c9145ca2f62d2daf0068be88a022025e

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 1971-Mar-20 23:19:31
Detected languages English - United States
Debug artifacts NUIVoiceWBSAdapters.pdb
CompanyName Microsoft Corporation
FileDescription NUI Voice Biometric Service Adapters
FileVersion 10.0.22000.1 (WinBuild.160101.0800)
InternalName NUIVoiceWBSAdapters
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename NUIVoiceWBSAdapters.dll
ProductName Microsoft® Windows® Operating System
ProductVersion 10.0.22000.1

Plugin Output

Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
Safe VirusTotal score: 0/69 (Scanned on 2022-07-30 03:00:02) All the AVs think this file is safe.

Hashes

MD5 c9145ca2f62d2daf0068be88a022025e
SHA1 d922ee3ebd47395ea697119f1257c7582d5e4497
SHA256 9d83f23bb2e45c7020756a20abdb9d2a0a04e7108f703a15473a2e7c630303e3
SHA3 e57b812b6c9ce4698a8061e15666e0d58de3bfa66360657853d4b4d01f96129a
SSDeep 12288:Ep7bVGFthyofOjujJQwDbhrtUt8YW4u4u4q4u4u404u4v4I4u4u4j4u4u4D0Hg:ElbIJOjgQwDlrtUuYW4u4u4q4u4u404
Imports Hash 7a13c8a3153b21b6790695b8c78d62c4

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x108

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 6
TimeDateStamp 1971-Mar-20 23:19:31
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x7c000
SizeOfInitializedData 0x1a000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000007AD00 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x180000000
SectionAlignment 0x1000
FileAlignment 0x1000
OperatingSystemVersion A.0
ImageVersion A.0
SubsystemVersion A.0
Win32VersionValue 0
SizeOfImage 0x97000
SizeOfHeaders 0x1000
Checksum 0x991c8
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x40000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 6ddbf917333b2eff70412818b0516dcb
SHA1 37b60c00854bac4f098a2f279ce456ace973ece8
SHA256 3e8d40d20648c0d1e4926a31fb4099e16bbee6f4b8440557aebcc825d1d23f4b
SHA3 fd852b49dca8d14401800e203eed82204e02e402642b26c83242652d3fc9a14c
VirtualSize 0x7b416
VirtualAddress 0x1000
SizeOfRawData 0x7c000
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.43503

.rdata

MD5 45d44399ee75987da5412065399ab078
SHA1 35cc09723aacab3adc593f80dfd55f5b4055a1ae
SHA256 3bae8643e689ca891159fb428675ca773a23bd398d5b482c1e07b10e9d75698b
SHA3 f345d4b71a0fb6b725763a7dd1cdbfc0fe076dc68bcc2f5365263a0d982311b4
VirtualSize 0x109c6
VirtualAddress 0x7d000
SizeOfRawData 0x11000
PointerToRawData 0x7d000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.79084

.data

MD5 e1571b847fa4518507055480ed06be4c
SHA1 d89e73f64245c46040ca07d988797e266e6f48e8
SHA256 5c9545b3baf8c4fdd0024182c38dee3df7cd17dbd6ba9cecedee3ef1b8191462
SHA3 fa72e14a9d080bdc1fe94ffa42462a4d5f13e395d77776e5a7c4d23774fa09d8
VirtualSize 0x36e0
VirtualAddress 0x8e000
SizeOfRawData 0x3000
PointerToRawData 0x8e000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.09156

.pdata

MD5 e242ae49d0222aad51ae59f932203024
SHA1 29268168898e52db7a6e1b2979daf91fcf439a8d
SHA256 ad3de4602e74f954bb98ccf389294fbb8a6776b8b7286c7c5db0ac3d1b1352dd
SHA3 aaf27c476ad25b93138e857da1dd4f456ca72c8e981c42caf6b146a5deb0e52d
VirtualSize 0x2c70
VirtualAddress 0x92000
SizeOfRawData 0x3000
PointerToRawData 0x91000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.35818

.rsrc

MD5 1557758a71d96588ddd2fbb12f708389
SHA1 64057537d711c64edad5f800de9098d184989f44
SHA256 811ae33debf78bcedd79774c61ecac74a60806c7cf7c5cdbe6f14447ca820bfc
SHA3 a8d5fa15dfdeb7276abec4b4474afe8946bd949001596497345bcac01d992288
VirtualSize 0x440
VirtualAddress 0x95000
SizeOfRawData 0x1000
PointerToRawData 0x94000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.13509

.reloc

MD5 79920c63718480b7b41762453e0654b6
SHA1 dcefb9c38544e1a04471a815df8082f5b74d4812
SHA256 1ae5b1c5a9b60719092317ac47bcdd7bd1dc81b421f898c6d398d34f2a8859cc
SHA3 8ca4faf2ab49befe1e763ce3bf78cc8291b773442ad903bf6dfd0974a0d94678
VirtualSize 0x10c
VirtualAddress 0x96000
SizeOfRawData 0x1000
PointerToRawData 0x95000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.607536

Imports

api-ms-win-crt-runtime-l1-1-0.dll _initterm_e
_initterm
api-ms-win-crt-private-l1-1-0.dll _o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_atan2f
_o_cos
_o_cosf
_o_exp
_o_expf
_o_fclose
_o_fopen
_o_free
_o_log10f
_o_logf
_o_malloc
_o_pow
_o_powf
_o_sin
_o_sinf
_o_sqrt
_o_sqrtf
_o_strcat_s
_o_strcpy_s
_o_wcscpy_s
__C_specific_handler
__CxxFrameHandler3
_o__cexit
_o__callnewh
strchr
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfprintf_s
_o___stdio_common_vfprintf
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__CxxFrameHandler4
__std_terminate
_CxxThrowException
memcmp
memcpy
api-ms-win-crt-string-l1-1-0.dll memset
api-ms-win-core-libraryloader-l1-2-0.dll GetProcAddress
GetModuleFileNameA
FreeLibrary
GetModuleHandleW
GetModuleHandleExW
api-ms-win-core-synch-l1-2-0.dll InitOnceBeginInitialize
InitOnceComplete
api-ms-win-core-synch-l1-1-0.dll CreateMutexExW
DeleteCriticalSection
SetEvent
CreateSemaphoreExW
WaitForSingleObjectEx
OpenSemaphoreW
CreateEventW
ReleaseMutex
EnterCriticalSection
WaitForSingleObject
ReleaseSemaphore
InitializeCriticalSection
LeaveCriticalSection
ResetEvent
api-ms-win-core-heap-l1-1-0.dll HeapFree
GetProcessHeap
HeapAlloc
api-ms-win-core-errorhandling-l1-1-0.dll UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError
api-ms-win-core-com-l1-1-0.dll CoTaskMemAlloc
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoInitializeEx
api-ms-win-shcore-stream-l1-1-0.dll SHCreateMemStream
api-ms-win-eventing-provider-l1-1-0.dll EventSetInformation
EventUnregister
EventRegister
EventWriteTransfer
api-ms-win-core-processthreads-l1-1-0.dll GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
api-ms-win-core-localization-l1-2-0.dll FormatMessageW
api-ms-win-core-debug-l1-1-0.dll DebugBreak
OutputDebugStringW
IsDebuggerPresent
api-ms-win-core-profile-l1-1-0.dll QueryPerformanceFrequency
QueryPerformanceCounter
api-ms-win-core-handle-l1-1-0.dll CloseHandle
api-ms-win-core-rtlsupport-l1-1-0.dll RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry
api-ms-win-core-processthreads-l1-1-1.dll IsProcessorFeaturePresent
api-ms-win-core-sysinfo-l1-1-0.dll GetSystemTimeAsFileTime
api-ms-win-core-interlocked-l1-1-0.dll InitializeSListHead
ntdll.dll RtlQueryWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
MFPlat.DLL MFCreateMemoryBuffer
api-ms-win-core-threadpool-legacy-l1-1-0.dll DeleteTimerQueueEx
api-ms-win-core-threadpool-l1-2-0.dll CloseThreadpoolCleanupGroupMembers
SubmitThreadpoolWork
CloseThreadpool
CloseThreadpoolCleanupGroup
CreateThreadpoolWork
api-ms-win-core-file-l1-1-0.dll ReadFile
WriteFile
GetFileSize
CreateFileA
api-ms-win-core-libraryloader-l1-2-1.dll LoadLibraryA

Delayed Imports

WbioQueryEngineInterface

Ordinal 1
Address 0x10fb0

WbioQuerySensorInterface

Ordinal 2
Address 0x10fd0

1

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x3e0
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.44777
MD5 a1e52cb5a0f59a215dce703fe0992053
SHA1 fa4a80c9483a331c775acfbb04780104c84c23da
SHA256 f09c713809a943df4341bc7a5cd488d4ea0ba5878f6b60a47590d727fe319193
SHA3 101dda579034ccc6ed7f88cc6ffb1f04cbc287ada10a176d53c4625af67dfaf5

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 10.0.22000.1
ProductVersion 10.0.22000.1
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_DLL
Language English - United States
CompanyName Microsoft Corporation
FileDescription NUI Voice Biometric Service Adapters
FileVersion (#2) 10.0.22000.1 (WinBuild.160101.0800)
InternalName NUIVoiceWBSAdapters
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename NUIVoiceWBSAdapters.dll
ProductName Microsoft® Windows® Operating System
ProductVersion (#2) 10.0.22000.1
Resource LangID English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 1971-Mar-20 23:19:31
Version 0.0
SizeofData 48
AddressOfRawData 0x88bfc
PointerToRawData 0x88bfc
Referenced File NUIVoiceWBSAdapters.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 1971-Mar-20 23:19:31
Version 0.0
SizeofData 928
AddressOfRawData 0x88c2c
PointerToRawData 0x88c2c

UNKNOWN

Characteristics 0
TimeDateStamp 1971-Mar-20 23:19:31
Version 0.0
SizeofData 36
AddressOfRawData 0x88fcc
PointerToRawData 0x88fcc

UNKNOWN (#2)

Characteristics 0
TimeDateStamp 1971-Mar-20 23:19:31
Version 0.0
SizeofData 4
AddressOfRawData 0x88ff0
PointerToRawData 0x88ff0

TLS Callbacks

Load Configuration

Size 0x138
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x18008e3b0
GuardCFCheckFunctionPointer 6442964856
GuardCFDispatchFunctionPointer 0
GuardCFFunctionTable 0
GuardCFFunctionCount 0
GuardFlags (EMPTY)
CodeIntegrity.Flags 0
CodeIntegrity.Catalog 0
CodeIntegrity.CatalogOffset 0
CodeIntegrity.Reserved 0
GuardAddressTakenIatEntryTable 0
GuardAddressTakenIatEntryCount 0
GuardLongJumpTargetTable 0
GuardLongJumpTargetCount 0

RICH Header

XOR Key 0x24993762
Unmarked objects 0
Imports (29395) 4
Imports (VS2008 SP1 build 30729) 55
Total imports 1159
C objects (29395) 8
ASM objects (29395) 4
C++ objects (29395) 23
Exports (29395) 1
C objects (LTCG) (29395) 160
253 (29395) 1
Resource objects (29395) 1
Linker (29395) 1

Errors

<-- -->