0f08d6255bae05e2390f4c51998d4c3bb9373e73e8f0de4371b3d19d03e1f877

Sharing

Copy URL Twitter E-mail

General

Target

0f08d6255bae05e2390f4c51998d4c3bb9373e73e8f0de4371b3d19d03e1f877
Size

865KB
MD5

8437adee88bfdb7eaebb35adeb6a10b9
SHA1

8c7c59b327a3c7fc81ec5135d3756223147dceac
SHA256

0f08d6255bae05e2390f4c51998d4c3bb9373e73e8f0de4371b3d19d03e1f877
SHA512

334cd6226dfb4695972d2559cc5ca17e7e1a76c5b6a211bbd2d4e769c58745bf8b63e15778b9f1497e50d936502708432b418b203a53190735cd212965e9957f
SSDEEP

24576:1jE5jHDik7wCpRmkO3JhGs+43OM2TKh5U0Z:1uD1w8RmlTf+4+x85UU

Score

N/A

Malware Config

Signatures

Files

0f08d6255bae05e2390f4c51998d4c3bb9373e73e8f0de4371b3d19d03e1f877
.rar
amd64_microsoft-windows-a..winmmbase.resources_31bf3856ad364e35_10.0.17763.1_en-us_c1b29ff421bbb502/winmm.dll.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-a..winmmbase.resources_31bf3856ad364e35_10.0.17763.1_en-us_c1b29ff421bbb502/winmmbase.dll.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-aclui.resources_31bf3856ad364e35_10.0.17763.1_en-us_3297be140915217d/aclui.dll.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 70KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-aclui_31bf3856ad364e35_10.0.17763.1_none_45d048030bd026b8/aclui.dll
.dll windows x64

2129587bcf3b94e186f64818efa34948

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_wcsnicmp
_wcstoui64
_ultow_s
iswctype
wcstoul
swprintf_s
wcsncpy_s
_wcstoi64
_ui64tow_s
_i64tow_s
_CxxThrowException
__RTDynamicCast
floor
memcmp
memcpy
memmove
wcscmp
wcstok_s
_ultow
memset
realloc
_errno
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
wcsrchr
__C_specific_handler
malloc
wcscpy_s
iswspace
wcscspn
wcsspn
wcspbrk
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
?what@exception@@UEBAPEBDXZ
wcsncmp
_itow_s
memmove_s
wcschr
wcsnlen
free
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
memcpy_s
_vsnwprintf
__CxxFrameHandler3

shell32

ord6
ord258
ord259

api-ms-win-shlwapi-winrt-storage-l1-1-1

ord165

advapi32

GetSecurityDescriptorSacl
LsaFreeMemory
LsaQueryInformationPolicy
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
GetSecurityDescriptorDacl
GetSecurityDescriptorControl
EventWrite
EqualPrefixSid
SetThreadToken
AdjustTokenPrivileges
DuplicateTokenEx
OpenThreadToken
LsaGetAppliedCAPIDs
GetWindowsAccountDomainSid
LsaLookupSids
GetSidSubAuthority
IsValidAcl
IsValidSecurityDescriptor
IsWellKnownSid
LookupAccountSidW
DeleteAce
LookupAccountNameW
OpenProcessToken
GetSidSubAuthorityCount
LsaOpenPolicy
AddConditionalAce
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
AddAccessAllowedAce
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorLength
CopySid
EventUnregister
EventRegister
GetAce
IsValidSid
GetLengthSid
EqualSid
AllocateAndInitializeSid
LsaClose

gdi32

DeleteObject
SelectObject
CreateFontIndirectW
GetTextExtentPoint32W
GetDeviceCaps
SetBkColor
SetBkMode
GetObjectW
SetTextColor

