privateloader | RayLink_Setup[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

RayLink_Setup.exe
Size

30.7MB
MD5

ebfe0b2fea654a788249a8decb349f3e
SHA1

ff6815ea72c4c2caa93ba4a474842eee8fb50e2e
SHA256

a7a9d8fde704924b9817650d21b539bace96320cedbdbc95868c4776d6942627
SHA512

aa49bab9ae495cec2433c7c032fa89d14d5badc3152beaf808e59472c8d93fdc3edcf990853c34e867a8cce02e5f4a7415ea9ae83c148b402dbdd227329986d1
SSDEEP

786432:9jkbrBl+yY5qKAU+JrxLOlBlAyKMemyaPSVnT3:9jwr3+3nAU+JrxLKlAx8PSVnT

Score

10^/10

privateloader

Malware Config

Signatures

Privateloader family
privateloader

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/BgWorker.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/killer.dll
unpack001/$PLUGINSDIR/nsDui.dll
unpack001/$PLUGINSDIR/nsExec.dll
unpack001/$PLUGINSDIR/nsis7z.dll

Files

RayLink_Setup.exe
.exe windows:4 windows x86 arch:x86

b34f154ec913d2d2c435cbd644e91687

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1e:5f:12:f8:c1:39:b5:b4:4b:62:46:1a:96:22:88:d8
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

16/02/2022, 00:00

Not After

15/02/2025, 23:59

Subject

SERIALNUMBER=91440300761988340L,CN=Shenzhen Rayvision Technology Co.\, Ltd.,O=Shenzhen Rayvision Technology Co.\, Ltd.,ST=Guangdong Sheng,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

13:e7:96:63:b3:63:2e:28:28:66:04:af:ed:20:69:9f:90:cc:99:7d
Signer

Actual PE Digest

13:e7:96:63:b3:63:2e:28:28:66:04:af:ed:20:69:9f:90:cc:99:7d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
SetCurrentDirectoryW
GetFileAttributesW
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
GetVersion
SetErrorMode
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
ExitProcess
GetShortPathNameW
CreateThread
GetLastError
CreateDirectoryW
CreateProcessW
RemoveDirectoryW
lstrcmpiA
CreateFileW
GetTempFileNameW
WriteFile
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
lstrcmpiW
MoveFileW
GetFullPathNameW
SetFileTime
SearchPathW
CompareFileTime
lstrcmpW
CloseHandle
ExpandEnvironmentStringsW
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
FindFirstFileW
FindNextFileW
DeleteFileW
SetFilePointer
ReadFile
FindClose
lstrlenA
MulDiv
MultiByteToWideChar
WideCharToMultiByte
GetPrivateProfileStringW
WritePrivateProfileStringW
FreeLibrary
LoadLibraryExW
GetModuleHandleW

user32

GetSystemMenu
SetClassLongW
EnableMenuItem
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongW
SetCursor
LoadCursorW
CheckDlgButton
GetMessagePos
LoadBitmapW
CallWindowProcW
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ScreenToClient
GetWindowRect
GetDlgItem
GetSystemMetrics
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharPrevW
CharNextA
wsprintfA
DispatchMessageW
PeekMessageW
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
GetDC
SetTimer
SetWindowTextW
LoadImageW
SetForegroundWindow
ShowWindow
IsWindow
SetWindowLongW
FindWindowExW
TrackPopupMenu
AppendMenuW
CreatePopupMenu
EndPaint
CreateDialogParamW
SendMessageTimeoutW
wsprintfW
PostQuitMessage

gdi32

SelectObject
SetBkMode
CreateFontIndirectW
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHFileOperationW

advapi32

AdjustTokenPrivileges
RegCreateKeyExW
RegOpenKeyExW
SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
RegEnumValueW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegEnumKeyW

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/BgWorker.dll
.dll windows:4 windows x86 arch:x86

db2755f409b81c4dbfc04f648cfb80b9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
GetModuleHandleA
CloseHandle
SetThreadPriority
CreateThread

user32

IsWindowUnicode
PostMessageA
DispatchMessageA
TranslateMessage
PeekMessageA
MsgWaitForMultipleObjects

Exports

Exports

CallAndWait

Sections

.text
Size: 1024B - Virtual size: 987B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 66B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 638B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/killer.dll
.dll windows:6 windows x86 arch:x86

d1e7cac091c2e57d89d4bb643ace96f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateToolhelp32Snapshot
Process32FirstW
GetCurrentProcessId
lstrcmpiW
CloseHandle
TerminateProcess
Process32NextW
lstrcpynW
GetCurrentProcess
GlobalFree
OpenProcess
GlobalAlloc
IsProcessorFeaturePresent

user32

wsprintfW

advapi32

OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW

Exports

Exports

IsProcessRunning
KillProcess

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 742B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsDui.dll
.dll windows:6 windows x86 arch:x86

e8ae730f0a0e0d5cad1f05fe3adb4fbf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\code\remote_desktop\nsis_skin_plugin\Release\nsDui.pdb

Imports

kernel32

GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapSize
SetStdHandle
GetStringTypeW
SetFilePointerEx
GetProcessHeap
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
GetStdHandle
SystemTimeToFileTime
DecodePointer
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
SetLastError
InterlockedFlushSList
RaiseException
RtlUnwind
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
DosDateTimeToFileTime
GetCurrentProcess
DuplicateHandle
InitializeCriticalSectionAndSpinCount
GetLocalTime
HeapFree
WideCharToMultiByte
WriteFile
SetFileTime
SetFilePointer
GetFileType
CreateDirectoryW
ReadFile
GetFileSize
CreateFileW
FindResourceW
GetLastError
OutputDebugStringW
MulDiv
LoadLibraryW
GetProcAddress
GetTickCount
GetCurrentDirectoryW
SetCurrentDirectoryW
lstrcpyW
GetCurrentProcessId
SizeofResource
CloseHandle
GlobalFree
Process32FirstW
GlobalAlloc
Process32NextW
CreateToolhelp32Snapshot
OpenProcess
GetModuleFileNameW
TerminateProcess
lstrcpynW
GetCommandLineW
GetModuleHandleW
ExitProcess
LoadResource
LockResource
MultiByteToWideChar
FreeResource
FindResourceA
HeapAlloc
WriteConsoleW

user32

FillRect
SetWindowTextW
GetWindowTextW
LoadImageW
ShowWindow
GetSystemMetrics
SendMessageW
GetClientRect
TranslateMessage
GetWindowTextLengthW
MoveWindow
CreateAcceleratorTableW
InvalidateRgn
SetRect
GetWindowLongA
ClientToScreen
DispatchMessageW
GetWindowRect
GetMessageW
PostMessageW
CreateWindowExW
IsWindow
DestroyWindow
SetWindowPos
SetFocus
GetFocus
GetKeyState
SetCapture
ReleaseCapture
SetTimer
KillTimer
GetDC
ReleaseDC
DrawTextW
CharPrevW
MessageBoxW
SetWindowRgn
IsZoomed
IsIconic
GetMonitorInfoW
MonitorFromWindow
AdjustWindowRectEx
GetPropW
SetPropW
GetMenu
EnableWindow
GetClassInfoExW
RegisterClassExW
RegisterClassW
CallWindowProcW
PostQuitMessage
DefWindowProcW
wsprintfW
LoadCursorW
OffsetRect
UnionRect
InflateRect
IntersectRect
GetSysColor
GetCaretPos
SetCaretPos
ShowCaret
HideCaret
CreateCaret
SetCursor
CharNextW
GetWindow
GetParent
SetWindowLongW
GetWindowLongW
PtInRect
IsRectEmpty
MapWindowPoints
ScreenToClient
GetCursorPos
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint

gdi32

ExtSelectClipRgn
SelectClipRgn
RoundRect
LineTo
GetTextExtentPoint32W
GetClipBox
GetCharABCWidthsW
CreateSolidBrush
CreateRectRgnIndirect
CreatePenIndirect
CombineRgn
CreateRoundRectRgn
GetDeviceCaps
SetWindowOrgEx
GetObjectW
GetTextMetricsW
SaveDC
SetBkColor
Rectangle
GetStockObject
DeleteObject
DeleteDC
CreatePen
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
SetStretchBltMode
SetTextColor
CreateDIBSection
MoveToEx
TextOutW
ExtTextOutW
GdiFlush
GetObjectA
SetBkMode
RestoreDC
SelectObject
StretchBlt

shell32

CommandLineToArgvW
SHBrowseForFolderW
SHGetPathFromIDListW

ole32

CoInitialize
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
CoUninitialize
OleLockRunning

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

gdiplus

GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDrawString
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipSetTextRenderingHint
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateLineBrushI
GdipDeleteBrush
GdipCloneBrush
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

