a6d4bdb02430586bada8fce9fc6be852

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2017-May-31 09:11:56
Detected languages English - United States
Debug artifacts E:\GSW_Hub\WIN_AP\OtherTools\RtHubSSControl\Release\RtHubSSContrl.pdb
CompanyName Realtek Semiconductor Corp.
FileDescription RealtekHubService
FileVersion 1.4.0.0
InternalName RtHubSSControl.exe
LegalCopyright Copyright (C) 2016
OriginalFilename RtHubSSControl.exe
ProductName RtHubSSControl
ProductVersion 1.4.0.0

Plugin Output

Info Matching compiler(s): MASM/TASM - sig1(h)
Suspicious Strings found in the binary may indicate undesirable behavior: Contains references to system / monitoring tools:
  • Control.exe
Accesses the WMI:
  • ROOT\WMI
Info Cryptographic algorithms detected in the binary: Uses constants related to SHA1
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryW
  • GetProcAddress
Can create temporary files:
  • CreateFileW
  • GetTempPathW
Interacts with services:
  • CreateServiceW
  • QueryServiceStatus
  • OpenSCManagerW
  • DeleteService
  • ControlService
  • OpenServiceW
Info The PE is digitally signed. Signer: Realtek Semiconductor Corp.
Issuer: DigiCert EV Code Signing CA
Safe VirusTotal score: 0/68 (Scanned on 2018-06-08 10:10:02) All the AVs think this file is safe.

Hashes

MD5 a6d4bdb02430586bada8fce9fc6be852
SHA1 7fe2410435a41b73f0b3cb15662edb26ada99a08
SHA256 fd2c88a7d7e9a6bab6c0c9a725e12e1d1fcc9f2f6dd88eaf6c204952a570001e
SHA3 8ec0363e2520d2cff63bfb686d72209f433448ad7fde3b0d5ed086e110c12b56
SSDeep 1536:7qQjTeitiO+kOsU0+mt2b3SU0mO3c8raTd5VT:7qQjTeiNHUhmt2b3S7mOM8rOT
Imports Hash 30936b77cc715e989bc81021573c4a73

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x118

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 7
TimeDateStamp 2017-May-31 09:11:56
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0x4a00
SizeOfInitializedData 0xcc00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00004C00 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x6000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x16000
SizeOfHeaders 0x400
Checksum 0x17459
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 2c4852225782746d35e4358dbf443386
SHA1 cda35a48ab5b21dc3dcc1f44077c2f077495939a
SHA256 4d13464630f31091f8b728ca0ea4d8ef7fa40799cecb64ad74041d61973593f2
SHA3 9cc9376edc4eafbb5c5afbf11733dccd9b6484927163f7e946829704485d1e38
VirtualSize 0x495e
VirtualAddress 0x1000
SizeOfRawData 0x4a00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.27139

.rdata

MD5 ccce8ff786423b891b7476bd3aaaae0d
SHA1 2608944921886aa6076c5f4dfc0eb26a76bdb580
SHA256 0e4542f5476132b21064679ee874d9a65ab07319cc8dd5993bc1626026ab0c49
SHA3 1e550024e6a953c3f815eab3240ef2d2f6960fa2eb7fc83a8d1c04e3e37b3f68
VirtualSize 0x2ab6
VirtualAddress 0x6000
SizeOfRawData 0x2c00
PointerToRawData 0x4e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.44223

.data

MD5 8f7fd2cbc9ce81bc2da564fc2aebf564
SHA1 8bd5ea44e68a22b0ed2db32b40c458f73b4a5a3f
SHA256 711bb24f35fefceb62d01482ff4b4f581365aacf699e1f5a037b262a40420457
SHA3 44b9a6b4d4fc47516c9acc364911f03401f5b531bd49db2a9bfc62c1ebc32aa5
VirtualSize 0x8da0
VirtualAddress 0x9000
SizeOfRawData 0x8a00
PointerToRawData 0x7a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 6.23844

.tls

MD5 1f354d76203061bfdd5a53dae48d5435
SHA1 aa0d33a0c854e073439067876e932688b65cb6a9
SHA256 4c6474903705cb450bb6434c29e8854f17d8324efca1fdb9ee9008599060883a
SHA3 991fbbd46bbd69198269fe6c247d440e0f8a7d38259b7a1e04b74790301d1d2b
VirtualSize 0x9
VirtualAddress 0x12000
SizeOfRawData 0x200
PointerToRawData 0x10400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.0203931

.gfids

MD5 d5fd61c046e5571ce256ece0bffbbf25
SHA1 9093355c16ebf477eb5dd3f57074cc66c45b84d4
SHA256 e10045e90b755cd9c2377e6397f3200c00d3c0e1188c350961420f4854435564
SHA3 61d33744fb8c0719ad70429078579c42459f18f4f29a866c312d4ac02d410794
VirtualSize 0x68
VirtualAddress 0x13000
SizeOfRawData 0x200
PointerToRawData 0x10600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0.509827

.rsrc

MD5 185a82c83deeb8ffff9a000e9bd6bad2
SHA1 d22aaa6d3df98eff57f6cdf09b7dca413620716d
SHA256 c3d0670b533123e5bb4316b383a89376d0704c3eedb110dd05d9646681d5be3b
SHA3 c2f355fec22090204e606aaaaf89637946ec39865586af1f0c35ee1561cba49e
VirtualSize 0x5d8
VirtualAddress 0x14000
SizeOfRawData 0x600
PointerToRawData 0x10800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.33358

.reloc

MD5 c43443bf2b0cbdea469bb727b631e2d9
SHA1 c12f15b1732bf3db494044509938e1e26f4b1ab7
SHA256 814926418092fdb92e6bdc951e6f62a9257f29d9388f8e8d698bc915be16152f
SHA3 969c13c89c0cda3fa67d37a1a0697d8e1e8e7b4a5373f603a9320e8743c5fcbf
VirtualSize 0x728
VirtualAddress 0x15000
SizeOfRawData 0x800
PointerToRawData 0x10e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.29985

Imports

VERSION.dll GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
KERNEL32.dll DeleteFileW
HeapReAlloc
CloseHandle
GetNativeSystemInfo
RaiseException
LoadLibraryW
FindResourceExW
LoadResource
FindResourceW
HeapAlloc
HeapDestroy
GetProcAddress
DeleteCriticalSection
GetProcessHeap
GetModuleHandleW
LockResource
CopyFileW
ReadFile
CreateNamedPipeW
WaitForMultipleObjects
WaitForSingleObject
DisconnectNamedPipe
QueueUserWorkItem
CreateEventW
SetEvent
ConnectNamedPipe
GetModuleFileNameW
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetLastError
EnterCriticalSection
HeapSize
GetSystemDirectoryW
GetFileAttributesW
CreateFileW
InitializeCriticalSectionEx
GetTempPathW
WriteFile
GetCurrentProcess
HeapFree
SizeofResource
WaitForSingleObjectEx
ResetEvent
LeaveCriticalSection
FreeLibrary
IsProcessorFeaturePresent
IsDebuggerPresent
LocalFree
OutputDebugStringW
InitializeSListHead
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
USER32.dll MessageBoxW
ADVAPI32.dll StartServiceW
DeregisterEventSource
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
RegisterEventSourceW
ReportEventW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CreateServiceW
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
DeleteService
ControlService
OpenServiceW
ole32.dll CoUninitialize
CoSetProxyBlanket
CoInitializeEx
CoInitializeSecurity
CoCreateInstance
OLEAUT32.dll #9
#4
#2
#6
VCRUNTIME140.dll __std_exception_destroy
_except_handler4_common
memset
__vcrt_InitializeCriticalSectionEx
memcpy
__std_exception_copy
_CxxThrowException
wcsstr
memmove
__CxxFrameHandler3
api-ms-win-crt-stdio-l1-1-0.dll __stdio_common_vswprintf
__stdio_common_vswprintf_s
__p__commode
__stdio_common_vfwprintf
_set_fmode
__acrt_iob_func
api-ms-win-crt-string-l1-1-0.dll wmemcpy_s
_wcsicmp
api-ms-win-crt-runtime-l1-1-0.dll _exit
_configure_wide_argv
__p___argc
__p___wargv
exit
_initterm_e
_register_thread_local_exe_atexit_callback
_get_initial_wide_environment
_set_app_type
_seh_filter_exe
terminate
_controlfp_s
_cexit
_initialize_onexit_table
_crt_atexit
_initterm
_initialize_wide_environment
_register_onexit_function
_c_exit
_errno
_invalid_parameter_noinfo
api-ms-win-crt-heap-l1-1-0.dll malloc
_callnewh
_set_new_mode
free
api-ms-win-crt-math-l1-1-0.dll __setusermatherr
api-ms-win-crt-locale-l1-1-0.dll _configthreadlocale

Delayed Imports

1

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x308
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.36651
MD5 6e1198f59895b7832b339ef78be190d9
SHA1 f2529c77e4350266f6e848cbf226388a03f70ced
SHA256 5f726e71d1572bfcb0e1de6eaf0570cb55ed70e97882f6cc7c4350886cea5866
SHA3 6903452b565dddf1766ae84139772c00044897e30b9b1fbc0e934bb25a21cf1d

1 (#2)

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x22f
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.02293
MD5 152bb89e1c983ac83f61f234467ce37b
SHA1 80fbd63597a74720f3564b4a285e074e768fd0a8
SHA256 c33fffcaf40d812614f14a0a6441a425ab9f0114d82a65072bb4b443cdb23614
SHA3 7c63b7dcf97ab61479aabc3f427c03cae0982fd8784546e844e8d1bd0ddb9fca

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.4.0.0
ProductVersion 1.4.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
CompanyName Realtek Semiconductor Corp.
FileDescription RealtekHubService
FileVersion (#2) 1.4.0.0
InternalName RtHubSSControl.exe
LegalCopyright Copyright (C) 2016
OriginalFilename RtHubSSControl.exe
ProductName RtHubSSControl
ProductVersion (#2) 1.4.0.0
Resource LangID English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2017-May-31 09:11:56
Version 0.0
SizeofData 94
AddressOfRawData 0x744c
PointerToRawData 0x624c
Referenced File E:\GSW_Hub\WIN_AP\OtherTools\RtHubSSControl\Release\RtHubSSContrl.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2017-May-31 09:11:56
Version 0.0
SizeofData 20
AddressOfRawData 0x74ac
PointerToRawData 0x62ac

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2017-May-31 09:11:56
Version 0.0
SizeofData 860
AddressOfRawData 0x74c0
PointerToRawData 0x62c0

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2017-May-31 09:11:56
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

StartAddressOfRawData 0x412000
EndAddressOfRawData 0x412008
AddressOfIndex 0x411cf0
AddressOfCallbacks 0x406268
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_4BYTES
Callbacks (EMPTY)

Load Configuration

Size 0x5c
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x40900c
SEHandlerTable 0x407420
SEHandlerCount 11

RICH Header

XOR Key 0xf51af7e3
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 12
Imports (VS2015 UPD3 build 24123) 2
208 (65501) 1
C++ objects (23013) 2
ASM objects (VS2015 UPD3 build 24123) 4
C++ objects (VS2015 UPD3 build 24123) 32
C objects (VS2015 UPD3 build 24123) 13
Imports (65501) 13
Total imports 147
265 (VS2015 UPD3.1 build 24215) 8
Resource objects (VS2015 UPD3 build 24210) 1
151 1
Linker (VS2015 UPD3.1 build 24215) 1

Errors

<-- -->