kernel32

GlobalLock
GlobalUnlock
GetModuleFileNameW
MultiByteToWideChar
lstrcmpiW
HeapSize
HeapDestroy
VirtualFree
VirtualAlloc
LoadLibraryExA
EncodePointer
DecodePointer
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
OutputDebugStringA
lstrcmpW
FindResourceW
GetCurrentThread
CreateActCtxW
ReleaseActCtx
ActivateActCtx
DeactivateActCtx
DelayLoadFailureHook
ResolveDelayLoadedAPI
lstrlenW
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
LocalAlloc
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
LocalFree
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
TlsGetValue
EnterCriticalSection
LeaveCriticalSection
RaiseException
MulDiv
InitOnceExecuteOnce
CompareStringW
CheckElevationEnabled
CreateThreadpoolWait
SetThreadpoolWait
AcquireSRWLockShared
ReleaseSRWLockShared
SetEvent
CompareStringEx
GetTickCount
SizeofResource
LockResource
LoadResource
FindResourceExW
DisableThreadLibraryCalls
InitializeCriticalSection
TlsAlloc
TlsFree
DeleteCriticalSection
LocalReAlloc
LoadLibraryExW
CreateThread
FreeLibrary
FreeLibraryAndExitThread
HeapReAlloc
GetCurrentProcess
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait

ntdll

RtlSetOwnerSecurityDescriptor
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
RtlLengthSid
RtlCreateUnicodeString
RtlFreeUnicodeString
RtlIsPackageSid
RtlInitializeCriticalSectionEx
RtlDeleteCriticalSection
RtlGetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlEqualSid
RtlFirstFreeAce
RtlAddAccessDeniedObjectAce
RtlAddAccessAllowedObjectAce
RtlAddAccessDeniedAceEx
RtlCopySid
RtlAbsoluteToSelfRelativeSD
RtlGetGroupSecurityDescriptor
RtlAddAce
RtlSubAuthorityCountSid
RtlGetOwnerSecurityDescriptor
RtlAddAccessAllowedAceEx
RtlAddAuditAccessAceEx
RtlGetAce
RtlConvertSidToUnicodeString
RtlSetDaclSecurityDescriptor
RtlSubAuthoritySid
RtlAddAuditAccessObjectAce
RtlGetControlSecurityDescriptor
RtlInitializeSid
EtwGetTraceLoggerHandle
RtlValidSid
RtlSetSaclSecurityDescriptor
RtlValidAcl
RtlRunOnceExecuteOnce
EtwTraceMessage
RtlGetSaclSecurityDescriptor
RtlNtStatusToDosErrorNoTeb
RtlNtStatusToDosError
RtlEqualUnicodeString
RtlGetNtProductType
RtlInitUnicodeString
RtlAddScopedPolicyIDAce
RtlCreateAcl
WinSqmIsOptedIn
WinSqmEndSession
WinSqmSetString
WinSqmStartSession
WinSqmIsOptedInEx
WinSqmSetDWORD
WinSqmIncrementDWORD
WinSqmAddToStream
RtlIsCapabilitySid

ntdsapi

DsFreeNameResultW
DsCrackNamesW
DsUnBindW
DsBindWithSpnExW

ole32

CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoGetMalloc
CoTaskMemRealloc
ReleaseStgMedium
CoCreateGuid

oleaut32

SysFreeString
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayAccessData
SysReAllocStringLen
SysAllocString

shlwapi

PathAppendW
StrRChrW
ord12
StrChrW
ord219

user32

EnableWindow
GetParent
GetDlgItemTextW
SetWindowLongPtrW
PostMessageW
EndDialog
GetActiveWindow
SetWindowTextW
DialogBoxParamW
SetWindowPos
GetDC
RedrawWindow
GetFocus
SetFocus
IsWindowVisible
GetClientRect
GetSystemMetrics
MapWindowPoints
GetWindowRect
ShowWindow
GetDlgItem
LoadCursorW
SetCursor
SendDlgItemMessageW
IsWindowEnabled
GetWindowLongPtrW
SendMessageW
LoadImageW
LoadIconW
GetAncestor
RegisterWindowMessageW
GetWindow
GetWindowPlacement
SetWindowPlacement
RegisterClassW
UnregisterClassW
DestroyWindow
LoadStringW
SetDlgItemTextW
MessageBoxW
ReleaseDC
SetWindowLongW
UnregisterClassA
DrawTextW
RegisterClipboardFormatW
ClientToScreen
KillTimer
SetTimer
keybd_event
CreateWindowExW
EnumDisplaySettingsW
DrawFocusRect
GetSysColor
GetSysColorBrush
FrameRect
InflateRect
ShowScrollBar
MoveWindow
OffsetRect
CallWindowProcW
SetScrollInfo
ScrollWindow
SetScrollPos
GetScrollInfo
DefWindowProcW
GetDlgCtrlID
DestroyIcon
SystemParametersInfoW
MapDialogRect
GetWindowLongW

