Manalyze report for ecb78f83116b3c451062c3edaf272a86

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2022-Nov-11 09:21:24
Detected languages	English - United States
Debug artifacts	H:\Travaux\VB_VAC\VoiceMeeter\Project\voicemeeterpro_vc2010\x64\Release\VoicemeeterRemote64.pdb
Comments	VB-AUDIO Voicemeeter Remote API.
CompanyName	VB-AUDIO Software
FileDescription	VB-AUDIO Audio Remote Interface for Voicemeeter
FileVersion	`1, 0, 3, 8`
InternalName	vbvmr
LegalCopyright	V.Burel©2015-2022
OriginalFilename	VoicemeeterRemote.dll
ProductName	VoicemeeterRemote
ProductVersion	`1, 0, 3, 8`

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`May have dropper capabilities: CurrentControlSet\Services`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryW` `Can access the registry: RegEnumKeyW RegOpenKeyW RegQueryValueExW RegCloseKey RegEnumKeyA RegOpenKeyA RegOpenKeyExW RegOpenKeyExA RegQueryValueExA` `Possibly launches other programs: ShellExecuteA`
Info	The PE is digitally signed.	`Signer: BUREL VINCENT` `Issuer: GlobalSign GCC R45 EV CodeSigning CA 2020`
Safe	VirusTotal score: 0/71 (Scanned on 2025-01-30 07:30:12)	`All the AVs think this file is safe.`

Hashes

MD5	`ecb78f83116b3c451062c3edaf272a86`
SHA1	`1b2f5f0e3102276ee8ba5062a2dd31df95379b3b`
SHA256	`3649623f5957d8664990929cdb667c202a67898458bcdbb745fbb9291963c198`
SHA3	`47220f2f447e1c031e945d8388be435f6565ccb6657e5479b224420c0931f237`
SSDeep	`3072:5lu2oygVbesqB54qVK6TjR/CsMcZpDn8PYTcqgpugkwCIG:5U2obbesqB5H7TjR/CNUFkugdK`
Imports Hash	`c7d231f53fed7c32ee162e73305c0d03`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2022-Nov-11 09:21:24
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`10.0`
SizeOfCode	`0x1a200`
SizeOfInitializedData	`0xfc00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000000F350 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.2`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x31000`
SizeOfHeaders	`0x400`
Checksum	`0x2f111`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`b3b9e767dfb247c0abad2bc8650907a1`
SHA1	`e45db879171cde17ddbd81d8deb9d4baa07921de`
SHA256	`fbaca503e4b84394538e34bc69d31eb6b18e90aa6ca0568024b3ee011a7686f2`
SHA3	`b376c18f5dbb5bc5a84fba9186cb8a56bf3daff5235f381f2526b314ac45940b`
VirtualSize	`0x1a10a`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1a200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.45426`

.rdata

MD5	`f6e629601c7ab6fbe3928f88555f4761`
SHA1	`dc1f80e0eea36b7a72d2e208638b10777f84a6cd`
SHA256	`40a29f765fe1f7f969c5e93a89a13e025a793ce8aa454ad16ead3ac832d9b36c`
SHA3	`37c6be39dfe14d303d79fa9702a66420b124eb662b278fe9f33edf072b912921`
VirtualSize	`0x4c26`
VirtualAddress	`0x1c000`
SizeOfRawData	`0x4e00`
PointerToRawData	`0x1a600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.09347`

.data

MD5	`f45f1c069fca5d654c8a33c3b07a5606`
SHA1	`d03ce6edfc13723e0fef4c585d95e2b5648e8552`
SHA256	`91aa55aba06ab938c290dd89dd9f457b387632c70c4bdd23a2cdd6498331aacf`
SHA3	`f802499df78707487fef6c81ce2bc83ed5419da374fb7ee1a48a638d13488117`
VirtualSize	`0xb0f8`
VirtualAddress	`0x21000`
SizeOfRawData	`0x8a00`
PointerToRawData	`0x1f400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.1976`

.pdata

MD5	`80e861570708a207d823ebd4e7ecd2ab`
SHA1	`2fb2eab1df0d731ac137bfe6a83fbc53e7a9951f`
SHA256	`aa6b1f35a6ec342aab975b03af8cbe32ce69100276decf4f9ea35f5a620e621b`
SHA3	`a2665c7355412098e57db490057fd49dc466549ad100eafe07fd0bdc16b03cfa`
VirtualSize	`0x1230`
VirtualAddress	`0x2d000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x27e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.80637`

.rsrc

MD5	`ee62bc5e6a4e327b44cadc9ef7db9906`
SHA1	`0755a687e478651d514dc7d6d6f3950e8fa2db7a`
SHA256	`03b9215bd1297888f14df0bf9b16f14cb9e0006e47379702e3c3ba5c6a6ef99b`
SHA3	`b79c680b6668eaedf7f8a1807ede978634be0088b61301739dba802ecd89a4ee`
VirtualSize	`0x90c`
VirtualAddress	`0x2f000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x29200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.38761`

.reloc

MD5	`c4beec3093576f44f630284ddad187d2`
SHA1	`5300471805f19b8e5561a311cd7c205b77e5ad9d`
SHA256	`aa40e061f33e5f2ea7df8cfaab3314f3219438edfb5c19b75cbf852b5019f840`
SHA3	`90fc55959502e9d1754cc947f22274f98503590fa4b36c701461044944811376`
VirtualSize	`0x488`
VirtualAddress	`0x30000`
SizeOfRawData	`0x600`
PointerToRawData	`0x29c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`2.5104`

Imports

SETUPAPI.dll	`SetupDiGetDeviceInterfaceDetailW` `SetupDiEnumDeviceInterfaces` `SetupDiGetDeviceRegistryPropertyA` `SetupDiGetDeviceInterfaceAlias` `SetupDiDestroyDeviceInfoList` `SetupDiGetDeviceRegistryPropertyW` `SetupDiGetClassDevsA` `SetupDiOpenDeviceInterfaceRegKey`
WINMM.dll	`waveOutGetDevCapsW` `timeEndPeriod` `waveInGetNumDevs` `timeBeginPeriod` `waveInGetDevCapsW` `waveOutGetNumDevs`
KERNEL32.dll	`SetFilePointer` `WriteFile` `CreateFileW` `CloseHandle` `GetProcAddress` `GetModuleFileNameA` `GetModuleHandleA` `QueryPerformanceCounter` `GetCurrentThread` `SetThreadPriority` `QueryPerformanceFrequency` `FreeLibrary` `WaitForSingleObject` `CreateEventA` `LoadLibraryA` `DeviceIoControl` `MapViewOfFile` `UnmapViewOfFile` `GetTickCount` `CreateFileMappingA` `CreateThread` `InitializeCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `DeleteCriticalSection` `GetStringTypeW` `LCMapStringW` `LoadLibraryW` `FlushFileBuffers` `SetStdHandle` `GetConsoleMode` `GetConsoleCP` `GetSystemTimeAsFileTime` `GetCurrentProcessId` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `FlsAlloc` `SetLastError` `FlsFree` `FlsGetValue` `IsValidCodePage` `GetOEMCP` `GetACP` `GetCPInfo` `GetModuleFileNameW` `ExitProcess` `GetModuleHandleW` `HeapDestroy` `RtlVirtualUnwind` `HeapCreate` `GetVersion` `HeapSetInformation` `GetStartupInfoW` `GetFileType` `GetStdHandle` `SetHandleCount` `InitializeCriticalSectionAndSpinCount` `GetLastError` `Sleep` `GetCurrentProcess` `MultiByteToWideChar` `WideCharToMultiByte` `OpenFile` `WriteConsoleW` `IsDebuggerPresent` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `HeapFree` `HeapAlloc` `HeapReAlloc` `GetCurrentThreadId` `FlsSetValue` `GetCommandLineA` `OpenFileMappingA` `HeapSize` `RtlUnwindEx` `EncodePointer` `DecodePointer` `RtlCaptureContext` `RtlLookupFunctionEntry` `TerminateProcess`
USER32.dll	`CharLowerBuffA`
ADVAPI32.dll	`RegEnumKeyW` `RegOpenKeyW` `RegQueryValueExW` `RegCloseKey` `RegEnumKeyA` `RegOpenKeyA` `RegOpenKeyExW` `RegOpenKeyExA` `RegQueryValueExA`
SHELL32.dll	`ShellExecuteA`
ole32.dll	`PropVariantClear` `CoInitialize` `CoUninitialize` `CoCreateInstance` `CLSIDFromString` `CoTaskMemFree`

Delayed Imports

VBVMR_AudioCallbackRegister

Ordinal	`1`
Address	`0xe160`

VBVMR_AudioCallbackStart

Ordinal	`2`
Address	`0xe4d0`

VBVMR_AudioCallbackStop

Ordinal	`3`
Address	`0xe480`

VBVMR_AudioCallbackUnregister

Ordinal	`4`
Address	`0xe590`

VBVMR_GetLevel

Ordinal	`5`
Address	`0xc140`

VBVMR_GetMidiMessage

Ordinal	`6`
Address	`0xc380`

VBVMR_GetParameterFloat

Ordinal	`7`
Address	`0xa4b0`

VBVMR_GetParameterStringA

Ordinal	`8`
Address	`0xc090`

VBVMR_GetParameterStringW

Ordinal	`9`
Address	`0xbd90`

VBVMR_GetVoicemeeterType

Ordinal	`10`
Address	`0x9fc0`

VBVMR_GetVoicemeeterVersion

Ordinal	`11`
Address	`0x9ff0`

VBVMR_Input_GetDeviceDescA

Ordinal	`12`
Address	`0xd6e0`

VBVMR_Input_GetDeviceDescW

Ordinal	`13`
Address	`0xd7b0`

VBVMR_Input_GetDeviceNumber

Ordinal	`14`
Address	`0xd6c0`

VBVMR_IsParametersDirty

Ordinal	`15`
Address	`0xa440`

VBVMR_Login

Ordinal	`16`
Address	`0x9f20`

VBVMR_Logout

Ordinal	`17`
Address	`0x9f30`

VBVMR_MacroButton_GetStatus

Ordinal	`18`
Address	`0xa310`

VBVMR_MacroButton_IsDirty

Ordinal	`19`
Address	`0xa2a0`

VBVMR_MacroButton_SetStatus

Ordinal	`20`
Address	`0xa3a0`

VBVMR_Output_GetDeviceDescA

Ordinal	`21`
Address	`0xd680`

VBVMR_Output_GetDeviceDescW

Ordinal	`22`
Address	`0xd6a0`

VBVMR_Output_GetDeviceNumber

Ordinal	`23`
Address	`0xce50`

VBVMR_RunVoicemeeter

Ordinal	`24`
Address	`0xa020`

VBVMR_SendMidiMessage

Ordinal	`25`
Address	`0xc400`

VBVMR_SetParameterFloat

Ordinal	`26`
Address	`0xc470`

VBVMR_SetParameterStringA

Ordinal	`27`
Address	`0xc690`

VBVMR_SetParameterStringW

Ordinal	`28`
Address	`0xc530`

VBVMR_SetParameters

Ordinal	`29`
Address	`0xcd80`

VBVMR_SetParametersW

Ordinal	`30`
Address	`0xcd70`

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.99717`
MD5	`44813ca5d79114474bbf3c151694d407`
SHA1	`6c4c366d0064651094bd6365ea4c6421331a5067`
SHA256	`e8cdf552822119ffc90a1cec7f06c2539c9cad3832313d8b90d393c4919dc6fa`
SHA3	`3d3165d7d0d0edfa2ba497b211ea06773f48d770ae771e0d6527a0c9daaac9cc`

100

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.16096`
Detected Filetype	Icon file
MD5	`42cf62b780813706e75fb9f2b2e8c258`
SHA1	`a022d5c1cfdd8aace0089f3e72f2eedd41bda464`
SHA256	`a0c9d012e2bf6b2fe05c2d97cb5594d97cf2f539e97935c12abd7a3562f4d9bf`
SHA3	`0aafc8e3d8b6bde595537da4ffe0efc5fe53f01dafe336a2a5828b6a71283d3c`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x384`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.40867`
MD5	`26742ab957f906cb0917f99a261bc47f`
SHA1	`3bf961faec18cd6e8f8860e6c93fffd37e783990`
SHA256	`a8f425c027ff67097e326634dd977205fa01b8531f1b87b2fc6571bd73f329f1`
SHA3	`bd69133047a49a7b06c56aa28a01d83c931e39c05eed7fb078c599d335ba8fab`

2

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x15a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.79597`
MD5	`24d3b502e1846356b0263f945ddd5529`
SHA1	`bac45b86a9c48fc3756a46809c101570d349737d`
SHA256	`49a60be4b95b6d30da355a0c124af82b35000bce8f24f957d1c09ead47544a1e`
SHA3	`1244ed60820da52dc4b53880ec48e3b587dbdbd9545f01fa2b1c0fcfea1d5e9e`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.3.8
ProductVersion	1.0.3.8
FileFlags	`(EMPTY)`
FileOs	`(EMPTY)`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	VB-AUDIO Voicemeeter Remote API.
CompanyName	VB-AUDIO Software
FileDescription	VB-AUDIO Audio Remote Interface for Voicemeeter
FileVersion (#2)	1, 0, 3, 8
InternalName	vbvmr
LegalCopyright	V.Burel©2015-2022
OriginalFilename	VoicemeeterRemote.dll
ProductName	VoicemeeterRemote
ProductVersion (#2)	1, 0, 3, 8

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2022-Nov-11 09:21:24
Version	`0.0`
SizeofData	`120`
AddressOfRawData	`0x1e5a4`
PointerToRawData	`0x1cba4`
Referenced File	H:\Travaux\VB_VAC\VoiceMeeter\Project\voicemeeterpro_vc2010\x64\Release\VoicemeeterRemote64.pdb

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xcdcb9885`
Unmarked objects	`0`
C++ objects (VS2010 SP1 build 40219)	`37`
C objects (VS2010 SP1 build 40219)	`123`
ASM objects (VS2010 SP1 build 40219)	`11`
C++ objects (VS2008 SP1 build 30729)	`1`
C objects (VS2008 SP1 build 30729)	`1`
Imports (VS2008 SP1 build 30729)	`19`
Total imports	`211`
175 (VS2010 SP1 build 40219)	`16`
Exports (VS2010 SP1 build 40219)	`1`
Resource objects (VS2010 SP1 build 40219)	`1`
Linker (VS2010 SP1 build 40219)	`1`

ecb78f83116b3c451062c3edaf272a86

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.rsrc

.reloc

Imports

Delayed Imports

VBVMR_AudioCallbackRegister

VBVMR_AudioCallbackStart

VBVMR_AudioCallbackStop

VBVMR_AudioCallbackUnregister

VBVMR_GetLevel

VBVMR_GetMidiMessage

VBVMR_GetParameterFloat

VBVMR_GetParameterStringA

VBVMR_GetParameterStringW

VBVMR_GetVoicemeeterType

VBVMR_GetVoicemeeterVersion

VBVMR_Input_GetDeviceDescA

VBVMR_Input_GetDeviceDescW

VBVMR_Input_GetDeviceNumber

VBVMR_IsParametersDirty

VBVMR_Login

VBVMR_Logout

VBVMR_MacroButton_GetStatus

VBVMR_MacroButton_IsDirty

VBVMR_MacroButton_SetStatus

VBVMR_Output_GetDeviceDescA

VBVMR_Output_GetDeviceDescW

VBVMR_Output_GetDeviceNumber

VBVMR_RunVoicemeeter

VBVMR_SendMidiMessage

VBVMR_SetParameterFloat

VBVMR_SetParameterStringA

VBVMR_SetParameterStringW

VBVMR_SetParameters

VBVMR_SetParametersW

1

100

1 (#2)

2

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors