Files_JC[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Files_JC.zip
Size

11.8MB
MD5

5944969b446e8e372d1a7f0b48cdbb82
SHA1

863564e002a7945e818a12676bbf4f819421dbd3
SHA256

cff0e216bb69f255f7aaa8c4a1d19280b11590e00bb98e2b46409880cef19c92
SHA512

d8513cfbc0871bf863f7ca0ee764fef675ed0910416d71e9ebac33a2ebe12de3d8fb81c198e86901329fedb2183c25e2ef2a69e1245108bdf3f5832aa8c1fb8b
SSDEEP

196608:ar6w3Vvz27AmcHRkstpWotKHJ8j4CHB5gnA3GDYaVAn5fi0wiM8pCqfn6CMJ2:amwlvz4s//wU/snA3kAn5fi0x5p1fn6e

Score

1^/10

Malware Config

Signatures

Files

Files_JC.zip
.zip
Files/app/D.A. 2019 Basic.Appx
.appx
Files/app/D.A. 2019 for Gaming.Appx
.appx
Files/driver/dax3 basic x64.zip
.zip
CaptureStreamMonitor.dll
.dll windows x64

f97119e764e674261e9477eebd529a1d

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:9b:b5:3d:d0:6f:10:b3:db:a8:2e:8d:3f:af:65:88
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

26/07/2018, 00:00

Not After

19/10/2021, 12:00

Subject

CN=Dolby Laboratories\, Inc.,O=Dolby Laboratories\, Inc.,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:6d:9d:a5:3e:87:00:9d:33:49:00:00:00:00:00:6d
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/09/2018, 19:45

Not After

20/09/2019, 19:45

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:e6:5d:e9:09:29:d9:47:0d:0b:e8:bd:a3:40:33:2b:2c:ea:86:6a:27:f7:b4:4e:2a:8f:dd:11:fa:aa:7a:0a
Signer

Actual PE Digest

2f:e6:5d:e9:09:29:d9:47:0d:0b:e8:bd:a3:40:33:2b:2c:ea:86:6a:27:f7:b4:4e:2a:8f:dd:11:fa:aa:7a:0a

Digest Algorithm

sha256

PE Digest Matches

true

2f:e6:5d:e9:09:29:d9:47:0d:0b:e8:bd:a3:40:33:2b:2c:ea:86:6a:27:f7:b4:4e:2a:8f:dd:11:fa:aa:7a:0a
Signer

Actual PE Digest

2f:e6:5d:e9:09:29:d9:47:0d:0b:e8:bd:a3:40:33:2b:2c:ea:86:6a:27:f7:b4:4e:2a:8f:dd:11:fa:aa:7a:0a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
HeapSize
WTSGetActiveConsoleSessionId
CreateEventW
WaitForSingleObject
InitializeCriticalSectionEx
RaiseException
DecodePointer
DeleteCriticalSection
CreateFileW
ReadConsoleW
SetStdHandle
HeapDestroy
CloseHandle
K32GetModuleBaseNameW
GetLastError
OpenProcess
LocalAlloc
FormatMessageW
SetEvent
LocalFree
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
SetFilePointerEx
ReadFile
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFileType
GetStdHandle
GetACP
GetModuleFileNameA
ExitProcess
RtlUnwindEx
LoadLibraryW
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
RtlPcToFileHeader
EncodePointer
TryEnterCriticalSection
GetCurrentThreadId
QueueUserWorkItem
GetModuleHandleExW
IsProcessorFeaturePresent
WideCharToMultiByte
QueryPerformanceCounter
SetLastError
InitializeCriticalSectionAndSpinCount
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetProcAddress
MultiByteToWideChar
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCurrentThread
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
WriteConsoleW

advapi32

InitializeSecurityDescriptor
ReportEventW
EventWriteString
DeregisterEventSource
EventUnregister
RegisterEventSourceW
EventRegister
SetSecurityDescriptorDacl

ole32

PropVariantClear
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitializeEx

oleaut32

SysAllocString
SysFreeString
SafeArrayAccessData
SafeArrayUnaccessData
BSTR_UserSize
BSTR_UserFree
LPSAFEARRAY_UserSize
BSTR_UserMarshal64
LPSAFEARRAY_UserSize64
BSTR_UserSize64
BSTR_UserFree64
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserUnmarshal64
BSTR_UserMarshal
BSTR_UserUnmarshal
LPSAFEARRAY_UserMarshal64
LPSAFEARRAY_UserFree64
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserFree
BSTR_UserUnmarshal64

rpcrt4

RpcBindingFromStringBindingW
RpcStringFreeW
RpcBindingFree
NdrClientCall3
NdrServerCallAll
NdrServerCall2
RpcStringBindingComposeW

Exports

Exports

StartMonitor

Sections

.text
Size: 378KB - Virtual size: 377KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DAX3API.exe
.exe windows x64

2c356709a59c2c738fa015ffdc9e1f32

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:9b:b5:3d:d0:6f:10:b3:db:a8:2e:8d:3f:af:65:88
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

26/07/2018, 00:00

Not After

19/10/2021, 12:00

Subject

CN=Dolby Laboratories\, Inc.,O=Dolby Laboratories\, Inc.,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:6d:9d:a5:3e:87:00:9d:33:49:00:00:00:00:00:6d
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/09/2018, 19:45

Not After

20/09/2019, 19:45

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c5:c8:0b:95:0e:0a:be:24:77:91:8d:b6:93:f9:ca:f2:76:6d:72:b2:c5:c2:75:88:be:be:da:f0:d7:94:ef:35
Signer

Actual PE Digest

c5:c8:0b:95:0e:0a:be:24:77:91:8d:b6:93:f9:ca:f2:76:6d:72:b2:c5:c2:75:88:be:be:da:f0:d7:94:ef:35

Digest Algorithm

sha256

PE Digest Matches

true

c5:c8:0b:95:0e:0a:be:24:77:91:8d:b6:93:f9:ca:f2:76:6d:72:b2:c5:c2:75:88:be:be:da:f0:d7:94:ef:35
Signer

Actual PE Digest

c5:c8:0b:95:0e:0a:be:24:77:91:8d:b6:93:f9:ca:f2:76:6d:72:b2:c5:c2:75:88:be:be:da:f0:d7:94:ef:35

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
GetLastError
SetLastError

api-ms-win-core-libraryloader-l1-2-0

FreeLibraryAndExitThread
GetModuleHandleA
GetModuleHandleExW
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameA
GetProcAddress
FreeLibrary
GetModuleFileNameW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-localization-l1-2-0

GetACP
IsValidCodePage
FormatMessageW
GetOEMCP
GetCPInfo
LCMapStringW

api-ms-win-service-management-l2-1-0

ChangeServiceConfig2W

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenSCManagerW
OpenServiceW
DeleteService
CreateServiceW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventWriteString

oleaut32

SafeArrayDestroy
SysFreeString
SysReAllocString
LPSAFEARRAY_UserMarshal64
LPSAFEARRAY_UserSize64
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
LPSAFEARRAY_UserUnmarshal64
LPSAFEARRAY_UserFree64
BSTR_UserSize
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserFree
BSTR_UserSize64
BSTR_UserMarshal64
BSTR_UserUnmarshal64
BSTR_UserFree64
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserSize
LPSAFEARRAY_UserMarshal

rpcrt4

NdrServerCall2
RpcEpUnregister
RpcBindingVectorFree
RpcServerInqBindings
RpcEpRegisterW
NdrClientCall3
RpcServerListen
RpcServerRegisterIf3
RpcServerUnregisterIf
RpcServerUseProtseqEpW
RpcMgmtStopServerListening
NdrServerCallAll

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
CreateEventW
ReleaseSemaphore
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObjectEx
SetEvent
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
InitializeCriticalSection

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
CoCreateInstance

api-ms-win-security-base-l1-1-0

InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
SetSecurityDescriptorDacl

api-ms-win-security-base-l1-2-2

DeriveCapabilitySidsFromName

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW

api-ms-win-core-threadpool-l1-2-0

SubmitThreadpoolWork
WaitForThreadpoolWorkCallbacks
CreateThreadpoolWork
CloseThreadpoolWork

api-ms-win-service-winsvc-l1-1-0

RegisterServiceCtrlHandlerW
QueryServiceStatus
ControlService

api-ms-win-service-core-l1-1-0

SetServiceStatus
StartServiceCtrlDispatcherW

api-ms-win-core-synch-l1-2-0

SignalObjectAndWait
Sleep

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

advapi32

RegisterEventSourceW
ReportEventW
DeregisterEventSource

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
ExitProcess
TerminateProcess
GetCurrentProcess
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetStartupInfoW
GetCurrentThreadId
TlsGetValue
TlsSetValue
GetExitCodeProcess
CreateProcessA
TlsAlloc
TlsFree
GetCurrentThread

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetLogicalProcessorInformation
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
CompareStringW
GetStringTypeW

api-ms-win-core-rtlsupport-l1-1-0

RtlPcToFileHeader
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetThreadTimes

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-interlocked-l1-1-0

InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
InitializeSListHead

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx
CreateTimerQueue
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer

api-ms-win-core-systemtopology-l1-1-0

GetNumaHighestNodeNumber

api-ms-win-core-processtopology-obsolete-l1-1-0

GetProcessAffinityMask
SetThreadAffinityMask

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject
UnregisterWait

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree
VirtualProtect

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapSize
GetProcessHeap
HeapReAlloc
HeapFree

api-ms-win-core-processenvironment-l1-1-0

SetStdHandle
SetEnvironmentVariableA
GetStdHandle
FreeEnvironmentStringsW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
SetEnvironmentVariableW

api-ms-win-core-file-l1-1-0

GetFileAttributesExW
FlushFileBuffers
FindNextFileW
SetFilePointerEx
FindClose
GetFileType
CreateFileW
WriteFile
FindFirstFileExW

api-ms-win-core-console-l1-1-0

WriteConsoleW
GetConsoleCP
GetConsoleMode

Sections

.text
Size: 351KB - Virtual size: 351KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DAX3APIDLL.dll
.dll windows x64

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:9b:b5:3d:d0:6f:10:b3:db:a8:2e:8d:3f:af:65:88
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

26/07/2018, 00:00

Not After

19/10/2021, 12:00

Subject

CN=Dolby Laboratories\, Inc.,O=Dolby Laboratories\, Inc.,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:6d:9d:a5:3e:87:00:9d:33:49:00:00:00:00:00:6d
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/09/2018, 19:45

Not After

20/09/2019, 19:45

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b3:9b:4b:b0:22:8b:f5:e7:fc:66:41:a9:d8:5e:71:3a:9f:09:f4:7a:d0:bc:12:82:fe:ca:5a:ed:ab:93:eb:fe
Signer

Actual PE Digest

b3:9b:4b:b0:22:8b:f5:e7:fc:66:41:a9:d8:5e:71:3a:9f:09:f4:7a:d0:bc:12:82:fe:ca:5a:ed:ab:93:eb:fe

Digest Algorithm

sha256

PE Digest Matches

true

b3:9b:4b:b0:22:8b:f5:e7:fc:66:41:a9:d8:5e:71:3a:9f:09:f4:7a:d0:bc:12:82:fe:ca:5a:ed:ab:93:eb:fe
Signer

Actual PE Digest

b3:9b:4b:b0:22:8b:f5:e7:fc:66:41:a9:d8:5e:71:3a:9f:09:f4:7a:d0:bc:12:82:fe:ca:5a:ed:ab:93:eb:fe

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Default.xml
.xml
DolbyAPOv251.dll
.dll regsvr32 windows x64

523ba6d3b5fbdeb3e3cdf120d6584e23

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:9b:b5:3d:d0:6f:10:b3:db:a8:2e:8d:3f:af:65:88
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

26/07/2018, 00:00

Not After

19/10/2021, 12:00

Subject

CN=Dolby Laboratories\, Inc.,O=Dolby Laboratories\, Inc.,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:6d:9d:a5:3e:87:00:9d:33:49:00:00:00:00:00:6d
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/09/2018, 19:45

Not After

20/09/2019, 19:45

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

93:66:58:fd:a5:0b:2a:eb:21:18:34:80:a4:df:6c:4c:2e:8e:db:65:e2:cb:dd:50:d0:b5:e6:a1:5d:bd:c1:15
Signer

Actual PE Digest

93:66:58:fd:a5:0b:2a:eb:21:18:34:80:a4:df:6c:4c:2e:8e:db:65:e2:cb:dd:50:d0:b5:e6:a1:5d:bd:c1:15

Digest Algorithm

sha256

PE Digest Matches

true

93:66:58:fd:a5:0b:2a:eb:21:18:34:80:a4:df:6c:4c:2e:8e:db:65:e2:cb:dd:50:d0:b5:e6:a1:5d:bd:c1:15
Signer

Actual PE Digest

93:66:58:fd:a5:0b:2a:eb:21:18:34:80:a4:df:6c:4c:2e:8e:db:65:e2:cb:dd:50:d0:b5:e6:a1:5d:bd:c1:15

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
SetLastError
GetLastError

api-ms-win-core-synch-l1-1-0

SetEvent
EnterCriticalSection
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadLibraryExA
FindResourceExW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
GetModuleHandleExW
LoadResource
GetModuleHandleExA
SizeofResource
LockResource
GetModuleFileNameW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryA
FindResourceW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-string-l2-1-0

CharNextW
CharUpperBuffW

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW

api-ms-win-core-localization-l1-2-0

FormatMessageA
SetThreadLocale
IsValidLocale
FormatMessageW
GetThreadLocale
GetLocaleInfoW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LCMapStringW
EnumSystemLocalesW
GetUserDefaultLCID