xmllite

CreateXmlReader

Exports

Exports

CreateSecurityPage
EditConditionalAceClaims
EditResourceCondition
EditSecurity
EditSecurityAdvanced
GetLocalizedStringForCondition
GetTlsIndexForClaimDictionary
IID_ISecurityInformation

Sections

.text
Size: 373KB - Virtual size: 372KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-acpiex_31bf3856ad364e35_10.0.17763.1_none_25908f8931227462/acpiex.sys
.exe windows x64

e547822208582d5d8edaafb4806e2f9f

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a1:3d:7f:51:01:ae:1f:0b:a2:06:da:08:6d:b0:f8:fc:06:01:00:ad:73:20:77:56:04:80:26:95:7a:35:7a:c5
Signer

Actual PE Digest

a1:3d:7f:51:01:ae:1f:0b:a2:06:da:08:6d:b0:f8:fc:06:01:00:ad:73:20:77:56:04:80:26:95:7a:35:7a:c5

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

RtlxAnsiStringToUnicodeSize
RtlUnicodeStringToAnsiString
RtlUnicodeStringToInteger
RtlInitUnicodeString
MmGetSystemRoutineAddress
IoWMIRegistrationControl
IoReplaceFileObjectName
IofCompleteRequest
RtlxUnicodeStringToAnsiSize
ExAcquireFastMutex
IoGetDeviceProperty
RtlCompareUnicodeString
ObfReferenceObject
RtlEqualUnicodeString
ExFreePoolWithTag
ObfDereferenceObject
RtlInitAnsiString
RtlCopyUnicodeString
_vsnprintf
ZwPowerInformation
ExAcquireSpinLockExclusive
ExReleaseSpinLockExclusive
IoInitializeRemoveLockEx
IoAcquireRemoveLockEx
IoReleaseRemoveLockEx
IoReleaseRemoveLockAndWaitEx
KdRefreshDebuggerNotPresent
ExAllocatePoolWithTag
KeInitializeEvent
ExReleaseFastMutex
_vsnwprintf

wpprecorder.sys

imp_WppRecorderLogDelete
imp_WppRecorderLogCreate
WppAutoLogStop
WppAutoLogStart
imp_WppRecorderReplay
WppAutoLogTrace

wdfldr.sys

WdfVersionBindClass
WdfVersionUnbindClass
WdfVersionBind
WdfVersionUnbind

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

GFIDS
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-advapi32.resources_31bf3856ad364e35_10.0.17763.1_en-us_094f621908fe5b93/advapi32.dll.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_10.0.17763.1_none_027b770404d45b11/kdcom.dll
.dll .ps1 windows x64
amd64_microsoft-windows-b..ggertransport-kdnet_31bf3856ad364e35_10.0.17763.1_none_ce2db2dcb121e1db/kdnet.dll
.dll windows x64

4a03f075cf5903ea85c9f519d983a997

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c7:9d:da:d8:59:18:3b:be:33:33:bc:7e:8e:1f:fc:36:6a:b5:0c:b6:ca:90:7c:cb:23:40:d2:88:ae:b4:61:9d
Signer

Actual PE Digest

c7:9d:da:d8:59:18:3b:be:33:33:bc:7e:8e:1f:fc:36:6a:b5:0c:b6:ca:90:7c:cb:23:40:d2:88:ae:b4:61:9d

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ZwDeleteValueKey
KeLowerIrql
MmMapIoSpaceEx
HalPrivateDispatchTable
KfRaiseIrql
RtlIpv6StringToAddressA
ZwClose
ZwSetValueKey
KdDebuggerEnabled
KdDebuggerNotPresent
PoSetHiberRange
KdEventLoggingEnabled
__C_specific_handler
ExpInterlockedFlushSList
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
InitializeSListHead
vsprintf_s
sscanf_s
RtlUnicodeToMultiByteN
HviGetEnlightenmentInformation
MmGetPhysicalAddress
ZwCreateKey
RtlInitUnicodeString
KeBugCheckEx
KdEnteredDebugger
RtlGUIDFromString
KdSetEventLoggingPresent
KdLogDbgPrint
RtlGetEnabledExtendedFeatures
RtlGetVersion
EtwSetInformation
EtwWriteTransfer
EtwRegister
HviIsHypervisorVendorMicrosoft
HviGetDebugDeviceOptions
HviGetHypervisorFeatures

hal

KeStallExecutionProcessor
KdComPortInUse
KeQueryPerformanceCounter

kdstub

KdInitializeLibrary

Exports

Exports

KdInitialize
KdPower
KdReceivePacket
KdSendPacket
KdSetHiberRange

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 166B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

GFIDS
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-b..ggertransport-kdnet_31bf3856ad364e35_10.0.17763.1_none_ce2db2dcb121e1db/kdstub.dll
.dll windows x64

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

95:2f:54:25:97:a8:d9:24:ff:75:0a:44:33:2c:5e:57:f5:1c:0a:70:8e:d9:db:ef:dc:45:49:0b:d7:f1:e8:1b
Signer

Actual PE Digest

95:2f:54:25:97:a8:d9:24:ff:75:0a:44:33:2c:5e:57:f5:1c:0a:70:8e:d9:db:ef:dc:45:49:0b:d7:f1:e8:1b

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

KdInitializeLibrary

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 81B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

GFIDS
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-b..ggertransport-local_31bf3856ad364e35_10.0.17763.1_none_c9f838dfcd4acbe6/kd.dll
.dll windows x64

461024ca0c216b751b45cfdeec1031cb

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:28:a3:ff:67:aa:a3:2b:3c:ca:24:3c:47:de:d3:f5:0f:36:0a:49:6b:ed:22:ec:a5:fc:68:b8:19:05:fa:73
Signer

Actual PE Digest

69:28:a3:ff:67:aa:a3:2b:3c:ca:24:3c:47:de:d3:f5:0f:36:0a:49:6b:ed:22:ec:a5:fc:68:b8:19:05:fa:73

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

PoSetHiberRange

Exports

Exports

KdInitialize
KdPower
KdReceivePacket
KdSendPacket
KdSetHiberRange

Sections

.text
Size: 512B - Virtual size: 309B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 163B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

GFIDS
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-b..gine-main.resources_31bf3856ad364e35_10.0.17763.1_en-us_bacd1146821c8ae6/wbengine.exe.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.17763.107_cs-cz_e888d55f29996dc6/memtest.efi.mui
.dll windows x86

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c3:ec:c0:df:34:f1:bf:d7:5b:1e:b9:a5:75:f8:45:35:33:2b:e0:05:c3:e2:8f:e8:3f:1a:9d:92:01:df:f6:44
Signer

Actual PE Digest

c3:ec:c0:df:34:f1:bf:d7:5b:1e:b9:a5:75:f8:45:35:33:2b:e0:05:c3:e2:8f:e8:3f:1a:9d:92:01:df:f6:44

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.rsrc
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.17763.107_da-dk_85c2b5861fdf69c5/memtest.efi.mui
.dll windows x86

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:7b:12:bc:77:74:4b:ed:0c:10:4e:3e:4b:c0:4b:da:0a:b7:1a:bf:52:23:d8:6d:98:bf:72:58:f0:b8:a0:46
Signer

Actual PE Digest

13:7b:12:bc:77:74:4b:ed:0c:10:4e:3e:4b:c0:4b:da:0a:b7:1a:bf:52:23:d8:6d:98:bf:72:58:f0:b8:a0:46

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.rsrc
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.17763.107_de-de_82ee4ac221b5be5f/memtest.efi.mui
.dll windows x86

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b3:04:23:4a:0b:64:db:1a:f0:7d:95:dc:00:03:ba:45:44:b8:7e:1d:0e:91:8a:b3:29:0b:b7:de:b2:b3:23:89
Signer

Actual PE Digest

b3:04:23:4a:0b:64:db:1a:f0:7d:95:dc:00:03:ba:45:44:b8:7e:1d:0e:91:8a:b3:29:0b:b7:de:b2:b3:23:89

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.17763.107_el-gr_2b84785510cb26ed/memtest.efi.mui
.dll windows x86

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c8:63:56:a7:70:34:4c:c5:9f:b7:04:2a:ee:b9:5a:7e:75:fc:5f:cb:ea:cd:02:88:b3:c6:12:d0:49:5c:73:40
Signer

Actual PE Digest

c8:63:56:a7:70:34:4c:c5:9f:b7:04:2a:ee:b9:5a:7e:75:fc:5f:cb:ea:cd:02:88:b3:c6:12:d0:49:5c:73:40

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.rsrc
Size: 36KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.17763.107_en-us_2bdf20bb1093ca24/memtest.efi.mui
.dll windows x86

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b1:f6:ee:41:a1:2a:fa:d2:ca:4e:65:d9:12:ab:ce:32:e4:e6:33:52:f1:0f:73:69:c3:71:fa:18:ab:43:49:79
Signer

Actual PE Digest

b1:f6:ee:41:a1:2a:fa:d2:ca:4e:65:d9:12:ab:ce:32:e4:e6:33:52:f1:0f:73:69:c3:71:fa:18:ab:43:49:79

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.rsrc
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.17763.107_es-es_2baa7d9f10babbc9/memtest.efi.mui
.dll windows x86

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:26:3a:b3:d9:f2:09:1c:3b:80:ff:b1:a6:b2:79:ba:f6:42:f3:91:b1:24:3c:b6:f1:8f:f3:ba:4b:9c:04:ae
Signer

Actual PE Digest

02:26:3a:b3:d9:f2:09:1c:3b:80:ff:b1:a6:b2:79:ba:f6:42:f3:91:b1:24:3c:b6:f1:8f:f3:ba:4b:9c:04:ae

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.17763.107_fi-fi_cac5824c05d4adf3/memtest.efi.mui
.dll windows x86

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:50:a0:92:3c:26:3b:01:cf:3a:0b:4f:b4:f0:71:49:07:56:46:f0:fb:6f:29:3a:8a:55:cb:99:da:5d:f9:9a
Signer

Actual PE Digest

10:50:a0:92:3c:26:3b:01:cf:3a:0b:4f:b4:f0:71:49:07:56:46:f0:fb:6f:29:3a:8a:55:cb:99:da:5d:f9:9a

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.rsrc
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.17763.107_fr-fr_ce61f39e038cd22b/memtest.efi.mui
.dll windows x86

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1b:c1:5e:0c:0a:e2:22:d0:59:74:85:16:b0:d1:1d:68:63:b5:b2:55:70:20:7f:cd:1a:63:ba:df:bc:82:17:5c
Signer

Actual PE Digest

1b:c1:5e:0c:0a:e2:22:d0:59:74:85:16:b0:d1:1d:68:63:b5:b2:55:70:20:7f:cd:1a:63:ba:df:bc:82:17:5c

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.17763.107_hu-hu_15d273e5e7eca147/memtest.efi.mui
.dll windows x86

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c7:3c:30:9c:ec:24:3e:b4:46:79:ed:c1:0d:35:83:b7:f9:e3:75:9f:bd:2a:2b:4f:9f:fb:57:10:4e:9e:19:f9
Signer

Actual PE Digest

c7:3c:30:9c:ec:24:3e:b4:46:79:ed:c1:0d:35:83:b7:f9:e3:75:9f:bd:2a:2b:4f:9f:fb:57:10:4e:9e:19:f9

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.17763.107_it-it_b889e9e4dabeb7a9/memtest.efi.mui
.dll windows x86

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:3f:df:0d:86:1a:6b:83:e1:88:69:ce:22:ff:fd:6c:1b:b8:9a:c1:df:82:7e:f2:8f:b2:86:26:30:92:0f:c6
Signer

Actual PE Digest

77:3f:df:0d:86:1a:6b:83:e1:88:69:ce:22:ff:fd:6c:1b:b8:9a:c1:df:82:7e:f2:8f:b2:86:26:30:92:0f:c6

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.rsrc
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.17763.107_ja-jp_5aaf68f1cdd9c984/memtest.efi.mui
.dll windows x86

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:d1:f0:a7:24:da:e5:b2:59:19:a4:f2:9f:5e:1f:12:18:b9:77:93:0c:b7:ad:23:df:b8:da:ba:8e:fd:65:70
Signer

Actual PE Digest

13:d1:f0:a7:24:da:e5:b2:59:19:a4:f2:9f:5e:1f:12:18:b9:77:93:0c:b7:ad:23:df:b8:da:ba:8e:fd:65:70

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.rsrc
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.17763.107_ko-kr_fe1945a6c04a909a/memtest.efi.mui
.dll windows x86

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3b:c3:72:de:78:9f:e9:2a:24:8d:c4:30:da:07:ac:96:1d:38:c2:8b:f5:53:5c:eb:be:e5:b6:7a:59:7f:0b:a1
Signer

Actual PE Digest

3b:c3:72:de:78:9f:e9:2a:24:8d:c4:30:da:07:ac:96:1d:38:c2:8b:f5:53:5c:eb:be:e5:b6:7a:59:7f:0b:a1

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.rsrc
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.17763.107_nb-no_e6abc6db986fbc56/memtest.efi.mui
.dll windows x86

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ff:02:8f:e8:b2:16:cc:4e:30:41:d9:76:58:5b:72:2c:04:86:2e:bf:70:4d:a8:7c:ae:b7:39:db:01:1d:37:01
Signer

Actual PE Digest

ff:02:8f:e8:b2:16:cc:4e:30:41:d9:76:58:5b:72:2c:04:86:2e:bf:70:4d:a8:7c:ae:b7:39:db:01:1d:37:01

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.rsrc
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.17763.107_nl-nl_e4eb1219999bc62b/memtest.efi.mui
.dll windows x86

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cf:dc:bf:54:78:8a:75:6d:6b:99:15:f7:b7:97:81:bb:00:f2:9b:5f:aa:5c:8a:13:5e:2c:4f:8e:2c:87:ae:87
Signer

Actual PE Digest

cf:dc:bf:54:78:8a:75:6d:6b:99:15:f7:b7:97:81:bb:00:f2:9b:5f:aa:5c:8a:13:5e:2c:4f:8e:2c:87:ae:87

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.rsrc
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.17763.107_pl-pl_2b276c9b7ebe33df/memtest.efi.mui
.dll windows x86

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

22:a6:e9:7a:11:ac:58:98:65:31:f8:51:0d:51:f8:45:5d:89:4c:6c:c5:09:30:11:52:be:2c:07:b7:d7:08:df
Signer

Actual PE Digest

22:a6:e9:7a:11:ac:58:98:65:31:f8:51:0d:51:f8:45:5d:89:4c:6c:c5:09:30:11:52:be:2c:07:b7:d7:08:df

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 176B

.rsrc Size: 22KB - Virtual size: 24KB

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 176B

.rsrc Size: 7KB - Virtual size: 8KB

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 176B

.rsrc Size: 70KB - Virtual size: 72KB

2129587bcf3b94e186f64818efa34948

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

shell32

api-ms-win-shlwapi-winrt-storage-l1-1-1

advapi32

gdi32

kernel32

ntdll

ntdsapi

ole32

oleaut32

shlwapi

user32

xmllite

Exports

Exports

Sections

.text Size: 373KB - Virtual size: 372KB

.rdata Size: 131KB - Virtual size: 130KB

.data Size: 15KB - Virtual size: 19KB

.pdata Size: 17KB - Virtual size: 16KB

.didat Size: 3KB - Virtual size: 2KB

.rsrc Size: 4.7MB - Virtual size: 4.7MB

.reloc Size: 6KB - Virtual size: 5KB

e547822208582d5d8edaafb4806e2f9f

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

a1:3d:7f:51:01:ae:1f:0b:a2:06:da:08:6d:b0:f8:fc:06:01:00:ad:73:20:77:56:04:80:26:95:7a:35:7a:c5Signer

Signature Validations

Verification

15/09/2022, 14:52 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

wpprecorder.sys

wdfldr.sys

Sections

.text Size: 59KB - Virtual size: 58KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 1024B - Virtual size: 1KB

.pdata Size: 4KB - Virtual size: 3KB

.idata Size: 2KB - Virtual size: 1KB

PAGE Size: 36KB - Virtual size: 36KB

INIT Size: 2KB - Virtual size: 2KB

GFIDS Size: 512B - Virtual size: 156B

.rsrc Size: 1024B - Virtual size: 1000B

.reloc Size: 2KB - Virtual size: 2KB

Headers

.rdata
Size: 512B - Virtual size: 176B

.rsrc
Size: 22KB - Virtual size: 24KB

.rdata
Size: 512B - Virtual size: 176B

.rsrc
Size: 7KB - Virtual size: 8KB

.rdata
Size: 512B - Virtual size: 176B

.rsrc
Size: 70KB - Virtual size: 72KB

.text
Size: 373KB - Virtual size: 372KB

.rdata
Size: 131KB - Virtual size: 130KB

.data
Size: 15KB - Virtual size: 19KB

.pdata
Size: 17KB - Virtual size: 16KB

.didat
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 4.7MB - Virtual size: 4.7MB

.reloc
Size: 6KB - Virtual size: 5KB

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

a1:3d:7f:51:01:ae:1f:0b:a2:06:da:08:6d:b0:f8:fc:06:01:00:ad:73:20:77:56:04:80:26:95:7a:35:7a:c5
Signer

15/09/2022, 14:52
Valid: false

.text
Size: 59KB - Virtual size: 58KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 1024B - Virtual size: 1KB

.pdata
Size: 4KB - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 1KB

PAGE
Size: 36KB - Virtual size: 36KB

INIT
Size: 2KB - Virtual size: 2KB

GFIDS
Size: 512B - Virtual size: 156B

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 2KB - Virtual size: 2KB

.rdata
Size: 512B - Virtual size: 176B

.rsrc
Size: 3KB - Virtual size: 4KB

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

c7:9d:da:d8:59:18:3b:be:33:33:bc:7e:8e:1f:fc:36:6a:b5:0c:b6:ca:90:7c:cb:23:40:d2:88:ae:b4:61:9d
Signer

15/09/2022, 14:52
Valid: false

.text
Size: 72KB - Virtual size: 72KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 1024B - Virtual size: 151KB

.pdata
Size: 3KB - Virtual size: 2KB

.idata
Size: 2KB - Virtual size: 1KB

PAGE
Size: 512B - Virtual size: 136B

.edata
Size: 512B - Virtual size: 166B

INIT
Size: 512B - Virtual size: 53B

GFIDS
Size: 512B - Virtual size: 228B

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 1024B - Virtual size: 784B

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

95:2f:54:25:97:a8:d9:24:ff:75:0a:44:33:2c:5e:57:f5:1c:0a:70:8e:d9:db:ef:dc:45:49:0b:d7:f1:e8:1b
Signer

15/09/2022, 14:52
Valid: false

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 136B

.pdata
Size: 512B - Virtual size: 420B

.00cfg
Size: 512B - Virtual size: 16B

.edata
Size: 512B - Virtual size: 81B

INIT
Size: 512B - Virtual size: 53B

GFIDS
Size: 512B - Virtual size: 60B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 204B

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate