drivers[.]tar[.]gz

Sharing

Copy URL

Twitter E-mail

General

Target

drivers.tar.gz
Size

753KB
MD5

ba92c5b9525971bc0a85977f26295b79
SHA1

e76e666654f8e1fd0421e071d6738d39c53d091b
SHA256

0782985a718d77165d3f6164ca4de366a3f7404f9fa0416b0c6e5e3270c45a8f
SHA512

8c1ef624a5b8fde8c6569eb3d807a06bfceebc1f512a4fc2c3858de6d3acec5e7637d9556b74207b374ea09ee804ded9923e1122b9e68c36e4ca9d640593d17a
SSDEEP

12288:fn7QEFCm1CaBkPE8pMI3cP/eB/CZ8ys1BfMKhIdPWUjzGN+Yl4rIPMfLP:fYaBb2M6MeNCZ8XHfiWUU+nUs

Score

N/A

Malware Config

Signatures

Files

drivers.tar.gz
.gz
sample
.tar
EyeGazeIoctl.sys
.exe windows x64

0d35a29a22bd982466a63901ff3f2400

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:23

Not After

01-09-2022 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

49:75:c6:84:f3:05:a9:bb:51:48:7e:f7:a9:10:80:f4:d5:96:99:aa:b3:00:2c:04:71:34:42:32:b7:bb:9a:f8
Signer

Actual PE Digest

49:75:c6:84:f3:05:a9:bb:51:48:7e:f7:a9:10:80:f4:d5:96:99:aa:b3:00:2c:04:71:34:42:32:b7:bb:9a:f8

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15-12-2022 14:00
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

KeInitializeTriageDumpDataArray
SeTokenIsAdmin
KeDeregisterBugCheckReasonCallback
ExAllocatePoolWithTag
ExFreePoolWithTag
KeAddTriageDumpDataBlock
sprintf_s
RtlCompareMemory
RtlAssert
_vsnprintf
strncpy_s
ZwClose
_vsnwprintf
KeDelayExecutionThread
RtlCopyUnicodeString
DbgPrintEx
RtlInitUnicodeString
IoWMIRegistrationControl
MmGetSystemRoutineAddress
KeRegisterBugCheckReasonCallback
RtlCaptureContext
NtBuildNumber
ZwWriteFile
KeCapturePersistentThreadState
ZwQueryValueKey
ZwOpenKey
KeGetCurrentIrql
IoFreeIrp
MmBuildMdlForNonPagedPool
ObfDereferenceObject
IoAllocateMdl
KeInitializeSpinLock
IoBuildDeviceIoControlRequest
IoGetLowerDeviceObject
KeSetEvent
ExAllocatePool2
IoFreeMdl
IoAllocateIrp
IoReuseIrp
IofCallDriver
KeInitializeEvent
KeWaitForSingleObject
KeAcquireSpinLockRaiseToDpc
IoCancelIrp
KeReleaseSpinLock
strcmp

wpprecorder.sys

WppAutoLogStop
WppAutoLogStart
imp_WppRecorderReplay
WppAutoLogTrace
imp_WppRecorderLogCreate
imp_WppRecorderLogDelete
imp_WppRecorderIsDefaultLogAvailable
imp_WppRecorderLogGetDefault

wdfldr.sys

WdfLdrQueryInterface
WdfVersionBind
WdfVersionUnbindClass
WdfVersionBindClass
WdfVersionUnbind

ext-ms-win-ntos-werkernel-l1-1-1

WerLiveKernelCancelReport
WerLiveKernelOpenDumpFile
WerLiveKernelCloseHandle
WerLiveKernelCreateReport
WerLiveKernelSubmitReport

Sections

.text
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGED
Size: 4KB - Virtual size: 736B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

fothk
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 357B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

GFIDS
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UMDF/FusionV2.dll
.dll windows x64

