SoftwareFile[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

SoftwareFile.zip
Size

5.4MB
MD5

9caf39328d91f103cab27c5e02c3a108
SHA1

a0dc41f1a2f3c2f0e2853fd1326e160e786182f3
SHA256

d4277f4461f442b563293743ed7c75e285791ec3a4428a84d09d8b28c132380a
SHA512

47eac79fa713f8a61980abad9307694957603b5e8368b783da80567f24128aac0ff59d396516b5563ba0c367ea576205a0a7d4b8e57e7a446c326fc5aee89740
SSDEEP

98304:9faK5u2j1ygsvLOIuyP/xq9Ov95zG0zPJZTst2oM3S37y42TvQBsxT2PsT60/r:drY2j14/Hp95yMJZL3geLoYTRx/r

Score

1^/10

Malware Config

Signatures

Files

SoftwareFile.zip
.zip
SoftwareFile/Globalization/Time Zone/timezoneMapping.xml
SoftwareFile/Globalization/Time Zone/timezones.xml
SoftwareFile/SoftwareFile.exe
.exe windows x86

1ecd5f4e27cc9ffeeb4576a9a2581e0a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
CloseHandle
SetInformationJobObject
CreateTapePartition
GetFileBandwidthReservation
WakeConditionVariable
InitializeProcThreadAttributeList
SetSystemTime
GetLongPathNameTransactedA
GetPrivateProfileSectionNamesW
GetSystemWindowsDirectoryA
CreateSymbolicLinkTransactedA
DeleteFileW
UpdateResourceW
MoveFileExW
ReplaceFileW
FindAtomW
InterlockedPushEntrySList
GetCurrencyFormatA
AddIntegrityLabelToBoundaryDescriptor
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
SetStdHandle
GetFileType
GetStringTypeW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
DecodePointer
CreateFileW
RaiseException

Sections

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rtolz
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.jwjly
Size: 876KB - Virtual size: 876KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.[0]
Size: 390.0MB - Virtual size: 390.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SoftwareFile/Uses of AdditionalFiles/WinAll/BeholdTV/amd64/bhkspex.x64
.dll regsvr32 windows x64

c2b63eb78a633a8cf029f36d00413c44

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

??3@YAXPEAX@Z
??2@YAPEAX_K@Z
sprintf
_vsnwprintf
memcmp
memcpy
memset
wcsncat

ole32

CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
StringFromGUID2

comctl32

ImageList_Destroy
ImageList_Create

comdlg32

GetSaveFileNameA
GetOpenFileNameA

user32

GetDesktopWindow
GetWindowRect
LoadStringW
DefWindowProcW
GetWindowLongW
SetWindowLongW
DestroyWindow
InvalidateRect
MoveWindow
CreateDialogParamW
GetWindowLongPtrW
GetDlgItemInt
SetTimer
SendDlgItemMessageA
KillTimer
SendMessageA
SetDlgItemInt
GetWindowLongA
GetDlgItem
CheckDlgButton
ShowWindow
IsDlgButtonChecked
EnableWindow
SetDlgItemTextA
SetWindowLongPtrW
MessageBoxA

kernel32

RtlVirtualUnwind
SetUnhandledExceptionFilter
GetCurrentProcessId
QueryPerformanceCounter
RtlCaptureContext
GetSystemTimeAsFileTime
TerminateProcess
RtlLookupFunctionEntry
GetFileSize
GetTickCount
GetCurrentThreadId
GetCurrentProcess
UnhandledExceptionFilter
FreeLibrary
GetModuleFileNameA
GetLastError
lstrlenA
MultiByteToWideChar
lstrlenW
WideCharToMultiByte
CreateFileA
DisableThreadLibraryCalls
WriteFile
GetFileAttributesA
ReadFile
CloseHandle
GetVersionExW

advapi32

RegSetValueExA
RegDeleteKeyA
RegCreateKeyExA
RegCreateKeyW
RegSetValueW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegCloseKey

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SoftwareFile/Uses of AdditionalFiles/WinAll/BeholdTV/amd64/cx2310x.sys
.exe windows x64

ded2398681571d460a573fbec8267082

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoAllocateErrorLogEntry
KeInitializeTimer
KeSetTimerEx
ZwCreateFile
PsCreateSystemThread
PsTerminateSystemThread
IoGetCurrentProcess
ObReferenceObjectByHandle
KeWaitForSingleObject
ObfDereferenceObject
KeCancelTimer
ZwQueryInformationFile
ZwCreateKey
KeReleaseSpinLock
IoBuildDeviceIoControlRequest
IofCallDriver
KeInitializeMutex
KeReleaseMutex
IoCancelIrp
IoFreeIrp
IoAllocateIrp
KeWaitForMultipleObjects
KeRemoveQueueDpc
KeInsertQueueDpc
KeBugCheckEx
RtlStringFromGUID
KeInitializeDpc
KeInitializeEvent
KeSetEvent
ZwReadFile
strncmp
IoWriteErrorLogEntry
KeClearEvent
_stricmp
IoOpenDeviceRegistryKey
IoGetDeviceInterfaces
ZwClose
ExFreePool
ZwQueryValueKey
wcsstr
RtlFreeUnicodeString
_wcslwr
ZwSetValueKey
RtlInitAnsiString
IoOpenDeviceInterfaceRegistryKey
strchr
RtlInitUnicodeString
KeAcquireSpinLockRaiseToDpc
RtlAnsiStringToUnicodeString
ExFreePoolWithTag
ExAllocatePoolWithTag
IofCompleteRequest
IoGetDeviceProperty
toupper
IoIsWdmVersionAvailable
_vsnprintf
KeDelayExecutionThread
RtlCompareMemory

hal

KeStallExecutionProcessor
KeQueryPerformanceCounter

ks.sys

KsGetDeviceForDeviceObject
KsInitializeDriver
KsAcquireDevice
KsReleaseDevice
KsCreateFilterFactory
KsFilterFactoryUpdateCacheData
KsGetPinFromIrp
KsPinGetAndGate
KsStreamPointerDelete
KsStreamPointerClone
KsPinReleaseProcessingMutex
KsPinAcquireProcessingMutex
KsPinAttemptProcessing
KsGetFilterFromIrp
KsPinGetParentFilter
KsGetDevice
_KsEdit
KsStreamPointerAdvance
KsPinGetLeadingEdgeStreamPointer
KsStreamPointerUnlock
KsPinGetReferenceClockInterface

usbd.sys

USBD_ParseConfigurationDescriptorEx
USBD_CreateConfigurationRequestEx

bdasup.sys

BdaStartChanges
BdaFilterFactoryUpdateCacheData
BdaCreateFilterFactoryEx
BdaValidateNodeProperty
BdaGetChangeState
BdaCheckChanges
BdaInitFilter
BdaCommitChanges

Sections

.text
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SoftwareFile/Uses of AdditionalFiles/WinAll/BeholdTV/amd64/cxpolir.sys
.exe windows x64

ea7483a8eb714ec3ea508bf58b81a559

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExFreePool
ZwClose
IoGetDeviceInterfaces
KeClearEvent
IoWriteErrorLogEntry
KeSetEvent
KeInitializeEvent
KeInitializeDpc
IoAllocateErrorLogEntry
KeInitializeTimer
KeSetTimerEx
RtlStringFromGUID
wcsstr
KeWaitForSingleObject
KeCancelTimer
ExFreePoolWithTag
ExAllocatePoolWithTag
IoBuildDeviceIoControlRequest
KeDelayExecutionThread
IofCallDriver
IoCancelIrp
IoFreeIrp
IoAllocateIrp
KeInitializeMutex
KeReleaseMutex
KeBugCheckEx
IofCompleteRequest
RtlFreeUnicodeString
_wcslwr
ZwSetValueKey
RtlInitAnsiString
IoOpenDeviceInterfaceRegistryKey
RtlInitUnicodeString
RtlAnsiStringToUnicodeString
IoGetDeviceProperty
_vsnprintf

hal

KeStallExecutionProcessor
KeQueryPerformanceCounter

ks.sys

KsGetDeviceForDeviceObject
KsInitializeDriver
KsAcquireDevice
KsReleaseDevice
KsCreateFilterFactory
_KsEdit
KsFilterFactoryUpdateCacheData
KsGetFilterFromIrp
KsGetDevice

usbd.sys

USBD_ParseConfigurationDescriptorEx
USBD_CreateConfigurationRequestEx

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 384B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 896B - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 174B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SoftwareFile/Uses of AdditionalFiles/WinAll/BeholdTV/amd64/saa713x.sys
.exe windows x64

e43ebc442a44b98402c01aa44cd9766e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

hal

KeStallExecutionProcessor
KeQueryPerformanceCounter

ntoskrnl.exe

ZwSetValueKey
_wcslwr
RtlFreeUnicodeString
wcsstr
ZwQueryValueKey
ExFreePool
ZwClose
IoGetDeviceInterfaces
IoOpenDeviceRegistryKey
RtlDeleteRegistryValue
KeInitializeTimer
KeInitializeMutex
RtlInitAnsiString
KeCancelTimer
PsCreateSystemThread
PsTerminateSystemThread
ObReferenceObjectByHandle
_stricmp
IoWriteErrorLogEntry
strncmp
ZwReadFile
IoAllocateErrorLogEntry
ZwCreateFile
IoGetCurrentProcess
ZwQueryInformationFile
KeBugCheckEx
_vsnprintf
strchr
IoOpenDeviceInterfaceRegistryKey
RtlInitUnicodeString
RtlAnsiStringToUnicodeString
ZwCreateKey
RtlStringFromGUID
KeReleaseMutex
KeSynchronizeExecution
KeInsertQueueDpc
KeInitializeDpc
KeRemoveQueueDpc
ExFreePoolWithTag
ExAllocatePoolWithTag
IofCallDriver
IoGetDeviceProperty
ObfDereferenceObject
IoIsWdmVersionAvailable
IoGetAttachedDeviceReference
MmMapIoSpace
MmUnmapIoSpace
IoBuildSynchronousFsdRequest
IoGetDmaAdapter
IofCompleteRequest
KeSetTimer
KeWaitForSingleObject
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
KeWaitForMultipleObjects
KeInitializeEvent
KeSetEvent
KeClearEvent
RtlCompareMemory
KeDelayExecutionThread
KeSetTimerEx
MmGetSystemRoutineAddress
IoConnectInterrupt
IoDisconnectInterrupt
KeQueryActiveProcessors
memcmp

ks.sys

KsAcquireDevice
KsReleaseDevice
KsCreateFilterFactory
KsDeviceRegisterAdapterObject
KsGetOuterUnknown
KsFilterFactoryUpdateCacheData
KsGetDeviceForDeviceObject
KsInitializeDriver
KsStreamPointerDelete
KsStreamPointerClone
KsPinReleaseProcessingMutex
KsPinAcquireProcessingMutex
KsGetFilterFromIrp
KsPinGetParentFilter
KsGetDevice
KsPinGetAndGate
KsPinAttemptProcessing
KsGetPinFromIrp
KsStreamPointerAdvance
KsPinGetLeadingEdgeStreamPointer
KsStreamPointerUnlock
_KsEdit
KsPinGetReferenceClockInterface

bdasup.sys

BdaValidateNodeProperty
BdaGetChangeState
BdaCheckChanges
BdaInitFilter
BdaStartChanges
BdaCommitChanges
BdaFilterFactoryUpdateCacheData
BdaCreateFilterFactoryEx

Sections

.text
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SoftwareFile/Uses of AdditionalFiles/WinAll/BeholdTV/amd64/saa7231.sys
.exe windows x64

2d0e9e8011b8f2a5023ebc8f741f9c49

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

KeInitializeDpc
KeReleaseSpinLock
IoAllocateErrorLogEntry
KeInitializeTimer
KeSetTimerEx
ZwCreateFile
PsCreateSystemThread
PsTerminateSystemThread
ObReferenceObjectByHandle
KeSetTimer
ZwReadFile
ZwQueryInformationFile
IoWriteErrorLogEntry
KeAcquireSpinLockRaiseToDpc
MmMapIoSpace
KeRemoveQueueDpc
KeInsertQueueDpc
MmUnmapIoSpace
KeInitializeMutex
KeReleaseMutex
KeSynchronizeExecution
KeWaitForMultipleObjects
KeBugCheckEx
KeClearEvent
IoOpenDeviceRegistryKey
IoGetDeviceInterfaces
ZwClose
ExFreePool
ZwQueryValueKey
wcsstr
RtlFreeUnicodeString
_wcslwr
ZwSetValueKey
RtlInitAnsiString
strchr
IoOpenDeviceInterfaceRegistryKey
RtlInitUnicodeString
RtlAnsiStringToUnicodeString
ZwCreateKey
RtlStringFromGUID
ExFreePoolWithTag
ExAllocatePoolWithTag
IofCompleteRequest
IoGetDeviceProperty
IoIsWdmVersionAvailable
_vsnprintf
KeSetEvent
KeDelayExecutionThread
IoGetDmaAdapter
IofCallDriver
ObfDereferenceObject
IoGetAttachedDeviceReference
KeWaitForSingleObject
KeInitializeEvent
IoBuildSynchronousFsdRequest
KeCancelTimer
RtlCompareMemory
MmGetSystemRoutineAddress
IoConnectInterrupt
IoDisconnectInterrupt
KeQueryActiveProcessors

hal

KeStallExecutionProcessor
KeQueryPerformanceCounter

ks.sys

KsReleaseDevice
KsCreateFilterFactory
KsDeviceRegisterAdapterObject
KsGetOuterUnknown
KsFilterFactoryUpdateCacheData
KsGetPinFromIrp
KsPinGetAndGate
KsStreamPointerDelete
KsStreamPointerClone
KsPinReleaseProcessingMutex
KsPinAcquireProcessingMutex
KsAcquireDevice
KsPinAttemptProcessing
KsGetFilterFromIrp
KsPinGetParentFilter
KsGetDevice
KsPinGetReferenceClockInterface
_KsEdit
KsAcquireControl
KsReleaseControl
KsStreamPointerAdvance
KsPinGetLeadingEdgeStreamPointer
KsStreamPointerUnlock
KsInitializeDriver
KsGetDeviceForDeviceObject

bdasup.sys

BdaGetChangeState
BdaCheckChanges
BdaInitFilter
BdaStartChanges
BdaCommitChanges
BdaFilterFactoryUpdateCacheData
BdaCreateFilterFactoryEx
BdaValidateNodeProperty

Sections

.text
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SoftwareFile/Uses of AdditionalFiles/WinAll/BeholdTV/amd64/ttm6010.sys
.exe windows x64

647437779ebf46177e2c6e415361ea9b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

_stricmp
IoWriteErrorLogEntry
strncmp
KeInitializeDpc
KeReleaseSpinLock
IoAllocateErrorLogEntry
KeInitializeTimer
PsCreateSystemThread
PsTerminateSystemThread
IoGetCurrentProcess
ObReferenceObjectByHandle
KeInitializeMutex
IoOpenDeviceRegistryKey
KeCancelTimer
ZwQueryInformationFile
KeSetEvent
KeAcquireSpinLockRaiseToDpc
IoBuildDeviceIoControlRequest
IofCallDriver
IoCancelIrp
IoFreeIrp
IoAllocateIrp
KeRemoveQueueDpc
KeInsertQueueDpc
KeBugCheckEx
RtlInitUnicodeString
IoGetDeviceInterfaces
ExFreePool
ZwQueryValueKey
wcsstr
RtlFreeUnicodeString
_wcslwr
ZwSetValueKey
RtlInitAnsiString
strchr
IoOpenDeviceInterfaceRegistryKey
RtlAnsiStringToUnicodeString
ZwCreateKey
RtlStringFromGUID
ExFreePoolWithTag
ExAllocatePoolWithTag
IofCompleteRequest
ZwWriteFile
KeWaitForMultipleObjects
KeWaitForSingleObject
ZwCreateFile
ZwClose
KeReleaseMutex
ObfDereferenceObject
KeInitializeEvent
KeClearEvent
IoGetDeviceProperty
toupper
IoIsWdmVersionAvailable
_vsnprintf
KeDelayExecutionThread
ZwReadFile
KeSetTimer
RtlCompareMemory

hal

KeStallExecutionProcessor

ks.sys

KsGetDeviceForDeviceObject
KsInitializeDriver
KsAcquireDevice
KsReleaseDevice
KsCreateFilterFactory
KsFilterFactoryUpdateCacheData
KsGetPinFromIrp
KsPinGetAndGate
KsStreamPointerDelete
KsStreamPointerClone
KsPinReleaseProcessingMutex
KsPinAcquireProcessingMutex
KsPinAttemptProcessing
KsGetFilterFromIrp
KsPinGetParentFilter
KsGetDevice
_KsEdit
KsStreamPointerAdvance
KsPinGetLeadingEdgeStreamPointer
KsStreamPointerUnlock
KsPinGetReferenceClockInterface

usbd.sys

USBD_ParseConfigurationDescriptorEx
USBD_CreateConfigurationRequestEx

bdasup.sys

BdaCreateFilterFactoryEx
BdaValidateNodeProperty
BdaGetChangeState
BdaCheckChanges
BdaInitFilter
BdaStartChanges
BdaCommitChanges
BdaFilterFactoryUpdateCacheData

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SoftwareFile/Uses of AdditionalFiles/WinAll/BeholdTV/beholder.bin
SoftwareFile/Uses of AdditionalFiles/WinAll/BeholdTV/beholder.cat
SoftwareFile/Uses of AdditionalFiles/WinAll/BeholdTV/beholder.inf
SoftwareFile/Uses of AdditionalFiles/WinAll/BeholdTV/bhkspex.dll
.dll regsvr32 windows x86

24ed8993fd619d7b830ee8a6485904da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
??2@YAPAXI@Z
??3@YAXPAX@Z
sprintf
memcpy
_vsnwprintf
wcsncat

ole32

CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
StringFromGUID2

comctl32

ImageList_Destroy
ImageList_Create

comdlg32

GetSaveFileNameA
GetOpenFileNameA

user32

GetDesktopWindow
GetWindowRect
LoadStringW
DefWindowProcW
DestroyWindow
InvalidateRect
MoveWindow
CreateDialogParamW
SetWindowLongW
MessageBoxA
SendMessageA
GetWindowLongA
IsDlgButtonChecked
SetTimer
KillTimer
ShowWindow
SetDlgItemTextA
SendDlgItemMessageA
CheckDlgButton
SetDlgItemInt
EnableWindow
GetDlgItem
GetWindowLongW
GetDlgItemInt

kernel32

QueryPerformanceCounter
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
GetTickCount
GetCurrentThreadId
GetCurrentProcess
FreeLibrary
TerminateProcess
InterlockedIncrement
GetModuleFileNameA
GetLastError
WideCharToMultiByte
CloseHandle
ReadFile
GetFileSize
lstrlenA
CreateFileA
GetFileAttributesA
GetVersionExW
DisableThreadLibraryCalls
InterlockedDecrement
lstrlenW
MultiByteToWideChar

advapi32

RegCreateKeyExA
RegDeleteKeyA
RegCloseKey
RegCreateKeyW
RegSetValueW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegSetValueExA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SoftwareFile/Uses of AdditionalFiles/WinAll/BeholdTV/bhkspex.x64
.dll regsvr32 windows x64

c2b63eb78a633a8cf029f36d00413c44

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

??3@YAXPEAX@Z
??2@YAPEAX_K@Z
sprintf
_vsnwprintf
memcmp
memcpy
memset
wcsncat

ole32

CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
StringFromGUID2

comctl32

ImageList_Destroy
ImageList_Create

comdlg32

GetSaveFileNameA
GetOpenFileNameA

user32

GetDesktopWindow
GetWindowRect
LoadStringW
DefWindowProcW
GetWindowLongW
SetWindowLongW
DestroyWindow
InvalidateRect
MoveWindow
CreateDialogParamW
GetWindowLongPtrW
GetDlgItemInt
SetTimer
SendDlgItemMessageA
KillTimer
SendMessageA
SetDlgItemInt
GetWindowLongA
GetDlgItem
CheckDlgButton
ShowWindow
IsDlgButtonChecked
EnableWindow
SetDlgItemTextA
SetWindowLongPtrW
MessageBoxA

kernel32

RtlVirtualUnwind
SetUnhandledExceptionFilter
GetCurrentProcessId
QueryPerformanceCounter
RtlCaptureContext
GetSystemTimeAsFileTime
TerminateProcess
RtlLookupFunctionEntry
GetFileSize
GetTickCount
GetCurrentThreadId
GetCurrentProcess
UnhandledExceptionFilter
FreeLibrary
GetModuleFileNameA
GetLastError
lstrlenA
MultiByteToWideChar
lstrlenW
WideCharToMultiByte
CreateFileA
DisableThreadLibraryCalls
WriteFile
GetFileAttributesA
ReadFile
CloseHandle
GetVersionExW

advapi32

RegSetValueExA
RegDeleteKeyA
RegCreateKeyExA
RegCreateKeyW
RegSetValueW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegCloseKey

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SoftwareFile/Uses of AdditionalFiles/WinAll/BeholdTV/cx2310x.sys
.exe windows x86

