40dc3d4f71a15362e53499d752ec874a3dbec50ce0387241287fd01ef2dd2fb1

Sharing

Copy URL

Twitter E-mail

General

Target

40dc3d4f71a15362e53499d752ec874a3dbec50ce0387241287fd01ef2dd2fb1
Size

1.2MB
MD5

93dd955ccc12fc4ac98f94820f3b243f
SHA1

2aebaca7c6bca13da52e1382bb7bcaafd49068bd
SHA256

40dc3d4f71a15362e53499d752ec874a3dbec50ce0387241287fd01ef2dd2fb1
SHA512

fd88738c877db9edc537bb1be02d7ac84c0d9741c30bcfa791fc854697934593b040afd6571c9d01fb3c69f3e385076db1424a4b1a3b1134ca8482b2c4128260
SSDEEP

24576:vgPKtOSft1iADxvq8z7XpJzRcp5EihUE8Twae8WTsA+ijeb6ZmKRfxLMwiIXhYSB:WKpTTzucigecc1TlB

Score

N/A

Malware Config

Signatures

Files

40dc3d4f71a15362e53499d752ec874a3dbec50ce0387241287fd01ef2dd2fb1
.exe windows x86

59381a2931dd9ae52db625f90164457e

Code Sign

61:03:dc:f6:00:00:00:00:00:0c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:12

Not After

25-07-2011 19:22

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:159C-A3F7-2570,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:03:05:56:00:00:00:00:00:10
Certificate

Issuer

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

14-02-2011 21:11

Not After

14-05-2012 21:11

Subject

CN=Microsoft Windows,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:07:02:dc:00:00:00:00:00:0b
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

15-09-2005 21:55

Not After

15-03-2016 22:05

Subject

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

14:de:47:92:b1:9f:b7:77:11:18:50:46:22:6c:ef:c3:ef:52:80:fd
Signer

Actual PE Digest

14:de:47:92:b1:9f:b7:77:11:18:50:46:22:6c:ef:c3:ef:52:80:fd

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

21-06-2011 05:42
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmUnlockPages
MmUserProbeAddress
MmLockPagableDataSection
RtlUnwind
RtlAnsiCharToUnicodeChar
PsGetCurrentProcessId
MmProbeAndLockPages
ExAcquireRundownProtectionCacheAwareEx
ExReleaseRundownProtectionCacheAwareEx
ExReInitializeRundownProtectionCacheAware
ExWaitForRundownProtectionReleaseCacheAware
RtlInitializeBitMap
RtlSetBits
ExFreeCacheAwareRundownProtection
ExAllocateCacheAwareRundownProtection
RtlSetBit
ExInitializeLookasideListEx
ExDeleteLookasideListEx
InterlockedExchange
SeSetAuditParameter
SeReportSecurityEventWithSubCategory
MmSizeOfMdl
MmUnmapLockedPages
ObLogSecurityDescriptor
SeCaptureSubjectContextEx
SeLockSubjectContext
IoGetFileObjectGenericMapping
KeBugCheckEx
KeTickCount
EtwWriteTransfer
SeAccessCheck
SeUnlockSubjectContext
SeReleaseSubjectContext
RtlCreateSecurityDescriptor
SeExports
RtlLengthSid
RtlCreateAcl
RtlAddAccessAllowedAceEx
RtlSetDaclSecurityDescriptor
ExInterlockedFlushSList
KeInitializeSemaphore
ExAllocatePoolWithTagPriority
KeExpandKernelStackAndCalloutEx
VerSetConditionMask
RtlVerifyVersionInfo
KeInitializeTimerEx
ExGetCurrentProcessorCounts
KeSetTimerEx
KeQueryInterruptTime
KeCancelTimer
KeFlushQueuedDpcs
RtlExpandHashTable
RtlContractHashTable
RtlCreateHashTable
RtlDeleteHashTable
KeWaitForMultipleObjects
KeQueryGroupAffinity
KeInsertQueueDpc
KeGetProcessorNumberFromIndex
KeInitializeDpc
KeSetTargetProcessorDpcEx
KeSetImportanceDpc
RtlIpv4AddressToStringExW
IoFreeWorkItem
IoQueueWorkItem
MmBuildMdlForNonPagedPool
RtlInitializeGenericTableAvl
KeQuerySystemTime
RtlEnumerateEntryHashTable
RtlInitEnumerationHashTable
RtlEndEnumerationHashTable
RtlLookupElementGenericTableFullAvl
ObDereferenceSecurityDescriptor
RtlRemoveEntryHashTable
RtlInsertEntryHashTable
RtlGetNextEntryHashTable
RtlLookupEntryHashTable
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
ExNotifyCallback
KeIsExecutingDpc
PsGetProcessSessionId
InterlockedPushEntrySList
InterlockedPopEntrySList
IoAllocateMdl
IoBuildPartialMdl
IoFreeMdl
MmMapLockedPagesSpecifyCache
ZwQuerySystemInformation
ObReferenceSecurityDescriptor
KeReleaseSemaphore
RtlGetVersion
RtlInitWeakEnumerationHashTable
RtlWeaklyEnumerateEntryHashTable
RtlEndWeakEnumerationHashTable
KeQueryMaximumProcessorCountEx
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
KeGetCurrentProcessorNumberEx
KeTestSpinLock
KeAcquireInStackQueuedSpinLockAtDpcLevel
KeReleaseInStackQueuedSpinLockFromDpcLevel
PsGetProcessId
ExCreateCallback
EtwWrite
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
ObfReferenceObject
PsGetCurrentProcess
PsIsSystemThread
PsGetThreadProcess
KeGetCurrentThread
KeInitializeEvent
KeSetEvent
RtlIpv6AddressToStringExW
RtlTimeToTimeFields
RtlEnumerateGenericTableLikeADirectory
KeInitializeTimer
KeSetCoalescableTimer
KeLeaveCriticalRegion
KeEnterCriticalRegion
ExfTryToWakePushLock
ExfAcquirePushLockExclusive
RtlValidSid
ZwEnumerateKey
RtlQueryRegistryValues
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
KeDelayExecutionThread
RtlConvertSidToUnicodeString
RtlFreeUnicodeString
ExDeleteNPagedLookasideList
EtwUnregister
EtwRegister
IoGetCurrentProcess
KeInitializeMutex
IoCreateDevice
IoDeleteDevice
KeReadStateEvent
KeWaitForSingleObject
KeQueryActiveProcessorCountEx
KeReleaseMutex
ObfDereferenceObject
ZwOpenEvent
ObReferenceObjectByHandle
ZwClose
IofCallDriver
IofCompleteRequest
IoWMIRegistrationControl
RtlCompareMemory
RtlInitUnicodeString
MmGetSystemRoutineAddress
memset
memcpy
ExAllocatePoolWithTag
ExInitializeNPagedLookasideList
ZwQueryValueKey
RtlPrefixUnicodeString
RtlCopySid
RtlEqualUnicodeString
RtlUnicodeStringToInteger
ZwOpenKey
RtlCompareUnicodeString
RtlLengthRequiredSid
RtlInitializeSid
RtlAddAccessAllowedAce
ObSetSecurityObjectByPointer
PsSetCreateProcessNotifyRoutineEx
SeLocateProcessImageName
ZwCreateFile
RtlDowncaseUnicodeString
ZwOpenProcess
KeStackAttachProcess
ZwDuplicateToken
KeUnstackDetachProcess
IoDeleteSymbolicLink
IoCreateSymbolicLink
KeQueryTimeIncrement
PsReferenceImpersonationToken
KeBugCheck
PsReferencePrimaryToken
PsDereferenceImpersonationToken
ObCloseHandle
RtlSubAuthorityCountSid
RtlSubAuthoritySid
SeQueryInformationToken
ObOpenObjectByPointer
ZwQueryInformationToken
ExGetPreviousMode
ExUuidCreate
RtlEqualSid
ExAllocatePoolWithQuotaTag
RtlIpv4StringToAddressW
IoAllocateWorkItem
RtlFindSetBits
RtlAreBitsClear
RtlFindClearBits
RtlClearBits
ExDeleteResourceLite
ExReleaseResourceLite
ExAcquireResourceExclusiveLite
ExAcquireResourceSharedLite
RtlClearBit
RtlClearAllBits
SeOpenObjectAuditAlarmForNonObObject
ExInitializeResourceLite
RtlTestBit
RtlIpv6StringToAddressW
RtlIntegerToUnicodeString
IoWMIWriteEvent
PsDereferencePrimaryToken
ExFreePoolWithTag

netio.sys

NetioFreeNetBufferListNetBufferMdlAndDataPool
NetioFreeMdl
RtlIndicateTimerWheelEntryTimerStart
RtlResumeTimerWheel
RtlIsTimerWheelSuspended
NetioAllocateNetBufferListNetBufferMdlAndDataPool
NetioAllocateNetBufferMdlAndDataPool
FsbFree
NetioFreeNetBufferList
NetioExtendNetBuffer
NetioFreeNetBuffer
NetioDereferenceNetBufferList
NetioAllocateAndReferenceNetBufferListNetBufferMdlAndData
NetioAllocateNetBufferMdlAndData
NetioDereferenceNetBufferListChain
FsbAllocateAtDpcLevel
NetioShutdownWorkQueue
RtlInitializeTimerWheelEntry
RtlComputeToeplitzHash
RtlSuspendTimerWheel
RtlGetNextExpirationTimerWheelTick
RtlCleanupTimerWheelEntry
RtlReturnTimerWheelEntry
RtlGetNextExpiredTimerWheelEntry
RtlUpdateCurrentTimerWheelTick
RtlDeleteElementGenericTableBasicAvl
NetioInitializeWorkQueue
RtlInsertElementGenericTableBasicAvl
FsbAllocate
NetioAdvanceToLocationInNetBuffer
RtlCopyMdlToMdlIndirect
NetioRegSyncDefaultChangeHandler
NetioRegSyncInterface
RtlCleanupTimerWheel
RtlInitializeTimerWheel
RtlEndTimerWheelEnumeration
RtlEnumerateNextTimerWheelEntry
RtlInitializeTimerWheelEnumeration
NetioFreeOpaquePerProcessorContext
NetioAllocateOpaquePerProcessorContext
NetioSqmWriteEvent
NsiSetAllParameters
TlDefaultRequestQueryDispatchEndpoint
TlDefaultRequestMessage
TlDefaultRequestQueryDispatch
RtlCopyMdlToBuffer
NetioFreeNetBufferAndNetBufferList
NetioAllocateAndReferenceNetBufferAndNetBufferList
RtlCopyBufferToMdl
NmrWaitForClientDeregisterComplete
NmrDeregisterClient
NmrClientDetachProviderComplete
NmrClientAttachProvider
NmrRegisterClient
NmrProviderDetachClientComplete
NmrWaitForProviderDeregisterComplete
NmrDeregisterProvider
NmrRegisterProvider
NetioRetreatNetBufferList
NetioAllocateAndReferenceCopyNetBufferListEx
NetioCompleteCopyNetBufferListChain
NetioFreeCopyNetBufferList
NetioInitializeNetBufferListContext
TlDefaultRequestCancel
TlDefaultRequestConnect
TlDefaultRequestListen
NetioReferenceNetBufferList
TlDefaultRequestIoControl
NetioFreeNetBufferMdlAndDataPool
RtlCleanupToeplitzHash
RtlInitializeToeplitzHash
NsiAllocateAndGetTable
NsiFreeTable
WfpStartStreamShim
WfpStartMacShim
NetioAllocateMdl
NetioInsertWorkQueue
WfpStreamInspectRemoteDisconnect
WfpStreamInspectReceive
WfpStreamInspectDisconnect
WfpStreamInspectSend
WfpStreamEndpointCleanupBegin
WfpStopStreamShim
FsbCreatePool
FsbDestroyPool
NetioStackBlockProcessorAddHandler
NetioFreeStackBlock
NetioInitializeNetBufferListAndFirstNetBufferContext
NsiReferenceDefaultObjectSecurity
NsiDeregisterChangeNotification
NsiRegisterChangeNotification
NetioCompleteNetBufferListChain
NetioAllocateAndReferenceFragmentNetBufferList
SetWfpDeviceObject
IoctlKfdBatchUpdate
IoctlKfdDeleteIndex
IoctlKfdAddIndex
IoctlKfdAddCache
IoctlKfdResetState
IoctlKfdQueryLayerStatistics
IoctlKfdAbortTransaction
IoctlKfdCommitTransaction
IoctlKfdDeleteCache
NetioGetStatsForQoSFlow
NetioDeleteQoSFlow
NetioCreateQoSFlow
NetioAssociateQoSFlowWithNbl
KfdIsActiveCallout
KfdAleUpdateEndpointContextStatus
WfpNblInfoAlloc
WfpPacketTagCountIncrement
WfpNblInfoDestroyIfUnused
HfCreateFactory
HfDestroyFactory
NetioAllocateNetBuffer
NetioAllocateAndReferenceNetBufferList
PtGetNumNodes
PtCreateTable
PtDestroyTable
NsiSetParameter
PtDeleteEntry
PtInsertEntry
PtGetExactMatch
PtEnumOverTable
PtGetLongestMatch
PtGetNextShorterMatch
RtlCompute37Hash
PtGetKey
PtSetData
PtGetData
NetioCompleteNetBufferAndNetBufferListChain
NetioQueryNetBufferListTrafficClass
RtlCopyMdlToMdl
NetioAllocateAndReferenceVacantNetBufferList
NetioAllocateAndReferenceCloneNetBufferListEx
NetioExpandNetBuffer
NetioUpdateNetBufferListContext
NetioAllocateAndReferenceCloneNetBufferList
NetioFreeCloneNetBufferList
NsiResetPersistentSetting
NsiSetObjectSecurity
NsiGetParameter
KfdCheckAcceptBypass
KfdCheckAndCacheAcceptBypass
KfdCheckConnectBypass
KfdCheckAndCacheConnectBypass
KfdGetLayerActionFromEnumTemplate
WfpScavangeLeastRecentlyUsedList
KfdAleRemoveFlowContextTable
WfpSetBucketsToEmptyLru
WfpExpireEntryLru
WfpInsertEntryLru
WfpDeleteEntryLru
KfdAleInitializeFlowTable
FeReleaseCalloutContextList
MatchCondition
KfdEnumLayer
KfdDerefFilterContext
KfdGetNextFilter
KfdFreeEnumHandle
KfdToggleFilterActivation
WfpStreamIsFilterPresent
NsiGetAllParameters
WfpInitializeLeastRecentlyUsedList
KfdAleNotifyFlowDeletion
FwppStreamDeleteDpcQueue
WfpUninitializeLeastRecentlyUsedList
KfdAleUninitializeFlowHandles
KfdAleInitializeFlowHandles
KfdGetOffloadEpoch
KfdIsLsoOffloadPossibleV6
KfdIsLsoOffloadPossibleV4
KfdIsV6InTransportFastEmpty
KfdIsV4InTransportFastEmpty
KfdIsV6OutTransportFastEmpty
KfdIsV4OutTransportFastEmpty
WfpRefreshEntryLru
NetioAdvanceNetBufferList
KfdCheckClassifyNeededAndUpdateEpoch
KfdAleAcquireFlowHandleForFlow
KfdClassify
KfdAleReleaseFlowHandleForFlow
KfdGetLayerCacheEpoch
KfdIsLayerEmpty
KfdDeregisterLayerChangeCallback
FwppStreamInject
FwppStreamContinue
FwppCopyStreamDataToBuffer
FwppAdvanceStreamDataPastOffset
FwppTruncateStreamDataAfterOffset
WfpNblInfoDispatchTableSet
KfdRegisterLayerChangeCallback
WfpNblInfoDispatchTableClear
WfpNblInfoGet
NetioUnRegisterProcessorAddCallback
NetioUnInitializeNetBufferListLibrary
NetioInitializeNetBufferListLibrary
NetioRegisterProcessorAddCallback
NetioSqmInitialize
RtlInvokeStartRoutines
RtlInvokeStopRoutines
NetioSqmTerminate
NsiGetParameterEx
NetioAllocateAndInitializeStackBlock

ndis.sys

NdisInvalidateOffload
NdisUpdateOffload
NdisTerminateOffload
NdisInitiateOffload
NdisQueryOffloadState
NdisDirectOidRequest
NdisInitializeReadWriteLock
NdisGetSessionToCompartmentMappingEpochAndZero
NdisReleaseReadWriteLock
NdisAcquireReadWriteLock
NdisOffloadTcpSend
NdisOffloadTcpForward
NdisOffloadTcpDisconnect
NdisOffloadTcpReceive
NdisOffloadTcpReceiveReturn
NdisGetRssProcessorInformation
NdisCompleteNetPnPEvent
NdisCloseAdapterEx
NdisOpenAdapterEx
NdisOidRequest
NdisDeregisterProtocolDriver
NdisCancelDirectOidRequest
NdisCancelSendNetBufferLists
NdisSendNetBufferLists
NdisRegisterProtocolDriver
NdisReturnNetBufferLists
NdisSetOptionalHandlers
NdisGetDataBuffer
NetDmaRegisterClient
NetDmaDeregisterClient
NetDmaAllocateChannel
NetDmaFreeChannel
NdisGetProcessorInformation
NdisFreeNetBufferList
NetDmaNullTransfer
NetDmaIsDmaCopyComplete
NdisGetSessionCompartmentId
NdisAdjustNetBufferCurrentMdl
NdisGetThreadObjectCompartmentId
NdisAdvanceNetBufferDataStart
NdisRetreatNetBufferDataStart

fltmgr.sys

FltGetFileNameInformationUnsafe
FltReleaseFileNameInformation

fwpkclnt.sys

FwpsCalloutUnregisterByKey0
FwpmBfeStateSubscribeChangesWithoutDevice0
FwpmBfeStateUnsubscribeChanges0
FwpsClassifyOptionSet0
FwpmEngineClose0
FwpmEngineOpen0
FwpmSecureSocketDeleteByKeyAsync0
FwpmSecureSocketAddAsync0
FwpmEventProviderIsNetEventTypeEnabled0
FwpsRequestEndpointDeleteNotification0
FwpsForceReclassifyLayer0
FwpsCancelEndpointDeleteNotification0
FwppDispatchDevCtl0
IPsecDriverExpire
IPsecDriverInitiateAcquire
IPsecDriverProcessClearTextResponse
FwpsReassembleForwardFragmentGroup0
FwpsFreeNetBufferList0
FwpmEventProviderFireNetEvent0
FwpsQueryPacketInjectionState0
FwpsInjectionHandleDestroy0
FwpsInjectionHandleCreate0
FwpsAllocateCloneNetBufferList0
FwpsConstructIpHeaderForTransportPacket0
FwpsInjectTransportSendAsync1
FwpsFreeCloneNetBufferList0
FwpmEventProviderCreate0
FwpsTcpIpDispatchTableSet0
FwpsTcpIpDispatchTableClear0
FwpmEventProviderDestroy0
FwppNetBufferListEventNotify
FwpsCalloutRegisterWithoutDevice0

hal

KeGetCurrentIrql
KfLowerIrql
KeAcquireInStackQueuedSpinLock
KeReleaseInStackQueuedSpinLock
KeQueryPerformanceCounter
KfReleaseSpinLock
KfAcquireSpinLock
KfRaiseIrql
ExReleaseFastMutex
ExAcquireFastMutex
KeRaiseIrqlToDpcLevel

ksecdd.sys

FreeContextBuffer
InitializeSecurityContextW
AcceptSecurityContext
QuerySecurityContextToken
DeleteSecurityContext
FreeCredentialsHandle
AcquireCredentialsHandleW
BCryptHashData
BCryptGetProperty
BCryptSetProperty
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptDestroyHash
BCryptDecrypt
BCryptEncrypt
BCryptGenerateSymmetricKey
BCryptDestroyKey
BCryptFinishHash
BCryptGenRandom

msrpc.sys

NdrMesTypeDecode2
MesHandleFree
I_RpcExceptionFilter
MesDecodeBufferHandleCreate

Sections

.text
Size: 884KB - Virtual size: 883KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEIPSE
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEIDP
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGECONS
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59381a2931dd9ae52db625f90164457e

Code Sign

61:03:dc:f6:00:00:00:00:00:0cCertificate

Extended Key Usages

Key Usages

61:03:05:56:00:00:00:00:00:10Certificate

Extended Key Usages

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

61:07:02:dc:00:00:00:00:00:0bCertificate

Extended Key Usages

Key Usages

14:de:47:92:b1:9f:b7:77:11:18:50:46:22:6c:ef:c3:ef:52:80:fdSigner

Signature Validations

Verification

21-06-2011 05:42 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

netio.sys

ndis.sys

fltmgr.sys

fwpkclnt.sys

hal

ksecdd.sys

msrpc.sys

Sections

.text Size: 884KB - Virtual size: 883KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 31KB - Virtual size: 78KB

PAGE Size: 9KB - Virtual size: 8KB

PAGEIPSE Size: 82KB - Virtual size: 81KB

PAGEIDP Size: 10KB - Virtual size: 9KB

PAGECONS Size: 512B - Virtual size: 120B

INIT Size: 18KB - Virtual size: 18KB

.rsrc Size: 127KB - Virtual size: 126KB

.reloc Size: 41KB - Virtual size: 41KB

61:03:dc:f6:00:00:00:00:00:0c
Certificate

61:03:05:56:00:00:00:00:00:10
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

61:07:02:dc:00:00:00:00:00:0b
Certificate

14:de:47:92:b1:9f:b7:77:11:18:50:46:22:6c:ef:c3:ef:52:80:fd
Signer

21-06-2011 05:42
Valid: false

.text
Size: 884KB - Virtual size: 883KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 31KB - Virtual size: 78KB

PAGE
Size: 9KB - Virtual size: 8KB

PAGEIPSE
Size: 82KB - Virtual size: 81KB

PAGEIDP
Size: 10KB - Virtual size: 9KB

PAGECONS
Size: 512B - Virtual size: 120B

INIT
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 127KB - Virtual size: 126KB

.reloc
Size: 41KB - Virtual size: 41KB