Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
Static task
static1
Behavioral task
behavioral1
Sample
RtkAudUService64.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
RtkAudUService64.exe
Resource
win10v2004-20240508-en
Target
RtkAudUService64.exe
Size
1.9MB
MD5
355ae0a30eeefd977e4fc1672055ead7
SHA1
39894bbd1b145de126addc3b51e0c925f7d93d4f
SHA256
c94a569a29868e107b211bb0a38af684473f2e83aaeb1cb56ac0da0746021648
SHA512
79c67d0d12111455b8c0dbfd1fe4abd122acbc2054baf83e4a6fe6b22443e500f986da4a8bfa5b0187b8b240f193f95b50d98c6696b0a6d72cc51b49f417bcc8
SSDEEP
49152:RfqvCPWOXqPpEJs37Ahx63tHMkUNFrl5kXgdbseKlqev:RqHNpELhxos4qev
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
D:\proj\proj_20240226_RtkAudUService_RemoveRawCondition\RtkAudUService_modify\Release\x64\RtkAudUService64.pdb
SafeArrayUnaccessData
SysFreeString
SafeArrayAccessData
BSTR_UserFree64
SafeArrayPutElement
SafeArrayCreate
LPSAFEARRAY_UserMarshal
SafeArrayCreateVector
LPSAFEARRAY_UserUnmarshal64
BSTR_UserMarshal64
BSTR_UserUnmarshal
LPSAFEARRAY_UserMarshal64
LPSAFEARRAY_UserFree64
LPSAFEARRAY_UserUnmarshal
LoadTypeLibEx
LPSAFEARRAY_UserSize64
BSTR_UserSize
LPSAFEARRAY_UserFree
BSTR_UserUnmarshal64
VariantClear
LPSAFEARRAY_UserSize
SysAllocStringLen
BSTR_UserMarshal
VariantCopy
VariantInit
BSTR_UserFree
BSTR_UserSize64
SysAllocString
NdrClientCall3
NdrServerCallAll
NdrServerCall2
RpcServerUnregisterIf
RpcEpUnregister
NdrCStdStubBuffer2_Release
RpcServerRegisterIf3
RpcBindingVectorFree
RpcServerUseProtseqEpW
NdrCStdStubBuffer_Release
RpcServerInqBindings
NdrStubForwardingFunction
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
NdrOleFree
CStdStubBuffer_AddRef
RpcEpRegisterW
IUnknown_Release_Proxy
CStdStubBuffer_CountRefs
CStdStubBuffer_Connect
CStdStubBuffer_IsIIDSupported
NdrStubCall3
IUnknown_QueryInterface_Proxy
CStdStubBuffer_QueryInterface
NdrOleAllocate
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Invoke
RpcServerListen
CoFreeUnusedLibrariesEx
CoTaskMemAlloc
PropVariantClear
CoSetProxyBlanket
CoInitializeSecurity
StringFromCLSID
CLSIDFromString
CoCreateInstance
CoInitializeEx
CoRevokeClassObject
CoUninitialize
StringFromGUID2
CoGetCurrentProcess
CoGetApartmentType
CoTaskMemFree
CoRegisterClassObject
InitPropVariantFromCLSID
PropVariantToString
HeapFree
GetProcessHeap
HeapReAlloc
HeapDestroy
HeapSize
HeapAlloc
FreeLibrary
LoadResource
SizeofResource
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
LockResource
GetModuleHandleW
LoadStringW
GetProcAddress
FreeResource
FindResourceExW
LoadLibraryW
FindResourceW
lstrcmpA
lstrcmpW
lstrlenW
lstrcpyW
FileTimeToLocalFileTime
GetFileSize
DeleteFileW
QueryDosDeviceW
GetFileAttributesW
WriteFile
CreateFileW
ReadFile
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
GetTimeZoneInformation
FileTimeToSystemTime
GetTimeFormatW
GetDateFormatW
CreateEventW
DeleteCriticalSection
CancelWaitableTimer
WaitForSingleObject
CreateMutexW
InitializeCriticalSection
WaitForSingleObjectEx
LeaveCriticalSection
TryEnterCriticalSection
SetWaitableTimer
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
CreateEventExW
EnterCriticalSection
SetEvent
InitializeCriticalSectionEx
TryAcquireSRWLockExclusive
ResetEvent
GetSystemTimeAsFileTime
GetTickCount
GetLocalTime
GetSystemDirectoryW
GetSystemTime
OpenProcess
IsProcessorFeaturePresent
SetHandleInformation
CloseHandle
SetThreadPriority
CreateThread
GetThreadPriority
CreateProcessW
GetExitCodeProcess
ProcessIdToSessionId
GetStartupInfoW
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
CreateProcessAsUserW
SetProcessShutdownParameters
TerminateProcess
OpenProcessToken
MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW
SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter
SetLastError
GetLastError
RoGetActivationFactory
RoUninitialize
RoInitialize
CreateWaitableTimerW
WaitForMultipleObjects
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsDeleteString
SleepConditionVariableCS
WakeAllConditionVariable
InitOnceExecuteOnce
Sleep
InitializeConditionVariable
RegOpenKeyExW
RegGetValueW
RegDeleteValueW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegEnumKeyExW
RegGetKeySecurity
RegSetKeySecurity
RegEnumValueW
RegQueryInfoKeyW
RegNotifyChangeKeyValue
RegFlushKey
RegSetValueExW
RegDeleteKeyW
RegCreateKeyW
IsDebuggerPresent
OutputDebugStringA
OutputDebugStringW
SHGetFolderPathW
SHGetSpecialFolderPathW
GetProfileIntW
GetSystemMetrics
GetTempPathW
ConnectNamedPipe
CreateNamedPipeW
DisconnectNamedPipe
CreatePipe
FormatMessageW
LCMapStringEx
LocalAlloc
LocalFree
LocalSize
GetSystemPowerStatus
WTSGetActiveConsoleSessionId
InitializeAcl
AddAccessAllowedAceEx
GetAce
GetLengthSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
GetAclInformation
SetSecurityDescriptorDacl
DuplicateTokenEx
SetTokenInformation
CreateWellKnownSid
FreeSid
GetSecurityDescriptorDacl
AdjustTokenPrivileges
DeleteAce
AddAce
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CreateThreadpoolWork
SubmitThreadpoolWork
DeviceIoControl
DeriveCapabilitySidsFromName
SetEntriesInAclW
RegSetKeyValueW
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptEncrypt
BCryptImportKeyPair
BCryptDestroyKey
OpenFileMappingW
ReadProcessMemory
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
MFCreateAttributes
MFEnumDeviceSources
SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
OpenSCManagerW
DeleteService
OpenServiceW
CloseServiceHandle
CreateServiceW
ControlService
QueryServiceStatus
QueryServiceStatusEx
DecodePointer
EncodePointer
FindPackagesByPackageFamily
mmioOpenW
mmioSeek
mmioAscend
mmioWrite
mmioRead
mmioCreateChunk
mmioGetInfo
mmioSetInfo
mmioAdvance
mmioDescend
mmioClose
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
LookupPrivilegeValueW
CreateEnvironmentBlock
QueryFullProcessImageNameW
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW
CertFindCertificateInStore
CertGetNameStringW
CertFreeCertificateContext
CryptDecodeObject
CertCloseStore
CryptQueryObject
CryptMsgGetParam
CryptMsgClose
GetTraceEnableLevel
RegisterTraceGuidsW
GetTraceLoggerHandle
TraceMessage
GetTraceEnableFlags
SetupDiGetDevicePropertyW
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
WTSRegisterSessionNotification
WTSQueryUserToken
WinExec
WriteProfileStringW
ShowWindow
LoadIconW
LoadCursorW
FindWindowExW
SendInput
wsprintfW
GetMessageW
TranslateMessage
DispatchMessageW
RegisterPowerSettingNotification
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
UnregisterDeviceNotification
RegisterDeviceNotificationW
SetTimer
KillTimer
DefWindowProcW
CreateWindowExW
SendMessageW
RegisterClassW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
GetUserNameW
AvSetMmThreadCharacteristicsW
AvRevertMmThreadCharacteristics
NtQueryInformationProcess
_crt_atexit
_cexit
_seh_filter_exe
abort
_set_app_type
_configure_wide_argv
_initialize_wide_environment
_register_onexit_function
_get_wide_winmain_command_line
_initialize_onexit_table
_initterm
_invalid_parameter_noinfo
_resetstkoflw
_invalid_parameter_noinfo_noreturn
_initterm_e
exit
terminate
_exit
_c_exit
_register_thread_local_exe_atexit_callback
_errno
strnlen
isupper
strtok_s
wcscpy_s
toupper
_wcsupr_s
strncmp
wcsspn
wcsncpy
islower
wcsncmp
towupper
wcstok_s
strcspn
__strncnt
_wcsicmp
strcpy_s
_wcsdup
wcscspn
wmemcpy_s
wcsnlen
iswspace
wcscat_s
fread
__p__commode
fputs
fflush
__stdio_common_vsprintf_s
_flushall
__stdio_common_vswprintf
ftell
fwrite
_wfopen_s
__stdio_common_vswprintf_s
_wfsopen
fseek
fgets
fclose
__acrt_iob_func
__stdio_common_vfwprintf
__stdio_common_vfprintf_s
__stdio_common_vsscanf
_set_fmode
ungetwc
fputwc
fgetwc
__stdio_common_vfprintf
ungetc
setvbuf
_get_stream_buffer_pointers
_fseeki64
fsetpos
fputws
fputc
fgetpos
__stdio_common_vsprintf
fgetc
_wtoi
_wtof
wcstoul
wcstol
free
_recalloc
_set_new_mode
_callnewh
malloc
realloc
calloc
frexp
asinf
__setusermatherr
powf
atan2f
sqrtf
log10f
logf
_unlock_locales
localeconv
___mb_cur_max_func
___lc_codepage_func
___lc_locale_name_func
setlocale
_configthreadlocale
_lock_locales
__pctype_func
PathFileExistsW
RtlCaptureContext
RtlUnwind
RtlPcToFileHeader
RtlVirtualUnwind
RtlUnwindEx
RtlLookupFunctionEntry
QueryPerformanceCounter
InitializeSListHead
GetSystemTimePreciseAsFileTime
FlsSetValue
FlsGetValue
FlsAlloc
FlsFree
_unlock_file
_lock_file
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