comctl32

ord17
_TrackMouseEvent

Exports

Exports

??0CActiveXUI@DuiLib@@QAE@ABV01@@Z
??0CActiveXUI@DuiLib@@QAE@XZ
??0CAnimationData@DuiLib@@QAE@HHHH@Z
??0CButtonUI@DuiLib@@QAE@$$QAV01@@Z
??0CButtonUI@DuiLib@@QAE@ABV01@@Z
??0CButtonUI@DuiLib@@QAE@XZ
??0CCheckBoxUI@DuiLib@@QAE@$$QAV01@@Z
??0CCheckBoxUI@DuiLib@@QAE@ABV01@@Z
??0CCheckBoxUI@DuiLib@@QAE@XZ
??0CChildLayoutUI@DuiLib@@QAE@$$QAV01@@Z
??0CChildLayoutUI@DuiLib@@QAE@ABV01@@Z
??0CChildLayoutUI@DuiLib@@QAE@XZ
??0CComboBoxUI@DuiLib@@QAE@$$QAV01@@Z
??0CComboBoxUI@DuiLib@@QAE@ABV01@@Z
??0CComboBoxUI@DuiLib@@QAE@XZ
??0CComboUI@DuiLib@@QAE@$$QAV01@@Z
??0CComboUI@DuiLib@@QAE@ABV01@@Z
??0CComboUI@DuiLib@@QAE@XZ
??0CContainerUI@DuiLib@@QAE@ABV01@@Z
??0CContainerUI@DuiLib@@QAE@XZ
??0CControlUI@DuiLib@@QAE@ABV01@@Z
??0CControlUI@DuiLib@@QAE@XZ
??0CDateTimeUI@DuiLib@@QAE@$$QAV01@@Z
??0CDateTimeUI@DuiLib@@QAE@ABV01@@Z
??0CDateTimeUI@DuiLib@@QAE@XZ
??0CDelegateBase@DuiLib@@QAE@ABV01@@Z
??0CDelegateBase@DuiLib@@QAE@PAX0@Z
??0CDialogBuilder@DuiLib@@QAE@XZ
??0CDuiRect@DuiLib@@QAE@ABUtagRECT@@@Z
??0CDuiRect@DuiLib@@QAE@HHHH@Z
??0CDuiRect@DuiLib@@QAE@XZ
??0CDuiString@DuiLib@@QAE@ABV01@@Z
??0CDuiString@DuiLib@@QAE@PB_WH@Z
??0CDuiString@DuiLib@@QAE@XZ
??0CDuiString@DuiLib@@QAE@_W@Z
??0CEditUI@DuiLib@@QAE@$$QAV01@@Z
??0CEditUI@DuiLib@@QAE@ABV01@@Z
??0CEditUI@DuiLib@@QAE@XZ
??0CEventSource@DuiLib@@QAE@ABV01@@Z
??0CEventSource@DuiLib@@QAE@XZ
??0CHorizontalLayoutUI@DuiLib@@QAE@$$QAV01@@Z
??0CHorizontalLayoutUI@DuiLib@@QAE@ABV01@@Z
??0CHorizontalLayoutUI@DuiLib@@QAE@XZ
??0CImageShowUI@DuiLib@@QAE@ABV01@@Z
??0CImageShowUI@DuiLib@@QAE@XZ
??0CLabelUI@DuiLib@@QAE@ABV01@@Z
??0CLabelUI@DuiLib@@QAE@XZ
??0CListBodyUI@DuiLib@@QAE@$$QAV01@@Z
??0CListBodyUI@DuiLib@@QAE@ABV01@@Z
??0CListBodyUI@DuiLib@@QAE@PAVCListUI@1@@Z
??0CListContainerElementUI@DuiLib@@QAE@$$QAV01@@Z
??0CListContainerElementUI@DuiLib@@QAE@ABV01@@Z
??0CListContainerElementUI@DuiLib@@QAE@XZ
??0CListElementUI@DuiLib@@QAE@$$QAV01@@Z
??0CListElementUI@DuiLib@@QAE@ABV01@@Z
??0CListElementUI@DuiLib@@QAE@XZ
??0CListHeaderItemUI@DuiLib@@QAE@$$QAV01@@Z
??0CListHeaderItemUI@DuiLib@@QAE@ABV01@@Z
??0CListHeaderItemUI@DuiLib@@QAE@XZ
??0CListHeaderUI@DuiLib@@QAE@$$QAV01@@Z
??0CListHeaderUI@DuiLib@@QAE@ABV01@@Z
??0CListHeaderUI@DuiLib@@QAE@XZ
??0CListLabelElementUI@DuiLib@@QAE@$$QAV01@@Z
??0CListLabelElementUI@DuiLib@@QAE@ABV01@@Z
??0CListLabelElementUI@DuiLib@@QAE@XZ
??0CListTextElementUI@DuiLib@@QAE@ABV01@@Z
??0CListTextElementUI@DuiLib@@QAE@XZ
??0CListUI@DuiLib@@QAE@$$QAV01@@Z
??0CListUI@DuiLib@@QAE@ABV01@@Z
??0CListUI@DuiLib@@QAE@XZ
??0CMarkup@DuiLib@@QAE@PB_W@Z
??0CMarkupNode@DuiLib@@AAE@PAVCMarkup@1@H@Z
??0CMarkupNode@DuiLib@@AAE@XZ
??0CNotifyPump@DuiLib@@QAE@$$QAV01@@Z
??0CNotifyPump@DuiLib@@QAE@ABV01@@Z
??0CNotifyPump@DuiLib@@QAE@XZ
??0COptionUI@DuiLib@@QAE@ABV01@@Z
??0COptionUI@DuiLib@@QAE@XZ
??0CPaintManagerUI@DuiLib@@QAE@ABV01@@Z
??0CPaintManagerUI@DuiLib@@QAE@XZ
??0CPoint@DuiLib@@QAE@ABUtagPOINT@@@Z
??0CPoint@DuiLib@@QAE@HH@Z
??0CPoint@DuiLib@@QAE@J@Z
??0CPoint@DuiLib@@QAE@XZ
??0CProgressUI@DuiLib@@QAE@$$QAV01@@Z
??0CProgressUI@DuiLib@@QAE@ABV01@@Z
??0CProgressUI@DuiLib@@QAE@XZ
??0CRichEditUI@DuiLib@@QAE@ABV01@@Z
??0CRichEditUI@DuiLib@@QAE@XZ
??0CScrollBarUI@DuiLib@@QAE@$$QAV01@@Z
??0CScrollBarUI@DuiLib@@QAE@ABV01@@Z
??0CScrollBarUI@DuiLib@@QAE@XZ
??0CSize@DuiLib@@QAE@ABUtagSIZE@@@Z
??0CSize@DuiLib@@QAE@HH@Z
??0CSize@DuiLib@@QAE@UtagRECT@@@Z
??0CSize@DuiLib@@QAE@XZ
??0CSliderUI@DuiLib@@QAE@$$QAV01@@Z
??0CSliderUI@DuiLib@@QAE@ABV01@@Z
??0CSliderUI@DuiLib@@QAE@XZ
??0CStdPtrArray@DuiLib@@QAE@ABV01@@Z
??0CStdPtrArray@DuiLib@@QAE@H@Z
??0CStdStringPtrMap@DuiLib@@QAE@H@Z
??0CStdValArray@DuiLib@@QAE@HH@Z
??0CTabLayoutUI@DuiLib@@QAE@$$QAV01@@Z
??0CTabLayoutUI@DuiLib@@QAE@ABV01@@Z
??0CTabLayoutUI@DuiLib@@QAE@XZ
??0CTextUI@DuiLib@@QAE@ABV01@@Z
??0CTextUI@DuiLib@@QAE@XZ
??0CTileLayoutUI@DuiLib@@QAE@$$QAV01@@Z
??0CTileLayoutUI@DuiLib@@QAE@ABV01@@Z
??0CTileLayoutUI@DuiLib@@QAE@XZ
??0CTreeNodeUI@DuiLib@@QAE@ABV01@@Z
??0CTreeNodeUI@DuiLib@@QAE@PAV01@@Z
??0CTreeViewUI@DuiLib@@QAE@ABV01@@Z
??0CTreeViewUI@DuiLib@@QAE@XZ
??0CUIAnimation@DuiLib@@QAE@$$QAV01@@Z
??0CUIAnimation@DuiLib@@QAE@ABV01@@Z
??0CUIAnimation@DuiLib@@QAE@PAVCControlUI@1@@Z
??0CVerticalLayoutUI@DuiLib@@QAE@$$QAV01@@Z
??0CVerticalLayoutUI@DuiLib@@QAE@ABV01@@Z
??0CVerticalLayoutUI@DuiLib@@QAE@XZ
??0CWaitCursor@DuiLib@@QAE@XZ
??0CWebBrowserUI@DuiLib@@QAE@ABV01@@Z
??0CWebBrowserUI@DuiLib@@QAE@XZ
??0CWindowWnd@DuiLib@@QAE@$$QAV01@@Z
??0CWindowWnd@DuiLib@@QAE@ABV01@@Z
??0CWindowWnd@DuiLib@@QAE@XZ
??0IUIAnimation@DuiLib@@QAE@ABV01@@Z
??0IUIAnimation@DuiLib@@QAE@XZ
??0WindowImplBase@DuiLib@@QAE@ABV01@@Z
??0WindowImplBase@DuiLib@@QAE@XZ
??1CActiveXUI@DuiLib@@UAE@XZ
??1CButtonUI@DuiLib@@UAE@XZ
??1CCheckBoxUI@DuiLib@@UAE@XZ
??1CChildLayoutUI@DuiLib@@UAE@XZ
??1CComboBoxUI@DuiLib@@UAE@XZ
??1CComboUI@DuiLib@@UAE@XZ
??1CContainerUI@DuiLib@@UAE@XZ
??1CControlUI@DuiLib@@UAE@XZ
??1CDateTimeUI@DuiLib@@UAE@XZ
??1CDelegateBase@DuiLib@@UAE@XZ
??1CDialogBuilder@DuiLib@@QAE@XZ
??1CDuiString@DuiLib@@QAE@XZ
??1CEditUI@DuiLib@@UAE@XZ
??1CEventSource@DuiLib@@QAE@XZ
??1CHorizontalLayoutUI@DuiLib@@UAE@XZ
??1CImageShowUI@DuiLib@@UAE@XZ
??1CLabelUI@DuiLib@@UAE@XZ
??1CListBodyUI@DuiLib@@UAE@XZ
??1CListContainerElementUI@DuiLib@@UAE@XZ
??1CListElementUI@DuiLib@@UAE@XZ
??1CListHeaderItemUI@DuiLib@@UAE@XZ
??1CListHeaderUI@DuiLib@@UAE@XZ
??1CListLabelElementUI@DuiLib@@UAE@XZ
??1CListTextElementUI@DuiLib@@UAE@XZ
??1CListUI@DuiLib@@UAE@XZ
??1CMarkup@DuiLib@@QAE@XZ
??1CNotifyPump@DuiLib@@QAE@XZ
??1COptionUI@DuiLib@@UAE@XZ
??1CPaintManagerUI@DuiLib@@QAE@XZ
??1CProgressUI@DuiLib@@UAE@XZ
??1CRenderClip@DuiLib@@QAE@XZ
??1CRichEditUI@DuiLib@@UAE@XZ
??1CScrollBarUI@DuiLib@@UAE@XZ
??1CSliderUI@DuiLib@@UAE@XZ
??1CStdPtrArray@DuiLib@@QAE@XZ
??1CStdStringPtrMap@DuiLib@@QAE@XZ
??1CStdValArray@DuiLib@@QAE@XZ
??1CTabLayoutUI@DuiLib@@UAE@XZ
??1CTextUI@DuiLib@@UAE@XZ
??1CTileLayoutUI@DuiLib@@UAE@XZ
??1CTreeNodeUI@DuiLib@@UAE@XZ
??1CTreeViewUI@DuiLib@@UAE@XZ
??1CUIAnimation@DuiLib@@UAE@XZ
??1CVerticalLayoutUI@DuiLib@@UAE@XZ
??1CWaitCursor@DuiLib@@QAE@XZ
??1CWebBrowserUI@DuiLib@@UAE@XZ
??1IUIAnimation@DuiLib@@UAE@XZ
??1WindowImplBase@DuiLib@@UAE@XZ
??4CActiveXUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CAnimationData@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CAnimationData@DuiLib@@QAEAAV01@ABV01@@Z
??4CButtonUI@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CButtonUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CCheckBoxUI@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CCheckBoxUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CChildLayoutUI@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CChildLayoutUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CComboBoxUI@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CComboBoxUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CComboUI@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CComboUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CContainerUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CControlUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CDateTimeUI@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CDateTimeUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CDelegateBase@DuiLib@@QAEAAV01@ABV01@@Z
??4CDialogBuilder@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CDialogBuilder@DuiLib@@QAEAAV01@ABV01@@Z
??4CDuiRect@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CDuiRect@DuiLib@@QAEAAV01@ABV01@@Z
??4CDuiString@DuiLib@@QAEABV01@ABV01@@Z
??4CDuiString@DuiLib@@QAEABV01@PB_W@Z
??4CDuiString@DuiLib@@QAEABV01@_W@Z
??4CEditUI@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CEditUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CEventSource@DuiLib@@QAEAAV01@ABV01@@Z
??4CHorizontalLayoutUI@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CHorizontalLayoutUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CImageShowUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CLabelUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CListBodyUI@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CListBodyUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CListContainerElementUI@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CListContainerElementUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CListElementUI@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CListElementUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CListHeaderItemUI@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CListHeaderItemUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CListHeaderUI@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CListHeaderUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CListLabelElementUI@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CListLabelElementUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CListTextElementUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CListUI@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CListUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CMarkup@DuiLib@@QAEAAV01@ABV01@@Z
??4CMarkupNode@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CMarkupNode@DuiLib@@QAEAAV01@ABV01@@Z
??4CNotifyPump@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CNotifyPump@DuiLib@@QAEAAV01@ABV01@@Z
??4COptionUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CPaintManagerUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CPoint@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CPoint@DuiLib@@QAEAAV01@ABV01@@Z
??4CProgressUI@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CProgressUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CRenderClip@DuiLib@@QAEAAV01@ABV01@@Z
??4CRenderEngine@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CRenderEngine@DuiLib@@QAEAAV01@ABV01@@Z
??4CRichEditUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CScrollBarUI@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CScrollBarUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CSize@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CSize@DuiLib@@QAEAAV01@ABV01@@Z
??4CSliderUI@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CSliderUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CStdPtrArray@DuiLib@@QAEAAV01@ABV01@@Z
??4CStdStringPtrMap@DuiLib@@QAEAAV01@ABV01@@Z
??4CStdValArray@DuiLib@@QAEAAV01@ABV01@@Z
??4CTabLayoutUI@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CTabLayoutUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CTextUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CTileLayoutUI@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CTileLayoutUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CTreeNodeUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CTreeViewUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CUIAnimation@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CUIAnimation@DuiLib@@QAEAAV01@ABV01@@Z
??4CVerticalLayoutUI@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CVerticalLayoutUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CWaitCursor@DuiLib@@QAEAAV01@ABV01@@Z
??4CWebBrowserUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CWindowWnd@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CWindowWnd@DuiLib@@QAEAAV01@ABV01@@Z
??4IUIAnimation@DuiLib@@QAEAAV01@ABV01@@Z
??4WindowImplBase@DuiLib@@QAEAAV01@ABV01@@Z
??8CDuiString@DuiLib@@QBE_NPB_W@Z
??9CDuiString@DuiLib@@QBE_NPB_W@Z
??ACDuiString@DuiLib@@QBE_WH@Z
??ACStdPtrArray@DuiLib@@QBEPAXH@Z
??ACStdStringPtrMap@DuiLib@@QBEPB_WH@Z
??ACStdValArray@DuiLib@@QBEPAXH@Z
??BCDuiString@DuiLib@@QBEPB_WXZ
??BCEventSource@DuiLib@@QAE_NXZ
??BCWindowWnd@DuiLib@@QBEPAUHWND__@@XZ
??HCDuiString@DuiLib@@QBE?AV01@ABV01@@Z
??HCDuiString@DuiLib@@QBE?AV01@PB_W@Z
??MCDuiString@DuiLib@@QBE_NPB_W@Z
??NCDuiString@DuiLib@@QBE_NPB_W@Z
??OCDuiString@DuiLib@@QBE_NPB_W@Z
??PCDuiString@DuiLib@@QBE_NPB_W@Z
??RCDelegateBase@DuiLib@@QAE_NPAX@Z
??RCEventSource@DuiLib@@QAE_NPAX@Z
??YCDuiString@DuiLib@@QAEABV01@ABV01@@Z
??YCDuiString@DuiLib@@QAEABV01@PB_W@Z
??YCDuiString@DuiLib@@QAEABV01@_W@Z
??YCEventSource@DuiLib@@QAEXABVCDelegateBase@1@@Z
??YCEventSource@DuiLib@@QAEXP6A_NPAX@Z@Z
??ZCEventSource@DuiLib@@QAEXABVCDelegateBase@1@@Z
??ZCEventSource@DuiLib@@QAEXP6A_NPAX@Z@Z
??_7CActiveXUI@DuiLib@@6BCControlUI@1@@
??_7CActiveXUI@DuiLib@@6BIMessageFilterUI@1@@
??_7CButtonUI@DuiLib@@6B@
??_7CCheckBoxUI@DuiLib@@6B@
??_7CChildLayoutUI@DuiLib@@6BCControlUI@1@@
??_7CChildLayoutUI@DuiLib@@6BIContainerUI@1@@
??_7CComboBoxUI@DuiLib@@6B@
??_7CComboBoxUI@DuiLib@@6BCControlUI@1@@
??_7CComboBoxUI@DuiLib@@6BIContainerUI@1@@
??_7CComboUI@DuiLib@@6B@
??_7CComboUI@DuiLib@@6BCControlUI@1@@
??_7CComboUI@DuiLib@@6BIContainerUI@1@@
??_7CContainerUI@DuiLib@@6BCControlUI@1@@
??_7CContainerUI@DuiLib@@6BIContainerUI@1@@
??_7CControlUI@DuiLib@@6B@
??_7CDateTimeUI@DuiLib@@6B@
??_7CDelegateBase@DuiLib@@6B@
??_7CEditUI@DuiLib@@6B@
??_7CHorizontalLayoutUI@DuiLib@@6BCControlUI@1@@
??_7CHorizontalLayoutUI@DuiLib@@6BIContainerUI@1@@
??_7CImageShowUI@DuiLib@@6BCLabelUI@1@@
??_7CImageShowUI@DuiLib@@6BCUIAnimation@1@@
??_7CLabelUI@DuiLib@@6B@
??_7CListBodyUI@DuiLib@@6BCControlUI@1@@
??_7CListBodyUI@DuiLib@@6BIContainerUI@1@@
??_7CListContainerElementUI@DuiLib@@6B@
??_7CListContainerElementUI@DuiLib@@6BCControlUI@1@@
??_7CListContainerElementUI@DuiLib@@6BIContainerUI@1@@
??_7CListElementUI@DuiLib@@6BCControlUI@1@@
??_7CListElementUI@DuiLib@@6BIListItemUI@1@@
??_7CListHeaderItemUI@DuiLib@@6B@
??_7CListHeaderUI@DuiLib@@6BCControlUI@1@@
??_7CListHeaderUI@DuiLib@@6BIContainerUI@1@@
??_7CListLabelElementUI@DuiLib@@6BCControlUI@1@@
??_7CListLabelElementUI@DuiLib@@6BIListItemUI@1@@
??_7CListTextElementUI@DuiLib@@6BCControlUI@1@@
??_7CListTextElementUI@DuiLib@@6BIListItemUI@1@@
??_7CListUI@DuiLib@@6B@
??_7CListUI@DuiLib@@6BCControlUI@1@@
??_7CListUI@DuiLib@@6BIContainerUI@1@@
??_7CNotifyPump@DuiLib@@6B@
??_7COptionUI@DuiLib@@6B@
??_7CProgressUI@DuiLib@@6B@
??_7CRichEditUI@DuiLib@@6B@
??_7CRichEditUI@DuiLib@@6BCControlUI@1@@
??_7CRichEditUI@DuiLib@@6BIContainerUI@1@@
??_7CScrollBarUI@DuiLib@@6B@
??_7CSliderUI@DuiLib@@6B@
??_7CTabLayoutUI@DuiLib@@6BCControlUI@1@@
??_7CTabLayoutUI@DuiLib@@6BIContainerUI@1@@
??_7CTextUI@DuiLib@@6B@
??_7CTileLayoutUI@DuiLib@@6BCControlUI@1@@
??_7CTileLayoutUI@DuiLib@@6BIContainerUI@1@@
??_7CTreeNodeUI@DuiLib@@6B@
??_7CTreeNodeUI@DuiLib@@6BCControlUI@1@@
??_7CTreeNodeUI@DuiLib@@6BIContainerUI@1@@
??_7CTreeViewUI@DuiLib@@6BCControlUI@1@@
??_7CTreeViewUI@DuiLib@@6BCListUI@1@@
??_7CTreeViewUI@DuiLib@@6BIContainerUI@1@@
??_7CTreeViewUI@DuiLib@@6BINotifyUI@1@@
??_7CUIAnimation@DuiLib@@6B@
??_7CVerticalLayoutUI@DuiLib@@6BCControlUI@1@@
??_7CVerticalLayoutUI@DuiLib@@6BIContainerUI@1@@
??_7CWebBrowserUI@DuiLib@@6BCControlUI@1@@
??_7CWebBrowserUI@DuiLib@@6BIDispatch@@@
??_7CWebBrowserUI@DuiLib@@6BIDocHostUIHandler@@@
??_7CWebBrowserUI@DuiLib@@6BIMessageFilterUI@1@@
??_7CWebBrowserUI@DuiLib@@6BIOleCommandTarget@@@
??_7CWebBrowserUI@DuiLib@@6BIServiceProvider@@@
??_7CWebBrowserUI@DuiLib@@6BITranslateAccelerator@1@@
??_7CWindowWnd@DuiLib@@6B@
??_7IUIAnimation@DuiLib@@6B@
??_7WindowImplBase@DuiLib@@6BCNotifyPump@1@@
??_7WindowImplBase@DuiLib@@6BCWindowWnd@1@@
??_7WindowImplBase@DuiLib@@6BIDialogBuilderCallback@1@@
??_7WindowImplBase@DuiLib@@6BIMessageFilterUI@1@@
??_7WindowImplBase@DuiLib@@6BINotifyUI@1@@
??_FCMarkup@DuiLib@@QAEXXZ
??_FCStdPtrArray@DuiLib@@QAEXXZ
??_FCStdStringPtrMap@DuiLib@@QAEXXZ
??_FCTreeNodeUI@DuiLib@@QAEXXZ
?Activate@CButtonUI@DuiLib@@UAE_NXZ
?Activate@CComboUI@DuiLib@@UAE_NXZ
?Activate@CControlUI@DuiLib@@UAE_NXZ
?Activate@CListContainerElementUI@DuiLib@@UAE_NXZ
?Activate@CListElementUI@DuiLib@@UAE_NXZ
?Activate@COptionUI@DuiLib@@UAE_NXZ
?Add@CComboUI@DuiLib@@UAE_NPAVCControlUI@2@@Z
?Add@CContainerUI@DuiLib@@UAE_NPAVCControlUI@2@@Z
?Add@CListUI@DuiLib@@UAE_NPAVCControlUI@2@@Z
?Add@CStdPtrArray@DuiLib@@QAE_NPAX@Z
?Add@CStdValArray@DuiLib@@QAE_NPBX@Z
?Add@CTabLayoutUI@DuiLib@@UAE_NPAVCControlUI@2@@Z
?Add@CTreeNodeUI@DuiLib@@UAE_NPAVCControlUI@2@@Z
?Add@CTreeViewUI@DuiLib@@UAE_NPAVCTreeNodeUI@2@@Z
?AddAt@CComboUI@DuiLib@@UAE_NPAVCControlUI@2@H@Z
?AddAt@CContainerUI@DuiLib@@UAE_NPAVCControlUI@2@H@Z
?AddAt@CListUI@DuiLib@@UAE_NPAVCControlUI@2@H@Z
?AddAt@CTabLayoutUI@DuiLib@@UAE_NPAVCControlUI@2@H@Z
?AddAt@CTreeNodeUI@DuiLib@@UAE_NPAVCControlUI@2@H@Z
?AddAt@CTreeViewUI@DuiLib@@UAEJPAVCTreeNodeUI@2@H@Z
?AddAt@CTreeViewUI@DuiLib@@UAE_NPAVCTreeNodeUI@2@0@Z
?AddChildNode@CTreeNodeUI@DuiLib@@QAE_NPAV12@@Z
?AddDefaultAttributeList@CPaintManagerUI@DuiLib@@QAEXPB_W0@Z
?AddDelayedCleanup@CPaintManagerUI@DuiLib@@QAEXPAVCControlUI@2@@Z
?AddFont@CPaintManagerUI@DuiLib@@QAEPAUHFONT__@@PB_WH_N11@Z
?AddFontAt@CPaintManagerUI@DuiLib@@QAEPAUHFONT__@@HPB_WH_N11@Z
?AddImage@CPaintManagerUI@DuiLib@@QAEPBUtagTImageInfo@2@PB_W0K@Z
?AddImage@CPaintManagerUI@DuiLib@@QAEPBUtagTImageInfo@2@PB_WPAUHBITMAP__@@HH_N@Z
?AddMessageFilter@CPaintManagerUI@DuiLib@@QAE_NPAVIMessageFilterUI@2@@Z
?AddNotifier@CPaintManagerUI@DuiLib@@QAE_NPAVINotifyUI@2@@Z
?AddOptionGroup@CPaintManagerUI@DuiLib@@QAE_NPB_WPAVCControlUI@2@@Z
?AddPostPaint@CPaintManagerUI@DuiLib@@QAE_NPAVCControlUI@2@@Z
?AddPreMessageFilter@CPaintManagerUI@DuiLib@@QAE_NPAVIMessageFilterUI@2@@Z
?AddRef@CWebBrowserUI@DuiLib@@UAGKXZ
?AddTranslateAccelerator@CPaintManagerUI@DuiLib@@QAE_NPAVITranslateAccelerator@2@@Z
?AddVirtualWnd@CNotifyPump@DuiLib@@QAE_NVCDuiString@2@PAV12@@Z
?AdjustColor@CRenderEngine@DuiLib@@SAKKFFF@Z
?Append@CDuiString@DuiLib@@QAEXPB_W@Z
?AppendText@CRichEditUI@DuiLib@@QAEHPB_W_N@Z
?ApplyAttributeList@CControlUI@DuiLib@@QAEPAV12@PB_W@Z
?Assign@CDuiString@DuiLib@@QAEXPB_WH@Z
?AttachDialog@CPaintManagerUI@DuiLib@@QAE_NPAVCControlUI@2@@Z
?BeforeNavigate2@CWebBrowserUI@DuiLib@@IAEXPAUIDispatch@@AAPAUtagVARIANT@@1111AAPAF@Z
?CalLocation@CTreeNodeUI@DuiLib@@AAEPAV12@PAV12@@Z
?CenterWindow@CWindowWnd@DuiLib@@QAEXXZ
?CharFromPos@CRichEditUI@DuiLib@@QBEHVCPoint@2@@Z
?CheckBoxSelected@CTreeNodeUI@DuiLib@@QAEX_N@Z
?Clear@CRichEditUI@DuiLib@@QAEXXZ
?Close@CWindowWnd@DuiLib@@QAEXI@Z
?CommandStateChange@CWebBrowserUI@DuiLib@@IAEXJF@Z
?Compare@CDuiString@DuiLib@@QBEHPB_W@Z
?CompareNoCase@CDuiString@DuiLib@@QBEHPB_W@Z
?Copy@CRichEditUI@DuiLib@@QAEXXZ
?Create@CDialogBuilder@DuiLib@@QAEPAVCControlUI@2@PAVIDialogBuilderCallback@2@PAVCPaintManagerUI@2@PAV32@@Z
?Create@CDialogBuilder@DuiLib@@QAEPAVCControlUI@2@VSTRINGorID@2@PB_WPAVIDialogBuilderCallback@2@PAVCPaintManagerUI@2@PAV32@@Z
?Create@CWindowWnd@DuiLib@@QAEPAUHWND__@@PAU3@PB_WKKHHHHPAUHMENU__@@@Z
?Create@CWindowWnd@DuiLib@@QAEPAUHWND__@@PAU3@PB_WKKUtagRECT@@PAUHMENU__@@@Z
?CreateControl@CActiveXUI@DuiLib@@QAE_NPB_W@Z
?CreateControl@CActiveXUI@DuiLib@@QAE_NU_GUID@@@Z
?CreateControl@WindowImplBase@DuiLib@@UAEPAVCControlUI@2@PB_W@Z
?CreateDuiWindow@CWindowWnd@DuiLib@@QAEPAUHWND__@@PAU3@PB_WKK@Z
?Cut@CRichEditUI@DuiLib@@QAEXXZ
?DUI__Trace@DuiLib@@YAXPB_WZZ
?DUI__TraceMsg@DuiLib@@YAPB_WI@Z
?Deflate@CDuiRect@DuiLib@@QAEXHH@Z
?DoCreateControl@CActiveXUI@DuiLib@@MAE_NXZ
?DoCreateControl@CWebBrowserUI@DuiLib@@UAE_NXZ
?DoEvent@CButtonUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?DoEvent@CComboUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?DoEvent@CContainerUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?DoEvent@CControlUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?DoEvent@CDateTimeUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?DoEvent@CEditUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?DoEvent@CHorizontalLayoutUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?DoEvent@CImageShowUI@DuiLib@@MAEXAAUtagTEventUI@2@@Z
?DoEvent@CLabelUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?DoEvent@CListBodyUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?DoEvent@CListContainerElementUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?DoEvent@CListElementUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?DoEvent@CListHeaderItemUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?DoEvent@CListLabelElementUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?DoEvent@CListTextElementUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?DoEvent@CListUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?DoEvent@CRichEditUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?DoEvent@CScrollBarUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?DoEvent@CSliderUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?DoEvent@CTextUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?DoEvent@CTreeNodeUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?DoEvent@CVerticalLayoutUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?DoInit@CComboUI@DuiLib@@UAEXXZ
?DoInit@CControlUI@DuiLib@@UAEXXZ
?DoInit@CImageShowUI@DuiLib@@MAEXXZ
?DoInit@CRichEditUI@DuiLib@@UAEXXZ
?DoPaint@CActiveXUI@DuiLib@@UAEXPAUHDC__@@ABUtagRECT@@@Z
?DoPaint@CComboUI@DuiLib@@UAEXPAUHDC__@@ABUtagRECT@@@Z
?DoPaint@CContainerUI@DuiLib@@UAEXPAUHDC__@@ABUtagRECT@@@Z
?DoPaint@CControlUI@DuiLib@@UAEXPAUHDC__@@ABUtagRECT@@@Z
?DoPaint@CListContainerElementUI@DuiLib@@UAEXPAUHDC__@@ABUtagRECT@@@Z
?DoPaint@CListLabelElementUI@DuiLib@@UAEXPAUHDC__@@ABUtagRECT@@@Z
?DoPaint@CRichEditUI@DuiLib@@UAEXPAUHDC__@@ABUtagRECT@@@Z
?DoPaint@CScrollBarUI@DuiLib@@UAEXPAUHDC__@@ABUtagRECT@@@Z
?DoPostPaint@CControlUI@DuiLib@@UAEXPAUHDC__@@ABUtagRECT@@@Z
?DoPostPaint@CHorizontalLayoutUI@DuiLib@@UAEXPAUHDC__@@ABUtagRECT@@@Z
?DoPostPaint@CVerticalLayoutUI@DuiLib@@UAEXPAUHDC__@@ABUtagRECT@@@Z
?Download@CWebBrowserUI@DuiLib@@UAGJPAUIMoniker@@PAUIBindCtx@@KJPAU_tagBINDINFO@@PB_W3I@Z
?DrawColor@CRenderEngine@DuiLib@@SAXPAUHDC__@@ABUtagRECT@@K@Z
?DrawGradient@CRenderEngine@DuiLib@@SAXPAUHDC__@@ABUtagRECT@@KK_NH@Z
?DrawHtmlText@CRenderEngine@DuiLib@@SAXPAUHDC__@@PAVCPaintManagerUI@2@AAUtagRECT@@PB_WKPAU5@PAVCDuiString@2@AAHI@Z
?DrawImage@CControlUI@DuiLib@@QAE_NPAUHDC__@@PB_W1@Z
?DrawImage@CRenderEngine@DuiLib@@SAXPAUHDC__@@PAUHBITMAP__@@ABUtagRECT@@222_NE333@Z
?DrawImageString@CRenderEngine@DuiLib@@SA_NPAUHDC__@@PAVCPaintManagerUI@2@ABUtagRECT@@2PB_W3@Z
?DrawItemBk@CListContainerElementUI@DuiLib@@QAEXPAUHDC__@@ABUtagRECT@@@Z
?DrawItemBk@CListElementUI@DuiLib@@QAEXPAUHDC__@@ABUtagRECT@@@Z
?DrawItemText@CListContainerElementUI@DuiLib@@UAEXPAUHDC__@@ABUtagRECT@@@Z
?DrawItemText@CListLabelElementUI@DuiLib@@UAEXPAUHDC__@@ABUtagRECT@@@Z
?DrawItemText@CListTextElementUI@DuiLib@@UAEXPAUHDC__@@ABUtagRECT@@@Z
?DrawLine@CRenderEngine@DuiLib@@SAXPAUHDC__@@ABUtagRECT@@HKH@Z
?DrawRect@CRenderEngine@DuiLib@@SAXPAUHDC__@@ABUtagRECT@@HK@Z
?DrawRoundRect@CRenderEngine@DuiLib@@SAXPAUHDC__@@ABUtagRECT@@HHHK@Z
?DrawTextW@CRenderEngine@DuiLib@@SAXPAUHDC__@@PAVCPaintManagerUI@2@AAUtagRECT@@PB_WKHI@Z
?Empty@CDuiRect@DuiLib@@QAEXXZ
?Empty@CDuiString@DuiLib@@QAEXXZ
?Empty@CStdPtrArray@DuiLib@@QAEXXZ
?Empty@CStdValArray@DuiLib@@QAEXXZ
?EmptyUndoBuffer@CRichEditUI@DuiLib@@QAEXXZ
?EnableModeless@CWebBrowserUI@DuiLib@@UAGJH@Z
?EnableScrollBar@CContainerUI@DuiLib@@UAEX_N0@Z
?EnableScrollBar@CListUI@DuiLib@@UAEX_N0@Z

Sections

.text
Size: 337KB - Virtual size: 337KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 704KB - Virtual size: 703KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

d31c5eb927119d00232e4d4b0e32fcdb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
MultiByteToWideChar
lstrlenA
GetExitCodeProcess
WaitForSingleObject
Sleep
TerminateProcess
lstrcpyW
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
PeekNamedPipe
GetTickCount
CreateProcessW
GetStartupInfoW
CreatePipe
GetProcAddress
lstrcpynW
DeleteFileW
lstrcmpiW
GetCurrentProcess
lstrcatW
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateFileW
CopyFileW
GetTempFileNameW
GlobalFree
GlobalAlloc
GetModuleFileNameW
ExitProcess
GetCommandLineW
GlobalLock
GetVersion
lstrlenW

user32

SendMessageW
FindWindowExW
CharNextW
wsprintfW
CharPrevW

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsis7z.dll
.dll windows:6 windows x86 arch:x86

2656ea25cde98f31a490513c2db04ae8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LocalFree
FormatMessageW
GetFileInformationByHandle
SetLastError
DeviceIoControl
GetModuleHandleW
GetProcAddress
HeapAlloc
HeapFree
GetProcessHeap
GetSystemTimeAsFileTime
GetStdHandle
WaitForMultipleObjects
GetTickCount
GetConsoleMode
AreFileApisANSI
SetFileApisToOEM
SetFileApisToANSI
GlobalAlloc
GlobalFree
lstrcpynW
lstrcpyW
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
GetModuleFileNameW
LoadLibraryExW
GetCurrentDirectoryW
CreateDirectoryW
CreateSemaphoreW
RemoveDirectoryW
SetFileAttributesW
SetFileTime
GetTempPathW
GetCurrentProcessId
GetCurrentThreadId
MoveFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetModuleHandleA
SetEndOfFile
GetCurrentProcess
GetSystemInfo
GlobalMemoryStatus
GetProcessAffinityMask
IsProcessorFeaturePresent
WriteConsoleW
HeapSize
GetStringTypeW
DecodePointer
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
WaitForSingleObject
CreateEventW
ReleaseSemaphore
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetVersionExW
VirtualFree
VirtualAlloc
GetLastError
CloseHandle
WriteFile
SetFilePointer
ReadFile
GetFileSize
CreateFileW
DeleteFileW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetFilePointerEx
GetFileSizeEx
GetConsoleCP
FlushFileBuffers
GetFileType
HeapReAlloc
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
RtlUnwind
RaiseException
InterlockedFlushSList
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess

user32

SendMessageW
FindWindowExW
SetWindowTextW
GetDlgItem
wsprintfW
CharUpperW

advapi32

SetFileSecurityW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken

oleaut32

VariantClear
SysAllocStringLen
SysStringLen
SysFreeString
VariantCopy

Exports

Exports

Extract
ExtractWithCallback
ExtractWithDetails

Sections

.text
Size: 323KB - Virtual size: 323KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RayLink.7z
.7z
Go_Daddy.cer
RayLink.exe
.exe windows:6 windows x64 arch:x64

cc88004ab2a6ff70f5f091edfb1104ce

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1e:5f:12:f8:c1:39:b5:b4:4b:62:46:1a:96:22:88:d8
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

16/02/2022, 00:00

Not After

15/02/2025, 23:59

Subject

SERIALNUMBER=91440300761988340L,CN=Shenzhen Rayvision Technology Co.\, Ltd.,O=Shenzhen Rayvision Technology Co.\, Ltd.,ST=Guangdong Sheng,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

dd:51:a5:ea:f1:8a:c4:5b:f7:78:d1:d9:6c:48:3a:16:1f:5e:fc:36
Signer

Actual PE Digest

dd:51:a5:ea:f1:8a:c4:5b:f7:78:d1:d9:6c:48:3a:16:1f:5e:fc:36

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\jenkins\workspace3\remote_desktop\Release\bin\Release\RaysyncClient.pdb

Imports

netapi32

NetApiBufferFree
NetShareEnum

userenv

GetUserProfileDirectoryW

winmm

timeSetEvent
waveOutWrite
timeKillEvent
timeGetTime
timeBeginPeriod
timeEndPeriod
PlaySoundW
waveOutClose
waveInReset
waveInStart
waveInAddBuffer
waveInUnprepareHeader
waveInPrepareHeader
waveInClose
waveInOpen
waveInGetDevCapsW
waveInGetNumDevs
waveOutReset
waveOutUnprepareHeader
waveOutGetNumDevs
waveOutGetDevCapsW
waveOutGetErrorTextW
waveOutOpen
waveOutPrepareHeader

imm32

ImmGetDefaultIMEWnd
ImmGetContext
ImmReleaseContext
ImmAssociateContextEx
ImmGetCompositionStringW
ImmGetOpenStatus
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmAssociateContext
ImmGetVirtualKey
ImmGetIMEFileNameA
ImmSetCompositionStringW
ImmGetCandidateListW

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
CM_Get_Device_IDA
CM_Get_Parent
CM_Locate_DevNodeA
SetupDiEnumDeviceInfo

version

GetFileVersionInfoSizeW
VerQueryValueA
GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoA

mfplat

MFCreateAlignedMemoryBuffer
MFCreateMediaType
MFStartup
MFShutdown
MFCreateSample

secur32

EncryptMessage
InitializeSecurityContextA
FreeCredentialsHandle
AcquireCredentialsHandleA
FreeContextBuffer
DeleteSecurityContext
QueryContextAttributesA
DecryptMessage
ApplyControlToken

dxva2

DXVA2CreateVideoService

d3d9

Direct3DCreate9Ex

d3d11

D3D11CreateDevice

dwmapi

DwmGetWindowAttribute
DwmEnableMMCSS
DwmSetWindowAttribute
DwmIsCompositionEnabled
DwmEnableBlurBehindWindow

ws2_32

WSAStartup
WSAIoctl
WSACleanup
WSASetLastError
shutdown
WSARecv
WSASend
__WSAFDIsSet
accept
bind
closesocket
connect
ioctlsocket
getsockname
getsockopt
htonl
htons
WSANtohl
recvfrom
gethostbyname
WSASocketW
WSASendTo
WSARecvFrom
WSAStringToAddressW
getpeername
recv
send
WSAGetLastError
WSANtohs
setsockopt
select
ntohs
ntohl
listen
socket
getaddrinfo
freeaddrinfo
getnameinfo
inet_pton
inet_addr
sendto
WSAAddressToStringW
gethostname
WSAAsyncSelect
WSAAccept
WSAConnect
WSAHtonl

dbghelp

MiniDumpWriteDump

iphlpapi

ConvertInterfaceIndexToLuid
ConvertInterfaceLuidToGuid
GetAdaptersInfo
GetAdaptersAddresses
ConvertInterfaceNameToLuidW
ConvertInterfaceLuidToNameW
ConvertInterfaceLuidToIndex

crypt32

CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFreeCertificateChain
CertGetCertificateChain
CertAddCertificateContextToStore
CertCreateCertificateContext
CertOpenStore
CertFindCertificateInStore
CertOpenSystemStoreW
CertFreeCertificateContext
CertEnumCertificatesInStore
CertCloseStore

kernel32

SignalObjectAndWait
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
InitializeSListHead
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
DecodePointer
RaiseException
GetLastError
PostQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
TlsAlloc
TlsFree
LocalFree
FormatMessageA
GetStdHandle
WriteFile
GetCurrentProcessId
GetCurrentThreadId
GetDynamicTimeZoneInformation
GetConsoleMode
WriteConsoleA
GetConsoleScreenBufferInfo
CreateTimerQueue
GetComputerNameA
CloseHandle
ReleaseMutex
WaitForSingleObject
CreateMutexA
MapViewOfFile
OpenFileMappingA
GetTempPathA
Sleep
GetModuleFileNameW
WinExec
CreateToolhelp32Snapshot
Process32First
Process32Next
VerSetConditionMask
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
InitializeCriticalSectionAndSpinCount
SetEvent
SleepEx
CreateEventW
SetWaitableTimer
WaitForMultipleObjects
QueueUserAPC
TerminateThread
TlsGetValue
TlsSetValue
CreateWaitableTimerA
VerifyVersionInfoA
MultiByteToWideChar
GetFileSize
ReadFile
CreatePipe
CreateProcessA
GetStartupInfoA
SetConsoleTextAttribute
WideCharToMultiByte
GetACP
GetCommandLineW
CreateFileA
SetUnhandledExceptionFilter
GetCurrentProcess
ExitProcess
SetThreadExecutionState
CreateNamedPipeA
LocalAlloc
FindClose
FindFirstFileA
FindNextFileA
GetVersionExA
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
CompareStringEx
OutputDebugStringW
TerminateProcess
IsProcessorFeaturePresent
GetConsoleWindow
GetSystemTime
GetLocalTime
DuplicateHandle
SwitchToThread
CreateThread
GetCurrentThread
SetThreadPriority
GetThreadPriority
ResumeThread
GetSystemInfo
WaitForSingleObjectEx
GetModuleHandleW
GetProcAddress
GetStartupInfoW
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount64
FormatMessageW
CreateFileW
GetFileAttributesExW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
FindFirstFileW
GetFileAttributesW
RtlCaptureContext
GetFullPathNameW
GetLogicalDrives
GetLongPathNameW
RemoveDirectoryW
SetFileTime
GetTempPathW
GetVolumePathNamesForVolumeNameW
SetErrorMode
DeviceIoControl
CopyFileW
MoveFileW
MoveFileExW
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
GetFileInformationByHandleEx
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointer
ConnectNamedPipe
CreateNamedPipeW
GetExitCodeProcess
CreateProcessW
GetProcessId
UnregisterWaitEx
RegisterWaitForSingleObject
FlushFileBuffers
GetDriveTypeW
GetFileType
GetVolumeInformationW
SetEndOfFile
SetFilePointerEx
CreateFileMappingW
UnmapViewOfFile
ResetEvent
VirtualQuery
OpenFileMappingW
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
GetCurrencyFormatW
GetUserDefaultLCID
GetUserPreferredUILanguages
OpenProcess
FreeLibrary
LoadLibraryA
ReadFileEx
PeekNamedPipe
CancelIoEx
WriteFileEx
GetSystemDirectoryW
LoadLibraryW
GetTimeZoneInformation
GetGeoInfoW
GetUserGeoID
FindFirstFileExW
FindNextFileW
ReleaseSemaphore
CreateSemaphoreW
GetModuleHandleExW
GlobalFree
SetHandleInformation
GetFileAttributesA
AttachConsole
OutputDebugStringA
GlobalAlloc
GlobalUnlock
GlobalLock
VerifyVersionInfoW
GlobalSize
GetModuleHandleA
GlobalMemoryStatusEx
GetNumaHighestNodeNumber
GetModuleFileNameA
GetEnvironmentVariableA
GetLogicalDriveStringsW
GetFileTime
SetFileAttributesW
CreateEventA
GetSystemTimeAsFileTime
WaitForMultipleObjectsEx
CreateSemaphoreA
lstrcmpW
GetFileSizeEx
WTSGetActiveConsoleSessionId
ExpandEnvironmentStringsW
CheckRemoteDebuggerPresent
GetUserDefaultLangID
InitializeCriticalSection
CreateMutexW
VirtualAlloc
VirtualFree
GetTickCount
MulDiv
TryEnterCriticalSection
SetEnvironmentVariableA
IsDebuggerPresent
GetOverlappedResult
CancelIo
LoadLibraryExW
CompareStringA
GetSystemPowerStatus
GetLocaleInfoA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WriteConsoleW
InitializeSRWLock
LoadLibraryExA
InitOnceBeginInitialize
InitOnceComplete
GetProcessAffinityMask
InitializeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
WakeConditionVariable
MoveFileExA
InitOnceExecuteOnce
lstrlenW
SetThreadErrorMode
SwitchToFiber
DeleteFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
GetEnvironmentVariableW
ReadConsoleA
ReadConsoleW
SetConsoleMode
OpenEventA
GetLogicalProcessorInformation
LCMapStringW
CompareStringW
GetCPInfo
GetStringTypeW
QueueUserWorkItem
EncodePointer
RtlPcToFileHeader
GetExitCodeThread
GetFileInformationByHandle
SetThreadAffinityMask
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetVersionExW
VirtualProtect
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
RtlUnwindEx
SetConsoleCtrlHandler
ExitThread
GetCommandLineA
GetConsoleCP
SetStdHandle
SystemTimeToTzSpecificLocalTime
SetEnvironmentVariableW
IsValidLocale
EnumSystemLocalesW
IsValidCodePage
GetOEMCP
HeapQueryInformation
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
CreateFileMappingA
GetComputerNameW
RtlUnwind

user32

DestroyIcon
GetAncestor
GetKeyboardLayoutList
RegisterPowerSettingNotification
UnregisterPowerSettingNotification
GetClassInfoW
GetFocus
WindowFromPoint
ChildWindowFromPointEx
GetSysColorBrush
LoadImageW
SetMenu
DrawMenuBar
CreateMenu
CreatePopupMenu
DestroyMenu
InsertMenuW
AppendMenuW
ModifyMenuW
RemoveMenu
TrackPopupMenu
GetMenuItemInfoW
SetMenuItemInfoW
GetMonitorInfoW
EnumDisplayMonitors
LoadIconW
IsHungAppWindow
SetClipboardViewer
ChangeClipboardChain
GetKeyboardLayout
IsWindowEnabled
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
GetKeyboardState
ToAscii
ToUnicode
MapVirtualKeyW
TrackPopupMenuEx
SetCursorPos
GetCursor
LoadCursorW
CreateCursor
CreateIconIndirect
GetCursorInfo
EnumDisplayDevicesW
GetClipboardFormatNameW
TrackMouseEvent
GetMessageExtraInfo
GetTouchInputInfo
CloseTouchInputHandle
GetWindowTextW
RealGetWindowClassW
ChangeWindowMessageFilterEx
MessageBoxA
GetMessageW
CallWindowProcW
GetClassInfoExW
ValidateRect
GetPropW
GetClipCursor
FillRect
IsRectEmpty
GetRawInputData
RegisterWindowMessageA
RegisterDeviceNotificationW
UnregisterDeviceNotification
RegisterClassExA
CreateWindowExA
GetClipboardSequenceNumber
ChangeDisplaySettingsExW
EnumDisplaySettingsW
CopyImage
RegisterRawInputDevices
SetActiveWindow
SetPropW
RemovePropW
GetWindowTextLengthW
GetForegroundWindow
DestroyCursor
SetWindowsHookExW
UnhookWindowsHookEx
CreateIconFromResource
MonitorFromRect
GetRawInputDeviceInfoA
GetRawInputDeviceList
DialogBoxIndirectParamW
EndDialog
GetDlgItem
DrawTextW
DispatchMessageA
PeekMessageA
DefWindowProcA
DrawIcon
FrameRect
FindWindowW
CopyIcon
SendMessageA
GetMessageA
PostMessageA
PostQuitMessage
mouse_event
UpdateWindow
GetWindowLongA
SetWindowLongA
RegisterClipboardFormatA
GetProcessWindowStation
GetUserObjectInformationW
DrawIconEx
GetSysColor
GetSystemMetrics
ReleaseDC
GetDC
EnableMenuItem
GetSystemMenu
CharNextExA
SetWindowLongPtrW
GetWindowLongPtrW
SetTimer
MsgWaitForMultipleObjectsEx
GetQueueStatus
DestroyWindow
CreateWindowExW
UnregisterClassW
RegisterClassW
DefWindowProcW
PeekMessageW
DispatchMessageW
TranslateMessage
GetWindowThreadProcessId
EnumWindows
PostThreadMessageW
PostMessageW
SystemParametersInfoA
SetProcessWindowStation
CloseWindowStation
OpenWindowStationA
CloseDesktop
SetThreadDesktop
OpenInputDesktop
GetIconInfo
LoadCursorA
SetWindowRgn
SetRect
SetParent
SetWindowLongPtrA
GetWindowLongPtrA
MoveWindow
ShowWindow
EnumDisplayDevicesA
EnumDisplaySettingsA
AdjustWindowRectEx
GetWindowRect
IsZoomed
FindWindowA
GetMonitorInfoA
MonitorFromPoint
GetCursorPos
UnregisterClassA
KillTimer
SetWindowPos
GetWindow
GetParent
ScreenToClient
ClientToScreen
SetCursor
GetClientRect
SetWindowTextW
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
GetMenu
ReleaseCapture
SetCapture
GetCapture
IsTouchWindow
UnregisterTouchWindow
RegisterTouchWindow
SetFocus
IsIconic
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
FlashWindowEx
UpdateLayeredWindow
IsChild
SendMessageW
UpdateLayeredWindowIndirect
GetCaretBlinkTime
MessageBeep
IsWindow
GetDoubleClickTime
GetDesktopWindow
MonitorFromWindow
RegisterClipboardFormatW
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
CallNextHookEx
ClipCursor
GetAsyncKeyState
GetKeyState
RemoveClipboardFormatListener
AddClipboardFormatListener
IsClipboardFormatAvailable
GetClipboardOwner
RegisterClassExW
SetWindowLongW
GetWindowLongW
SetLayeredWindowAttributes
PtInRect
SetForegroundWindow
AttachThreadInput
RegisterWindowMessageW
MessageBoxW
IntersectRect
SystemParametersInfoW

gdi32

DeleteDC
CreateCompatibleDC
CreateDCA
CreateSolidBrush
GetICMProfileW
GetDeviceGammaRamp
GetObjectA
GetDIBColorTable
GetObjectW
SetDeviceGammaRamp
CreateDIBitmap
GetRegionData
DeleteObject
CreateRectRgn
GetTextExtentPoint32A
SelectObject
SelectClipRgn
ExtTextOutW
SetWorldTransform
SetTextAlign
SetTextColor
SetGraphicsMode
SetBkMode
GetCharABCWidthsI
GetTextExtentPoint32W
GetOutlineTextMetricsW
GetGlyphOutlineW
GetCharABCWidthsFloatW
GetCharABCWidthsW
GetTextFaceW
GetTextMetricsW
RemoveFontMemResourceEx
AddFontMemResourceEx
RemoveFontResourceExW
AddFontResourceExW
GetStockObject
GetFontData
EnumFontFamiliesExW
CreateFontIndirectW
GetBitmapBits
SwapBuffers
SetPixelFormat
GetPixelFormat
DescribePixelFormat
ChoosePixelFormat
CreateBitmap
CreateDCW
CreateCompatibleBitmap
GetDeviceCaps
SetLayout
OffsetRgn
BitBlt
GdiFlush
CreateDIBSection
CombineRgn
GetDIBits
CreateRoundRectRgn

shell32

CommandLineToArgvW
ord155
ord189
ShellExecuteA
SHGetFileInfoW
SHOpenFolderAndSelectItems
ord74
SHCreateDataObject
DragAcceptFiles
ExtractIconExW
Shell_NotifyIconGetRect
Shell_NotifyIconW
SHBrowseForFolderW
SHGetKnownFolderIDList
SHGetPathFromIDListW
SHGetKnownFolderPath
SHCreateItemFromIDList
ShellExecuteW
ord727
SHGetStockIconInfo
SHGetMalloc
DragFinish
DragQueryFileW
SHGetFolderPathW
SHCreateItemFromParsingName

ole32

OleUninitialize
OleFlushClipboard
OleIsCurrentClipboard
CoInitializeEx
OleGetClipboard
CoInitialize
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleInitialize
CoCreateInstance
CoUninitialize
CoCreateGuid
CoTaskMemFree
OleSetClipboard
DoDragDrop
ReleaseStgMedium
CoGetMalloc
CLSIDFromString
PropVariantClear
CreateBindCtx
CoTaskMemAlloc
OleSaveToStream
StringFromGUID2
OleLoadFromStream

oleaut32

SysAllocString
OleCreatePropertyFrame
SafeArrayCreateVector
SysFreeString
SafeArrayPutElement

comdlg32

GetOpenFileNameA

advapi32

FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCloseKey
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegSetValueExW
CloseServiceHandle
OpenSCManagerA
OpenServiceA
QueryServiceConfigA
RegQueryValueExA
OpenProcessToken
RegOpenKeyExW
RegQueryValueExW
SystemFunction036
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegQueryInfoKeyW
AccessCheck
AllocateAndInitializeSid
CopySid
DuplicateToken
CryptEnumProvidersW
GetLengthSid
GetTokenInformation
MapGenericMask
LookupAccountSidW
GetEffectiveRightsFromAclW
GetNamedSecurityInfoW
BuildTrusteeWithSidW
GetSidSubAuthority
GetSidSubAuthorityCount
RegNotifyChangeKeyValue
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW

dxgi

CreateDXGIFactory
CreateDXGIFactory1

shlwapi

PathFileExistsW
SHCreateStreamOnFileA
ord219
PathIsDirectoryW

mswsock

GetAcceptExSockaddrs
AcceptEx

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

bcrypt

BCryptGenRandom
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

uxtheme

ord47
GetThemePartSize
GetThemeColor
GetCurrentThemeName
IsAppThemed
IsThemeActive
SetWindowTheme
GetThemeBool
IsThemeBackgroundPartiallyTransparent
GetThemeBackgroundRegion
GetThemeInt
CloseThemeData
GetThemeTransitionDuration
GetThemePropertyOrigin
GetThemeMargins
GetThemeEnumValue
OpenThemeData

Exports

Exports

FT_Glyph_Stroke
FT_Glyph_StrokeBorder
FT_Outline_GetInsideBorder
FT_Outline_GetOutsideBorder
FT_Stroker_BeginSubPath
FT_Stroker_ConicTo
FT_Stroker_CubicTo
FT_Stroker_Done
FT_Stroker_EndSubPath
FT_Stroker_Export
FT_Stroker_ExportBorder
FT_Stroker_GetBorderCounts
FT_Stroker_GetCounts
FT_Stroker_LineTo
FT_Stroker_New
FT_Stroker_ParseOutline
FT_Stroker_Rewind
FT_Stroker_Set

Sections

.text
Size: 32.2MB - Virtual size: 32.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22.0MB - Virtual size: 22.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 354KB - Virtual size: 8.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmimed
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 234KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RayLinkCapturer.exe
.exe windows:6 windows x64 arch:x64

3205960fd364ec2cef2c3161f72bae0d

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1e:5f:12:f8:c1:39:b5:b4:4b:62:46:1a:96:22:88:d8
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

16/02/2022, 00:00

Not After

15/02/2025, 23:59

Subject

SERIALNUMBER=91440300761988340L,CN=Shenzhen Rayvision Technology Co.\, Ltd.,O=Shenzhen Rayvision Technology Co.\, Ltd.,ST=Guangdong Sheng,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

58:e2:6d:40:b1:6c:45:8c:2b:a9:8b:8d:f8:ac:26:cc:21:70:c4:19
Signer

Actual PE Digest

58:e2:6d:40:b1:6c:45:8c:2b:a9:8b:8d:f8:ac:26:cc:21:70:c4:19

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\jenkins\workspace3\remote_desktop\Release\bin\Release\av_capturer.pdb

Imports

dxgi

CreateDXGIFactory
CreateDXGIFactory1

d3d11

D3D11CreateDevice

d3d9

Direct3DCreate9Ex

dxva2

DXVA2CreateDirect3DDeviceManager9

user32

CloseDesktop
GetUserObjectInformationA
GetSystemMetrics
ShowWindow
SetWindowPos
GetCursorPos
GetClassNameA
DestroyIcon
CopyIcon
GetIconInfo
GetCursorInfo
PostMessageA
IsWindow
OpenIcon
SetWinEventHook
UnhookWinEvent
SetThreadDesktop
OpenWindowStationA
CloseWindowStation
SetProcessWindowStation
AttachThreadInput
SetFocus
GetKeyState
OemKeyScan
mouse_event
SendInput
MapVirtualKeyA
SetCapture
ReleaseCapture
LoadIconA
GetForegroundWindow
SetForegroundWindow
FindWindowA
GetRawInputDeviceList
GetDC
ReleaseDC
GetWindowRect
WindowFromPoint
LoadCursorA
DrawIconEx
GetMonitorInfoA
GetGUIThreadInfo
GetClipboardOwner
EmptyClipboard
IsClipboardFormatAvailable
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
ClientToScreen
EndPaint
BeginPaint
IsWindowVisible
IsIconic
GetClientRect
GetWindowLongPtrA
GetDesktopWindow
FindWindowExA
EnumWindows
AddClipboardFormatListener
RemoveClipboardFormatListener
CloseClipboard
SetClipboardData
GetClipboardData
PostThreadMessageA
OpenInputDesktop
UpdateWindow
OpenClipboard
CreateWindowExA
SetActiveWindow
GetWindowThreadProcessId
ChangeDisplaySettingsExA
EnumDisplaySettingsA
EnumDisplayDevicesA
EnumDisplayMonitors
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
PostQuitMessage
SetWindowsHookExA
PeekMessageA
MonitorFromRect
UnhookWindowsHookEx
RegisterClassExA

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty

vigem_client

vigem_free
vigem_target_x360_update
vigem_target_remove
vigem_target_add
vigem_target_free
vigem_target_x360_alloc
vigem_disconnect
vigem_connect
vigem_alloc

setupapi

SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList

hid

HidD_GetHidGuid
HidD_GetPreparsedData
HidD_FreePreparsedData
HidD_GetAttributes
HidP_GetCaps

ws2_32

WSASendTo
connect
closesocket
getpeername
ioctlsocket
__WSAFDIsSet
getsockopt
ntohs
recv
WSARecvFrom
select
send
setsockopt
shutdown
socket
WSAStartup
WSACleanup
WSAGetLastError
WSASocketW
getaddrinfo
freeaddrinfo
gethostname
htonl
htons
ntohl
getsockname
WSASetLastError
WSARecv
WSASend
WSAAddressToStringW
accept
bind
listen
WSAIoctl
WSAStringToAddressW
gethostbyname
inet_ntoa
getnameinfo

dbghelp

MiniDumpWriteDump

interception

interception_create_context
interception_destroy_context
interception_send

msdk

M_MiddleUp
M_MiddleDown
M_ReleaseAllMouse
M_MouseWheel
M_RightUp
M_RightDown
M_LeftUp
M_LeftDown
M_KeyInputStringGBK
M_ReleaseAllKey
M_MoveR2
M_ResolutionUsed
M_MoveTo3
M_Close
M_Open
M_KeyDown2
M_InitParam
M_SetParam
M_KeyUp2

kernel32

OutputDebugStringW
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
GetStringTypeW
EncodePointer
RtlPcToFileHeader
DuplicateHandle
CreateTimerQueue
SignalObjectAndWait
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetVersionExW
VirtualProtect
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlUnwindEx
ExitThread
GetFullPathNameW
SetEnvironmentVariableW
SetCurrentDirectoryW
CreateDirectoryW
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
GetConsoleCP
GetTimeZoneInformation
DeleteFileW
MoveFileExW
SetConsoleCtrlHandler
RemoveDirectoryW
SetFileAttributesW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetACP
GetOEMCP
SetStdHandle
FindFirstFileExW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
InitializeSRWLock
SleepConditionVariableSRW
GetSystemDirectoryW
LoadLibraryExA
CreateFileMappingW
GetFinalPathNameByHandleW
GetModuleFileNameA
SetUnhandledExceptionFilter
FileTimeToSystemTime
SetFilePointerEx
SetEndOfFile
GetFileAttributesExW
FlushFileBuffers
GetNumaNodeProcessorMaskEx
GetNumaHighestNodeNumber
GlobalMemoryStatusEx
HeapSize
HeapReAlloc
SystemTimeToFileTime
GetSystemTime
SetConsoleMode
ReadConsoleW
ReadConsoleA
GetEnvironmentVariableW
ConvertThreadToFiber
RtlUnwind
FindFirstFileW
ConvertFiberToThread
CreateFiber
DeleteFiber
SwitchToFiber
GetFileType
GetLogicalProcessorInformation
ResumeThread
OpenEventA
GetFileSizeEx
CreateSemaphoreA
WaitForMultipleObjectsEx
WaitForSingleObjectEx
GetProcessHeap
HeapFree
HeapAlloc
VerifyVersionInfoA
CreateWaitableTimerA
FormatMessageW
FormatMessageA
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateThread
GetLastError
ExitProcess
WTSGetActiveConsoleSessionId
OutputDebugStringA
DecodePointer
CloseHandle
RaiseException
InitializeCriticalSectionEx
DeleteCriticalSection
WaitForSingleObject
GetProcessTimes
GetCurrentProcess
TerminateProcess
CreateProcessA
OpenProcess
GetSystemInfo
GetSystemTimeAsFileTime
GetVersionExA
K32QueryWorkingSet
K32GetProcessMemoryInfo
GetCurrentThreadId
SetPriorityClass
GetPriorityClass
GetModuleHandleA
GetExitCodeProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
ReleaseMutex
CreateMutexA
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
CreateFileMappingA
OpenFileMappingA
VerSetConditionMask
GetCurrentProcessId
VerifyVersionInfoW
K32GetProcessImageFileNameA
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
CreateMutexW
OpenMutexW
CreateEventW
Sleep
CreateSemaphoreW
GetTickCount
VirtualAlloc
VirtualFree
FreeLibrary
GetProcAddress
LoadLibraryExW
FindClose
HeapQueryInformation
FindNextFileW
GetFileAttributesW
GetModuleFileNameW
SetThreadErrorMode
GetModuleHandleExW
SwitchToThread
CreateEventA
LoadLibraryA
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
IsWow64Process
CreateProcessW
CreateFileW
OpenEventW
OpenFileMappingW
GetModuleHandleW
LocalFree
CreateFileA
ReadFile
WriteFile
ConnectNamedPipe
GetOverlappedResult
CancelIoEx
CreateThread
CreateNamedPipeA
SetLastError
GetExitCodeThread
LoadLibraryW
SetHandleInformation
CreatePipe
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
GetCurrentDirectoryW
InitOnceBeginInitialize
InitOnceComplete
GetStdHandle
GetConsoleMode
WriteConsoleW
InitializeCriticalSectionAndSpinCount
GetCurrentThread
GetProcessAffinityMask
SetThreadPriority
GetThreadPriority
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
SleepEx
SetWaitableTimer
WaitForMultipleObjects
QueueUserAPC

gdi32

CreateDIBSection
CreateDIBitmap
GetDIBits
DeleteObject
GetBitmapBits
GetObjectA
BitBlt
CreateCompatibleDC
CreateDCA
SelectObject
DeleteDC

ole32

CoUninitialize
CoInitializeEx
CoTaskMemAlloc
CoTaskMemFree
PropVariantClear
CoCreateInstance

advapi32

CryptDestroyHash
CryptEnumProvidersW
CryptSignHashW
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
OpenProcessToken
CreateProcessAsUserA
GetUserNameA
LogonUserA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertSidToStringSidW
GetTokenInformation
GetSidLengthRequired
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExW

winmm

timeEndPeriod
timeBeginPeriod
timeGetDevCaps
timeGetTime

mswsock

GetAcceptExSockaddrs
AcceptEx

bcrypt

BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptGenRandom

Exports

Exports

os_process_pipe_create
os_process_pipe_destroy
os_process_pipe_read
os_process_pipe_read_err
os_process_pipe_write

Sections

.text
Size: 7.7MB - Virtual size: 7.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 573KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 290KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RayLinkCapturer.ini
RayLinkService.exe
.exe windows:6 windows x64 arch:x64

941927617176511b425a1027af3cb498

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1e:5f:12:f8:c1:39:b5:b4:4b:62:46:1a:96:22:88:d8
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

16/02/2022, 00:00

Not After

15/02/2025, 23:59

Subject

SERIALNUMBER=91440300761988340L,CN=Shenzhen Rayvision Technology Co.\, Ltd.,O=Shenzhen Rayvision Technology Co.\, Ltd.,ST=Guangdong Sheng,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fc:ee:55:84:10:33:16:39:61:5c:4d:7e:2f:77:79:3c:ca:4d:02:9b
Signer

Actual PE Digest

fc:ee:55:84:10:33:16:39:61:5c:4d:7e:2f:77:79:3c:ca:4d:02:9b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\jenkins\workspace3\remote_desktop\Release\bin\Release\raysync_service.pdb

Imports

raysync-proxy-server-lib

TyphoonProxy_RestartSdnRoot
TyphoonProxy_GetNodeId
TyphoonProxy_UninitServer
TyphoonProxy_CheckSdnIsOnline
TyphoonServerProxy_SetConnectionStatusCb
TyphoonProxy_SetSDNLocalTcpProxyPort
TyphoonProxy_InitServer

raysync-multi-proxy-client-plus

TyphoonMultiProxy_SetMaxSendSpeed
TyphoonMultiProxy_AddHttpFirewallAllowAddress
TyphoonMultiProxy_SetHttpServiceFecPercent
TyphoonMultiProxy_SDNId2IpPort
TyphoonMultiProxy_SetMinSendSpeed
TyphoonMultiProxy_SetServiceIdleTimout
TyphoonMultiProxy_CreateHttpService
TyphoonMultiProxy_CloseConnect
TyphoonMultiProxy_SetConnRecvSpeed
TyphoonMultiProxy_CreateNewTyphoonConn
TyphoonMultiProxy_GetSdnNodeId
TyphoonMultiProxy_SetConnectionStatusCb
TyphoonMultiProxy_InitClient

crypt32

CertOpenSystemStoreW
CertOpenStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertFreeCertificateContext
CertCloseStore
CertEnumCertificatesInStore

ws2_32

htonl
htons
inet_ntop
WSAStringToAddressW
WSAAddressToStringW
WSASend
WSARecv
WSAIoctl
WSASetLastError
listen
getsockname
accept
sendto
inet_addr
bind
gethostbyname
inet_ntoa
inet_pton
getnameinfo
freeaddrinfo
getaddrinfo
WSASocketW
WSAGetLastError
socket
shutdown
setsockopt
send
select
recv
getsockopt
getpeername
ioctlsocket
connect
closesocket
__WSAFDIsSet
WSACleanup
WSAStartup
ntohs
ntohl

dbghelp

MiniDumpWriteDump
UnDecorateSymbolName

iphlpapi

GetAdaptersInfo
GetIfTable
GetAdaptersAddresses

kernel32

GetModuleFileNameW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetThreadPriority
LoadLibraryExW
CreateThread
SignalObjectAndWait
CreateTimerQueue
OutputDebugStringW
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetVersionExW
VirtualAlloc
VirtualFree
SetThreadPriority
GetStdHandle
WriteFile
GetLastError
GetCurrentProcessId
GetCurrentThreadId
WinExec
GetDynamicTimeZoneInformation
GetConsoleMode
WriteConsoleA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
CreateDirectoryA
CreateFileA
CloseHandle
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
OpenProcess
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
WTSGetActiveConsoleSessionId
GetFileSize
ReadFile
OutputDebugStringA
CreatePipe
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessA
GetVersionExA
GetStartupInfoA
GetComputerNameW
MultiByteToWideChar
WideCharToMultiByte
GetACP
CreateEventA
WaitNamedPipeA
GetFileAttributesA
AttachConsole
SetEvent
PostQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WaitForMultipleObjects
QueueUserAPC
TerminateThread
TlsAlloc
TlsFree
LocalFree
FormatMessageA
FormatMessageW
VerSetConditionMask
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
InitializeCriticalSectionAndSpinCount
SleepEx
CreateEventW
CreateProcessW
TlsGetValue
TlsSetValue
VerifyVersionInfoA
GetSystemTimeAsFileTime
CreateWaitableTimerA
InterlockedPopEntrySList
HeapFree
GetProcessHeap
ReleaseSemaphore
WaitForSingleObjectEx
WaitForMultipleObjectsEx
CreateSemaphoreA
ReleaseMutex
CreateMutexW
GetFileSizeEx
FindClose
FindFirstFileW
FindNextFileW
QueryPerformanceCounter
QueryPerformanceFrequency
DecodePointer
RaiseException
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
GetSystemInfo
GetProcAddress
GetNumaHighestNodeNumber
CreateFileW
FlushFileBuffers
GetFileAttributesExW
SetEndOfFile
SetFilePointerEx
FileTimeToSystemTime
CreateDirectoryW
DeleteFileW
GetFileAttributesW
GetFileTime
RemoveDirectoryW
SetFileAttributesW
SetFilePointer
SetFileTime
DeviceIoControl
MoveFileW
GetEnvironmentVariableA
GetLogicalDriveStringsW
GetTickCount
ExitProcess
GlobalAlloc
lstrlenW
GlobalUnlock
GlobalLock
ResetEvent
OpenEventA
ResumeThread
GetLogicalProcessorInformation
GetFileType
GetModuleHandleW
GetModuleHandleExW
FreeLibrary
LoadLibraryA
LoadLibraryW
SwitchToFiber
DeleteFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
GetEnvironmentVariableW
ReadConsoleA
RtlUnwind
SetConsoleMode
GetSystemTime
SystemTimeToFileTime
GetCurrentDirectoryW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
GetStringTypeW
EncodePointer
RtlPcToFileHeader
TryEnterCriticalSection
GetExitCodeThread
GetCurrentThread
SwitchToThread
DuplicateHandle
LoadLibraryExA
VirtualQuery
VirtualProtect
InterlockedPushEntrySList
ExitThread
GetDriveTypeW
GetFullPathNameW
GetTimeZoneInformation
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlUnwindEx
GetCommandLineA
GetCommandLineW
HeapAlloc
SetConsoleCtrlHandler
MoveFileExW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
SetEnvironmentVariableW
SetCurrentDirectoryW
GetConsoleCP
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
SetWaitableTimer
ReadConsoleW

user32

KillTimer
SetTimer
mouse_event
GetAsyncKeyState
AddClipboardFormatListener
SetWindowPos
SetLayeredWindowAttributes
ShowWindow
UpdateWindow
RegisterClassExA
PostQuitMessage
DefWindowProcA
RemoveClipboardFormatListener
RegisterClipboardFormatA
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
GetForegroundWindow
SetForegroundWindow
IsClipboardFormatAvailable
EndPaint
GetWindowRect
SetCursorPos
GetCursorPos
PtInRect
GetWindowLongA
SetWindowLongA
GetWindowLongPtrA
SetWindowLongPtrA
GetWindowThreadProcessId
LoadCursorA
OpenClipboard
CloseClipboard
GetClipboardOwner
CreateWindowExA
GetClipboardData
BeginPaint
AttachThreadInput
PostMessageA
DispatchMessageA
TranslateMessage
GetMessageA
UnregisterClassA
RegisterPowerSettingNotification
UnregisterDeviceNotification
RegisterDeviceNotificationA
LockWorkStation
FindWindowA
SendMessageA
EnumDisplayDevicesA
EnumDisplaySettingsA
ChangeDisplaySettingsExA

shell32

ord74
SHCreateDataObject
DragFinish
DragQueryFileW
SHGetKnownFolderPath
ShellExecuteA

ole32

DoDragDrop
RevokeDragDrop
RegisterDragDrop
OleSetClipboard
OleInitialize
CoTaskMemFree
CoInitialize
PropVariantClear
CoCreateInstance
CoUninitialize

advapi32

OpenProcessToken
DuplicateTokenEx
SetTokenInformation
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegDeleteKeyValueA
RegSetKeyValueA
ChangeServiceConfigA
ChangeServiceConfig2A
CloseServiceHandle
ControlService
CreateServiceA
DeleteService
OpenSCManagerA
OpenServiceA
RegisterServiceCtrlHandlerExA
SetServiceStatus
StartServiceCtrlDispatcherA
StartServiceA
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
CreateProcessAsUserA

wtsapi32

WTSQueryUserToken
WTSEnumerateSessionsA
WTSQuerySessionInformationA
WTSFreeMemory

sas

SendSAS

dxgi

CreateDXGIFactory

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo

userenv

CreateEnvironmentBlock

mswsock

GetAcceptExSockaddrs
AcceptEx

shlwapi

ord219
PathFileExistsW
PathIsDirectoryW

bcrypt

BCryptGenRandom

Sections

.text
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 704KB - Virtual size: 753KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 315KB - Virtual size: 314KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RayLinkVDAController.dll
.dll windows:6 windows x64 arch:x64

a7d35aca2964710f4bfbb389d409a714

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1e:5f:12:f8:c1:39:b5:b4:4b:62:46:1a:96:22:88:d8
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

16/02/2022, 00:00

Not After

15/02/2025, 23:59

Subject

SERIALNUMBER=91440300761988340L,CN=Shenzhen Rayvision Technology Co.\, Ltd.,O=Shenzhen Rayvision Technology Co.\, Ltd.,ST=Guangdong Sheng,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

aa:ff:11:1d:31:de:3c:c8:9d:9a:7b:4d:97:32:be:60:6b:b3:0a:57
Signer

Actual PE Digest

aa:ff:11:1d:31:de:3c:c8:9d:9a:7b:4d:97:32:be:60:6b:b3:0a:57

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\work\raysync\remote_desktop\RayLinkVirtualDisplayAdapter\x64\Release\RayLinkVDAController.pdb

Imports

kernel32

Sleep
GetLastError
SetEvent
CloseHandle
CreateFileW
GetProcessHeap
WriteConsoleW
WaitForSingleObject
DeviceIoControl
CreateEventW
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetStringTypeW
SetFilePointerEx
GetFileSizeEx
SetStdHandle
GetConsoleMode
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
LCMapStringW
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
WriteFile
GetConsoleCP

ole32

CoCreateGuid

cfgmgr32

SwDeviceClose
SwDeviceCreate

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW

newdev

DiUninstallDriverW
UpdateDriverForPlugAndPlayDevicesW

Exports

Exports

DeviceClose
DeviceCreate
GetLastMsg
InstallUpdate
IsDeviceCreated
MonitorModesUpdate
MonitorPlugIn
MonitorPlugOut
SetPrintErrMsg
Uninstall

Sections

.text
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RayLinkWatch.exe
.exe windows:6 windows x64 arch:x64

90b08499ea68d895ee5bc22feb26b3f5

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1e:5f:12:f8:c1:39:b5:b4:4b:62:46:1a:96:22:88:d8
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

16/02/2022, 00:00

Not After

15/02/2025, 23:59

Subject

SERIALNUMBER=91440300761988340L,CN=Shenzhen Rayvision Technology Co.\, Ltd.,O=Shenzhen Rayvision Technology Co.\, Ltd.,ST=Guangdong Sheng,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ee:7a:22:1e:9b:1a:26:c6:ec:31:37:2a:63:7f:a7:37:67:c9:b4:ad
Signer

Actual PE Digest

ee:7a:22:1e:9b:1a:26:c6:ec:31:37:2a:63:7f:a7:37:67:c9:b4:ad

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\jenkins\workspace3\remote_desktop\Release\bin\Release\raysync_watchdog.pdb

Imports

ws2_32

bind
closesocket
getpeername
getsockname
htons
inet_addr
listen
ntohs
recv
WSASend
WSARecv
WSAIoctl
getprotobynumber
getservbyname
getsockopt
ioctlsocket
connect
WSAGetOverlappedResult
WSAGetLastError
WSASetLastError
ntohl
htonl
getnameinfo
freeaddrinfo
getaddrinfo
WSASocketW
WSACleanup
WSAStartup
socket
shutdown
setsockopt
send
select
accept

dbghelp

SymSetOptions
SymCleanup
MakeSureDirectoryPathExists
SymFromAddr
UnDecorateSymbolName
SymInitialize

kernel32

DeleteFileW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
SetEndOfFile
GetTimeZoneInformation
GetCurrentDirectoryW
CreatePipe
GetExitCodeProcess
GetFileSizeEx
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
HeapReAlloc
HeapFree
HeapAlloc
GetCommandLineW
GetCommandLineA
SetFilePointerEx
SetStdHandle
ResumeThread
ExitThread
GetModuleHandleExW
ReadConsoleW
ReadFile
SetConsoleCtrlHandler
GetConsoleMode
GetConsoleCP
WriteFile
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
CreateFileW
CloseHandle
GetLastError
Sleep
GetCurrentProcess
GetCurrentProcessId
ExitProcess
TerminateProcess
GetCurrentThreadId
HeapSize
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
FindClose
FindFirstFileExW
FindNextFileW
GetFullPathNameW
OutputDebugStringA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetWindowsDirectoryA
GetTempPathA
GetComputerNameA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
RtlCaptureStackBackTrace
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetSystemDirectoryA
FreeLibrary
GetProcAddress
LocalAlloc
LocalFree
FormatMessageA
LoadLibraryA
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreA
GetSystemInfo
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
GetFileType
GetFileInformationByHandle
GetDriveTypeW
CreateProcessW
GetFileAttributesExW
WriteConsoleW
CreateProcessA
RaiseException
RtlPcToFileHeader
EncodePointer
DecodePointer
RtlUnwind
DuplicateHandle
WaitForSingleObjectEx
SwitchToThread
GetCurrentThread
GetExitCodeThread
GetNativeSystemInfo
TryEnterCriticalSection
GetCPInfo
SetLastError
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
SetEvent
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
RtlUnwindEx

advapi32

CryptAcquireContextA
CryptGenRandom

Sections

.text
Size: 678KB - Virtual size: 677KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 231KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RaySync-Multi-Proxy-Client-Plus.dll
.dll windows:6 windows x64 arch:x64

94a3aed0014abecada25b545afef76bd

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1e:5f:12:f8:c1:39:b5:b4:4b:62:46:1a:96:22:88:d8
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

16/02/2022, 00:00

Not After

15/02/2025, 23:59

Subject

SERIALNUMBER=91440300761988340L,CN=Shenzhen Rayvision Technology Co.\, Ltd.,O=Shenzhen Rayvision Technology Co.\, Ltd.,ST=Guangdong Sheng,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

51:0e:1a:53:7a:e8:a2:8c:c5:b2:a5:0a:c2:46:93:05:b0:82:0b:96
Signer

Actual PE Digest

51:0e:1a:53:7a:e8:a2:8c:c5:b2:a5:0a:c2:46:93:05:b0:82:0b:96

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

F:\project\TyphoonV6_git_v2\cmakeRayLinkRelease\x64\bin\Release\RaySync-Multi-Proxy-Client-Plus.pdb

Imports

raysync-proxy-server-lib

TyphoonProxy_writeLog
TyphoonProxy_GetServerInstance

raysync

??0ITyPhoonConnCallBack@@QEAA@XZ
?Typhoon_GetVersion@ITyphoon@@SAPEADXZ
?CreateTyphoon@@YAPEAVITyphoon@@PEBD0HH@Z
?DestroyTyphoon@@YAXPEAVITyphoon@@@Z
?GetTyphoonCfg@@YAPEAUTyphoonCfg@@XZ
?TyphoonIsUseSDN@@YA_NXZ
?TyphoonSDNId2IpPort@@YAXPEAD0HPEAF@Z
?TyphoonGetNodeId@@YA_KXZ
?OnAuthChange@ITyPhoonConnCallBack@@UEAAXPEAVITyPhoonConn@@PEAUTyphoonProxyLicense@@@Z
?OnTimer@ITyPhoonConnCallBack@@UEAAIPEAVITyPhoonConn@@@Z

ws2_32

WSAGetLastError
setsockopt
ioctlsocket
WSAIoctl
htonl
htons
ntohs
ntohl
WSARecv
FreeAddrInfoW
getsockname
getpeername
WSASocketW
listen
WSASend
closesocket
bind
WSASetLastError
socket
GetAddrInfoW

kernel32

GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
SetEndOfFile
HeapSize
GetProcessHeap
SetEnvironmentVariableA
ReleaseMutex
WaitForSingleObject
CreateMutexA
GetLocalTime
GetStdHandle
WriteFile
GetLastError
Sleep
GetCurrentProcessId
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetConsoleMode
CloseHandle
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
GetFileType
CancelIo
SetHandleInformation
RegisterWaitForSingleObject
UnregisterWait
PostQueuedCompletionStatus
CancelIoEx
SwitchToThread
CreateEventA
CreateIoCompletionPort
SetFileCompletionNotificationModes
SetLastError
GetModuleFileNameW
InitializeCriticalSection
GetVersionExW
FreeEnvironmentStringsW
GetEnvironmentStringsW
ReadFile
GetLogicalProcessorInformation
FindClose
CreateFileW
SetFilePointerEx
MoveFileExW
FlushFileBuffers
SleepConditionVariableCS
TryEnterCriticalSection
TlsSetValue
ReleaseSemaphore
WakeConditionVariable
InitializeConditionVariable
ResumeThread
DuplicateHandle
GetCurrentThread
TlsAlloc
GetNativeSystemInfo
TlsGetValue
TlsFree
LocalFree
FormatMessageA
DebugBreak
CreateNamedPipeW
QueueUserWorkItem
CancelSynchronousIo
CreateFileA
ConnectNamedPipe
UnregisterWaitEx
LCMapStringW
GetConsoleCursorInfo
SetConsoleCursorInfo
FillConsoleOutputCharacterW
ReadConsoleW
WriteConsoleInputW
FillConsoleOutputAttribute
WriteConsoleW
SetConsoleCursorPosition
GetModuleHandleA
FileTimeToLocalFileTime
FindFirstFileA
FileTimeToDosDateTime
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
GetThreadTimes
VirtualAlloc
VirtualFree
VirtualProtect
InterlockedPopEntrySList
QueryDepthSList
FindFirstFileExA
GetTimeZoneInformation
DeleteFileW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
HeapReAlloc
HeapFree
HeapAlloc
GetFileAttributesExW
GetConsoleCP
SetStdHandle
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
InterlockedFlushSList
InterlockedPushEntrySList
LoadLibraryExW
LoadLibraryW
CreateSemaphoreA
FreeLibrary
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
GetTickCount
EncodePointer
DecodePointer
CompareStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
RtlPcToFileHeader
RaiseException

user32

MapVirtualKeyW

Exports

Exports

TyphoonMultiProxy_AddHttpFirewallAllowAddress
TyphoonMultiProxy_CloseConnect
TyphoonMultiProxy_CloseHttpService
TyphoonMultiProxy_CreateHttpService
TyphoonMultiProxy_CreateLocalPortForwardService
TyphoonMultiProxy_CreateNewConnect
TyphoonMultiProxy_CreateNewConnectEx
TyphoonMultiProxy_CreateNewTyphoonConn
TyphoonMultiProxy_CreateNewTyphoonConnVia
TyphoonMultiProxy_CreateRemoteHttpService
TyphoonMultiProxy_CreateRemotePortForwardService
TyphoonMultiProxy_CreateRemoteSocketService
TyphoonMultiProxy_DelHttpFirewallAllowAddress
TyphoonMultiProxy_DisableCompress
TyphoonMultiProxy_DisableGSO
TyphoonMultiProxy_EnableCompress
TyphoonMultiProxy_EnableGSO
TyphoonMultiProxy_ExitClient
TyphoonMultiProxy_GetClientVersion
TyphoonMultiProxy_GetConnectUserData
TyphoonMultiProxy_GetConnectionDropRate
TyphoonMultiProxy_GetConnectionRTT
TyphoonMultiProxy_GetConnectionStatus
TyphoonMultiProxy_GetConnectionStatusCb
TyphoonMultiProxy_GetCurSendSpeed
TyphoonMultiProxy_GetHttpPort
TyphoonMultiProxy_GetMaxAuthSendSpeed
TyphoonMultiProxy_GetMaxSendSpeed
TyphoonMultiProxy_GetMinSendSpeed
TyphoonMultiProxy_GetMss
TyphoonMultiProxy_GetQueryMss
TyphoonMultiProxy_GetQueryPeerDropRate
TyphoonMultiProxy_GetQueryPeerRTT
TyphoonMultiProxy_GetRemoteAddr
TyphoonMultiProxy_GetSdnNodeId
TyphoonMultiProxy_GetSocks5Port
TyphoonMultiProxy_GetUserData
TyphoonMultiProxy_GetWanAddr
TyphoonMultiProxy_InitClient
TyphoonMultiProxy_InitClientEx
TyphoonMultiProxy_IsCompressEnabled
TyphoonMultiProxy_RestartConnect
TyphoonMultiProxy_SDNId2IpPort
TyphoonMultiProxy_SetConnRecvSpeed
TyphoonMultiProxy_SetConnectUserData
TyphoonMultiProxy_SetConnectionStatusCb
TyphoonMultiProxy_SetHighSpeedMode
TyphoonMultiProxy_SetHttpServiceFecPercent
TyphoonMultiProxy_SetMaxSendSpeed
TyphoonMultiProxy_SetMinSendSpeed
TyphoonMultiProxy_SetMss
TyphoonMultiProxy_SetMultiSender
TyphoonMultiProxy_SetServiceIdleTimout
TyphoonMultiProxy_SetSocks5ProxyConfig
TyphoonMultiProxy_SetTcpIdleTimout
TyphoonMultiProxy_SetTransferMode
TyphoonMultiProxy_SetUserData

Sections

.text
Size: 513KB - Virtual size: 512KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 25B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RaySync-Proxy-Server-Lib.dll
.dll windows:6 windows x64 arch:x64

d7cfc9715e2b104b6fbcb544021feda6

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1e:5f:12:f8:c1:39:b5:b4:4b:62:46:1a:96:22:88:d8
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

16/02/2022, 00:00

Not After

15/02/2025, 23:59

Subject

SERIALNUMBER=91440300761988340L,CN=Shenzhen Rayvision Technology Co.\, Ltd.,O=Shenzhen Rayvision Technology Co.\, Ltd.,ST=Guangdong Sheng,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a3:49:fe:b3:a9:9a:7f:b4:64:4f:17:db:aa:d2:fb:36:0d:8e:0d:05
Signer

Actual PE Digest

a3:49:fe:b3:a9:9a:7f:b4:64:4f:17:db:aa:d2:fb:36:0d:8e:0d:05

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

F:\project\TyphoonV6_git_v2\cmakeRayLinkRelease\x64\bin\Release\RaySync-Proxy-Server-Lib.pdb

Imports

raysync

Typhoon_UseSDN
CreateHTyPhoonConnCallBack
DestroyHTyPhoonConnCallBack
TyphoonChannel_IsWritable
TyphoonChannel_Send
TyphoonChannel_SendWithAllFunction
TyphoonChannel_Recv
TyphoonChannel_Shutdown
TyphoonChannel_SetUserData
TyphoonChannel_GetUserData
TyphoonChannel_EnableWritableWatch
TyphoonChannel_DisableWritableWatch
TyphoonChannel_GetWritableWatch
TyphoonChannel_ChannelId
CreateHTyphoonConn
Typhoon_SynchronizedExecute
TyphoonConn_IsServer
TyphoonConn_IsClient
TyphoonChannel_OpenBySelf
Typhoon_SetSDNLocalTcpProxyPort
Typhoon_CheckSdnIsOnline
Typhoon_ExitSDN
Typhoon_InitSDN
Typhoon_SetSDNPort
Typhoon_SetCaPath
DestroyHTyphoonConn
TyphoonConn_ConnectTo
TyphoonConn_ConnectToEx
TyphoonConn_IsConnected
TyphoonConn_OpenChannel
TyphoonConn_SetUserData
TyphoonConn_GetUserData
TyphoonConn_GetFixedSendSpeed
TyphoonConn_SetMaxSendSpeed
TyphoonConn_GetMaxSendSpeed
TyphoonConn_SetMinSendSpeed
TyphoonConn_GetMinSendSpeed
TyphoonConn_TraverseChannels
TyphoonConn_QueryRTT
TyphoonConn_QueryDropRate
TyphoonConn_GetDefaultChannel
TyphoonConn_GetMaxAuthSendSpeed
TyphoonConn_SetAuth
TyphoonConn_GetWanAddr
TyphoonConn_GetRemoteAddr
TyphoonConn_GetTransferMode
TyphoonConn_SetPacketLoss
Typhoon_DisableUdpCheckSum
TyphoonChannel_Close
TyphoonConn_SetSDNViaNode
CreateHTyphoon
TyphoonChannel_SendWithMaxCount
TyphoonChannel_CompressSend
TyphoonBuff_GetLen
TyphoonBuff_GetBuff
DestroyHTyphoonBuff
Typhoon_GetNodeId
DestroyHTyphoon
Typhoon_SDNId2IpPort
Typhoon_GetGlobalCfg
Typhoon_InitSDNRoots
Typhoon_SetSDNDataDirestory
Typhoon_SetSocks5ProxyConfig
Typhoon_GetVersion
Typhoon_SetAppUninitCB
Typhoon_SetAppInitCB
Typhoon_GetMainLoop
Typhoon_SetConnDefaultCfg
Typhoon_GetConnDefaultCfg
Typhoon_SetTyphoonConfig
Typhoon_GetTyphoonConfig
Typhoon_InitUDPSocket
Typhoon_SetConnCallback
Typhoon_GetLicenseInfo
Typhoon_ActiveLicense

ws2_32

bind
WSASend
listen
WSASocketW
getpeername
getsockname
GetAddrInfoW
FreeAddrInfoW
ioctlsocket
closesocket
getsockopt
setsockopt
WSAGetLastError
htonl
htons
WSAStartup
WSASetLastError
socket
ntohl
ntohs
inet_pton
WSAIoctl
WSARecv

kernel32

GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
SetEndOfFile
HeapSize
GetProcessHeap
SetEnvironmentVariableA
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
DeleteFileW
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
HeapReAlloc
GetLogicalProcessorInformation
HeapAlloc
FreeLibraryAndExitThread
ExitThread
CreateThread
SetFileAttributesW
GetFileAttributesExW
GetConsoleCP
SetStdHandle
GetModuleHandleExW
InterlockedFlushSList
InterlockedPushEntrySList
LoadLibraryExW
FreeLibrary
RtlUnwindEx
RaiseException
RtlPcToFileHeader
GetStringTypeW
GetLocaleInfoW
CompareStringW
GetCPInfo
GetTickCount
InitializeCriticalSectionAndSpinCount
DecodePointer
EncodePointer
GetExitCodeThread
CreateTimerQueueTimer
ChangeTimerQueueTimer
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
GetProcessAffinityMask
SetThreadAffinityMask
GetThreadTimes
VirtualAlloc
VirtualFree
VirtualProtect
InterlockedPopEntrySList
QueryDepthSList
LoadLibraryW
HeapFree
DeviceIoControl
GetModuleHandleA
LoadLibraryExA
DebugBreak
FormatMessageA
SetConsoleCursorPosition
WriteConsoleW
CreateFileA
CloseHandle
SetUnhandledExceptionFilter
GetCurrentProcess
GetCurrentProcessId
ExitProcess
GetCurrentThreadId
GetLocalTime
GetModuleFileNameA
GetStdHandle
WriteFile
GetLastError
Sleep
GetDynamicTimeZoneInformation
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetConsoleMode
WriteConsoleA
GetFileAttributesA
MultiByteToWideChar
WideCharToMultiByte
GetACP
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
GetFileType
GetLongPathNameW
GetShortPathNameW
CreateFileW
GetFileAttributesW
GetCurrentDirectoryW
ReadDirectoryChangesW
CreateIoCompletionPort
SetErrorMode
PostQueuedCompletionStatus
CancelIo
SetHandleInformation
RegisterWaitForSingleObject
UnregisterWait
CancelIoEx
SwitchToThread
CreateEventA
SetFileCompletionNotificationModes
VerifyVersionInfoA
SetLastError
SetPriorityClass
GetModuleFileNameW
InitializeCriticalSection
GetVersionExW
FreeEnvironmentStringsW
OpenProcess
QueryPerformanceFrequency
GetSystemInfo
GetPriorityClass
VerSetConditionMask
GetEnvironmentStringsW
CreateDirectoryW
ReadFile
GetFileInformationByHandleEx
FindFirstFileW
GetFileSizeEx
GetFullPathNameW
FindNextFileW
GetDiskFreeSpaceW
RemoveDirectoryW
GetFinalPathNameByHandleW
SetFileTime
ReOpenFile
CreateHardLinkW
FindClose
UnmapViewOfFile
GetFileInformationByHandle
FlushViewOfFile
SetFilePointerEx
CreateFileMappingA
MoveFileExW
CopyFileW
CreateSymbolicLinkW
MapViewOfFile
FlushFileBuffers
SetConsoleCtrlHandler
SleepConditionVariableCS
TryEnterCriticalSection
TlsSetValue
ReleaseSemaphore
WakeConditionVariable
InitializeConditionVariable
WaitForSingleObject
ResumeThread
DuplicateHandle
GetCurrentThread
TlsAlloc
GetNativeSystemInfo
TlsGetValue
TlsFree
CreateSemaphoreA
CreateNamedPipeW
QueueUserWorkItem
CancelSynchronousIo
LocalFree
ConnectNamedPipe
UnregisterWaitEx
LCMapStringW
GetConsoleCursorInfo
SetConsoleCursorInfo
FillConsoleOutputCharacterW
ReadConsoleW
WriteConsoleInputW
FillConsoleOutputAttribute

user32

DispatchMessageA
MapVirtualKeyW
GetMessageA
GetSystemMetrics
TranslateMessage

advapi32

SystemFunction036

iphlpapi

GetAdaptersAddresses

Exports

Exports

?TyphoonProxy_IsInited@@YA_NXZ
?TyphoonProxy_StopUploadSpeedTest@@YAHXZ
TyphoonProxy_ActiveLicense
TyphoonProxy_CheckSdnIsOnline
TyphoonProxy_ConnectToServer
TyphoonProxy_DisableCompress
TyphoonProxy_EnableCompress
TyphoonProxy_GetClientVersion
TyphoonProxy_GetConnectionDropRate
TyphoonProxy_GetConnectionRTT
TyphoonProxy_GetConnectionStatus
TyphoonProxy_GetConnectionStatusCb
TyphoonProxy_GetHttpProxyPort
TyphoonProxy_GetLicenseInfo
TyphoonProxy_GetLocalPortForwardPort
TyphoonProxy_GetMaxAuthSendSpeed
TyphoonProxy_GetNodeId
TyphoonProxy_GetServerInstance
TyphoonProxy_GetSocks5Port
TyphoonProxy_GetTransparentProxyPort
TyphoonProxy_GetUserData
TyphoonProxy_InitClient
TyphoonProxy_InitServer
TyphoonProxy_IsCompressEnabled
TyphoonProxy_RestartSdnRoot
TyphoonProxy_SetConnRecvSpeed
TyphoonProxy_SetConnectionStatusCb
TyphoonProxy_SetMaxSendSpeed
TyphoonProxy_SetMinSendSpeed
TyphoonProxy_SetMss
TyphoonProxy_SetSDNLocalTcpProxyPort
TyphoonProxy_SetUserData
TyphoonProxy_StartDownloadSpeedTest
TyphoonProxy_StartHttpProxy
TyphoonProxy_StartLocalPortForward
TyphoonProxy_StartRemoteHttpProxy
TyphoonProxy_StartRemotePortForward
TyphoonProxy_StartRemoteSocks5Proxy
TyphoonProxy_StartRemoteTransparentProxy
TyphoonProxy_StartSocks5Proxy
TyphoonProxy_StartTrafficForwarding
TyphoonProxy_StartTransparentProxy
TyphoonProxy_StartUploadSpeedTest
TyphoonProxy_StopHttpProxy
TyphoonProxy_StopLocalPortForward
TyphoonProxy_StopSocks5Proxy
TyphoonProxy_StopTransparentProxy
TyphoonProxy_UninitClient
TyphoonProxy_UninitServer
TyphoonProxy_writeLog
TyphoonServerProxy_GetConnectionStatusCb
TyphoonServerProxy_SetConnectionStatusCb

Sections

.text
Size: 639KB - Virtual size: 638KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 227KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 25B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RaySync.dll
.dll windows:6 windows x64 arch:x64

59e4f763eb8c57f2073ccd4a8e8ecdcc

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1e:5f:12:f8:c1:39:b5:b4:4b:62:46:1a:96:22:88:d8
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

16/02/2022, 00:00

Not After

15/02/2025, 23:59

Subject

SERIALNUMBER=91440300761988340L,CN=Shenzhen Rayvision Technology Co.\, Ltd.,O=Shenzhen Rayvision Technology Co.\, Ltd.,ST=Guangdong Sheng,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

46:34:67:fc:78:e5:29:3d:98:89:84:e8:7d:82:7c:02:a4:bd:3a:e7
Signer

Actual PE Digest

46:34:67:fc:78:e5:29:3d:98:89:84:e8:7d:82:7c:02:a4:bd:3a:e7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

F:\project\TyphoonV6_git\cmakeRayLinkRelease\x64\bin\Release\RaySync.pdb

Imports

libauthentication

tm_get_version
tm_set_caPath
init_license
tm_read_current_license

rpcrt4

UuidFromStringA

advapi32

RegEnumValueA
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
RegQueryValueExW
RegGetValueW
RegOpenKeyExW
CryptGenRandom
CryptAcquireContextA
RegEnumKeyExA
RegSetKeyValueA
RegDeleteKeyValueA
RegOpenKeyExA
RegGetValueA
RegCloseKey
CryptEnumProvidersW
RegQueryInfoKeyA
RegDeleteKeyA
RegCreateKeyA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam

ws2_32

FreeAddrInfoW
GetAddrInfoW
WSASetLastError
htonl
htons
ntohl
ntohs
ioctlsocket
closesocket
WSAStartup
WSACleanup
shutdown
WSASocketW
getnameinfo
inet_ntoa
inet_pton
inet_ntop
getsockopt
__WSAFDIsSet
accept
bind
listen
getaddrinfo
getpeername
inet_addr
getsockname
recvfrom
freeaddrinfo
WSASendTo
WSASendMsg
WSASend
WSARecvFrom
WSARecv
WSAIoctl
WSAGetLastError
socket
setsockopt
sendto
send
select
recv
connect

iphlpapi

GetAdaptersInfo
GetIpAddrTable
GetBestRoute
DeleteIpForwardEntry2
GetIpForwardEntry2
SetIpForwardEntry2
ConvertInterfaceLuidToIndex
CreateUnicastIpAddressEntry
InitializeIpForwardEntry
CreateIpNetEntry2
DeleteUnicastIpAddressEntry
InitializeUnicastIpAddressEntry
GetIfTable2Ex
GetUnicastIpAddressTable
CreateIpForwardEntry2
ConvertInterfaceGuidToLuid
ConvertInterfaceLuidToNameA
FreeMibTable
GetAdaptersAddresses

kernel32

OutputDebugStringW
GetLocaleInfoW
RtlPcToFileHeader
RtlUnwindEx
LoadLibraryExW
InterlockedPushEntrySList
InterlockedFlushSList
ExitProcess
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
ExitThread
FreeLibraryAndExitThread
SetStdHandle
GetConsoleCP
GetFileAttributesExW
HeapReAlloc
GetTimeZoneInformation
IsValidLocale
GetUserDefaultLCID
CreateThread
GetLocalTime
GetCurrentProcessId
FreeLibrary
GetProcAddress
LoadLibraryA
GetLastError
GetModuleHandleA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetACP
MultiByteToWideChar
Sleep
DeleteFileA
WideCharToMultiByte
CreateDirectoryA
FormatMessageA
GetModuleFileNameA
SetConsoleCtrlHandler
GetCurrentProcess
WriteFile
InitializeCriticalSectionEx
WaitForSingleObject
GetExitCodeThread
CreateFileA
GetCurrentThread
CloseHandle
RaiseException
DecodePointer
LocalFree
CreateProcessA
FindFirstFileA
FindNextFileA
GetEnvironmentVariableA
FindClose
RemoveDirectoryA
ReadFile
CancelIo
ReleaseSemaphore
DeviceIoControl
WaitForMultipleObjectsEx
GetTickCount64
GetOverlappedResult
CreateSemaphoreA
CreateEventA
lstrlenA
GetSystemTimeAsFileTime
GetTickCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
SleepConditionVariableCS
TryEnterCriticalSection
TlsSetValue
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
ResumeThread
DuplicateHandle
EnumSystemLocalesW
TlsAlloc
GetNativeSystemInfo
TlsGetValue
TlsFree
GetConsoleMode
GetFileType
PostQueuedCompletionStatus
SetLastError
GetModuleFileNameW
GetEnvironmentVariableW
GetVersionExW
FreeEnvironmentStringsW
FileTimeToSystemTime
QueryPerformanceFrequency
GetSystemInfo
GetCurrentDirectoryW
GlobalMemoryStatusEx
GetEnvironmentStringsW
SetErrorMode
GetQueuedCompletionStatus
CreateIoCompletionPort
SetHandleInformation
SetFileCompletionNotificationModes
RegisterWaitForSingleObject
UnregisterWait
CancelIoEx
SwitchToThread
DebugBreak
CreateNamedPipeW
PeekNamedPipe
CreateFileW
QueueUserWorkItem
CancelSynchronousIo
ConnectNamedPipe
FlushFileBuffers
UnregisterWaitEx
LCMapStringW
GetExitCodeProcess
GetLongPathNameW
ReadDirectoryChangesW
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
SetConsoleMode
GetConsoleCursorInfo
SetConsoleCursorInfo
FillConsoleOutputCharacterW
ReadConsoleInputW
ReadConsoleW
WriteConsoleInputW
FillConsoleOutputAttribute
WriteConsoleW
GetNumberOfConsoleInputEvents
SetConsoleCursorPosition
LoadLibraryExA
FindFirstFileW
GetFullPathNameW
FindNextFileW
SetFilePointerEx
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetModuleHandleExW
DeleteFiber
ConvertFiberToThread
LoadLibraryW
ReadConsoleA
HeapAlloc
HeapFree
GetProcessHeap
CompareStringW
GetCPInfo
EncodePointer
GetStringTypeW
HeapSize
FindFirstFileExA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
SetEnvironmentVariableA
SetEndOfFile
CreateTimerQueue
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
GetThreadTimes
VirtualAlloc
VirtualFree
VirtualProtect
InterlockedPopEntrySList
QueryDepthSList
UnhandledExceptionFilter

user32

GetMessageA
GetProcessWindowStation
DispatchMessageA
GetUserObjectInformationW
MessageBoxW
MapVirtualKeyW
GetSystemMetrics
TranslateMessage

shell32

SHGetFolderPathA

ole32

CoInitializeSecurity
StringFromGUID2
CoCreateGuid
CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

VariantInit
VariantClear

shlwapi

PathIsDirectoryA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

bcrypt

BCryptGenRandom

crypt32

CertGetCertificateContextProperty
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CertDuplicateCertificateContext

Exports

Exports

??0ITyPhoonChannel@@QEAA@$$QEAV0@@Z
??0ITyPhoonChannel@@QEAA@AEBV0@@Z
??0ITyPhoonChannel@@QEAA@XZ
??0ITyPhoonConn@@QEAA@AEBV0@@Z
??0ITyPhoonConn@@QEAA@XZ
??0ITyPhoonConnCallBack@@QEAA@$$QEAV0@@Z
??0ITyPhoonConnCallBack@@QEAA@AEBV0@@Z
??0ITyPhoonConnCallBack@@QEAA@XZ
??0ITyPhoonFecTunnel@@QEAA@$$QEAV0@@Z
??0ITyPhoonFecTunnel@@QEAA@AEBV0@@Z
??0ITyPhoonFecTunnel@@QEAA@XZ
??0ITyphoon@@QEAA@AEBV0@@Z
??0ITyphoon@@QEAA@XZ
??0ITyphoonBuff@@QEAA@AEBV0@@Z
??0ITyphoonBuff@@QEAA@XZ
??0ITyphoonConnCfg@@QEAA@XZ
??0IWaitEvent@@QEAA@$$QEAV0@@Z
??0IWaitEvent@@QEAA@AEBV0@@Z
??0IWaitEvent@@QEAA@XZ
??1ITyPhoonConn@@UEAA@XZ
??1ITyphoon@@UEAA@XZ
??1ITyphoonBuff@@UEAA@XZ
??4ITyPhoonChannel@@QEAAAEAV0@$$QEAV0@@Z
??4ITyPhoonChannel@@QEAAAEAV0@AEBV0@@Z
??4ITyPhoonConn@@QEAAAEAV0@AEBV0@@Z
??4ITyPhoonConnCallBack@@QEAAAEAV0@$$QEAV0@@Z
??4ITyPhoonConnCallBack@@QEAAAEAV0@AEBV0@@Z
??4ITyPhoonFecTunnel@@QEAAAEAV0@$$QEAV0@@Z
??4ITyPhoonFecTunnel@@QEAAAEAV0@AEBV0@@Z
??4ITyphoon@@QEAAAEAV0@AEBV0@@Z
??4ITyphoonBuff@@QEAAAEAV0@AEBV0@@Z
??4ITyphoonConnCfg@@QEAAAEAV0@$$QEAV0@@Z
??4ITyphoonConnCfg@@QEAAAEAV0@AEBV0@@Z
??4IWaitEvent@@QEAAAEAV0@$$QEAV0@@Z
??4IWaitEvent@@QEAAAEAV0@AEBV0@@Z
??_7ITyPhoonChannel@@6B@
??_7ITyPhoonConn@@6B@
??_7ITyPhoonConnCallBack@@6B@
??_7ITyPhoonFecTunnel@@6B@
??_7ITyphoon@@6B@
??_7ITyphoonBuff@@6B@
??_7IWaitEvent@@6B@
?CreateTyphoon@@YAPEAVITyphoon@@PEBD0HH@Z
?DestroyTyphoon@@YAXPEAVITyphoon@@@Z
?GetTyphoonCfg@@YAPEAUTyphoonCfg@@XZ
?OnAuthChange@ITyPhoonConnCallBack@@UEAAXPEAVITyPhoonConn@@PEAUTyphoonProxyLicense@@@Z
?OnChannelClose@ITyPhoonConnCallBack@@UEAAXPEAVITyPhoonConn@@PEAVITyPhoonChannel@@W4TYPHOON_CHANNEL_CLOSE_TYPE@@@Z
?OnChannelOpen@ITyPhoonConnCallBack@@UEAAXPEAVITyPhoonConn@@PEAVITyPhoonChannel@@@Z
?OnDataArriveNotify@ITyPhoonConnCallBack@@UEAAXPEAVITyPhoonConn@@PEAVITyPhoonChannel@@@Z
?OnRead@ITyPhoonConnCallBack@@UEAAXPEAVITyPhoonConn@@PEAVITyPhoonChannel@@PEAEH@Z
?OnSDNRouteChange@ITyPhoonConnCallBack@@UEAAXPEAVITyPhoonConn@@W4TYPHOON_SDNPATH_TYPE@@@Z
?OnSentDataAcknowledged@ITyPhoonConnCallBack@@UEAAXPEAVITyPhoonConn@@PEAVITyPhoonChannel@@H@Z
?OnTimer@ITyPhoonConnCallBack@@UEAAIPEAVITyPhoonConn@@@Z
?OnWritable@ITyPhoonConnCallBack@@UEAAXPEAVITyPhoonConn@@PEAVITyPhoonChannel@@@Z
?TyphoonAddr2ZtsId@@YA_KPEBUsockaddr_in@@@Z
?TyphoonCheckSdnIsOnline@@YAHXZ
?TyphoonExitSDN@@YAHXZ
?TyphoonGetNodeId@@YA_KXZ
?TyphoonGlobalInit@@YAXHHH@Z
?TyphoonInitSDN@@YAHXZ
?TyphoonInitSDNRoots@@YAHPEBXI@Z
?TyphoonIsUseSDN@@YA_NXZ
?TyphoonSDNAddRelay@@YAX_K@Z
?TyphoonSDNId2IpPort@@YAXPEAD0HPEAF@Z
?TyphoonSetSDNDataDirestory@@YAHPEAD@Z
?TyphoonSetSDNLocalTcpProxyPort@@YAXG@Z
?TyphoonSetSDNPort@@YAXI@Z
?TyphoonUseSDN@@YAXXZ
?TyphoonZtsId2Addr@@YAX_KPEAUsockaddr_in@@@Z
?Typhoon_GetVersion@ITyphoon@@SAPEADXZ
CreateHTyPhoonConnCallBack
CreateHTyphoon
CreateHTyphoonConn
DestroyHTyPhoonConnCallBack
DestroyHTyphoon
DestroyHTyphoonBuff
DestroyHTyphoonConn
TyPhoonConnCallBack_GetPushData
TyPhoonConnCallBack_SetPushData
TyphoonBuff_GetBuff
TyphoonBuff_GetLen
TyphoonChannel_ChannelId
TyphoonChannel_Close
TyphoonChannel_CompressSend
TyphoonChannel_DisableWritableWatch
TyphoonChannel_EnableWritableWatch
TyphoonChannel_GetUnackedDataLength
TyphoonChannel_GetUserData
TyphoonChannel_GetWritableWatch
TyphoonChannel_IsWritable
TyphoonChannel_OpenByClient
TyphoonChannel_OpenBySelf
TyphoonChannel_OpenByServer
TyphoonChannel_Recv
TyphoonChannel_Send
TyphoonChannel_SendWithAllFunction
TyphoonChannel_SendWithExpiredTime
TyphoonChannel_SendWithMaxCount
TyphoonChannel_SetUserData
TyphoonChannel_Shutdown
TyphoonConn_CloseFecTun
TyphoonConn_ConnectTo
TyphoonConn_ConnectToEx
TyphoonConn_GetChannel
TyphoonConn_GetCompress
TyphoonConn_GetConnCallback
TyphoonConn_GetCurSendSpeed
TyphoonConn_GetDefaultChannel
TyphoonConn_GetFixedSendSpeed
TyphoonConn_GetMaxAuthSendSpeed
TyphoonConn_GetMaxSegmentSize
TyphoonConn_GetMaxSendSpeed
TyphoonConn_GetMinSendSpeed
TyphoonConn_GetPacketLoss
TyphoonConn_GetRecvBuffSize
TyphoonConn_GetRemoteAddr
TyphoonConn_GetSDNViaNode
TyphoonConn_GetSendBuffSize
TyphoonConn_GetStats
TyphoonConn_GetTimeout
TyphoonConn_GetTransferMode
TyphoonConn_GetUserData
TyphoonConn_GetWanAddr
TyphoonConn_IsClient
TyphoonConn_IsConnected
TyphoonConn_IsPacketLossSet
TyphoonConn_IsServer
TyphoonConn_OpenChannel
TyphoonConn_OpenFecTun
TyphoonConn_QueryChannelCount
TyphoonConn_QueryDropRate
TyphoonConn_QueryMaxSegmentSize
TyphoonConn_QueryPeerDropRate
TyphoonConn_QueryPeerRTT
TyphoonConn_QueryRTT
TyphoonConn_SetAuth
TyphoonConn_SetCompress
TyphoonConn_SetConnCallback
TyphoonConn_SetFixedSendSpeed
TyphoonConn_SetMaxSegmentSize
TyphoonConn_SetMaxSendSpeed
TyphoonConn_SetMinSendSpeed
TyphoonConn_SetPacketLoss
TyphoonConn_SetRecvBuffSize
TyphoonConn_SetSDNViaNode
TyphoonConn_SetSendBuffSize
TyphoonConn_SetTimeout
TyphoonConn_SetTransferMode
TyphoonConn_SetUserData
TyphoonConn_ShutdownAllChannels
TyphoonConn_TraverseChannels
TyphoonFecTun_Close
TyphoonFecTun_TunnelId
Typhoon_ActiveLicense
Typhoon_CheckSdnIsOnline
Typhoon_DisableUdpCheckSum
Typhoon_ExitSDN
Typhoon_GetConnDefaultCfg
Typhoon_GetConnectionCount
Typhoon_GetGlobalCfg
Typhoon_GetLicenseInfo
Typhoon_GetLocalAddr
Typhoon_GetMainLoop
Typhoon_GetNodeId
Typhoon_GetSocks5ProxyConfig
Typhoon_GetTyphoonConfig
Typhoon_GetVersion
Typhoon_GlobalInit
Typhoon_InitSDN
Typhoon_InitSDNRoots
Typhoon_InitUDPSocket
Typhoon_IsUseSDN
Typhoon_SDNId2IpPort
Typhoon_SetAppInitCB
Typhoon_SetAppUninitCB
Typhoon_SetCaPath
Typhoon_SetConnCallback
Typhoon_SetConnDefaultCfg
Typhoon_SetRemainingFlow
Typhoon_SetSDNDataDirestory
Typhoon_SetSDNLocalTcpProxyPort
Typhoon_SetSDNPort
Typhoon_SetSocks5ProxyConfig
Typhoon_SetTyphoonConfig
Typhoon_StartWebServer
Typhoon_SynchronizedExecute
Typhoon_UseSDN
ZT_GoodDay
ZT_Node_addLocalInterfaceAddress
ZT_Node_address
ZT_Node_clearLocalInterfaceAddresses
ZT_Node_delete
ZT_Node_deorbit
ZT_Node_freeQueryResult
ZT_Node_hasDirectPath
ZT_Node_join
ZT_Node_leave
ZT_Node_multicastSubscribe
ZT_Node_multicastUnsubscribe
ZT_Node_networkConfig
ZT_Node_networks
ZT_Node_new
ZT_Node_orbit
ZT_Node_peers
ZT_Node_processBackgroundTasks
ZT_Node_processVirtualNetworkFrame
ZT_Node_processWirePacket
ZT_Node_sendUserMessage
ZT_Node_sendUserMessageVia
ZT_Node_setNetconfMaster
ZT_Node_setPhysicalPathConfiguration
ZT_Node_status
ZT_version
start_zt
zts_destory_p2p_connection
zts_exit
zts_get_current_nat_behavior_and_ip
zts_get_node
zts_get_user_message_cb_is_null
zts_init_roots
zts_send_user_message
zts_send_user_message_array
zts_send_user_message_array_via
zts_set_local_tcp_proxy_port
zts_set_log_cb
zts_set_stun_server
zts_set_tcp_relay_server
zts_set_user_message_cb
zts_start_p2p_client
zts_start_p2p_server

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
drivers/RayLinkVisualDisplayDriver/RayLinkVisualDisplayDriver.cat
drivers/RayLinkVisualDisplayDriver/RayLinkVisualDisplayDriver.dll
.dll windows:10 windows x64 arch:x64

a64de16a7e7d20cf410eafe938c3aaba

Code Sign

33:00:00:00:dc:34:1a:52:0f:bb:cf:3d:8c:00:00:00:00:00:dc
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10/03/2022, 19:58

Not After

08/03/2023, 19:58

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1e:5f:12:f8:c1:39:b5:b4:4b:62:46:1a:96:22:88:d8
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

16/02/2022, 00:00

Not After

15/02/2025, 23:59

Subject

SERIALNUMBER=91440300761988340L,CN=Shenzhen Rayvision Technology Co.\, Ltd.,O=Shenzhen Rayvision Technology Co.\, Ltd.,ST=Guangdong Sheng,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d0:a9:2f:25:fa:e1:1b:e5:35:0c:c0:fa:bb:c6:fe:ba:75:a8:4f:23:b0:90:80:61:99:46:38:b0:a8:fd:62:e7
Signer

Actual PE Digest

d0:a9:2f:25:fa:e1:1b:e5:35:0c:c0:fa:bb:c6:fe:ba:75:a8:4f:23:b0:90:80:61:99:46:38:b0:a8:fd:62:e7

Digest Algorithm

sha256

PE Digest Matches

true

d0:a9:2f:25:fa:e1:1b:e5:35:0c:c0:fa:bb:c6:fe:ba:75:a8:4f:23:b0:90:80:61:99:46:38:b0:a8:fd:62:e7
Signer

Actual PE Digest

d0:a9:2f:25:fa:e1:1b:e5:35:0c:c0:fa:bb:c6:fe:ba:75:a8:4f:23:b0:90:80:61:99:46:38:b0:a8:fd:62:e7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\work\raysync\remote_desktop\RayLinkVisualDisplayAdapter\x64\Release\RayLinkVisualDisplayDriver.pdb

Imports

ntdll

DbgPrintEx
RtlPcToFileHeader
RtlUnwindEx

kernel32

CreateThread
InitializeSListHead
DeleteCriticalSection
InitializeCriticalSectionEx
WaitForMultipleObjects
CreateEventW
CreateEventA
WaitForSingleObject
SetEvent
GetLastError
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
RaiseException
CloseHandle
IsDebuggerPresent
SetUnhandledExceptionFilter
EncodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SetLastError
InterlockedFlushSList
__C_specific_handler
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcess

dxgi

CreateDXGIFactory2

d3d11

D3D11CreateDevice

advapi32

GetTraceLoggerHandle
UnregisterTraceGuids
GetTraceEnableLevel
GetTraceEnableFlags
TraceMessage
RegisterTraceGuidsW

wpprecorderum

WppAutoLogStop
WppAutoLogTrace
WppAutoLogStart

avrt

AvRevertMmThreadCharacteristics
AvSetMmThreadCharacteristicsW

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_execute_onexit_table
_invalid_parameter_noinfo_noreturn
abort
_cexit
terminate
_initterm
_seh_filter_dll
_initterm_e

api-ms-win-crt-heap-l1-1-0

malloc
calloc
free
_callnewh

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf

api-ms-win-crt-string-l1-1-0

memset
strcpy_s

Exports

Exports

FxDriverEntryUm

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
drivers/RayLinkVisualDisplayDriver/RayLinkVisualDisplayDriver.inf
drivers/ViGEmBusSetup_x64/ViGEmBus.cat
drivers/ViGEmBusSetup_x64/ViGEmBus.inf
drivers/ViGEmBusSetup_x64/ViGEmBus.sys
.sys windows:10 windows x64 arch:x64

2b05ffaf020d557250850e4af9bda453

Code Sign

33:00:00:00:3a:6a:e3:33:70:8f:da:7a:7b:00:00:00:00:00:3a
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/03/2020, 17:31

Not After

05/03/2021, 17:31

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:e5:78:a8:1b:c9:8e:28:ab:7b:05:b1:91:c9:9a:2d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/02/2019, 00:00

Not After

09/02/2022, 12:00

Subject

SERIALNUMBER=505039f,CN=Nefarius Software Solutions e.U.,O=Nefarius Software Solutions e.U.,L=Wels,C=AT,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024154

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e5:e7:5f:52:42:93:9f:29:a8:85:f2:10:f6:3e:46:5c:12:a3:8d:63:53:c8:5e:f5:6e:12:8a:4f:4f:bf:de:14
Signer

Actual PE Digest

e5:e7:5f:52:42:93:9f:29:a8:85:f2:10:f6:3e:46:5c:12:a3:8d:63:53:c8:5e:f5:6e:12:8a:4f:4f:bf:de:14

Digest Algorithm

sha256

PE Digest Matches

true

e5:e7:5f:52:42:93:9f:29:a8:85:f2:10:f6:3e:46:5c:12:a3:8d:63:53:c8:5e:f5:6e:12:8a:4f:4f:bf:de:14
Signer

Actual PE Digest

e5:e7:5f:52:42:93:9f:29:a8:85:f2:10:f6:3e:46:5c:12:a3:8d:63:53:c8:5e:f5:6e:12:8a:4f:4f:bf:de:14

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\projects\vigembus\bin\x64\ViGEmBus.pdb

Imports

ext-ms-win-ntos-werkernel-l1-1-1

WerLiveKernelCreateReport
WerLiveKernelOpenDumpFile
WerLiveKernelSubmitReport
WerLiveKernelCancelReport
WerLiveKernelCloseHandle

ntoskrnl.exe

PsGetCurrentProcessId
RtlCompareMemory
KeDelayExecutionThread
strcmp
strncpy_s
_vsnprintf
RtlAssert
ZwOpenKey
ZwQueryValueKey
KeCapturePersistentThreadState
ZwWriteFile
NtBuildNumber
PsTerminateSystemThread
RtlCaptureContext
SeTokenIsAdmin
ZwClose
PsCreateSystemThread
KeWaitForSingleObject
KeClearEvent
KeInitializeEvent
_purecall
_vsnwprintf
RtlRandomEx
ExAllocatePoolWithTag
KeSetEvent
IoGetDeviceInterfaces
IoWMIRegistrationControl
RtlCopyUnicodeString
ExFreePoolWithTag
MmGetSystemRoutineAddress
RtlInitUnicodeString
DbgPrintEx

hal

KeQueryPerformanceCounter

wpprecorder.sys

imp_WppRecorderLogCreate
WppAutoLogTrace
WppAutoLogStart
WppAutoLogStop
imp_WppRecorderLogGetDefault
imp_WppRecorderLogDelete
imp_WppRecorderIsDefaultLogAvailable
imp_WppRecorderReplay

wdfldr.sys

WdfVersionBind
WdfVersionUnbind
WdfVersionUnbindClass
WdfVersionBindClass

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
drivers/devcon.exe
.exe windows:10 windows x64 arch:x64

68d7a4b13b38a420769678c927abc196

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1e:5f:12:f8:c1:39:b5:b4:4b:62:46:1a:96:22:88:d8
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

16/02/2022, 00:00

Not After

15/02/2025, 23:59

Subject

SERIALNUMBER=91440300761988340L,CN=Shenzhen Rayvision Technology Co.\, Ltd.,O=Shenzhen Rayvision Technology Co.\, Ltd.,ST=Guangdong Sheng,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ce:5d:ce:61:01:e6:34:d2:11:e2:58:9e:1b:6f:bb:2f:c5:e3:2d:68
Signer

Actual PE Digest

ce:5d:ce:61:01:e6:34:d2:11:e2:58:9e:1b:6f:bb:2f:c5:e3:2d:68

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

devcon.pdb

Imports

advapi32

RegQueryValueExW
InitiateSystemShutdownExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCloseKey
OpenServiceW
RegDeleteValueW
RegSetValueExW
OpenSCManagerW
CloseServiceHandle

kernel32

GetCurrentProcess
FormatMessageW
GetLastError
CloseHandle
LocalFree
FileTimeToSystemTime
LoadLibraryW
GetProcAddress
FreeLibrary
GetDateFormatW
FindFirstFileW
GetFullPathNameW
FindNextFileW
FindClose
GetFileAttributesW
GetWindowsDirectoryW
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Sleep

msvcrt

?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
memset
__iob_func
_initterm
_XcptFilter
free
_callnewh
malloc
wprintf
towupper
wcsrchr
_wcsnicmp
fputs
wcschr
iswalpha
fputws
_wcsicmp
towlower

ole32

CLSIDFromString

setupapi

SetupDiClassNameFromGuidExW
SetupCopyOEMInfW
SetupDiCreateDeviceInfoList
SetupDiGetINFClassW
CM_Connect_MachineW
SetupDiSetClassInstallParamsW
CM_Locate_DevNode_ExW
CM_Disconnect_Machine
CM_Reenumerate_DevNode_Ex
SetupDiSetDeviceRegistryPropertyW
SetupDiBuildClassInfoListExW
SetupDiCreateDeviceInfoW
SetupDiGetDriverInstallParamsW
SetupDiOpenClassRegKeyExW
CM_Free_Log_Conf_Handle
SetupFindFirstLineW
SetupDiSetDeviceInstallParamsW
CM_Free_Res_Des_Handle
SetupOpenInfFileW
SetupDiDestroyDeviceInfoList
SetupDiClassGuidsFromNameExW
CM_Get_Device_ID_ExW
SetupDiGetClassDevsExW
SetupDiGetDeviceInfoListDetailW
SetupDiCreateDeviceInfoListExW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiOpenDeviceInfoW
SetupScanFileQueueW
SetupDiGetClassDescriptionExW
SetupOpenFileQueue
CM_Get_Next_Res_Des_Ex
CM_Get_DevNode_Status_Ex
SetupCloseInfFile
CM_Get_Res_Des_Data_Ex
SetupDiOpenDevRegKey
SetupDiDestroyDriverInfoList
SetupCloseFileQueue
SetupDiGetDeviceInstallParamsW
SetupDiEnumDriverInfoW
SetupDiSetSelectedDriverW
CM_Get_First_Log_Conf_Ex
SetupDiGetDriverInfoDetailW
CM_Get_Res_Des_Data_Size_Ex
SetupDiBuildDriverInfoList
SetupGetStringFieldW
SetupDiCallClassInstaller

user32

CharPrevW
CharNextW
LoadStringW

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
firewall.bat
gpu_list.txt
install-interception.exe
.exe windows:6 windows x86 arch:x86

51850908103fac568ec032763c0d304c

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1e:5f:12:f8:c1:39:b5:b4:4b:62:46:1a:96:22:88:d8
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

16/02/2022, 00:00

Not After

15/02/2025, 23:59

Subject

SERIALNUMBER=91440300761988340L,CN=Shenzhen Rayvision Technology Co.\, Ltd.,O=Shenzhen Rayvision Technology Co.\, Ltd.,ST=Guangdong Sheng,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:02:e1:79:9b:87:a5:75:36:c5:58:00:a1:f1:8f:b4:39:a2:48:9d
Signer

Actual PE Digest

0d:02:e1:79:9b:87:a5:75:36:c5:58:00:a1:f1:8f:b4:39:a2:48:9d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\users\franci~1\docume~1\projects\interc~1\instal~1\exe\objfre_wxp_x86\i386\install-interception.pdb

Imports

advapi32

RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegCreateKeyA
RegDeleteKeyA

kernel32

GetCurrentProcess
GetProcAddress
GetModuleHandleA
GetLastError
MoveFileExA
GetSystemDirectoryA
GetSystemInfo
CloseHandle
FreeResource
WriteFile
CreateFileA
LockResource
LoadResource
SizeofResource
FindResourceA
GetVersionExA
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
RtlUnwind
OutputDebugStringA
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
Sleep

msvcrt

free
_callnewh
malloc
??0bad_cast@@QAE@ABV0@@Z
??1bad_cast@@UAE@XZ
fgetc
fputc
ungetc
fflush
setvbuf
fwrite
fgetpos
fseek
fsetpos
fclose
__iob_func
__crtLCMapStringA
__pctype_func
isupper
___lc_codepage_func
___lc_handle_func
abort
islower
__getmainargs
_cexit
_exit
_XcptFilter
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
__uncaught_exception
memmove
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_controlfp
_errno
__CxxFrameHandler
exit
??0exception@@QAE@XZ
_CxxThrowException
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
memset
memcpy
_stricmp
setlocale

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 424KB - Virtual size: 423KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
interception.dll
.dll windows:6 windows x64 arch:x64

fc13c2509303a1017f557c2e52abb49d

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1e:5f:12:f8:c1:39:b5:b4:4b:62:46:1a:96:22:88:d8
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

16/02/2022, 00:00

Not After

15/02/2025, 23:59

Subject

SERIALNUMBER=91440300761988340L,CN=Shenzhen Rayvision Technology Co.\, Ltd.,O=Shenzhen Rayvision Technology Co.\, Ltd.,ST=Guangdong Sheng,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

00:a0:4f:70:c7:ef:7d:a0:5b:f1:62:d5:f4:c3:59:39:0e:73:ca:9f
Signer

Actual PE Digest

00:a0:4f:70:c7:ef:7d:a0:5b:f1:62:d5:f4:c3:59:39:0e:73:ca:9f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

z:\interception-api\library\objfre_win7_amd64\amd64\interception.pdb

Imports

msvcrt

__C_specific_handler
_amsg_exit
free
_initterm
malloc
_XcptFilter
sprintf

kernel32

DeviceIoControl
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
CreateFileA
HeapAlloc
HeapFree
GetProcessHeap
CreateEventA
WaitForMultipleObjects
CloseHandle
Sleep
QueryPerformanceCounter

Exports

Exports

interception_create_context
interception_destroy_context
interception_get_filter
interception_get_hardware_id
interception_get_precedence
interception_is_invalid
interception_is_keyboard
interception_is_mouse
interception_receive
interception_send
interception_set_filter
interception_set_precedence
interception_wait
interception_wait_with_timeout

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libAuthentication.dll
.dll windows:6 windows x64 arch:x64

06f24a11f470cc38595621d32518291a

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1e:5f:12:f8:c1:39:b5:b4:4b:62:46:1a:96:22:88:d8
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

16/02/2022, 00:00

Not After

15/02/2025, 23:59

Subject

SERIALNUMBER=91440300761988340L,CN=Shenzhen Rayvision Technology Co.\, Ltd.,O=Shenzhen Rayvision Technology Co.\, Ltd.,ST=Guangdong Sheng,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3f:f2:f6:32:a7:66:6f:ef:eb:b2:b2:c3:2e:10:9e:59:dd:35:4d:22
Signer

Actual PE Digest

3f:f2:f6:32:a7:66:6f:ef:eb:b2:b2:c3:2e:10:9e:59:dd:35:4d:22

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

F:\project\TyphoonV6_git\cmakeRayLinkRelease\x64\bin\Release\libAuthentication.pdb

Imports

kernel32

VerSetConditionMask
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryA
VerifyVersionInfoA
GetTickCount
Sleep
MoveFileExA
CloseHandle
WaitForSingleObjectEx
GetStdHandle
GetFileType
ReadFile
GetLastError
PeekNamedPipe
WaitForMultipleObjects
GetEnvironmentVariableA
SetLastError
FormatMessageA
FreeEnvironmentStringsW
MultiByteToWideChar
FileTimeToSystemTime
GetCurrentDirectoryW
WideCharToMultiByte
GetEnvironmentStringsW
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
GetFullPathNameW
WriteFile
SleepEx
FindClose
CreateFileW
SetFilePointerEx
MoveFileExW
FlushFileBuffers
GetConsoleMode
ReadConsoleW
WriteConsoleW
LCMapStringW
HeapSize
RaiseException
SetEndOfFile
DeleteFileW
HeapReAlloc
GetProcessHeap
SetEnvironmentVariableA
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
CompareStringW
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetLocalTime
GetModuleFileNameA
GetTimeZoneInformation
GetACP
GetStringTypeW
HeapAlloc
HeapFree
GetFileAttributesExW
GetConsoleCP
SetStdHandle
FreeLibraryAndExitThread
ExitThread
CreateThread
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
GetModuleHandleExW
ExitProcess
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
RtlUnwindEx
DeleteFileA

wldap32

ord50
ord41
ord211
ord26
ord27
ord32
ord22
ord60
ord143
ord33
ord35
ord79
ord30
ord200
ord301
ord46

advapi32

CryptAcquireContextA
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext

ws2_32

socket
setsockopt
ntohs
htons
getsockopt
WSASetLastError
getpeername
connect
bind
inet_pton
WSAGetLastError
send
recv
closesocket
WSAIoctl
WSAStartup
WSACleanup
accept
htonl
listen
ioctlsocket
__WSAFDIsSet
select
gethostname
sendto
recvfrom
freeaddrinfo
getsockname
getaddrinfo

iphlpapi

GetAdaptersAddresses

Exports

Exports

check_license_for_daily
init_license
offline_get_cfg
str2time
tm_activate_license
tm_delete_license_file
tm_get_version
tm_parse_file
tm_read_config
tm_read_current_license
tm_read_file
tm_set_caPath
tm_write_config
write_offline_config

Sections

.text
Size: 405KB - Virtual size: 404KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msdk.dll
.dll windows:5 windows x64 arch:x64

5c61c4549bf90f4a80091c1adf0da4bd

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1e:5f:12:f8:c1:39:b5:b4:4b:62:46:1a:96:22:88:d8
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

16/02/2022, 00:00

Not After

15/02/2025, 23:59

Subject

SERIALNUMBER=91440300761988340L,CN=Shenzhen Rayvision Technology Co.\, Ltd.,O=Shenzhen Rayvision Technology Co.\, Ltd.,ST=Guangdong Sheng,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e2:d1:64:9e:e9:b4:0c:65:94:fa:16:59:a3:28:23:f8:11:a0:1c:86
Signer

Actual PE Digest

e2:d1:64:9e:e9:b4:0c:65:94:fa:16:59:a3:28:23:f8:11:a0:1c:86

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

setupapi

SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

hid

HidD_GetHidGuid
HidD_GetFeature
HidD_SetFeature
HidD_FreePreparsedData
HidP_GetCaps
HidD_GetPreparsedData

kernel32

SetStdHandle
WriteConsoleW
ReadFile
CreateFileW
GetVersion
HeapSize
CloseHandle
GetTickCount
CreateFileA
LeaveCriticalSection
EnterCriticalSection
Sleep
DeleteCriticalSection
WideCharToMultiByte
InitializeCriticalSection
GetModuleFileNameA
CreateEventA
GetVersionExA
HeapReAlloc
GetLastError
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
RtlUnwindEx
GetCurrentThreadId
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EncodePointer
HeapSetInformation
FlushFileBuffers
HeapCreate
HeapDestroy
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
WriteFile
GetStdHandle
GetModuleFileNameW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsFree
SetLastError
FlsAlloc
LCMapStringW
MultiByteToWideChar
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
RaiseException
LoadLibraryW
SetFilePointer
GetConsoleCP
GetConsoleMode
GetStringTypeW

user32

GetCursorPos

Exports

Exports

M_CapsLockLedState
M_ChkPwStat
M_ChkSupportEnc
M_ChkSupportMdy
M_ChkSupportProdStrMdy
M_Close
M_Delay
M_DelayRandom
M_GetAbsCfg
M_GetCurrMousePos
M_GetCurrMousePos2
M_GetCurrMousePosX
M_GetCurrMousePosY
M_GetDevSn
M_GetVidPid
M_InitParam
M_KeyDown
M_KeyDown2
M_KeyInputString
M_KeyInputStringGBK
M_KeyInputStringUnicode
M_KeyPress
M_KeyPress2
M_KeyState
M_KeyState2
M_KeyUp
M_KeyUp2
M_LeftClick
M_LeftDoubleClick
M_LeftDown
M_LeftUp
M_MiddleClick
M_MiddleDown
M_MiddleUp
M_MouseKeyState
M_MouseWheel
M_MoveR
M_MoveR2
M_MoveTo
M_MoveTo2
M_MoveTo3
M_MoveTo3_D
M_NumLockLedState
M_Open
M_Open_VidPid
M_RandDomNbr
M_RdEncData
M_ReleaseAllKey
M_ReleaseAllMouse
M_ResetMousePos
M_ResetVidPid
M_ResolutionUsed
M_RightClick
M_RightDown
M_RightUp
M_ScanAndOpen
M_ScrollLockLedState
M_SetAbsCfg
M_SetNewVidPid
M_SetParam
M_SetProdStr
M_SetPw
M_SetUserData
M_VerifyPw
M_VerifyUserData
M_WrEncData

Sections

.text
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
resources/background.png
.png
resources/logo.png
.png
resources/progress_background.png
.png
resources/progress_ing.png
.png
resources/progress_logo.png
.png
resources/raylink.png
.png
resources/专业.png
.png
resources/全屏.png
.png
resources/关闭.png
.png
resources/取消.png
.png
resources/受控端断开_背景.png
.png
resources/向下箭头.png
.png
resources/复选框_已选中.png
.png
resources/复选框_未选中.png
.png
resources/屏幕1.png
.png
resources/屏幕2.png
.png
resources/屏幕3.png
.png
resources/屏幕4.png
.png
resources/屏幕5.png
.png
resources/屏幕选中.png
.png
resources/展开菜单.png
.png
resources/帧率_未选中.png
.png
resources/帧率_选中.png
.png
resources/数位板.png
.png
resources/断开连接.png
.png
resources/清晰度_未选中.png
.png
resources/清晰度_选中.png
.png
resources/游戏手柄.png
.png
resources/窗口化.png
.png
resources/网络延时_中.png
.png
resources/网络延时_低.png
.png
resources/网络延时_高.png
.png
resources/网络断开_背景.png
.png
resources/色彩模式_免费.png
.png
resources/色彩模式_未选中.png
.png
resources/色彩模式_选中.png
.png
resources/色彩模式背景.png
.png
resources/虚拟屏_未选中.png
.png
resources/虚拟屏_选中.png
.png
resources/设备_免费.png
.png
resources/设备_未选中.png
.png
resources/设备_选中.png
.png
resources/设备数量背景.png
.png
resources/设备菜单.png
.png
resources/锁定.png
.png
resources/隐私模式_未登录.png
.png
resources/隐私模式_未选中.png
.png
resources/隐私模式_选中.png
.png
server.ini
speedtest.exe
.exe windows:6 windows x64 arch:x64

65fc5ae69f376a245cf092e1e88259e3

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1e:5f:12:f8:c1:39:b5:b4:4b:62:46:1a:96:22:88:d8
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

16/02/2022, 00:00

Not After

15/02/2025, 23:59

Subject

SERIALNUMBER=91440300761988340L,CN=Shenzhen Rayvision Technology Co.\, Ltd.,O=Shenzhen Rayvision Technology Co.\, Ltd.,ST=Guangdong Sheng,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:9a:c2:77:f8:1d:fd:4d:5f:8e:5f:c9:59:10:ad:2c:91:a5:4f:46
Signer

Actual PE Digest

11:9a:c2:77:f8:1d:fd:4d:5f:8e:5f:c9:59:10:ad:2c:91:a5:4f:46

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

getaddrinfo
WSAGetLastError
htons
WSAStartup
WSACleanup
listen
htonl
accept
__WSAFDIsSet
WSAIoctl
WSASetLastError
ntohs
getpeername
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
inet_pton
WSAAddressToStringA
bind
socket
shutdown
setsockopt
sendto
send
select
recvfrom
recv
getsockopt
getsockname
ioctlsocket
connect
closesocket
getnameinfo
freeaddrinfo
gethostname

bcrypt

BCryptOpenAlgorithmProvider
BCryptGenRandom
BCryptCloseAlgorithmProvider

advapi32

CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGenRandom

crypt32

CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
CertCreateCertificateChainEngine
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CryptQueryObject
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
PFXImportCertStore

kernel32

ReadConsoleW
GetConsoleMode
WriteFile
GetStdHandle
ExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
GetFileType
CreateProcessW
GetModuleHandleExW
ExitProcess
GetCommandLineW
GetCommandLineA
RtlUnwindEx
GetConsoleCP
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
SetStdHandle
GetExitCodeProcess
CreatePipe
GetTimeZoneInformation
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
HeapSize
WriteConsoleW
FreeLibrary
LCMapStringA
GetUserDefaultLCID
GetStringTypeExA
Sleep
CloseHandle
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
ReleaseSemaphore
WaitForSingleObject
CreateThread
CreateSemaphoreA
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
FormatMessageA
GetCurrentThreadId
FormatMessageW
WideCharToMultiByte
LocalFree
GetLastError
GetProcAddress
GetModuleHandleW
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
DeleteFileW
FlushFileBuffers
GetFileAttributesW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
RemoveDirectoryW
SetEndOfFile
SetFileAttributesW
SetFilePointerEx
DeviceIoControl
CreateDirectoryExW
AreFileApisANSI
MultiByteToWideChar
SetLastError
InitializeCriticalSectionEx
SleepEx
GetSystemDirectoryA
RtlUnwind
GetTickCount
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
VerSetConditionMask
VerifyVersionInfoW
CreateFileA
GetFileSizeEx
ReadFile
RaiseException
RtlPcToFileHeader
LoadLibraryW
UnregisterWaitEx
LoadLibraryA
GetModuleHandleA
DuplicateHandle
GetCurrentProcess
SwitchToThread
GetCurrentThread
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
InitializeSListHead
SetEvent
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
CreateTimerQueue
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleFileNameW
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList

user32

LoadStringA

shell32

SHGetFolderPathA

iphlpapi

GetAdaptersAddresses

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 478KB - Virtual size: 478KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vigem_client.dll
.dll windows:6 windows x64 arch:x64

f17296366bae4baae51a451fcc8e7173

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1e:5f:12:f8:c1:39:b5:b4:4b:62:46:1a:96:22:88:d8
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

16/02/2022, 00:00

Not After

15/02/2025, 23:59

Subject

SERIALNUMBER=91440300761988340L,CN=Shenzhen Rayvision Technology Co.\, Ltd.,O=Shenzhen Rayvision Technology Co.\, Ltd.,ST=Guangdong Sheng,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

87:0a:e2:35:c5:52:b8:24:ba:f7:9f:2e:ef:a1:f9:78:7c:0c:2d:43
Signer

Actual PE Digest

87:0a:e2:35:c5:52:b8:24:ba:f7:9f:2e:ef:a1:f9:78:7c:0c:2d:43

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

G:\ViGEmClient\lib\dll_release_x64\vigem_client.pdb

Imports

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

kernel32

TerminateProcess
WriteConsoleW
DeviceIoControl
CreateFileW
CreateEventW
GetLastError
SetEvent
CloseHandle
ResetEvent
GetOverlappedResult
HeapReAlloc
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
HeapAlloc
HeapFree
LCMapStringW
GetStdHandle
GetFileType
SetFilePointerEx
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetStdHandle
GetStringTypeW
HeapSize

Exports

Exports

vigem_alloc
vigem_connect
vigem_disconnect
vigem_free
vigem_target_add
vigem_target_add_async
vigem_target_ds4_alloc
vigem_target_ds4_register_notification
vigem_target_ds4_unregister_notification
vigem_target_ds4_update
vigem_target_ds4_update_ex
vigem_target_free
vigem_target_get_index
vigem_target_get_pid
vigem_target_get_type
vigem_target_get_vid
vigem_target_is_attached
vigem_target_is_waitable_add_supported
vigem_target_remove
vigem_target_set_pid
vigem_target_set_vid
vigem_target_x360_alloc
vigem_target_x360_get_user_index
vigem_target_x360_register_notification
vigem_target_x360_unregister_notification
vigem_target_x360_update

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninst.exe.nsis

Sharing

General

Malware Config

Signatures

Files

b34f154ec913d2d2c435cbd644e91687

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

1e:5f:12:f8:c1:39:b5:b4:4b:62:46:1a:96:22:88:d8Certificate

Extended Key Usages

Key Usages

13:e7:96:63:b3:63:2e:28:28:66:04:af:ed:20:69:9f:90:cc:99:7dSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 1KB - Virtual size: 171KB

.ndata Size: - Virtual size: 72KB

.rsrc Size: 206KB - Virtual size: 206KB

db2755f409b81c4dbfc04f648cfb80b9

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 987B

.reloc Size: 512B - Virtual size: 66B

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 867B

.data Size: 512B - Virtual size: 120B

.reloc Size: 1024B - Virtual size: 638B

d1e7cac091c2e57d89d4bb643ace96f4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 742B

.data Size: 512B - Virtual size: 36B

.CRT Size: 512B - Virtual size: 4B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 152B

e8ae730f0a0e0d5cad1f05fe3adb4fbf

Headers

DLL Characteristics

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

1e:5f:12:f8:c1:39:b5:b4:4b:62:46:1a:96:22:88:d8
Certificate

13:e7:96:63:b3:63:2e:28:28:66:04:af:ed:20:69:9f:90:cc:99:7d
Signer

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 1KB - Virtual size: 171KB

.ndata
Size: - Virtual size: 72KB

.rsrc
Size: 206KB - Virtual size: 206KB

.text
Size: 1024B - Virtual size: 987B

.reloc
Size: 512B - Virtual size: 66B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 638B

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 742B

.data
Size: 512B - Virtual size: 36B

.CRT
Size: 512B - Virtual size: 4B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 152B

.text
Size: 337KB - Virtual size: 337KB

.rdata
Size: 177KB - Virtual size: 177KB

.data
Size: 6KB - Virtual size: 9KB

.rsrc
Size: 704KB - Virtual size: 703KB

.reloc
Size: 21KB - Virtual size: 21KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 448B

.text
Size: 323KB - Virtual size: 323KB

.rdata
Size: 73KB - Virtual size: 72KB

.data
Size: 8KB - Virtual size: 35KB

.rsrc
Size: 1024B - Virtual size: 912B

.reloc
Size: 17KB - Virtual size: 17KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

1e:5f:12:f8:c1:39:b5:b4:4b:62:46:1a:96:22:88:d8
Certificate

dd:51:a5:ea:f1:8a:c4:5b:f7:78:d1:d9:6c:48:3a:16:1f:5e:fc:36
Signer