Manalyze report for 242724ac146699e70a27e040b1ceca55

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2009-Mar-20 02:42:25
Detected languages	English - United States
Debug artifacts	c:\home\luntbuild\work\app-winrd\products\winrd\bin\release\npTVUAx.pdb
CompanyName	TVU networks
FileDescription	2,4,5,1
FileExtents	tvu
FileOpenName	TVU Web Player for FireFox
FileVersion	`2.4.5.1`
InternalName	TVUAx.dll
LegalCopyright	Copyright (C) 2006-2008 TVU networks. All rights reserved.
MIMEType	application/x-tvuplayer-plugin
OriginalFilename	TVUAx.dll
ProductName	TVU Web Player for FireFox
ProductVersion	`2.4.5.1`
Comments	TVU IPTV Player
LegalTrademarks	TVU networks

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ v6.0 DLL` `Microsoft Visual C++ 6.0 - 8.0`
Suspicious	PEiD Signature:	`Crunch 4`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: cmd.exe` Contains domain names: channel.tvunetworks.com channel2.tvunetworks.com co.tvunetworks.com guide.tvunetworks.com http://127.0.0.1 http://channel2.tvunetworks.com http://channel2.tvunetworks.com/msg/channel?c http://s.tvunetworks.com http://s.tvunetworks.com/l/pl http://www.tvunetworks.com mydomain.com na.tvunetworks.com na1.tvunetworks.com na2.tvunetworks.com na3.tvunetworks.com pages.tvunetworks.com ps1.tvunetworks.com s.tvunetworks.com sl.tvunetworks.com stream.tvunetworks.com subscribe.tvunetworks.com ts.tvunetworks.com ts1.tvunetworks.com ts2.tvunetworks.com ts3.tvunetworks.com tvunetworks.com update.tvunetworks.com users.tvunetworks.com www.tvunetworks.com
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryW LoadLibraryExW GetProcAddress LoadLibraryA` `Code injection capabilities: CreateRemoteThread OpenProcess VirtualAlloc` `Code injection capabilities (mapping injection): CreateRemoteThread CreateFileMappingA CreateFileMappingW MapViewOfFile` `Can access the registry: RegOpenKeyExW RegQueryValueExW RegSetValueExW RegEnumKeyExW RegCreateKeyExW RegDeleteValueW RegCloseKey RegDeleteKeyW RegQueryInfoKeyW` `Possibly launches other programs: CreateProcessA` `Uses Windows's Native API: ntohs ntohl` `Can create temporary files: GetTempPathW CreateFileA CreateFileW GetTempPathA` `Has Internet access capabilities: InternetGetConnectedStateExW` `Leverages the raw socket API to access the Internet: htonl ioctlsocket __WSAFDIsSet bind recv send getsockname accept WSARecvFrom WSASendTo setsockopt WSACleanup ntohs select gethostname inet_ntoa ntohl WSAStartup gethostbyname inet_addr getpeername WSAGetLastError shutdown closesocket connect htons socket listen` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken` `Enumerates local disk drives: GetDriveTypeA GetDriveTypeW` `Manipulates other processes: OpenProcess EnumProcessModules EnumProcesses` `Changes object ACLs: SetNamedSecurityInfoW` `Can take screenshots: GetDC CreateCompatibleDC BitBlt`
Malicious	The program tries to mislead users about its origins.	`The PE pretends to be from FireFox but is not signed!`
Safe	VirusTotal score: 0/54 (Scanned on 2014-10-30 05:42:41)	`All the AVs think this file is safe.`

Hashes

MD5	`242724ac146699e70a27e040b1ceca55`
SHA1	`355cf2c526f423dde8b4219c59b07c23273b9bf2`
SHA256	`aae9f4fde06e8b416d796ad022fbd30e136b42d3d3176fef53b5baf50c3c6a7a`
SHA3	`907c3987bdb3741c21c38c1fe7a009d3ae3ce077457ac76e2c3dca88a5f77cb0`
SSDeep	`24576:gR8CufW99XViT10IvqemXLQa28/C9+GNxkoDJWMgkBO9PfzX3hY6/VPJGOFIxaI:FclbgmXM9Zxk66b9Hbh1/GO1VKWMk7`
Imports Hash	`36e19405d83d573fa0aed3e80798ce48`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x118`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2009-Mar-20 02:42:25
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`9.0`
SizeOfCode	`0x178200`
SizeOfInitializedData	`0x82600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0008EFC4 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x17a000`
ImageBase	`0x10000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.0`
ImageVersion	`0.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0x392000`
SizeOfHeaders	`0x400`
Checksum	`0x2055d4`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`f22dd583ca959b70f77358db03b3c90d`
SHA1	`1724bfc8a9e221353020ae092eab4577dcbba6a9`
SHA256	`9c5c7403e7c196d2a14d1c45c7cd3f7f3328bfb0560db646156f42580953cc86`
SHA3	`d220f0431a401f9370078724718aead75303dff27a1286c5cbd6955475e04f67`
VirtualSize	`0x178138`
VirtualAddress	`0x1000`
SizeOfRawData	`0x178200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.38336`

.rdata

MD5	`82953a47a46739de109e9384b58630d2`
SHA1	`6e49a81d599cd1223b79adf88daa9dd807a2a0e0`
SHA256	`ff3c3f18ae349658a5b453605d18309aa6244f9742c2d6a71a69d0f60df3910d`
SHA3	`d1e030f04dd52460859758daffa539e9f479d3315b4b3651f84edb3e092cfe18`
VirtualSize	`0x320e0`
VirtualAddress	`0x17a000`
SizeOfRawData	`0x32200`
PointerToRawData	`0x178600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.27733`

.data

MD5	`828168d3b606cacc4a70c2e220fd6d12`
SHA1	`8826f039ee9cde4a2b53c84106fe45ade17a80d9`
SHA256	`b55e814c5f151acdef652c576ce439696a82c5175b75bf84fd533a2cbbe58668`
SHA3	`7917f6fcd25e4bf7311b3d74b6dbc43d1904062d0bbeaf61179fefc06c0d022f`
VirtualSize	`0x19ade8`
VirtualAddress	`0x1ad000`
SizeOfRawData	`0x7000`
PointerToRawData	`0x1aa800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.97635`

.rsrc

MD5	`b8dd5b482a746b2f0b10fdce452ac861`
SHA1	`4fb198661ac3623a1d21597777ab9e21271ab62e`
SHA256	`f2e7172f904c9c1c2d158be6de7d3aaa30d037759681c5d78c535e0bfd848c7f`
SHA3	`f59957784ddd61b344bacbabd3bdfa1f214014060e12ea5839c85490f0328772`
VirtualSize	`0x392c4`
VirtualAddress	`0x348000`
SizeOfRawData	`0x39400`
PointerToRawData	`0x1b1800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.35041`

.reloc

MD5	`4692e92a45f66650eb047350abde7bed`
SHA1	`8695e98f446144c328e5c93817338a58413a9b66`
SHA256	`7f92709cac9fecd75f5c999596abdf00ef91de9cd919a0ef61f719c41a40b30f`
SHA3	`3ddff0620a0a951df901e46df15b7d6ae16f303f7aa8091ada6102fd8f6eee93`
VirtualSize	`0xff04`
VirtualAddress	`0x382000`
SizeOfRawData	`0x10000`
PointerToRawData	`0x1eac00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.65149`

Imports

KERNEL32.dll	`CreateSemaphoreA` `CreateMutexA` `ReleaseSemaphore` `GetDriveTypeA` `GetCurrentDirectoryA` `PeekNamedPipe` `CreateEventA` `CreateDirectoryW` `MoveFileW` `GetDriveTypeW` `FileTimeToLocalFileTime` `FileTimeToSystemTime` `CreatePipe` `FindNextFileW` `VirtualQuery` `GetFileInformationByHandle` `ResumeThread` `MultiByteToWideChar` `LeaveCriticalSection` `EnterCriticalSection` `CreateSemaphoreW` `GetLocalTime` `FindFirstFileW` `FindClose` `MoveFileExW` `SetThreadPriority` `GetSystemTime` `FormatMessageA` `LoadLibraryW` `GetFullPathNameW` `GetFullPathNameA` `GetTempPathW` `GetTickCount` `GetFileAttributesW` `GetFileAttributesA` `UnlockFile` `LockFileEx` `LockFile` `AreFileApisANSI` `GetVersionExA` `CreateNamedPipeA` `ConnectNamedPipe` `DisconnectNamedPipe` `OutputDebugStringA` `GetProcessTimes` `DuplicateHandle` `CreateRemoteThread` `GetExitCodeThread` `GetSystemDirectoryA` `OpenProcess` `GetFileSize` `CreateFileMappingA` `CreateProcessA` `SetEnvironmentVariableA` `CompareStringW` `GetCurrentProcess` `SetEndOfFile` `CreateFileA` `WriteConsoleW` `GetConsoleOutputCP` `WriteConsoleA` `CreateFileW` `SetStdHandle` `InitializeCriticalSectionAndSpinCount` `GetLocaleInfoW` `IsValidLocale` `EnumSystemLocalesA` `GetUserDefaultLCID` `GetDateFormatA` `GetTimeFormatA` `GetCurrentDirectoryW` `Sleep` `WideCharToMultiByte` `TerminateThread` `ReleaseMutex` `OpenMutexW` `CreateMutexW` `WaitForMultipleObjects` `PulseEvent` `ResetEvent` `SetLastError` `FindResourceExW` `LockResource` `GlobalAlloc` `GlobalLock` `GlobalUnlock` `MulDiv` `RaiseException` `lstrcmpiW` `LoadLibraryExW` `FindResourceW` `LoadResource` `SizeofResource` `FreeLibrary` `DeleteCriticalSection` `InitializeCriticalSection` `GetLastError` `GetModuleFileNameW` `GetProcAddress` `GetThreadLocale` `GetTempPathA` `SetThreadLocale` `FlushInstructionCache` `GetCurrentThreadId` `GetModuleHandleW` `SetEvent` `lstrlenA` `OutputDebugStringW` `DebugBreak` `InterlockedIncrement` `WaitForSingleObject` `LocalFree` `OpenFileMappingW` `CreateFileMappingW` `MapViewOfFile` `GetStringTypeW` `GetStringTypeA` `GetLocaleInfoA` `FlushFileBuffers` `SetFilePointer` `ReadFile` `GetConsoleMode` `GetConsoleCP` `GetCurrentProcessId` `QueryPerformanceCounter` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `GetEnvironmentStrings` `FreeEnvironmentStringsA` `GetStartupInfoA` `GetFileType` `SetHandleCount` `HeapCreate` `ExitProcess` `GetModuleHandleA` `IsValidCodePage` `GetOEMCP` `GetACP` `GetModuleFileNameA` `GetStdHandle` `WriteFile` `TlsFree` `GetCPInfo` `LCMapStringW` `LCMapStringA` `DeleteFileA` `DeleteFileW` `GetTimeZoneInformation` `CreateThread` `ExitThread` `GetCommandLineA` `IsDebuggerPresent` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `TerminateProcess` `GetSystemTimeAsFileTime` `RtlUnwind` `TlsGetValue` `TlsAlloc` `InterlockedDecrement` `lstrlenW` `CreateEventW` `UnmapViewOfFile` `CloseHandle` `CompareStringA` `TlsSetValue` `InterlockedExchange` `HeapSize` `HeapReAlloc` `HeapDestroy` `VirtualAlloc` `VirtualFree` `IsProcessorFeaturePresent` `LoadLibraryA` `HeapAlloc` `GetProcessHeap` `HeapFree` `InterlockedCompareExchange` `GetExitCodeProcess`
USER32.dll	`CopyRect` `GetClientRect` `LoadBitmapW` `BeginPaint` `EndPaint` `GetDlgCtrlID` `SystemParametersInfoW` `SetTimer` `GetParent` `SendMessageW` `KillTimer` `InvalidateRect` `SetWindowPos` `UnregisterClassA` `wvsprintfW` `CharNextW` `DrawTextW` `ReleaseDC` `GetWindowDC` `PostMessageW` `MessageBoxW` `LoadStringW` `RegisterWindowMessageW` `IsZoomed` `EnableWindow` `RegisterClassW` `MonitorFromWindow` `GetMonitorInfoW` `MapWindowPoints` `GetDlgItem` `GetScrollPos` `GetSysColor` `EndDialog` `DialogBoxParamW` `BringWindowToTop` `ScreenToClient` `GetWindowRect` `GetSystemMetrics` `IsIconic` `GetWindow` `PeekMessageW` `IsWindowVisible` `SetFocus` `GetFocus` `IsChild` `IntersectRect` `EqualRect` `OffsetRect` `SetWindowRgn` `UnionRect` `PtInRect` `GetKeyState` `IsWindow` `GetDC` `UpdateWindow` `CallWindowProcW` `GetWindowLongW` `SetWindowLongW` `CreateWindowExW` `GetClassInfoExW` `LoadCursorW` `RegisterClassExW` `DestroyWindow` `DefWindowProcW` `ShowWindow` `MoveWindow` `FillRect` `InflateRect`
GDI32.dll	`SetWindowExtEx` `CloseMetaFile` `DeleteMetaFile` `CreateRectRgnIndirect` `CreateDCW` `GetDeviceCaps` `LPtoDP` `SaveDC` `SetMapMode` `SetWindowOrgEx` `SetViewportOrgEx` `RestoreDC` `StretchBlt` `CreateFontW` `GetClipRgn` `CreateRectRgn` `SelectClipRgn` `SetBkMode` `CreatePen` `CreateSolidBrush` `Rectangle` `SetTextColor` `GetObjectW` `CreateFontIndirectW` `CreateCompatibleDC` `SelectObject` `BitBlt` `DeleteDC` `DeleteObject` `GetStockObject` `CreateMetaFileW`
ADVAPI32.dll	`RegOpenKeyExW` `LookupPrivilegeValueA` `AdjustTokenPrivileges` `SetNamedSecurityInfoW` `GetSecurityDescriptorSacl` `RegQueryValueExW` `RegSetValueExW` `RegEnumKeyExW` `RegCreateKeyExW` `RegDeleteValueW` `OpenProcessToken` `RegCloseKey` `RegDeleteKeyW` `RegQueryInfoKeyW` `ConvertStringSecurityDescriptorToSecurityDescriptorW`
SHELL32.dll	`SHGetSpecialFolderLocation` `SHCreateDirectoryExW` `SHGetPathFromIDListW` `SHGetFileInfoW`
ole32.dll	`CoUninitialize` `CoInitialize` `CoCreateInstance` `OleSaveToStream` `StringFromGUID2` `WriteClassStm` `OleLoadFromStream` `CreateDataAdviseHolder` `OleRegGetMiscStatus` `CreateOleAdviseHolder` `OleRegGetUserType` `OleRegEnumVerbs` `StringFromCLSID` `CoTaskMemRealloc` `CoTaskMemFree` `CoTaskMemAlloc`
OLEAUT32.dll	`SysAllocString` `SysFreeString` `VariantChangeType` `GetErrorInfo` `UnRegisterTypeLib` `LoadTypeLib` `SysStringLen` `RegisterTypeLib` `SysStringByteLen` `OleCreatePropertyFrame` `VarUI4FromStr` `VariantInit` `VariantClear` `SysAllocStringLen` `SafeArrayCreateVector` `SafeArrayAccessData` `SafeArrayUnaccessData` `SafeArrayDestroy` `SysAllocStringByteLen` `LoadRegTypeLib` `VariantCopy`
SHLWAPI.dll	`PathFileExistsA` `PathFileExistsW` `SHSetValueW`
COMCTL32.dll	`ImageList_Destroy` `ImageList_DrawEx` `ImageList_Duplicate` `ImageList_LoadImageW` `ImageList_GetImageInfo`
WS2_32.dll	`htonl` `ioctlsocket` `__WSAFDIsSet` `bind` `recv` `send` `getsockname` `accept` `WSARecvFrom` `WSASendTo` `setsockopt` `WSACleanup` `ntohs` `select` `gethostname` `inet_ntoa` `ntohl` `WSAStartup` `gethostbyname` `inet_addr` `getpeername` `WSAGetLastError` `shutdown` `closesocket` `connect` `htons` `socket` `listen`
WININET.dll	`InternetGetConnectedStateExW`
LIBEXPATW.dll	`#31` `#53` `#18` `#25` `#52` `#10` `#11` `#2` `#12` `#16` `#21`
LIBEAY32.dll	`#3171` `#3024` `#3106` `#510` `#3109` `#2630` `#316` `#269` `#2821` `#2936` `#259` `#2602` `#256` `#315` `#961` `#2915` `#2399` `#509`
dbghelp.dll	`MakeSureDirectoryPathExists`
IPHLPAPI.DLL	`GetAdaptersInfo`
NETAPI32.dll	`NetApiBufferFree` `NetWkstaTransportEnum` `Netbios`
snmpapi.dll	`SnmpUtilOidCpy` `SnmpUtilOidNCmp` `SnmpUtilVarBindFree`
PSAPI.DLL	`GetModuleBaseNameW` `EnumProcessModules` `EnumProcesses`
libcurl.dll	`curl_easy_getinfo` `curl_easy_perform` `curl_easy_init` `curl_easy_cleanup` `curl_easy_setopt`

Delayed Imports

NP_GetEntryPoints

Ordinal	`1`
Address	`0xb480`

NP_Initialize

Ordinal	`2`
Address	`0xb2c0`

NP_Shutdown

Ordinal	`3`
Address	`0xb2b0`

DllCanUnloadNow

Ordinal	`4`
Address	`0xe750`

DllGetClassObject

Ordinal	`5`
Address	`0xe6f0`

DllMain

Ordinal	`6`
Address	`0xe760`

DllRegisterServer

Ordinal	`7`
Address	`0xe710`

DllUnregisterServer

Ordinal	`8`
Address	`0xe730`

101

Type	`REGISTRY`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x73`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.51471`
MD5	`8edaf264b9f8eec9fd5394441bc30a78`
SHA1	`fce6af931abb276cda5a4d54a9d802fd93b45e31`
SHA256	`c14aba4d4f249eebcce5ea5049532d9d6699a341664e8d3db06b0d8a8cdcbf31`
SHA3	`f2641c00db881f7710d48170d55e797ed1b33e8d0b4d194ae7ebd3a7ce5c2979`

1001

Type	`STRINGXML`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x125a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.81863`
MD5	`30d26c4c7b5f00854210713316c84ce6`
SHA1	`b66c435e425c9e08a80538b65477d76ad3b738d5`
SHA256	`3f01c5e87e3fb92469d10a88124f712130c6812f99aee721ce53f5fd7df2d886`
SHA3	`c8fe38e87352352bb08c9efece7054488e73715a544167832fad74ad6ca68d62`

1

Type	`TYPELIB`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1138`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.40276`
MD5	`26cda44fa0807862bb0399f35405b605`
SHA1	`24fa9b6df6b24674beed21a77af2689769a8dbd1`
SHA256	`aa9dde6d670d8b5a47faf5cb8c199b1e625a0e3707b9354c380438781f6c2b93`
SHA3	`e3856ab3f2f40448175b1a8207b5d9a28ea3833d5ccea0da9eb45342f5142249`

103

Type	`RT_BITMAP`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1c52`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.31005`
MD5	`08c64695be94329f0bdab07ba260a1e4`
SHA1	`777b2d56eb322d9f7598437891c625eb7aaa897e`
SHA256	`75b8fc493b8d2db1b60635f7427ef6f7412026fbba212437e2e8f429f55b7cc7`
SHA3	`41a945e89ffe889f2bcff35aafc8c11d32a7e73709d4bdfa1d31342e00f2ceca`
Preview

147

Type	`RT_BITMAP`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x112`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.67394`
MD5	`ae25d8a898612e3eddcae0d7dcc929b2`
SHA1	`dbb5abf01d372f74b9faa30197a6d1d94150198a`
SHA256	`986ad0ffb270f43d77c2fa75be715df54d08b0e1b6d837e9e0d50e7334abf85e`
SHA3	`646eafb916e1a315af290229461557057b8974f76ecbc036540547cd6b32c93d`
Preview

206

Type	`RT_BITMAP`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x335ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.34916`
MD5	`f8f6d3881d4e9194bf8cd9dd63b9c4d6`
SHA1	`ec513c95c2821205ee83bab79dbabbd08af55a23`
SHA256	`f6ed9e6943fc0fef293b0a134b3340bbb3b1a93a24ed46bebccd06ed0bf6d0d0`
SHA3	`3cde1262e2d037a1339a73422847e84790807269fbee10f216d8697d67ff823f`
Preview

207

Type	`RT_BITMAP`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x628`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.46081`
MD5	`22172d11678117b52a37420160263f24`
SHA1	`d5461f5b70df657a0c79cfa6d1c3ba5b1bf022e0`
SHA256	`556f2b238e8d5298cfc340bd4a341a7659ba1bb59f48ccfd29502cffc84d1b72`
SHA3	`2b90eb19530c889d81260b769ec6b386653198e5c4424a52666c66fd5661a421`
Preview

209

Type	`RT_BITMAP`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x53a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.55505`
MD5	`8f0914b0980a43d8b57522491d98ce32`
SHA1	`f0e0a55ca3597c48e9b6649ae44b1cbbe2e231c1`
SHA256	`815afa575adf13fa225988d1093668e1d0b81331ca08ba0ae281e94be06bfeab`
SHA3	`59c10717b30791607ed211aad437992408302d210d83a18e71c835d8faecc7ff`
Preview

210

Type	`RT_BITMAP`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x536`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.49228`
MD5	`dc80780d9ba3314baca158395b8eaf54`
SHA1	`e96d89d9b9d76f6db99ebfd1d1a409f9c6f617a6`
SHA256	`250458f00d2f56a017a1243b181d5d6a8f6f229f9a86d3829604a65355585ad4`
SHA3	`bbeaba254d09fef8995adf394c5fed8bb679a31346d122900940e26209914aa1`
Preview

3000

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x104`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.1999`
MD5	`44f4eabf8a36443d27519e0c995212a7`
SHA1	`71cf7fa9c735cac3eb7e09b0df0e7d28d898d22f`
SHA256	`f56644cc901d927cac3bc8b826a91ce7a6e91a5aea159255afcfd061aa5bd77c`
SHA3	`90686a33e5767390a7f8ab77bb25f51753e5d09fc6e2e542d0f24184346a9ceb`

7

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.960953`
MD5	`c7b38a737607ab8d719e0977642c1c1c`
SHA1	`dfdb418cc6fc2f09399c145c601b261678c1bcf2`
SHA256	`20f034fa8f21489504fc5de3bbdeb405318e2f4c8fd5da25f3f3d0b505d700f5`
SHA3	`1d1f694c4bee173ece7971cc399c6ece36c10b3d204af1c70ba9d15902d28bc4`

9

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.847742`
MD5	`bfd876e1d5827996c74d488970892f4b`
SHA1	`e0df33c61b8b9d2259a1d90e2fd28cac2c88cc91`
SHA256	`0324e1425e7d023eb5e8caaf7d79f43de96a748cd2b8c30181bd8c3b934da05f`
SHA3	`37629b5d1b4274bac1200b376e568b9e9d99734540e78855728e6d57e5f276ae`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x46c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.5112`
MD5	`9974a2fbf98ab344e9f54e346eac04d1`
SHA1	`b53e2b34703ea635776f1c1b858bc5eee75ac8d4`
SHA256	`8708b6af93dbbb316567c6306ab1c0bdad7dbef028f4592c463e678a09c9358c`
SHA3	`7ddebcae232ab0705af54aa6222b400359875ef464ee323e3561d264f66a552d`

2

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x15a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.79597`
MD5	`24d3b502e1846356b0263f945ddd5529`
SHA1	`bac45b86a9c48fc3756a46809c101570d349737d`
SHA256	`49a60be4b95b6d30da355a0c124af82b35000bce8f24f957d1c09ead47544a1e`
SHA3	`1244ed60820da52dc4b53880ec48e3b587dbdbd9545f01fa2b1c0fcfea1d5e9e`

String Table contents

TVUAx
Error

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2.4.5.1
ProductVersion	2.4.5.1
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	TVU networks
FileDescription	2,4,5,1
FileExtents	tvu
FileOpenName	TVU Web Player for FireFox
FileVersion (#2)	2.4.5.1
InternalName	TVUAx.dll
LegalCopyright	Copyright (C) 2006-2008 TVU networks. All rights reserved.
MIMEType	application/x-tvuplayer-plugin
OriginalFilename	TVUAx.dll
ProductName	TVU Web Player for FireFox
ProductVersion (#2)	2.4.5.1
Comments	TVU IPTV Player
LegalTrademarks	TVU networks

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2009-Mar-20 02:42:25
Version	`0.0`
SizeofData	`96`
AddressOfRawData	`0x197480`
PointerToRawData	`0x195a80`
Referenced File	c:\home\luntbuild\work\app-winrd\products\winrd\bin\release\npTVUAx.pdb

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x101afc78`
SEHandlerTable	`0x1019c7b0`
SEHandlerCount	`704`

RICH Header

XOR Key	`0x2455162d`
Unmarked objects	`0`
150 (20413)	`12`
ASM objects (VS2008 build 21022)	`32`
C objects (VS2012 build 50727 / VS2005 build 50727)	`12`
C objects (VS2008 build 21022)	`244`
C objects (VS2003 (.NET) build 3077)	`58`
C++ objects (VS2008 SP1 build 30729)	`3`
Imports (VS2003 (.NET) build 3077)	`6`
Total imports	`422`
Imports (VS2012 build 50727 / VS2005 build 50727)	`33`
C++ objects (VS2008 build 21022)	`195`
Exports (VS2008 build 21022)	`1`
Linker (VS2008 build 21022)	`1`
Resource objects (VS2008 build 21022)	`1`

242724ac146699e70a27e040b1ceca55

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

.reloc

Imports

Delayed Imports

NP_GetEntryPoints

NP_Initialize

NP_Shutdown

DllCanUnloadNow

DllGetClassObject

DllMain

DllRegisterServer

DllUnregisterServer

101

1001

1

103

147

206

207

209

210

3000

7

9

1 (#2)

2

String Table contents

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors