Rival 650 Recovery Tool[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Rival 650 Recovery Tool.zip
Size

1.0MB
MD5

c537aab5ba42385fd320e530f2f35a47
SHA1

e51d136668690fe94ba2cc36aac7ba1b11954867
SHA256

b8b34ed90d979d7dc7272132ba235de20158b67367f559f86029c96a7ba6b8de
SHA512

8423c4a69ee881b8c33bc72e584078baee3f76e02114669bf98ac6cc0709955115107f6b30458bba1df280e6398960db9119bf1ae1c1b9427c8d09377a78de4c
SSDEEP

24576:W2B0mENpXiEg2NwHFVa7oayZgLvpXSHw7oWgZTV8VpOqD:W2B0jkHFV4CgLlSHwk2pOE

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Rival 650 Recovery Tool/SSEdevice.dll
unpack001/Rival 650 Recovery Tool/firmwareupdate.exe

Files

Rival 650 Recovery Tool.zip
.zip
Rival 650 Recovery Tool/SSEdevice.dll
.dll windows:6 windows x86 arch:x86

72e6568354830f9d8d52bbe1d1e96abb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

hid

HidD_GetInputReport
HidD_SetFeature
HidD_FreePreparsedData
HidD_GetPreparsedData
HidP_GetCaps
HidD_GetAttributes
HidD_GetProductString
HidD_GetHidGuid

setupapi

SetupDiEnumDeviceInterfaces
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceInstanceIdW
SetupDiDestroyDeviceInfoList

kernel32

SetEndOfFile
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
InitializeCriticalSectionEx
GetLastError
RaiseException
DecodePointer
DeleteCriticalSection
CloseHandle
Sleep
LoadLibraryW
GetProcAddress
HeapFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
HeapSize
MultiByteToWideChar
HeapReAlloc
HeapAlloc
GetProcessHeap
WideCharToMultiByte
CreateThread
VerSetConditionMask
GetModuleHandleW
VerifyVersionInfoW
WaitForSingleObject
CreateEventW
SetEvent
ReadFile
CancelIo
WriteFile
DeviceIoControl
WaitForMultipleObjects
CreateFileW
GetOverlappedResult
OutputDebugStringW
GetTickCount
lstrcpyA
lstrcmpA
GetModuleHandleA
LoadLibraryA
FreeLibrary
ResetEvent
CreateFileA
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
FlushFileBuffers
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetFileType
GetStdHandle
GetACP
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
ExitThread
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
DuplicateHandle
WaitForSingleObjectEx
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetExitCodeThread
QueryPerformanceCounter
QueryPerformanceFrequency
TryEnterCriticalSection
EncodePointer
IsProcessorFeaturePresent
QueueUserWorkItem
GetStringTypeW
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
IsDebuggerPresent
LocalFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleFileNameW
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect

user32

RegisterDeviceNotificationW
GetRawInputDeviceInfoW
GetRawInputData
RegisterRawInputDevices
PostThreadMessageW
RegisterClassExA
SystemParametersInfoW
UnregisterClassA
DefWindowProcW
DestroyWindow
CreateWindowExW
UnregisterDeviceNotification
DispatchMessageW
UnregisterPowerSettingNotification
RegisterClassW
RegisterPowerSettingNotification
PostQuitMessage
UnregisterClassW
CreateWindowExA
DefWindowProcA
RegisterDeviceNotificationA
GetMessageW
SendMessageW

ole32

CoUninitialize
PropVariantClear
CoTaskMemFree
CoInitializeEx
CoCreateInstance
CoInitialize

oleaut32

SysFreeString
VarBstrCat
SysAllocString
SysStringLen
SysAllocStringLen
VariantClear

Exports

Exports

??0DeviceLib@@QAE@XZ
??0DeviceLibFactory@@QAE@$$QAV0@@Z
??0DeviceLibFactory@@QAE@ABV0@@Z
??0DeviceLibFactory@@QAE@XZ
??0DeviceLib_AudioDeviceFxPluginAPI@@QAE@ABV0@@Z
??0DeviceLib_AudioDeviceFxPluginAPI@@QAE@XZ
??0DeviceLib_AudioDeviceManagerAPI@@QAE@ABV0@@Z
??0DeviceLib_AudioDeviceManagerAPI@@QAE@XZ
??0DeviceLib_MMDeviceManager@@QAE@XZ
??0DeviceLib_MMDeviceManagerFactory@@QAE@$$QAV0@@Z
??0DeviceLib_MMDeviceManagerFactory@@QAE@ABV0@@Z
??0DeviceLib_MMDeviceManagerFactory@@QAE@XZ
??0DeviceLib_NineEarsAPI@@QAE@XZ
??0DeviceLib_NineEarsAPIFactory@@QAE@$$QAV0@@Z
??0DeviceLib_NineEarsAPIFactory@@QAE@ABV0@@Z
??0DeviceLib_NineEarsAPIFactory@@QAE@XZ
??0HIDLib@@AAE@XZ
??0HIDLibBase@@QAE@ABV0@@Z
??0HIDLibBase@@QAE@XZ
??0HidInfoList@@QAE@XZ
??0ISPLibBase@@QAE@ABV0@@Z
??0ISPLibBase@@QAE@XZ
??0SC2Lib@@AAE@XZ
??0SSECmdLibBase@@QAE@ABV0@@Z
??0SSECmdLibBase@@QAE@XZ
??0STLibBase@@QAE@ABV0@@Z
??0STLibBase@@QAE@XZ
??1DeviceLib@@UAE@XZ
??1DeviceLib_AudioDeviceFxPluginAPI@@UAE@XZ
??1DeviceLib_AudioDeviceManagerAPI@@UAE@XZ
??1DeviceLib_MMDeviceManager@@UAE@XZ
??1DeviceLib_NineEarsAPI@@UAE@XZ
??1HIDLib@@EAE@XZ
??1HIDLibBase@@UAE@XZ
??1HidInfoList@@QAE@XZ
??1ISPLibBase@@UAE@XZ
??1SC2Lib@@QAE@XZ
??1SSECmdLibBase@@UAE@XZ
??1STLibBase@@UAE@XZ
??4DeviceLibFactory@@QAEAAV0@$$QAV0@@Z
??4DeviceLibFactory@@QAEAAV0@ABV0@@Z
??4DeviceLib_AudioDeviceFxPluginAPI@@QAEAAV0@ABV0@@Z
??4DeviceLib_AudioDeviceManagerAPI@@QAEAAV0@ABV0@@Z
??4DeviceLib_MMDeviceManagerFactory@@QAEAAV0@$$QAV0@@Z
??4DeviceLib_MMDeviceManagerFactory@@QAEAAV0@ABV0@@Z
??4DeviceLib_NineEarsAPIFactory@@QAEAAV0@$$QAV0@@Z
??4DeviceLib_NineEarsAPIFactory@@QAEAAV0@ABV0@@Z
??4HIDLibBase@@QAEAAV0@ABV0@@Z
??4ISPLibBase@@QAEAAV0@ABV0@@Z
??4SSECmdLibBase@@QAEAAV0@ABV0@@Z
??4STLibBase@@QAEAAV0@ABV0@@Z
??_7DeviceLib@@6B@
??_7DeviceLibFactory@@6B@
??_7DeviceLib_AudioDeviceFxPluginAPI@@6B@
??_7DeviceLib_AudioDeviceManagerAPI@@6B@
??_7DeviceLib_MMDeviceManager@@6B@
??_7DeviceLib_MMDeviceManagerFactory@@6B@
??_7DeviceLib_NineEarsAPI@@6B@
??_7DeviceLib_NineEarsAPIFactory@@6B@
??_7HIDLib@@6B@
??_7HIDLibBase@@6B@
??_7ISPLibBase@@6B@
??_7SSECmdLibBase@@6B@
??_7STLibBase@@6B@
?AddDeviceToList@HIDLib@@AAEXAAVHidInfo@@@Z
?AddRef@DeviceLib_MMDeviceManager@@UAGKXZ
?AtomicWriteRead@HIDLib@@UAEIIW4HID_REPORT_TYPE@@PAEI@Z
?AtomicWriteRead@HIDLib@@UAEIIW4HID_REPORT_TYPE@@PAEII@Z
?AtomicWriteRead@HIDLibBase@@UAEIIW4HID_REPORT_TYPE@@PAEII@Z
?CloneDeviceInfo@DeviceLib@@SAPAUDeviceInfo@@ABU2@@Z
?ConfigureDevice@HIDLib@@UAEIIPBUDeviceConfig@@@Z
?CurrentProfile_SetBoolSetting@DeviceLib_NineEarsAPI@@AAEIW4ENineEarsSetting@NineEarsAPI@@_NAAV?$CComPtr@UISimpleControl@NineEarsAPI@@@ATL@@@Z
?CurrentProfile_SetFloatSetting@DeviceLib_NineEarsAPI@@AAEIW4ENineEarsSetting@NineEarsAPI@@MAAV?$CComPtr@UISimpleControl@NineEarsAPI@@@ATL@@@Z
?CurrentProfile_SetLongSetting@DeviceLib_NineEarsAPI@@AAEIW4ENineEarsSetting@NineEarsAPI@@IAAV?$CComPtr@UISimpleControl@NineEarsAPI@@@ATL@@@Z
?DeviceConnectionCallback@SC2Lib@@AAEXPAUDeviceInfo@@PAX@Z
?DeviceConnectionCallbackHelper@SC2Lib@@CAXPAUDeviceInfo@@PAX@Z
?DeviceLib_Sleep@DeviceLib@@IAEIPAUDeviceChunk@@@Z
?DevicePathToHidInfo@HIDLib@@AAE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAPAVHidInfo@@@Z
?Find@HidInfoList@@QAE_NIIGGAAPAVHidInfo@@@Z
?FindByDevicePath@HidInfoList@@QAE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAPAVHidInfo@@@Z
?FindByHandle@HidInfoList@@QAE_NIAAPAVHidInfo@@@Z
?FindDeviceByHandle@DeviceLib@@IAEPAUDeviceInfo@@I@Z
?FindDeviceHandle@ISPLibBase@@IAE_NGGIGAAI@Z
?FindDeviceHandle@SSECmdLibBase@@IAE_NGGIGAAI@Z
?FirmwareCallback@DeviceLib@@KAXI@Z
?FlashFirmware@SC2Lib@@QAE?AW4SC2_STATUS@@IABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@P6AXI@ZI@Z
?FlashFirmware@SSECmdLibBase@@QAE?AW4SSECMD_STATUS@@IPAUDeviceChunk@@P6AXI@Z@Z
?FlashFirmwareAvnera@SSECmdLibBase@@QAE?AW4SSECMD_STATUS@@IPAUDeviceChunk@@P6AXI@Z@Z
?FlashFirmwareCMedia@SSECmdLibBase@@QAE?AW4SSECMD_STATUS@@IPAUDeviceChunk@@P6AXI@Z@Z
?FlashFirmwareExtended@SSECmdLibBase@@QAE?AW4SSECMD_STATUS@@IPAUDeviceChunk@@P6AXI@Z@Z
?FlashFirmwareGeneric@SSECmdLibBase@@QAE?AW4SSECMD_STATUS@@IPAUDeviceChunk@@P6AXI@Z@Z
?FlashFirmwareKLC@SSECmdLibBase@@QAE?AW4SSECMD_STATUS@@IPAUDeviceChunk@@P6AXI@Z@Z
?FlashFirmwareKLCV2@SSECmdLibBase@@QAE?AW4SSECMD_STATUS@@IPAUDeviceChunk@@P6AXI@Z@Z
?FlashFirmwareLegacy@SSECmdLibBase@@QAE?AW4SSECMD_STATUS@@IPAUDeviceChunk@@P6AXI@Z@Z
?FlashFirmwareWithAddressSize@SSECmdLibBase@@QAE?AW4SSECMD_STATUS@@IPAUDeviceChunk@@P6AXI@ZI@Z
?FlashHugeFirmware@SSECmdLibBase@@QAE?AW4SSECMD_STATUS@@IPAUDeviceChunk@@P6AXI@Z@Z
?FreeDevices@DeviceLib@@QAEIPAUDeviceInfo@@@Z
?FreeDevices@DeviceLib_MMDeviceManager@@QAEIPAUMMDeviceInfo@@@Z
?FreeDevices@HIDLib@@UAEXPAUDeviceInfo@@@Z
?FreeDevices@HidInfoList@@SAXPAUDeviceInfo@@@Z
?GetDLCTIDString@DeviceLib@@IAE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@I@Z
?GetDLHTIDString@DeviceLib@@IAE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@I@Z
?GetDLSTIDString@DeviceLib@@IAE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@I@Z
?GetDeviceDescription@DeviceLib_AudioDeviceManagerAPI@@SAJPA_WPAPA_W@Z
?GetDeviceFriendlyName@DeviceLib_AudioDeviceManagerAPI@@SAJPA_WPAPA_W@Z
?GetDeviceInfo@HIDLib@@QAEPAUDeviceInfo@@I@Z
?GetDeviceInterfaceFriendlyName@DeviceLib_AudioDeviceManagerAPI@@SAJPA_WPAPA_W@Z
?GetDevices@DeviceLib@@QAEIAAPAUDeviceInfo@@@Z
?GetDevices@DeviceLib_MMDeviceManager@@QAEIAAPAUMMDeviceInfo@@@Z
?GetDevices@HIDLib@@UAEPAUDeviceInfo@@XZ
?GetDevices@HidInfoList@@QAEPAUDeviceInfo@@XZ
?GetHIDCodeFrom@HIDLib@@AAEEEE@Z
?Global_SetBoolSetting@DeviceLib_NineEarsAPI@@AAEIW4ENineEarsSetting@NineEarsAPI@@_NAAV?$CComPtr@UISimpleControl@NineEarsAPI@@@ATL@@@Z
?Global_SetFloatSetting@DeviceLib_NineEarsAPI@@AAEIW4ENineEarsSetting@NineEarsAPI@@MAAV?$CComPtr@UISimpleControl@NineEarsAPI@@@ATL@@@Z
?HandleCmdInterfaceEvent@HIDLib@@AAEXPAUtagRID_DEVICE_INFO@@PAUtagRAWHID@@@Z
?HandleCnxtDTSHPXCmd@DeviceLib@@IAEIIPAUDeviceChunk@@@Z
?HandleHIDCmd@DeviceLib@@IAEIIPAUDeviceChunk@@@Z
?HandleKeyboardEvent@HIDLib@@AAEXUtagRAWKEYBOARD@@@Z
?HandleMMDeviceCmd@DeviceLib@@IAEIIPAUDeviceChunk@@@Z
?HandleMouseEvent@HIDLib@@AAEXUtagRAWMOUSE@@@Z
?HandleNineEarsAPICmd@DeviceLib@@IAEIIPAUDeviceChunk@@@Z
?HandleSC2Cmd@DeviceLib@@IAEIIPAUDeviceChunk@@@Z
?HandleSSECmd@DeviceLib@@IAEIIPAUDeviceChunk@@@Z
?HandleSSHzDTSHPXCmd@DeviceLib@@IAEIIPAUDeviceChunk@@@Z
?HandleUnivTrig@DeviceLib@@IAEIPAUDeviceChunk@@@Z
?InitHidInfoList@HIDLib@@AAEXXZ
?Initialize@DeviceLib@@QAEIXZ
?Initialize@HIDLib@@UAEIXZ
?InitializePS2ToHIDMapping@HIDLib@@AAEXXZ
?Insert@HidInfoList@@QAEXAAVHidInfo@@@Z
?Instance@DeviceLib@@SAPAV1@XZ
?Instance@DeviceLib_MMDeviceManager@@SAPAV1@XZ
?Instance@DeviceLib_NineEarsAPI@@SAPAV1@XZ
?Instance@HIDLib@@SAPAV1@XZ
?Instance@SC2Lib@@SAPAV1@XZ
?IsDeviceConnected@ISPLibBase@@IAE_NI@Z
?IsDeviceConnected@SSECmdLibBase@@IAE_NI@Z
?IsPlugged@DeviceLib_AudioDeviceFxPluginAPI@@SAJPA_WPAF@Z
?MessagePump@HIDLib@@AAGKXZ
?MessagePumpStub@HIDLib@@CGKPAX@Z
?NewDeviceLib@DeviceLibFactory@@UAEPAVDeviceLib@@XZ
?NewKeyboardEvent@HIDLib@@AAE_NEE@Z
?NewMMDeviceManager@DeviceLib_MMDeviceManagerFactory@@UAEPAVDeviceLib_MMDeviceManager@@XZ
?NewNineEarsAPI@DeviceLib_NineEarsAPIFactory@@UAEPAVDeviceLib_NineEarsAPI@@XZ
?NotifyCmdInterfaceListener@HIDLibBase@@MAEXPAUDeviceInfo@@PAUCommandInterfaceEvent@@@Z
?NotifyConnectionListenerAboutAllDevices@HIDLibBase@@MAEXP6AXPAUDeviceInfo@@PAX@Z@Z
?NotifyConnectionListeners@HIDLib@@MAEXPAUDeviceInfo@@_N@Z
?NotifyConnectionListeners@HIDLibBase@@MAEXPAUDeviceInfo@@_N@Z
?NotifyFirmwareCallback@ISPLibBase@@IAEXII@Z
?NotifyFirmwareCallback@SC2Lib@@AAEXKPAX@Z
?NotifyFirmwareCallback@SSECmdLibBase@@IAEXII@Z
?NotifyFirmwareCallback@STLibBase@@IAEXII@Z
?NotifyFirmwareCallbackListener@DeviceLib@@IAEXPAUDeviceInfo@@W4DEVICELIB_FWSTATUS@@I@Z
?NotifyFirmwareCallbackListener@DeviceLib@@IAEXW4DEVICELIB_FWSTATUS@@I@Z
?NotifyFirmwareCallbackListenerChunk@DeviceLib@@IAEXIPAE@Z
?NotifyInputListener@HIDLibBase@@MAEXPAUDeviceEvent@@@Z
?NotifySSECommandCallback@SSECmdLibBase@@MAEXQAU_CMD_BINDING_INFO@@@Z
?OnDefaultDeviceChanged@DeviceLib_MMDeviceManager@@UAGJW4__MIDL___MIDL_itf_mmdeviceapi_0000_0000_0001@@W4__MIDL___MIDL_itf_mmdeviceapi_0000_0000_0002@@PB_W@Z
?OnDeviceAdded@DeviceLib_MMDeviceManager@@UAGJPB_W@Z
?OnDeviceRemoved@DeviceLib_MMDeviceManager@@UAGJPB_W@Z
?OnDeviceStateChanged@DeviceLib_MMDeviceManager@@UAGJPB_WK@Z
?OnPropertyValueChanged@DeviceLib_MMDeviceManager@@UAGJPB_WU_tagpropertykey@@@Z
?OneWireTransferStatus@DeviceLib@@IAEIIPAE@Z
?PairAvneraDevices@SSECmdLibBase@@QAEXII@Z
?PerformFirmwareOperation@SC2Lib@@AAE?AW4SC2_STATUS@@IW4FIRMWARE_OPERATION@1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@P6AXI@Z@Z
?Plug@DeviceLib_AudioDeviceFxPluginAPI@@SAJPA_W@Z
?PlugDefaultCaptureDevice@DeviceLib_MMDeviceManager@@QAEIXZ
?PlugDefaultRenderDevice@DeviceLib_MMDeviceManager@@QAEIXZ
?PlugDevice@DeviceLib_MMDeviceManager@@QAEII@Z
?PrepareAvnera@SSECmdLibBase@@IAE?AW4SSECMD_STATUS@@IPAUSSFWUpdateInfo@@AAI@Z
?PrepareDevice@ISPLibBase@@MAEIIPAUSSFWUpdateInfo@@AAI@Z
?PrepareDevice@SSECmdLibBase@@IAE?AW4SSECMD_STATUS@@IPAUSSFWUpdateInfo@@AAI@Z
?PrepareDevice@STLibBase@@MAEIIPAUSSFWUpdateInfo@@AAI@Z
?PrepareDeviceExtended@SSECmdLibBase@@IAE?AW4SSECMD_STATUS@@IPAUSSFWUpdateExtendedInfo@@AAI_N@Z
?PrepareDeviceGeneric@SSECmdLibBase@@IAE?AW4SSECMD_STATUS@@IPAUSSFWUpdateGenericInfo@@AAUGenericBootloaderMetadata@@@Z
?PrepareDeviceKLC@SSECmdLibBase@@IAE?AW4SSECMD_STATUS@@IPAUSSFWUpdateGenericInfo@@AAUGenericBootloaderMetadata@@@Z
?QueryInterface@DeviceLib_MMDeviceManager@@UAGJABU_GUID@@PAPAX@Z
?Read@DeviceLib@@QAEIIIPAEI@Z
?Read@HIDLib@@UAEIIW4HID_REPORT_TYPE@@PAEI@Z
?Read@HIDLib@@UAEIIW4HID_REPORT_TYPE@@PAEII@Z
?Read@HIDLibBase@@UAEIIW4HID_REPORT_TYPE@@PAEII@Z
?ReadOneWirePacket@DeviceLib@@IAEIIPAEE@Z
?RefreshUsbDeviceList@HIDLib@@AAEXXZ
?RegisterConnectionCallback@HIDLibBase@@UAEXP6AXPAUDeviceInfo@@PAX@Z@Z
?RegisterEndpoint@DeviceLib_MMDeviceManager@@QAEIXZ
?RegisterForDeviceNotifications@HIDLib@@AAE_NXZ
?Release@DeviceLib_MMDeviceManager@@UAGKXZ
?Remove@HidInfoList@@QAE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?RemoveDeviceFromList@HIDLib@@AAEXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?RestartDevice@HIDLib@@UAEII@Z
?SC2EepromPatchCallback@SC2Lib@@CAHPAXK0@Z
?SSEReturnCallback@SSECmdLibBase@@MAEXW4DEVICELIB_SSECMDTYPEID@@I@Z
?SV2EepromPatchCallback@SC2Lib@@CAHPAXK0@Z
?SendCommand@DeviceLib@@QAEIIIPAEI@Z
?SendCommand@SC2Lib@@QAE?AW4SC2_STATUS@@IPBEI@Z
?SetCallback@DeviceLib@@QAEIIP6AXPAUDeviceInfo@@PAX@Z@Z
?SetCallback@DeviceLib_MMDeviceManager@@QAEIIP6AXPAX@Z@Z
?SetCmdInterfaceCallback@HIDLib@@UAEXP6AXPAUDeviceInfo@@PAX@Z@Z
?SetCmdInterfaceCallback@HIDLibBase@@UAEXP6AXPAUDeviceInfo@@PAX@Z@Z
?SetDeviceDescription@DeviceLib_AudioDeviceManagerAPI@@SAJPA_W0@Z
?SetFactory@DeviceLib@@SAXPAVDeviceLibFactory@@@Z
?SetInputCallback@HIDLib@@UAEXP6AXPAUDeviceInfo@@PAX@Z@Z
?SetInputCallback@HIDLibBase@@UAEXP6AXPAUDeviceInfo@@PAX@Z@Z
?SetSSECommandCallback@SSECmdLibBase@@UAEXP6AXPAUDeviceInfo@@PAX@Z@Z
?SetSSERetCallback@DeviceLib@@QAEIP6AXW4DEVICELIB_SSECMDTYPEID@@I@Z@Z
?SetSSERetCallback@SSECmdLibBase@@UAEXP6AXW4DEVICELIB_SSECMDTYPEID@@I@Z@Z
?SetSetting@DeviceLib_NineEarsAPI@@QAEIII@Z
?StatusSSOneWire@DeviceLib@@IAEIIPAE@Z
?Unplug@DeviceLib_AudioDeviceFxPluginAPI@@SAJPA_W@Z
?UnplugAnyCaptureDevice@DeviceLib_MMDeviceManager@@QAEIXZ
?UnplugAnyDevice@DeviceLib_MMDeviceManager@@QAEIXZ
?UnplugAnyRenderDevice@DeviceLib_MMDeviceManager@@QAEIXZ
?UnregisterConnectionCallback@HIDLibBase@@UAEXP6AXPAUDeviceInfo@@PAX@Z@Z
?UnregisterEndpoint@DeviceLib_MMDeviceManager@@QAEIXZ
?UnregisterForDeviceNotifications@HIDLib@@AAEXXZ
?UpdateFirmware@ISPLibBase@@UAEIIPAUSSFWUpdateInfo@@P6AXI@Z@Z
?UpdateFirmware@STLibBase@@UAEIIPAUSSFWUpdateInfo@@P6AXI@Z@Z
?UpdateRawInputRegistration@HIDLib@@AAEXXZ
?VerifyFirmware@SC2Lib@@QAE?AW4SC2_STATUS@@IABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@P6AXI@ZI@Z
?WinProcCallback@HIDLib@@CGJPAUHWND__@@IIJ@Z
?Write@DeviceLib@@QAEIIIPAEI@Z
?Write@HIDLib@@UAEIIW4HID_REPORT_TYPE@@PAEI@Z
?Write@HIDLib@@UAEIIW4HID_REPORT_TYPE@@PAEII@Z
?Write@HIDLibBase@@UAEIIW4HID_REPORT_TYPE@@PAEII@Z
?WriteOneWirePacket@DeviceLib@@IAEIIPAEE@Z
?WriteSSOneWire@DeviceLib@@IAEIIPAEE@Z
?_CloneInfoFromMMDevice@DeviceLib_MMDeviceManager@@AAEPAUMMDeviceInfo@@ABUMMDevice@@W4DEVICELIB_MMDEVICE_DEVICETYPE@@@Z
?_GetDevices@DeviceLib_MMDeviceManager@@AAEIW4__MIDL___MIDL_itf_mmdeviceapi_0000_0000_0001@@@Z
?_NotifyRefreshDevicesCallback@DeviceLib_MMDeviceManager@@AAEXXZ
?_PlugDefaultCaptureDevice@DeviceLib_MMDeviceManager@@AAEIXZ
?_PlugDefaultRenderDevice@DeviceLib_MMDeviceManager@@AAEIXZ
?_PlugDeviceAndAddSuffix@DeviceLib_MMDeviceManager@@AAEIPA_W@Z
?_RefreshDevices@DeviceLib_MMDeviceManager@@AAEIXZ
?_RegisterEndpoint@DeviceLib_MMDeviceManager@@AAEIXZ
?_UnplugAnyCaptureDevice@DeviceLib_MMDeviceManager@@AAEIXZ
?_UnplugAnyRenderDevice@DeviceLib_MMDeviceManager@@AAEIXZ
?_UnplugDeviceAndRemoveSuffix@DeviceLib_MMDeviceManager@@AAEIPA_W@Z
?_UnregisterEndpoint@DeviceLib_MMDeviceManager@@AAEIXZ
?_cRef@DeviceLib_MMDeviceManager@@0JC
?_factory@DeviceLib@@2PAVDeviceLibFactory@@A
?_factory@DeviceLib_MMDeviceManager@@0PAVDeviceLib_MMDeviceManagerFactory@@A
?_factory@DeviceLib_NineEarsAPI@@0PAVDeviceLib_NineEarsAPIFactory@@A
?_instance@DeviceLib@@2PAV1@A
?_instance@DeviceLib_MMDeviceManager@@0PAV1@A
?_instance@DeviceLib_NineEarsAPI@@0PAV1@A
?getAvneraData@SSECmdLibBase@@AAEEPAU_iobuf@@AA_N@Z
?getFileExt@SSECmdLibBase@@AAEEPAD@Z
DeviceLib_FreeDevices
DeviceLib_GetDevices
DeviceLib_Initialize
DeviceLib_MMDeviceManager_FreeDevices
DeviceLib_MMDeviceManager_GetDevices
DeviceLib_Read
DeviceLib_SendCommand
DeviceLib_SetCallback
DeviceLib_SetMMDeviceManagerCallback
DeviceLib_SetSSERetCallback
DeviceLib_Write
Sequencer_DeleteSequence
Sequencer_Initialize
Sequencer_NewSequence
Sequencer_ResumeSequence
Sequencer_StartSequence
Sequencer_StopDevice
Sequencer_StopSequence
Syncer_AddDevice
Syncer_Initialize
Syncer_MakeDeviceRewrite
Syncer_Play
Syncer_RemoveDevice
Syncer_RemoveSync
Syncer_SetBaseLayerSync
Syncer_SetIdleLayerSync
Syncer_SetInactiveMode
Syncer_SetTriggerLayerSync
Syncer_SetTriggerModes
Syncer_Stop

Sections

.text
Size: 646KB - Virtual size: 645KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rival 650 Recovery Tool/__RECOVER_RIVAL_650.bat
Rival 650 Recovery Tool/firmwareupdate.exe
.exe windows:6 windows x86 arch:x86

568790bdb9069c87821910eeb587e33a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
SetEndOfFile
HeapSize
WriteConsoleW
CreateFileW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
WideCharToMultiByte
CloseHandle
WaitForSingleObjectEx
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
SetEvent
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
GetLastError
GetThreadTimes
FreeLibrary
LoadLibraryExW
RaiseException
RtlUnwind
ReadFile
HeapAlloc
GetModuleHandleExW
HeapReAlloc
HeapFree
ExitProcess
GetModuleFileNameA
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
GetACP
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleCP
GetProcessHeap
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage

winmm

timeEndPeriod
timeBeginPeriod

ssedevice

?Instance@DeviceLib@@SAPAV1@XZ
?Initialize@DeviceLib@@QAEIXZ
DeviceLib_FreeDevices
DeviceLib_Write
DeviceLib_Read
DeviceLib_SetCallback
DeviceLib_GetDevices

Sections

.text
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rival 650 Recovery Tool/nordic_fs.bin
Rival 650 Recovery Tool/tool-config-mouse-flash.txt
Rival 650 Recovery Tool/ucrtbase.dll
.dll windows:10 windows x86 arch:x86

7a86ba02a97907fb532ad47d5e59b822

Code Sign

33:00:00:00:bc:e1:20:fd:d2:7c:c8:ee:93:00:00:00:00:00:bc
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/08/2015, 17:15

Not After

18/11/2016, 17:15

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

50:10:38:90:86:bf:9c:fb:6b:b7:b4:0c:79:61:4f:e3:45:12:45:3b:b9:94:bb:4e:ac:19:72:d3:40:95:f1:4a
Signer

Actual PE Digest

50:10:38:90:86:bf:9c:fb:6b:b7:b4:0c:79:61:4f:e3:45:12:45:3b:b9:94:bb:4e:ac:19:72:d3:40:95:f1:4a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

api-ms-win-core-string-l1-1-0

GetStringTypeW
CompareStringW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
SetErrorMode
GetLastError
RaiseException

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
GetTimeZoneInformation
SystemTimeToFileTime

api-ms-win-core-file-l1-1-0

ReadFile
FlushFileBuffers
SetEndOfFile
GetFullPathNameA
FindNextFileA
UnlockFileEx
DeleteFileW
RemoveDirectoryW
LockFileEx
FindFirstFileExA
CreateDirectoryW
GetFullPathNameW
SetFileAttributesW
WriteFile
GetFileAttributesExW
FindNextFileW
GetFileInformationByHandle
FindClose
SetFilePointerEx
GetFileType
CreateFileW
FindFirstFileExW
SetFileTime
GetDriveTypeW
GetDiskFreeSpaceW
GetLogicalDrives

api-ms-win-core-namedpipe-l1-1-0

CreatePipe
PeekNamedPipe

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapSize
HeapQueryInformation
HeapCompact
HeapWalk
HeapReAlloc
HeapAlloc
HeapValidate

api-ms-win-core-libraryloader-l1-1-0

LoadLibraryExW
GetModuleHandleW
GetModuleHandleExW
GetProcAddress
GetModuleFileNameA
GetModuleFileNameW
LoadLibraryExA
FreeLibrary
FreeLibraryAndExitThread

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
WaitForSingleObject

api-ms-win-core-processthreads-l1-1-0

ResumeThread
TlsGetValue
CreateProcessA
TlsSetValue
TlsAlloc
TlsFree
GetCurrentProcess
GetCurrentThreadId
GetExitCodeProcess
GetCurrentThread
CreateThread
GetCurrentProcessId
ExitProcess
TerminateProcess
CreateProcessW
ExitThread
GetStartupInfoW

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineA
GetCommandLineW
GetCurrentDirectoryA
SetCurrentDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryA
SetStdHandle
GetStdHandle
SetEnvironmentVariableA
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-localization-l1-2-0

IsValidLocale
GetUserDefaultLCID
GetLocaleInfoW
EnumSystemLocalesW
LCMapStringW
GetCPInfo
IsValidCodePage
GetACP
GetOEMCP

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetSystemTimeAsFileTime
GetTickCount
GetSystemInfo
SetLocalTime

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-console-l1-1-0

ReadConsoleInputA
GetConsoleMode
GetConsoleCP
SetConsoleMode
GetNumberOfConsoleInputEvents
PeekConsoleInputA
ReadConsoleInputW
SetConsoleCtrlHandler
ReadConsoleW
WriteConsoleW

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect
VirtualAlloc

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer
Beep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlUnwind

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InterlockedFlushSList

Exports

Exports

_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_Cbuild
_Cmulcc
_Cmulcr
_CreateFrameInfo
_CxxThrowException
_EH_prolog
_Exit
_FCbuild
_FCmulcc
_FCmulcr
_FindAndUnlinkFrame
_Getdays
_Getmonths
_Gettnames
_IsExceptionObjectToBeDestroyed
_LCbuild
_LCmulcc
_LCmulcr
_NLG_Dispatch2
_NLG_Return
_NLG_Return2
_SetWinRTOutOfMemoryExceptionCallback
_Strftime
_W_Getdays
_W_Getmonths
_W_Gettnames
_Wcsftime
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__GetPlatformExceptionInfo
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__TypeMatch
___lc_codepage_func
___lc_collate_cp_func
___lc_locale_name_func
___mb_cur_max_func
___mb_cur_max_l_func
__acrt_iob_func
__conio_common_vcprintf
__conio_common_vcprintf_p
__conio_common_vcprintf_s
__conio_common_vcscanf
__conio_common_vcwprintf
__conio_common_vcwprintf_p
__conio_common_vcwprintf_s
__conio_common_vcwscanf
__control87_2
__current_exception
__current_exception_context
__daylight
__dcrt_get_wide_environment_from_os
__dcrt_initial_narrow_environment
__doserrno
__dstbias
__fpe_flt_rounds
__fpecode
__initialize_lconv_for_unsigned_char
__intrinsic_abnormal_termination
__intrinsic_setjmp
__isascii
__iscsym
__iscsymf
__iswcsym
__iswcsymf
__libm_sse2_acos
__libm_sse2_acosf
__libm_sse2_asin
__libm_sse2_asinf
__libm_sse2_atan
__libm_sse2_atan2
__libm_sse2_atanf
__libm_sse2_cos
__libm_sse2_cosf
__libm_sse2_exp
__libm_sse2_expf
__libm_sse2_log
__libm_sse2_log10
__libm_sse2_log10f
__libm_sse2_logf
__libm_sse2_pow
__libm_sse2_powf
__libm_sse2_sin
__libm_sse2_sinf
__libm_sse2_tan
__libm_sse2_tanf
__p___argc
__p___argv
__p___wargv
__p__acmdln
__p__commode
__p__environ
__p__fmode
__p__mbcasemap
__p__mbctype
__p__pgmptr
__p__wcmdln
__p__wenviron
__p__wpgmptr
__pctype_func
__processing_throw
__pwctype_func
__pxcptinfoptrs
__report_gsfailure
__setusermatherr
__std_exception_copy
__std_exception_destroy
__std_type_info_compare
__std_type_info_destroy_list
__std_type_info_hash
__std_type_info_name
__stdio_common_vfprintf
__stdio_common_vfprintf_p
__stdio_common_vfprintf_s
__stdio_common_vfscanf
__stdio_common_vfwprintf
__stdio_common_vfwprintf_p
__stdio_common_vfwprintf_s
__stdio_common_vfwscanf
__stdio_common_vsnprintf_s
__stdio_common_vsnwprintf_s
__stdio_common_vsprintf
__stdio_common_vsprintf_p
__stdio_common_vsprintf_s
__stdio_common_vsscanf
__stdio_common_vswprintf
__stdio_common_vswprintf_p
__stdio_common_vswprintf_s
__stdio_common_vswscanf
__strncnt
__sys_errlist
__sys_nerr
__threadhandle
__threadid
__timezone
__toascii
__tzname
__unDName
__unDNameEx
__uncaught_exception
__wcserror
__wcserror_s
__wcsncnt
_abs64
_access
_access_s
_aligned_free
_aligned_malloc
_aligned_msize
_aligned_offset_malloc
_aligned_offset_realloc
_aligned_offset_recalloc
_aligned_realloc
_aligned_recalloc
_assert
_atodbl
_atodbl_l
_atof_l
_atoflt
_atoflt_l
_atoi64
_atoi64_l
_atoi_l
_atol_l
_atoldbl
_atoldbl_l
_atoll_l
_beep
_beginthread
_beginthreadex
_byteswap_uint64
_byteswap_ulong
_byteswap_ushort
_c_exit
_cabs
_callnewh
_calloc_base
_cexit
_cgets
_cgets_s
_cgetws
_cgetws_s
_chdir
_chdrive
_chgsign
_chgsignf
_chkesp
_chmod
_chsize
_chsize_s
_clearfp
_close
_commit
_configthreadlocale
_configure_narrow_argv
_configure_wide_argv
_control87
_controlfp
_controlfp_s
_copysign
_copysignf
_cputs
_cputws
_creat
_create_locale
_crt_at_quick_exit
_crt_atexit
_crt_debugger_hook
_ctime32
_ctime32_s
_ctime64
_ctime64_s
_cwait
_d_int
_dclass
_dexp
_difftime32
_difftime64
_dlog
_dnorm
_dpcomp
_dpoly
_dscale
_dsign
_dsin
_dtest
_dunscale
_dup
_dup2
_dupenv_s
_ecvt
_ecvt_s
_endthread
_endthreadex
_eof
_errno
_except1
_except_handler2
_except_handler3
_except_handler4_common
_execl
_execle
_execlp
_execlpe
_execute_onexit_table
_execv
_execve
_execvp
_execvpe
_exit
_expand
_fclose_nolock
_fcloseall
_fcvt
_fcvt_s
_fd_int
_fdclass
_fdexp
_fdlog
_fdnorm
_fdopen
_fdpcomp
_fdpoly
_fdscale
_fdsign
_fdsin
_fdtest
_fdunscale
_fflush_nolock
_fgetc_nolock
_fgetchar
_fgetwc_nolock
_fgetwchar
_filelength
_filelengthi64
_fileno
_findclose
_findfirst32
_findfirst32i64
_findfirst64
_findfirst64i32
_findnext32
_findnext32i64
_findnext64
_findnext64i32
_finite
_flushall
_fpclass
_fpieee_flt
_fpreset
_fputc_nolock
_fputchar
_fputwc_nolock
_fputwchar
_fread_nolock
_fread_nolock_s
_free_base
_free_locale
_fseek_nolock
_fseeki64
_fseeki64_nolock
_fsopen
_fstat32
_fstat32i64
_fstat64
_fstat64i32
_ftell_nolock
_ftelli64
_ftelli64_nolock
_ftime32
_ftime32_s
_ftime64
_ftime64_s
_ftol
_fullpath
_futime32
_futime64
_fwrite_nolock
_gcvt
_gcvt_s
_get_current_locale
_get_daylight
_get_doserrno
_get_dstbias
_get_errno
_get_fmode
_get_heap_handle
_get_initial_narrow_environment
_get_initial_wide_environment
_get_invalid_parameter_handler
_get_narrow_winmain_command_line
_get_osfhandle
_get_pgmptr
_get_printf_count_output
_get_purecall_handler
_get_stream_buffer_pointers
_get_terminate
_get_thread_local_invalid_parameter_handler
_get_timezone
_get_tzname
_get_unexpected
_get_wide_winmain_command_line
_get_wpgmptr
_getc_nolock
_getch
_getch_nolock
_getche
_getche_nolock
_getcwd
_getdcwd
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp
_getpid
_getsystime
_getw
_getwc_nolock
_getwch
_getwch_nolock
_getwche
_getwche_nolock
_getws
_getws_s
_global_unwind2
_gmtime32
_gmtime32_s
_gmtime64
_gmtime64_s
_heapchk
_heapmin
_heapwalk
_hypot
_hypotf
_i64toa
_i64toa_s
_i64tow
_i64tow_s
_initialize_narrow_environment
_initialize_onexit_table
_initialize_wide_environment
_initterm
_initterm_e
_invalid_parameter_noinfo
_invalid_parameter_noinfo_noreturn
_invoke_watson
_is_exception_typeof
_isalnum_l
_isalpha_l
_isatty
_isblank_l
_iscntrl_l
_isctype
_isctype_l
_isdigit_l
_isgraph_l
_isleadbyte_l
_islower_l
_ismbbalnum
_ismbbalnum_l
_ismbbalpha
_ismbbalpha_l
_ismbbblank
_ismbbblank_l
_ismbbgraph
_ismbbgraph_l
_ismbbkalnum
_ismbbkalnum_l
_ismbbkana
_ismbbkana_l
_ismbbkprint
_ismbbkprint_l
_ismbbkpunct
_ismbbkpunct_l
_ismbblead
_ismbblead_l
_ismbbprint
_ismbbprint_l
_ismbbpunct
_ismbbpunct_l
_ismbbtrail
_ismbbtrail_l
_ismbcalnum
_ismbcalnum_l
_ismbcalpha
_ismbcalpha_l
_ismbcblank
_ismbcblank_l
_ismbcdigit
_ismbcdigit_l
_ismbcgraph
_ismbcgraph_l
_ismbchira
_ismbchira_l
_ismbckata
_ismbckata_l
_ismbcl0
_ismbcl0_l
_ismbcl1
_ismbcl1_l
_ismbcl2
_ismbcl2_l
_ismbclegal
_ismbclegal_l
_ismbclower
_ismbclower_l
_ismbcprint
_ismbcprint_l
_ismbcpunct
_ismbcpunct_l
_ismbcspace
_ismbcspace_l
_ismbcsymbol
_ismbcsymbol_l
_ismbcupper
_ismbcupper_l
_ismbslead
_ismbslead_l
_ismbstrail
_ismbstrail_l
_isnan
_isprint_l
_ispunct_l
_isspace_l
_isupper_l
_iswalnum_l
_iswalpha_l
_iswblank_l
_iswcntrl_l

Sections

.text
Size: 850KB - Virtual size: 850KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rival 650 Recovery Tool/vcruntime140.dll
.dll windows:6 windows x86 arch:x86

e44143d5ae0c7f7d377cee38e4466c05

Code Sign

33:00:00:00:76:c2:ce:62:e9:0e:5d:85:3e:00:00:00:00:00:76
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:40

Not After

04/09/2016, 17:40

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7AFA-E41C-E142,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5e:af:94:9e:c0:0c:b9:10:78:e7:de:01:27:73:79:93:ed:1d:17:0d
Signer

Actual PE Digest

5e:af:94:9e:c0:0c:b9:10:78:e7:de:01:27:73:79:93:ed:1d:17:0d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

api-ms-win-crt-runtime-l1-1-0

terminate
abort

api-ms-win-crt-string-l1-1-0

strcpy_s

api-ms-win-crt-heap-l1-1-0

malloc
_free_base
free
_malloc_base
_calloc_base

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s

api-ms-win-crt-convert-l1-1-0

atol

advapi32

SystemFunction036

kernel32

GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
IsProcessorFeaturePresent
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
TlsFree
TlsGetValue
QueryPerformanceCounter
LeaveCriticalSection
RtlUnwind
VirtualQuery
EncodePointer
InterlockedFlushSList
InterlockedPushEntrySList
RaiseException
EnterCriticalSection
DeleteCriticalSection
SetLastError
GetLastError
TlsSetValue
InitializeCriticalSectionAndSpinCount
TlsAlloc
GetProcAddress
FreeLibrary

Exports

Exports

_CreateFrameInfo
_CxxThrowException
_EH_prolog
_FindAndUnlinkFrame
_IsExceptionObjectToBeDestroyed
_NLG_Dispatch2
_NLG_Return
_NLG_Return2
_SetWinRTOutOfMemoryExceptionCallback
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__GetPlatformExceptionInfo
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__TypeMatch
__current_exception
__current_exception_context
__intrinsic_setjmp
__processing_throw
__report_gsfailure
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_compare
__std_type_info_destroy_list
__std_type_info_hash
__std_type_info_name
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__unDName
__unDNameEx
__uncaught_exception
__uncaught_exceptions
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_InitializeCriticalSectionEx
__vcrt_LoadLibraryExW
_chkesp
_except_handler2
_except_handler3
_except_handler4_common
_get_purecall_handler
_get_unexpected
_global_unwind2
_is_exception_typeof
_local_unwind2
_local_unwind4
_longjmpex
_purecall
_seh_longjmp_unwind
_seh_longjmp_unwind4
_set_purecall_handler
_set_se_translator
_setjmp3
longjmp
memchr
memcmp
memcpy
memmove
memset
set_unexpected
strchr
strrchr
strstr
unexpected
wcschr
wcsrchr
wcsstr

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

72e6568354830f9d8d52bbe1d1e96abb

Headers

DLL Characteristics

File Characteristics

Imports

hid

setupapi

kernel32

user32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 646KB - Virtual size: 645KB

.rdata Size: 146KB - Virtual size: 146KB

.data Size: 22KB - Virtual size: 36KB

.gfids Size: 4KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 34KB - Virtual size: 33KB

568790bdb9069c87821910eeb587e33a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

winmm

ssedevice

Sections

.text Size: 167KB - Virtual size: 167KB

.rdata Size: 64KB - Virtual size: 64KB

.data Size: 4KB - Virtual size: 8KB

.gfids Size: 1024B - Virtual size: 900B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1024B - Virtual size: 648B

.reloc Size: 10KB - Virtual size: 9KB

7a86ba02a97907fb532ad47d5e59b822

Code Sign

33:00:00:00:bc:e1:20:fd:d2:7c:c8:ee:93:00:00:00:00:00:bcCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

50:10:38:90:86:bf:9c:fb:6b:b7:b4:0c:79:61:4f:e3:45:12:45:3b:b9:94:bb:4e:ac:19:72:d3:40:95:f1:4aSigner

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-core-string-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-namedpipe-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-file-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-interlocked-l1-1-0

Exports

Exports

.text
Size: 646KB - Virtual size: 645KB

.rdata
Size: 146KB - Virtual size: 146KB

.data
Size: 22KB - Virtual size: 36KB

.gfids
Size: 4KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 34KB - Virtual size: 33KB

.text
Size: 167KB - Virtual size: 167KB

.rdata
Size: 64KB - Virtual size: 64KB

.data
Size: 4KB - Virtual size: 8KB

.gfids
Size: 1024B - Virtual size: 900B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1024B - Virtual size: 648B

.reloc
Size: 10KB - Virtual size: 9KB

33:00:00:00:bc:e1:20:fd:d2:7c:c8:ee:93:00:00:00:00:00:bc
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

50:10:38:90:86:bf:9c:fb:6b:b7:b4:0c:79:61:4f:e3:45:12:45:3b:b9:94:bb:4e:ac:19:72:d3:40:95:f1:4a
Signer

.text
Size: 850KB - Virtual size: 850KB

.data
Size: 3KB - Virtual size: 6KB

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 22KB - Virtual size: 22KB

33:00:00:00:76:c2:ce:62:e9:0e:5d:85:3e:00:00:00:00:00:76
Certificate

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

5e:af:94:9e:c0:0c:b9:10:78:e7:de:01:27:73:79:93:ed:1d:17:0d
Signer

.text
Size: 60KB - Virtual size: 59KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 1KB - Virtual size: 1KB

_RDATA
Size: 512B - Virtual size: 4B

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 3KB - Virtual size: 2KB