2ad6140bdf67da144c8eab7915fb0b161f2cf16971ff97e49670dd344c180ea2

Sharing

Copy URL

Twitter E-mail

General

Target

2ad6140bdf67da144c8eab7915fb0b161f2cf16971ff97e49670dd344c180ea2
Size

1.2MB
MD5

3a582edbec9a09a94b121ab8025e4d1d
SHA1

6c55968cfdde7c836430e7fdd25d7a50c1adf48b
SHA256

2ad6140bdf67da144c8eab7915fb0b161f2cf16971ff97e49670dd344c180ea2
SHA512

c8178f613d6c9797368e8fb761dc2a1f8d1d762893c3a6af12de69e96c54763b219804d4c557efed2c5de410651b25a2b1a6aacf7ca038a67e1d26d2c445f611
SSDEEP

24576:8MRg6z2OzwiershFgXt9tWoJaE5xNXAh0YQJUbBVmyMAo:pg6SOz5e7d9TqheEkyMAo

Score

N/A

Malware Config

Signatures

Files

2ad6140bdf67da144c8eab7915fb0b161f2cf16971ff97e49670dd344c180ea2
.exe windows x86

42048bfec07d4fa25d37881cca0647fd

Code Sign

61:05:19:96:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2011 20:42

Not After

25-10-2012 20:42

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:9E78-864B-039D,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

61:03:05:56:00:00:00:00:00:10
Certificate

Issuer

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

14-02-2011 21:11

Not After

14-05-2012 21:11

Subject

CN=Microsoft Windows,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:07:02:dc:00:00:00:00:00:0b
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

15-09-2005 21:55

Not After

15-03-2016 22:05

Subject

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

7a:69:b3:57:56:cf:90:90:8f:45:f2:62:25:9e:26:12:ea:a8:8d:4d
Signer

Actual PE Digest

7a:69:b3:57:56:cf:90:90:8f:45:f2:62:25:9e:26:12:ea:a8:8d:4d

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

09-03-2012 14:00
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmUserProbeAddress
MmLockPagableDataSection
RtlUnwind
RtlAnsiCharToUnicodeChar
PsGetCurrentProcessId
MmProbeAndLockPages
ExAcquireRundownProtectionCacheAwareEx
ExReleaseRundownProtectionCacheAwareEx
ExReInitializeRundownProtectionCacheAware
ExWaitForRundownProtectionReleaseCacheAware
RtlInitializeBitMap
RtlSetBits
ExFreeCacheAwareRundownProtection
ExAllocateCacheAwareRundownProtection
RtlSetBit
ExInitializeLookasideListEx
ExDeleteLookasideListEx
InterlockedExchange
SeReportSecurityEventWithSubCategory
ZwOpenKey
ZwQueryValueKey
MmSizeOfMdl
MmUnmapLockedPages
ObLogSecurityDescriptor
SeCaptureSubjectContextEx
SeLockSubjectContext
KeBugCheckEx
KeTickCount
EtwWriteTransfer
IoGetFileObjectGenericMapping
SeAccessCheck
SeUnlockSubjectContext
SeReleaseSubjectContext
RtlCreateSecurityDescriptor
SeExports
RtlLengthSid
RtlCreateAcl
RtlAddAccessAllowedAceEx
RtlSetDaclSecurityDescriptor
ExInterlockedFlushSList
KeInitializeSemaphore
ExAllocatePoolWithTagPriority
KeExpandKernelStackAndCalloutEx
VerSetConditionMask
RtlVerifyVersionInfo
KeInitializeTimerEx
ExGetCurrentProcessorCounts
KeSetTimerEx
KeQueryInterruptTime
KeCancelTimer
KeFlushQueuedDpcs
RtlExpandHashTable
RtlContractHashTable
RtlCreateHashTable
RtlDeleteHashTable
KeWaitForMultipleObjects
KeQueryGroupAffinity
KeInsertQueueDpc
KeGetProcessorNumberFromIndex
KeInitializeDpc
KeSetTargetProcessorDpcEx
KeSetImportanceDpc
MmUnlockPages
IoFreeWorkItem
IoQueueWorkItem
MmBuildMdlForNonPagedPool
RtlInitializeGenericTableAvl
KeQuerySystemTime
RtlEnumerateEntryHashTable
RtlInitEnumerationHashTable
RtlEndEnumerationHashTable
RtlLookupElementGenericTableFullAvl
ObDereferenceSecurityDescriptor
RtlRemoveEntryHashTable
RtlInsertEntryHashTable
RtlGetNextEntryHashTable
RtlLookupEntryHashTable
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
ExNotifyCallback
KeIsExecutingDpc
PsGetProcessSessionId
InterlockedPushEntrySList
InterlockedPopEntrySList
IoAllocateMdl
IoBuildPartialMdl
IoFreeMdl
MmMapLockedPagesSpecifyCache
ZwQuerySystemInformation
ObReferenceSecurityDescriptor
KeReleaseSemaphore
RtlInitWeakEnumerationHashTable
RtlWeaklyEnumerateEntryHashTable
RtlEndWeakEnumerationHashTable
KeQueryMaximumProcessorCountEx
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
KeGetCurrentProcessorNumberEx
RtlGetVersion
KeTestSpinLock
KeAcquireInStackQueuedSpinLockAtDpcLevel
KeReleaseInStackQueuedSpinLockFromDpcLevel
PsGetProcessId
ExCreateCallback
EtwWrite
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
ObfReferenceObject
PsGetCurrentProcess
PsIsSystemThread
PsGetThreadProcess
KeGetCurrentThread
KeInitializeEvent
KeSetEvent
RtlIpv4AddressToStringExW
RtlIpv6AddressToStringExW
RtlTimeToTimeFields
RtlEnumerateGenericTableLikeADirectory
KeInitializeTimer
KeSetCoalescableTimer
KeLeaveCriticalRegion
KeEnterCriticalRegion
ExfTryToWakePushLock
ExfAcquirePushLockExclusive
RtlValidSid
ZwEnumerateKey
RtlQueryRegistryValues
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
SeSetAuditParameter
RtlConvertSidToUnicodeString
RtlFreeUnicodeString
EtwUnregister
EtwRegister
IoGetCurrentProcess
KeInitializeMutex
IoCreateDevice
IoDeleteDevice
KeReadStateEvent
KeWaitForSingleObject
KeQueryActiveProcessorCountEx
KeReleaseMutex
ObfDereferenceObject
ZwOpenEvent
ObReferenceObjectByHandle
ZwClose
IofCallDriver
IofCompleteRequest
IoWMIRegistrationControl
RtlCompareMemory
RtlInitUnicodeString
MmGetSystemRoutineAddress
memset
memcpy
ExAllocatePoolWithTag
ExDeleteNPagedLookasideList
ExInitializeNPagedLookasideList
RtlPrefixUnicodeString
RtlCopySid
RtlEqualUnicodeString
RtlUnicodeStringToInteger
RtlCompareUnicodeString
RtlLengthRequiredSid
RtlInitializeSid
RtlAddAccessAllowedAce
ObSetSecurityObjectByPointer
PsSetCreateProcessNotifyRoutineEx
SeLocateProcessImageName
ZwCreateFile
RtlDowncaseUnicodeString
ZwOpenProcess
KeStackAttachProcess
ZwDuplicateToken
KeUnstackDetachProcess
IoDeleteSymbolicLink
IoCreateSymbolicLink
KeQueryTimeIncrement
PsReferenceImpersonationToken
PsDereferencePrimaryToken
KeDelayExecutionThread
PsDereferenceImpersonationToken
ObCloseHandle
RtlSubAuthorityCountSid
RtlSubAuthoritySid
SeQueryInformationToken
ObOpenObjectByPointer
ZwQueryInformationToken
ExGetPreviousMode
ExUuidCreate
RtlEqualSid
ExAllocatePoolWithQuotaTag
RtlIpv4StringToAddressW
RtlIpv6StringToAddressW
IoAllocateWorkItem
RtlFindSetBits
RtlAreBitsClear
RtlFindClearBits
RtlClearBits
ExDeleteResourceLite
ExReleaseResourceLite
ExAcquireResourceExclusiveLite
ExAcquireResourceSharedLite
RtlClearBit
RtlClearAllBits
SeOpenObjectAuditAlarmForNonObObject
RtlTestBit
ExInitializeResourceLite
KeBugCheck
RtlIntegerToUnicodeString
IoWMIWriteEvent
PsReferencePrimaryToken
ExFreePoolWithTag

netio.sys

NetioFreeNetBufferListNetBufferMdlAndDataPool
NetioFreeMdl
RtlIndicateTimerWheelEntryTimerStart
RtlResumeTimerWheel
RtlIsTimerWheelSuspended
NetioAllocateNetBufferListNetBufferMdlAndDataPool
NetioAllocateNetBufferMdlAndDataPool
FsbFree
NetioFreeNetBufferList
NetioExtendNetBuffer
NetioFreeNetBuffer
NetioDereferenceNetBufferList
NetioAllocateAndReferenceNetBufferListNetBufferMdlAndData
NetioAllocateNetBufferMdlAndData
NetioDereferenceNetBufferListChain
FsbAllocateAtDpcLevel
NetioShutdownWorkQueue
RtlInitializeTimerWheelEntry
RtlComputeToeplitzHash
RtlSuspendTimerWheel
RtlGetNextExpirationTimerWheelTick
RtlCleanupTimerWheelEntry
RtlReturnTimerWheelEntry
RtlGetNextExpiredTimerWheelEntry
RtlUpdateCurrentTimerWheelTick
RtlDeleteElementGenericTableBasicAvl
NetioInitializeWorkQueue
RtlInsertElementGenericTableBasicAvl
FsbAllocate
NetioAdvanceToLocationInNetBuffer
RtlCopyMdlToMdlIndirect
NetioRegSyncDefaultChangeHandler
NetioRegSyncInterface
RtlCleanupTimerWheel
RtlInitializeTimerWheel
RtlEndTimerWheelEnumeration
RtlEnumerateNextTimerWheelEntry
RtlInitializeTimerWheelEnumeration
NetioFreeOpaquePerProcessorContext
NetioAllocateOpaquePerProcessorContext
NetioSqmWriteEvent
NsiSetAllParameters
TlDefaultRequestQueryDispatchEndpoint
TlDefaultRequestMessage
TlDefaultRequestQueryDispatch
RtlCopyMdlToBuffer
NetioFreeNetBufferAndNetBufferList
NetioAllocateAndReferenceNetBufferAndNetBufferList
RtlCopyBufferToMdl
NmrWaitForClientDeregisterComplete
NmrDeregisterClient
NmrClientDetachProviderComplete
NmrClientAttachProvider
NmrRegisterClient
NmrProviderDetachClientComplete
NmrWaitForProviderDeregisterComplete
NmrDeregisterProvider
NmrRegisterProvider
NetioRetreatNetBufferList
NetioAllocateAndReferenceCopyNetBufferListEx
NetioCompleteCopyNetBufferListChain
NetioFreeCopyNetBufferList
NetioInitializeNetBufferListContext
TlDefaultRequestCancel
TlDefaultRequestConnect
TlDefaultRequestListen
NetioReferenceNetBufferList
TlDefaultRequestIoControl
NetioFreeNetBufferMdlAndDataPool
RtlCleanupToeplitzHash
RtlInitializeToeplitzHash
NsiAllocateAndGetTable
NsiFreeTable
WfpStartStreamShim
WfpStartMacShim
NetioAllocateMdl
NetioInsertWorkQueue
WfpStreamInspectRemoteDisconnect
WfpStreamInspectReceive
WfpStreamInspectDisconnect
WfpStreamInspectSend
WfpStreamEndpointCleanupBegin
WfpStopStreamShim
FsbCreatePool
FsbDestroyPool
NetioStackBlockProcessorAddHandler
NetioFreeStackBlock
NetioInitializeNetBufferListAndFirstNetBufferContext
NsiReferenceDefaultObjectSecurity
NsiDeregisterChangeNotification
NsiRegisterChangeNotification
NetioCompleteNetBufferListChain
NetioAllocateAndReferenceFragmentNetBufferList
SetWfpDeviceObject
IoctlKfdBatchUpdate
IoctlKfdDeleteIndex
IoctlKfdAddIndex
IoctlKfdAddCache
IoctlKfdResetState
IoctlKfdQueryLayerStatistics
IoctlKfdAbortTransaction
IoctlKfdCommitTransaction
IoctlKfdDeleteCache
NetioGetStatsForQoSFlow
NetioDeleteQoSFlow
NetioCreateQoSFlow
NetioAssociateQoSFlowWithNbl
KfdIsActiveCallout
KfdAleUpdateEndpointContextStatus
WfpNblInfoAlloc
WfpPacketTagCountIncrement
WfpNblInfoDestroyIfUnused
HfCreateFactory
HfDestroyFactory
NetioAllocateNetBuffer
NetioAllocateAndReferenceNetBufferList
PtGetNumNodes
PtCreateTable
PtDestroyTable
NsiSetParameter
PtDeleteEntry
PtInsertEntry
PtGetExactMatch
PtEnumOverTable
PtGetLongestMatch
PtGetNextShorterMatch
RtlCompute37Hash
PtGetKey
PtSetData
PtGetData
NetioCompleteNetBufferAndNetBufferListChain
NetioQueryNetBufferListTrafficClass
RtlCopyMdlToMdl
NetioAllocateAndReferenceVacantNetBufferList
NetioAllocateAndReferenceCloneNetBufferListEx
NetioExpandNetBuffer
NetioUpdateNetBufferListContext
NetioAllocateAndReferenceCloneNetBufferList
NetioFreeCloneNetBufferList
NsiResetPersistentSetting
NsiSetObjectSecurity
NsiGetParameter
KfdCheckAcceptBypass
KfdCheckAndCacheAcceptBypass
KfdCheckConnectBypass
KfdCheckAndCacheConnectBypass
KfdGetLayerActionFromEnumTemplate
WfpScavangeLeastRecentlyUsedList
KfdAleRemoveFlowContextTable
WfpSetBucketsToEmptyLru
WfpExpireEntryLru
WfpInsertEntryLru
WfpDeleteEntryLru
KfdAleInitializeFlowTable
FeReleaseCalloutContextList
MatchCondition
KfdEnumLayer
KfdDerefFilterContext
KfdGetNextFilter
KfdFreeEnumHandle
KfdToggleFilterActivation
WfpStreamIsFilterPresent
NsiGetAllParameters
WfpInitializeLeastRecentlyUsedList
KfdAleNotifyFlowDeletion
FwppStreamDeleteDpcQueue
WfpUninitializeLeastRecentlyUsedList
KfdAleUninitializeFlowHandles
KfdAleInitializeFlowHandles
KfdGetOffloadEpoch
KfdIsLsoOffloadPossibleV6
KfdIsLsoOffloadPossibleV4
KfdIsV6InTransportFastEmpty
KfdIsV4InTransportFastEmpty
KfdIsV6OutTransportFastEmpty
KfdIsV4OutTransportFastEmpty
WfpRefreshEntryLru
NetioAdvanceNetBufferList
KfdCheckClassifyNeededAndUpdateEpoch
KfdAleAcquireFlowHandleForFlow
KfdClassify
KfdAleReleaseFlowHandleForFlow
KfdGetLayerCacheEpoch
KfdIsLayerEmpty
KfdDeregisterLayerChangeCallback
FwppStreamInject
FwppStreamContinue
FwppCopyStreamDataToBuffer
FwppAdvanceStreamDataPastOffset
FwppTruncateStreamDataAfterOffset
WfpNblInfoDispatchTableSet
KfdRegisterLayerChangeCallback
WfpNblInfoDispatchTableClear
FeGetWfpGlobalPtr
WfpNblInfoGet
NetioUnRegisterProcessorAddCallback
NetioUnInitializeNetBufferListLibrary
NetioInitializeNetBufferListLibrary
NetioRegisterProcessorAddCallback
NetioSqmInitialize
RtlInvokeStartRoutines
RtlInvokeStopRoutines
NetioSqmTerminate
NsiGetParameterEx
NetioAllocateAndInitializeStackBlock

ndis.sys

NdisInvalidateOffload
NdisUpdateOffload
NdisTerminateOffload
NdisInitiateOffload
NdisQueryOffloadState
NdisDirectOidRequest
NdisInitializeReadWriteLock
NdisGetSessionToCompartmentMappingEpochAndZero
NdisReleaseReadWriteLock
NdisAcquireReadWriteLock
NdisOffloadTcpSend
NdisOffloadTcpForward
NdisOffloadTcpDisconnect
NdisOffloadTcpReceive
NdisOffloadTcpReceiveReturn
NdisGetRssProcessorInformation
NdisCompleteNetPnPEvent
NdisCloseAdapterEx
NdisOpenAdapterEx
NdisOidRequest
NdisDeregisterProtocolDriver
NdisCancelDirectOidRequest
NdisCancelSendNetBufferLists
NdisSendNetBufferLists
NdisRegisterProtocolDriver
NdisReturnNetBufferLists
NdisSetOptionalHandlers
NdisGetDataBuffer
NetDmaRegisterClient
NetDmaDeregisterClient
NetDmaAllocateChannel
NetDmaFreeChannel
NdisGetProcessorInformation
NdisFreeNetBufferList
NetDmaNullTransfer
NetDmaIsDmaCopyComplete
NdisGetSessionCompartmentId
NdisAdjustNetBufferCurrentMdl
NdisGetThreadObjectCompartmentId
NdisAdvanceNetBufferDataStart
NdisRetreatNetBufferDataStart

fltmgr.sys

FltGetFileNameInformationUnsafe
FltReleaseFileNameInformation

fwpkclnt.sys

FwpsCalloutUnregisterByKey0
FwpmBfeStateSubscribeChangesWithoutDevice0
FwpmBfeStateUnsubscribeChanges0
FwpsClassifyOptionSet0
FwpmEngineClose0
FwpmEngineOpen0
FwpmSecureSocketDeleteByKeyAsync0
FwpmSecureSocketAddAsync0
FwpmEventProviderIsNetEventTypeEnabled0
FwpsRequestEndpointDeleteNotification0
FwpsForceReclassifyLayer0
FwpsCancelEndpointDeleteNotification0
FwppDispatchDevCtl0
IPsecDriverExpire
IPsecDriverInitiateAcquire
IPsecDriverProcessClearTextResponse
FwpsReassembleForwardFragmentGroup0
FwpsFreeNetBufferList0
FwpmEventProviderFireNetEvent0
FwpsQueryPacketInjectionState0
FwpsInjectionHandleDestroy0
FwpsInjectionHandleCreate0
FwpsAllocateCloneNetBufferList0
FwpsConstructIpHeaderForTransportPacket0
FwpsInjectTransportSendAsync1
FwpsFreeCloneNetBufferList0
FwpmEventProviderCreate0
FwpsTcpIpDispatchTableSet0
FwpsTcpIpDispatchTableClear0
FwpmEventProviderDestroy0
FwppNetBufferListEventNotify
FwpsCalloutRegisterWithoutDevice0

hal

KeGetCurrentIrql
KfLowerIrql
KeAcquireInStackQueuedSpinLock
KeReleaseInStackQueuedSpinLock
KeQueryPerformanceCounter
KfReleaseSpinLock
KfAcquireSpinLock
KfRaiseIrql
ExReleaseFastMutex
ExAcquireFastMutex
KeRaiseIrqlToDpcLevel

ksecdd.sys

FreeContextBuffer
InitializeSecurityContextW
AcceptSecurityContext
QuerySecurityContextToken
DeleteSecurityContext
FreeCredentialsHandle
AcquireCredentialsHandleW
BCryptHashData
BCryptGetProperty
BCryptSetProperty
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptDestroyHash
BCryptDecrypt
BCryptEncrypt
BCryptGenerateSymmetricKey
BCryptDestroyKey
BCryptFinishHash
BCryptGenRandom

msrpc.sys

NdrMesTypeDecode2
MesHandleFree
I_RpcExceptionFilter
MesDecodeBufferHandleCreate

Sections

.text
Size: 897KB - Virtual size: 897KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEIPSE
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEIDP
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGECONS
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

42048bfec07d4fa25d37881cca0647fd

Code Sign

61:05:19:96:00:00:00:00:00:1bCertificate

Extended Key Usages

61:03:05:56:00:00:00:00:00:10Certificate

Extended Key Usages

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

61:07:02:dc:00:00:00:00:00:0bCertificate

Key Usages

7a:69:b3:57:56:cf:90:90:8f:45:f2:62:25:9e:26:12:ea:a8:8d:4dSigner

Signature Validations

Verification

09-03-2012 14:00 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

netio.sys

ndis.sys

fltmgr.sys

fwpkclnt.sys

hal

ksecdd.sys

msrpc.sys

Sections

.text Size: 897KB - Virtual size: 897KB

.rdata Size: 44KB - Virtual size: 44KB

.data Size: 31KB - Virtual size: 78KB

PAGE Size: 9KB - Virtual size: 8KB

PAGEIPSE Size: 82KB - Virtual size: 81KB

PAGEIDP Size: 10KB - Virtual size: 9KB

PAGECONS Size: 512B - Virtual size: 120B

INIT Size: 19KB - Virtual size: 18KB

.rsrc Size: 132KB - Virtual size: 131KB

.reloc Size: 42KB - Virtual size: 41KB

61:05:19:96:00:00:00:00:00:1b
Certificate

61:03:05:56:00:00:00:00:00:10
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

61:07:02:dc:00:00:00:00:00:0b
Certificate

7a:69:b3:57:56:cf:90:90:8f:45:f2:62:25:9e:26:12:ea:a8:8d:4d
Signer

09-03-2012 14:00
Valid: false

.text
Size: 897KB - Virtual size: 897KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: 31KB - Virtual size: 78KB

PAGE
Size: 9KB - Virtual size: 8KB

PAGEIPSE
Size: 82KB - Virtual size: 81KB

PAGEIDP
Size: 10KB - Virtual size: 9KB

PAGECONS
Size: 512B - Virtual size: 120B

INIT
Size: 19KB - Virtual size: 18KB

.rsrc
Size: 132KB - Virtual size: 131KB

.reloc
Size: 42KB - Virtual size: 41KB