51555150a2028e0d458005189ce51647

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2017-Jul-05 15:21:53
Detected languages English - United States
Debug artifacts G:\VCam-anew\IPCameraAdapter\IPCameraAdapter\x64\Release\IPCameraAdapter.pdb

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 8.0
Info The PE contains common functions which appear in legitimate applications. Can access the registry:
  • RegSetValueW
  • RegOpenKeyExW
  • RegEnumKeyExW
  • RegDeleteKeyW
  • RegCreateKeyW
  • RegCloseKey
  • RegSetValueExW
  • RegCreateKeyExW
  • RegQueryValueExW
Safe VirusTotal score: 0/65 (Scanned on 2017-09-02 08:23:35) All the AVs think this file is safe.

Hashes

MD5 51555150a2028e0d458005189ce51647
SHA1 a9c4f3abe9c1243874c104292821a60bcc0728e9
SHA256 844f8dc353c4dc95b9294e82647f8764c8c1901a07949b7111f52788c89be2c3
SHA3 e7b3b7fd1552bda085b6e3c3fda2708e3646d1d75534463cd4b253d030bae1cc
SSDeep 1536:a6mWtgym+/lryDTtykM2LpFdNyP+jn2PhqOAwzW0j/Y+/M:Jmlym+dryTtykhIcIhqOAwpjj/
Imports Hash 2fa007a6c9747b9d0cb9b6ae2cc38844

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x130

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 6
TimeDateStamp 2017-Jul-05 15:21:53
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 12.0
SizeOfCode 0xa600
SizeOfInitializedData 0xea00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000000A950 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x180000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x1c000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 648004ce228d00570f81b6b87d767830
SHA1 ca88ee713e5e5f4db3017e9f3d302e5949a442f8
SHA256 e1c363737cd6fcb2cba281248583fc3d5b9c5057be494b7a9310302ee10fd368
SHA3 e3b7c5a1b0c6305064bbbd7e31ba6b5af079ca5ccb1a0ded5b813d17e0392c13
VirtualSize 0xa44e
VirtualAddress 0x1000
SizeOfRawData 0xa600
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.04975

.rdata

MD5 7c84d4af36fcac3ed5396b5b395a05ff
SHA1 9e6dda0dbb039d0638b2c5a269dc46e4f5121691
SHA256 fd3ef1f6135642412532bfc1fdf666681511d64d033a459fd73aef9fe19464b6
SHA3 8afd8e0b123a14d9009e5aea0aefd19d380453110e935a5caa3bfd03fb162099
VirtualSize 0x67e8
VirtualAddress 0xc000
SizeOfRawData 0x6800
PointerToRawData 0xaa00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.26773

.data

MD5 9d6512d34eeda42a79cd81ca2180efea
SHA1 377cf59e45b980e23830d5e3c4cac6909f8ff7c7
SHA256 c434736514c7ee54fc2f23e33e45576657fb52a2d7dbc4bb92f29504bbe4de25
SHA3 22d5ad019430157292ef9e9586447bc6cd8950675a29f624c49d2726288749f9
VirtualSize 0xfb0
VirtualAddress 0x13000
SizeOfRawData 0xa00
PointerToRawData 0x11200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.53158

.pdata

MD5 fd3753c71b39339ea9eff983f3acc098
SHA1 b890848ec15a0088e5945004d6ceae9d6971a6aa
SHA256 609491efdd48e2ad322a20dd4a9166720d3be29b6ab20c9be5651c076291e897
SHA3 15bc5ec1951e09ffaaa8c9b57e0054c1fc38d55d4d2648bc6bdd4b8d3192043f
VirtualSize 0xdc8
VirtualAddress 0x14000
SizeOfRawData 0xe00
PointerToRawData 0x11c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.72906

.rsrc

MD5 efc9bab77aa60035bb9bc924b9e54da6
SHA1 4cb52afcd23a9e02fdf6b5de446fd0d1df8a7b25
SHA256 974bea4301c13ded7209827fbe33bc6730d16b873008610390e5fd683b26fd59
SHA3 c1f5ffcdb4419d300b976e64bdd20ccd3aa605d890a89a65926b5403798e4f1f
VirtualSize 0x5ed0
VirtualAddress 0x15000
SizeOfRawData 0x6000
PointerToRawData 0x12a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.55576

.reloc

MD5 36e630ca37645473daacb10413fdb638
SHA1 f1a51452356ebe3e5cd717227b72506b653a795e
SHA256 aa335035c51bbf3b38725a333479d8ba90fa4482c830da4c653f4f1456869988
SHA3 9f1baa45491683d7bebc6cc46df46d82faaffbed309d7820382a8ecc22ce3460
VirtualSize 0x350
VirtualAddress 0x1b000
SizeOfRawData 0x400
PointerToRawData 0x18a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 4.93378

Imports

libcurl.dll curl_easy_setopt
curl_easy_init
curl_easy_perform
curl_easy_getinfo
curl_easy_cleanup
FreeImage.dll FreeImage_ConvertToRawBits
FreeImagePlus.dll ?convertTo24Bits@fipImage@@QEAAHXZ
?flipVertical@fipImage@@QEAAHXZ
??1fipImage@@UEAA@XZ
??0fipImage@@QEAA@AEBV0@@Z
?rescale@fipImage@@QEAAHIIW4FREE_IMAGE_FILTER@@@Z
?loadFromMemory@fipImage@@QEAAHAEAVfipMemoryIO@@H@Z
?clear@fipImage@@UEAAXXZ
?getWidth@fipImage@@QEBAIXZ
?getHeight@fipImage@@QEBAIXZ
?isValid@fipImage@@UEBAHXZ
??0fipMemoryIO@@QEAA@PEAEK@Z
??0fipImage@@QEAA@W4FREE_IMAGE_TYPE@@III@Z
??1fipMemoryIO@@UEAA@XZ
KERNEL32.dll InitializeCriticalSection
lstrlenA
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
MultiByteToWideChar
ReleaseMutex
Sleep
CreateThread
FindResourceW
LoadResource
SizeofResource
LockResource
CreateMutexW
OpenEventW
CreateEventW
SetEvent
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
GetLastError
GetModuleFileNameA
CloseHandle
DeleteCriticalSection
FreeLibrary
GetProcAddress
GetModuleHandleW
GetCurrentThreadId
ResetEvent
lstrlenW
DisableThreadLibraryCalls
GetVersionExW
USER32.dll SetWindowLongW
GetDesktopWindow
GetWindowRect
LoadStringW
SendMessageW
GetWindowTextW
GetDlgItem
SetWindowTextW
MessageBoxA
SetRectEmpty
DefWindowProcW
DestroyWindow
ShowWindow
MoveWindow
CreateDialogParamW
InvalidateRect
GetWindowLongW
GetWindowLongPtrW
SetWindowLongPtrW
ADVAPI32.dll RegSetValueW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
ole32.dll CoCreateInstance
StringFromGUID2
CoTaskMemFree
CoUninitialize
CoTaskMemAlloc
CoInitialize
CoFreeUnusedLibraries
MSVCR120.dll _initterm
_initterm_e
_malloc_crt
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__clean_type_info_names_internal
_amsg_exit
__CppXcptFilter
__crtCapturePreviousContext
_CxxThrowException
__crtTerminateProcess
?what@exception@std@@UEBAPEBDXZ
__crtUnhandledException
__crt_debugger_hook
_onexit
__C_specific_handler
__dllonexit
_calloc_crt
_unlock
_lock
memset
memcmp
memcpy
__CxxFrameHandler3
_vsnwprintf
_itow_s
vsprintf_s
_wtoi
_wcsdup
wcstol
?terminate@@YAXXZ
realloc
_strdup
tolower
sprintf_s
??0exception@std@@QEAA@AEBV01@@Z
memchr
??1exception@std@@UEAA@XZ
??0exception@std@@QEAA@AEBQEBD@Z
_purecall
malloc
??_U@YAPEAX_K@Z
free
memmove
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
strncpy_s
__crtCaptureCurrentContext
MSVCP120.dll ??Bid@locale@std@@QEAA_KXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?out@?$codecvt@_WDH@std@@QEBAHAEAHPEB_W1AEAPEB_WPEAD3AEAPEAD@Z
??0?$codecvt@_WDH@std@@QEAA@_K@Z
?_Getcat@?$codecvt@_WDH@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?id@?$codecvt@_WDH@std@@2V0locale@2@A
??_7?$codecvt@_WDH@std@@6B@
??_7codecvt_base@std@@6B@
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
??_7facet@locale@std@@6B@
??_7_Facet_base@std@@6B@
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Syserror_map@std@@YAPEBDH@Z

Delayed Imports

DllCanUnloadNow

Ordinal 1
Address 0x58f0

DllGetClassObject

Ordinal 2
Address 0x5950

DllMain

Ordinal 3
Address 0x12d0

DllRegisterServer

Ordinal 4
Address 0x12b0

DllUnregisterServer

Ordinal 5
Address 0x12c0

103

Type JPEG
Language English - United States
Codepage UNKNOWN
Size 0x59be
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.41014
Detected Filetype Bitmap graphic
MD5 4ef82a1fb8026522327639636a2425ca
SHA1 7dc1156cbc179cef7335dbafee698ca2261b5276
SHA256 13e5d9f9cf781bf4cb210e3a518f63194ad5edc94e753490de8d0342a0732612
SHA3 8ba338b90c9f1a3db4465b0abea63bb34a4129fdefb7ecc013125aabd9466cb1

107

Type RT_DIALOG
Language English - United States
Codepage UNKNOWN
Size 0x20c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.02621
MD5 85f80a97ebf477c3528d5f38a32f75c5
SHA1 2e1d9a082cca7dca9923dc83c9fb8ac4ab4a7ed8
SHA256 32d80b220e902d6bf3657c7524486b7f50ddca81fd98c74680df8db0ad9e8dc7
SHA3 be1d77a3d88a01a32a42807596292c6fd2b744ca6687f594923e0cd0f8abeb8d

7

Type RT_STRING
Language English - United States
Codepage UNKNOWN
Size 0x40
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.8271
MD5 6c74a20be31c5e63cea8c35062093c7d
SHA1 c837eace8ca3200e37d524e41f120aec44812a04
SHA256 2c684315e5d8016d432eeb678272726ca455eec3a0167f26de958d10294519de
SHA3 715b998cce830bd37e26ab23c3d6bc37cd9c25c51f4ca5c8311de035d46f15a8

2

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

String Table contents

MJPEG Properties

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2017-Jul-05 15:21:53
Version 0.0
SizeofData 101
AddressOfRawData 0xe090
PointerToRawData 0xca90
Referenced File G:\VCam-anew\IPCameraAdapter\IPCameraAdapter\x64\Release\IPCameraAdapter.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2017-Jul-05 15:21:53
Version 0.0
SizeofData 20
AddressOfRawData 0xe0f8
PointerToRawData 0xcaf8

TLS Callbacks

Load Configuration

Size 0x70
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x180013000

RICH Header

XOR Key 0x935a6da1
Unmarked objects 0
221 (20806) 4
199 (41118) 1
ASM objects (20806) 1
C objects (20806) 12
C++ objects (20806) 4
208 (65501) 1
C++ objects (VS2013 UPD4 build 31101) 12
C objects (65501) 4
221 (VS2013 UPD4 build 31101) 4
221 (VS2013 build 21005) 3
Imports (65501) 12
Total imports 192
229 (VS2013 UPD4 build 31101) 8
Exports (VS2013 UPD4 build 31101) 1
Resource objects (VS2013 build 21005) 1
151 1
Linker (VS2013 UPD4 build 31101) 1

Errors

<-- -->