Setup_MakeMKV_v1[.]17[.]7[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Setup_MakeMKV_v1.17.7.exe
Size

14.6MB
MD5

edc5d37d591a8a110afd4b49366bd8f8
SHA1

eecb52aa5023604ed3be5102ecaac0af784656ad
SHA256

98268f1ca22130ec95d27c872d7802b74a14de7b52b45ae54d9af10631330e8c
SHA512

7981e2b32354984392eb93d941caa4955b77c634636234524bba00de22215a7653cf6e0c9ee3f94ed5da706c002dd27590a38423d4becf2c8f1e04687ffe554c
SSDEEP

393216:HiYzJQX8dIDsgTIk3NjjeJ/SeH7P730ySQrSrNnliWj:Hig5CbjaQebQ5QrSrniWj

Score

3^/10

Malware Config

Signatures

Unsigned PE 32 IoCs

Checks for missing Authenticode signature.

resource
Setup_MakeMKV_v1.17.7.exe
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/$PLUGINSDIR/StartMenu.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/mmnsis.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/wincdarb_inst.exe
unpack001/$PLUGINSDIR/wincdarb_inst64.exe
unpack001/$PLUGINSDIR/wincdarb_tiny.exe
unpack001/$PLUGINSDIR/wincdarb_tiny64.exe
unpack001/libdriveio.dll
unpack001/libdriveio64.dll
unpack001/libffm.dll
unpack001/libffm64.dll
unpack001/libmakemkv.dll
unpack001/libmakemkv64.dll
unpack001/libmcurl.dll
unpack001/libmcurl64.dll
unpack001/libmmbd.dll
unpack001/libmmbd64.dll
unpack001/libmqt.dll
unpack001/makemkv.exe
unpack001/makemkvcon.exe
unpack001/makemkvcon64.exe
unpack001/mmccextr.exe
unpack001/mmccextr64.exe
unpack001/mmgplsrv.exe
unpack001/mmgplsrv64.exe
unpack001/sdftool.exe
unpack001/sdftool64.exe
unpack001/uninst.exe
unpack002/$PLUGINSDIR/mmnsis.dll

Files

Setup_MakeMKV_v1.17.7.exe
.exe windows:4 windows x86 arch:x86

446b7557e42bfc440d0ca6f8a6a5f455

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
SetFileSecurityW

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy
InitCommonControls

gdi32

CreateBrushIndirect
CreateFontIndirectW
DeleteObject
GetDeviceCaps
SelectObject
SetBkColor
SetBkMode
SetTextColor

kernel32

CloseHandle
CompareFileTime
CopyFileW
CreateDirectoryW
CreateFileW
CreateProcessW
CreateThread
DeleteFileW
ExitProcess
ExpandEnvironmentStringsW
FindClose
FindFirstFileW
FindNextFileW
FreeLibrary
GetCommandLineW
GetCurrentProcess
GetDiskFreeSpaceW
GetExitCodeProcess
GetFileAttributesW
GetFileSize
GetFullPathNameW
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetPrivateProfileStringW
GetProcAddress
GetShortPathNameW
GetSystemDirectoryW
GetTempFileNameW
GetTempPathW
GetTickCount
GetVersion
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryExW
MoveFileExW
MoveFileW
MulDiv
MultiByteToWideChar
ReadFile
RemoveDirectoryW
SearchPathW
SetCurrentDirectoryW
SetEnvironmentVariableW
SetErrorMode
SetFileAttributesW
SetFilePointer
SetFileTime
Sleep
WaitForSingleObject
WideCharToMultiByte
WriteFile
WritePrivateProfileStringW
lstrcatW
lstrcmpW
lstrcmpiA
lstrcmpiW
lstrcpyA
lstrcpynW
lstrlenA
lstrlenW

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

shell32

SHBrowseForFolderW
SHFileOperationW
SHGetFileInfoW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW

user32

AppendMenuW
BeginPaint
CallWindowProcW
CharNextA
CharNextW
CharPrevW
CheckDlgButton
CloseClipboard
CreateDialogParamW
CreatePopupMenu
CreateWindowExW
DefWindowProcW
DestroyWindow
DialogBoxParamW
DispatchMessageW
DrawTextW
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
ExitWindowsEx
FillRect
FindWindowExW
GetClassInfoW
GetClientRect
GetDC
GetDlgItem
GetDlgItemTextW
GetMessagePos
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindowLongW
GetWindowRect
InvalidateRect
IsWindow
IsWindowEnabled
IsWindowVisible
LoadBitmapW
LoadCursorW
LoadImageW
MessageBoxIndirectW
OpenClipboard
PeekMessageW
PostQuitMessage
RegisterClassW
ReleaseDC
ScreenToClient
SendMessageTimeoutW
SendMessageW
SetClassLongW
SetClipboardData
SetCursor
SetDlgItemTextW
SetForegroundWindow
SetTimer
SetWindowLongW
SetWindowPos
SetWindowTextW
ShowWindow
SystemParametersInfoW
TrackPopupMenu
wsprintfA
wsprintfW

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 127KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 512B - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

83778c6090bee55a4824200e5e2486ab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

gdi32

CreateFontIndirectW
DeleteObject
GetDeviceCaps

kernel32

GetModuleHandleW
GlobalAlloc
GlobalFree
MulDiv
MultiByteToWideChar
WideCharToMultiByte
lstrcmpW
lstrcpyW
lstrcpynW
lstrlenW

user32

DialogBoxParamW
EndDialog
GetDC
LoadIconW
SendDlgItemMessageW
SendMessageW
SetDlgItemTextW
SetWindowTextW
ShowWindow
wsprintfW

Exports

Exports

LangDialog

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 73B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

c20327fced07b6e73d2262fc88b11552

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

gdi32

GetTextMetricsW
SelectObject

kernel32

FindClose
FindFirstFileW
FindNextFileW
GetModuleHandleW
GlobalAlloc
GlobalFree
MulDiv
MultiByteToWideChar
WideCharToMultiByte
lstrcatW
lstrcmpW
lstrcmpiW
lstrcpyW
lstrcpynW

ole32

CoTaskMemFree

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation

user32

CallWindowProcW
CheckDlgButton
CreateDialogParamW
DestroyWindow
DispatchMessageW
EnableWindow
GetClientRect
GetDC
GetDlgItem
GetMessageW
GetWindowLongW
GetWindowRect
GetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
LoadIconW
MoveWindow
PostMessageW
ReleaseDC
ScreenToClient
SendMessageW
SetWindowLongW
SetWindowTextW
ShowWindow
TranslateMessage
wsprintfW

Exports

Exports

Init
Select
Show

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 101B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

aff5d9d526a27f56d720fb3ae00a5bc5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleW
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
GlobalAlloc
GlobalFree
GlobalSize
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryW
MultiByteToWideChar
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WideCharToMultiByte
lstrcpyW
lstrcpynW
lstrlenW

msvcrt

_amsg_exit
_initterm
_iob
_lock
_unlock
abort
calloc
free
fwrite
realloc
strlen
strncmp
vfprintf

ole32

CLSIDFromString
StringFromGUID2

user32

wsprintfW

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 992B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 179B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/mmnsis.dll
.dll windows:6 windows x86 arch:x86

8aba81300f0121d09ee4f82973887624

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

nsisdll.dll.pdb

Imports

ntdll

ZwQuerySystemInformation

kernel32

FindFirstFileW
FindNextFileW
GetFileAttributesW
RemoveDirectoryW
CloseHandle
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
WaitForSingleObject
CreateMutexA
Sleep
GetCurrentProcess
ExitProcess
FindClose
ResumeThread
CreateProcessW
VirtualAlloc
VirtualFree
CreateJobObjectW
AssignProcessToJobObject
QueryInformationJobObject
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
SetUnhandledExceptionFilter
DeleteFileW
TerminateProcess
GetExitCodeProcess
RtlUnwind
UnhandledExceptionFilter

user32

MessageBoxA
MessageBoxW

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExW

msvcrt

wcstoul
strchr
_snprintf
wcsrchr
wcslen
wcscpy
strlen
memset
memcpy
memcmp
tolower

Exports

Exports

?AppRunningAndUninstCheck@@YIPBDPAUHWND__@@G_N1@Z
?CheckAndUninstall@@YI_NPAUHWND__@@G_N@Z
?CheckApplicationRunning@@YI_NPAUHWND__@@G_N@Z
?CheckFileExists@@YI_NPB_W@Z
?CheckInstallDir@@YIPBDPAUHWND__@@G_NPB_W@Z
?CheckInstallerRunning@@YI_NPAUHWND__@@G_N@Z
?ExecAndWaitGroup@@YIIPB_WPA_W@Z
?ExecAndWaitSingle@@YIIPAKPB_WPA_W@Z
?FixWinCdArbService@@YIPBDPAUHWND__@@G_N@Z
?FormatPoString@@YIPA_WPB_WPBQBD@Z
?FreeRunningProcessSnapshot@@YIXPAX@Z
?GetMutiPOStrings@@YIPBDIIGPA_WI@Z
?GetRunningProcessSnapshot@@YIPAXXZ
?InstallWinCdArbService@@YIPBDPAUHWND__@@G_N@Z
?IsDirEmptyOrNonexistent@@YI_NPA_W@Z
?IsProcessRunning@@YI_NPAXPBD@Z
?IsWow64@@YI_NXZ
?OnInstallCheck@@YIPBDPAUHWND__@@G_N@Z
?OnUninstCheck@@YIPBDPAUHWND__@@G_N@Z
?PoString@@YIPB_WGI@Z
?RemoveDirectoryRecursive@@YI_NPA_W@Z
?RunWinCdArbServiceInstaller@@YI_NPB_W@Z
?ShowErrorDialogBox@@YIXIPAUHWND__@@G_N@Z
?ThisIsNotAVirus@@YIPBDXZ
?UninstallFinished@@YIPBDPAUHWND__@@G_N@Z
i
t1

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

c442f1649aa0670a32c622fadfcd00bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

comdlg32

CommDlgExtendedError
GetOpenFileNameW
GetSaveFileNameW

gdi32

SetTextColor

kernel32

GetCurrentDirectoryW
GetFileAttributesW
GetProcessHeap
GlobalAlloc
GlobalFree
HeapAlloc
HeapFree
HeapReAlloc
MulDiv
MultiByteToWideChar
SetCurrentDirectoryW
WideCharToMultiByte
lstrcmpiW
lstrcpyW
lstrcpynW
lstrlenW

ole32

CoTaskMemFree

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

user32

CallWindowProcW
CharNextW
CharPrevW
CreateDialogParamW
CreateWindowExW
DestroyWindow
DispatchMessageW
DrawFocusRect
DrawTextW
GetClientRect
GetDlgItem
GetMessageW
GetPropW
GetSysColor
GetWindowLongW
GetWindowRect
GetWindowTextW
IsDialogMessageW
IsWindow
KillTimer
LoadCursorW
MapDialogRect
MapWindowPoints
RemovePropW
SendMessageW
SetCursor
SetPropW
SetTimer
SetWindowLongW
SetWindowPos
ShowWindow
TranslateMessage
wsprintfW

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 363B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/wincdarb_inst.exe
.exe windows:5 windows x86 arch:x86

60a8367536ef23d5dd62d77b052d8404

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wincdarb_inst.exe.pdb

Imports

kernel32

WriteFile
CloseHandle
GetLastError
Sleep
GetCurrentProcess
CreateFileMappingW
MapViewOfFile
GetModuleFileNameW
SetEndOfFile
GetProcAddress
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
ReadFile
GetFileSizeEx
GetFileAttributesW
FlushFileBuffers
CreateFileW
CreateDirectoryW
GetEnvironmentVariableW
SetFilePointer
GetModuleHandleA
InterlockedExchange
InterlockedCompareExchange
RtlUnwind
GetModuleHandleW

advapi32

OpenServiceW
StartServiceW
QueryServiceStatusEx
QueryServiceConfigW
OpenSCManagerA
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfig2W
ChangeServiceConfigW

msvcrt

wcscmp
wcsrchr
fflush
fprintf
fputs
fwprintf
exit
_except_handler3
memcmp
memcpy
memmove
wcslen
__iob_func
__wgetmainargs
_cexit
_exit
_XcptFilter
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_controlfp

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/wincdarb_inst64.exe
.exe windows:5 windows x64 arch:x64

0125fd9e51cf0c952393127434621c46

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wincdarb_inst64.exe.pdb

Imports

kernel32

WriteFile
CloseHandle
GetLastError
Sleep
SetEndOfFile
CreateFileMappingW
MapViewOfFile
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
ReadFile
GetFileSizeEx
GetFileAttributesW
FlushFileBuffers
CreateFileW
CreateDirectoryW
GetEnvironmentVariableW
SetFilePointer
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCurrentProcess

advapi32

StartServiceW
QueryServiceStatusEx
QueryServiceConfigW
OpenServiceW
OpenSCManagerA
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfig2W
ChangeServiceConfigW

msvcrt

wcscmp
wcsrchr
fflush
fprintf
fputs
fwprintf
exit
__C_specific_handler
memcmp
memcpy
memmove
wcslen
__iob_func
__wgetmainargs
_XcptFilter
_exit
_cexit
_initterm
_amsg_exit
__setusermatherr
_commode
_fmode
__set_app_type
?terminate@@YAXXZ

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/wincdarb_tiny.exe
.exe windows:5 windows x86 arch:x86

bab613c5bd1331ab403e8c29959dc45f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wincdarb_tiny.exe.pdb

Imports

ntdll

NtConnectPort
NtCompleteConnectPort
NtAcceptConnectPort
NtReplyWaitReceivePortEx
NtCreatePort
NtOpenFile
NtClose
RtlInitUnicodeString
memset
memcpy
memcmp
strlen

kernel32

LocalFree
InterlockedCompareExchange
InterlockedDecrement
ExitProcess
GetStdHandle
WriteFile
VirtualAlloc
VirtualFree
OpenProcess
GetCurrentProcess
GetLastError
DeviceIoControl
DuplicateHandle
InterlockedIncrement

advapi32

SetEntriesInAclW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/wincdarb_tiny64.exe
.exe windows:5 windows x64 arch:x64

fc20fa9d3174e05ad040ed684b9282c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wincdarb_tiny64.exe.pdb

Imports

ntdll

NtConnectPort
NtCompleteConnectPort
NtAcceptConnectPort
NtReplyWaitReceivePortEx
NtCreatePort
NtOpenFile
NtClose
RtlInitUnicodeString
memset
memcpy
memcmp
strlen

kernel32

LocalFree
DuplicateHandle
DeviceIoControl
ExitProcess
GetStdHandle
WriteFile
VirtualAlloc
VirtualFree
OpenProcess
GetCurrentProcess
GetLastError

advapi32

SetEntriesInAclW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
License.rtf
.rtf
Readme.rtf
.rtf
appdata.tar
blues.jar
.jar
blues.policy
libdriveio.dll
.dll windows:6 windows x86 arch:x86

19fee918c3d501b863b4da1ecbfa6020

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

libdriveio.dll.pdb

Imports

msvcrt

__iob_func
_amsg_exit
_initterm
_XcptFilter
memmove
fputc
fprintf
fflush
strlen
strchr
memset
memcmp
memcpy
malloc
free
vfprintf

kernel32

GetCurrentThreadId
InterlockedCompareExchange
InterlockedExchange
RtlUnwind
LoadLibraryExA
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
GetLastError
RaiseException
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
LoadLibraryA
Sleep
QueryPerformanceCounter
GetCurrentProcessId

Exports

Exports

DriveInfoList_AddItem
DriveInfoList_AddOrUpdateItem
DriveInfoList_Create
DriveInfoList_Deserialize
DriveInfoList_Destroy
DriveInfoList_GetCount
DriveInfoList_GetItem
DriveInfoList_GetItemById
DriveInfoList_GetSerializedChunkInfo
DriveInfoList_GetSerializedChunkSize
DriveInfoList_RemoveItem
DriveInfoList_RemoveItemById
DriveInfoList_Serialize
DriveIoGetDriveId
DriveIoGetDriveInfo
DriveIoGetInquiryData
DriveIoQuery
DriveIoQueryAdd
DriveIoQueryCreate
TIPS_ClientConnect
TIPS_ClientDestroy
TIPS_ServerRun

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 764B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libdriveio64.dll
.dll windows:6 windows x64 arch:x64

8a92240e493fbf7081913e1f8844decf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

libdriveio64.dll.pdb

Imports

msvcrt

__iob_func
__C_specific_handler
_amsg_exit
_initterm
_XcptFilter
memmove
fputc
fprintf
fflush
strlen
strchr
memset
memcmp
memcpy
malloc
free
vfprintf

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
GetLastError
RaiseException
Sleep
LoadLibraryA

Exports

Exports

DriveInfoList_AddItem
DriveInfoList_AddOrUpdateItem
DriveInfoList_Create
DriveInfoList_Deserialize
DriveInfoList_Destroy
DriveInfoList_GetCount
DriveInfoList_GetItem
DriveInfoList_GetItemById
DriveInfoList_GetSerializedChunkInfo
DriveInfoList_GetSerializedChunkSize
DriveInfoList_RemoveItem
DriveInfoList_RemoveItemById
DriveInfoList_Serialize
DriveIoGetDriveId
DriveIoGetDriveInfo
DriveIoGetInquiryData
DriveIoQuery
DriveIoQueryAdd
DriveIoQueryCreate
TIPS_ClientConnect
TIPS_ClientDestroy
TIPS_ServerRun

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libffm.dll
.dll windows:6 windows x86 arch:x86

56c1468de188c49a8a5e8c9e77add990

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

libffm.dll.pdb

Imports

msvcrt

strtol
memcmp
strspn
gmtime
strchr
strncmp
ceil
floor
strcspn
sqrt
pow
sscanf
abs
sin
exp
frexp
bsearch
abort
cos
log
acos
_errno
atan
atan2
cosh
sinh
tan
tanh
_hypot
strtod
strtoul
localtime
mktime
clock
__iob_func
_vsnprintf
_strtoi64
_XcptFilter
_initterm
_amsg_exit
vsprintf
memmove
fputs
fprintf
getenv
strstr
strcpy
realloc
malloc
free
strlen
memcpy
fabs
strcmp
asin
memset
calloc

kernel32

InterlockedCompareExchange
Sleep
InterlockedExchange
RtlUnwind
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
RaiseException

Exports

Exports

aacEncClose
aacEncEncode
aacEncInfo
aacEncOpen
aacEncoder_SetParam
ffm_audio_convert
ffm_audio_convert_alloc
ffm_audio_convert_free
ffm_audio_decode_close
ffm_audio_decode_get_frame
ffm_audio_decode_get_info
ffm_audio_decode_init
ffm_audio_decode_put_data
ffm_audio_encode_close
ffm_audio_encode_get_data
ffm_audio_encode_get_info
ffm_audio_encode_init
ffm_audio_encode_put_frame
ffm_audio_get_codec_information
ffm_audio_mix
ffm_audio_mix_alloc
ffm_audio_mix_free
ffm_avcodec_version3
ffm_get_channel_layout_string
ffm_init
ffm_mlp_checksum16
ffm_mlp_read_syncframe
ffm_mpa_decode_header

Sections

.text
Size: 817KB - Virtual size: 817KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 627KB - Virtual size: 626KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libffm64.dll
.dll windows:6 windows x64 arch:x64

79bf9c4e22bb272c36076cdab90b81ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

libffm64.dll.pdb

Imports

msvcrt

malloc
realloc
strcpy
strstr
getenv
fprintf
fputs
memmove
_errno
strtol
memcmp
strspn
gmtime
strchr
strncmp
ceil
floor
strcspn
sqrtf
pow
sscanf
abs
sin
exp
frexp
bsearch
abort
cos
free
log
logf
ceilf
acos
asin
atan
atan2
cosh
sinh
tan
tanh
_hypot
strtod
strtoul
localtime
mktime
clock
__iob_func
_vsnprintf
_strtoi64
_XcptFilter
_initterm
_amsg_exit
__C_specific_handler
vsprintf
strlen
memcpy
fabs
strcmp
sqrt
memset
calloc

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
Sleep
GetSystemTimeAsFileTime

Exports

Exports

aacEncClose
aacEncEncode
aacEncInfo
aacEncOpen
aacEncoder_SetParam
ffm_audio_convert
ffm_audio_convert_alloc
ffm_audio_convert_free
ffm_audio_decode_close
ffm_audio_decode_get_frame
ffm_audio_decode_get_info
ffm_audio_decode_init
ffm_audio_decode_put_data
ffm_audio_encode_close
ffm_audio_encode_get_data
ffm_audio_encode_get_info
ffm_audio_encode_init
ffm_audio_encode_put_frame
ffm_audio_get_codec_information
ffm_audio_mix
ffm_audio_mix_alloc
ffm_audio_mix_free
ffm_avcodec_version3
ffm_get_channel_layout_string
ffm_init
ffm_mlp_checksum16
ffm_mlp_read_syncframe
ffm_mpa_decode_header

Sections

.text
Size: 991KB - Virtual size: 991KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 678KB - Virtual size: 677KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libmakemkv.dll
.dll windows:6 windows x86 arch:x86

9d10c13b389b4362ab39d609647ff29e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

libmakemkv.dll.pdb

Imports

msvcrt

_errno
realloc
_vsnprintf
_XcptFilter
_amsg_exit
strlen
_time64
_gmtime64
strncat
memmove
strcmp
strcat
strcpy
memset
memcpy
memcmp
_purecall
malloc
free
_initterm
rand

kernel32

Sleep
InterlockedExchange
RtlUnwind
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
RaiseException
InterlockedCompareExchange

Exports

Exports

MkvCreateFile
set_world

Sections

.text
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libmakemkv64.dll
.dll windows:6 windows x64 arch:x64

57ec203fd1f99fcc9f8c30d7fe83174e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

libmakemkv64.dll.pdb

Imports

msvcrt

strcpy
strcat
strcmp
memmove
strncat
_gmtime64
_time64
strlen
_errno
memset
_vsnprintf
_XcptFilter
_initterm
_amsg_exit
__C_specific_handler
memcpy
memcmp
_purecall
malloc
free
realloc
rand

kernel32

GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
Sleep
GetSystemTimeAsFileTime
GetCurrentProcessId

Exports

Exports

MkvCreateFile
set_world

Sections

.text
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libmcurl.dll
.dll windows:6 windows x86 arch:x86

6bdf94aec1ef7f43a726d03fbc93b4ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

libmcurl.dll.pdb

Imports

msvcrt

_amsg_exit
strstr
_initterm
free
malloc
realloc
calloc
memset
memcpy
strlen
fread
fwrite
strcmp
memmove
strchr
strncmp
strrchr
sscanf
time
qsort
memcmp
strcpy
strncpy
_XcptFilter
fseek
tolower
strtol
strtoul
_errno
strpbrk
memchr
fputc
sprintf
_strtoi64
gmtime
strcspn
strspn
strerror
_sys_nerr
isupper
_assert
__iob_func
_vsnprintf
_strdup

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
QueryPerformanceCounter
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetTickCount
InterlockedExchange
Sleep
InterlockedCompareExchange
RaiseException
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryA
GetEnvironmentVariableA
GetLastError
SetLastError
FormatMessageA
VerSetConditionMask
VerifyVersionInfoA
RtlUnwind

advapi32

CryptGenRandom
CryptReleaseContext
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextA

ws2_32

__WSAFDIsSet
select
getaddrinfo
freeaddrinfo
ioctlsocket
listen
closesocket
recv
send
WSAGetLastError
bind
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSASetLastError
WSAIoctl
WSAStartup
WSACleanup
accept
htonl

crypt32

CertFreeCertificateContext
CertEnumCertificatesInStore

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_getinfo
curl_easy_init
curl_easy_perform
curl_easy_reset
curl_easy_setopt
curl_global_cleanup
curl_global_init_mem
curl_slist_append
curl_slist_free_all
curl_version_info
mversion

Sections

.text
Size: 173KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libmcurl64.dll
.dll windows:6 windows x64 arch:x64

a1c1194732de2fc125b914d4bc1cd7b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

libmcurl64.dll.pdb

Imports

msvcrt

_amsg_exit
__C_specific_handler
_XcptFilter
_initterm
malloc
free
realloc
calloc
memset
memcpy
strlen
fread
fwrite
strcmp
memmove
strchr
strncmp
strrchr
sscanf
time
qsort
memcmp
strcpy
strncpy
strstr
fseek
tolower
strtol
strtoul
_errno
strpbrk
memchr
fputc
sprintf
_strtoi64
gmtime
strcspn
strspn
strerror
_sys_nerr
isupper
_assert
__iob_func
_vsnprintf
_strdup

kernel32

Sleep
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
VerSetConditionMask
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryA
GetEnvironmentVariableA
GetLastError
SetLastError
FormatMessageA
VerifyVersionInfoA

advapi32

CryptGetHashParam
CryptReleaseContext
CryptGenRandom
CryptCreateHash
CryptDestroyHash
CryptHashData
CryptAcquireContextA

ws2_32

freeaddrinfo
getaddrinfo
select
__WSAFDIsSet
ioctlsocket
listen
htonl
accept
closesocket
recv
send
WSAGetLastError
bind
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSASetLastError
WSAIoctl
WSAStartup
WSACleanup

crypt32

CertFreeCertificateContext
CertEnumCertificatesInStore

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_getinfo
curl_easy_init
curl_easy_perform
curl_easy_reset
curl_easy_setopt
curl_global_cleanup
curl_global_init_mem
curl_slist_append
curl_slist_free_all
curl_version_info
mversion

Sections

.text
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libmmbd.dll
.dll windows:6 windows x86 arch:x86

4144bbe1ca30a61d19105934e2ba9735

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

libmmbd.dll.pdb

Imports

msvcrt

wcscpy
wcslen
memmove
_vsnwprintf
_errno
__iob_func
_vsnprintf
strcpy
_purecall
memcpy
memset
fprintf
strlen
memcmp
strchr
strtoul
getenv
strcmp
_amsg_exit
_initterm
free
malloc
_XcptFilter
fflush

kernel32

CancelIo
GetOverlappedResult
GetModuleFileNameW
CreateNamedPipeW
ConnectNamedPipe
GetLastError
CloseHandle
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwind
InterlockedExchange
Sleep
InterlockedCompareExchange
WriteFile
WaitForSingleObject
CreateProcessW
GetSystemTimeAsFileTime
GetModuleHandleW
ReadFile
GetFileAttributesW
FlushFileBuffers
CreateFileW
GetEnvironmentVariableW
GetEnvironmentVariableA
GetProcAddress
GetModuleHandleA
VirtualQuery

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

Exports

Exports

aacs_close
aacs_decrypt_bus
aacs_decrypt_unit
aacs_free_rl
aacs_get_basic_cci
aacs_get_bdj_root_cert_hash
aacs_get_bus_encryption
aacs_get_content_cert_id
aacs_get_device_binding_id
aacs_get_device_nonce
aacs_get_disc_id
aacs_get_drl
aacs_get_hrl
aacs_get_mk
aacs_get_mkb_version
aacs_get_pmsn
aacs_get_version
aacs_get_vid
aacs_init
aacs_open
aacs_open2
aacs_open_device
aacs_register_file
aacs_select_title
aacs_set_fopen
bdplus_event
bdplus_fixup
bdplus_free
bdplus_get_code_date
bdplus_get_code_gen
bdplus_init
bdplus_m2ts
bdplus_m2ts_close
bdplus_mmap
bdplus_psr
bdplus_seek
bdplus_set_fopen
bdplus_set_mk
bdplus_set_title
bdplus_start
mmbd_close
mmbd_create_context
mmbd_decrypt_unit
mmbd_destroy_context
mmbd_get_busenc
mmbd_get_disc_id
mmbd_get_mkb_version
mmbd_get_version_string
mmbd_open

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libmmbd64.dll
.dll windows:6 windows x64 arch:x64

5693909afc5ed851c15cff126ecf9a9f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

libmmbd64.dll.pdb

Imports

msvcrt

strcmp
wcscpy
wcslen
memmove
_vsnwprintf
_errno
__iob_func
_vsnprintf
_purecall
memset
fprintf
fflush
strlen
memcmp
strchr
strtoul
getenv
strcpy
__C_specific_handler
_amsg_exit
free
_initterm
malloc
_XcptFilter
memcpy

kernel32

CancelIo
GetOverlappedResult
CreateNamedPipeW
GetModuleFileNameW
ConnectNamedPipe
GetLastError
CloseHandle
Sleep
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
ReadFile
WaitForSingleObject
CreateProcessW
WriteFile
RtlVirtualUnwind
GetFileAttributesW
FlushFileBuffers
CreateFileW
GetEnvironmentVariableW
GetEnvironmentVariableA
GetProcAddress
GetModuleHandleA
VirtualQuery

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

Exports

Exports

aacs_close
aacs_decrypt_bus
aacs_decrypt_unit
aacs_free_rl
aacs_get_basic_cci
aacs_get_bdj_root_cert_hash
aacs_get_bus_encryption
aacs_get_content_cert_id
aacs_get_device_binding_id
aacs_get_device_nonce
aacs_get_disc_id
aacs_get_drl
aacs_get_hrl
aacs_get_mk
aacs_get_mkb_version
aacs_get_pmsn
aacs_get_version
aacs_get_vid
aacs_init
aacs_open
aacs_open2
aacs_open_device
aacs_register_file
aacs_select_title
aacs_set_fopen
bdplus_event
bdplus_fixup
bdplus_free
bdplus_get_code_date
bdplus_get_code_gen
bdplus_init
bdplus_m2ts
bdplus_m2ts_close
bdplus_mmap
bdplus_psr
bdplus_seek
bdplus_set_fopen
bdplus_set_mk
bdplus_set_title
bdplus_start
mmbd_close
mmbd_create_context
mmbd_decrypt_unit
mmbd_destroy_context
mmbd_get_busenc
mmbd_get_disc_id
mmbd_get_mkb_version
mmbd_get_version_string
mmbd_open

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libmqt.dll
.dll windows:6 windows x86 arch:x86

ac0f860e486328efb35685c6b54deb3a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

libmqt.dll.pdb

Imports

kernel32

SetErrorMode
DeviceIoControl
CopyFileW
MoveFileW
MoveFileExW
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
ResetEvent
FormatMessageW
GetTimeZoneInformation
GetGeoInfoW
GetUserGeoID
FlushFileBuffers
GetFileType
CreateDirectoryW
ReadFile
SetEndOfFile
SetFilePointerEx
WriteFile
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
UnregisterWaitEx
RegisterWaitForSingleObject
FindFirstFileExW
FindNextFileW
GetTickCount
LoadLibraryW
GetCurrentDirectoryW
GetConsoleWindow
IsProcessorFeaturePresent
SetFileTime
OutputDebugStringW
GetSystemInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
ResumeThread
TerminateThread
GetThreadPriority
SetThreadPriority
GetCurrentThreadId
GetCurrentThread
CreateThread
GetCurrentProcess
WaitForMultipleObjects
Sleep
WaitForSingleObject
DuplicateHandle
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleFileNameW
GetLocalTime
GetUserDefaultLCID
GetUserDefaultUILanguage
GetCurrencyFormatW
GetLocaleInfoW
GetTimeFormatW
GetUserDefaultLangID
lstrcmpW
GetSystemDirectoryW
GetTempPathW
RemoveDirectoryW
GetLongPathNameW
GetLogicalDrives
GetFullPathNameW
GetFileInformationByHandle
GetFileAttributesExW
GetFileAttributesW
FindFirstFileW
FindClose
DeleteFileW
TerminateProcess
CreateFileW
GetDateFormatW
GetProcAddress
GetModuleHandleW
SetLastError
WideCharToMultiByte
MultiByteToWideChar
GetLastError
CreateEventW
WaitForSingleObjectEx
SetEvent
CloseHandle
LocalFree
GetCurrentProcessId
GetVolumeInformationW
CompareStringW
GlobalSize
GlobalLock
GlobalUnlock
GlobalAlloc
OpenProcess
CheckRemoteDebuggerPresent
CreateProcessW
ExpandEnvironmentStringsW
WTSGetActiveConsoleSessionId
DeleteCriticalSection
InitializeCriticalSection
InterlockedCompareExchange
InterlockedExchange
RtlUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
RaiseException
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection

user32

KillTimer
GetWindowLongW
SetWindowLongW
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
MsgWaitForMultipleObjectsEx
EnableMenuItem
GetDC
ReleaseDC
GetSystemMetrics
GetSysColor
SystemParametersInfoW
DrawIconEx
GetQueueStatus
SetTimer
DestroyWindow
CreateWindowExW
UnregisterClassW
RegisterClassW
DefWindowProcW
PostMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
UpdateLayeredWindow
GetSystemMenu
SetCaretPos
RealGetWindowClassW
EnumWindows
GetWindowTextW
GetAsyncKeyState
GetMessageExtraInfo
TrackMouseEvent
GetClipboardFormatNameW
GetCursorInfo
GetIconInfo
CreateIconIndirect
CreateCursor
LoadCursorW
GetCursor
SetCursorPos
TrackPopupMenuEx
MapVirtualKeyW
ToUnicode
ToAscii
GetKeyboardState
GetKeyState
IsZoomed
GetDoubleClickTime
IsWindow
MessageBeep
GetCaretBlinkTime
GetDesktopWindow
SendMessageW
AttachThreadInput
IsChild
ShowWindow
SetLayeredWindowAttributes
FlashWindowEx
MoveWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
IsWindowVisible
IsIconic
SetFocus
GetCapture
SetCapture
ReleaseCapture
GetMenu
GetForegroundWindow
SetForegroundWindow
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
SetWindowTextW
GetClientRect
GetWindowRect
AdjustWindowRectEx
SetCursor
ClientToScreen
ScreenToClient
GetParent
SetParent
GetWindowThreadProcessId
GetWindow
DestroyCursor
DestroyIcon
MonitorFromPoint
GetAncestor
GetKeyboardLayoutList
GetClassInfoW
RegisterClassExW
GetFocus
GetCursorPos
WindowFromPoint
ChildWindowFromPointEx
GetSysColorBrush
LoadImageW
SetMenu
DrawMenuBar
CreateMenu
CreatePopupMenu
DestroyMenu
InsertMenuW
AppendMenuW
ModifyMenuW
RemoveMenu
TrackPopupMenu
GetMenuItemInfoW
SetMenuItemInfoW
MonitorFromWindow
GetMonitorInfoW
EnumDisplayMonitors
LoadIconW
IsHungAppWindow
SetClipboardViewer
ChangeClipboardChain
RegisterClipboardFormatW
GetKeyboardLayout
RegisterWindowMessageW
IsWindowEnabled
CreateCaret
DestroyCaret
HideCaret
ShowCaret
FindWindowA
CharNextExA

advapi32

GetTokenInformation
GetSidSubAuthority
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
SystemFunction036
RegEnumKeyExW
RegQueryInfoKeyW
GetSidSubAuthorityCount

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
SHGetFileInfoW
SHGetFolderPathW
ShellExecuteW

winmm

timeSetEvent
PlaySoundW
timeKillEvent

ole32

DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
OleGetClipboard
OleSetClipboard
CoInitializeEx
OleUninitialize
ReleaseStgMedium
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
CoCreateGuid
CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemFree
OleInitialize
CoGetMalloc

msvcrt

_errno
pow
log10
_purecall
strchr
strncpy
strcmp
strncmp
memset
memcmp
memcpy
memmove
fabs
fflush
strlen
asin
cos
wcsrchr
??1type_info@@UAE@XZ
_onexit
_endthreadex
malloc
free
abort
_vsnprintf
mktime
_tzset
wcslen
fputs
_wgetenv
sscanf
realloc
getenv
calloc
_tzname
_timezone
floor
_localtime64
strrchr
__argv
__argc
fprintf
memchr
_lock
__dllonexit
printf
isdigit
acos
strstr
isxdigit
toupper
_setjmp3
longjmp
bsearch
setlocale
qsort
strtod
_unlock
_amsg_exit
_initterm
_XcptFilter
__iob_func
atan
_snprintf
exit
_write
_read
fwrite
fseek
fread
fgets
fclose
_open_osfhandle
_close
_fileno
feof
_lseeki64
ftell
wcscmp
strerror
_get_osfhandle
_wchmod
_waccess
_hypot
atan2
ceil
sqrt
sin
wcsncmp

gdi32

SelectObject
CreateCompatibleDC
GetBitmapBits
GetObjectW
DeleteDC
CreateDCW
CreateCompatibleBitmap
GetDeviceCaps
SetLayout
SelectClipRgn
OffsetRgn
DeleteObject
CreateRectRgn
CreateBitmap
BitBlt
GetDIBits
CreateDIBSection
GetRegionData
GdiFlush
CreateFontIndirectW
EnumFontFamiliesExW
GetFontData
GetStockObject
AddFontResourceExW
RemoveFontResourceExW
AddFontMemResourceEx
RemoveFontMemResourceEx
GetTextMetricsW
GetCharABCWidthsW
GetCharABCWidthsFloatW
GetGlyphOutlineW
GetOutlineTextMetricsW
GetTextExtentPoint32W
GetCharABCWidthsI
SetBkMode
SetGraphicsMode
SetTextColor
SetTextAlign
SetWorldTransform
ExtTextOutW
GetTextFaceW
CombineRgn

imm32

ImmGetContext
ImmReleaseContext
ImmAssociateContext
ImmAssociateContextEx
ImmGetCompositionStringW
ImmGetOpenStatus
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetVirtualKey
ImmGetDefaultIMEWnd

oleaut32

SafeArrayCreateVector
SafeArrayPutElement
SysFreeString
SysAllocString

uxtheme

OpenThemeData
GetThemePartSize
GetThemeColor
GetThemeInt
GetThemeEnumValue
GetThemeMargins
GetThemePropertyOrigin
CloseThemeData
ord47
GetThemeBackgroundRegion
IsThemeBackgroundPartiallyTransparent
GetThemeBool
SetWindowTheme
IsThemeActive
IsAppThemed
GetCurrentThemeName

Exports

Exports

aversion002

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 206KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 512B - Virtual size: 277B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
makemkv.exe
.exe windows:5 windows x86 arch:x86

a0c2d9d7970f01ec4c419a38f5fb8c77

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

makemkv.exe.pdb

Imports

libmqt

ord58
ord84
ord85
ord62
ord502
ord394
ord38
ord73
ord350
ord275
ord246
ord302
ord130
ord176
ord420
ord358
ord465
ord464
ord409
ord463
ord150
ord395
ord392
ord482
ord321
ord446
ord258
ord256
ord435
ord100
ord351
ord338
ord344
ord326
ord332
ord518
ord297
ord300
ord222
ord230
ord199
ord304
ord357
ord345
ord391
ord152
ord161
ord97
ord183
ord189
ord186
ord192
ord474
ord259
ord347
ord139
ord313
ord265
ord380
ord470
ord268
ord271
ord225
ord68
ord211
ord42
ord77
ord102
ord421
ord148
ord264
ord376
ord32
ord427
ord51
ord79
ord346
ord523
ord273
ord248
ord40
ord75
ord490
ord480
ord319
ord194
ord335
ord330
ord341
ord324
ord220
ord228
ord354
ord181
ord187
ord184
ord190
ord136
ord158
ord266
ord269
ord202
ord310
ord370
ord362
ord39
ord74
ord451
ord466
ord479
ord318
ord257
ord449
ord201
ord294
ord353
ord135
ord334
ord329
ord340
ord157
ord219
ord227
ord223
ord315
ord477
ord467
ord207
ord515
ord516
ord52
ord80
ord455
ord525
ord311
ord373
ord365
ord53
ord81
ord441
ord436
ord307
ord270
ord204
ord494
ord296
ord299
ord390
ord355
ord336
ord331
ord342
ord325
ord224
ord160
ord182
ord185
ord188
ord191
ord221
ord229
ord473
ord137
ord517
ord163
ord132
ord272
ord267
ord397
ord179
ord34
ord400
ord41
ord76
ord309
ord488
ord404
ord111
ord396
ord393
ord164
ord159
ord203
ord253
ord56
ord286
ord289
ord287
ord290
ord276
ord431
ord141
ord292
ord298
ord327
ord217
ord226
ord312
ord374
ord366
ord55
ord82
ord481
ord320
ord403
ord454
ord416
ord205
ord337
ord343
ord356
ord96
ord198
ord303
ord495
ord138
ord260
ord348
ord48
ord118
ord411
ord242
ord26
ord167
ord240
ord21
ord20
ord448
ord447
ord445
ord171
ord414
ord283
ord439
ord419
ord461
ord552
ord25
ord113
ord35
ord33
ord443
ord408
ord115
ord114
ord105
ord108
ord106
ord503
ord432
ord475
ord47
ord117
ord30
ord69
ord92
ord322
ord238
ord378
ord87
ord88
ord174
ord175
ord120
ord23
ord61
ord60
ord500
ord36
ord72
ord450
ord429
ord387
ord214
ord153
ord57
ord83
ord149
ord422
ord280
ord425
ord172
ord415
ord90
ord377
ord521
ord103
ord212
ord407
ord505
ord506
ord112
ord428
ord168
ord412
ord398
ord284
ord285
ord215
ord146
ord406
ord162
ord166
ord288
ord274
ord145
ord410
ord128
ord206
ord28
ord462
ord478
ord316
ord349
ord180
ord93
ord381
ord293
ord151
ord472
ord388
ord156
ord208
ord247
ord306
ord239
ord147
ord279
ord98
ord244
ord29
ord101
ord382
ord44
ord536
ord528
ord531
ord539
ord547
ord548
ord538
ord550
ord549
ord535
ord529
ord532
ord537
ord542
ord546
ord530
ord533
ord534
ord541
ord544
ord543
ord540
ord491
ord545
ord131
ord483
ord234
ord386
ord122
ord486
ord27
ord67
ord520
ord413
ord402
ord513
ord514
ord417
ord452
ord119
ord308
ord511
ord458
ord126
ord499
ord64
ord86
ord243
ord94
ord50
ord110
ord385
ord263
ord457
ord444
ord442
ord216
ord418
ord169
ord291
ord241
ord140
ord405
ord487
ord109
ord59
ord95
ord46
ord512
ord438
ord460
ord45
ord24
ord144
ord196
ord197
ord63
ord497
ord71
ord317
ord200
ord142
ord389
ord352
ord218
ord134
ord333
ord328
ord339
ord504
ord433
ord305
ord383
ord237
ord127
ord484
ord195
ord426
ord281
ord43
ord453
ord437
ord459
ord116
ord104
ord37
ord78
ord232
ord107
ord476
ord359
ord430
ord323
ord295
ord424
ord519
ord193
ord249
ord372
ord364
ord250
ord19
ord99
ord245
ord369
ord361
ord368
ord360
ord254
ord375
ord367
ord371
ord363
ord252
ord6
ord5
ord4
ord492
ord485
ord434
ord54
ord251
ord278
ord91
ord213
ord423
ord70
ord31
ord154
ord177
ord155
ord170
ord143
ord493
ord399
ord440
ord209
ord469
ord178
ord124
ord236
ord508
ord379
ord49
ord89
ord510

kernel32

GetStartupInfoA
LocalFree
WideCharToMultiByte
GetModuleHandleA
InterlockedCompareExchange
GetCommandLineW
RtlUnwind
InterlockedExchange
GetDiskFreeSpaceExW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
Sleep
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
MapViewOfFile
GetTickCount
GetCurrentProcessId
GetCurrentProcess
WaitForSingleObject
ReleaseSemaphore
CancelIo
GetOverlappedResult
CreateNamedPipeW
ConnectNamedPipe
GetLastError
WriteFile
ReadFile
GetFileAttributesW
FlushFileBuffers
CreateFileW
CreateFileA
GetEnvironmentVariableW
GetEnvironmentVariableA
SetThreadExecutionState
CreateProcessW
CloseHandle
FindResourceW
LockResource
LoadResource

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

ole32

CoInitializeEx
CoCreateInstance

msvcrt

sprintf
memcmp
abs
wcslen
strcpy
strchr
malloc
wcscpy
memmove
_vsnwprintf
_errno
_vsnprintf
__getmainargs
_cexit
strtoul
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_controlfp
_exit
memcpy
strrchr
strlen
strcmp
_purecall
memset

shell32

CommandLineToArgvW

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104.0MB - Virtual size: 104.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
makemkvcon.exe
.exe windows:5 windows x86 arch:x86

4ca00efe9363487a8b074d731ea99874

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

makemkvcon.exe.pdb

Imports

libmakemkv

set_world
MkvCreateFile

libdriveio

DriveIoQueryCreate
TIPS_ClientDestroy
TIPS_ClientConnect
TIPS_ServerRun
DriveIoGetDriveId
DriveInfoList_GetItemById
DriveInfoList_AddOrUpdateItem
DriveIoQueryAdd
DriveInfoList_Serialize
DriveInfoList_AddItem
DriveInfoList_GetItem
DriveInfoList_Create
DriveInfoList_Destroy
DriveInfoList_GetCount

ntdll

ZwOpenFile
ZwQueryObject
ZwQueryVolumeInformationFile
RtlInitUnicodeString
ZwClose
ZwDeviceIoControlFile
ZwOpenSymbolicLinkObject
ZwSetInformationFile
ZwQueryInformationFile
ZwWriteFile
ZwReadFile
ZwQuerySymbolicLinkObject
ZwQueryInformationProcess
ZwConnectPort

shell32

ShellExecuteW

kernel32

GetEnvironmentVariableA
LoadLibraryW
FindClose
FindFirstFileW
DebugBreak
GetModuleFileNameA
CreateFileW
CreateFileMappingW
MapViewOfFile
GetModuleFileNameW
GetEnvironmentVariableW
SleepEx
GlobalMemoryStatusEx
GetSystemInfo
GetTickCount
GetModuleHandleW
GetProcAddress
FormatMessageW
GetUserDefaultLangID
OutputDebugStringA
CloseHandle
GetLastError
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreW
Sleep
GetModuleHandleA
GetTempPathW
GetCurrentProcessId
GetDiskFreeSpaceExA
GetDriveTypeA
GetLogicalDrives
GetVolumeInformationA
CreateDirectoryW
ReadFile
WriteFile
DuplicateHandle
GetOverlappedResult
CancelIo
GetCurrentProcess
ExitProcess
OpenProcess
CreateFileMappingA
GetEnvironmentStringsW
SetHandleInformation
CreatePipe
TerminateProcess
CreateThread
CreateProcessW
DeleteFileW
GetFileInformationByHandle
CopyFileW
MultiByteToWideChar
LoadLibraryA
WaitForSingleObjectEx
SetThreadPriority
GetExitCodeThread
RaiseException
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
VirtualProtect
VirtualQuery
FreeLibrary
LoadLibraryExA
FindNextFileW
GetFileSizeEx
GetFileAttributesW
FlushFileBuffers
VirtualFree
VirtualAlloc
CreateEventW
RtlUnwind
InterlockedCompareExchange
InterlockedExchange
SetFilePointerEx
GetStdHandle
TlsAlloc
PeekNamedPipe
ResetEvent
TlsGetValue
GetProcessHeap
HeapAlloc
TlsSetValue

advapi32

RegOpenKeyExA
GetTokenInformation
RegEnumKeyExA
OpenProcessToken
RegOpenKeyExW
RegSetValueExW
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegEnumValueA
RegDeleteValueA
RegCreateKeyExW
RegCloseKey

user32

MessageBoxA
MessageBoxW

msvcrt

fgets
_fstat64
_close
_lseek
mblen
mbtowc
fwrite
putc
pow
__iob_func
_vsnprintf
__wgetmainargs
_cexit
_exit
_XcptFilter
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_controlfp
_get_osfhandle
_write
_read
gmtime
calloc
_strtoi64
isxdigit
sprintf
isalnum
strncpy
setvbuf
wcscat
isspace
tolower
strncmp
strstr
time
localtime
asctime
toupper
strcat
strtod
memchr
_wopen
_wunlink
_wmkdir
_wstat64
_wcserror
wcslen
strcpy
_memicmp
_errno
_vsnwprintf
free
malloc
strtok
strchr
strrchr
_stricmp
_strdup
strlen
strcmp
memset
memcmp
strtoul
getenv
exit
memcpy
memmove
fputs
fputc
fprintf
fopen
fflush
_purecall
_unlink
_rmdir
_open_osfhandle
realloc
div

libffm

ffm_audio_mix_free
ffm_audio_mix
ffm_mlp_read_syncframe
ffm_audio_encode_get_info
ffm_audio_encode_get_data
ffm_audio_encode_put_frame
ffm_audio_encode_close
ffm_audio_encode_init
ffm_audio_convert
ffm_audio_convert_free
ffm_audio_convert_alloc
ffm_audio_decode_get_info
ffm_audio_decode_get_frame
ffm_audio_decode_put_data
ffm_audio_decode_close
ffm_audio_decode_init
ffm_audio_get_codec_information
ffm_avcodec_version3
ffm_init
ffm_get_channel_layout_string
ffm_mlp_checksum16
ffm_mpa_decode_header
ffm_audio_mix_alloc

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 231KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
makemkvcon64.exe
.exe windows:5 windows x64 arch:x64

7f041d548a586fe58c558ffaad19f2f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

makemkvcon64.exe.pdb

Imports

libmakemkv64

set_world
MkvCreateFile

libdriveio64

DriveIoQueryCreate
TIPS_ClientDestroy
TIPS_ClientConnect
TIPS_ServerRun
DriveIoGetDriveId
DriveInfoList_GetItemById
DriveInfoList_AddOrUpdateItem
DriveIoQueryAdd
DriveInfoList_Serialize
DriveInfoList_AddItem
DriveInfoList_GetItem
DriveInfoList_Create
DriveInfoList_Destroy
DriveInfoList_GetCount

ntdll

ZwOpenFile
ZwQueryObject
ZwQueryVolumeInformationFile
RtlInitUnicodeString
ZwClose
ZwDeviceIoControlFile
ZwOpenSymbolicLinkObject
ZwSetInformationFile
ZwQueryInformationFile
ZwWriteFile
ZwReadFile
ZwQuerySymbolicLinkObject
ZwQueryInformationProcess
ZwConnectPort

shell32

ShellExecuteW

kernel32

GetEnvironmentVariableA
LoadLibraryW
CreateDirectoryW
FindClose
DebugBreak
GetModuleFileNameA
CreateFileW
CreateFileMappingW
MapViewOfFile
GetModuleFileNameW
GetEnvironmentVariableW
SleepEx
GlobalMemoryStatusEx
GetSystemInfo
GetTickCount
GetModuleHandleW
GetProcAddress
FormatMessageW
GetUserDefaultLangID
OutputDebugStringA
CloseHandle
GetLastError
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreW
Sleep
RtlVirtualUnwind
GetModuleHandleA
GetTempPathW
GetCurrentProcessId
GetFileSizeEx
GetDriveTypeA
GetLogicalDrives
GetVolumeInformationA
GetStdHandle
ReadFile
WriteFile
DuplicateHandle
GetOverlappedResult
CancelIo
GetCurrentProcess
ExitProcess
OpenProcess
CreateFileMappingA
GetEnvironmentStringsW
SetHandleInformation
CreatePipe
TerminateProcess
CreateThread
CreateProcessW
DeleteFileW
GetFileInformationByHandle
CopyFileW
MultiByteToWideChar
LoadLibraryA
WaitForSingleObjectEx
SetThreadPriority
GetExitCodeThread
RaiseException
VirtualProtect
VirtualQuery
FreeLibrary
LoadLibraryExA
FindFirstFileW
GetFileAttributesW
FlushFileBuffers
VirtualFree
VirtualAlloc
CreateEventW
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
SetUnhandledExceptionFilter
SetFilePointerEx
GetDiskFreeSpaceExA
TlsAlloc
FindNextFileW
PeekNamedPipe
ResetEvent
GetProcessHeap
HeapAlloc
TlsSetValue
TlsGetValue

advapi32

RegOpenKeyExA
GetTokenInformation
RegEnumKeyExA
OpenProcessToken
RegOpenKeyExW
RegSetValueExW
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegEnumValueA
RegDeleteValueA
RegCreateKeyExW
RegCloseKey

user32

MessageBoxW
MessageBoxA

msvcrt

_fstat64
_close
_lseek
mblen
mbtowc
fwrite
putc
pow
__iob_func
_vsnprintf
__wgetmainargs
__C_specific_handler
_XcptFilter
_exit
_cexit
_initterm
_amsg_exit
__setusermatherr
_commode
_fmode
__set_app_type
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_open_osfhandle
_get_osfhandle
_write
_read
calloc
_strtoi64
isxdigit
sprintf
isalnum
strncpy
setvbuf
wcscat
isspace
tolower
gmtime
strncmp
strstr
time
localtime
asctime
toupper
strcat
strtod
memchr
_wopen
_wunlink
_wmkdir
_wstat64
_wcserror
wcslen
strcpy
memset
_memicmp
_errno
_vsnwprintf
realloc
free
malloc
strtok
strchr
strrchr
_stricmp
_strdup
strlen
strcmp
memcmp
strtoul
exit
memcpy
memmove
fputs
fputc
fprintf
fopen
fflush
_purecall
_unlink
_rmdir
fgets
getenv
div

libffm64

ffm_audio_mix
ffm_audio_mix_free
ffm_mlp_read_syncframe
ffm_audio_encode_get_info
ffm_audio_encode_get_data
ffm_audio_encode_put_frame
ffm_audio_encode_close
ffm_audio_encode_init
ffm_audio_convert
ffm_audio_convert_free
ffm_audio_convert_alloc
ffm_audio_decode_get_info
ffm_audio_decode_get_frame
ffm_audio_decode_put_data
ffm_audio_decode_close
ffm_audio_decode_init
ffm_audio_get_codec_information
ffm_avcodec_version3
ffm_init
ffm_get_channel_layout_string
ffm_mlp_checksum16
ffm_mpa_decode_header
ffm_audio_mix_alloc

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mmccextr.exe
.exe windows:5 windows x86 arch:x86

36253782b2d2aea50e875630b7666b66

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mmccextr.exe.pdb

Imports

kernel32

FlushFileBuffers
Sleep
RaiseException
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwind
InterlockedCompareExchange
InterlockedExchange
GetModuleHandleA

msvcrt

time
setlocale
fflush
fprintf
vfprintf
toupper
tolower
malloc
strlen
memset
sprintf
realloc
memcpy
fclose
fopen
fwrite
strerror
_lseeki64
_open
_get_osfhandle
bsearch
strcpy
strcat
strtok
isupper
exit
strcmp
memmove
memcmp
fgets
atoi
strtol
strchr
strncmp
strstr
isdigit
__iob_func
_strdup
_close
_stricmp
_write
_read
_unlink
_fileno
_setmode
__getmainargs
_cexit
_exit
_XcptFilter
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_controlfp
free
_errno
printf

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mmccextr64.exe
.exe windows:5 windows x64 arch:x64

6649b4193da34586611cc37e005540c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

mmccextr64.exe.pdb

Imports

kernel32

FlushFileBuffers
Sleep
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime

msvcrt

fflush
fprintf
vfprintf
toupper
tolower
malloc
strlen
memset
sprintf
realloc
fclose
fopen
fwrite
strerror
_lseeki64
_open
_get_osfhandle
bsearch
strcpy
strcat
strtok
isupper
strcmp
memmove
memcmp
fgets
atoi
strtol
setlocale
strncmp
strstr
isdigit
__iob_func
_strdup
_close
_stricmp
_write
_read
_unlink
_fileno
_setmode
__getmainargs
__C_specific_handler
_XcptFilter
_exit
_cexit
_initterm
_amsg_exit
__setusermatherr
_commode
_fmode
__set_app_type
?terminate@@YAXXZ
memcpy
time
free
exit
_errno
printf
strchr

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 508B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mmgplsrv.exe
.exe windows:5 windows x86 arch:x86

e5dee6566967cfe3f76b34194484bbe0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mmgplsrv.exe.pdb

Imports

kernel32

GetSystemTimeAsFileTime
GetTickCount
GetCurrentProcessId
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
QueryPerformanceCounter
UnhandledExceptionFilter
GetStdHandle
WaitForSingleObject
CancelIo
GetOverlappedResult
GetLastError
CloseHandle
WriteFile
ReadFile
GetModuleHandleA
RtlUnwind
InterlockedCompareExchange
Sleep
InterlockedExchange

msvcrt

?terminate@@YAXXZ
_controlfp
memcmp
_lock
__dllonexit
_unlock
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_XcptFilter
_exit
_cexit
__getmainargs
_vsnprintf
__iob_func
exit
fprintf
fflush
_open
_write
_close
memset
malloc
free
getenv
memcpy
memmove
strcmp
_onexit
vfprintf
calloc
sprintf
abort
rand
strchr
isprint
_strdup
strncmp

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mmgplsrv64.exe
.exe windows:5 windows x64 arch:x64

22fbdea442ef39abbc9b9923c17cac1e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

mmgplsrv64.exe.pdb

Imports

kernel32

GetStdHandle
WaitForSingleObject
CancelIo
GetOverlappedResult
GetLastError
CloseHandle
WriteFile
ReadFile
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
Sleep

msvcrt

?terminate@@YAXXZ
memcmp
_lock
__dllonexit
_unlock
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
_cexit
_exit
_XcptFilter
__C_specific_handler
__getmainargs
_vsnprintf
__iob_func
exit
fprintf
fflush
_open
_write
_close
memset
malloc
free
getenv
memcpy
memmove
strcmp
_onexit
vfprintf
calloc
sprintf
abort
rand
strchr
isprint
_strdup
strncmp

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sdftool.exe
.exe windows:5 windows x86 arch:x86

9d2c65a3f51286cd1dce17a2f9086e63

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

sdftool.exe.pdb

Imports

ntdll

ZwQuerySymbolicLinkObject
ZwConnectPort
ZwDeviceIoControlFile
ZwOpenFile
ZwQueryObject
RtlInitUnicodeString
ZwClose
ZwOpenSymbolicLinkObject

kernel32

GetProcessHeap
HeapAlloc
LoadLibraryA
ReadFile
SetFilePointerEx
CloseHandle
DuplicateHandle
GetLastError
GetCurrentProcess
Sleep
CancelIo
CreateEventW
ResetEvent
WaitForSingleObject
GetSystemInfo
ReleaseSemaphore
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
RaiseException
VirtualProtect
VirtualQuery
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExA
GetModuleHandleA
CreateSemaphoreW
VirtualAlloc
RtlUnwind
InterlockedCompareExchange
InterlockedExchange
SleepEx

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

msvcrt

fputc
fputs
memcmp
strcmp
strlen
strchr
strncmp
strtoul
exit
_errno
memcpy
strcpy
strrchr
setvbuf
free
malloc
_fstat64
_close
_lseek
_read
memmove
memchr
_write
_get_osfhandle
_vsnwprintf
_wstat64
_wmkdir
_wopen
_memicmp
wcslen
mblen
mbtowc
fwrite
putc
__iob_func
_vsnprintf
_strdup
__wgetmainargs
_cexit
_exit
_XcptFilter
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_controlfp
memset
fprintf
fflush
fgets
_purecall
getenv

Sections

.text
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sdftool64.exe
.exe windows:5 windows x64 arch:x64

d56e4fa0cf24c5955d143f9abe51c623

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

sdftool64.exe.pdb

Imports

ntdll

ZwQuerySymbolicLinkObject
ZwConnectPort
ZwDeviceIoControlFile
ZwOpenFile
ZwQueryObject
RtlInitUnicodeString
ZwClose
ZwOpenSymbolicLinkObject

kernel32

GetProcessHeap
HeapAlloc
LoadLibraryA
ReadFile
SetFilePointerEx
CloseHandle
DuplicateHandle
GetLastError
GetCurrentProcess
Sleep
ReleaseSemaphore
CreateEventW
ResetEvent
WaitForSingleObject
GetSystemInfo
VirtualAlloc
VirtualFree
RaiseException
VirtualProtect
VirtualQuery
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExA
GetSystemTimeAsFileTime
CreateSemaphoreW
CancelIo
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
SleepEx

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

msvcrt

memcmp
strcmp
strlen
strchr
strncmp
strtoul
_purecall
_errno
memcpy
strcpy
strrchr
fputc
free
malloc
_fstat64
_close
_lseek
setvbuf
memmove
memchr
_write
_get_osfhandle
_vsnwprintf
_wstat64
_wmkdir
_wopen
_memicmp
wcslen
mblen
mbtowc
fwrite
putc
__iob_func
_vsnprintf
_strdup
__wgetmainargs
__C_specific_handler
_XcptFilter
_exit
_cexit
_initterm
_amsg_exit
__setusermatherr
_commode
_fmode
__set_app_type
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
fgets
exit
memset
fprintf
fflush
fputs
getenv
_read

Sections

.text
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 364B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninst.exe
.exe windows:4 windows x86 arch:x86

446b7557e42bfc440d0ca6f8a6a5f455

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
SetFileSecurityW

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy
InitCommonControls

gdi32

CreateBrushIndirect
CreateFontIndirectW
DeleteObject
GetDeviceCaps
SelectObject
SetBkColor
SetBkMode
SetTextColor

kernel32

CloseHandle
CompareFileTime
CopyFileW
CreateDirectoryW
CreateFileW
CreateProcessW
CreateThread
DeleteFileW
ExitProcess
ExpandEnvironmentStringsW
FindClose
FindFirstFileW
FindNextFileW
FreeLibrary
GetCommandLineW
GetCurrentProcess
GetDiskFreeSpaceW
GetExitCodeProcess
GetFileAttributesW
GetFileSize
GetFullPathNameW
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetPrivateProfileStringW
GetProcAddress
GetShortPathNameW
GetSystemDirectoryW
GetTempFileNameW
GetTempPathW
GetTickCount
GetVersion
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryExW
MoveFileExW
MoveFileW
MulDiv
MultiByteToWideChar
ReadFile
RemoveDirectoryW
SearchPathW
SetCurrentDirectoryW
SetEnvironmentVariableW
SetErrorMode
SetFileAttributesW
SetFilePointer
SetFileTime
Sleep
WaitForSingleObject
WideCharToMultiByte
WriteFile
WritePrivateProfileStringW
lstrcatW
lstrcmpW
lstrcmpiA
lstrcmpiW
lstrcpyA
lstrcpynW
lstrlenA
lstrlenW

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

shell32

SHBrowseForFolderW
SHFileOperationW
SHGetFileInfoW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW

user32

AppendMenuW
BeginPaint
CallWindowProcW
CharNextA
CharNextW
CharPrevW
CheckDlgButton
CloseClipboard
CreateDialogParamW
CreatePopupMenu
CreateWindowExW
DefWindowProcW
DestroyWindow
DialogBoxParamW
DispatchMessageW
DrawTextW
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
ExitWindowsEx
FillRect
FindWindowExW
GetClassInfoW
GetClientRect
GetDC
GetDlgItem
GetDlgItemTextW
GetMessagePos
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindowLongW
GetWindowRect
InvalidateRect
IsWindow
IsWindowEnabled
IsWindowVisible
LoadBitmapW
LoadCursorW
LoadImageW
MessageBoxIndirectW
OpenClipboard
PeekMessageW
PostQuitMessage
RegisterClassW
ReleaseDC
ScreenToClient
SendMessageTimeoutW
SendMessageW
SetClassLongW
SetClipboardData
SetCursor
SetDlgItemTextW
SetForegroundWindow
SetTimer
SetWindowLongW
SetWindowPos
SetWindowTextW
ShowWindow
SystemParametersInfoW
TrackPopupMenu
wsprintfA
wsprintfW

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 127KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 512B - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/mmnsis.dll
.dll windows:6 windows x86 arch:x86

8aba81300f0121d09ee4f82973887624

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

nsisdll.dll.pdb

Imports

ntdll

ZwQuerySystemInformation

kernel32

FindFirstFileW
FindNextFileW
GetFileAttributesW
RemoveDirectoryW
CloseHandle
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
WaitForSingleObject
CreateMutexA
Sleep
GetCurrentProcess
ExitProcess
FindClose
ResumeThread
CreateProcessW
VirtualAlloc
VirtualFree
CreateJobObjectW
AssignProcessToJobObject
QueryInformationJobObject
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
SetUnhandledExceptionFilter
DeleteFileW
TerminateProcess
GetExitCodeProcess
RtlUnwind
UnhandledExceptionFilter

user32

MessageBoxA
MessageBoxW

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExW

msvcrt

wcstoul
strchr
_snprintf
wcsrchr
wcslen
wcscpy
strlen
memset
memcpy
memcmp
tolower

Exports

Exports

?AppRunningAndUninstCheck@@YIPBDPAUHWND__@@G_N1@Z
?CheckAndUninstall@@YI_NPAUHWND__@@G_N@Z
?CheckApplicationRunning@@YI_NPAUHWND__@@G_N@Z
?CheckFileExists@@YI_NPB_W@Z
?CheckInstallDir@@YIPBDPAUHWND__@@G_NPB_W@Z
?CheckInstallerRunning@@YI_NPAUHWND__@@G_N@Z
?ExecAndWaitGroup@@YIIPB_WPA_W@Z
?ExecAndWaitSingle@@YIIPAKPB_WPA_W@Z
?FixWinCdArbService@@YIPBDPAUHWND__@@G_N@Z
?FormatPoString@@YIPA_WPB_WPBQBD@Z
?FreeRunningProcessSnapshot@@YIXPAX@Z
?GetMutiPOStrings@@YIPBDIIGPA_WI@Z
?GetRunningProcessSnapshot@@YIPAXXZ
?InstallWinCdArbService@@YIPBDPAUHWND__@@G_N@Z
?IsDirEmptyOrNonexistent@@YI_NPA_W@Z
?IsProcessRunning@@YI_NPAXPBD@Z
?IsWow64@@YI_NXZ
?OnInstallCheck@@YIPBDPAUHWND__@@G_N@Z
?OnUninstCheck@@YIPBDPAUHWND__@@G_N@Z
?PoString@@YIPB_WGI@Z
?RemoveDirectoryRecursive@@YI_NPA_W@Z
?RunWinCdArbServiceInstaller@@YI_NPB_W@Z
?ShowErrorDialogBox@@YIXIPAUHWND__@@G_N@Z
?ThisIsNotAVirus@@YIPBDXZ
?UninstallFinished@@YIPBDPAUHWND__@@G_N@Z
i
t1

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

446b7557e42bfc440d0ca6f8a6a5f455

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

comctl32

gdi32

kernel32

ole32

shell32

user32

Sections

.text Size: 37KB - Virtual size: 36KB

.data Size: 512B - Virtual size: 192B

.rdata Size: 28KB - Virtual size: 27KB

.bss Size: - Virtual size: 127KB

.idata Size: 5KB - Virtual size: 4KB

.ndata Size: 512B - Virtual size: 204KB

.rsrc Size: 184KB - Virtual size: 184KB

83778c6090bee55a4824200e5e2486ab

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

kernel32

user32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 512B - Virtual size: 116B

.bss Size: - Virtual size: 6KB

.edata Size: 512B - Virtual size: 73B

.idata Size: 1024B - Virtual size: 776B

.rsrc Size: 512B - Virtual size: 344B

.reloc Size: 512B - Virtual size: 300B

c20327fced07b6e73d2262fc88b11552

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

kernel32

ole32

shell32

user32

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 1024B - Virtual size: 548B

.bss Size: - Virtual size: 10KB

.edata Size: 512B - Virtual size: 101B

.idata Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 296B

.reloc Size: 512B - Virtual size: 468B

aff5d9d526a27f56d720fb3ae00a5bc5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

ole32

user32

Exports

Exports

Sections

.text Size: 17KB - Virtual size: 17KB

.data Size: 512B - Virtual size: 52B

.rdata Size: 2KB - Virtual size: 2KB

.bss Size: - Virtual size: 992B

.edata Size: 512B - Virtual size: 179B

.text
Size: 37KB - Virtual size: 36KB

.data
Size: 512B - Virtual size: 192B

.rdata
Size: 28KB - Virtual size: 27KB

.bss
Size: - Virtual size: 127KB

.idata
Size: 5KB - Virtual size: 4KB

.ndata
Size: 512B - Virtual size: 204KB

.rsrc
Size: 184KB - Virtual size: 184KB

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 512B - Virtual size: 116B

.bss
Size: - Virtual size: 6KB

.edata
Size: 512B - Virtual size: 73B

.idata
Size: 1024B - Virtual size: 776B

.rsrc
Size: 512B - Virtual size: 344B

.reloc
Size: 512B - Virtual size: 300B

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 1024B - Virtual size: 548B

.bss
Size: - Virtual size: 10KB

.edata
Size: 512B - Virtual size: 101B

.idata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 512B - Virtual size: 468B

.text
Size: 17KB - Virtual size: 17KB

.data
Size: 512B - Virtual size: 52B

.rdata
Size: 2KB - Virtual size: 2KB

.bss
Size: - Virtual size: 992B

.edata
Size: 512B - Virtual size: 179B

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 8B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 904B

.reloc
Size: 1024B - Virtual size: 564B

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 512B - Virtual size: 468B

.bss
Size: - Virtual size: 8KB

.edata
Size: 512B - Virtual size: 363B

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 144B

.reloc
Size: 1024B - Virtual size: 516B

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 916B

.rsrc
Size: 1024B - Virtual size: 760B

.reloc
Size: 1024B - Virtual size: 584B

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 5KB - Virtual size: 5KB