| Architecture |
IMAGE_FILE_MACHINE_AMD64
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date |
2023-Sep-29 09:19:15
|
| Detected languages |
English - United Kingdom
English - United States
|
| CompanyName |
Realtek Semiconductor
|
| FileDescription |
Realtek HD Audio
|
| FileVersion |
10.0.0.3
|
| InternalName |
RtHDVBgProc.exe
|
| LegalCopyright |
2017 (c) Realtek Semiconductor. All rights reserved.
|
| OriginalFilename |
taskhostw.exe
|
| ProductName |
Realtek HD Audio
|
| ProductVersion |
10.0.0.3
|
| Suspicious |
PEiD Signature: |
UPolyX V0.1 -> Delikon
|
| Suspicious |
This PE is packed with Themida |
Unusual section name found:
Unusual section name found:
Unusual section name found:
Unusual section name found:
Unusual section name found:
Unusual section name found:
Unusual section name found: .imports
Unusual section name found: .themida
Section .themida is both writable and executable.
Unusual section name found: .boot
|
| Malicious |
The program tries to mislead users about its origins. |
The PE pretends to be from Realtek but is not signed!
|
| Malicious |
VirusTotal score: 42/72 (Scanned on 2023-12-25 15:53:20) |
Bkav:
W64.AIDetectMalware
Lionic:
Trojan.Win64.Agentb.trtl
DrWeb:
Trojan.AutoIt.1131
Skyhigh:
Artemis
Malwarebytes:
Trojan.BitCoinMiner
Sangfor:
Suspicious.Win32.Save.a
CrowdStrike:
win/malicious_confidence_100% (W)
Alibaba:
Packed:Win64/Themida.aa7c161d
K7GW:
Trojan ( 0059644d1 )
K7AntiVirus:
Trojan ( 0059644d1 )
Symantec:
ML.Attribute.HighConfidence
Elastic:
malicious (high confidence)
ESET-NOD32:
a variant of Win64/Packed.Themida.NH
APEX:
Malicious
Cynet:
Malicious (score: 99)
Kaspersky:
UDS:Trojan.Win64.Agent
Avast:
Win64:Malware-gen
F-Secure:
Heuristic.HEUR/AGEN.1365567
Zillya:
Trojan.Themida.Win64.9242
FireEye:
Generic.mg.dc1292c7fa973a33
Sophos:
Mal/Generic-S
SentinelOne:
Static AI - Malicious PE
Webroot:
W32.Trojan.Gen
Google:
Detected
Avira:
HEUR/AGEN.1365567
Antiy-AVL:
Trojan/Win32.Wacatac
Kingsoft:
Win32.Troj.Unknown.a
Gridinsoft:
Ransom.Win64.Wacatac.ca
Microsoft:
Trojan:Win32/Wacatac.B!ml
Varist:
W64/Trojan.GKA.gen!Eldorado
AhnLab-V3:
Trojan/Win.Trojan-gen.R574919
McAfee:
Artemis!DC1292C7FA97
Cylance:
unsafe
Panda:
Trj/Chgt.AD
TrendMicro-HouseCall:
TROJ_GEN.R023H07JD23
Tencent:
Malware.Win32.Gencirc.13f8c98c
Ikarus:
Trojan.Win64.Themida
MaxSecure:
Trojan.Malware.12030117.susgen
Fortinet:
W32/PossibleThreat
AVG:
Win64:Malware-gen
Cybereason:
malicious.1eeefe
DeepInstinct:
MALICIOUS
|
| MD5 |
dc1292c7fa973a334934340d6674e376
|
| SHA1 |
82660001eeefec20cdfa4ce78f8db5e6968ce729
|
| SHA256 |
fcc78017b47e6d12fc84a479bce14e27562e746d928ebe30bdb13cbc3cc8c2d1
|
| SHA3 |
30a4791a2b8411fe56ce6dd18cd17b2d39421fa3b005ccbc54aa23915aa9574a
|
| SSDeep |
786432:5Uv4WjB487BSaxifeu5K/P9D/puKTLAA+ecrJ:5UvbnoX5g/puKTczr
|
| Imports Hash |
1cd069a1d0a6220306935daaf0c539a1
|
| e_magic |
MZ
|
| e_cblp |
0x90
|
| e_cp |
0x3
|
| e_crlc |
0
|
| e_cparhdr |
0x4
|
| e_minalloc |
0
|
| e_maxalloc |
0xffff
|
| e_ss |
0
|
| e_sp |
0xb8
|
| e_csum |
0
|
| e_ip |
0
|
| e_cs |
0
|
| e_ovno |
0
|
| e_oemid |
0
|
| e_oeminfo |
0
|
| e_lfanew |
0x130
|
| Signature |
PE
|
| Machine |
IMAGE_FILE_MACHINE_AMD64
|
| NumberofSections |
12
|
| TimeDateStamp |
2023-Sep-29 09:19:15
|
| PointerToSymbolTable |
0
|
| NumberOfSymbols |
0
|
| SizeOfOptionalHeader |
0xf0
|
| Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
| Magic |
PE32+
|
| LinkerVersion |
14.0
|
| SizeOfCode |
0xb3400
|
| SizeOfInitializedData |
0x16baa00
|
| SizeOfUninitializedData |
0
|
| AddressOfEntryPoint |
0x0000000001FA41B8 (Section: .boot)
|
| BaseOfCode |
0x1000
|
| ImageBase |
0x140000000
|
| SectionAlignment |
0x1000
|
| FileAlignment |
0x200
|
| OperatingSystemVersion |
5.2
|
| ImageVersion |
0.0
|
| SubsystemVersion |
5.2
|
| Win32VersionValue |
0
|
| SizeOfImage |
0x247e000
|
| SizeOfHeaders |
0x600
|
| Checksum |
0x1c2f939
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve |
0x400000
|
| SizeofStackCommit |
0x1000
|
| SizeofHeapReserve |
0x400000
|
| SizeofHeapCommit |
0x1000
|
| LoaderFlags |
0
|
| NumberOfRvaAndSizes |
16
|
| MD5 |
b3d1f4acebf2446f2564accfe3a28707
|
| SHA1 |
6dcb92ea0e1fd53598a08be18a5690feca3e3296
|
| SHA256 |
eb73aa07868e63e7e7c1976ea04681a0930381cfaa37753dcba7aed1d7b95271
|
| SHA3 |
624a7fcf6c9a330e861744d6dbbb2dda516253a42ee52b420f2355c0896f22f8
|
| VirtualSize |
0xb3328
|
| VirtualAddress |
0x1000
|
| SizeOfRawData |
0x5f9a1
|
| PointerToRawData |
0x600
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| Entropy |
7.9833
|
| MD5 |
432c6ce844c0b6e6058eb203fcb41b45
|
| SHA1 |
0eef3aad7066f6b5647c3982a7033abe68dccfdf
|
| SHA256 |
2e45280960b86339179ba38863f9d3575c8af868196e0de5dadf0ce20956c666
|
| SHA3 |
179af7b5c61d3cff01a914dd999815b86ffe9a540b7c2b62ef85c10f03e85e50
|
| VirtualSize |
0x34204
|
| VirtualAddress |
0xb5000
|
| SizeOfRawData |
0xedc7
|
| PointerToRawData |
0x60000
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
7.96796
|
| MD5 |
3ad88163f46952077804855d22dd0dda
|
| SHA1 |
cb614090411b52be6c27f57852d313edb3543b65
|
| SHA256 |
d6a2994b13d401a02e979cef5b726a674c61b04f3b7c4e0bd675b245cc6b5e1e
|
| SHA3 |
a6ed5045fc975af63eafa77e28c8b655b120d94fd4e8a7acd627d2f197d9c5bd
|
| VirtualSize |
0x9120
|
| VirtualAddress |
0xea000
|
| SizeOfRawData |
0x2f9
|
| PointerToRawData |
0x6ee00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
7.64919
|
| MD5 |
931ca9c9894e1bed2c97eecb40d967ac
|
| SHA1 |
c3982a67ede350455eb45517c7e9429f8d2ac526
|
| SHA256 |
fd77d4b0212322fbf3e3613ea38dc74b798115e497dbf02664cacde9c0289436
|
| SHA3 |
3445e977ff99cb884a8d4ec34f7b2537b058e225210fff1400fe95fb71a9d168
|
| VirtualSize |
0x6f48
|
| VirtualAddress |
0xf4000
|
| SizeOfRawData |
0x4186
|
| PointerToRawData |
0x6f200
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
7.67471
|
| MD5 |
ae7f2f4fcf5823872a0a4be7f0021444
|
| SHA1 |
09170fa3a647e09d03c6e9d470ab97f836c58006
|
| SHA256 |
6280c533639759fd60feae534c79fc9aad96cdfdea91ebf0a483b76aebfc2050
|
| SHA3 |
e638c974ab3a4a9bf4a82fff84ba7d2c61fdd1ae0fe63fbf1af9f3ba10480cb4
|
| VirtualSize |
0x167a000
|
| VirtualAddress |
0xfb000
|
| SizeOfRawData |
0x1679a00
|
| PointerToRawData |
0x73400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
7.99522
|
| MD5 |
176e9cbda8497483fc31d715ad1f3cf9
|
| SHA1 |
6ecf142a062ef49353e28cfdfcf1686a1b22165b
|
| SHA256 |
d59e7c9caf85c43ed8277d1ed26eea8a95dc12da6b84650460c77a57a4197914
|
| SHA3 |
7a3feca942a71847f304837e60ab9d9dc6127382dde29adfaca985fdaba6af54
|
| VirtualSize |
0xa74
|
| VirtualAddress |
0x1775000
|
| SizeOfRawData |
0x703
|
| PointerToRawData |
0x16ece00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
| Entropy |
7.69119
|
| MD5 |
955f15a096c6cb5e3693f70867c04e5b
|
| SHA1 |
5092ee984c4550436da01fcade262338bc71e54e
|
| SHA256 |
0a4f40129713f07cd4906bc7a5c9f2005f3215913d31e0daabfd3117d7f087b1
|
| SHA3 |
94b6d4b273949f01c290eaf7f05a82e421ae10ff1f98cae14c30b29b0680cc7e
|
| VirtualSize |
0x1000
|
| VirtualAddress |
0x1776000
|
| SizeOfRawData |
0x600
|
| PointerToRawData |
0x16ed600
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
3.22651
|
| MD5 |
35513a5e7d9194a7b954991ffed23946
|
| SHA1 |
8855c28a455a36b71ebbf534426c046bf75948b4
|
| SHA256 |
45d7f49e7274c77750052df58a1364dfde741585d6c022c10008211736142e7e
|
| SHA3 |
0a506700125239d4898948cc9df1f45cd39fd62bb051ef95538ac3c44dce295f
|
| VirtualSize |
0x1000
|
| VirtualAddress |
0x1777000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x16edc00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0.284569
|
| MD5 |
de18eee169bcfd98399494c7dbb646aa
|
| SHA1 |
0f0cabd1957183a8d511e5f4e7235530dca0318a
|
| SHA256 |
16c4def3c6a617c1c4d21f2b47740f09592fa122deb777eed58aa4c2773833d7
|
| SHA3 |
9f09db1ab874f2f6a07fcba1145ec0f4e009d597f252b982dd7ce916fc17b166
|
| VirtualSize |
0x5b800
|
| VirtualAddress |
0x1778000
|
| SizeOfRawData |
0x5b800
|
| PointerToRawData |
0x16ede00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
2.86003
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x7d0000
|
| VirtualAddress |
0x17d4000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0x1749600
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| MD5 |
60d53600973c57ef5df50eaef2b15440
|
| SHA1 |
01fe0d422b5adcf8ca169b6a15018cb3ff720d9d
|
| SHA256 |
74cc12d455d777995b3bdc12a1cbaab43949a8ef9bde6789b87e0fd1d605e114
|
| SHA3 |
bceb5b93478e8406dbd161e8adfa5bf81e99f27c3f87729a93a5265758628aa8
|
| VirtualSize |
0x4d8e00
|
| VirtualAddress |
0x1fa4000
|
| SizeOfRawData |
0x4d8e00
|
| PointerToRawData |
0x1749600
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| Entropy |
7.96317
|
| MD5 |
4233decae0e5cd32cbdd9fffb403a40d
|
| SHA1 |
63529f03de5da68f544d126dc446e368ccc53c72
|
| SHA256 |
3075c6078e9a9e7b89effd2cb052187b1cf775e6ae718758a08cb884e0e8af36
|
| SHA3 |
f831f551a149e0d6722df8a7e1d8977de242c19bf413582348ffd64fa3ef4501
|
| VirtualSize |
0x1000
|
| VirtualAddress |
0x247d000
|
| SizeOfRawData |
0x10
|
| PointerToRawData |
0x1c22400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_MEM_READ
|
| Entropy |
2.73346
|
| kernel32.dll |
GetModuleHandleA
|
| WSOCK32.dll |
gethostbyname
|
| VERSION.dll |
GetFileVersionInfoW
|
| WINMM.dll |
timeGetTime
|
| COMCTL32.dll |
ImageList_ReplaceIcon
|
| MPR.dll |
WNetGetConnectionW
|
| WININET.dll |
HttpOpenRequestW
|
| PSAPI.DLL |
GetProcessMemoryInfo
|
| IPHLPAPI.DLL |
IcmpSendEcho
|
| USERENV.dll |
DestroyEnvironmentBlock
|
| UxTheme.dll |
IsThemeActive
|
| USER32.dll |
GetMenuStringW
|
| GDI32.dll |
EndPath
|
| COMDLG32.dll |
GetSaveFileNameW
|
| ADVAPI32.dll |
GetAce
|
| SHELL32.dll |
DragFinish
|
| ole32.dll |
CoTaskMemAlloc
|
| OLEAUT32.dll |
VariantChangeType
|
| Type |
RT_ICON
|
| Language |
English - United Kingdom
|
| Codepage |
UNKNOWN
|
| Size |
0x12428
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
2.46688
|
| MD5 |
cc4da6eebbe8093bffcb4148242d2286
|
| SHA1 |
3131536d651c6194aacc8709e387417d103426fd
|
| SHA256 |
035f73e28f02daa8df31b3e2a12a0d4851c80134af0923506ed9c4bf3b363f9f
|
| SHA3 |
fd8a15d6940574c2d9065a9e6eed25a42af916d1e5b2067efb90fd4a8ecdd059
|
| Type |
RT_ICON
|
| Language |
English - United Kingdom
|
| Codepage |
UNKNOWN
|
| Size |
0xea8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.75296
|
| MD5 |
1dc4f3a046894843fd706f4d9c588ffd
|
| SHA1 |
2cfdf90539fa62aafe742838691c881c794d8043
|
| SHA256 |
262cf81efd7c6401271e1f81221ff77b2c572a266b6936c76c7a40c21ed3da3a
|
| SHA3 |
0163e703b393127c210225f504c35b6af7d412d6735319b29e8de8a3039a1b19
|
| Type |
RT_ICON
|
| Language |
English - United Kingdom
|
| Codepage |
UNKNOWN
|
| Size |
0x8a8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.36849
|
| MD5 |
5b57bd748d1b20ada8677f69cebcf95c
|
| SHA1 |
33f37ebbb3778c7a166d534fef350e40f2cafbb6
|
| SHA256 |
d7112926fabd4bc2136517e21381950c2dcb21a62806a2bacf30627308cda077
|
| SHA3 |
bc61b54dc9cc28f7055b29177bb142dc2fdb9fe5bf4efbfe6dcb149f85580f24
|
| Type |
RT_ICON
|
| Language |
English - United Kingdom
|
| Codepage |
UNKNOWN
|
| Size |
0x6c8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.12839
|
| MD5 |
f4ac483105e6aeb5c6f1528c899dff1b
|
| SHA1 |
f08bece76a47c3b416f51df24b5e881bd41a4d57
|
| SHA256 |
c86797ef7b27769b9a9b7499846cc77a683ba59eb540e52fcb032b5f92db2a37
|
| SHA3 |
b6a038b869ca91a104cbf581b6a3669676fcf9640ca6288ead39049154ad9675
|
| Type |
RT_ICON
|
| Language |
English - United Kingdom
|
| Codepage |
UNKNOWN
|
| Size |
0x568
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
1.88557
|
| MD5 |
11f67d2523d9ad19443dfb064396bb33
|
| SHA1 |
592bce2a44443606c793314a54a7b96ca972214c
|
| SHA256 |
f11cfafc49c04bd29fe6f934a6fea2d395e39763fe0038cf04e142edeb700228
|
| SHA3 |
b8f01819da7ab17c7a96525664b96666e90315fb4688562f00e108beac5e4e7e
|
| Type |
RT_ICON
|
| Language |
English - United Kingdom
|
| Codepage |
UNKNOWN
|
| Size |
0x42028
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
2.63737
|
| MD5 |
722da868517579fcb82343f3fbfb7819
|
| SHA1 |
2526d8faac866b44e71aad8912b2ad007b47697c
|
| SHA256 |
43c361ff5d6e6b79c42e91d3aebf58f3ea4feae174aea23668fae0bf57f51cbe
|
| SHA3 |
fadcfcd9db4165f6d6d92baf017529224d29d660470d8e7c5fe4062cb54aca69
|
| Type |
RT_ICON
|
| Language |
English - United Kingdom
|
| Codepage |
UNKNOWN
|
| Size |
0x25a8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.35279
|
| MD5 |
cab0a0bcf0a88217e0cefa5356beba88
|
| SHA1 |
6752156848a059b8419a50ecfc055804e45d232a
|
| SHA256 |
de53727080b7cc0f221f2e57f2608cc15bd8858d69d975647b6f6141d8b1380e
|
| SHA3 |
480a57e9e8f79c790d92d47fa2d80368c64adb650edbab499af161488b9ef887
|
| Type |
RT_ICON
|
| Language |
English - United Kingdom
|
| Codepage |
UNKNOWN
|
| Size |
0x10a8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.33217
|
| MD5 |
56b39b6964704d0427c2ce9da1fcd248
|
| SHA1 |
da0802bdc406d3cf5a20f244f6d8519190ab79b9
|
| SHA256 |
dbb0b501d8160ec96218892b8e8e8a2bf6b6c92f01c00637b03f4541f09179a9
|
| SHA3 |
940ee4903bc7275ccdee7e50728ed832eb3a5b8029647a531d5ae7ae26bb9647
|
| Type |
RT_ICON
|
| Language |
English - United Kingdom
|
| Codepage |
UNKNOWN
|
| Size |
0x988
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.91734
|
| MD5 |
703db582a86ea5fd27c49f878014b81b
|
| SHA1 |
b93936af36e5d32146581a424d96384e19380f1d
|
| SHA256 |
25ef479c8b554e90a2321c24108e5ef86c8687e781a4e4239ecf0791181a7d67
|
| SHA3 |
85b08d34ad1b8dfc6c1c708433f643ee78e983b477cea8ca27bd744c602ebb31
|
| Type |
RT_ICON
|
| Language |
English - United Kingdom
|
| Codepage |
UNKNOWN
|
| Size |
0x468
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.86678
|
| MD5 |
409b3807e85bc7bbe99f20af1eb598bd
|
| SHA1 |
4cfc29a30fa44ecd8fc74a0ddbe7adcc35b52705
|
| SHA256 |
d2642004ec05301bad20bdea3f538b589a7b4688f4b1c2ef8e60c88ad27da3f7
|
| SHA3 |
b4bfbac91996d86aca7493766baeb419d4611ae3033d93381f1d78e454409954
|
| Type |
RT_GROUP_ICON
|
| Language |
English - United Kingdom
|
| Codepage |
UNKNOWN
|
| Size |
0x92
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
2.8872
|
| Detected Filetype |
Icon file
|
| MD5 |
ffc5cfdd2fbbf64191b5c72e364fa5e7
|
| SHA1 |
c852c8dad4755c8801a528af417eecca121647ff
|
| SHA256 |
df2b6f4aec56cc8b65f8bd7e58671a8b90a345db673a8d93985d1a7881cd9df6
|
| SHA3 |
bea0668c18934bbddbbc63c35a3083dbc8081ea3de6a503aa23827075e01b211
|
| Type |
RT_VERSION
|
| Language |
English - United Kingdom
|
| Codepage |
UNKNOWN
|
| Size |
0x338
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.39627
|
| MD5 |
1b3a29e54cdce82b12eade6ce42b4e34
|
| SHA1 |
e609e53e8bcb61256752af4c47a74ff0e5dcb493
|
| SHA256 |
49ada43965c2214607880d3adf7430b8a75fe5302c36a281b490203e121cfe5c
|
| SHA3 |
a7e7a1b731dfb72236794b9fb5fdc40c6ae6424a59833178123b61fee77a51a5
|
| Type |
RT_MANIFEST
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x3ef
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
5.40026
|
| MD5 |
a8983985aa631a15210e820fc8e1e52e
|
| SHA1 |
fed4e5d714e5b12f8a61604ba61eaf6e2bee2fbd
|
| SHA256 |
1bd8139910a81485aadb0bb28586e233768486de8c09f6a565ae457805702d39
|
| SHA3 |
8582ac809cc76ad6f98d859f53bd4eed751c5aeb31783f353e10875eae68ce64
|
| Signature |
0xfeef04bd
|
| StructVersion |
0x10000
|
| FileVersion |
10.0.0.3
|
| ProductVersion |
10.0.0.3
|
| FileFlags |
(EMPTY)
|
| FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
| FileType |
VFT_APP
|
| Language |
English - United States
|
| CompanyName |
Realtek Semiconductor
|
| FileDescription |
Realtek HD Audio
|
| FileVersion (#2) |
10.0.0.3
|
| InternalName |
RtHDVBgProc.exe
|
| LegalCopyright |
2017 (c) Realtek Semiconductor. All rights reserved.
|
| OriginalFilename |
taskhostw.exe
|
| ProductName |
Realtek HD Audio
|
| ProductVersion (#2) |
10.0.0.3
|
| Resource LangID |
English - United Kingdom
|
| XOR Key |
0xb847502b
|
| Unmarked objects |
0
|
| 241 (40116) |
21
|
| 243 (40116) |
156
|
| 242 (40116) |
33
|
| 199 (41118) |
1
|
| C++ objects (VS 2015/2017 runtime 26706) |
46
|
| C objects (VS 2015/2017 runtime 26706) |
17
|
| ASM objects (VS 2015/2017 runtime 26706) |
8
|
| C objects (VS2008 SP1 build 30729) |
8
|
| 135 (VS2008 SP1 build 30729) |
1
|
| Imports (VS2008 SP1 build 30729) |
37
|
| Total imports |
557
|
| C++ objects (POGO O) (27045) |
80
|
| ASM objects (27045) |
1
|
| Resource objects (27045) |
1
|
| 151 |
1
|
| Linker (27045) |
1
|
[!] Error: Could not reach the TLS callback table.
[*] Warning: Section .themida has a size of 0!
dc1292c7fa973a334934340d6674e376