Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2017-May-31 09:11:56 |
Detected languages |
English - United States
|
Debug artifacts |
E:\GSW_Hub\WIN_AP\OtherTools\RtHubSSControl\Release\RtHubSSContrl.pdb
|
CompanyName | Realtek Semiconductor Corp. |
FileDescription | RealtekHubService |
FileVersion | 1.4.0.0 |
InternalName | RtHubSSControl.exe |
LegalCopyright | Copyright (C) 2016 |
OriginalFilename | RtHubSSControl.exe |
ProductName | RtHubSSControl |
ProductVersion | 1.4.0.0 |
Info | Matching compiler(s): | MASM/TASM - sig1(h) |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains references to system / monitoring tools:
|
Info | Cryptographic algorithms detected in the binary: | Uses constants related to SHA1 |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Info | The PE is digitally signed. |
Signer: Realtek Semiconductor Corp.
Issuer: DigiCert EV Code Signing CA |
Safe | VirusTotal score: 0/68 (Scanned on 2018-06-08 10:10:02) | All the AVs think this file is safe. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x118 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 7 |
TimeDateStamp | 2017-May-31 09:11:56 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x4a00 |
SizeOfInitializedData | 0xcc00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00004C00 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x6000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x16000 |
SizeOfHeaders | 0x400 |
Checksum | 0x17459 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
VERSION.dll |
GetFileVersionInfoSizeW
GetFileVersionInfoW VerQueryValueW |
---|---|
KERNEL32.dll |
DeleteFileW
HeapReAlloc CloseHandle GetNativeSystemInfo RaiseException LoadLibraryW FindResourceExW LoadResource FindResourceW HeapAlloc HeapDestroy GetProcAddress DeleteCriticalSection GetProcessHeap GetModuleHandleW LockResource CopyFileW ReadFile CreateNamedPipeW WaitForMultipleObjects WaitForSingleObject DisconnectNamedPipe QueueUserWorkItem CreateEventW SetEvent ConnectNamedPipe GetModuleFileNameW Sleep UnhandledExceptionFilter SetUnhandledExceptionFilter TerminateProcess GetLastError EnterCriticalSection HeapSize GetSystemDirectoryW GetFileAttributesW CreateFileW InitializeCriticalSectionEx GetTempPathW WriteFile GetCurrentProcess HeapFree SizeofResource WaitForSingleObjectEx ResetEvent LeaveCriticalSection FreeLibrary IsProcessorFeaturePresent IsDebuggerPresent LocalFree OutputDebugStringW InitializeSListHead QueryPerformanceCounter GetCurrentProcessId GetCurrentThreadId GetSystemTimeAsFileTime |
USER32.dll |
MessageBoxW
|
ADVAPI32.dll |
StartServiceW
DeregisterEventSource SetServiceStatus RegisterServiceCtrlHandlerW StartServiceCtrlDispatcherW RegisterEventSourceW ReportEventW SetSecurityDescriptorDacl InitializeSecurityDescriptor CreateServiceW QueryServiceStatus CloseServiceHandle OpenSCManagerW DeleteService ControlService OpenServiceW |
ole32.dll |
CoUninitialize
CoSetProxyBlanket CoInitializeEx CoInitializeSecurity CoCreateInstance |
OLEAUT32.dll |
#9
#4 #2 #6 |
VCRUNTIME140.dll |
__std_exception_destroy
_except_handler4_common memset __vcrt_InitializeCriticalSectionEx memcpy __std_exception_copy _CxxThrowException wcsstr memmove __CxxFrameHandler3 |
api-ms-win-crt-stdio-l1-1-0.dll |
__stdio_common_vswprintf
__stdio_common_vswprintf_s __p__commode __stdio_common_vfwprintf _set_fmode __acrt_iob_func |
api-ms-win-crt-string-l1-1-0.dll |
wmemcpy_s
_wcsicmp |
api-ms-win-crt-runtime-l1-1-0.dll |
_exit
_configure_wide_argv __p___argc __p___wargv exit _initterm_e _register_thread_local_exe_atexit_callback _get_initial_wide_environment _set_app_type _seh_filter_exe terminate _controlfp_s _cexit _initialize_onexit_table _crt_atexit _initterm _initialize_wide_environment _register_onexit_function _c_exit _errno _invalid_parameter_noinfo |
api-ms-win-crt-heap-l1-1-0.dll |
malloc
_callnewh _set_new_mode free |
api-ms-win-crt-math-l1-1-0.dll |
__setusermatherr
|
api-ms-win-crt-locale-l1-1-0.dll |
_configthreadlocale
|
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 1.4.0.0 |
ProductVersion | 1.4.0.0 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
CompanyName | Realtek Semiconductor Corp. |
FileDescription | RealtekHubService |
FileVersion (#2) | 1.4.0.0 |
InternalName | RtHubSSControl.exe |
LegalCopyright | Copyright (C) 2016 |
OriginalFilename | RtHubSSControl.exe |
ProductName | RtHubSSControl |
ProductVersion (#2) | 1.4.0.0 |
Resource LangID | English - United States |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2017-May-31 09:11:56 |
Version | 0.0 |
SizeofData | 94 |
AddressOfRawData | 0x744c |
PointerToRawData | 0x624c |
Referenced File | E:\GSW_Hub\WIN_AP\OtherTools\RtHubSSControl\Release\RtHubSSContrl.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2017-May-31 09:11:56 |
Version | 0.0 |
SizeofData | 20 |
AddressOfRawData | 0x74ac |
PointerToRawData | 0x62ac |
Characteristics |
0
|
---|---|
TimeDateStamp | 2017-May-31 09:11:56 |
Version | 0.0 |
SizeofData | 860 |
AddressOfRawData | 0x74c0 |
PointerToRawData | 0x62c0 |
Characteristics |
0
|
---|---|
TimeDateStamp | 2017-May-31 09:11:56 |
Version | 0.0 |
SizeofData | 0 |
AddressOfRawData | 0 |
PointerToRawData | 0 |
StartAddressOfRawData | 0x412000 |
---|---|
EndAddressOfRawData | 0x412008 |
AddressOfIndex | 0x411cf0 |
AddressOfCallbacks | 0x406268 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_ALIGN_4BYTES
|
Callbacks | (EMPTY) |
Size | 0x5c |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x40900c |
SEHandlerTable | 0x407420 |
SEHandlerCount | 11 |
XOR Key | 0xf51af7e3 |
---|---|
Unmarked objects | 0 |
Imports (VS2008 SP1 build 30729) | 12 |
Imports (VS2015 UPD3 build 24123) | 2 |
208 (65501) | 1 |
C++ objects (23013) | 2 |
ASM objects (VS2015 UPD3 build 24123) | 4 |
C++ objects (VS2015 UPD3 build 24123) | 32 |
C objects (VS2015 UPD3 build 24123) | 13 |
Imports (65501) | 13 |
Total imports | 147 |
265 (VS2015 UPD3.1 build 24215) | 8 |
Resource objects (VS2015 UPD3 build 24210) | 1 |
151 | 1 |
Linker (VS2015 UPD3.1 build 24215) | 1 |