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegCloseKey

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

api-ms-win-core-com-l1-1-0

PropVariantClear
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance

oleaut32

VarUI4FromStr
LoadTypeLi
RegisterTypeLi
SysFreeString
SysStringLen
UnRegisterTypeLi
SysAllocString
VarBstrCmp

api-ms-win-eventing-provider-l1-1-0

EventWriteString
EventRegister
EventUnregister

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-processthreads-l1-1-0

TlsFree
GetCurrentThread
TlsSetValue
GetCurrentProcessId
TlsGetValue
GetCurrentProcess
GetStartupInfoW
GetCurrentThreadId
TerminateProcess
ExitProcess
TlsAlloc

rpcrt4

UuidToStringW
RpcStringFreeW

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree

api-ms-win-core-memory-l1-1-1

VirtualUnlock
VirtualLock

api-ms-win-core-debug-l1-1-0

DebugBreak

api-ms-win-core-heap-l1-1-0

HeapFree
HeapReAlloc
HeapSize
HeapAlloc
HeapDestroy
GetProcessHeap

kernel32

TryEnterCriticalSection
IsDebuggerPresent
OutputDebugStringW
InitializeCriticalSection

advapi32

RegQueryValueExW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegDeleteKeyExW

ole32

StringFromCLSID
CLSIDFromString

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-core-synch-l1-2-0

SleepConditionVariableCS
WakeAllConditionVariable
InitializeConditionVariable
InitOnceExecuteOnce

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
RtlPcToFileHeader

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
InitializeSListHead
InterlockedPushEntrySList

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetCommandLineA
GetStdHandle
SetStdHandle
GetEnvironmentVariableA

api-ms-win-core-fibers-l1-1-0

FlsFree
FlsAlloc
FlsSetValue
FlsGetValue

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-core-file-l1-1-0

FindClose
FindFirstFileExW
CreateFileW
WriteFile
FindNextFileW
SetFilePointerEx
FlushFileBuffers
GetFileType

api-ms-win-core-console-l1-1-0

GetConsoleCP
SetConsoleCtrlHandler
GetConsoleMode
WriteConsoleW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 865KB - Virtual size: 864KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 8B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 502KB - Virtual size: 501KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

RT_CONST
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

RT_DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.trace
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DolbyAPOvlldp.dll
.dll regsvr32 windows x64

106300b7a3a5ca98b74bdf849d8b9a1e

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:9b:b5:3d:d0:6f:10:b3:db:a8:2e:8d:3f:af:65:88
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

26/07/2018, 00:00

Not After

19/10/2021, 12:00

Subject

CN=Dolby Laboratories\, Inc.,O=Dolby Laboratories\, Inc.,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:6d:9d:a5:3e:87:00:9d:33:49:00:00:00:00:00:6d
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/09/2018, 19:45

Not After

20/09/2019, 19:45

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b7:04:40:16:56:84:e1:08:31:19:2c:a2:1f:33:52:e9:05:4d:ca:0b:28:16:de:b8:44:9c:f8:60:0a:7e:38:32
Signer

Actual PE Digest

b7:04:40:16:56:84:e1:08:31:19:2c:a2:1f:33:52:e9:05:4d:ca:0b:28:16:de:b8:44:9c:f8:60:0a:7e:38:32

Digest Algorithm

sha256

PE Digest Matches

true

b7:04:40:16:56:84:e1:08:31:19:2c:a2:1f:33:52:e9:05:4d:ca:0b:28:16:de:b8:44:9c:f8:60:0a:7e:38:32
Signer

Actual PE Digest

b7:04:40:16:56:84:e1:08:31:19:2c:a2:1f:33:52:e9:05:4d:ca:0b:28:16:de:b8:44:9c:f8:60:0a:7e:38:32

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-errorhandling-l1-1-0

GetLastError
RaiseException
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
SetEvent
InitializeCriticalSectionEx
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
DeleteCriticalSection

oleaut32

VarUI4FromStr
SysFreeString
SysAllocString
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi
SysStringLen
VarBstrCmp

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
LCMapStringW
FormatMessageW
IsValidCodePage
IsValidLocale
GetThreadLocale
GetACP
GetOEMCP
GetUserDefaultLCID
EnumSystemLocalesW
SetThreadLocale
GetCPInfo
GetLocaleInfoEx
LCMapStringEx

api-ms-win-core-string-l1-1-0

CompareStringEx
GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte
CompareStringW

api-ms-win-core-com-l1-1-0

StringFromGUID2
PropVariantClear
CLSIDFromString
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteString

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
LoadResource
GetProcAddress
FreeLibrary
SizeofResource
GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-string-l2-1-0

CharNextW
CharUpperBuffW

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegCloseKey

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
TlsFree
ExitProcess
TlsGetValue
GetCurrentThread
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetStartupInfoW
TlsSetValue
TlsAlloc

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapDestroy
HeapFree
HeapSize
GetProcessHeap
HeapReAlloc

audioeng

AERT_Allocate
AERT_Free

kernel32

InitializeCriticalSection
TryEnterCriticalSection
IsDebuggerPresent
OutputDebugStringW

advapi32

RegQueryValueExW
RegDeleteKeyExW
ReportEventW
RegisterEventSourceW
DeregisterEventSource

ole32

StringFromCLSID

api-ms-win-core-synch-l1-2-0

InitializeConditionVariable
InitOnceExecuteOnce
SleepConditionVariableCS
WakeAllConditionVariable

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList
InterlockedFlushSList

api-ms-win-core-fibers-l1-1-0

FlsSetValue
FlsGetValue
FlsAlloc
FlsFree

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentStringsW
GetCommandLineA
FreeEnvironmentStringsW
SetStdHandle
SetEnvironmentVariableW
GetStdHandle
GetCommandLineW

api-ms-win-core-file-l1-1-0

GetFileType
FindFirstFileExW
FindClose
WriteFile
SetFilePointerEx
FlushFileBuffers
FindNextFileW
CreateFileW

api-ms-win-core-console-l1-1-0

WriteConsoleW
GetConsoleCP
SetConsoleCtrlHandler
GetConsoleMode

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 821KB - Virtual size: 820KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 8B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 311KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

RT_CONST
Size: 1024B - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

RT_DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DolbyAPOvlldp120.dll
.dll regsvr32 windows x64

302b5866abb62c87ad1b2b053edea9ed

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:9b:b5:3d:d0:6f:10:b3:db:a8:2e:8d:3f:af:65:88
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

26/07/2018, 00:00

Not After

19/10/2021, 12:00

Subject

CN=Dolby Laboratories\, Inc.,O=Dolby Laboratories\, Inc.,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:6d:9d:a5:3e:87:00:9d:33:49:00:00:00:00:00:6d
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/09/2018, 19:45

Not After

20/09/2019, 19:45

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5d:6e:c9:1e:b4:ce:16:1d:da:9e:8f:42:37:9c:70:30:8f:50:8d:93:22:2a:9b:4c:6f:85:cf:46:d8:f4:91:87
Signer

Actual PE Digest

5d:6e:c9:1e:b4:ce:16:1d:da:9e:8f:42:37:9c:70:30:8f:50:8d:93:22:2a:9b:4c:6f:85:cf:46:d8:f4:91:87

Digest Algorithm

sha256

PE Digest Matches

true

5d:6e:c9:1e:b4:ce:16:1d:da:9e:8f:42:37:9c:70:30:8f:50:8d:93:22:2a:9b:4c:6f:85:cf:46:d8:f4:91:87
Signer

Actual PE Digest

5d:6e:c9:1e:b4:ce:16:1d:da:9e:8f:42:37:9c:70:30:8f:50:8d:93:22:2a:9b:4c:6f:85:cf:46:d8:f4:91:87

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

SetEvent
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection

oleaut32

VarBstrCmp
SysStringLen
SysAllocString
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
VarUI4FromStr
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi
SysFreeString

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-localization-l1-2-0

IsValidLocale
GetLocaleInfoW
FormatMessageA
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
SetThreadLocale
FormatMessageW
GetThreadLocale
LCMapStringW
LCMapStringEx
GetLocaleInfoEx
EnumSystemLocalesW
GetCPInfo

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringW
GetStringTypeW
MultiByteToWideChar
CompareStringEx

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
PropVariantClear
CoTaskMemRealloc
CoTaskMemFree
CLSIDFromString

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteString

api-ms-win-core-libraryloader-l1-2-0

LoadResource
GetModuleHandleW
LoadLibraryExW
SizeofResource
LoadLibraryExA
GetModuleHandleExA
FreeLibrary
GetProcAddress
GetModuleFileNameW
GetModuleHandleExW

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryA

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-string-l2-1-0

CharNextW
CharUpperBuffW

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyW

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-processthreads-l1-1-0

TlsFree
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
TlsSetValue
GetStartupInfoW
GetCurrentProcess
TlsGetValue
TlsAlloc
ExitProcess
GetCurrentThread

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapDestroy
HeapFree
HeapSize
GetProcessHeap
HeapReAlloc

audioeng

AERT_Allocate
AERT_Free

kernel32

OutputDebugStringW
IsDebuggerPresent
TryEnterCriticalSection
InitializeCriticalSection

advapi32

DeregisterEventSource
RegQueryValueExW
ReportEventW
RegisterEventSourceW
RegDeleteKeyExW

ole32

StringFromCLSID

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitializeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlPcToFileHeader
RtlUnwindEx

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedFlushSList
InterlockedPushEntrySList

api-ms-win-core-processenvironment-l1-1-0

FreeEnvironmentStringsW
GetEnvironmentStringsW
SetEnvironmentVariableW
GetEnvironmentVariableA
GetCommandLineW
SetStdHandle
GetStdHandle
GetCommandLineA

api-ms-win-core-fibers-l1-1-0

FlsSetValue
FlsAlloc
FlsFree
FlsGetValue

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-core-file-l1-1-0

FindFirstFileExW
FindNextFileW
CreateFileW
FindClose
SetFilePointerEx
FlushFileBuffers
WriteFile
GetFileType

api-ms-win-core-console-l1-1-0

GetConsoleMode
WriteConsoleW
SetConsoleCtrlHandler
GetConsoleCP

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 917KB - Virtual size: 917KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 8B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 423KB - Virtual size: 423KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

RT_CONST
Size: 1024B - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

RT_DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.trace
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DolbyDspVlldp.dll
.dll regsvr32 windows x64

cf03d156a0893652842b38625f3a6f66

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:9b:b5:3d:d0:6f:10:b3:db:a8:2e:8d:3f:af:65:88
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

26/07/2018, 00:00

Not After

19/10/2021, 12:00

Subject

CN=Dolby Laboratories\, Inc.,O=Dolby Laboratories\, Inc.,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:6d:9d:a5:3e:87:00:9d:33:49:00:00:00:00:00:6d
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/09/2018, 19:45

Not After

20/09/2019, 19:45

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:34:54:d7:72:71:32:9a:0e:18:7e:78:7d:9b:81:93:29:0c:23:2d:ad:fe:93:8b:e8:79:07:36:58:24:58:d7
Signer

Actual PE Digest

61:34:54:d7:72:71:32:9a:0e:18:7e:78:7d:9b:81:93:29:0c:23:2d:ad:fe:93:8b:e8:79:07:36:58:24:58:d7

Digest Algorithm

sha256

PE Digest Matches

true

61:34:54:d7:72:71:32:9a:0e:18:7e:78:7d:9b:81:93:29:0c:23:2d:ad:fe:93:8b:e8:79:07:36:58:24:58:d7
Signer

Actual PE Digest

61:34:54:d7:72:71:32:9a:0e:18:7e:78:7d:9b:81:93:29:0c:23:2d:ad:fe:93:8b:e8:79:07:36:58:24:58:d7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-errorhandling-l1-1-0

GetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
ResetEvent
InitializeCriticalSectionAndSpinCount
SetEvent
WaitForSingleObjectEx
CreateEventW
EnterCriticalSection

api-ms-win-core-com-l1-1-0

CLSIDFromString
PropVariantClear
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
StringFromGUID2

oleaut32

LoadTypeLi
SysFreeString
SysAllocStringLen
UnRegisterTypeLi
RegisterTypeLi
LPSAFEARRAY_UserFree
VarUI4FromStr
SafeArrayCreateVector
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SysAllocStringByteLen
SysStringByteLen
SysStringLen
SysAllocString
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
LPSAFEARRAY_UserFree64
LPSAFEARRAY_UserUnmarshal64
LPSAFEARRAY_UserMarshal64
LPSAFEARRAY_UserSize64
BSTR_UserFree
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserSize
BSTR_UserFree64
BSTR_UserUnmarshal64
BSTR_UserMarshal64
BSTR_UserSize64

api-ms-win-core-libraryloader-l1-2-0

SizeofResource
GetModuleHandleExW
GetProcAddress
GetModuleFileNameA
FreeLibrary
GetModuleFileNameW
LoadLibraryExW
GetModuleHandleW
LoadResource

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-localization-l1-2-0

GetACP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidCodePage
IsValidLocale
LCMapStringW
FormatMessageW
GetOEMCP
GetLocaleInfoW
GetCPInfo
GetThreadLocale
SetThreadLocale

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-l1-1-0

GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteString

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapAlloc
GetProcessHeap
HeapSize
HeapFree
HeapDestroy

api-ms-win-devices-config-l1-1-1

CM_Locate_DevNodeW
CM_Get_Parent
CM_Get_Device_Interface_PropertyW
CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_ListW
CM_Get_DevNode_PropertyW

rpcrt4

NdrOleAllocate
NdrOleFree
NdrCStdStubBuffer_Release
NdrDllGetClassObject
NdrDllCanUnloadNow
CStdStubBuffer_DebugServerRelease
NdrDllUnregisterProxy
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
NdrDllRegisterProxy
IUnknown_QueryInterface_Proxy

advapi32

DeregisterEventSource
ReportEventW
RegisterEventSourceW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

TlsFree
TlsGetValue
TlsAlloc
GetCurrentThreadId
ExitProcess
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
TlsSetValue
GetStartupInfoW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlUnwindEx
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlPcToFileHeader

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedFlushSList

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
SetStdHandle
GetEnvironmentStringsW
GetCommandLineA
FreeEnvironmentStringsW
GetCommandLineW

api-ms-win-core-file-l1-1-0

CreateFileW
WriteFile
FlushFileBuffers
GetFileType
FindClose
FindFirstFileExA
SetFilePointerEx
FindNextFileA

api-ms-win-core-console-l1-1-0

WriteConsoleW
GetConsoleMode
GetConsoleCP

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
GetSSID

Sections

.text
Size: 283KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Headphone_Default_Generic_Default_DolbyAtmos_vlldp1.2.xml
.xml
Headphone_Default_Generic_Large_DolbyAtmos_vlldp1.2.xml
.xml
Headphone_Default_Generic_Medium_DolbyAtmos_vlldp1.2.xml
.xml
Headphone_Default_Generic_Small_DolbyAtmos_vlldp1.2.xml
.xml
Runtime.xml
.xml
TuningFileParser.dll
.dll windows x64

9ecc1182342ed77148c71bc91433016d

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:9b:b5:3d:d0:6f:10:b3:db:a8:2e:8d:3f:af:65:88
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

26/07/2018, 00:00

Not After

19/10/2021, 12:00

Subject

CN=Dolby Laboratories\, Inc.,O=Dolby Laboratories\, Inc.,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:6d:9d:a5:3e:87:00:9d:33:49:00:00:00:00:00:6d
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/09/2018, 19:45

Not After

20/09/2019, 19:45

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:20:f8:70:a4:64:8b:0f:68:3e:a1:9f:fd:71:78:35:18:4c:af:17:5c:b4:54:12:03:17:00:2b:56:9f:cd:3f
Signer

Actual PE Digest

1f:20:f8:70:a4:64:8b:0f:68:3e:a1:9f:fd:71:78:35:18:4c:af:17:5c:b4:54:12:03:17:00:2b:56:9f:cd:3f

Digest Algorithm

sha256

PE Digest Matches

true

1f:20:f8:70:a4:64:8b:0f:68:3e:a1:9f:fd:71:78:35:18:4c:af:17:5c:b4:54:12:03:17:00:2b:56:9f:cd:3f
Signer

Actual PE Digest

1f:20:f8:70:a4:64:8b:0f:68:3e:a1:9f:fd:71:78:35:18:4c:af:17:5c:b4:54:12:03:17:00:2b:56:9f:cd:3f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter
GetLastError

api-ms-win-core-localization-l1-2-0

IsValidCodePage
EnumSystemLocalesW
IsValidLocale
GetUserDefaultLCID
GetACP
LCMapStringW
GetLocaleInfoW
GetCPInfo
GetOEMCP

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetStartupInfoW
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
ExitProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
GetProcAddress
GetModuleHandleW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlPcToFileHeader
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedFlushSList

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapReAlloc
HeapAlloc
HeapSize
HeapFree

api-ms-win-core-processenvironment-l1-1-0

SetStdHandle
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
GetStdHandle
FreeEnvironmentStringsW

api-ms-win-core-file-l1-1-0

FindFirstFileExA
FindClose
SetFilePointerEx
ReadFile
FindNextFileA
CreateFileW
GetFileType
FlushFileBuffers
WriteFile
SetEndOfFile

api-ms-win-core-console-l1-1-0

ReadConsoleW
GetConsoleMode
WriteConsoleW
GetConsoleCP

api-ms-win-core-handle-l1-1-0

CloseHandle

Exports

Exports

CloseTuningFile
FreeBuffer
GetBrandAndModel
GetFormatVersion
GetXmlConstantValue
OpenTuningFile
ParseSettings
ParseTuningData

Sections

.text
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hdaudio.inf
Files/driver/dax3 for gaming x64.zip
.zip

Sharing

General

Malware Config

Signatures

Files

f97119e764e674261e9477eebd529a1d

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

01:9b:b5:3d:d0:6f:10:b3:db:a8:2e:8d:3f:af:65:88Certificate

Extended Key Usages

Key Usages

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

33:00:00:00:6d:9d:a5:3e:87:00:9d:33:49:00:00:00:00:00:6dCertificate

Extended Key Usages

61:0b:aa:c1:00:00:00:00:00:09Certificate

Key Usages

2f:e6:5d:e9:09:29:d9:47:0d:0b:e8:bd:a3:40:33:2b:2c:ea:86:6a:27:f7:b4:4e:2a:8f:dd:11:fa:aa:7a:0aSigner

