc
Size: 4.2MB - Virtual size: 4.2MB

.rsrc
Size: 618KB - Virtual size: 618KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

.rsrc
Size: 641KB - Virtual size: 641KB

.rsrc
Size: 705KB - Virtual size: 705KB

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

.rsrc
Size: 412KB - Virtual size: 412KB

.rsrc
Size: 4.4MB - Virtual size: 4.4MB

.rsrc
Size: 159KB - Virtual size: 158KB

.rsrc
Size: 598KB - Virtual size: 597KB

.rsrc
Size: 615KB - Virtual size: 615KB

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

.rsrc
Size: 997KB - Virtual size: 996KB

.rsrc
Size: 1.7MB - Virtual size: 1.7MB