126a3cbc60d468c35066853165742f1c1246b1b798101a6357c4e23b0dbc22f0

Sharing

Copy URL Twitter E-mail

General

Target

126a3cbc60d468c35066853165742f1c1246b1b798101a6357c4e23b0dbc22f0
Size

4.8MB
MD5

ab3187041e83b9519571a9b4a4a25f9e
SHA1

e4380546b0b76f949429b87db4993db75364db35
SHA256

126a3cbc60d468c35066853165742f1c1246b1b798101a6357c4e23b0dbc22f0
SHA512

5db7f572f9b793259dff45588d3f5c5a16a767a95e3c6dd3dbd6df75b9202776a646621deeb5b14615af47987493d1c1e7c8bd4ac597069f04acb89f2e3e8bf9
SSDEEP

98304:BEcwT/Ug0a88S5IffSKhFp+H2SuIZiL/zrVjWHZp87oGZP4:Pe/Ug0ag5vKhFpS2S2XrNWX87nP4

Score

N/A

Malware Config

Signatures

Files

126a3cbc60d468c35066853165742f1c1246b1b798101a6357c4e23b0dbc22f0
.rar
core.dll
.zip
drivers/win7/amd64/MDA_NTDRV.sys
.exe windows x64

c7bce6d53c2b7a032ae8e88bd6efa8f2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:d6:43:85:43:76:c0:59:5a:51:fe:44:9d:7a:7a:64
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

09/07/2012, 00:00

Not After

09/07/2013, 23:59

Subject

CN=北京铠信神州科技有限责任公司,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=北京铠信神州科技有限责任公司,L=北京,ST=北京,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

00:b9:11:ce:71:d2:64:d1:f0:6a:2b:91:f5:59:42:a7:6a:51:76:32
Signer

Actual PE Digest

00:b9:11:ce:71:d2:64:d1:f0:6a:2b:91:f5:59:42:a7:6a:51:76:32

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=北京铠信神州科技有限责任公司,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=北京铠信神州科技有限责任公司,L=北京,ST=北京,C=CN

25/02/2013, 09:10
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoGetLowerDeviceObject
IoBuildDeviceIoControlRequest
IoDeleteSymbolicLink
ExFreePoolWithTag
RtlInitUnicodeString
IoDeleteDevice
KeSetEvent
KeInitializeEvent
IoFreeMdl
MmMapLockedPagesSpecifyCache
IoGetDeviceObjectPointer
IoBuildAsynchronousFsdRequest
IofCompleteRequest
KeWaitForSingleObject
IoFreeIrp
IoGetAttachedDeviceReference
RtlCompareUnicodeString
MmUnlockPages
ObfReferenceObject
IoCreateSymbolicLink
ObfDereferenceObject
RtlUnicodeStringToInteger
IoCreateDevice
ObDereferenceObjectDeferDelete
IofCallDriver
KeBugCheckEx
RtlAnsiCharToUnicodeChar

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
drivers/win7/i386/MDA_NTDRV.sys
.exe windows x86

c50e07f3c00e76404fa0d1348a11541a

Code Sign

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 01:00

Not After

08/04/2023, 01:00

Subject

CN=WoSign Time Stamping Signer G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5e:a4:dc:11:45:80:2f:ec:91:84:a6:94:26:47:ba:3b
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

18/05/2016, 09:48

Not After

18/05/2017, 09:48

Subject

CN=Bada Technology Co.\,Ltd,O=Bada Technology Co.\,Ltd,L=Panzhihua,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:39:65:c4:72:e0:dc:2b:d9:65:00:00:00:00:00:39
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

29/04/2015, 17:12

Not After

29/04/2025, 17:12

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:c2:85:30:e9:3b:36
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 22:46

Not After

31/12/2019, 23:59

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 01:00

Not After

08/04/2023, 01:00

Subject

CN=WoSign Time Stamping Signer G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

22:1d:12:bf:d7:45:75:71:13:37:96:2b:82:e2:2b:52
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Not Before

18/05/2016, 09:26

Not After

18/05/2017, 09:26

Subject

CN=Bada Technology Co.\,Ltd,O=Bada Technology Co.\,Ltd,L=Panzhihua,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/11/2014, 00:58

Not After

08/11/2029, 00:58

Subject

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:39:65:c4:72:e0:dc:2b:d9:65:00:00:00:00:00:39
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

29/04/2015, 17:12

Not After

29/04/2025, 17:12

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:c2:85:30:e9:3b:36
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 22:46

Not After

31/12/2019, 23:59

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

af:54:a1:87:ce:e4:fb:d3:37:97:c9:1b:07:37:25:a8:6d:97:25:85:a0:16:7c:3e:7c:66:24:b8:53:65:5f:91
Signer

Actual PE Digest

af:54:a1:87:ce:e4:fb:d3:37:97:c9:1b:07:37:25:a8:6d:97:25:85:a0:16:7c:3e:7c:66:24:b8:53:65:5f:91

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Bada Technology Co.\,Ltd,O=Bada Technology Co.\,Ltd,L=Panzhihua,ST=Sichuan,C=CN

19/01/2017, 02:35
Valid: false

7b:38:c0:a3:12:6a:31:93:e3:ae:06:48:04:16:43:b1:61:ca:07:ff
Signer

Actual PE Digest

7b:38:c0:a3:12:6a:31:93:e3:ae:06:48:04:16:43:b1:61:ca:07:ff

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Bada Technology Co.\,Ltd,O=Bada Technology Co.\,Ltd,L=Panzhihua,ST=Sichuan,C=CN

19/01/2017, 02:35
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoGetLowerDeviceObject
RtlCompareUnicodeString
RtlInitUnicodeString
ObfDereferenceObject
IoDeleteDevice
IoDeleteSymbolicLink
ObfReferenceObject
IoGetDeviceObjectPointer
memset
IoFreeIrp
KeSetEvent
IoFreeMdl
MmUnlockPages
ExFreePoolWithTag
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
IoBuildAsynchronousFsdRequest
IofCompleteRequest
MmMapLockedPagesSpecifyCache
IoGetAttachedDeviceReference
RtlUnicodeStringToInteger
ExAllocatePoolWithTag
memcpy
ObDereferenceObjectDeferDelete
IoBuildDeviceIoControlRequest
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx
RtlAnsiCharToUnicodeChar

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
drivers/winlh/amd64/MDA_NTDRV.sys
.exe windows x64

c7bce6d53c2b7a032ae8e88bd6efa8f2

Code Sign

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 01:00

Not After

08/04/2023, 01:00

Subject

CN=WoSign Time Stamping Signer G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5e:a4:dc:11:45:80:2f:ec:91:84:a6:94:26:47:ba:3b
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

18/05/2016, 09:48

Not After

18/05/2017, 09:48

Subject

CN=Bada Technology Co.\,Ltd,O=Bada Technology Co.\,Ltd,L=Panzhihua,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:39:65:c4:72:e0:dc:2b:d9:65:00:00:00:00:00:39
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

29/04/2015, 17:12

Not After

29/04/2025, 17:12

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:c2:85:30:e9:3b:36
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 22:46

Not After

31/12/2019, 23:59

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 01:00

Not After

08/04/2023, 01:00

Subject

CN=WoSign Time Stamping Signer G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

22:1d:12:bf:d7:45:75:71:13:37:96:2b:82:e2:2b:52
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Not Before

18/05/2016, 09:26

Not After

18/05/2017, 09:26

Subject

CN=Bada Technology Co.\,Ltd,O=Bada Technology Co.\,Ltd,L=Panzhihua,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/11/2014, 00:58

Not After

08/11/2029, 00:58

Subject

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:39:65:c4:72:e0:dc:2b:d9:65:00:00:00:00:00:39
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

29/04/2015, 17:12

Not After

29/04/2025, 17:12

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:c2:85:30:e9:3b:36
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 22:46

Not After

31/12/2019, 23:59

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

45:a4:5f:09:cb:e4:89:b9:60:7e:3f:a4:cc:68:56:00:6d:41:97:1b:6a:17:89:45:a1:0c:fc:7e:41:dd:5e:92
Signer

Actual PE Digest

45:a4:5f:09:cb:e4:89:b9:60:7e:3f:a4:cc:68:56:00:6d:41:97:1b:6a:17:89:45:a1:0c:fc:7e:41:dd:5e:92

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Bada Technology Co.\,Ltd,O=Bada Technology Co.\,Ltd,L=Panzhihua,ST=Sichuan,C=CN

19/01/2017, 02:35
Valid: false

6e:cd:78:75:6c:3b:12:f6:d5:fb:74:51:7d:38:fc:1c:16:09:f3:15
Signer

Actual PE Digest

6e:cd:78:75:6c:3b:12:f6:d5:fb:74:51:7d:38:fc:1c:16:09:f3:15

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Bada Technology Co.\,Ltd,O=Bada Technology Co.\,Ltd,L=Panzhihua,ST=Sichuan,C=CN

19/01/2017, 02:35
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoGetLowerDeviceObject
IoBuildDeviceIoControlRequest
IoDeleteSymbolicLink
ExFreePoolWithTag
RtlInitUnicodeString
IoDeleteDevice
KeSetEvent
KeInitializeEvent
IoFreeMdl
MmMapLockedPagesSpecifyCache
IoGetDeviceObjectPointer
IoBuildAsynchronousFsdRequest
IofCompleteRequest
KeWaitForSingleObject
IoFreeIrp
IoGetAttachedDeviceReference
RtlCompareUnicodeString
MmUnlockPages
ObfReferenceObject
IoCreateSymbolicLink
ObfDereferenceObject
RtlUnicodeStringToInteger
IoCreateDevice
ObDereferenceObjectDeferDelete
IofCallDriver
KeBugCheckEx
RtlAnsiCharToUnicodeChar

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
drivers/winlh/i386/MDA_NTDRV.sys
.exe windows x86

c50e07f3c00e76404fa0d1348a11541a

Code Sign

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 01:00

Not After

08/04/2023, 01:00

Subject

CN=WoSign Time Stamping Signer G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5e:a4:dc:11:45:80:2f:ec:91:84:a6:94:26:47:ba:3b
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

18/05/2016, 09:48

Not After

18/05/2017, 09:48

Subject

CN=Bada Technology Co.\,Ltd,O=Bada Technology Co.\,Ltd,L=Panzhihua,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:39:65:c4:72:e0:dc:2b:d9:65:00:00:00:00:00:39
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

29/04/2015, 17:12

Not After

29/04/2025, 17:12

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:c2:85:30:e9:3b:36
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 22:46

Not After

31/12/2019, 23:59

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 01:00

Not After

08/04/2023, 01:00

Subject

CN=WoSign Time Stamping Signer G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

22:1d:12:bf:d7:45:75:71:13:37:96:2b:82:e2:2b:52
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Not Before

18/05/2016, 09:26

Not After

18/05/2017, 09:26

Subject

CN=Bada Technology Co.\,Ltd,O=Bada Technology Co.\,Ltd,L=Panzhihua,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/11/2014, 00:58

Not After

08/11/2029, 00:58

Subject

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:39:65:c4:72:e0:dc:2b:d9:65:00:00:00:00:00:39
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

29/04/2015, 17:12

Not After

29/04/2025, 17:12

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:c2:85:30:e9:3b:36
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 22:46

Not After

31/12/2019, 23:59

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

20:f9:2f:41:bb:e3:2a:2b:c0:5f:e5:96:cd:a2:54:9c:71:b9:7d:19:5f:3f:df:f1:4e:06:f7:0f:45:d5:58:10
Signer

Actual PE Digest

20:f9:2f:41:bb:e3:2a:2b:c0:5f:e5:96:cd:a2:54:9c:71:b9:7d:19:5f:3f:df:f1:4e:06:f7:0f:45:d5:58:10

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Bada Technology Co.\,Ltd,O=Bada Technology Co.\,Ltd,L=Panzhihua,ST=Sichuan,C=CN

19/01/2017, 02:35
Valid: false

11:cf:78:d1:2e:77:7e:e1:50:08:97:42:be:e4:e3:c6:48:6f:00:4a
Signer

Actual PE Digest

11:cf:78:d1:2e:77:7e:e1:50:08:97:42:be:e4:e3:c6:48:6f:00:4a

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Bada Technology Co.\,Ltd,O=Bada Technology Co.\,Ltd,L=Panzhihua,ST=Sichuan,C=CN

19/01/2017, 02:35
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoGetLowerDeviceObject
RtlCompareUnicodeString
RtlInitUnicodeString
ObfDereferenceObject
IoDeleteDevice
IoDeleteSymbolicLink
ObfReferenceObject
IoGetDeviceObjectPointer
memset
IoFreeIrp
KeSetEvent
IoFreeMdl
MmUnlockPages
ExFreePoolWithTag
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
IoBuildAsynchronousFsdRequest
IofCompleteRequest
MmMapLockedPagesSpecifyCache
IoGetAttachedDeviceReference
RtlUnicodeStringToInteger
ExAllocatePoolWithTag
memcpy
ObDereferenceObjectDeferDelete
IoBuildDeviceIoControlRequest
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx
RtlAnsiCharToUnicodeChar

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 353B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
drivers/winnet/amd64/MDA_NTDRV.sys
.exe windows x64

c6c3757641cc088e31875efbec074068

Code Sign

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 01:00

Not After

08/04/2023, 01:00

Subject

CN=WoSign Time Stamping Signer G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5e:a4:dc:11:45:80:2f:ec:91:84:a6:94:26:47:ba:3b
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

18/05/2016, 09:48

Not After

18/05/2017, 09:48

Subject

CN=Bada Technology Co.\,Ltd,O=Bada Technology Co.\,Ltd,L=Panzhihua,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:39:65:c4:72:e0:dc:2b:d9:65:00:00:00:00:00:39
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

29/04/2015, 17:12

Not After

29/04/2025, 17:12

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:c2:85:30:e9:3b:36
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 22:46

Not After

31/12/2019, 23:59

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 01:00

Not After

08/04/2023, 01:00

Subject

CN=WoSign Time Stamping Signer G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

22:1d:12:bf:d7:45:75:71:13:37:96:2b:82:e2:2b:52
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Not Before

18/05/2016, 09:26

Not After

18/05/2017, 09:26

Subject

CN=Bada Technology Co.\,Ltd,O=Bada Technology Co.\,Ltd,L=Panzhihua,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/11/2014, 00:58

Not After

08/11/2029, 00:58

Subject

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:39:65:c4:72:e0:dc:2b:d9:65:00:00:00:00:00:39
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

29/04/2015, 17:12

Not After

29/04/2025, 17:12

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:c2:85:30:e9:3b:36
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 22:46

Not After

31/12/2019, 23:59

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

2c:9f:c3:85:e6:31:b3:80:e2:cd:15:c1:88:d4:fd:19:31:c8:d7:7a:47:cc:92:1e:2b:a2:fb:ca:c8:80:ff:93
Signer

Actual PE Digest

2c:9f:c3:85:e6:31:b3:80:e2:cd:15:c1:88:d4:fd:19:31:c8:d7:7a:47:cc:92:1e:2b:a2:fb:ca:c8:80:ff:93

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Bada Technology Co.\,Ltd,O=Bada Technology Co.\,Ltd,L=Panzhihua,ST=Sichuan,C=CN

19/01/2017, 02:35
Valid: false

f1:32:8e:f7:f4:68:ae:54:18:37:51:6a:a4:77:11:bb:93:60:7f:e8
Signer

Actual PE Digest

f1:32:8e:f7:f4:68:ae:54:18:37:51:6a:a4:77:11:bb:93:60:7f:e8

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Bada Technology Co.\,Ltd,O=Bada Technology Co.\,Ltd,L=Panzhihua,ST=Sichuan,C=CN

19/01/2017, 02:35
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoBuildDeviceIoControlRequest
IoDeleteSymbolicLink
ExFreePoolWithTag
RtlInitUnicodeString
IoDeleteDevice
KeSetEvent
KeInitializeEvent
IoFreeMdl
MmMapLockedPagesSpecifyCache
IoGetDeviceObjectPointer
IoBuildAsynchronousFsdRequest
IofCompleteRequest
KeWaitForSingleObject
IoFreeIrp
IoGetAttachedDeviceReference
MmUnlockPages
ObfReferenceObject
IoCreateSymbolicLink
ObfDereferenceObject
RtlUnicodeStringToInteger
IoCreateDevice
IofCallDriver
KeBugCheckEx
RtlAnsiCharToUnicodeChar

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
drivers/winnet/i386/MDA_NTDRV.sys
.exe windows x86

c282198bc24c5a8e2d143c1f82a4470a

Code Sign

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 01:00

Not After

08/04/2023, 01:00

Subject

CN=WoSign Time Stamping Signer G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5e:a4:dc:11:45:80:2f:ec:91:84:a6:94:26:47:ba:3b
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

18/05/2016, 09:48

Not After

18/05/2017, 09:48

Subject

CN=Bada Technology Co.\,Ltd,O=Bada Technology Co.\,Ltd,L=Panzhihua,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:39:65:c4:72:e0:dc:2b:d9:65:00:00:00:00:00:39
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

29/04/2015, 17:12

Not After

29/04/2025, 17:12

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:c2:85:30:e9:3b:36
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 22:46

Not After

31/12/2019, 23:59

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 01:00

Not After

08/04/2023, 01:00

Subject

CN=WoSign Time Stamping Signer G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

22:1d:12:bf:d7:45:75:71:13:37:96:2b:82:e2:2b:52
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Not Before

18/05/2016, 09:26

Not After

18/05/2017, 09:26

Subject

CN=Bada Technology Co.\,Ltd,O=Bada Technology Co.\,Ltd,L=Panzhihua,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/11/2014, 00:58

Not After

08/11/2029, 00:58

Subject

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:39:65:c4:72:e0:dc:2b:d9:65:00:00:00:00:00:39
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

29/04/2015, 17:12

Not After

29/04/2025, 17:12

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:c2:85:30:e9:3b:36
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 22:46

Not After

31/12/2019, 23:59

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

d3:9c:3a:ba:3c:18:65:b9:84:d9:ec:68:1b:9d:b5:bf:8d:94:d7:43:d9:bb:af:90:45:04:17:98:70:fe:5b:06
Signer

Actual PE Digest

d3:9c:3a:ba:3c:18:65:b9:84:d9:ec:68:1b:9d:b5:bf:8d:94:d7:43:d9:bb:af:90:45:04:17:98:70:fe:5b:06

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Bada Technology Co.\,Ltd,O=Bada Technology Co.\,Ltd,L=Panzhihua,ST=Sichuan,C=CN

19/01/2017, 02:35
Valid: false

d5:8c:71:e6:4a:f7:df:12:14:6f:ac:c9:11:42:d7:cc:28:80:2d:79
Signer

Actual PE Digest

d5:8c:71:e6:4a:f7:df:12:14:6f:ac:c9:11:42:d7:cc:28:80:2d:79

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Bada Technology Co.\,Ltd,O=Bada Technology Co.\,Ltd,L=Panzhihua,ST=Sichuan,C=CN

19/01/2017, 02:35
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoDeleteDevice
IoDeleteSymbolicLink
ObfReferenceObject
IoGetDeviceObjectPointer
RtlInitUnicodeString
memset
IoFreeIrp
KeSetEvent
IoFreeMdl
MmUnlockPages
ExFreePoolWithTag
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
IoBuildAsynchronousFsdRequest
IofCompleteRequest
MmMapLockedPagesSpecifyCache
ObfDereferenceObject
IoGetAttachedDeviceReference
RtlUnicodeStringToInteger
ExAllocatePoolWithTag
memcpy
IoBuildDeviceIoControlRequest
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx
RtlAnsiCharToUnicodeChar

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 354B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 846B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 364B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
drivers/winxp/i386/MDA_NTDRV.sys
.exe windows x86

c282198bc24c5a8e2d143c1f82a4470a

Code Sign

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 01:00

Not After

08/04/2023, 01:00

Subject

CN=WoSign Time Stamping Signer G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5e:a4:dc:11:45:80:2f:ec:91:84:a6:94:26:47:ba:3b
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

18/05/2016, 09:48

Not After

18/05/2017, 09:48

Subject

CN=Bada Technology Co.\,Ltd,O=Bada Technology Co.\,Ltd,L=Panzhihua,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:39:65:c4:72:e0:dc:2b:d9:65:00:00:00:00:00:39
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

29/04/2015, 17:12

Not After

29/04/2025, 17:12

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:c2:85:30:e9:3b:36
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 22:46

Not After

31/12/2019, 23:59

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 01:00

Not After

08/04/2023, 01:00

Subject

CN=WoSign Time Stamping Signer G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

22:1d:12:bf:d7:45:75:71:13:37:96:2b:82:e2:2b:52
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Not Before

18/05/2016, 09:26

Not After

18/05/2017, 09:26

Subject

CN=Bada Technology Co.\,Ltd,O=Bada Technology Co.\,Ltd,L=Panzhihua,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/11/2014, 00:58

Not After

08/11/2029, 00:58

Subject

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:39:65:c4:72:e0:dc:2b:d9:65:00:00:00:00:00:39
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

29/04/2015, 17:12

Not After

29/04/2025, 17:12

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:c2:85:30:e9:3b:36
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 22:46

Not After

31/12/2019, 23:59

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

ad:28:af:8e:64:23:05:7f:55:f4:21:c2:03:fb:8f:7b:70:ef:a2:24:8c:98:9c:e8:60:96:90:83:70:bc:ac:14
Signer

Actual PE Digest

ad:28:af:8e:64:23:05:7f:55:f4:21:c2:03:fb:8f:7b:70:ef:a2:24:8c:98:9c:e8:60:96:90:83:70:bc:ac:14

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Bada Technology Co.\,Ltd,O=Bada Technology Co.\,Ltd,L=Panzhihua,ST=Sichuan,C=CN

19/01/2017, 02:35
Valid: false

42:6d:38:ad:86:72:2a:bd:8f:bb:8a:f5:1f:47:bc:4b:57:49:b4:d5
Signer

Actual PE Digest

42:6d:38:ad:86:72:2a:bd:8f:bb:8a:f5:1f:47:bc:4b:57:49:b4:d5

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Bada Technology Co.\,Ltd,O=Bada Technology Co.\,Ltd,L=Panzhihua,ST=Sichuan,C=CN

19/01/2017, 02:35
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoDeleteDevice
IoDeleteSymbolicLink
ObfReferenceObject
IoGetDeviceObjectPointer
RtlInitUnicodeString
memset
IoFreeIrp
KeSetEvent
IoFreeMdl
MmUnlockPages
ExFreePoolWithTag
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
IoBuildAsynchronousFsdRequest
IofCompleteRequest
MmMapLockedPagesSpecifyCache
ObfDereferenceObject
IoGetAttachedDeviceReference
RtlUnicodeStringToInteger
ExAllocatePoolWithTag
memcpy
IoBuildDeviceIoControlRequest
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx
RtlAnsiCharToUnicodeChar

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 353B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 896B - Virtual size: 846B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 334B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dm.api
.dll windows x64

300c3e7acfc115bb1868a4c4d79fb80a

Code Sign

04:44:c0
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

22/10/2008, 12:07

Not After

31/12/2029, 12:07

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

17/04/2018, 08:20

Not After

18/05/2027, 08:20

Subject

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6c:f4:ec:29:43:e7:fb:ca:58:1b:5e:bb:85:e7:c2:5c
Certificate

Issuer

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Not Before

28/12/2020, 14:37

Not After

27/01/2023, 14:37

Subject

CN=Panzhihua Bada Technology Co.\, Ltd.,O=Panzhihua Bada Technology Co.\, Ltd.,L=Panzhihua,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a8:3e:9b:c4:e4:aa:e0:c9:66:ab:91:7e:af:72:13:b0:1a:71:a8:cc:2d:b0:b3:2a:3d:95:f7:f1:c7:09:52:4e
Signer

Actual PE Digest

a8:3e:9b:c4:e4:aa:e0:c9:66:ab:91:7e:af:72:13:b0:1a:71:a8:cc:2d:b0:b3:2a:3d:95:f7:f1:c7:09:52:4e

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Panzhihua Bada Technology Co.\, Ltd.,O=Panzhihua Bada Technology Co.\, Ltd.,L=Panzhihua,ST=Sichuan,C=CN

07/10/2022, 02:52
Valid: true

Chain 1

CN=Panzhihua Bada Technology Co.\, Ltd.,O=Panzhihua Bada Technology Co.\, Ltd.,L=Panzhihua,ST=Sichuan,C=CN

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetDateFormatA
FindNextFileW
DeleteFileW
CloseHandle
FindClose
GetVersionExW
CopyFileW
GetLocaleInfoW
GetUserDefaultLangID
WaitForSingleObject
CreateProcessW
FindFirstFileW
SetThreadExecutionState
CreateFileA
lstrcpyW
lstrlenW
lstrcpynW
SetEnvironmentVariableA
CompareStringW
FlushFileBuffers
CreateFileW
WriteConsoleW
SetStdHandle
GetStringTypeW
HeapReAlloc
GetConsoleMode
GetConsoleCP
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
GetTimeZoneInformation
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetVersion
HeapSetInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
DeleteCriticalSection
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
WideCharToMultiByte
MultiByteToWideChar
OutputDebugStringW
OutputDebugStringA
FreeLibrary
GetCurrentProcess
GetModuleHandleW
GetCurrentThread
GetSystemDirectoryW
LoadLibraryW
Sleep
ReadFile
GetLastError
GetProcAddress
LoadLibraryA
RemoveDirectoryW
CreatePipe
GetModuleFileNameA
SetFileAttributesW
GetLocalTime
GlobalMemoryStatusEx
GetSystemInfo
LocalFree
PeekNamedPipe
SetEvent
GetExitCodeProcess
TerminateProcess
CreateEventW
WaitForMultipleObjects
GetTempPathW
CreateDirectoryA
GetSystemWindowsDirectoryW
GetExitCodeThread
CreateThread
GetTempFileNameW
FindVolumeClose
GetDriveTypeW
CreateDirectoryW
FindNextVolumeW
GetModuleFileNameW
GetLongPathNameW
MoveFileW
FindFirstVolumeW
DecodePointer
EncodePointer
GetCurrentThreadId
FlsSetValue
GetCommandLineA
HeapFree
GetSystemTimeAsFileTime
ExitThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WriteFile
GetStdHandle
HeapAlloc
RaiseException
RtlPcToFileHeader
RtlUnwindEx
HeapSize
ExitProcess
FlsGetValue
FlsFree
SetLastError
FlsAlloc
GetTimeFormatA

user32

ExitWindowsEx
SetActiveWindow
SetCapture
SetFocus
MessageBoxW
ReleaseCapture
EnableWindow
wsprintfW
GetSystemMetrics

shell32

ShellExecuteExW
SHFileOperationW
SHGetSpecialFolderPathW
SHGetDesktopFolder
SHEmptyRecycleBinW
SHGetMalloc
SHGetFolderLocation

shlwapi

PathRemoveFileSpecW
StrStrIW
PathFileExistsW
SHCreateStreamOnFileEx

ntdll

ZwSetInformationFile
RtlDeleteCriticalSection
ZwDeleteFile
RtlLeaveCriticalSection
ZwDeviceIoControlFile
ZwQueryInformationProcess
ZwLoadKey
ZwOpenFile
ZwQueryInformationToken
ZwAdjustPrivilegesToken
ZwOpenProcessToken
NtSetVolumeInformationFile
ZwSetValueKey
RtlGetVersion
RtlInitAnsiString
RtlInitUnicodeString
ZwReadFile
RtlSystemTimeToLocalTime
RtlQueryEnvironmentVariable_U
ZwQuerySystemTime
ZwFsControlFile
RtlAnsiStringToUnicodeString
RtlEnterCriticalSection
ZwUnloadKey
ZwQueryInformationFile
ZwWriteFile
RtlInitializeCriticalSection
ZwDelayExecution
RtlDosPathNameToNtPathName_U
ZwAllocateVirtualMemory
ZwOpenKey
ZwAllocateUuids
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
ZwOpenDirectoryObject
ZwQueryDirectoryObject
RtlFreeUnicodeString
NtQueryVolumeInformationFile
ZwCreateFile
ZwQueryValueKey
ZwQueryDirectoryFile
ZwFreeVirtualMemory
RtlNtStatusToDosError
ZwEnumerateValueKey
ZwClose
ZwFlushKey
RtlTimeToTimeFields
ZwQueryAttributesFile
ZwFlushBuffersFile

wininet

InternetCloseHandle
InternetReadFile
InternetOpenUrlW
InternetOpenW

dbghelp

MiniDumpWriteDump

advapi32

CloseServiceHandle
OpenThreadToken
GetUserNameW
GetTokenInformation
EqualSid
LookupPrivilegeValueW
AllocateAndInitializeSid
FreeSid
RegOpenKeyExW
RegFlushKey
AdjustTokenPrivileges
RegCloseKey
DeleteAce
GetAclInformation
ControlService
OpenSCManagerA
StartServiceA
OpenServiceW
DeleteService
OpenProcessToken
CreateServiceW
BuildExplicitAccessWithNameW
SetEntriesInAclW
GetNamedSecurityInfoW
GetAce
SetNamedSecurityInfoW

ole32

CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysFreeString
SafeArrayPutElement
SafeArrayCreateVectorEx
SafeArrayDestroy
SysAllocString

msi

ord66
ord173
ord70
ord41
ord45

Exports

Exports

aboveWin10
addBootEntry
addLogicalDrive
addPve
adjustorBegin
adjustorEnd
alignNtfsClust
alignNtfsClust1
alignPart
alignParts1
allowCloneDisk
allowConv2FAT32
allowConv2Gpt
allowConv2Logical
allowConvDynamic2Basic
allowExtendNtfsVolume
allowMigrateOs
applConf
assignDriveLetter
batchFileBakPath
batchFileExist
batchFilePath
blkChkerLogName
bootPve
breakCommand
changeLogicalDrive
checkUpdate
checkVolSize
checkWinPeType
chkBlk
cleanPves
clearExecutionState
clearLastOpErr
clearPves
cloneDeviceView
cloneDisk
closeBatchCmds
closeBlkChker
closeCommand
closeDevice
closeMsgQueue
closeRecyclebinFiles
compFile
createBatchCmds
createBlkChker
createCommand
createDevice
createDeviceView
createDiskUuidFile
createDummyPves
createMsgQueue
createRecyclebinFiles
createSnapshot
defaultSsPerClust
delAllBootEntries
delBatchFile
delBootEntry
delDir
delGptReservedPart
delPve
disablePagingExecutiveValue
dve
dynamic2Basic
emptyRecyclebin
enumDisks
errText
estimateUsedSects
estimateUsedSects4Merge
exec
extendPve
extendSpace
extendedPves
fileDiff
files4Wiper
files4Wiper2
firstNePve
firstNePve2
forceLock
fsRange
getLastOpErr
getProductName
getProductName2
gpt2Mbr
gptPart2MbrLogical
gptPart2MbrPrimary
hasOtherOs
initDves
initEmptyPve
integrityCheck
is32ProgramOnWin64Os
is64BitProgram
isAdminAcct
isDbrDisk
isDynamicDisk
isEmptyDisk
isExtPart
isGptDisk
isGptEfiSystemPart
isGptMsrPart
isGptSysPart
isMbrDisk
isMounted
isRecoveryPart
isSectorsCpy
isServer
isSysPart
isWinPe
langDefaultId
langOpen
langOpen2
langTxt
langTxt2
lastNePve
lockVolume
logicalDrives
logstr
makePe
manageDriver
maxLabelLen
mbr2Gpt
mergePves
mergeSpace
mergeUs2Pve
migrateOs
moduleDir
movSpace
need2Shutdown
numOfBlks
numOfDisks
numOfDrives
numOfDves
numOfLangs
numOfLdmDves
numOfMdaDrvCallers
numOfMsgs
numOfNePves
numOfNePves2
numOfOsPves
numOfPves
numOfRecyclebinFiles
osVersionNumbers
partMaximum
partMinSects
partMinimum
partMinimum1
partReserved
partTyp
peekMsg
popMsg
postMsg
psi
pushCmd
pve
pveChanged
queryDve
rangeOfSsPerClust
readActivRec2
readOsVersion
readOsVersion2
readPipe
readVersion
ready2Perform
rebootSystem
rebuildPves
recyclebinFile
refresh
releaseDeviceView
releaseDummyPves
releasePves4Ex
removeLogicalDrive
removeLogicalDrives
runInEFIMode
saveCmds2File
saveGlobalInfo
saveGlobalInfo2
seekNePve
seekNePve2
seekNextNePve
seekPve
sendEmail
setAutoMount
setDisablePagingExecutive
setDiskOffline
setDiskReadonly
setExceptionFilter
setExecutionState
setLastOpErr
setupCore
setupCore2
setupDriverName
shutdownSystem
siOfBootPart
siOfSysPart
siOn1stPaint
size2Str
specialDir
sqliteClose
sqliteCloseDb
sqliteCreate
sqliteExec
sqliteOpenDb
startingSector
sysPve
systemBits
systemInfo2Log
tryLockVolume
uncompressNtfsFile
unmountVolume
updateSystem
validate
visibleSects
visibleSects1
windowsDir
writeActivRec2
writeBlkChkerLog

Sections

.text
Size: 675KB - Virtual size: 675KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 658KB - Virtual size: 658KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dll_sha
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dm.st.exe
.exe windows x64

8d7503307e9f75469bdea636352cda80

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
VariantInit
GetErrorInfo
GetActiveObject
VariantInit
SysFreeString

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegUnLoadKeyW
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegLoadKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey

user32

MessageBoxA
CharNextW
LoadStringW
SetClassLongPtrW
GetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
CreateWindowExW
WindowFromPoint
WaitMessage
ValidateRect
UpdateWindow
UnregisterClassW
UnionRect
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenuEx
TrackPopupMenu
ToUnicode
ToAsciiEx
TabbedTextOutA
TabbedTextOutW
SystemParametersInfoW
SubtractRect
AnimateWindow
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCaret
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRectEmpty
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenuInfo
SetMenuDefaultItem
SetMenu
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetCapture
SetActiveWindow
SendNotifyMessageW
SendMessageA
SendMessageW
ScrollWindowEx
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PtInRect
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
OffsetRect
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LockWindowUpdate
LoadStringW
LoadMenuW
LoadKeyboardLayoutW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsMenu
IsIconic
IsDialogMessageA
IsDialogMessageW
IsClipboardFormatAvailable
IsChild
InvalidateRgn
InvalidateRect
IntersectRect
InsertMenuItemW
InsertMenuW
InflateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextW
GetWindowRgn
GetWindowRect
GetWindowPlacement
GetWindowDC
GetUpdateRgn
GetUpdateRect
GetTopWindow
GetTabbedTextExtentA
GetTabbedTextExtentW
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetScrollBarInfo
GetPropW
GetParent
GetWindow
GetMessagePos
GetMessageExtraInfo
GetMessageW
GetMenuStringW
GetMenuState
GetMenuItemRect
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenuDefaultItem
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDoubleClickTime
GetDlgItem
GetDlgCtrlID
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameW
GetClassInfoExW
GetClassInfoW
GetCaretPos
GetCapture
GetAsyncKeyState
GetAncestor
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EnumChildWindows
EndPaint
EndMenu
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextA
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DragDetect
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CreateAcceleratorTableW
CountClipboardFormats
CopyImage
CopyIcon
CloseClipboard
ClientToScreen
ChildWindowFromPointEx
CheckMenuItem
CharUpperBuffW
CharUpperW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
AdjustWindowRectEx
ActivateKeyboardLayout
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow

kernel32

Sleep
VirtualFree
VirtualAlloc
HeapFree
HeapAlloc
GetProcessHeap
lstrlenW
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsDBCSLeadByteEx
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetConsoleOutputCP
GetConsoleCP
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwindEx
RtlUnwind
RaiseException
ExitProcess
ExitThread
SwitchToThread
GetCurrentThreadId
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
SetFilePointer
SetEndOfFile
ReadFile
GetFileType
GetFileSize
CreateFileW
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
LocalFree
LocalAlloc
GetModuleHandleW
FreeLibrary
lstrcmpW
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
UnmapViewOfFile
TryEnterCriticalSection
SwitchToThread
SuspendThread
SleepEx
Sleep
SizeofResource
SetThreadPriority
SetThreadLocale
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
RemoveDirectoryW
ReadFile
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
QueryDosDeviceW
IsDebuggerPresent
OutputDebugStringW
MultiByteToWideChar
MulDiv
MapViewOfFile
LockResource
LocalFree
LoadResource
LoadLibraryW
LeaveCriticalSection
IsValidLocale
InitializeCriticalSection
HeapSize
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GlobalUnlock
GlobalSize
GlobalHandle
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetWindowsDirectoryW
GetVolumeInformationW
GetVersionExW
GetVersion
GetTimeZoneInformation
GetTickCount
GetThreadPriority
GetThreadLocale
GetTempPathW
GetSystemInfo
GetSystemTimes
GetSystemDirectoryW
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLogicalDrives
GetLogicalDriveStringsW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesExW
GetFileAttributesW
GetExitCodeThread
GetEnvironmentVariableW
GetDriveTypeW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetComputerNameW
GetCPInfoExW
GetCPInfo
GetACP
FreeResource
FreeLibrary
FormatMessageW
FindResourceW
FindNextFileW
FindFirstFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumSystemLocalesW
EnumResourceNamesW
EnumCalendarInfoW
EnterCriticalSection
DeleteFileW
DeleteCriticalSection
CreateThread
CreateMutexW
CreateFileMappingW
CreateFileW
CreateEventW
CreateDirectoryW
CopyFileW
CompareStringW
CloseHandle
Sleep
GetStringTypeW

gdi32

WidenPath
UpdateColors
UnrealizeObject
TextOutA
TextOutW
StrokePath
StretchDIBits
StretchBlt
StartPage
StartDocW
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextJustification
SetTextColor
SetStretchBltMode
SetRectRgn
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SelectClipRgn
SelectClipPath
SaveDC
RoundRect
RestoreDC
Rectangle
RectVisible
RectInRegion
RealizePalette
PtInRegion
Polyline
Polygon
PolyPolyline
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PathToRegion
PatBlt
OffsetWindowOrgEx
OffsetRgn
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetViewportOrgEx
GetTextMetricsA
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextExtentExPointA
GetTextExtentExPointW
GetTextColor
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetROP2
GetPixel
GetPaletteEntries
GetObjectType
GetObjectW
GetNearestPaletteIndex
GetNearestColor
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetCurrentObject
GetClipRgn
GetClipBox
GetBrushOrgEx
GetBkMode
GetBitmapBits
GdiFlush
FrameRgn
FillRgn
FillPath
ExtTextOutA
ExtTextOutW
ExtSelectClipRgn
ExtFloodFill
ExcludeClipRect
EqualRgn
EnumFontsW
EnumFontFamiliesExW
EndPath
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
DPtoLP
CreateSolidBrush
CreateRoundRectRgn
CreateRectRgnIndirect
CreateRectRgn
CreatePolygonRgn
CreatePenIndirect
CreatePen
CreatePatternBrush
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateEllipticRgn
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CombineRgn
Chord
BitBlt
BeginPath
ArcTo
Arc
AngleArc
AbortDoc

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
ProgIDFromCLSID
StringFromCLSID
CoCreateInstance
CoUninitialize
CoInitialize
IsEqualGUID

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Copy
ImageList_LoadImageW
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_AddMasked
ImageList_Replace
ImageList_Draw
ImageList_SetOverlayImage
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

msvcrt

memset
memcpy

shell32

ShellExecuteW
Shell_NotifyIconW
SHGetSpecialFolderLocation
SHGetPathFromIDListW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

winspool.drv

OpenPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter
GetDefaultPrinterW

gdiplus

GdipDrawCachedBitmap
GdipMeasureDriverString
GdipDrawDriverString
GdipMeasureCharacterRanges
GdipMeasureString
GdipDrawString
GdipComment
GdipEndContainer
GdipBeginContainer2
GdipBeginContainerI
GdipBeginContainer
GdipRestoreGraphics
GdipSaveGraphics
GdipIsVisibleRectI
GdipIsVisibleRect
GdipIsVisiblePointI
GdipIsVisiblePoint
GdipIsVisibleClipEmpty
GdipGetVisibleClipBoundsI
GdipGetVisibleClipBounds
GdipIsClipEmpty
GdipGetClipBoundsI
GdipGetClipBounds
GdipGetClip
GdipTranslateClipI
GdipTranslateClip
GdipResetClip
GdipSetClipHrgn
GdipSetClipRegion
GdipSetClipPath
GdipSetClipRectI
GdipSetClipRect
GdipSetClipGraphics
GdipEnumerateMetafileSrcRectDestPointsI
GdipEnumerateMetafileSrcRectDestPoints
GdipEnumerateMetafileSrcRectDestRectI
GdipEnumerateMetafileSrcRectDestRect
GdipEnumerateMetafileSrcRectDestPointI
GdipEnumerateMetafileSrcRectDestPoint
GdipEnumerateMetafileDestPointsI
GdipEnumerateMetafileDestPoints
GdipEnumerateMetafileDestRectI
GdipEnumerateMetafileDestRect
GdipEnumerateMetafileDestPointI
GdipEnumerateMetafileDestPoint
GdipDrawImagePointsRectI
GdipDrawImagePointsRect
GdipDrawImageRectRectI
GdipDrawImageRectRect
GdipDrawImagePointRectI
GdipDrawImagePointRect
GdipDrawImagePointsI
GdipDrawImagePoints
GdipDrawImageRectI
GdipDrawImageRect
GdipDrawImageI
GdipDrawImage
GdipFillRegion
GdipFillClosedCurve2I
GdipFillClosedCurve2
GdipFillClosedCurveI
GdipFillClosedCurve
GdipFillPath
GdipFillPieI
GdipFillPie
GdipFillEllipseI
GdipFillEllipse
GdipFillPolygonI
GdipFillPolygon
GdipFillRectanglesI
GdipFillRectangles
GdipFillRectangleI
GdipFillRectangle
GdipGraphicsClear
GdipDrawClosedCurve2I
GdipDrawClosedCurve2
GdipDrawClosedCurveI
GdipDrawClosedCurve
GdipDrawCurve3I
GdipDrawCurve3
GdipDrawCurve2I
GdipDrawCurve2
GdipDrawCurveI
GdipDrawCurve
GdipDrawPath
GdipDrawPolygonI
GdipDrawPolygon
GdipDrawPieI
GdipDrawPie
GdipDrawEllipseI
GdipDrawEllipse
GdipDrawRectanglesI
GdipDrawRectangles
GdipDrawRectangleI
GdipDrawRectangle
GdipDrawBeziersI
GdipDrawBeziers
GdipDrawBezierI
GdipDrawBezier
GdipDrawArcI
GdipDrawArc
GdipDrawLinesI
GdipDrawLines
GdipDrawLineI
GdipDrawLine
GdipGetNearestColor
GdipTransformPointsI
GdipTransformPoints
GdipGetDpiY
GdipGetDpiX
GdipSetPageScale
GdipSetPageUnit
GdipGetPageScale
GdipGetPageUnit
GdipGetWorldTransform
GdipRotateWorldTransform
GdipScaleWorldTransform
GdipTranslateWorldTransform
GdipMultiplyWorldTransform
GdipResetWorldTransform
GdipSetWorldTransform
GdipGetInterpolationMode
GdipSetInterpolationMode
GdipGetTextContrast
GdipSetTextContrast
GdipGetTextRenderingHint
GdipSetTextRenderingHint
GdipGetPixelOffsetMode
GdipSetPixelOffsetMode
GdipGetSmoothingMode
GdipSetSmoothingMode
GdipGetCompositingQuality
GdipSetCompositingQuality
GdipGetRenderingOrigin
GdipSetRenderingOrigin
GdipGetCompositingMode
GdipSetCompositingMode
GdipReleaseDC
GdipGetDC
GdipDeleteGraphics
GdipCreateFromHWNDICM
GdipCreateFromHWND
GdipCreateFromHDC2
GdipCreateFromHDC
GdipFlush
GdipSetPropertyItem
GdipRemovePropertyItem
GdipGetAllPropertyItems
GdipGetPropertySize
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipGetPropertyIdList
GdipGetPropertyCount
GdipGetImagePaletteSize
GdipSetImagePalette
GdipGetImagePalette
GdipImageRotateFlip
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetEncoderParameterList
GdipGetEncoderParameterListSize
GdipGetImageThumbnail
GdipGetImagePixelFormat
GdipGetImageRawFormat
GdipGetImageFlags
GdipGetImageVerticalResolution
GdipGetImageHorizontalResolution
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageType
GdipGetImageDimension
GdipGetImageBounds
GdipGetImageGraphicsContext
GdipSaveAddImage
GdipSaveAdd
GdipSaveImageToStream
GdipSaveImageToFile
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromFileICM
GdipLoadImageFromStreamICM
GdipLoadImageFromFile
GdipLoadImageFromStream
GdipGetCustomLineCapWidthScale
GdipSetCustomLineCapWidthScale
GdipGetCustomLineCapBaseInset
GdipSetCustomLineCapBaseInset
GdipGetCustomLineCapBaseCap
GdipSetCustomLineCapBaseCap
GdipGetCustomLineCapStrokeJoin
GdipSetCustomLineCapStrokeJoin
GdipGetCustomLineCapStrokeCaps
GdipSetCustomLineCapStrokeCaps
GdipCloneCustomLineCap
GdipDeleteCustomLineCap
GdipCreateCustomLineCap
GdipGetPenCompoundArray
GdipSetPenCompoundArray
GdipGetPenCompoundCount
GdipGetPenDashArray
GdipSetPenDashArray
GdipGetPenDashCount
GdipSetPenDashOffset
GdipGetPenDashOffset
GdipSetPenDashStyle
GdipGetPenDashStyle
GdipGetPenFillType
GdipGetPenBrushFill
GdipSetPenBrushFill
GdipGetPenColor
GdipSetPenColor
GdipRotatePenTransform
GdipScalePenTransform
GdipTranslatePenTransform
GdipMultiplyPenTransform
GdipResetPenTransform
GdipGetPenTransform
GdipSetPenTransform
GdipGetPenMode
GdipSetPenMode
GdipGetPenMiterLimit
GdipSetPenMiterLimit
GdipGetPenCustomEndCap
GdipSetPenCustomEndCap
GdipGetPenCustomStartCap
GdipSetPenCustomStartCap
GdipGetPenLineJoin
GdipSetPenLineJoin
GdipGetPenDashCap197819
GdipGetPenEndCap
GdipGetPenStartCap
GdipSetPenDashCap197819
GdipSetPenEndCap
GdipSetPenStartCap
GdipSetPenLineCap197819
GdipGetPenWidth
GdipSetPenWidth
GdipDeletePen
GdipClonePen
GdipCreatePen2
GdipCreatePen1
GdipRotateLineTransform
GdipScaleLineTransform
GdipTranslateLineTransform
GdipMultiplyLineTransform
GdipResetLineTransform
GdipSetLineTransform
GdipGetLineTransform
GdipGetLineWrapMode
GdipSetLineWrapMode
GdipSetLineLinearBlend
GdipSetLineSigmaBlend
GdipSetLinePresetBlend
GdipGetLinePresetBlend
GdipGetLinePresetBlendCount
GdipSetLineBlend
GdipGetLineBlend
GdipGetLineBlendCount
GdipGetLineGammaCorrection
GdipSetLineGammaCorrection
GdipGetLineRectI
GdipGetLineRect
GdipGetLineColors
GdipSetLineColors
GdipCreateLineBrushFromRectWithAngleI
GdipCreateLineBrushFromRectWithAngle
GdipCreateLineBrushFromRectI
GdipCreateLineBrushFromRect
GdipCreateLineBrushI
GdipCreateLineBrush
GdipGetSolidFillColor
GdipSetSolidFillColor
GdipCreateSolidFill
GdipGetTextureImage
GdipGetTextureWrapMode
GdipSetTextureWrapMode
GdipRotateTextureTransform
GdipScaleTextureTransform
GdipTranslateTextureTransform
GdipMultiplyTextureTransform
GdipResetTextureTransform
GdipSetTextureTransform
GdipGetTextureTransform
GdipCreateTextureIAI
GdipCreateTexture2I
GdipCreateTextureIA
GdipCreateTexture2
GdipCreateTexture
GdipGetHatchBackgroundColor
GdipGetHatchForegroundColor
GdipGetHatchStyle
GdipCreateHatchBrush
GdipGetBrushType
GdipDeleteBrush
GdipCloneBrush
GdipGetRegionScansI
GdipGetRegionScans
GdipGetRegionScansCount
GdipIsVisibleRegionRectI
GdipIsVisibleRegionRect
GdipIsVisibleRegionPointI
GdipIsVisibleRegionPoint
GdipGetRegionData
GdipGetRegionDataSize
GdipIsEqualRegion
GdipIsInfiniteRegion
GdipIsEmptyRegion
GdipGetRegionHRgn
GdipGetRegionBoundsI
GdipGetRegionBounds
GdipTransformRegion
GdipTranslateRegionI
GdipTranslateRegion
GdipCombineRegionRegion
GdipCombineRegionPath
GdipCombineRegionRectI
GdipCombineRegionRect
GdipSetEmpty
GdipSetInfinite
GdipDeleteRegion
GdipCloneRegion
GdipCreateRegionHrgn
GdipCreateRegionRgnData
GdipCreateRegionPath
GdipCreateRegionRectI
GdipCreateRegionRect
GdipCreateRegion
GdipIsMatrixEqual
GdipIsMatrixIdentity
GdipIsMatrixInvertible
GdipGetMatrixElements
GdipVectorTransformMatrixPointsI
GdipVectorTransformMatrixPoints
GdipTransformMatrixPointsI
GdipTransformMatrixPoints
GdipInvertMatrix
GdipShearMatrix
GdipRotateMatrix
GdipScaleMatrix
GdipTranslateMatrix
GdipMultiplyMatrix
GdipSetMatrixElements
GdipDeleteMatrix
GdipCloneMatrix
GdipCreateMatrix3I
GdipCreateMatrix3
GdipCreateMatrix2
GdipCreateMatrix
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc

dm.api

checkUpdate
readVersion
osVersionNumbers
systemBits
is32ProgramOnWin64Os
isWinPe
is64BitProgram
isServer
readOsVersion
systemInfo2Log
applConf
shutdownSystem
isAdminAcct
clearExecutionState
setExecutionState
fileDiff
delDir
moduleDir
langTxt2
langOpen2
numOfLangs
langDefaultId
closeBlkChker
writeBlkChkerLog
blkChkerLogName
chkBlk
numOfBlks
createBlkChker
closeDevice
createDevice
numOfMdaDrvCallers
manageDriver
setupDriverName
writeActivRec2
readActivRec2
adjustorBegin
clearPves
getProductName
psi
pve
dve
numOfDves
refresh
releaseDeviceView
cloneDeviceView
createDeviceView

winmm

timeGetTime
PlaySoundW

Sections

.text
Size: 9.0MB - Virtual size: 9.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 746KB - Virtual size: 745KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 50KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 496B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 502KB - Virtual size: 501KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
mds.lkeys
pro.api
th_sjy 汉化分享博客.url
.url
说明.txt

Sharing

General

Malware Config

Signatures

Files

c7bce6d53c2b7a032ae8e88bd6efa8f2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

0a:d6:43:85:43:76:c0:59:5a:51:fe:44:9d:7a:7a:64Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

00:b9:11:ce:71:d2:64:d1:f0:6a:2b:91:f5:59:42:a7:6a:51:76:32Signer

Signature Validations

Verification

25/02/2013, 09:10 Valid: false

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 756B

.data Size: 512B - Virtual size: 392B

.pdata Size: 512B - Virtual size: 300B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 60B

c50e07f3c00e76404fa0d1348a11541a

Code Sign

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1bCertificate

Extended Key Usages

Key Usages

5e:a4:dc:11:45:80:2f:ec:91:84:a6:94:26:47:ba:3bCertificate

Extended Key Usages

Key Usages

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79Certificate

Extended Key Usages

Key Usages

33:00:00:00:39:65:c4:72:e0:dc:2b:d9:65:00:00:00:00:00:39Certificate

Extended Key Usages

Key Usages

19:c2:85:30:e9:3b:36Certificate

Key Usages

01Certificate

Key Usages

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1bCertificate

Extended Key Usages

Key Usages

22:1d:12:bf:d7:45:75:71:13:37:96:2b:82:e2:2b:52Certificate

Extended Key Usages

Key Usages

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0eCertificate

Extended Key Usages

Key Usages

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54Certificate

Extended Key Usages

Key Usages

33:00:00:00:39:65:c4:72:e0:dc:2b:d9:65:00:00:00:00:00:39Certificate

Extended Key Usages

Key Usages

19:c2:85:30:e9:3b:36Certificate

Key Usages

01Certificate

Key Usages

af:54:a1:87:ce:e4:fb:d3:37:97:c9:1b:07:37:25:a8:6d:97:25:85:a0:16:7c:3e:7c:66:24:b8:53:65:5f:91Signer

Signature Validations

Verification

19/01/2017, 02:35 Valid: false

7b:38:c0:a3:12:6a:31:93:e3:ae:06:48:04:16:43:b1:61:ca:07:ffSigner

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

0a:d6:43:85:43:76:c0:59:5a:51:fe:44:9d:7a:7a:64
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

00:b9:11:ce:71:d2:64:d1:f0:6a:2b:91:f5:59:42:a7:6a:51:76:32
Signer

25/02/2013, 09:10
Valid: false

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 756B

.data
Size: 512B - Virtual size: 392B

.pdata
Size: 512B - Virtual size: 300B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 60B

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

5e:a4:dc:11:45:80:2f:ec:91:84:a6:94:26:47:ba:3b
Certificate

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

33:00:00:00:39:65:c4:72:e0:dc:2b:d9:65:00:00:00:00:00:39
Certificate

19:c2:85:30:e9:3b:36
Certificate

01
Certificate

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

22:1d:12:bf:d7:45:75:71:13:37:96:2b:82:e2:2b:52
Certificate

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

33:00:00:00:39:65:c4:72:e0:dc:2b:d9:65:00:00:00:00:00:39
Certificate

19:c2:85:30:e9:3b:36
Certificate

01
Certificate

af:54:a1:87:ce:e4:fb:d3:37:97:c9:1b:07:37:25:a8:6d:97:25:85:a0:16:7c:3e:7c:66:24:b8:53:65:5f:91
Signer

19/01/2017, 02:35
Valid: false

7b:38:c0:a3:12:6a:31:93:e3:ae:06:48:04:16:43:b1:61:ca:07:ff
Signer

19/01/2017, 02:35
Valid: false

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 512B - Virtual size: 352B

.data
Size: 512B - Virtual size: 96B

INIT
Size: 1024B - Virtual size: 944B

.reloc
Size: 512B - Virtual size: 388B

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

5e:a4:dc:11:45:80:2f:ec:91:84:a6:94:26:47:ba:3b
Certificate

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

33:00:00:00:39:65:c4:72:e0:dc:2b:d9:65:00:00:00:00:00:39
Certificate

19:c2:85:30:e9:3b:36
Certificate

01
Certificate

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

22:1d:12:bf:d7:45:75:71:13:37:96:2b:82:e2:2b:52
Certificate

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

33:00:00:00:39:65:c4:72:e0:dc:2b:d9:65:00:00:00:00:00:39
Certificate

19:c2:85:30:e9:3b:36
Certificate

01
Certificate

45:a4:5f:09:cb:e4:89:b9:60:7e:3f:a4:cc:68:56:00:6d:41:97:1b:6a:17:89:45:a1:0c:fc:7e:41:dd:5e:92
Signer

19/01/2017, 02:35
Valid: false

6e:cd:78:75:6c:3b:12:f6:d5:fb:74:51:7d:38:fc:1c:16:09:f3:15
Signer

19/01/2017, 02:35
Valid: false

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 756B

.data
Size: 512B - Virtual size: 392B

.pdata
Size: 512B - Virtual size: 300B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 60B