2f:e6:5d:e9:09:29:d9:47:0d:0b:e8:bd:a3:40:33:2b:2c:ea:86:6a:27:f7:b4:4e:2a:8f:dd:11:fa:aa:7a:0aSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

oleaut32

rpcrt4

Exports

Exports

Sections

.text Size: 378KB - Virtual size: 377KB

.rdata Size: 172KB - Virtual size: 171KB

.data Size: 14KB - Virtual size: 22KB

.pdata Size: 22KB - Virtual size: 22KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 6KB

2c356709a59c2c738fa015ffdc9e1f32

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

01:9b:b5:3d:d0:6f:10:b3:db:a8:2e:8d:3f:af:65:88Certificate

Extended Key Usages

Key Usages

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

33:00:00:00:6d:9d:a5:3e:87:00:9d:33:49:00:00:00:00:00:6dCertificate

Extended Key Usages

61:0b:aa:c1:00:00:00:00:00:09Certificate

Key Usages

c5:c8:0b:95:0e:0a:be:24:77:91:8d:b6:93:f9:ca:f2:76:6d:72:b2:c5:c2:75:88:be:be:da:f0:d7:94:ef:35Signer

c5:c8:0b:95:0e:0a:be:24:77:91:8d:b6:93:f9:ca:f2:76:6d:72:b2:c5:c2:75:88:be:be:da:f0:d7:94:ef:35Signer

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-heap-l2-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-service-management-l2-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-eventing-provider-l1-1-0

oleaut32

rpcrt4

api-ms-win-core-handle-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-com-l1-1-0

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

01:9b:b5:3d:d0:6f:10:b3:db:a8:2e:8d:3f:af:65:88
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

33:00:00:00:6d:9d:a5:3e:87:00:9d:33:49:00:00:00:00:00:6d
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

2f:e6:5d:e9:09:29:d9:47:0d:0b:e8:bd:a3:40:33:2b:2c:ea:86:6a:27:f7:b4:4e:2a:8f:dd:11:fa:aa:7a:0a
Signer

2f:e6:5d:e9:09:29:d9:47:0d:0b:e8:bd:a3:40:33:2b:2c:ea:86:6a:27:f7:b4:4e:2a:8f:dd:11:fa:aa:7a:0a
Signer

.text
Size: 378KB - Virtual size: 377KB

.rdata
Size: 172KB - Virtual size: 171KB

.data
Size: 14KB - Virtual size: 22KB

.pdata
Size: 22KB - Virtual size: 22KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 6KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

01:9b:b5:3d:d0:6f:10:b3:db:a8:2e:8d:3f:af:65:88
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

33:00:00:00:6d:9d:a5:3e:87:00:9d:33:49:00:00:00:00:00:6d
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

c5:c8:0b:95:0e:0a:be:24:77:91:8d:b6:93:f9:ca:f2:76:6d:72:b2:c5:c2:75:88:be:be:da:f0:d7:94:ef:35
Signer

c5:c8:0b:95:0e:0a:be:24:77:91:8d:b6:93:f9:ca:f2:76:6d:72:b2:c5:c2:75:88:be:be:da:f0:d7:94:ef:35
Signer

.text
Size: 351KB - Virtual size: 351KB

.rdata
Size: 164KB - Virtual size: 163KB

.data
Size: 9KB - Virtual size: 15KB

.pdata
Size: 19KB - Virtual size: 19KB

.rsrc
Size: 22KB - Virtual size: 22KB

.reloc
Size: 5KB - Virtual size: 4KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

01:9b:b5:3d:d0:6f:10:b3:db:a8:2e:8d:3f:af:65:88
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

33:00:00:00:6d:9d:a5:3e:87:00:9d:33:49:00:00:00:00:00:6d
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

b3:9b:4b:b0:22:8b:f5:e7:fc:66:41:a9:d8:5e:71:3a:9f:09:f4:7a:d0:bc:12:82:fe:ca:5a:ed:ab:93:eb:fe
Signer

b3:9b:4b:b0:22:8b:f5:e7:fc:66:41:a9:d8:5e:71:3a:9f:09:f4:7a:d0:bc:12:82:fe:ca:5a:ed:ab:93:eb:fe
Signer

.text
Size: 137KB - Virtual size: 137KB

.rsrc
Size: 1024B - Virtual size: 996B

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

01:9b:b5:3d:d0:6f:10:b3:db:a8:2e:8d:3f:af:65:88
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate