876826c9835e0ab6a331b423279d55cf69905c3fc8a46fd12dfb3e6fce40a1d5

Sharing

Copy URL Twitter E-mail

General

Target

876826c9835e0ab6a331b423279d55cf69905c3fc8a46fd12dfb3e6fce40a1d5
Size

18.3MB
MD5

e99e4a73714721d4c3478f7857f0bf9a
SHA1

8687c18c409a79ff454941f07bfa73cbb3078d3b
SHA256

876826c9835e0ab6a331b423279d55cf69905c3fc8a46fd12dfb3e6fce40a1d5
SHA512

c0b35bf1a063861ca6d65d2ab08cbc6a3a4d4962bcd080e5c5d7ecc7a871cc307fb94bb7f223b3a144173f7ecc71b106a2b408f0c696a7233e2c2901ef2b63b2
SSDEEP

393216:Q1h/8xITB9BTonLB2q3rsIieHsAsRH3PRG3wz33b4vrRFSxbmSnwgsbswnst:Sh/4IN9BToUq3rsIieHs93IO89FSxTsq

Score

9^/10

Malware Config

Signatures

Detected Nirsoft tools 2 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

resource	yara_rule
static1/unpack001/Realtek-UAD-generic/nircmd.exe	Nirsoft
static1/unpack001/Realtek-UAD-generic/nircmdc.exe	Nirsoft

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Realtek-UAD-generic/Win64/Realtek/Codec_9310/RTKVHD64.sys
unpack001/Realtek-UAD-generic/Win64/Realtek/Codec_9356/RTKVHD64.sys
unpack001/Realtek-UAD-generic/nircmd.exe
unpack001/Realtek-UAD-generic/nircmdc.exe

Files

876826c9835e0ab6a331b423279d55cf69905c3fc8a46fd12dfb3e6fce40a1d5
.7z
Realtek-UAD-generic/README.md
Realtek-UAD-generic/Win64/Realtek/Codec_9310/HDXRT.inf
Realtek-UAD-generic/Win64/Realtek/Codec_9310/HDXRTSST.inf
Realtek-UAD-generic/Win64/Realtek/Codec_9310/HDXRTU.CAT
Realtek-UAD-generic/Win64/Realtek/Codec_9310/RTAIODAT.DAT
Realtek-UAD-generic/Win64/Realtek/Codec_9310/RTKVHD64.sys
.sys windows:6 windows x64 arch:x64

9f052ee9282cdcc7c6e4d563d9c85f92

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

e:\builddriver\tempcode\objfre_wlh_amd64\amd64\RTKVHD64.pdb

Imports

ntoskrnl.exe

KeWaitForMultipleObjects
EtwRegister
PoRequestPowerIrp
ObfDereferenceObject
IoBuildDeviceIoControlRequest
IoInvalidateDeviceRelations
IoAllocateErrorLogEntry
wcsstr
ObReferenceObjectByHandle
IoAllocateWorkItem
PsCreateSystemThread
MmMapLockedPagesSpecifyCache
IoGetDeviceObjectPointer
KeResetEvent
DbgBreakPoint
ExSystemTimeToLocalTime
IoBuildSynchronousFsdRequest
KeReleaseSemaphore
ExReleaseFastMutex
ZwQueryValueKey
IofCallDriver
IoFreeIrp
IoFreeWorkItem
ExCreateCallback
ZwClose
RtlTimeToTimeFields
EtwWrite
KeInitializeEvent
IoAllocateIrp
IoWriteErrorLogEntry
IoQueueWorkItem
RtlQueryRegistryValues
IoGetDeviceInterfaces
ExRegisterCallback
RtlFreeUnicodeString
RtlGUIDFromString
RtlCompareUnicodeString
ZwDeleteValueKey
ZwSetValueKey
IoRegisterDeviceInterface
KeBugCheckEx
IoOpenDeviceInterfaceRegistryKey
ZwCreateKey
_purecall
RtlWriteRegistryValue
RtlStringFromGUID
ExAllocatePool
IoFreeMdl
MmUnmapLockedPages
KeReadStateEvent
IoAllocateMdl
MmBuildMdlForNonPagedPool
KeSetTimerEx
KeInitializeTimerEx
KeCancelTimer
IoWMIWriteEvent
IoSetDeviceInterfaceState
IofCompleteRequest
IoWMIRegistrationControl
KeReleaseSpinLock
KeInitializeSemaphore
KeAcquireSpinLockRaiseToDpc
KeRemoveQueueDpc
ZwQueryInformationFile
RtlTimeFieldsToTime
ZwReadFile
RtlDeleteRegistryValue
strstr
RtlCreateRegistryKey
ZwWriteFile
ZwCreateFile
DbgPrint
KeClearEvent
PoRegisterPowerSettingCallback
wcschr
PoUnregisterPowerSettingCallback
ExFreePoolWithTag
MmMapIoSpace
MmUnmapIoSpace
IoWMIQueryAllData
IoWMIOpenBlock
ZwEnumerateKey
IoRegisterPlugPlayNotification
ZwOpenEvent
ObReferenceObjectByPointer
RtlCheckRegistryKey
IoCreateSynchronizationEvent
RtlCreateSecurityDescriptor
ZwCreateEvent
RtlSetDaclSecurityDescriptor
MmProbeAndLockPages
atoi
MmUnlockPages
RtlEqualUnicodeString
ZwSetInformationFile
mbstowcs
_vsnwprintf
RtlIntegerToUnicodeString
RtlAnsiStringToUnicodeString
RtlUnicodeStringToInteger
RtlInitAnsiString
KeInitializeGuardedMutex
KeAcquireGuardedMutex
KeReleaseGuardedMutex
KeReleaseSpinLockFromDpcLevel
KeAcquireSpinLockAtDpcLevel
isspace
KeQueryTimeIncrement
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
RtlInitString
PsTerminateSystemThread
KeSetEvent
KeSetPriorityThread
ObfReferenceObject
ExUnregisterCallback
RtlInitUnicodeString
ExAcquireFastMutex
KeDelayExecutionThread
EtwUnregister
IoCancelIrp
IoUnregisterPlugPlayNotification
RtlCompareMemory
ZwOpenKey
IoGetAttachedDeviceReference
MmGetSystemRoutineAddress
KeReleaseMutex
KeWaitForSingleObject
KeInitializeMutex
ExAllocatePoolWithTag
ExEventObjectType
ExFreePool
RtlRaiseException
__chkstk
RtlUnwindEx

hal

KeStallExecutionProcessor
KeQueryPerformanceCounter

ksecdd.sys

BCryptExportKey
BCryptFinishHash
BCryptGenerateKeyPair
BCryptHashData
BCryptDestroyKey
BCryptOpenAlgorithmProvider
BCryptCreateHash
BCryptSetProperty
BCryptGenRandom
BCryptEncrypt
BCryptFinalizeKeyPair
BCryptDecrypt
BCryptCloseAlgorithmProvider
BCryptVerifySignature
BCryptGetProperty
BCryptImportKeyPair
BCryptGenerateSymmetricKey

portcls.sys

PcRegisterPhysicalConnection
PcRegisterSubdevice
PcAddAdapterDevice
PcInitializeAdapterDriver
PcDispatchIrp
PcRegisterAdapterPowerManagement
PcNewPort
PcNewRegistryKey
PcForwardIrpSynchronous

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TEXT
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CODE
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 199KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 409KB - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Realtek-UAD-generic/Win64/Realtek/Codec_9356/HDXRT.inf
Realtek-UAD-generic/Win64/Realtek/Codec_9356/HDXRTSST.inf
Realtek-UAD-generic/Win64/Realtek/Codec_9356/HDXRTU.CAT
Realtek-UAD-generic/Win64/Realtek/Codec_9356/RTAIODAT.DAT
Realtek-UAD-generic/Win64/Realtek/Codec_9356/RTKVHD64.sys
.sys windows:6 windows x64 arch:x64

5f4b66f33f2936d1550016f5ee1b2487

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\_builddriver_beta_20200113\tempcode\objfre_wlh_amd64\amd64\RTKVHD64.pdb

Imports

ntoskrnl.exe

ZwClose
IoAllocateIrp
KeInitializeEvent
EtwWrite
IoGetDeviceInterfaces
RtlQueryRegistryValues
ZwOpenKey
IoWriteErrorLogEntry
ExRegisterCallback
IoGetAttachedDeviceReference
RtlCompareMemory
IoUnregisterPlugPlayNotification
IoCancelIrp
EtwUnregister
KeDelayExecutionThread
ExAcquireFastMutex
RtlInitUnicodeString
ObfReferenceObject
KeWaitForMultipleObjects
ExUnregisterCallback
KeSetPriorityThread
KeSetEvent
PsTerminateSystemThread
KeInitializeSemaphore
ObfDereferenceObject
EtwRegister
PoRequestPowerIrp
IoInvalidateDeviceRelations
IoBuildDeviceIoControlRequest
IoAllocateErrorLogEntry
wcsstr
ObReferenceObjectByHandle
IoAllocateWorkItem
PsCreateSystemThread
MmMapLockedPagesSpecifyCache
MmGetSystemRoutineAddress
RtlFreeUnicodeString
RtlGUIDFromString
RtlCompareUnicodeString
ZwDeleteValueKey
IoRegisterDeviceInterface
ZwSetValueKey
KeBugCheckEx
IoOpenDeviceInterfaceRegistryKey
ZwCreateKey
_purecall
RtlWriteRegistryValue
ExAllocatePool
IoFreeMdl
MmUnmapLockedPages
RtlStringFromGUID
KeReadStateEvent
MmBuildMdlForNonPagedPool
KeSetTimerEx
KeInitializeTimerEx
KeCancelTimer
IoAllocateMdl
IoWMIRegistrationControl
IoWMIWriteEvent
IoSetDeviceInterfaceState
IofCompleteRequest
KeAcquireSpinLockRaiseToDpc
RtlTimeToTimeFields
ExEventObjectType
KeRemoveQueueDpc
RtlCreateRegistryKey
ZwWriteFile
ZwCreateFile
PoUnregisterPowerSettingCallback
ZwQueryInformationFile
RtlTimeFieldsToTime
ZwReadFile
PoRegisterPowerSettingCallback
strstr
RtlDeleteRegistryValue
DbgPrint
KeClearEvent
ExFreePoolWithTag
MmMapIoSpace
MmUnmapIoSpace
IoWMIOpenBlock
IoWMIQueryAllData
ZwEnumerateKey
RtlCreateSecurityDescriptor
ZwCreateEvent
RtlSetDaclSecurityDescriptor
IoRegisterPlugPlayNotification
ZwOpenEvent
ObReferenceObjectByPointer
RtlCheckRegistryKey
IoCreateSynchronizationEvent
MmProbeAndLockPages
MmUnlockPages
atoi
RtlEqualUnicodeString
ZwSetInformationFile
mbstowcs
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlUnicodeStringToInteger
RtlIntegerToUnicodeString
KeReleaseSpinLockFromDpcLevel
KeReleaseGuardedMutex
KeAcquireSpinLockAtDpcLevel
KeInitializeGuardedMutex
KeAcquireGuardedMutex
RtlInitString
isspace
KeQueryTimeIncrement
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
wcschr
IoQueueWorkItem
IoFreeWorkItem
_vsnprintf
RtlRaiseException
__chkstk
ZwQueryValueKey
ExReleaseFastMutex
IoFreeIrp
ExCreateCallback
IoBuildSynchronousFsdRequest
KeReleaseSemaphore
ExSystemTimeToLocalTime
DbgBreakPoint
IofCallDriver
KeResetEvent
_vsnwprintf
IoGetDeviceObjectPointer
KeInitializeMutex
KeWaitForSingleObject
ExAllocatePoolWithTag
ExFreePool
KeReleaseSpinLock
KeReleaseMutex
RtlUnwindEx

hal

KeQueryPerformanceCounter
KeStallExecutionProcessor

portcls.sys

PcAddAdapterDevice
PcRegisterAdapterPowerManagement
PcDispatchIrp
PcInitializeAdapterDriver
PcRegisterSubdevice
PcRegisterPhysicalConnection
PcNewPort
PcNewRegistryKey
PcForwardIrpSynchronous

ksecdd.sys

BCryptDestroyKey
BCryptOpenAlgorithmProvider
BCryptImportKeyPair
BCryptSetProperty
BCryptGenRandom
BCryptEncrypt
BCryptHashData
BCryptGetProperty
BCryptGenerateSymmetricKey
BCryptVerifySignature
BCryptCloseAlgorithmProvider
BCryptDecrypt
BCryptFinalizeKeyPair
BCryptGenerateKeyPair
BCryptCreateHash
BCryptExportKey
BCryptFinishHash

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TEXT
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CODE
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 402KB - Virtual size: 402KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Realtek-UAD-generic/Win64/Realtek/ExtRtk_8824/HDX_GenericExt_RTK.inf
Realtek-UAD-generic/Win64/Realtek/ExtRtk_8824/hdxrtext.cat
Realtek-UAD-generic/Win64/Realtek/RealtekAPO_12_1167/RealtekAPO.inf
Realtek-UAD-generic/Win64/Realtek/RealtekAPO_12_1167/RltkAPOU64.dll
.dll regsvr32 windows:6 windows x64 arch:x64

26fd07d0896527cf2ca6d15c3b80065e

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:91:ac:87:81:45:2e:94:78:fd:b9:0d:5a:52:33:6c
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

15/06/2023, 00:00

Not After

15/06/2026, 23:59

Subject

SERIALNUMBER=22671299,CN=Realtek Semiconductor Corp.,O=Realtek Semiconductor Corp.,L=Hsinchu,C=TW,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025457

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:09:5e:de:a2:12:7e:92:81:cc:00:00:00:00:01:09
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

14/09/2023, 19:14

Not After

04/09/2024, 19:14

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b3:cc:97:49:0f:87:1b:fb:f0:65:de:59:04:d5:bc:83:74:44:50:07:05:7a:59:d2:76:14:a3:77:73:9b:f5:e5
Signer

Actual PE Digest

b3:cc:97:49:0f:87:1b:fb:f0:65:de:59:04:d5:bc:83:74:44:50:07:05:7a:59:d2:76:14:a3:77:73:9b:f5:e5

Digest Algorithm

sha256

PE Digest Matches

true

b3:cc:97:49:0f:87:1b:fb:f0:65:de:59:04:d5:bc:83:74:44:50:07:05:7a:59:d2:76:14:a3:77:73:9b:f5:e5
Signer

Actual PE Digest

b3:cc:97:49:0f:87:1b:fb:f0:65:de:59:04:d5:bc:83:74:44:50:07:05:7a:59:d2:76:14:a3:77:73:9b:f5:e5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\_Binary\_APO\_sysfx\APO\x64\Release\RltkAPOU64.pdb

Imports

kernel32

GetProcAddress
LoadLibraryExW
LoadResource
SizeofResource
FindResourceW
LoadLibraryW
LocalAlloc
lstrcmpiW
CompareStringEx
MultiByteToWideChar
SetThreadPriority
CreateThread
GetCurrentProcess
WaitForMultipleObjects
CreateEventW
WaitForSingleObjectEx
WaitForSingleObject
SetEvent
GetLocaleInfoEx
LCMapStringEx
FormatMessageW
InitOnceExecuteOnce
SetEndOfFile
DeleteCriticalSection
SetWaitableTimer
CancelWaitableTimer
CreateWaitableTimerW
GetLocalTime
FindResourceExW
LockResource
FileTimeToSystemTime
SystemTimeToFileTime
SetStdHandle
GetStringTypeW
FlushFileBuffers
EncodePointer
LocalFree
GetThreadLocale
SetThreadLocale
InitializeCriticalSectionEx
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
LeaveCriticalSection
GetCPInfo
EnterCriticalSection
DeviceIoControl
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
DuplicateHandle
QueryPerformanceCounter
GetModuleHandleW
InitializeCriticalSection
ReleaseMutex
CreateMutexW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
HeapAlloc
HeapDestroy
GetOEMCP
GetACP
GetLastError
RaiseException
CloseHandle
ResetEvent
OpenMutexW
DecodePointer
GetSystemTime
OpenFileMappingW
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
IsValidCodePage
FindNextFileW
FindFirstFileExW
VerSetConditionMask
VerifyVersionInfoW
WideCharToMultiByte
FindClose
CreateEventExW
GetFileSizeEx
GetConsoleCP
SetFilePointerEx
ReadConsoleW
RtlUnwind
GetConsoleMode
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
TlsFree
GetModuleFileNameW
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
WriteFile
GetCurrentThread
ExitProcess
ReadFile
FreeLibraryAndExitThread
ResumeThread
FreeLibrary
GetPriorityClass
QueryPerformanceFrequency
GetThreadPriority
ExitThread
WriteConsoleW
GetModuleHandleExW
GetCommandLineA
CreateFileW
GetFileType
GetStdHandle
FlsFree
CreateEventA
OutputDebugStringW
SetDllDirectoryA
__C_specific_handler
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
FlsAlloc
FlsGetValue
FlsSetValue

user32

CharNextW
UnregisterClassA

advapi32

RegGetValueW
RegEnumValueW
EventWrite
EventUnregister
EventRegister
RegQueryValueExW
RegNotifyChangeKeyValue
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
RegisterTraceGuidsW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteKeyExW
RegSetKeySecurity
TraceMessage
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey

ole32

CoUninitialize
PropVariantCopy
CoCreateInstance
StringFromGUID2
StringFromCLSID
PropVariantClear
CoTaskMemAlloc
CoTaskMemRealloc
CoInitializeEx
CoTaskMemFree
CLSIDFromString

oleaut32

SysStringLen
SysAllocString
RegisterTypeLi
VarUI4FromStr
LoadTypeLi
UnRegisterTypeLi
SysFreeString

winmm

timeEndPeriod
timeBeginPeriod

api-ms-win-devices-config-l1-1-1

CM_Get_Device_ID_ListW
CM_Get_Device_ID_List_SizeW
CM_Get_Device_Interface_List_SizeW
CM_Get_DevNode_Registry_PropertyW
CM_Locate_DevNodeW
CM_Get_Device_Interface_ListW

propsys

InitPropVariantFromCLSID

shlwapi

StrCmpW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsDeleteString
WindowsCreateString
WindowsGetStringRawBuffer

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoGetActivationFactory
RoUninitialize

audioeng

AERT_Free
AERT_Allocate

avrt

AvSetMmThreadCharacteristicsW
AvRevertMmThreadCharacteristics
AvSetMmThreadPriority

rtworkq

RtwqPutWorkItem
RtwqCreateAsyncResult

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 8B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 358KB - Virtual size: 8.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

minATL
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

RT_DATA
Size: 643KB - Virtual size: 642KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_CONST
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Realtek-UAD-generic/Win64/Realtek/RealtekAPO_12_1167/realtekapo.cat
Realtek-UAD-generic/Win64/Realtek/RealtekAPO_13_1167/RealtekAPO.inf
Realtek-UAD-generic/Win64/Realtek/RealtekAPO_13_1167/RltkAPOU64.dll
.dll regsvr32 windows:6 windows x64 arch:x64

26fd07d0896527cf2ca6d15c3b80065e

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:91:ac:87:81:45:2e:94:78:fd:b9:0d:5a:52:33:6c
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

15/06/2023, 00:00

Not After

15/06/2026, 23:59

Subject

SERIALNUMBER=22671299,CN=Realtek Semiconductor Corp.,O=Realtek Semiconductor Corp.,L=Hsinchu,C=TW,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025457

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:09:5e:de:a2:12:7e:92:81:cc:00:00:00:00:01:09
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

14/09/2023, 19:14

Not After

04/09/2024, 19:14

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b3:cc:97:49:0f:87:1b:fb:f0:65:de:59:04:d5:bc:83:74:44:50:07:05:7a:59:d2:76:14:a3:77:73:9b:f5:e5
Signer

Actual PE Digest

b3:cc:97:49:0f:87:1b:fb:f0:65:de:59:04:d5:bc:83:74:44:50:07:05:7a:59:d2:76:14:a3:77:73:9b:f5:e5

Digest Algorithm

sha256

PE Digest Matches

true

b3:cc:97:49:0f:87:1b:fb:f0:65:de:59:04:d5:bc:83:74:44:50:07:05:7a:59:d2:76:14:a3:77:73:9b:f5:e5
Signer

Actual PE Digest

b3:cc:97:49:0f:87:1b:fb:f0:65:de:59:04:d5:bc:83:74:44:50:07:05:7a:59:d2:76:14:a3:77:73:9b:f5:e5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\_Binary\_APO\_sysfx\APO\x64\Release\RltkAPOU64.pdb

Imports

kernel32

GetProcAddress
LoadLibraryExW
LoadResource
SizeofResource
FindResourceW
LoadLibraryW
LocalAlloc
lstrcmpiW
CompareStringEx
MultiByteToWideChar
SetThreadPriority
CreateThread
GetCurrentProcess
WaitForMultipleObjects
CreateEventW
WaitForSingleObjectEx
WaitForSingleObject
SetEvent
GetLocaleInfoEx
LCMapStringEx
FormatMessageW
InitOnceExecuteOnce
SetEndOfFile
DeleteCriticalSection
SetWaitableTimer
CancelWaitableTimer
CreateWaitableTimerW
GetLocalTime
FindResourceExW
LockResource
FileTimeToSystemTime
SystemTimeToFileTime
SetStdHandle
GetStringTypeW
FlushFileBuffers
EncodePointer
LocalFree
GetThreadLocale
SetThreadLocale
InitializeCriticalSectionEx
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
LeaveCriticalSection
GetCPInfo
EnterCriticalSection
DeviceIoControl
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
DuplicateHandle
QueryPerformanceCounter
GetModuleHandleW
InitializeCriticalSection
ReleaseMutex
CreateMutexW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
HeapAlloc
HeapDestroy
GetOEMCP
GetACP
GetLastError
RaiseException
CloseHandle
ResetEvent
OpenMutexW
DecodePointer
GetSystemTime
OpenFileMappingW
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
IsValidCodePage
FindNextFileW
FindFirstFileExW
VerSetConditionMask
VerifyVersionInfoW
WideCharToMultiByte
FindClose
CreateEventExW
GetFileSizeEx
GetConsoleCP
SetFilePointerEx
ReadConsoleW
RtlUnwind
GetConsoleMode
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
TlsFree
GetModuleFileNameW
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
WriteFile
GetCurrentThread
ExitProcess
ReadFile
FreeLibraryAndExitThread
ResumeThread
FreeLibrary
GetPriorityClass
QueryPerformanceFrequency
GetThreadPriority
ExitThread
WriteConsoleW
GetModuleHandleExW
GetCommandLineA
CreateFileW
GetFileType
GetStdHandle
FlsFree
CreateEventA
OutputDebugStringW
SetDllDirectoryA
__C_specific_handler
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
FlsAlloc
FlsGetValue
FlsSetValue

user32

CharNextW
UnregisterClassA

advapi32

RegGetValueW
RegEnumValueW
EventWrite
EventUnregister
EventRegister
RegQueryValueExW
RegNotifyChangeKeyValue
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
RegisterTraceGuidsW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteKeyExW
RegSetKeySecurity
TraceMessage
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey

ole32

CoUninitialize
PropVariantCopy
CoCreateInstance
StringFromGUID2
StringFromCLSID
PropVariantClear
CoTaskMemAlloc
CoTaskMemRealloc
CoInitializeEx
CoTaskMemFree
CLSIDFromString

oleaut32

SysStringLen
SysAllocString
RegisterTypeLi
VarUI4FromStr
LoadTypeLi
UnRegisterTypeLi
SysFreeString

winmm

timeEndPeriod
timeBeginPeriod

api-ms-win-devices-config-l1-1-1

CM_Get_Device_ID_ListW
CM_Get_Device_ID_List_SizeW
CM_Get_Device_Interface_List_SizeW
CM_Get_DevNode_Registry_PropertyW
CM_Locate_DevNodeW
CM_Get_Device_Interface_ListW

propsys

InitPropVariantFromCLSID

shlwapi

StrCmpW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsDeleteString
WindowsCreateString
WindowsGetStringRawBuffer

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoGetActivationFactory
RoUninitialize

audioeng

AERT_Free
AERT_Allocate

avrt

AvSetMmThreadCharacteristicsW
AvRevertMmThreadCharacteristics
AvSetMmThreadPriority

rtworkq

RtwqPutWorkItem
RtwqCreateAsyncResult

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 8B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 358KB - Virtual size: 8.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

minATL
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

RT_DATA
Size: 643KB - Virtual size: 642KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_CONST
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Realtek-UAD-generic/Win64/Realtek/RealtekAPO_13_1167/realtekapo.cat
Realtek-UAD-generic/Win64/Realtek/RealtekHSA_334/RealtekHSA.inf
Realtek-UAD-generic/Win64/Realtek/RealtekHSA_334/realtekhsa.cat
Realtek-UAD-generic/Win64/Realtek/RealtekService_768/MonoSeparationEnrollDll.dll
.dll windows:6 windows x64 arch:x64

ce643ae48c2468d7704ce9bf671e7cb1

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:91:ac:87:81:45:2e:94:78:fd:b9:0d:5a:52:33:6c
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

15/06/2023, 00:00

Not After

15/06/2026, 23:59

Subject

SERIALNUMBER=22671299,CN=Realtek Semiconductor Corp.,O=Realtek Semiconductor Corp.,L=Hsinchu,C=TW,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025457

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:08:e2:33:7a:56:70:40:c0:d5:00:00:00:00:01:08
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

14/09/2023, 19:14

Not After

04/09/2024, 19:14

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

58:e5:44:37:23:b7:1a:c9:01:3e:49:dd:33:d0:3d:5e:c1:88:c1:86:a4:38:e8:4a:c1:46:22:61:33:c3:5d:32
Signer

Actual PE Digest

58:e5:44:37:23:b7:1a:c9:01:3e:49:dd:33:d0:3d:5e:c1:88:c1:86:a4:38:e8:4a:c1:46:22:61:33:c3:5d:32

Digest Algorithm

sha256

PE Digest Matches

true

58:e5:44:37:23:b7:1a:c9:01:3e:49:dd:33:d0:3d:5e:c1:88:c1:86:a4:38:e8:4a:c1:46:22:61:33:c3:5d:32
Signer

Actual PE Digest

58:e5:44:37:23:b7:1a:c9:01:3e:49:dd:33:d0:3d:5e:c1:88:c1:86:a4:38:e8:4a:c1:46:22:61:33:c3:5d:32

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

R:\RTK\MonoSeparation.AD26\Tmp\MonoSeparationEnrollDll\x64\Release\MonoSeparationEnrollDll.pdb

Imports

kernel32

SizeofResource
HeapFree
InitializeCriticalSectionEx
HeapSize
GetLastError
OutputDebugStringW
LockResource
HeapReAlloc
RaiseException
FindResourceExW
LoadResource
FindResourceW
HeapAlloc
DecodePointer
HeapDestroy
DeleteCriticalSection
GetProcessHeap
WideCharToMultiByte
MultiByteToWideChar
QueryPerformanceCounter
WriteConsoleW
SetEndOfFile
CreateFileW
SetStdHandle
FlushFileBuffers
FreeEnvironmentStringsW
CloseHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
SetLastError
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
RtlUnwindEx
RtlPcToFileHeader
InterlockedFlushSList
FreeLibrary
LoadLibraryExW
ReadFile
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
GetFileType
WriteFile
GetConsoleCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
RtlUnwind

Exports

Exports

MSE_AB48_Destroy
MSE_AB48_GetTrainDataReady
MSE_AB48_Init
MSE_AB48_Process
MSE_AB48_SaveTrainDataToMemory

Sections

.text
Size: 625KB - Virtual size: 625KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Realtek-UAD-generic/Win64/Realtek/RealtekService_768/PTTdll.dll
.dll windows:6 windows x64 arch:x64

43abd9ae2351ad08f417389385a2f89f

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:91:ac:87:81:45:2e:94:78:fd:b9:0d:5a:52:33:6c
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

15/06/2023, 00:00

Not After

15/06/2026, 23:59

Subject

SERIALNUMBER=22671299,CN=Realtek Semiconductor Corp.,O=Realtek Semiconductor Corp.,L=Hsinchu,C=TW,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025457

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:08:e2:33:7a:56:70:40:c0:d5:00:00:00:00:01:08
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

14/09/2023, 19:14

Not After

04/09/2024, 19:14

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:5d:ef:da:2d:d8:7d:95:41:4f:b4:d4:26:04:60:cc:aa:eb:38:df:23:2e:93:86:e5:bb:99:be:56:aa:1d:59
Signer

Actual PE Digest

48:5d:ef:da:2d:d8:7d:95:41:4f:b4:d4:26:04:60:cc:aa:eb:38:df:23:2e:93:86:e5:bb:99:be:56:aa:1d:59

Digest Algorithm

sha256

PE Digest Matches

true

48:5d:ef:da:2d:d8:7d:95:41:4f:b4:d4:26:04:60:cc:aa:eb:38:df:23:2e:93:86:e5:bb:99:be:56:aa:1d:59
Signer

Actual PE Digest

48:5d:ef:da:2d:d8:7d:95:41:4f:b4:d4:26:04:60:cc:aa:eb:38:df:23:2e:93:86:e5:bb:99:be:56:aa:1d:59

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

R:\PSAP_proj\AG00\PTTdll\x64\Release\PTTdll.pdb

Imports

kernel32

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
LCMapStringW
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetStdHandle
GetFileSizeEx
SetFilePointerEx
GetStringTypeW
HeapSize
HeapReAlloc
CloseHandle
CreateFileW
WriteConsoleW

Exports

Exports

CreatePTTAPI
FreePTTAPI
GenSineTone
GetGain
GetPttCompensationLevelTable
GetPttScoreTable
GetRTPttStaticCurveTable
GetStaticCurve
IfHear
PttLock
SetATGSliderGain
SetFreqSliderGain
SetGain
SetStaticCurve

Sections

.text
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Realtek-UAD-generic/Win64/Realtek/RealtekService_768/RealtekService.inf
Realtek-UAD-generic/Win64/Realtek/RealtekService_768/RtCOM64.dll
.dll regsvr32 windows:6 windows x64 arch:x64

5c0ca7f51a84dfbd181f5d805e235655

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:91:ac:87:81:45:2e:94:78:fd:b9:0d:5a:52:33:6c
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

15/06/2023, 00:00

Not After

15/06/2026, 23:59

Subject

SERIALNUMBER=22671299,CN=Realtek Semiconductor Corp.,O=Realtek Semiconductor Corp.,L=Hsinchu,C=TW,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025457

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:09:5e:de:a2:12:7e:92:81:cc:00:00:00:00:01:09
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

14/09/2023, 19:14

Not After

04/09/2024, 19:14

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

53:2a:1c:a1:a5:d1:f0:f5:b2:30:eb:8c:2c:3d:4f:34:6a:11:b9:0a:30:fb:a1:6b:ca:fc:ef:8b:32:ac:0d:a7
Signer

Actual PE Digest

53:2a:1c:a1:a5:d1:f0:f5:b2:30:eb:8c:2c:3d:4f:34:6a:11:b9:0a:30:fb:a1:6b:ca:fc:ef:8b:32:ac:0d:a7

Digest Algorithm

sha256

PE Digest Matches

true

53:2a:1c:a1:a5:d1:f0:f5:b2:30:eb:8c:2c:3d:4f:34:6a:11:b9:0a:30:fb:a1:6b:ca:fc:ef:8b:32:ac:0d:a7
Signer

Actual PE Digest

53:2a:1c:a1:a5:d1:f0:f5:b2:30:eb:8c:2c:3d:4f:34:6a:11:b9:0a:30:fb:a1:6b:ca:fc:ef:8b:32:ac:0d:a7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\HDAudio\_Git\RTCOMDLL_3291\ReleaseMinDependency\x64\RTCOMDLL64.pdb

Imports

kernel32

CloseHandle
SetStdHandle
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
GetStringTypeW
LoadLibraryA
GetProcAddress
GetModuleHandleA
Sleep
WaitForSingleObject
CreateEventA
CreateThread
WaitForMultipleObjects
OutputDebugStringA
EnterCriticalSection
LeaveCriticalSection
LocalFree
GetLastError
FreeEnvironmentStringsW
LocalAlloc
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
DeviceIoControl
IsValidCodePage
GetSystemDirectoryA
FreeLibrary
__C_specific_handler
FindNextFileA
CreateFileA
FlushFileBuffers
SetEvent
lstrcmpiA
IsDBCSLeadByte
FindResourceW
FindFirstFileExA
RaiseException
FindResourceA
LoadLibraryExA
GetModuleFileNameA
GetCurrentProcessId
OpenProcess
K32EnumProcessModules
K32GetModuleBaseNameA
FindClose
WinExec
FindResourceExW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW
WriteConsoleW
LCMapStringW
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetThreadLocale
SetThreadLocale
DecodePointer
EncodePointer
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
GetFileType
GetStdHandle
GetACP
GetModuleHandleExW
ExitProcess
VirtualQuery
InitializeCriticalSectionEx
VirtualProtect
VirtualAlloc
GetSystemInfo
FlsFree
FlsSetValue
FlsGetValue
IsDebuggerPresent
OutputDebugStringW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
InterlockedFlushSList
SetLastError
FlsAlloc

oleaut32

RegisterTypeLi
SysAllocString
SysFreeString
VarUI4FromStr
SysStringLen
UnRegisterTypeLi
LoadTypeLi
LoadRegTypeLi

ole32

CoInitializeEx
CoUninitialize
StringFromGUID2
CoTaskMemAlloc
CoFreeUnusedLibrariesEx
CoTaskMemRealloc
CLSIDFromString
CoInitialize
PropVariantClear
CoTaskMemFree
CoCreateInstance

user32

RegisterWindowMessageA
FindWindowExA
CharNextW
CharNextA
FindWindowA
PostMessageA
CharUpperA

advapi32

RegQueryInfoKeyA
RegDeleteValueA
RegEnumKeyExA
RegQueryInfoKeyW
RegDeleteKeyA
RegOpenKeyA
RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdA
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces

bcrypt

BCryptEncrypt
BCryptOpenAlgorithmProvider
BCryptImportKeyPair
BCryptDestroyKey
BCryptCloseAlgorithmProvider

propsys

PropVariantToString
InitPropVariantFromCLSID
PropVariantToUInt32

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 362KB - Virtual size: 361KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 516KB - Virtual size: 516KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Realtek-UAD-generic/Win64/Realtek/RealtekService_768/RtDataProc64.dll
.dll regsvr32 windows:6 windows x64 arch:x64

5e89a4b746e95262701cebeadea79ac4

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:91:ac:87:81:45:2e:94:78:fd:b9:0d:5a:52:33:6c
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

15/06/2023, 00:00

Not After

15/06/2026, 23:59

Subject

SERIALNUMBER=22671299,CN=Realtek Semiconductor Corp.,O=Realtek Semiconductor Corp.,L=Hsinchu,C=TW,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025457

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:09:5e:de:a2:12:7e:92:81:cc:00:00:00:00:01:09
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

14/09/2023, 19:14

Not After

04/09/2024, 19:14

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:5d:97:7e:4e:b7:27:45:49:09:41:2d:62:d6:52:d1:24:03:a7:75:9b:5f:16:74:70:1f:45:3d:05:ba:bd:40
Signer

Actual PE Digest

10:5d:97:7e:4e:b7:27:45:49:09:41:2d:62:d6:52:d1:24:03:a7:75:9b:5f:16:74:70:1f:45:3d:05:ba:bd:40

Digest Algorithm

sha256

PE Digest Matches

true

10:5d:97:7e:4e:b7:27:45:49:09:41:2d:62:d6:52:d1:24:03:a7:75:9b:5f:16:74:70:1f:45:3d:05:ba:bd:40
Signer

Actual PE Digest

10:5d:97:7e:4e:b7:27:45:49:09:41:2d:62:d6:52:d1:24:03:a7:75:9b:5f:16:74:70:1f:45:3d:05:ba:bd:40

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\HDAudio\_Git\GetAnotherRecData_2009.7\GetAnotherRecData\x64\Release\RtDataProc64.pdb

Imports

kernel32

DeviceIoControl
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
ResetEvent
WaitForSingleObject
CreateEventW
Sleep
WaitForMultipleObjects
CreateThread
FindResourceExW
GetProcAddress
LoadResource
LockResource
SizeofResource
FindResourceW
WideCharToMultiByte
HeapReAlloc
HeapAlloc
HeapDestroy
FlsAlloc
IsDebuggerPresent
RaiseException
__C_specific_handler
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
HeapSize
CloseHandle
QueryPerformanceFrequency
GetCurrentThread
SetThreadPriority
GetThreadPriority
GetTickCount
GetWindowsDirectoryW
FreeLibrary
GetModuleFileNameW
GetModuleHandleExW
LoadLibraryExW
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetCurrentProcessId
GetProcessHeap
ExpandEnvironmentStringsW
HeapFree
GetCurrentThreadId
GetSystemTimeAsFileTime
FlsGetValue
DeleteCriticalSection
GetSystemDirectoryW
LoadLibraryW
OutputDebugStringW
CreateFileW
QueryPerformanceCounter
SetEvent
FlsSetValue
InitializeSListHead
RtlPcToFileHeader
RtlUnwindEx
InterlockedFlushSList
GetLastError
InitializeCriticalSectionEx
EncodePointer
FlsFree
SetLastError

advapi32

RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW

ole32

CoInitializeEx
CoCreateInstance
CLSIDFromString
CoTaskMemAlloc
CoTaskMemFree
PropVariantClear
StringFromGUID2
StringFromCLSID

winmm

timeEndPeriod
timeGetTime
timeBeginPeriod

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shlwapi

PathRemoveFileSpecW

setupapi

SetupDiEnumDeviceInfo
SetupDiEnumDeviceInterfaces
CM_Get_Device_ID_ListW
CM_Locate_DevNodeW
CM_Get_Child
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceInstanceIdW
SetupDiGetClassDevsW
CM_Get_Device_ID_List_SizeW
CM_Get_Sibling
CM_Get_Parent
CM_Get_DevNode_Registry_PropertyW
CM_Open_DevNode_Key

user32

CharUpperW

avrt

AvSetMmThreadCharacteristicsW
AvRevertMmThreadCharacteristics

rtworkq

RtwqStartup
RtwqAllocateWorkQueue
RtwqShutdown

api-ms-win-crt-runtime-l1-1-0

terminate
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initterm
_cexit
_invalid_parameter_noinfo_noreturn
_invalid_parameter_noinfo
_errno
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
abort

api-ms-win-crt-string-l1-1-0

_wcsupr_s
_wcslwr_s
wmemcpy_s
strnlen
wcsnlen
strcpy_s

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfwprintf
__acrt_iob_func
__stdio_common_vswprintf

api-ms-win-crt-convert-l1-1-0

_wtoi

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc
calloc

api-ms-win-crt-math-l1-1-0

sqrt
expf
sin
sqrtf
powf

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 238KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

RT_DATA
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_CONST
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Realtek-UAD-generic/Win64/Realtek/RealtekService_768/RtkApi64U.dll
.dll regsvr32 windows:6 windows x64 arch:x64

ad41f11ee3ea28e81ce4e23891847f3b

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:91:ac:87:81:45:2e:94:78:fd:b9:0d:5a:52:33:6c
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

15/06/2023, 00:00

Not After

15/06/2026, 23:59

Subject

SERIALNUMBER=22671299,CN=Realtek Semiconductor Corp.,O=Realtek Semiconductor Corp.,L=Hsinchu,C=TW,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025457

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:08:e2:33:7a:56:70:40:c0:d5:00:00:00:00:01:08
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

14/09/2023, 19:14

Not After

04/09/2024, 19:14

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e5:a9:78:b7:fc:6b:05:10:11:2d:55:31:9c:58:75:ae:83:a3:cc:fb:05:72:e4:ae:0a:c0:ed:fc:f9:f1:1c:7c
Signer

Actual PE Digest

e5:a9:78:b7:fc:6b:05:10:11:2d:55:31:9c:58:75:ae:83:a3:cc:fb:05:72:e4:ae:0a:c0:ed:fc:f9:f1:1c:7c

Digest Algorithm

sha256

PE Digest Matches

true

e5:a9:78:b7:fc:6b:05:10:11:2d:55:31:9c:58:75:ae:83:a3:cc:fb:05:72:e4:ae:0a:c0:ed:fc:f9:f1:1c:7c
Signer

Actual PE Digest

e5:a9:78:b7:fc:6b:05:10:11:2d:55:31:9c:58:75:ae:83:a3:cc:fb:05:72:e4:ae:0a:c0:ed:fc:f9:f1:1c:7c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\_Binary\_APO\_rtkapoapi\RtkApoApi_1.261\x64\ReleaseU\RtkApi64U.pdb

Imports

kernel32

GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
LoadResource
SizeofResource
FindResourceW
lstrcmpiW
WriteConsoleW
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
SetEndOfFile
FlushFileBuffers
GetStringTypeW
SetStdHandle
LCMapStringW
HeapAlloc
HeapDestroy
FindResourceExW
LockResource
CreateFileW
CloseHandle
DeviceIoControl
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
DecodePointer
GetThreadLocale
SetThreadLocale
FreeEnvironmentStringsW
GetEnvironmentStringsW
ReleaseMutex
WaitForSingleObject
CreateMutexW
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
LocalFree
GetUserDefaultLCID
WideCharToMultiByte
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetLastError
SetEvent
WaitForMultipleObjects
FreeLibrary
GetACP
LoadLibraryW
IsValidCodePage
FindNextFileW
RaiseException
FindFirstFileExW
FindClose
SetFilePointerEx
IsDebuggerPresent
OutputDebugStringW
__C_specific_handler
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RtlUnwindEx
InterlockedFlushSList
SetLastError
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
ExitProcess
GetModuleHandleExW
GetStdHandle
GetFileType
ReadFile
GetConsoleMode
ReadConsoleW
WriteFile
GetConsoleCP

user32

CharNextW

advapi32

RegEnumValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey

ole32

PropVariantCopy
CoTaskMemFree
PropVariantClear
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
StringFromCLSID
CLSIDFromString

oleaut32

RegisterTypeLi
SafeArrayUnaccessData
GetRecordInfoFromTypeInfo
VarUI4FromStr
LoadTypeLi
UnRegisterTypeLi
SafeArrayAccessData
SysStringLen
SafeArrayCreateEx
SysAllocString
LoadRegTypeLi
SysFreeString

api-ms-win-devices-config-l1-1-1

CM_Locate_DevNodeW
CM_Get_Device_ID_List_SizeW
CM_Get_DevNode_Registry_PropertyW
CM_Get_Device_ID_ListW

propsys

InitPropVariantFromCLSID

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ParseAddWriteDS1PCDAT
ParseAddWritePCEE4DAT

Sections

.text
Size: 423KB - Virtual size: 423KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 218KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Realtek-UAD-generic/Win64/Realtek/RealtekService_768/RtkAudUService64.exe
.exe windows:6 windows x64 arch:x64

618368859b72c281c4c89e7b03cd38b5

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:91:ac:87:81:45:2e:94:78:fd:b9:0d:5a:52:33:6c
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

15/06/2023, 00:00

Not After

15/06/2026, 23:59

Subject

SERIALNUMBER=22671299,CN=Realtek Semiconductor Corp.,O=Realtek Semiconductor Corp.,L=Hsinchu,C=TW,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025457

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:08:e2:33:7a:56:70:40:c0:d5:00:00:00:00:01:08
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

14/09/2023, 19:14

Not After

04/09/2024, 19:14

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

23:c9:ae:8a:80:60:4c:e8:75:fe:4a:67:6b:ce:02:2c:9d:ed:25:21:34:c7:ce:fa:41:72:23:b4:c4:ef:6d:91
Signer

Actual PE Digest

23:c9:ae:8a:80:60:4c:e8:75:fe:4a:67:6b:ce:02:2c:9d:ed:25:21:34:c7:ce:fa:41:72:23:b4:c4:ef:6d:91

Digest Algorithm

sha256

PE Digest Matches

true

23:c9:ae:8a:80:60:4c:e8:75:fe:4a:67:6b:ce:02:2c:9d:ed:25:21:34:c7:ce:fa:41:72:23:b4:c4:ef:6d:91
Signer

Actual PE Digest

23:c9:ae:8a:80:60:4c:e8:75:fe:4a:67:6b:ce:02:2c:9d:ed:25:21:34:c7:ce:fa:41:72:23:b4:c4:ef:6d:91

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\proj\proj_20240611_RtkAudUService_Chunyung\RtkAudUService\Release\x64\RtkAudUService64.pdb

Imports

oleaut32

LPSAFEARRAY_UserSize64
BSTR_UserMarshal64
BSTR_UserSize64
BSTR_UserFree64
BSTR_UserSize
VariantCopy
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserUnmarshal64
BSTR_UserMarshal
BSTR_UserUnmarshal
LPSAFEARRAY_UserMarshal64
LPSAFEARRAY_UserFree64
LPSAFEARRAY_UserUnmarshal
LoadTypeLibEx
SafeArrayCreate
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayPutElement
SafeArrayCreateVector
VariantClear
VariantInit
SysAllocString
SysFreeString
LPSAFEARRAY_UserFree
BSTR_UserUnmarshal64
LPSAFEARRAY_UserSize
BSTR_UserFree

rpcrt4

IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
RpcBindingVectorFree
CStdStubBuffer_QueryInterface
RpcEpUnregister
RpcServerUnregisterIf
RpcServerListen
NdrOleAllocate
RpcEpRegisterW
RpcServerInqBindings
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
RpcServerRegisterIf3
IUnknown_QueryInterface_Proxy
NdrStubCall3
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Connect
RpcMgmtSetAuthorizationFn
CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
RpcServerUseProtseqW
CStdStubBuffer_AddRef
RpcBindingToStringBindingA
NdrClientCall3
NdrServerCallAll
NdrServerCall2
NdrCStdStubBuffer2_Release
RpcStringFreeA
RpcMgmtStopServerListening
NdrCStdStubBuffer_Release
NdrStubForwardingFunction
CStdStubBuffer_Invoke
NdrOleFree

api-ms-win-core-com-l1-1-0

CoGetCurrentProcess
StringFromGUID2
CoTaskMemAlloc
PropVariantClear
CoInitializeSecurity
CoRevokeClassObject
CoInitializeEx
CoTaskMemFree
StringFromCLSID
CoGetApartmentType
CoRegisterClassObject
CLSIDFromString
CoUninitialize
CoCreateInstance
CoFreeUnusedLibrariesEx
CoSetProxyBlanket

propsys

PropVariantToString
InitPropVariantFromCLSID

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapSize
GetProcessHeap
HeapFree
HeapReAlloc
HeapDestroy

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadLibraryExW
LoadStringW
LoadLibraryExA
GetProcAddress
GetModuleHandleA
SizeofResource
LockResource
LoadResource
GetModuleHandleW
FindResourceExW
FreeResource
GetModuleFileNameW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpA
lstrcpyW
lstrcmpW
lstrlenW

api-ms-win-core-file-l1-1-0

FileTimeToLocalFileTime
DeleteFileW
GetFileAttributesW
CreateFileW
ReadFile
GetFileSize
WriteFile
QueryDosDeviceW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-synch-l1-1-0

CreateEventExW
AcquireSRWLockExclusive
WaitForSingleObjectEx
TryEnterCriticalSection
WaitForSingleObject
SetEvent
CreateEventW
ResetEvent
DeleteCriticalSection
InitializeCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
WaitForMultipleObjectsEx
CancelWaitableTimer
SetWaitableTimer
CreateMutexW
InitializeSRWLock
TryAcquireSRWLockExclusive
EnterCriticalSection
ReleaseSRWLockExclusive

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetLocalTime
GetTickCount
GetSystemTime
GetSystemWindowsDirectoryW
GetSystemDirectoryW
GetSystemInfo

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-handle-l1-1-0

SetHandleInformation
CloseHandle
DuplicateHandle

api-ms-win-core-processthreads-l1-1-0

GetExitCodeProcess
CreateProcessAsUserW
CreateProcessW
TerminateProcess
CreateThread
OpenProcessToken
GetCurrentThread
GetCurrentThreadId
ProcessIdToSessionId
GetCurrentProcessId
SetProcessShutdownParameters
GetExitCodeThread
SetThreadPriority
GetThreadPriority
GetCurrentProcess
GetStartupInfoW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
GetStringTypeW
MultiByteToWideChar

api-ms-win-core-registry-l1-1-0

RegSetKeySecurity
RegSetValueExW
RegNotifyChangeKeyValue
RegGetKeySecurity
RegEnumKeyExW
RegGetValueW
RegFlushKey
RegEnumValueW
RegQueryValueExW
RegQueryInfoKeyW
RegCreateKeyExW
RegOpenKeyExW
RegDeleteValueW
RegCloseKey

api-ms-win-core-synch-l1-2-0

Sleep
SleepConditionVariableCS
WakeAllConditionVariable
InitializeConditionVariable
InitOnceExecuteOnce
SleepConditionVariableSRW
WakeConditionVariable

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoInitialize
RoGetActivationFactory

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects
CreateWaitableTimerW

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsGetStringRawBuffer
WindowsCreateStringReference

hid

HidP_GetValueCaps
HidD_SetOutputReport
HidD_FreePreparsedData
HidD_GetHidGuid
HidP_GetCaps
HidD_GetPreparsedData
HidD_GetAttributes

api-ms-win-core-registry-l2-1-0

RegCreateKeyW
RegDeleteKeyW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
OutputDebugStringA

api-ms-win-core-privateprofile-l1-1-0

GetProfileIntW

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-namedpipe-l1-1-0

ConnectNamedPipe
CreatePipe
CreateNamedPipeW
DisconnectNamedPipe

api-ms-win-core-localization-l1-2-0

FormatMessageW
LCMapStringEx

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize

api-ms-win-core-kernel32-legacy-l1-1-0

GetSystemPowerStatus
WTSGetActiveConsoleSessionId

api-ms-win-security-base-l1-1-0

GetAce
AdjustTokenPrivileges
InitializeAcl
GetSecurityDescriptorDacl
AddAce
AllocateAndInitializeSid
SetSecurityDescriptorDacl
GetLengthSid
GetAclInformation
DuplicateTokenEx
CreateWellKnownSid
AddAccessAllowedAceEx
FreeSid
DeleteAce
InitializeSecurityDescriptor
SetTokenInformation

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolTimer

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-security-base-l1-2-2

DeriveCapabilitySidsFromName

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

bcrypt

BCryptDestroyKey
BCryptCloseAlgorithmProvider
BCryptEncrypt
BCryptOpenAlgorithmProvider
BCryptImportKeyPair

api-ms-win-core-memory-l1-1-0

OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
VirtualQuery
CreateFileMappingW
ReadProcessMemory
VirtualProtect

api-ms-win-service-core-l1-1-0

StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-service-management-l1-1-0

CloseServiceHandle
DeleteService
CreateServiceW
OpenSCManagerW
OpenServiceW

api-ms-win-service-winsvc-l1-1-0

ControlService
QueryServiceStatus

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-toolhelp-l1-1-0

CreateToolhelp32Snapshot
Process32FirstW
Process32NextW

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

userenv

CreateEnvironmentBlock

api-ms-win-core-wow64-l1-1-1

GetSystemWow64DirectoryW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-version-l1-1-1

GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-core-version-l1-1-0

VerQueryValueW

crypt32

CryptQueryObject
CertFindCertificateInStore
CertGetNameStringW
CertFreeCertificateContext
CertCloseStore
CryptMsgClose
CryptDecodeObject
CryptMsgGetParam

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
TraceMessage
GetTraceLoggerHandle

setupapi

SetupDiGetDeviceInstanceIdW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDevicePropertyW
SetupDiDestroyDeviceInfoList

wtsapi32

WTSRegisterSessionNotification
WTSQueryUserToken

kernel32

WriteProfileStringW
WinExec

user32

wsprintfW
ShowWindow
DefWindowProcW
LoadIconW
LoadCursorW
RegisterClassW
CreateWindowExW
RegisterPowerSettingNotification
SendMessageW
RegisterRawInputDevices
KillTimer
SetTimer
RegisterDeviceNotificationW
UnregisterDeviceNotification
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
DispatchMessageW
TranslateMessage
GetMessageW
GetRawInputDeviceList
SendInput
FindWindowExW
GetRawInputData
GetRawInputDeviceInfoW

advapi32

DeregisterEventSource
GetUserNameW
RegisterEventSourceW
ReportEventW

ole32

CoInitialize

avrt

AvSetMmThreadCharacteristicsW
AvRevertMmThreadCharacteristics

ntdll

NtQueryInformationProcess

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_exit
terminate
exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_invalid_parameter_noinfo_noreturn
_configure_wide_argv
_beginthreadex
_set_app_type
_seh_filter_exe
_cexit
_errno
_invalid_parameter_noinfo
_initialize_onexit_table
abort
_resetstkoflw
_crt_atexit
_register_onexit_function

api-ms-win-crt-string-l1-1-0

__strncnt
islower
_wcsdup
isupper
wcsnlen
wcscpy_s
wmemcpy_s
wcsncpy
wcsncmp
towupper
strcspn
wcscspn
wcsspn
iswspace
wcscat_s
wcstok_s
strncmp
toupper
strnlen
strtok_s
_wcsicmp
_wcsupr_s
strcpy_s

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
__stdio_common_vfwprintf
__acrt_iob_func
__stdio_common_vfprintf_s
_set_fmode
ftell
__stdio_common_vswprintf
__stdio_common_vswprintf_s
fputws
fflush
fputs
_wfsopen
fseek
fgets
fread
__stdio_common_vsprintf_s
_flushall
fwrite
_wfopen_s
__p__commode
fclose
fputc
__stdio_common_vsscanf
__stdio_common_vsprintf
_get_stream_buffer_pointers
fgetc
fgetpos
fsetpos
_fseeki64
setvbuf
ungetwc
ungetc
fgetwc
fputwc

api-ms-win-crt-convert-l1-1-0

_wtoi
_wtof
wcstol
wcstoul

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode
free
realloc
_callnewh
_recalloc
calloc

api-ms-win-crt-math-l1-1-0

asinf
atan2f
logf
frexp
log10f
__setusermatherr
sqrtf
powf

api-ms-win-crt-locale-l1-1-0

__pctype_func
_unlock_locales
_configthreadlocale
___lc_locale_name_func
___mb_cur_max_func
___lc_codepage_func
_lock_locales
localeconv
setlocale

shlwapi

PathFileExistsW

api-ms-win-core-rtlsupport-l1-1-0

RtlPcToFileHeader
RtlUnwind
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
RtlUnwindEx

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-core-fibers-l1-1-0

FlsGetValue
FlsAlloc
FlsFree
FlsSetValue

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 753KB - Virtual size: 753KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Realtek-UAD-generic/Win64/Realtek/RealtekService_768/RtkAudUServiceConf64.dll
.dll windows:6 windows x64 arch:x64

17ec50d0038781602e14eef76472e718

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:91:ac:87:81:45:2e:94:78:fd:b9:0d:5a:52:33:6c
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

15/06/2023, 00:00

Not After

15/06/2026, 23:59

Subject

SERIALNUMBER=22671299,CN=Realtek Semiconductor Corp.,O=Realtek Semiconductor Corp.,L=Hsinchu,C=TW,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025457

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:08:e2:33:7a:56:70:40:c0:d5:00:00:00:00:01:08
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

14/09/2023, 19:14

Not After

04/09/2024, 19:14

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

dd:f0:66:71:d7:5f:f0:fb:c9:4c:37:ca:1e:6e:4e:37:43:e7:cb:d1:3f:47:8b:f7:94:8d:98:6d:1b:32:ea:27
Signer

Actual PE Digest

dd:f0:66:71:d7:5f:f0:fb:c9:4c:37:ca:1e:6e:4e:37:43:e7:cb:d1:3f:47:8b:f7:94:8d:98:6d:1b:32:ea:27

Digest Algorithm

sha256

PE Digest Matches

true

dd:f0:66:71:d7:5f:f0:fb:c9:4c:37:ca:1e:6e:4e:37:43:e7:cb:d1:3f:47:8b:f7:94:8d:98:6d:1b:32:ea:27
Signer

Actual PE Digest

dd:f0:66:71:d7:5f:f0:fb:c9:4c:37:ca:1e:6e:4e:37:43:e7:cb:d1:3f:47:8b:f7:94:8d:98:6d:1b:32:ea:27

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-fibers-l1-1-0

FlsGetValue
FlsSetValue
FlsFree
FlsAlloc

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
DeleteCriticalSection

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_initialize_narrow_environment
_initterm_e
terminate
_configure_narrow_argv
_seh_filter_dll
_initialize_onexit_table
abort
_initterm
_cexit

api-ms-win-crt-heap-l1-1-0

free
calloc

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Realtek-UAD-generic/Win64/Realtek/RealtekService_768/RtkAudUServiceRes64.dll
.dll windows:6 windows x64 arch:x64

1f2241622097352600c71698fe84063a

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:91:ac:87:81:45:2e:94:78:fd:b9:0d:5a:52:33:6c
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

15/06/2023, 00:00

Not After

15/06/2026, 23:59

Subject

SERIALNUMBER=22671299,CN=Realtek Semiconductor Corp.,O=Realtek Semiconductor Corp.,L=Hsinchu,C=TW,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025457

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:08:e2:33:7a:56:70:40:c0:d5:00:00:00:00:01:08
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

14/09/2023, 19:14

Not After

04/09/2024, 19:14

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3b:fa:0b:fb:e7:ed:ee:d9:1f:52:8b:6b:a4:0e:be:d9:bc:9c:81:3f:2e:60:3c:d8:59:59:f7:23:3b:85:db:53
Signer

Actual PE Digest

3b:fa:0b:fb:e7:ed:ee:d9:1f:52:8b:6b:a4:0e:be:d9:bc:9c:81:3f:2e:60:3c:d8:59:59:f7:23:3b:85:db:53

Digest Algorithm

sha256

PE Digest Matches

true

3b:fa:0b:fb:e7:ed:ee:d9:1f:52:8b:6b:a4:0e:be:d9:bc:9c:81:3f:2e:60:3c:d8:59:59:f7:23:3b:85:db:53
Signer

Actual PE Digest

3b:fa:0b:fb:e7:ed:ee:d9:1f:52:8b:6b:a4:0e:be:d9:bc:9c:81:3f:2e:60:3c:d8:59:59:f7:23:3b:85:db:53

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-fibers-l1-1-0

FlsGetValue
FlsSetValue
FlsFree
FlsAlloc

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
DeleteCriticalSection

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_initialize_narrow_environment
_initterm_e
terminate
_configure_narrow_argv
_seh_filter_dll
_initialize_onexit_table
_initterm
_cexit

api-ms-win-crt-heap-l1-1-0

free
calloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Realtek-UAD-generic/Win64/Realtek/RealtekService_768/RtkCfg64.dll
.dll regsvr32 windows:6 windows x64 arch:x64

aedbf594d8a1e16419dd583000492c65

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:91:ac:87:81:45:2e:94:78:fd:b9:0d:5a:52:33:6c
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

15/06/2023, 00:00

Not After

15/06/2026, 23:59

Subject

SERIALNUMBER=22671299,CN=Realtek Semiconductor Corp.,O=Realtek Semiconductor Corp.,L=Hsinchu,C=TW,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025457

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:08:e2:33:7a:56:70:40:c0:d5:00:00:00:00:01:08
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

14/09/2023, 19:14

Not After

04/09/2024, 19:14

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b0:23:54:ad:a9:25:70:fd:60:a0:19:58:df:5d:4c:5b:77:c5:25:d3:b2:79:2c:e9:08:1f:94:fd:ca:ef:36:3a
Signer

Actual PE Digest

b0:23:54:ad:a9:25:70:fd:60:a0:19:58:df:5d:4c:5b:77:c5:25:d3:b2:79:2c:e9:08:1f:94:fd:ca:ef:36:3a

Digest Algorithm

sha256

PE Digest Matches

true

b0:23:54:ad:a9:25:70:fd:60:a0:19:58:df:5d:4c:5b:77:c5:25:d3:b2:79:2c:e9:08:1f:94:fd:ca:ef:36:3a
Signer

Actual PE Digest

b0:23:54:ad:a9:25:70:fd:60:a0:19:58:df:5d:4c:5b:77:c5:25:d3:b2:79:2c:e9:08:1f:94:fd:ca:ef:36:3a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Chunyung\Desktop\RTPolicyConfigClient.17\RTPolicyConfigClient.17\x64\Release Universal\RtkCfg64.pdb

Imports

api-ms-win-core-errorhandling-l1-1-0

GetLastError
RaiseException
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
DeleteCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleW
GetModuleFileNameW
GetModuleHandleExW
LoadLibraryExW
SizeofResource
GetProcAddress
GetModuleFileNameA
LoadResource

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-l1-1-0

GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
StringFromGUID2

oleaut32

VarUI4FromStr
LoadTypeLi
SysFreeString
RegisterTypeLi
UnRegisterTypeLi
SysAllocString
SysStringLen

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-localization-l1-2-0

LCMapStringW
SetThreadLocale
IsValidCodePage
GetCPInfo
GetThreadLocale
GetOEMCP
GetACP

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
RtlPcToFileHeader
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-0

TlsFree
ExitProcess
GetCurrentProcess
TerminateProcess
GetStartupInfoW
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
InitializeSListHead

api-ms-win-core-heap-l1-1-0

HeapSize
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree

api-ms-win-core-file-l1-1-0

FindClose
FindNextFileA
GetFileType
FlushFileBuffers
FindFirstFileExA
SetFilePointerEx
CreateFileW
WriteFile

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
GetEnvironmentStringsW
SetStdHandle
GetStdHandle
GetCommandLineA
FreeEnvironmentStringsW

api-ms-win-core-console-l1-1-0

GetConsoleCP
GetConsoleMode
WriteConsoleW

api-ms-win-core-handle-l1-1-0

CloseHandle

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Realtek-UAD-generic/Win64/Realtek/RealtekService_768/SpeakerVerfDll.dll
.dll windows:6 windows x64 arch:x64

8b9b3cb3e41a8eb19439f9748c1d61d5

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:91:ac:87:81:45:2e:94:78:fd:b9:0d:5a:52:33:6c
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

15/06/2023, 00:00

Not After

15/06/2026, 23:59

Subject

SERIALNUMBER=22671299,CN=Realtek Semiconductor Corp.,O=Realtek Semiconductor Corp.,L=Hsinchu,C=TW,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025457

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:08:e2:33:7a:56:70:40:c0:d5:00:00:00:00:01:08
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

14/09/2023, 19:14

Not After

04/09/2024, 19:14

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

93:24:ea:7c:fc:3e:77:3e:e7:ab:d8:41:c8:83:59:2b:a3:4a:28:50:97:17:78:af:be:75:7a:2b:82:02:16:d2
Signer

Actual PE Digest

93:24:ea:7c:fc:3e:77:3e:e7:ab:d8:41:c8:83:59:2b:a3:4a:28:50:97:17:78:af:be:75:7a:2b:82:02:16:d2

Digest Algorithm

sha256

PE Digest Matches

true

93:24:ea:7c:fc:3e:77:3e:e7:ab:d8:41:c8:83:59:2b:a3:4a:28:50:97:17:78:af:be:75:7a:2b:82:02:16:d2
Signer

Actual PE Digest

93:24:ea:7c:fc:3e:77:3e:e7:ab:d8:41:c8:83:59:2b:a3:4a:28:50:97:17:78:af:be:75:7a:2b:82:02:16:d2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\_workspace\s\_w_SpeakerVerf\SpeakerVerf.AA12c_2\Temp\SpeakerVerfDll\x64\Release\SpeakerVerfDll.pdb

Imports

kernel32

HeapFree
InitializeCriticalSectionEx
HeapSize
GetLastError
OutputDebugStringW
HeapReAlloc
RaiseException
HeapAlloc
HeapDestroy
DeleteCriticalSection
GetProcessHeap
GetSystemInfo
FreeLibrary
GetProcAddress
LoadLibraryA
QueryPerformanceFrequency
CloseHandle
EnterCriticalSection
LeaveCriticalSection
SetEvent
SetDllDirectoryA
GetSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
WideCharToMultiByte
WriteConsoleW
SetEndOfFile
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
InterlockedFlushSList
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ReadFile
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
GetFileType
GetConsoleMode
ReadConsoleW
WriteFile
GetConsoleCP
GetFileSizeEx
SetFilePointerEx
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetStringTypeW
SetStdHandle
CreateFileW

Exports

Exports

SVD_Destroy
SVD_GetDetect
SVD_GetDetectCount
SVD_GetParam
SVD_GetScore
SVD_Init
SVD_Init2
SVD_Process
SVD_Process2
SVD_SetParam
SVD_StartRecog
SVD_Stop
SVE_Destroy
SVE_GetOutputTrainDataSize
SVE_GetParam
SVE_GetTrainDataReady
SVE_GetTrainIdByIndex
SVE_GetTrainIdCount
SVE_Init
SVE_Init2
SVE_Process
SVE_Process2
SVE_SaveTrainDataToMemory
SVE_SetParam
SVE_StartTrain
SVE_Stop

Sections

.text
Size: 589KB - Virtual size: 589KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 706KB - Virtual size: 706KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Realtek-UAD-generic/Win64/Realtek/RealtekService_768/realtekservice.cat
Realtek-UAD-generic/Win64/Realtek/UpdatedCodec/RTAIODAT.DAT
Realtek-UAD-generic/Win64/Realtek/UpdatedCodec/RTKVHD64.sys
.sys windows:10 windows x64 arch:x64

adea9d57efccf33523ce5c3b1bd5040d

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:91:ac:87:81:45:2e:94:78:fd:b9:0d:5a:52:33:6c
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

15/06/2023, 00:00

Not After

15/06/2026, 23:59

Subject

SERIALNUMBER=22671299,CN=Realtek Semiconductor Corp.,O=Realtek Semiconductor Corp.,L=Hsinchu,C=TW,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025457

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:08:e2:33:7a:56:70:40:c0:d5:00:00:00:00:01:08
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

14/09/2023, 19:14

Not After

04/09/2024, 19:14

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

17:88:10:10:0d:26:9c:dc:58:4b:38:d9:f0:16:40:30:65:a6:e5:4b:ef:30:19:08:04:13:c6:04:a4:40:97:9e
Signer

Actual PE Digest

17:88:10:10:0d:26:9c:dc:58:4b:38:d9:f0:16:40:30:65:a6:e5:4b:ef:30:19:08:04:13:c6:04:a4:40:97:9e

Digest Algorithm

sha256

PE Digest Matches

true

17:88:10:10:0d:26:9c:dc:58:4b:38:d9:f0:16:40:30:65:a6:e5:4b:ef:30:19:08:04:13:c6:04:a4:40:97:9e
Signer

Actual PE Digest

17:88:10:10:0d:26:9c:dc:58:4b:38:d9:f0:16:40:30:65:a6:e5:4b:ef:30:19:08:04:13:c6:04:a4:40:97:9e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\BuildDriver\tempcode\x64\Release\RTKVHD64.pdb

Imports

portcls.sys

PcNewPort
PcRegisterAdapterPowerManagement
PcAddAdapterDevice
PcDispatchIrp
PcInitializeAdapterDriver
PcRegisterPhysicalConnection
PcRegisterSubdevice
PcNewRegistryKey
PcForwardIrpSynchronous

ntoskrnl.exe

ExSystemTimeToLocalTime
IoBuildSynchronousFsdRequest
IofCallDriver
RtlWriteRegistryValue
KeSetEvent
KeInitializeTimerEx
KeCancelTimer
KeSetTimerEx
KeWaitForMultipleObjects
KeInitializeSemaphore
KeReleaseSemaphore
ObReferenceObjectByHandle
ObfDereferenceObject
ExEventObjectType
KeDelayExecutionThread
KeClearEvent
ExFreePoolWithTag
IoAllocateWorkItem
IoFreeWorkItem
IoQueueWorkItem
RtlIntegerToUnicodeString
RtlUnicodeStringToInteger
RtlInitUnicodeString
RtlCompareUnicodeString
RtlFreeUnicodeString
RtlStringFromGUID
IoGetDeviceObjectPointer
IoRegisterPlugPlayNotification
IoUnregisterPlugPlayNotification
KeInitializeEvent
RtlDeleteRegistryValue
KeSetPriorityThread
PsCreateSystemThread
PsTerminateSystemThread
ZwClose
ZwOpenKey
ZwEnumerateKey
ZwQueryValueKey
ZwSetValueKey
RtlQueryRegistryValues
MmGetSystemRoutineAddress
DbgPrint
MmMapIoSpace
MmUnmapIoSpace
MmBuildMdlForNonPagedPool
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
IoAllocateMdl
IoFreeMdl
KeGetCurrentIrql
KeResetEvent
ExAcquireFastMutex
ExReleaseFastMutex
ExCreateCallback
ExRegisterCallback
ExUnregisterCallback
IoAllocateErrorLogEntry
IoAllocateIrp
IoBuildDeviceIoControlRequest
RtlTimeToTimeFields
IoFreeIrp
IoGetAttachedDeviceReference
IoWriteErrorLogEntry
IoInvalidateDeviceRelations
IoGetDeviceInterfaces
PoRequestPowerIrp
ObfReferenceObject
RtlTimeFieldsToTime
ZwCreateFile
ZwQueryInformationFile
ZwReadFile
ZwWriteFile
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
KeRemoveQueueDpc
ExAllocatePool
KeReadStateEvent
KeInitializeSpinLock
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoInitializeRemoveLockEx
IoCsqInitialize
IoCsqInsertIrp
IoCsqRemoveNextIrp
RtlInitString
RtlAnsiStringToUnicodeString
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
KeAcquireSpinLockAtDpcLevel
KeReleaseSpinLockFromDpcLevel
KeQueryTimeIncrement
ZwQueryKey
RtlGUIDFromString
IoRegisterDeviceInterface
IoOpenDeviceInterfaceRegistryKey
ZwCreateKey
ZwDeleteValueKey
RtlInitAnsiString
IoWMIRegistrationControl
IoSetDeviceInterfaceState
IoCreateSynchronizationEvent
IoWMIOpenBlock
IoWMIQueryAllData
ObReferenceObjectByPointer
RtlEqualUnicodeString
MmProbeAndLockPages
MmUnlockPages
ZwSetInformationFile
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
__C_specific_handler
RtlRaiseException
_purecall
ExFreePool
EtwWrite
PoRegisterPowerSettingCallback
PoUnregisterPowerSettingCallback
RtlCreateRegistryKey
PsGetCurrentProcessId
EtwRegister
EtwUnregister
KeInitializeGuardedMutex
KeAcquireGuardedMutex
KeReleaseGuardedMutex
RtlCheckRegistryKey
ZwCreateEvent
RtlMultiByteToUnicodeN
RtlAnsiCharToUnicodeChar
RtlUnicodeToMultiByteN
ExAllocatePoolWithTag
KeBugCheckEx
KeWaitForSingleObject
KeReleaseMutex
KeInitializeMutex
RtlCompareMemory
IoCancelIrp

hal

KeStallExecutionProcessor
KeQueryPerformanceCounter

cng.sys

BCryptHashData
BCryptCreateHash
BCryptVerifySignature
BCryptDestroyKey
BCryptFinalizeKeyPair
BCryptImportKeyPair
BCryptGenRandom
BCryptGenerateKeyPair
BCryptGenerateSymmetricKey
BCryptCloseAlgorithmProvider
BCryptSetProperty
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptFinishHash
BCryptDecrypt
BCryptExportKey
BCryptEncrypt

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CODE
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 350KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Realtek-UAD-generic/devcon.exe
.exe windows:10 windows x64 arch:x64

a0225eb3236ea941773b705076ada2af

Code Sign

33:00:00:05:57:cf:90:dd:c7:d1:c0:88:8c:00:00:00:00:05:57
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:51

Not After

16/10/2024, 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

15:1b:ee:59:cd:e4:3e:e9:a1:b1:a5:56:6e:b8:58:e7:7a:8f:35:81:02:58:88:19:12:6e:f9:b6:02:49:77:ab
Signer

Actual PE Digest

15:1b:ee:59:cd:e4:3e:e9:a1:b1:a5:56:6e:b8:58:e7:7a:8f:35:81:02:58:88:19:12:6e:f9:b6:02:49:77:ab

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

devcon.pdb

Imports

advapi32

RegQueryValueExW
InitiateSystemShutdownExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCloseKey
OpenServiceW
RegDeleteValueW
RegSetValueExW
OpenSCManagerW
CloseServiceHandle

kernel32

GetCurrentProcess
FormatMessageW
GetLastError
CloseHandle
LocalFree
FileTimeToSystemTime
LoadLibraryW
GetProcAddress
FreeLibrary
GetDateFormatW
FindFirstFileW
GetFullPathNameW
FindNextFileW
FindClose
GetFileAttributesW
GetWindowsDirectoryW
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
Sleep

msvcrt

?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
memset
towlower
__iob_func
__setusermatherr
free
_callnewh
malloc
wprintf
towupper
wcsrchr
_wcsnicmp
fputs
wcschr
iswalpha
fputws
_wcsicmp

ole32

CLSIDFromString

setupapi

SetupDiClassNameFromGuidExW
SetupCopyOEMInfW
SetupDiCreateDeviceInfoList
SetupDiGetINFClassW
CM_Connect_MachineW
SetupDiSetClassInstallParamsW
CM_Locate_DevNode_ExW
CM_Disconnect_Machine
CM_Reenumerate_DevNode_Ex
SetupDiSetDeviceRegistryPropertyW
SetupDiBuildClassInfoListExW
SetupDiCreateDeviceInfoW
SetupDiGetDriverInstallParamsW
SetupDiOpenClassRegKeyExW
CM_Free_Log_Conf_Handle
SetupFindFirstLineW
SetupDiSetDeviceInstallParamsW
CM_Free_Res_Des_Handle
SetupOpenInfFileW
SetupDiCallClassInstaller
SetupDiDestroyDeviceInfoList
SetupDiClassGuidsFromNameExW
CM_Get_Device_ID_ExW
SetupDiGetClassDevsExW
SetupDiGetDeviceInfoListDetailW
SetupDiCreateDeviceInfoListExW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiOpenDeviceInfoW
SetupScanFileQueueW
SetupDiGetClassDescriptionExW
SetupOpenFileQueue
CM_Get_Next_Res_Des_Ex
CM_Get_DevNode_Status_Ex
SetupCloseInfFile
CM_Get_Res_Des_Data_Ex
SetupDiOpenDevRegKey
SetupDiDestroyDriverInfoList
SetupCloseFileQueue
SetupDiGetDeviceInstallParamsW
SetupDiEnumDriverInfoW
SetupDiSetSelectedDriverW
CM_Get_First_Log_Conf_Ex
SetupDiGetDriverInfoDetailW
CM_Get_Res_Des_Data_Size_Ex
SetupDiBuildDriverInfoList
SetupGetStringFieldW

user32

CharPrevW
CharNextW
LoadStringW

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

fothk
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Realtek-UAD-generic/forceupdater/HKR.cmd
Realtek-UAD-generic/forceupdater/audiotype.cmd
Realtek-UAD-generic/forceupdater/defeatpnplock.cmd
Realtek-UAD-generic/forceupdater/forceupdater.cmd
.cmd .ps1
Realtek-UAD-generic/forceupdater/regedit.cmd
Realtek-UAD-generic/modules/autostart.cmd
Realtek-UAD-generic/modules/deluadcomponent.cmd
Realtek-UAD-generic/modules/finduadservices.vbs
.vbs
Realtek-UAD-generic/modules/getshell.vbs
.vbs
Realtek-UAD-generic/modules/uadserviceremove.cmd
Realtek-UAD-generic/modules/uadserviceusermode.vbs
Realtek-UAD-generic/nircmd.exe
.exe windows:4 windows x64 arch:x64

52b115a47ffae378901264c3506742b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\Projects\VS2005\NirCmd\x64\release\NirCmd.pdb

Imports

winmm

mixerClose
mixerOpen
mciSendStringA
mixerGetLineInfoA
mixerGetControlDetailsA
mixerGetLineControlsA
mixerSetControlDetails
waveOutGetVolume
waveOutGetNumDevs
waveOutGetDevCapsA
waveOutSetVolume

msvcrt

_initterm
__getmainargs
_acmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
_onexit
__dllonexit
__setusermatherr
_strlwr
atof
puts
_mbsicmp
_snprintf
_strnicmp
strtol
atoi
_stricmp
strcmp
_commode
_fmode
__set_app_type
_itoa
strtoul
strchr
strcpy
_memicmp
memcmp
strrchr
wcslen
malloc
wcscpy
free
wcscmp
wcsrchr
_wcsicmp
memcpy
strlen
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
memset
_strcmpi
sprintf
strcat

kernel32

DeleteFileA
WinExec
LocalFileTimeToFileTime
GetStdHandle
CreateProcessA
SetComputerNameA
GetEnvironmentVariableA
DeviceIoControl
WritePrivateProfileStringA
GetCurrentProcess
TerminateProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
GetCurrentThreadId
GetStartupInfoA
Beep
GetSystemTime
SetProcessAffinityMask
ReadProcessMemory
SetConsoleTextAttribute
GetSystemDirectoryA
OutputDebugStringA
WaitForSingleObject
SetPriorityClass
Sleep
OpenProcess
LocalFree
GetWindowsDirectoryA
CopyFileA
GetModuleHandleA
FreeLibrary
GetProcAddress
LoadLibraryA
GlobalAlloc
CloseHandle
GlobalSize
GlobalLock
GlobalUnlock
SystemTimeToFileTime
MultiByteToWideChar
GetFileAttributesA
ReadFile
GetModuleFileNameA
GetTimeFormatA
FindNextFileA
LoadLibraryExA
FormatMessageA
SetFileTime
GetDateFormatA
CreateDirectoryA
GetFileTime
WriteFile
FindFirstFileA
GetLastError
GetVersionExA
CreateFileA
GetFileSize
SetFileAttributesA
WideCharToMultiByte
FindClose
SetFilePointer

user32

GetMessageA
TranslateMessage
TrackPopupMenu
DispatchMessageA
GetWindowTextA
KillTimer
GetParent
FindWindowA
SendInput
ShowWindow
PostQuitMessage
AttachThreadInput
DefWindowProcA
SendMessageTimeoutA
SystemParametersInfoA
GetActiveWindow
GetSystemMetrics
IsWindowVisible
SetTimer
SetWindowPos
DestroyIcon
PostMessageA
ExitWindowsEx
InvalidateRect
SetCursorPos
MessageBeep
GetWindowThreadProcessId
ChangeDisplaySettingsA
SetDlgItemTextA
GetSysColorBrush
ChildWindowFromPoint
DialogBoxParamA
LoadCursorA
SetCursor
EndDialog
SendMessageA
GetDlgItem
SetWindowTextA
MessageBoxA
GetDlgItemTextA
CreateWindowExA
GetWindowTextLengthA
GetClipboardFormatNameA
EmptyClipboard
RegisterClipboardFormatA
SetClipboardData
CloseClipboard
OpenClipboard
GetWindowLongA
SetWindowLongA
ReleaseDC
GetDC
GetClipboardData
SetForegroundWindow
EnableWindow
MapWindowPoints
GetWindowPlacement
GetCursorPos
GetWindowRect
MoveWindow
SetFocus
GetClassNameA
SetWindowPlacement
GetMonitorInfoA
EnumWindows
EnumDisplaySettingsA
GetDesktopWindow
EnumDisplayMonitors
EnumDisplayDevicesA
IsWindowEnabled
EnumChildWindows
RegisterClassA
GetForegroundWindow

gdi32

CreateCompatibleBitmap
DeleteDC
BitBlt
CreateCompatibleDC
GetDeviceCaps
SelectObject
CreateDIBitmap
GetObjectA
SetTextColor
CreateFontIndirectA
SetBkMode
DeleteObject

advapi32

RegQueryInfoKeyA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegDeleteKeyA
RegDeleteValueA

shell32

ExtractIconExA
SHFileOperationA
ShellExecuteExA
SHChangeNotify
ShellExecuteA
Shell_NotifyIconA

ole32

OleGetClipboard
ReleaseStgMedium
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
PropVariantClear

Sections

.text
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Realtek-UAD-generic/nircmdc.exe
.exe windows:4 windows x64 arch:x64

153029c65b56102ebe43b1e86353b387

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\Projects\VS2005\NirCmd\x64\release\NirCmdC.pdb

Imports

winmm

mixerOpen
mciSendStringA
mixerGetControlDetailsA
waveOutSetVolume
mixerGetLineControlsA
mixerSetControlDetails
waveOutGetVolume
mixerGetLineInfoA
waveOutGetNumDevs
waveOutGetDevCapsA
mixerClose

msvcrt

_initterm
__getmainargs
__initenv
exit
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
_onexit
__dllonexit
__setusermatherr
_strlwr
atof
puts
_mbsicmp
_snprintf
printf
_strnicmp
strtol
atoi
_stricmp
strcmp
_commode
_fmode
__set_app_type
_itoa
strtoul
strchr
strcpy
_memicmp
memcmp
strrchr
wcslen
malloc
wcscpy
free
wcscmp
wcsrchr
_wcsicmp
memcpy
strlen
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
memset
_strcmpi
sprintf
strcat

kernel32

Beep
DeleteFileA
WinExec
LocalFileTimeToFileTime
GetStdHandle
CreateProcessA
SetComputerNameA
GetEnvironmentVariableA
DeviceIoControl
WritePrivateProfileStringA
GetCurrentProcess
TerminateProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
GetCurrentThreadId
GetSystemTime
SetProcessAffinityMask
ReadProcessMemory
SetConsoleTextAttribute
GetSystemDirectoryA
OutputDebugStringA
WaitForSingleObject
SetPriorityClass
Sleep
OpenProcess
LocalFree
SetFilePointer
FindClose
GetWindowsDirectoryA
CopyFileA
GetModuleHandleA
FreeLibrary
GetProcAddress
LoadLibraryA
GlobalAlloc
CloseHandle
GlobalSize
GlobalLock
GlobalUnlock
SystemTimeToFileTime
MultiByteToWideChar
GetFileAttributesA
ReadFile
GetModuleFileNameA
GetTimeFormatA
FindNextFileA
LoadLibraryExA
FormatMessageA
SetFileTime
GetDateFormatA
CreateDirectoryA
GetFileTime
WriteFile
FindFirstFileA
GetCommandLineA
GetLastError
GetVersionExA
CreateFileA
GetFileSize
SetFileAttributesA
WideCharToMultiByte

user32

EnumChildWindows
RegisterClassA
IsWindowEnabled
TrackPopupMenu
GetMessageA
TranslateMessage
DispatchMessageA
GetWindowTextA
KillTimer
GetParent
FindWindowA
SendInput
AttachThreadInput
ShowWindow
DefWindowProcA
GetForegroundWindow
SendMessageTimeoutA
SystemParametersInfoA
GetActiveWindow
GetSystemMetrics
IsWindowVisible
SetTimer
SetWindowPos
DestroyIcon
PostMessageA
ExitWindowsEx
InvalidateRect
SetCursorPos
MessageBeep
SetDlgItemTextA
DialogBoxParamA
EndDialog
SendMessageA
GetDlgItem
SetWindowTextA
MessageBoxA
GetDlgItemTextA
CreateWindowExA
GetWindowTextLengthA
GetClipboardFormatNameA
EmptyClipboard
RegisterClipboardFormatA
SetClipboardData
CloseClipboard
OpenClipboard
GetWindowLongA
SetWindowLongA
ReleaseDC
GetDC
GetClipboardData
SetForegroundWindow
EnableWindow
MapWindowPoints
GetWindowPlacement
GetCursorPos
GetWindowRect
MoveWindow
SetFocus
GetClassNameA
SetWindowPlacement
GetMonitorInfoA
EnumWindows
EnumDisplaySettingsA
GetDesktopWindow
EnumDisplayMonitors
EnumDisplayDevicesA
ChangeDisplaySettingsA
GetWindowThreadProcessId
PostQuitMessage

gdi32

CreateCompatibleBitmap
DeleteDC
BitBlt
CreateCompatibleDC
GetDeviceCaps
SelectObject
CreateDIBitmap
GetObjectA
DeleteObject

advapi32

RegDeleteValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegDeleteKeyA

shell32

ExtractIconExA
SHFileOperationA
ShellExecuteExA
SHChangeNotify
ShellExecuteA
Shell_NotifyIconA

ole32

OleGetClipboard
ReleaseStgMedium
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
PropVariantClear

Sections

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Realtek-UAD-generic/setup.cmd
.cmd .ps1
Realtek-UAD-generic/utility/disablewindowsupdatedriversdownload.cmd
.cmd .ps1
Realtek-UAD-generic/utility/enablewindowsupdatedriversdownload.cmd
.cmd .ps1
Realtek-UAD-generic/utility/removesetupautostart.cmd
.cmd .ps1
Realtek-UAD-generic/utility/restorewindowsnormalstartup.cmd
.cmd .ps1

Sharing

General

Malware Config

Signatures

Files

9f052ee9282cdcc7c6e4d563d9c85f92

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

ksecdd.sys

portcls.sys

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

TEXT Size: 4KB - Virtual size: 3KB

CODE Size: 81KB - Virtual size: 81KB

.rdata Size: 199KB - Virtual size: 198KB

.data Size: 409KB - Virtual size: 409KB

.pdata Size: 51KB - Virtual size: 50KB

PAGE Size: 4.0MB - Virtual size: 4.0MB

INIT Size: 5KB - Virtual size: 5KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 45KB - Virtual size: 45KB

5f4b66f33f2936d1550016f5ee1b2487

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

portcls.sys

ksecdd.sys

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

TEXT Size: 4KB - Virtual size: 3KB

CODE Size: 83KB - Virtual size: 82KB

.rdata Size: 200KB - Virtual size: 200KB

.data Size: 402KB - Virtual size: 402KB

.pdata Size: 51KB - Virtual size: 50KB

PAGE Size: 4.0MB - Virtual size: 4.0MB

INIT Size: 5KB - Virtual size: 5KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 45KB - Virtual size: 45KB

26fd07d0896527cf2ca6d15c3b80065e

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0f:91:ac:87:81:45:2e:94:78:fd:b9:0d:5a:52:33:6cCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

33:00:00:01:09:5e:de:a2:12:7e:92:81:cc:00:00:00:00:01:09Certificate

Extended Key Usages

61:0b:aa:c1:00:00:00:00:00:09Certificate

Key Usages

b3:cc:97:49:0f:87:1b:fb:f0:65:de:59:04:d5:bc:83:74:44:50:07:05:7a:59:d2:76:14:a3:77:73:9b:f5:e5Signer

b3:cc:97:49:0f:87:1b:fb:f0:65:de:59:04:d5:bc:83:74:44:50:07:05:7a:59:d2:76:14:a3:77:73:9b:f5:e5Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

winmm

api-ms-win-devices-config-l1-1-1

propsys

.text
Size: 1.1MB - Virtual size: 1.1MB

TEXT
Size: 4KB - Virtual size: 3KB

CODE
Size: 81KB - Virtual size: 81KB

.rdata
Size: 199KB - Virtual size: 198KB

.data
Size: 409KB - Virtual size: 409KB

.pdata
Size: 51KB - Virtual size: 50KB

PAGE
Size: 4.0MB - Virtual size: 4.0MB

INIT
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 45KB - Virtual size: 45KB

.text
Size: 1.1MB - Virtual size: 1.1MB

TEXT
Size: 4KB - Virtual size: 3KB

CODE
Size: 83KB - Virtual size: 82KB

.rdata
Size: 200KB - Virtual size: 200KB

.data
Size: 402KB - Virtual size: 402KB

.pdata
Size: 51KB - Virtual size: 50KB

PAGE
Size: 4.0MB - Virtual size: 4.0MB

INIT
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 45KB - Virtual size: 45KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0f:91:ac:87:81:45:2e:94:78:fd:b9:0d:5a:52:33:6c
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

33:00:00:01:09:5e:de:a2:12:7e:92:81:cc:00:00:00:00:01:09
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

b3:cc:97:49:0f:87:1b:fb:f0:65:de:59:04:d5:bc:83:74:44:50:07:05:7a:59:d2:76:14:a3:77:73:9b:f5:e5
Signer

b3:cc:97:49:0f:87:1b:fb:f0:65:de:59:04:d5:bc:83:74:44:50:07:05:7a:59:d2:76:14:a3:77:73:9b:f5:e5
Signer

.text
Size: 3.8MB - Virtual size: 3.8MB

RT_CODE
Size: 1.6MB - Virtual size: 1.6MB

RT_BSS
Size: - Virtual size: 8B

.rdata
Size: 2.4MB - Virtual size: 2.4MB

.data
Size: 358KB - Virtual size: 8.4MB

.pdata
Size: 232KB - Virtual size: 232KB

minATL
Size: 512B - Virtual size: 24B

RT_DATA
Size: 643KB - Virtual size: 642KB

RT_CONST
Size: 44KB - Virtual size: 44KB

_RDATA
Size: 43KB - Virtual size: 42KB

.rsrc
Size: 100KB - Virtual size: 100KB

.reloc
Size: 49KB - Virtual size: 49KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0f:91:ac:87:81:45:2e:94:78:fd:b9:0d:5a:52:33:6c
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

33:00:00:01:09:5e:de:a2:12:7e:92:81:cc:00:00:00:00:01:09
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

b3:cc:97:49:0f:87:1b:fb:f0:65:de:59:04:d5:bc:83:74:44:50:07:05:7a:59:d2:76:14:a3:77:73:9b:f5:e5
Signer

b3:cc:97:49:0f:87:1b:fb:f0:65:de:59:04:d5:bc:83:74:44:50:07:05:7a:59:d2:76:14:a3:77:73:9b:f5:e5
Signer

.text
Size: 3.8MB - Virtual size: 3.8MB

RT_CODE
Size: 1.6MB - Virtual size: 1.6MB

RT_BSS
Size: - Virtual size: 8B

.rdata
Size: 2.4MB - Virtual size: 2.4MB

.data
Size: 358KB - Virtual size: 8.4MB