8936efcb228917222ba11e1ade607d52

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-crt-string-l1-1-0

memset
wcsnlen

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___stdio_common_vswscanf
_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__seh_filter_dll
_o_acosf
_o_atan2f
_o_free
_o_malloc
_o_sqrtf
__C_specific_handler
_o___std_type_info_destroy_list

ntdll

RtlVirtualUnwind
RtlCaptureContext
DbgPrintEx
RtlLookupFunctionEntry

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
SetEvent
ResetEvent
CreateEventW
WaitForMultipleObjectsEx

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
TraceMessage
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
UnregisterTraceGuids

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-devices-config-l1-1-1

CM_Unregister_Notification
CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_PropertyW
CM_Register_Notification
CM_Get_Device_Interface_ListW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

propsys

InitPropVariantFromFileTime
InitPropVariantFromCLSID

api-ms-win-mm-time-l1-1-0

timeEndPeriod
timeBeginPeriod

sensorsutilsv2

CollectionsListDeserializeFromBuffer
PropKeyFindKeyGetFileTime
SerializationBufferAllocate
CollectionsListAllocateBufferAndSerialize
PropKeyFindKeyGetUlong
PropKeyFindKeySetPropVariant
PropKeyFindKeyGetFloat
GetPerformanceTime
InitPropVariantFromFloat
PropertiesListCopy
CollectionsListGetMarshalledSize
CollectionsListCopyAndMarshall
SerializationBufferFree

Exports

Exports

FxDriverEntryUm

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UMDF/RDCameraDriver.dll
.dll windows x64

5e04ff5054808fad5c1beabde5d30d63

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
DbgPrintEx

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

Exports

Exports

FxDriverEntryUm

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UMDF/RemotePosDrv.dll
.dll windows x64

d2395984401132182fee1c01038a1d55

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

memcpy
_callnewh
??0exception@@QEAA@AEBQEBD@Z
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??3@YAXPEAX@Z
malloc
wcscat_s
_wcsnicmp
wcsncmp
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
__CxxFrameHandler3
_purecall
memcpy_s
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
__C_specific_handler
_initterm
_vsnwprintf
free
_amsg_exit
??_V@YAXPEAX@Z
_XcptFilter
__CxxFrameHandler4
??0exception@@QEAA@AEBQEBDH@Z
memmove
memset

ntdll

RtlCaptureContext
RtlCompareUnicodeString
RtlLookupFunctionEntry
DbgPrintEx
RtlVirtualUnwind

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameA
FreeLibrary
LoadLibraryExW
GetProcAddress

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
WaitForSingleObject
ReleaseSemaphore
CreateMutexExW
ReleaseMutex
CreateSemaphoreExW
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
CreateProcessW
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

SysAllocStringLen
SysAllocString
SysFreeString
SysStringLen
SysStringByteLen

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-com-l1-1-0

CoUninitialize
CoInitializeEx
CoCreateInstance
CoTaskMemFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-devices-query-l1-1-0

DevGetObjectProperties
DevFreeObjectProperties

Exports

Exports

FxDriverEntryUm

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UMDF/SensorsHid.dll
.dll windows x64

7093373b8e10b339400e1f62e88042e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsicmp
_o_free
_o_malloc
_o_pow
_o_wcscat_s
_o_wcscpy_s
__C_specific_handler
_CxxThrowException
_o__cexit
_o__callnewh
_o__configure_narrow_argv
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
__std_terminate
_o___std_exception_copy
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

ntdll

DbgPrintEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-mm-time-l1-1-0

timeEndPeriod
timeBeginPeriod

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleHandleExW
GetModuleFileNameA
GetProcAddress
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

ResetEvent
CreateEventW
ReleaseSRWLockShared
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
DeleteCriticalSection
ReleaseSRWLockExclusive
CreateSemaphoreExW
AcquireSRWLockShared
ReleaseMutex
InitializeCriticalSection
WaitForSingleObject
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore
SetEvent

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

CreateThread
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
GetTraceEnableFlags
RegisterTraceGuidsW
TraceMessage

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventWriteTransfer

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
PropVariantClear
CLSIDFromString