72758abb4fd59d040b279c65c0752ea7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeInitializeEvent
ObfDereferenceObject
KeWaitForSingleObject
KeSetEvent
PsTerminateSystemThread
IofCompleteRequest
ZwQueryInformationFile
ZwCreateFile
ZwReadFile
strncmp
IoGetCurrentProcess
KeInitializeTimer
KeInitializeDpc
ObReferenceObjectByHandle
IoIsWdmVersionAvailable
KeClearEvent
_stricmp
KeSetTimerEx
IoAllocateErrorLogEntry
IofCallDriver
IoBuildDeviceIoControlRequest
KeInitializeMutex
KeReleaseMutex
IoCancelIrp
IoFreeIrp
IoAllocateIrp
InterlockedCompareExchange
KeWaitForMultipleObjects
KeInsertQueueDpc
KeRemoveQueueDpc
KeTickCount
KeBugCheckEx
IoGetDeviceProperty
RtlUnwind
KeCancelTimer
ExFreePoolWithTag
ExAllocatePoolWithTag
ZwQueryValueKey
IoGetDeviceInterfaces
ExFreePool
_wcslwr
wcsstr
IoOpenDeviceRegistryKey
strchr
ZwCreateKey
RtlStringFromGUID
RtlFreeUnicodeString
RtlInitUnicodeString
ZwSetValueKey
IoOpenDeviceInterfaceRegistryKey
ZwClose
RtlInitAnsiString
IoWriteErrorLogEntry
KeDelayExecutionThread
RtlAnsiStringToUnicodeString
toupper
_vsnprintf
KeInitializeSpinLock
InterlockedDecrement
InterlockedIncrement
memset
InterlockedExchange
memcpy
PsCreateSystemThread
RtlCompareMemory

hal

KfAcquireSpinLock
KeGetCurrentIrql
KfReleaseSpinLock
KeQueryPerformanceCounter
KeStallExecutionProcessor

ks.sys

KsPinGetReferenceClockInterface
KsInitializeDriver
KsGetDeviceForDeviceObject
KsAcquireDevice
KsCreateFilterFactory
KsReleaseDevice
KsFilterFactoryUpdateCacheData
KsPinGetAndGate
KsPinAttemptProcessing
KsStreamPointerClone
KsStreamPointerDelete
KsPinAcquireProcessingMutex
KsPinReleaseProcessingMutex
KsGetPinFromIrp
KsPinGetParentFilter
KsGetFilterFromIrp
KsGetDevice
_KsEdit
KsPinGetLeadingEdgeStreamPointer
KsStreamPointerAdvance
KsStreamPointerUnlock

usbd.sys

USBD_CreateConfigurationRequestEx
USBD_ParseConfigurationDescriptorEx

bdasup.sys

BdaFilterFactoryUpdateCacheData
BdaValidateNodeProperty
BdaInitFilter
BdaCommitChanges
BdaGetChangeState
BdaCheckChanges
BdaStartChanges
BdaCreateFilterFactoryEx

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SoftwareFile/Uses of AdditionalFiles/WinAll/BeholdTV/cxpolir.sys
.exe windows x86

42c0ab85aed4e3f6e63353e7577f9e01

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

wcsstr
_wcslwr
ExFreePool
IoGetDeviceInterfaces
ExFreePoolWithTag
ExAllocatePoolWithTag
KeCancelTimer
KeSetTimerEx
KeInitializeEvent
InterlockedExchange
KeWaitForSingleObject
KeSetEvent
InterlockedDecrement
InterlockedIncrement
KeInitializeTimer
KeInitializeDpc
KeClearEvent
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
IofCompleteRequest
IofCallDriver
IoBuildDeviceIoControlRequest
KeDelayExecutionThread
IoFreeIrp
IoCancelIrp
IoAllocateIrp
KeInitializeMutex
KeReleaseMutex
InterlockedCompareExchange
KeTickCount
KeBugCheckEx
IoGetDeviceProperty
RtlUnwind
RtlStringFromGUID
RtlFreeUnicodeString
RtlInitUnicodeString
ZwSetValueKey
IoOpenDeviceInterfaceRegistryKey
ZwClose
RtlInitAnsiString
RtlAnsiStringToUnicodeString
memcpy
memset
_vsnprintf

hal

KeQueryPerformanceCounter
KeGetCurrentIrql
KeStallExecutionProcessor

ks.sys

KsInitializeDriver
KsGetDeviceForDeviceObject
_KsEdit
KsAcquireDevice
KsCreateFilterFactory
KsReleaseDevice
KsFilterFactoryUpdateCacheData
KsGetFilterFromIrp
KsGetDevice

usbd.sys

USBD_CreateConfigurationRequestEx
USBD_ParseConfigurationDescriptorEx

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SoftwareFile/Uses of AdditionalFiles/WinAll/BeholdTV/i386/bhkspex.dll
.dll regsvr32 windows x86

24ed8993fd619d7b830ee8a6485904da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
??2@YAPAXI@Z
??3@YAXPAX@Z
sprintf
memcpy
_vsnwprintf
wcsncat

ole32

CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
StringFromGUID2

comctl32

ImageList_Destroy
ImageList_Create

comdlg32

GetSaveFileNameA
GetOpenFileNameA

user32

GetDesktopWindow
GetWindowRect
LoadStringW
DefWindowProcW
DestroyWindow
InvalidateRect
MoveWindow
CreateDialogParamW
SetWindowLongW
MessageBoxA
SendMessageA
GetWindowLongA
IsDlgButtonChecked
SetTimer
KillTimer
ShowWindow
SetDlgItemTextA
SendDlgItemMessageA
CheckDlgButton
SetDlgItemInt
EnableWindow
GetDlgItem
GetWindowLongW
GetDlgItemInt

kernel32

QueryPerformanceCounter
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
GetTickCount
GetCurrentThreadId
GetCurrentProcess
FreeLibrary
TerminateProcess
InterlockedIncrement
GetModuleFileNameA
GetLastError
WideCharToMultiByte
CloseHandle
ReadFile
GetFileSize
lstrlenA
CreateFileA
GetFileAttributesA
GetVersionExW
DisableThreadLibraryCalls
InterlockedDecrement
lstrlenW
MultiByteToWideChar

advapi32

RegCreateKeyExA
RegDeleteKeyA
RegCloseKey
RegCreateKeyW
RegSetValueW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegSetValueExA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SoftwareFile/Uses of AdditionalFiles/WinAll/BeholdTV/i386/cx2310x.sys
.exe windows x86

72758abb4fd59d040b279c65c0752ea7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeInitializeEvent
ObfDereferenceObject
KeWaitForSingleObject
KeSetEvent
PsTerminateSystemThread
IofCompleteRequest
ZwQueryInformationFile
ZwCreateFile
ZwReadFile
strncmp
IoGetCurrentProcess
KeInitializeTimer
KeInitializeDpc
ObReferenceObjectByHandle
IoIsWdmVersionAvailable
KeClearEvent
_stricmp
KeSetTimerEx
IoAllocateErrorLogEntry
IofCallDriver
IoBuildDeviceIoControlRequest
KeInitializeMutex
KeReleaseMutex
IoCancelIrp
IoFreeIrp
IoAllocateIrp
InterlockedCompareExchange
KeWaitForMultipleObjects
KeInsertQueueDpc
KeRemoveQueueDpc
KeTickCount
KeBugCheckEx
IoGetDeviceProperty
RtlUnwind
KeCancelTimer
ExFreePoolWithTag
ExAllocatePoolWithTag
ZwQueryValueKey
IoGetDeviceInterfaces
ExFreePool
_wcslwr
wcsstr
IoOpenDeviceRegistryKey
strchr
ZwCreateKey
RtlStringFromGUID
RtlFreeUnicodeString
RtlInitUnicodeString
ZwSetValueKey
IoOpenDeviceInterfaceRegistryKey
ZwClose
RtlInitAnsiString
IoWriteErrorLogEntry
KeDelayExecutionThread
RtlAnsiStringToUnicodeString
toupper
_vsnprintf
KeInitializeSpinLock
InterlockedDecrement
InterlockedIncrement
memset
InterlockedExchange
memcpy
PsCreateSystemThread
RtlCompareMemory

hal

KfAcquireSpinLock
KeGetCurrentIrql
KfReleaseSpinLock
KeQueryPerformanceCounter
KeStallExecutionProcessor

ks.sys

KsPinGetReferenceClockInterface
KsInitializeDriver
KsGetDeviceForDeviceObject
KsAcquireDevice
KsCreateFilterFactory
KsReleaseDevice
KsFilterFactoryUpdateCacheData
KsPinGetAndGate
KsPinAttemptProcessing
KsStreamPointerClone
KsStreamPointerDelete
KsPinAcquireProcessingMutex
KsPinReleaseProcessingMutex
KsGetPinFromIrp
KsPinGetParentFilter
KsGetFilterFromIrp
KsGetDevice
_KsEdit
KsPinGetLeadingEdgeStreamPointer
KsStreamPointerAdvance
KsStreamPointerUnlock

usbd.sys

USBD_CreateConfigurationRequestEx
USBD_ParseConfigurationDescriptorEx

bdasup.sys

BdaFilterFactoryUpdateCacheData
BdaValidateNodeProperty
BdaInitFilter
BdaCommitChanges
BdaGetChangeState
BdaCheckChanges
BdaStartChanges
BdaCreateFilterFactoryEx

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SoftwareFile/Uses of AdditionalFiles/WinAll/BeholdTV/i386/cxpolir.sys
.exe windows x86

42c0ab85aed4e3f6e63353e7577f9e01

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

wcsstr
_wcslwr
ExFreePool
IoGetDeviceInterfaces
ExFreePoolWithTag
ExAllocatePoolWithTag
KeCancelTimer
KeSetTimerEx
KeInitializeEvent
InterlockedExchange
KeWaitForSingleObject
KeSetEvent
InterlockedDecrement
InterlockedIncrement
KeInitializeTimer
KeInitializeDpc
KeClearEvent
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
IofCompleteRequest
IofCallDriver
IoBuildDeviceIoControlRequest
KeDelayExecutionThread
IoFreeIrp
IoCancelIrp
IoAllocateIrp
KeInitializeMutex
KeReleaseMutex
InterlockedCompareExchange
KeTickCount
KeBugCheckEx
IoGetDeviceProperty
RtlUnwind
RtlStringFromGUID
RtlFreeUnicodeString
RtlInitUnicodeString
ZwSetValueKey
IoOpenDeviceInterfaceRegistryKey
ZwClose
RtlInitAnsiString
RtlAnsiStringToUnicodeString
memcpy
memset
_vsnprintf

hal

KeQueryPerformanceCounter
KeGetCurrentIrql
KeStallExecutionProcessor

ks.sys

KsInitializeDriver
KsGetDeviceForDeviceObject
_KsEdit
KsAcquireDevice
KsCreateFilterFactory
KsReleaseDevice
KsFilterFactoryUpdateCacheData
KsGetFilterFromIrp
KsGetDevice

usbd.sys

USBD_CreateConfigurationRequestEx
USBD_ParseConfigurationDescriptorEx

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SoftwareFile/Uses of AdditionalFiles/WinAll/BeholdTV/i386/saa713x.sys
.exe windows x86

dccc7d9930f7acdf7504c66ef621047a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

hal

KeGetCurrentIrql
KeStallExecutionProcessor
KeQueryPerformanceCounter
KfReleaseSpinLock
KfAcquireSpinLock

ntoskrnl.exe

KeRemoveQueueDpc
memmove
KeWaitForMultipleObjects
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwClose
RtlDeleteRegistryValue
IoOpenDeviceInterfaceRegistryKey
ZwSetValueKey
RtlInitUnicodeString
RtlFreeUnicodeString
RtlStringFromGUID
ZwCreateKey
strchr
IoOpenDeviceRegistryKey
wcsstr
KeSetEvent
ExFreePool
IoGetDeviceInterfaces
KeInitializeDpc
ZwQueryValueKey
KeSetTimer
KeCancelTimer
KeSetTimerEx
KeInitializeTimer
PsTerminateSystemThread
ObReferenceObjectByHandle
PsCreateSystemThread
ZwQueryInformationFile
ZwCreateFile
ZwReadFile
strncmp
IoGetCurrentProcess
_stricmp
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
KeTickCount
KeBugCheckEx
KeClearEvent
RtlUnwind
KeInsertQueueDpc
KeSynchronizeExecution
WRITE_REGISTER_UCHAR
WRITE_REGISTER_USHORT
WRITE_REGISTER_ULONG
READ_REGISTER_UCHAR
READ_REGISTER_USHORT
READ_REGISTER_ULONG
ExAllocatePoolWithTag
ExFreePoolWithTag
IoIsWdmVersionAvailable
IoGetDeviceProperty
IoGetDmaAdapter
IoGetAttachedDeviceReference
IoBuildSynchronousFsdRequest
ObfDereferenceObject
IofCallDriver
MmUnmapIoSpace
MmMapIoSpace
IofCompleteRequest
KeReleaseMutex
KeWaitForSingleObject
KeInitializeMutex
_vsnprintf
KeInitializeSpinLock
KeInitializeEvent
memcpy
RtlCompareMemory
memset
InterlockedDecrement
InterlockedIncrement
KeDelayExecutionThread
InterlockedExchange
_wcslwr
MmGetSystemRoutineAddress
IoConnectInterrupt
IoDisconnectInterrupt
KeQueryActiveProcessors

ks.sys

KsAcquireDevice
KsCreateFilterFactory
KsReleaseDevice
KsFilterFactoryUpdateCacheData
KsDeviceRegisterAdapterObject
KsGetOuterUnknown
KsInitializeDriver
KsGetDeviceForDeviceObject
KsStreamPointerClone
KsPinAcquireProcessingMutex
KsPinReleaseProcessingMutex
KsStreamPointerDelete
KsPinGetParentFilter
KsGetFilterFromIrp
KsGetDevice
KsPinGetAndGate
KsPinAttemptProcessing
KsGetPinFromIrp
KsPinGetLeadingEdgeStreamPointer
KsStreamPointerAdvance
KsStreamPointerUnlock
_KsEdit
KsPinGetReferenceClockInterface

bdasup.sys

BdaValidateNodeProperty
BdaInitFilter
BdaCreateFilterFactoryEx
BdaCommitChanges
BdaGetChangeState
BdaCheckChanges
BdaStartChanges
BdaFilterFactoryUpdateCacheData

Sections

.text
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SoftwareFile/Uses of AdditionalFiles/WinAll/BeholdTV/i386/saa7231.sys
.exe windows x86

4e6dd13ddad7dd7d1927110593fdd162

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwQueryValueKey
KeInitializeSpinLock
IoGetDeviceInterfaces
KeSetTimer
KeCancelTimer
KeSetTimerEx
KeSetEvent
PsTerminateSystemThread
ExFreePool
ZwQueryInformationFile
ZwCreateFile
ZwReadFile
KeInitializeTimer
_wcslwr
ObReferenceObjectByHandle
PsCreateSystemThread
KeClearEvent
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
MmMapIoSpace
KeRemoveQueueDpc
KeInsertQueueDpc
READ_REGISTER_ULONG
WRITE_REGISTER_ULONG
MmUnmapIoSpace
KeInitializeMutex
KeReleaseMutex
KeSynchronizeExecution
KeWaitForMultipleObjects
KeTickCount
KeBugCheckEx
wcsstr
RtlUnwind
IoOpenDeviceRegistryKey
strchr
ZwCreateKey
RtlStringFromGUID
RtlFreeUnicodeString
RtlInitUnicodeString
ZwSetValueKey
IoOpenDeviceInterfaceRegistryKey
ZwClose
RtlInitAnsiString
RtlAnsiStringToUnicodeString
ExAllocatePoolWithTag
ExFreePoolWithTag
IofCompleteRequest
IoIsWdmVersionAvailable
IoGetDmaAdapter
IoGetDeviceProperty
KeDelayExecutionThread
_vsnprintf
InterlockedDecrement
InterlockedIncrement
IoGetAttachedDeviceReference
IoBuildSynchronousFsdRequest
KeInitializeEvent
ObfDereferenceObject
IofCallDriver
KeWaitForSingleObject
InterlockedCompareExchange
memset
InterlockedExchange
memcpy
KeInitializeDpc
RtlCompareMemory
MmGetSystemRoutineAddress
IoConnectInterrupt
IoDisconnectInterrupt
KeQueryActiveProcessors

hal

KfAcquireSpinLock
KeQueryPerformanceCounter
KfReleaseSpinLock
KeGetCurrentIrql
KeStallExecutionProcessor

ks.sys

KsReleaseDevice
KsFilterFactoryUpdateCacheData
KsCreateFilterFactory
KsGetOuterUnknown
KsStreamPointerClone
KsStreamPointerDelete
KsPinAcquireProcessingMutex
KsPinReleaseProcessingMutex
KsAcquireDevice
KsPinAttemptProcessing
KsGetPinFromIrp
KsPinGetParentFilter
KsGetFilterFromIrp
KsGetDevice
KsPinGetReferenceClockInterface
_KsEdit
KsReleaseControl
KsAcquireControl
KsPinGetLeadingEdgeStreamPointer
KsStreamPointerAdvance
KsStreamPointerUnlock
KsDeviceRegisterAdapterObject
KsInitializeDriver
KsGetDeviceForDeviceObject
KsPinGetAndGate

bdasup.sys

BdaInitFilter
BdaCommitChanges
BdaGetChangeState
BdaCheckChanges
BdaStartChanges
BdaCreateFilterFactoryEx
BdaFilterFactoryUpdateCacheData
BdaValidateNodeProperty

Sections

.text
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SoftwareFile/Uses of AdditionalFiles/WinAll/BeholdTV/i386/ttm6010.sys
.exe windows x86

1e8df125497f0e9c4f965b821e5f1dcb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_wcslwr
ExFreePool
IoGetDeviceInterfaces
ZwQueryValueKey
KeSetEvent
KeReleaseMutex
KeSetTimer
KeCancelTimer
ObfDereferenceObject
PsTerminateSystemThread
KeWaitForSingleObject
ZwQueryInformationFile
strncmp
KeInitializeMutex
KeInitializeTimer
KeInitializeDpc
wcsstr
PsCreateSystemThread
_stricmp
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
IofCallDriver
IoBuildDeviceIoControlRequest
IoCancelIrp
memmove
IoAllocateIrp
IoFreeIrp
KeInsertQueueDpc
KeRemoveQueueDpc
KeTickCount
KeBugCheckEx
IoIsWdmVersionAvailable
RtlUnwind
IoOpenDeviceRegistryKey
strchr
ZwCreateKey
RtlStringFromGUID
RtlFreeUnicodeString
ZwSetValueKey
IoOpenDeviceInterfaceRegistryKey
RtlInitAnsiString
RtlAnsiStringToUnicodeString
ExAllocatePoolWithTag
ExFreePoolWithTag
IofCompleteRequest
KeClearEvent
KeWaitForMultipleObjects
ZwWriteFile
KeInitializeEvent
RtlInitUnicodeString
ZwCreateFile
ZwReadFile
ObReferenceObjectByHandle
ZwClose
IoGetDeviceProperty
KeDelayExecutionThread
toupper
_vsnprintf
KeInitializeSpinLock
InterlockedDecrement
InterlockedIncrement
memset
InterlockedExchange
memcpy
IoGetCurrentProcess
RtlCompareMemory

hal

KeStallExecutionProcessor
KfReleaseSpinLock
KeGetCurrentIrql
KfAcquireSpinLock

ks.sys

KsInitializeDriver
KsGetDeviceForDeviceObject
KsAcquireDevice
KsCreateFilterFactory
KsReleaseDevice
KsFilterFactoryUpdateCacheData
KsPinGetAndGate
KsPinAttemptProcessing
KsStreamPointerClone
KsStreamPointerDelete
KsPinAcquireProcessingMutex
KsPinReleaseProcessingMutex
KsGetPinFromIrp
KsPinGetParentFilter
KsGetFilterFromIrp
KsGetDevice
_KsEdit
KsPinGetLeadingEdgeStreamPointer
KsStreamPointerAdvance
KsStreamPointerUnlock
KsPinGetReferenceClockInterface

usbd.sys

USBD_ParseConfigurationDescriptorEx
USBD_CreateConfigurationRequestEx

bdasup.sys

BdaFilterFactoryUpdateCacheData
BdaValidateNodeProperty
BdaGetChangeState
BdaCommitChanges
BdaCheckChanges
BdaStartChanges
BdaInitFilter
BdaCreateFilterFactoryEx

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SoftwareFile/Uses of AdditionalFiles/WinAll/BeholdTV/install.x64
.exe windows x64

5292520ce02adff7057028b73fd61d03

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mfc42

ord4087
ord3173
ord4381
ord4992
ord4779
ord3926
ord659
ord1063
ord318
ord5645
ord622
ord834
ord2529
ord2858
ord5639
ord1469
ord2407
ord6448
ord4375
ord1792
ord4761
ord5670
ord2413
ord5595
ord6818
ord4703
ord5719
ord4027
ord5238
ord4798
ord2682
ord2074
ord6820
ord3943
ord5493
ord1749
ord5690
ord2471
ord2154
ord4093
ord3544
ord4997
ord3904
ord665
ord1035
ord2598
ord4750
ord3753
ord822
ord3784
ord867
ord1447
ord3877
ord996
ord5694
ord4730
ord5254
ord5415
ord6445
ord1791
ord5709
ord4780
ord3771
ord852
ord2343
ord4567
ord2673
ord6622
ord2677
ord4558
ord5086
ord984
ord525
ord4434
ord337
ord6620
ord6824
ord1595
ord4092
ord3055
ord3175
ord3061
ord3375
ord3240
ord4824
ord3371
ord3252
ord3058
ord6060
ord5718
ord5737
ord5074
ord4378
ord2764
ord5731
ord5729
ord3477
ord2426
ord5624
ord1392
ord4201
ord6078
ord2527
ord2571
ord4845
ord6819
ord4608
ord5048
ord1265
ord1263
ord1122
ord5611
ord3449
ord5814
ord1991
ord286
ord5912
ord371
ord4008
ord6560
ord877
ord6890
ord4483
ord367
ord626
ord1124
ord1040
ord3790
ord3231
ord5993
ord6891
ord3840
ord5706
ord1585

msvcrt

sprintf
memset
strncpy
strstr
_strupr
_stricmp
_purecall
__C_specific_handler
_XcptFilter
_c_exit
_exit
_cexit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_commode
_fmode
__set_app_type
??1type_info@@UEAA@XZ
__dllonexit
_onexit
?terminate@@YAXXZ
_strnicmp
__CxxFrameHandler
_setmbcp

advapi32

ControlService
LookupPrivilegeValueA
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegCloseKey
RegSetValueExA
RegCreateKeyExA
OpenSCManagerA
OpenServiceA
QueryServiceStatus
AdjustTokenPrivileges
CloseServiceHandle
RegOpenKeyExA
RegDeleteKeyA

kernel32

CloseHandle
GetLastError
GetCurrentProcess
SetLastError
FindClose
FindFirstFileA
GetProcAddress
GetModuleHandleA
lstrlenA
GetModuleFileNameA
GetWindowsDirectoryA
MoveFileExA
GetTempFileNameA
GetTempPathA
Sleep
WaitForSingleObject
CreateProcessA
FindNextFileA
GetSystemDirectoryA
FreeLibrary
LoadLibraryA
GetVersionExA
GetTickCount
GetFullPathNameA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStartupInfoA
CopyFileA

user32

TranslateMessage
DispatchMessageA
PeekMessageA
ExitWindowsEx
GetSystemMetrics
LoadIconA
EnableWindow
SetForegroundWindow
GetClientRect
IsIconic
SendMessageA
DrawIcon
FindWindowA
PostMessageA
MessageBoxA

setupapi

SetupDiGetDeviceInstallParamsA
SetupDiEnumDeviceInfo
SetupDiOpenDevRegKey
SetupDiGetDeviceRegistryPropertyA
SetupDiRemoveDevice
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA

shell32

SHBrowseForFolderA
SHGetMalloc
SHGetPathFromIDListA

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SoftwareFile/Uses of AdditionalFiles/WinAll/BeholdTV/saa713x.sys
.exe windows x86

dccc7d9930f7acdf7504c66ef621047a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

hal

KeGetCurrentIrql
KeStallExecutionProcessor
KeQueryPerformanceCounter
KfReleaseSpinLock
KfAcquireSpinLock

ntoskrnl.exe

KeRemoveQueueDpc
memmove
KeWaitForMultipleObjects
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwClose
RtlDeleteRegistryValue
IoOpenDeviceInterfaceRegistryKey
ZwSetValueKey
RtlInitUnicodeString
RtlFreeUnicodeString
RtlStringFromGUID
ZwCreateKey
strchr
IoOpenDeviceRegistryKey
wcsstr
KeSetEvent
ExFreePool
IoGetDeviceInterfaces
KeInitializeDpc
ZwQueryValueKey
KeSetTimer
KeCancelTimer
KeSetTimerEx
KeInitializeTimer
PsTerminateSystemThread
ObReferenceObjectByHandle
PsCreateSystemThread
ZwQueryInformationFile
ZwCreateFile
ZwReadFile
strncmp
IoGetCurrentProcess
_stricmp
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
KeTickCount
KeBugCheckEx
KeClearEvent
RtlUnwind
KeInsertQueueDpc
KeSynchronizeExecution
WRITE_REGISTER_UCHAR
WRITE_REGISTER_USHORT
WRITE_REGISTER_ULONG
READ_REGISTER_UCHAR
READ_REGISTER_USHORT
READ_REGISTER_ULONG
ExAllocatePoolWithTag
ExFreePoolWithTag
IoIsWdmVersionAvailable
IoGetDeviceProperty
IoGetDmaAdapter
IoGetAttachedDeviceReference
IoBuildSynchronousFsdRequest
ObfDereferenceObject
IofCallDriver
MmUnmapIoSpace
MmMapIoSpace
IofCompleteRequest
KeReleaseMutex
KeWaitForSingleObject
KeInitializeMutex
_vsnprintf
KeInitializeSpinLock
KeInitializeEvent
memcpy
RtlCompareMemory
memset
InterlockedDecrement
InterlockedIncrement
KeDelayExecutionThread
InterlockedExchange
_wcslwr
MmGetSystemRoutineAddress
IoConnectInterrupt
IoDisconnectInterrupt
KeQueryActiveProcessors

ks.sys

KsAcquireDevice
KsCreateFilterFactory
KsReleaseDevice
KsFilterFactoryUpdateCacheData
KsDeviceRegisterAdapterObject
KsGetOuterUnknown
KsInitializeDriver
KsGetDeviceForDeviceObject
KsStreamPointerClone
KsPinAcquireProcessingMutex
KsPinReleaseProcessingMutex
KsStreamPointerDelete
KsPinGetParentFilter
KsGetFilterFromIrp
KsGetDevice
KsPinGetAndGate
KsPinAttemptProcessing
KsGetPinFromIrp
KsPinGetLeadingEdgeStreamPointer
KsStreamPointerAdvance
KsStreamPointerUnlock
_KsEdit
KsPinGetReferenceClockInterface

bdasup.sys

BdaValidateNodeProperty
BdaInitFilter
BdaCreateFilterFactoryEx
BdaCommitChanges
BdaGetChangeState
BdaCheckChanges
BdaStartChanges
BdaFilterFactoryUpdateCacheData

Sections

.text
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SoftwareFile/Uses of AdditionalFiles/WinAll/BeholdTV/saa7231.sys
.exe windows x86

4e6dd13ddad7dd7d1927110593fdd162

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwQueryValueKey
KeInitializeSpinLock
IoGetDeviceInterfaces
KeSetTimer
KeCancelTimer
KeSetTimerEx
KeSetEvent
PsTerminateSystemThread
ExFreePool
ZwQueryInformationFile
ZwCreateFile
ZwReadFile
KeInitializeTimer
_wcslwr
ObReferenceObjectByHandle
PsCreateSystemThread
KeClearEvent
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
MmMapIoSpace
KeRemoveQueueDpc
KeInsertQueueDpc
READ_REGISTER_ULONG
WRITE_REGISTER_ULONG
MmUnmapIoSpace
KeInitializeMutex
KeReleaseMutex
KeSynchronizeExecution
KeWaitForMultipleObjects
KeTickCount
KeBugCheckEx
wcsstr
RtlUnwind
IoOpenDeviceRegistryKey
strchr
ZwCreateKey
RtlStringFromGUID
RtlFreeUnicodeString
RtlInitUnicodeString
ZwSetValueKey
IoOpenDeviceInterfaceRegistryKey
ZwClose
RtlInitAnsiString
RtlAnsiStringToUnicodeString
ExAllocatePoolWithTag
ExFreePoolWithTag
IofCompleteRequest
IoIsWdmVersionAvailable
IoGetDmaAdapter
IoGetDeviceProperty
KeDelayExecutionThread
_vsnprintf
InterlockedDecrement
InterlockedIncrement
IoGetAttachedDeviceReference
IoBuildSynchronousFsdRequest
KeInitializeEvent
ObfDereferenceObject
IofCallDriver
KeWaitForSingleObject
InterlockedCompareExchange
memset
InterlockedExchange
memcpy
KeInitializeDpc
RtlCompareMemory
MmGetSystemRoutineAddress
IoConnectInterrupt
IoDisconnectInterrupt
KeQueryActiveProcessors

hal

KfAcquireSpinLock
KeQueryPerformanceCounter
KfReleaseSpinLock
KeGetCurrentIrql
KeStallExecutionProcessor

ks.sys

KsReleaseDevice
KsFilterFactoryUpdateCacheData
KsCreateFilterFactory
KsGetOuterUnknown
KsStreamPointerClone
KsStreamPointerDelete
KsPinAcquireProcessingMutex
KsPinReleaseProcessingMutex
KsAcquireDevice
KsPinAttemptProcessing
KsGetPinFromIrp
KsPinGetParentFilter
KsGetFilterFromIrp
KsGetDevice
KsPinGetReferenceClockInterface
_KsEdit
KsReleaseControl
KsAcquireControl
KsPinGetLeadingEdgeStreamPointer
KsStreamPointerAdvance
KsStreamPointerUnlock
KsDeviceRegisterAdapterObject
KsInitializeDriver
KsGetDeviceForDeviceObject
KsPinGetAndGate

bdasup.sys

BdaInitFilter
BdaCommitChanges
BdaGetChangeState
BdaCheckChanges
BdaStartChanges
BdaCreateFilterFactoryEx
BdaFilterFactoryUpdateCacheData
BdaValidateNodeProperty

Sections

.text
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SoftwareFile/Uses of AdditionalFiles/WinAll/BeholdTV/ttm6010.sys
.exe windows x86

1e8df125497f0e9c4f965b821e5f1dcb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_wcslwr
ExFreePool
IoGetDeviceInterfaces
ZwQueryValueKey
KeSetEvent
KeReleaseMutex
KeSetTimer
KeCancelTimer
ObfDereferenceObject
PsTerminateSystemThread
KeWaitForSingleObject
ZwQueryInformationFile
strncmp
KeInitializeMutex
KeInitializeTimer
KeInitializeDpc
wcsstr
PsCreateSystemThread
_stricmp
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
IofCallDriver
IoBuildDeviceIoControlRequest
IoCancelIrp
memmove
IoAllocateIrp
IoFreeIrp
KeInsertQueueDpc
KeRemoveQueueDpc
KeTickCount
KeBugCheckEx
IoIsWdmVersionAvailable
RtlUnwind
IoOpenDeviceRegistryKey
strchr
ZwCreateKey
RtlStringFromGUID
RtlFreeUnicodeString
ZwSetValueKey
IoOpenDeviceInterfaceRegistryKey
RtlInitAnsiString
RtlAnsiStringToUnicodeString
ExAllocatePoolWithTag
ExFreePoolWithTag
IofCompleteRequest
KeClearEvent
KeWaitForMultipleObjects
ZwWriteFile
KeInitializeEvent
RtlInitUnicodeString
ZwCreateFile
ZwReadFile
ObReferenceObjectByHandle
ZwClose
IoGetDeviceProperty
KeDelayExecutionThread
toupper
_vsnprintf
KeInitializeSpinLock
InterlockedDecrement
InterlockedIncrement
memset
InterlockedExchange
memcpy
IoGetCurrentProcess
RtlCompareMemory

hal

KeStallExecutionProcessor
KfReleaseSpinLock
KeGetCurrentIrql
KfAcquireSpinLock

ks.sys

KsInitializeDriver
KsGetDeviceForDeviceObject
KsAcquireDevice
KsCreateFilterFactory
KsReleaseDevice
KsFilterFactoryUpdateCacheData
KsPinGetAndGate
KsPinAttemptProcessing
KsStreamPointerClone
KsStreamPointerDelete
KsPinAcquireProcessingMutex
KsPinReleaseProcessingMutex
KsGetPinFromIrp
KsPinGetParentFilter
KsGetFilterFromIrp
KsGetDevice
_KsEdit
KsPinGetLeadingEdgeStreamPointer
KsStreamPointerAdvance
KsStreamPointerUnlock
KsPinGetReferenceClockInterface

usbd.sys

USBD_ParseConfigurationDescriptorEx
USBD_CreateConfigurationRequestEx

bdasup.sys

BdaFilterFactoryUpdateCacheData
BdaValidateNodeProperty
BdaGetChangeState
BdaCommitChanges
BdaCheckChanges
BdaStartChanges
BdaInitFilter
BdaCreateFilterFactoryEx

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ecd5f4e27cc9ffeeb4576a9a2581e0a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 3.9MB - Virtual size: 3.9MB

.rdata Size: 22KB - Virtual size: 22KB

.data Size: 2KB - Virtual size: 4KB

.gfids Size: 512B - Virtual size: 172B

.rsrc Size: 68KB - Virtual size: 67KB

.reloc Size: 15KB - Virtual size: 15KB

.rtolz Size: 176KB - Virtual size: 176KB

.jwjly Size: 876KB - Virtual size: 876KB

.[0] Size: 390.0MB - Virtual size: 390.0MB

c2b63eb78a633a8cf029f36d00413c44

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ole32

comctl32

comdlg32

user32

kernel32

advapi32

Exports

Exports

Sections

.text Size: 79KB - Virtual size: 79KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 1024B - Virtual size: 932B

ded2398681571d460a573fbec8267082

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

ks.sys

usbd.sys

bdasup.sys

Sections

.text Size: 111KB - Virtual size: 111KB

.rdata Size: 87KB - Virtual size: 87KB

.data Size: 1KB - Virtual size: 1KB

.pdata Size: 5KB - Virtual size: 5KB

INIT Size: 3KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 4KB

ea7483a8eb714ec3ea508bf58b81a559

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

ks.sys

usbd.sys

Sections

.text Size: 14KB - Virtual size: 14KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 384B - Virtual size: 336B

.pdata Size: 896B - Virtual size: 780B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 256B - Virtual size: 174B

e43ebc442a44b98402c01aa44cd9766e

Headers

DLL Characteristics

File Characteristics

.text
Size: 3.9MB - Virtual size: 3.9MB

.rdata
Size: 22KB - Virtual size: 22KB

.data
Size: 2KB - Virtual size: 4KB

.gfids
Size: 512B - Virtual size: 172B

.rsrc
Size: 68KB - Virtual size: 67KB

.reloc
Size: 15KB - Virtual size: 15KB

.rtolz
Size: 176KB - Virtual size: 176KB

.jwjly
Size: 876KB - Virtual size: 876KB

.[0]
Size: 390.0MB - Virtual size: 390.0MB

.text
Size: 79KB - Virtual size: 79KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 1024B - Virtual size: 932B

.text
Size: 111KB - Virtual size: 111KB

.rdata
Size: 87KB - Virtual size: 87KB

.data
Size: 1KB - Virtual size: 1KB

.pdata
Size: 5KB - Virtual size: 5KB

INIT
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 14KB - Virtual size: 14KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 384B - Virtual size: 336B

.pdata
Size: 896B - Virtual size: 780B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 256B - Virtual size: 174B

.text
Size: 207KB - Virtual size: 207KB

.rdata
Size: 161KB - Virtual size: 161KB

.data
Size: 2KB - Virtual size: 2KB

.pdata
Size: 10KB - Virtual size: 10KB

PAGE
Size: 512B - Virtual size: 504B

INIT
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 9KB - Virtual size: 9KB

.text
Size: 142KB - Virtual size: 142KB

.rdata
Size: 117KB - Virtual size: 117KB

.data
Size: 1KB - Virtual size: 1KB

.pdata
Size: 6KB - Virtual size: 6KB

PAGE
Size: 512B - Virtual size: 504B

INIT
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 79KB - Virtual size: 79KB

.rdata
Size: 66KB - Virtual size: 65KB

.data
Size: 1KB - Virtual size: 1KB

.pdata
Size: 4KB - Virtual size: 4KB

INIT
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 60KB - Virtual size: 60KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 5KB - Virtual size: 4KB