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

rpcrt4

UuidCreate

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

hid

HidP_GetUsageValueArray
HidP_GetUsageValue
HidP_GetSpecificButtonCaps
HidP_InitializeReportForID
HidP_GetLinkCollectionNodes
HidP_GetCaps
HidP_GetSpecificValueCaps
HidP_SetUsageValueArray
HidP_GetUsages
HidP_UnsetUsages
HidP_SetUsages
HidP_SetUsageValue

propsys

InitPropVariantFromBuffer
InitPropVariantFromCLSID
InitPropVariantFromFileTime
InitPropVariantFromUInt32Vector
PropVariantToFileTime

sensorsutilsv2

PropertiesListGetFillableCount
PropKeyFindKeyGetFloat
CollectionsListCopyAndMarshall
CollectionsListSortSubscribedActivitiesByConfidence
CollectionsListGetMarshalledSizeWithoutSerialization
InitPropVariantFromCLSIDArray
InitPropVariantFromFloat
IsKeyPresentInCollectionList
CollectionsListGetMarshalledSize
GetPerformanceTime
SensorsQueryDeviceCompatFlags

api-ms-win-devices-query-l1-1-0

DevFreeObjectProperties
DevGetObjectProperties

Exports

Exports

FxDriverEntryUm

Sections

.text
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UMDF/UsbccidDriver.dll
.dll windows x64

d4be3f61f2eaf529af56f886da7103a5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_callnewh
_amsg_exit
__C_specific_handler
_initterm
strncmp
free
_XcptFilter
memcpy
malloc
memset

ntdll

RtlCaptureContext
RtlInitUnicodeString
DbgPrintEx
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
UnregisterTraceGuids
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
TraceMessage

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

devobj

DevObjCreateDeviceInfoList
DevObjGetClassDevs
DevObjDestroyDeviceInfoList
DevObjEnumDeviceInterfaces
DevObjGetDeviceInterfaceDetail

Exports

Exports

FxDriverEntryUm

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UMDF/hidscanner.dll
.dll windows x64

681b6c9b9d468c5c79cb811837a4b714

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

memcmp
wcscpy_s
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
memcpy
memset

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlInitUnicodeString
RtlCompareMemory
DbgPrintEx

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
TraceMessage
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventRegister

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExA
GetProcAddress
LoadStringW
GetModuleHandleExW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64
GetTickCount

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

hid

HidP_SetUsages
HidP_SetUsageValue
HidP_UnsetUsages
HidP_GetUsages
HidP_MaxUsageListLength
HidP_GetUsageValueArray
HidP_GetUsageValue
HidP_GetValueCaps
HidP_GetButtonCaps
HidP_GetCaps

Exports

Exports

FxDriverEntryUm

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UMDF/idtsec.dll
.dll windows x64

1d5a34104f072571da54b8b348bf899b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_vsnwprintf
_XcptFilter
mbstowcs_s
__C_specific_handler
malloc
_initterm
free
memcpy
_amsg_exit
swscanf_s
memset

ntdll

RtlCaptureContext
DbgPrintEx
RtlInitUnicodeString
RtlCompareUnicodeString
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
GetModuleHandleW
GetModuleHandleExA
GetProcAddress

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

hid

HidP_SetUsageValueArray
HidP_GetUsageValue
HidP_GetCaps
HidP_GetUsageValueArray

Exports

Exports

FxDriverEntryUm

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UMDF/mgtdyn.dll
.dll windows x64

f139be571efab7231fe21aeb45dc4481

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_vsnwprintf
_XcptFilter
__C_specific_handler
malloc
_initterm
free
memcpy
_amsg_exit
swscanf_s
memset

ntdll

RtlCaptureContext
DbgPrintEx
RtlInitUnicodeString
RtlCompareUnicodeString
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
GetModuleHandleW
GetModuleHandleExA
GetProcAddress

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

hid

HidP_SetUsageValueArray
HidP_GetUsageValue
HidP_GetCaps
HidP_GetUsageValueArray

Exports

Exports

FxDriverEntryUm

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
en-US/HdAudbus.sys.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
en-US/HdAudio.sys.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
en-US/portcls.sys.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
etc/hosts
etc/lmhosts.sam
etc/networks
etc/protocol
etc/services
rt640x64.sys
.exe windows x64

73a42525afe03f7ca2787995cd9b26ba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExpInterlockedPushEntrySList
Mm64BitPhysicalAddress
KeSetEvent
MmMapLockedPagesSpecifyCache
KfRaiseIrql
KeLowerIrql
KeFlushIoBuffers
ExEventObjectType
ObReferenceObjectByHandle
KeGetProcessorIndexFromNumber
ExDeleteNPagedLookasideList
ExInitializeNPagedLookasideList
RtlInitUnicodeString
ExpInterlockedPopEntrySList
ExQueryDepthSList
KeInitializeSpinLock
RtlEqualUnicodeString
ObfDereferenceObject
IoWMIRegistrationControl
KeReleaseSpinLockFromDpcLevel
KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc
KeAcquireSpinLockAtDpcLevel
MmGetSystemRoutineAddress

hal

KeStallExecutionProcessor

ndis.sys

NdisCancelTimerObject
NdisWriteConfiguration
NdisMResetComplete
NdisMIndicateReceiveNetBufferLists
NdisMFreeNetBufferSGList
NdisMAllocateNetBufferSGList
NdisAcquireRWLockRead
NdisMIndicateStatusEx
NdisReleaseRWLock
NdisAcquireRWLockWrite
NdisMSetBusData
NdisGetProcessorInformationEx
NdisAllocateIoWorkItem
NdisMDeregisterScatterGatherDma
NdisMRegisterScatterGatherDma
NdisMFreeSharedMemory
NdisMAllocateSharedMemory
NdisMGetDmaAlignment
NdisMUnmapIoSpace
NdisMDeregisterIoPortRange
NdisFreeMdl
NdisAllocateMdl
NdisAllocateNetBufferAndNetBufferList
NdisFreeIoWorkItem
NdisMPauseComplete
NdisSetEvent
NdisWaitEvent
NdisWriteErrorLogEntry
NdisSetOptionalHandlers
NdisAllocateTimerObject
NdisSetTimerObject
NdisMRegisterInterruptEx
NdisMDeregisterInterruptEx
NdisMSynchronizeWithInterruptEx
NdisMQueueDpcEx
NdisMSetMiniportAttributes
NdisMRegisterIoPortRange
NdisMMapIoSpace
NdisMRemoveMiniport
NdisMRegisterMiniportDriver
NdisMDeregisterMiniportDriver
NdisFreeNetBufferListPool
NdisMOidRequestComplete
NdisMSendNetBufferListsComplete
NdisQueueIoWorkItem
NdisMGetBusData
NdisAllocateRWLock
NdisFreeRWLock
NdisReadConfiguration
NdisCloseConfiguration
NdisReadNetworkAddress
NdisFreeMemory
NdisInitializeEvent
NdisGetVersion
NdisOpenConfigurationEx
NdisAllocateMemoryWithTagPriority
NdisFreeTimerObject
NdisAllocateNetBufferListPool
NdisFreeNetBufferList

Sections

.text
Size: 659KB - Virtual size: 658KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v1q63x64.sys
.exe windows x64

f281fd3f1889429945ca18bd15723964

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ZwClose
ZwOpenFile
IofCompleteRequest
RtlAppendUnicodeStringToString
RtlCopyUnicodeString
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
KfRaiseIrql
KeLowerIrql
KeReleaseSpinLockFromDpcLevel
KeAcquireSpinLockAtDpcLevel
KeInitializeSpinLock
RtlInitUnicodeString
EtwWrite
ExFreePoolWithTag
ExAllocatePoolWithTag
KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc
KeSetImportanceDpc
KeInitializeDpc
RtlRandomEx
MmMapLockedPagesSpecifyCache

hal

KeStallExecutionProcessor

ndis.sys

NdisMMapIoSpace
NdisMCancelTimer
NdisMInitializeTimer
NdisWaitEvent
NdisMUnmapIoSpace
NdisMDeregisterMiniportDriver
NdisMIndicateStatusEx
NdisMGetBusData
NdisMAllocateSharedMemory
NdisMFreeSharedMemory
NdisResetEvent
NdisSetEvent
NdisInitializeEvent
NdisMDeregisterInterruptEx
NdisMRegisterInterruptEx
NdisMDeregisterScatterGatherDma
NdisMRegisterScatterGatherDma
NdisFreeMdl
NdisAllocateMdl
NdisAllocateNetBufferAndNetBufferList
NdisFreeNetBufferList
NdisFreeNetBufferListPool
NdisAllocateNetBufferListPool
NdisAllocateMemoryWithTagPriority
NdisDeregisterDeviceEx
NdisRegisterDeviceEx
NdisAllocateMemoryWithTag
NdisReleaseReadWriteLock
NdisReadConfiguration
NdisCloseConfiguration
NdisReadNetworkAddress
NdisOpenConfigurationEx
NdisFreeMemory
NdisSetOptionalHandlers
NdisMSetMiniportAttributes
NdisMResetComplete
NdisGetRoutineAddress
NdisGetVersion
NdisMSetPeriodicTimer
NdisMSleep
NdisMRegisterMiniportDriver
NdisMSynchronizeWithInterruptEx
NdisMIndicateReceiveNetBufferLists
NdisMAllocateNetBufferSGList
NdisMFreeNetBufferSGList
NdisMSendNetBufferListsComplete
NdisSetTimer
NdisMQueryAdapterInstanceName
NdisInitializeReadWriteLock
NdisAcquireReadWriteLock

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 422B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d35a29a22bd982466a63901ff3f2400

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

49:75:c6:84:f3:05:a9:bb:51:48:7e:f7:a9:10:80:f4:d5:96:99:aa:b3:00:2c:04:71:34:42:32:b7:bb:9a:f8Signer

Signature Validations

Verification

15-12-2022 14:00 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

wpprecorder.sys

wdfldr.sys

ext-ms-win-ntos-werkernel-l1-1-1

Sections

.text Size: 68KB - Virtual size: 66KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 3KB

.pdata Size: 8KB - Virtual size: 6KB

.idata Size: 4KB - Virtual size: 2KB

PAGED Size: 4KB - Virtual size: 736B

PAGE Size: 80KB - Virtual size: 79KB

fothk Size: 4KB - Virtual size: 4KB

INIT Size: 4KB - Virtual size: 357B

GFIDS Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

8936efcb228917222ba11e1ade607d52

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

ntdll

api-ms-win-core-synch-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-devices-config-l1-1-1

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-debug-l1-1-0

propsys

api-ms-win-mm-time-l1-1-0

sensorsutilsv2

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 2KB

.pdata Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 1024B

.reloc Size: 4KB - Virtual size: 84B

5e04ff5054808fad5c1beabde5d30d63

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

49:75:c6:84:f3:05:a9:bb:51:48:7e:f7:a9:10:80:f4:d5:96:99:aa:b3:00:2c:04:71:34:42:32:b7:bb:9a:f8
Signer

15-12-2022 14:00
Valid: false

.text
Size: 68KB - Virtual size: 66KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 3KB

.pdata
Size: 8KB - Virtual size: 6KB

.idata
Size: 4KB - Virtual size: 2KB

PAGED
Size: 4KB - Virtual size: 736B

PAGE
Size: 80KB - Virtual size: 79KB

fothk
Size: 4KB - Virtual size: 4KB

INIT
Size: 4KB - Virtual size: 357B

GFIDS
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 2KB

.pdata
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 1024B

.reloc
Size: 4KB - Virtual size: 84B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 1KB

.pdata
Size: 4KB - Virtual size: 456B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 60B

.text
Size: 88KB - Virtual size: 84KB

.rdata
Size: 36KB - Virtual size: 34KB

.data
Size: 4KB - Virtual size: 2KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 608B