HP[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

HP.zip
Size

34.3MB
MD5

af8a105e6333e136aaf4fbf55011f82b
SHA1

16ebcfec6443ea5a995fcf77782d3bc66544ab04
SHA256

d5fd5dda1e3a7748de8673a062ce994412887fa0e325e468f311de750d5997e4
SHA512

3b9be31bdd325b1f800702af86d513268e1166e5b08d46f30bf76ceb6a914796ecc4e475d2af74a71c7d3126ff53519d73080a7f68bb2591fe4880adbf560847
SSDEEP

786432:6XfvZvlsJkyTsi5Wa/0SY51FrRSFREAB3oe+b:6PvZvlsJkQ95ISqQ/EA+Bb

Score

N/A

Malware Config

Signatures

Files

HP.zip
.zip
HP software operation 1.zip
.zip
HP software operation 1/HP software operation 1.mp4
HP/Drive/CH341SER/CH341PT.DLL
.dll windows x86

f94cd55198e70e43ac10995641c12ba4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateFileA
GetModuleHandleA
GetCommProperties

user32

DefWindowProcA
CharUpperBuffA
ShowWindow
CreateWindowExA
RegisterClassA
DestroyWindow
UnregisterClassA

Exports

Exports

CH341PtGetVersion
CH341PtHandleIsCH341
CH341PtNameIsCH341
CH341PtSetDevNotify

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HP/Drive/CH341SER/CH341S64.SYS
.exe windows x64

c0e0366fb5cf7bcb45c9c635aee08727

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoBuildDeviceIoControlRequest
KeInitializeEvent
ExFreePoolWithTag
ExAllocatePool
KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc
IoReleaseCancelSpinLock
IoAcquireCancelSpinLock
KeClearEvent
KeInsertQueueDpc
KeRemoveQueueDpc
KeCancelTimer
ZwQueryValueKey
RtlInitUnicodeString
RtlQueryRegistryValues
PsTerminateSystemThread
KeSetPriorityThread
KeDelayExecutionThread
PoRequestPowerIrp
KeSetTimer
ZwClose
PsCreateSystemThread
IoDeleteDevice
IoGetConfigurationInformation
KeWaitForSingleObject
IoDeleteSymbolicLink
RtlDeleteRegistryValue
RtlFreeUnicodeString
IoSetDeviceInterfaceState
KeWaitForMultipleObjects
IoRegisterDeviceInterface
RtlWriteRegistryValue
IoCreateSymbolicLink
IoOpenDeviceRegistryKey
KeInitializeDpc
KeInitializeTimer
IoAttachDeviceToDeviceStack
IoCreateDevice
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
RtlAppendUnicodeToString
ExReleaseFastMutex
ExAcquireFastMutex
IoFreeWorkItem
PoSetPowerState
PoCallDriver
IoWMIRegistrationControl
IoAllocateWorkItem
KeBugCheckEx
KeSetEvent
IoQueueWorkItem
IofCallDriver
PoStartNextPowerIrp
IoDetachDevice
IofCompleteRequest

wmilib.sys

WmiSystemControl
WmiCompleteRequest

usbd.sys

USBD_CreateConfigurationRequestEx
USBD_ParseConfigurationDescriptorEx

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HP/Drive/CH341SER/CH341S98.SYS
.dll windows x86

5bd26fa42f206fa9e2851e44a902d4c4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ntoskrnl.exe

KeDelayExecutionThread
ZwClose
PsCreateSystemThread
IoRegisterDeviceInterface
KeInitializeEvent
IoDeleteDevice
IoAttachDeviceToDeviceStack
IoCreateDevice
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
RtlAppendUnicodeToString
KeSetEvent
IoDetachDevice
IofCompleteRequest
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
ExFreePool
PoRequestPowerIrp
PoCallDriver
PoStartNextPowerIrp
PoSetPowerState
IofCallDriver
RtlFreeUnicodeString
IoSetDeviceInterfaceState
ObfReferenceObject
RtlInitUnicodeString
IoBuildDeviceIoControlRequest
KeClearEvent
PsTerminateSystemThread
RtlCompareMemory
KeSetPriorityThread
KeGetCurrentThread
KeWaitForMultipleObjects
RtlQueryRegistryValues
ExAllocatePool
KeWaitForSingleObject
memmove

usbd.sys

_USBD_CreateConfigurationRequestEx@8
_USBD_ParseConfigurationDescriptorEx@28

Exports

Exports

CH341S98_StartRequest

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 96B - Virtual size: 85B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 864B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 736B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HP/Drive/CH341SER/CH341SER.INF
HP/Drive/CH341SER/CH341SER.SYS
.exe windows x86

009db8c0ddd9770e87245a5e25a0ac32

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ntoskrnl.exe

KeInitializeDpc
KeInitializeTimer
KeInitializeEvent
KeInitializeSpinLock
IoDeleteDevice
IoAttachDeviceToDeviceStack
IoCreateDevice
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
RtlAppendUnicodeToString
IoGetConfigurationInformation
KeSetEvent
KeRemoveQueueDpc
KeCancelTimer
RtlFreeUnicodeString
IoSetDeviceInterfaceState
InterlockedIncrement
KeDelayExecutionThread
KeWaitForSingleObject
IofCallDriver
IoBuildDeviceIoControlRequest
InterlockedDecrement
IoReleaseCancelSpinLock
IoCreateSymbolicLink
InterlockedExchange
KeInsertQueueDpc
PoStartNextPowerIrp
IoOpenDeviceRegistryKey
IoQueueWorkItem
IoAllocateWorkItem
PoSetPowerState
PoRequestPowerIrp
IofCompleteRequest
IoFreeWorkItem
IoWMIRegistrationControl
InterlockedExchangeAdd
InterlockedCompareExchange
KeClearEvent
PsTerminateSystemThread
KeSetPriorityThread
KeGetCurrentThread
KeQuerySystemTime
KeSetTimer
_allmul
KeWaitForMultipleObjects
ZwQueryValueKey
RtlQueryRegistryValues
RtlDeleteRegistryValue
IoDeleteSymbolicLink
RtlWriteRegistryValue
IoRegisterDeviceInterface
PsCreateSystemThread
IoDetachDevice
ExFreePool
ZwClose
PoCallDriver
RtlInitUnicodeString
ExAllocatePool
IoAcquireCancelSpinLock
memmove

hal

KfReleaseSpinLock
ExAcquireFastMutex
KfAcquireSpinLock
ExReleaseFastMutex
KfRaiseIrql
KfLowerIrql

wmilib.sys

WmiSystemControl
WmiCompleteRequest

usbd.sys

_USBD_CreateConfigurationRequestEx@8
_USBD_ParseConfigurationDescriptorEx@28

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 544B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 832B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 864B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HP/Drive/CH341SER/CH341SER.VXD
HP/Drive/CH341SER/DRVSETUP64/DRVSETUP64.exe
.exe windows x64

30988d9c08b8b14a0a75a83f53f4d010

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:0e:72:90:dd:bb:fa:3c:3d:ce:c1:57:25:73:2f:4a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26/08/2011, 00:00

Not After

25/08/2012, 23:59

Subject

CN=Jiangsu Qinheng Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Jiangsu Qinheng Co.\, Ltd.,L=Nanjing,ST=Jiangsu,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bd:8a:59:13:51:9a:b0:46:62:07:b2:70:2d:0a:d3:2a:31:dd:65:d8
Signer

Actual PE Digest

bd:8a:59:13:51:9a:b0:46:62:07:b2:70:2d:0a:d3:2a:31:dd:65:d8

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Jiangsu Qinheng Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Jiangsu Qinheng Co.\, Ltd.,L=Nanjing,ST=Jiangsu,C=CN

17/02/2012, 03:46
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__set_app_type
_fmode
_commode
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
strrchr
strstr
strchr
memcpy
_findfirst
_findnext
_stricmp
memset
sprintf

kernel32

GetStartupInfoA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
GetModuleHandleA
GetCurrentProcess
WinExec
GetFileAttributesA
GetUserDefaultLangID
CreateThread
LoadLibraryA
GetProcAddress
LocalFree
LocalAlloc
GetCurrentDirectoryA
QueryPerformanceCounter
CloseHandle
Sleep
lstrlenA
GetPrivateProfileSectionA
GetPrivateProfileStringA
GetWindowsDirectoryA
GetVersion
DeleteFileA
GetSystemDirectoryA
SetLastError
GetLastError
CopyFileA
GetCurrentProcessId

user32

GetWindowTextA
EnumChildWindows
FindWindowExA
SendDlgItemMessageA
MessageBoxA
EndDialog
CharUpperA
SetDlgItemTextA
SetWindowTextA
IsDlgButtonChecked
UpdateWindow
EnableWindow
GetDlgItem
LoadIconA
ShowWindow
DialogBoxParamA
DefWindowProcA
SendMessageA

comctl32

ord17

setupapi

CM_Locate_DevNodeA
SetupDefaultQueueCallbackA
SetupDiGetDeviceRegistryPropertyA
SetupDiSetDeviceRegistryPropertyA
SetupCloseInfFile
SetupDiGetActualSectionToInstallA
SetupOpenInfFileA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupTermDefaultQueueCallback
SetupCloseFileQueue
SetupCommitFileQueueA
SetupInstallFilesFromInfSectionA
SetupInitDefaultQueueCallbackEx
SetupOpenFileQueue
SetupDiDestroyDriverInfoList
SetupDiGetDriverInfoDetailA
SetupDiEnumDriverInfoA
SetupDiBuildDriverInfoList
SetupDiCallClassInstaller
SetupCopyOEMInfA
CM_Reenumerate_DevNode

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
HP/Drive/CH341SER/SETUP.EXE
.exe windows x86

be9bb5be96279547b706123ff53a230e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:0e:72:90:dd:bb:fa:3c:3d:ce:c1:57:25:73:2f:4a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26/08/2011, 00:00

Not After

25/08/2012, 23:59

Subject

CN=Jiangsu Qinheng Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Jiangsu Qinheng Co.\, Ltd.,L=Nanjing,ST=Jiangsu,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:c0:30:ba:8e:cd:57:25:88:90:2c:75:90:ed:d9:a0:bd:a3:95:9b
Signer

Actual PE Digest

7e:c0:30:ba:8e:cd:57:25:88:90:2c:75:90:ed:d9:a0:bd:a3:95:9b

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Jiangsu Qinheng Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Jiangsu Qinheng Co.\, Ltd.,L=Nanjing,ST=Jiangsu,C=CN

17/02/2012, 03:27
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesA
GetWindowsDirectoryA
WinExec
lstrlenA
GetCurrentDirectoryA
GetCurrentProcess
GetProcAddress
GetModuleHandleA
CreateThread
Sleep
GetLastError
LoadLibraryA
GetPrivateProfileSectionA
GetPrivateProfileStringA
DeleteFileA
CopyFileA
SetLastError
LocalAlloc
LocalFree
GetVersion
GetUserDefaultLangID
CompareStringW
CompareStringA
FlushFileBuffers
SetStdHandle
HeapReAlloc
VirtualAlloc
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
GetTimeZoneInformation
SetFilePointer
WriteFile
GetSystemDirectoryA
CloseHandle
HeapAlloc
RtlUnwind
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetFileType
GetStdHandle
SetHandleCount
SetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FindFirstFileA
FindNextFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetStartupInfoA
GetCommandLineA
ExitProcess
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
InterlockedDecrement
InterlockedIncrement
TerminateProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA

user32

UpdateWindow
CharUpperA
IsDlgButtonChecked
EnableWindow
FindWindowExA
EnumChildWindows
GetWindowTextA
SendDlgItemMessageA
SetDlgItemTextA
DefWindowProcA
GetDlgItem
ShowWindow
LoadIconA
SetWindowTextA
SendMessageA
EndDialog
MessageBoxA
DialogBoxParamA

comctl32

ord17

cfgmgr32

CM_Reenumerate_DevNode
CM_Locate_DevNodeA

setupapi

SetupDiBuildDriverInfoList
SetupDiEnumDriverInfoA
SetupDiGetDriverInfoDetailA
SetupDiSetDeviceRegistryPropertyA
SetupDefaultQueueCallbackA
SetupOpenInfFileA
SetupDiGetActualSectionToInstallA
SetupOpenFileQueue
SetupInitDefaultQueueCallbackEx
SetupInstallFilesFromInfSectionA
SetupCommitFileQueueA
SetupCloseFileQueue
SetupCloseInfFile
SetupTermDefaultQueueCallback
SetupCopyOEMInfA
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiCallClassInstaller
SetupDiDestroyDeviceInfoList
SetupDiDestroyDriverInfoList

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
HP/Drive/CH341SER/ch341SER.CAT
HP/Drive/INSTALL/DLL_LIB/CH341PT.BAS
HP/Drive/INSTALL/DLL_LIB/CH341PT.H
HP/Drive/INSTALL/DLL_LIB/CH341PT.LIB
HP/Drive/INSTALL/DLL_LIB/CH341PT.PAS
HP/Drive/INSTALL/README.TXT
HP/HP_EN_20200331.exe
.exe windows x86

072ca13e0e50d43f47db1547dc1b9be7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
SysStringLen
SysFreeString
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayRedim
SafeArrayCreate
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegUnLoadKeyW
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegLoadKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey

user32

MessageBoxA
CharNextW
LoadStringW
SetClassLongW
GetClassLongW
SetWindowLongW
GetWindowLongW
CreateWindowExW
WindowFromPoint
WaitMessage
ValidateRect
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCaret
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetKeyboardState
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetCaretPos
SetCapture
SetActiveWindow
SendMessageA
SendMessageW
SendDlgItemMessageW
ScrollWindowEx
ScrollWindow
ScreenToClient
ReplyMessage
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PtInRect
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
OffsetRect
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LoadStringW
LoadKeyboardLayoutW
LoadImageW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageA
IsDialogMessageW
IsClipboardFormatAvailable
IsChild
IsCharAlphaNumericW
IsCharAlphaW
InvertRect
InvalidateRect
IntersectRect
InsertMenuItemW
InsertMenuW
InflateRect
InSendMessage
HideCaret
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetScrollBarInfo
GetPropW
GetParent
GetWindow
GetMessageTime
GetMessagePos
GetMessageExtraInfo
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenuDefaultItem
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDoubleClickTime
GetDlgItem
GetDlgCtrlID
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameW
GetClassInfoExW
GetClassInfoW
GetCaretPos
GetCapture
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EnumChildWindows
EndPaint
EndMenu
EndDeferWindowPos
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DestroyCaret
DeleteMenu
DeferWindowPos
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CreateCaret
CreateAcceleratorTableW
CountClipboardFormats
CopyImage
CopyIcon
CloseClipboard
ClientToScreen
ChildWindowFromPoint
CheckMenuItem
CharUpperBuffW
CharUpperW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
BeginDeferWindowPos
AppendMenuW
AdjustWindowRectEx
ActivateKeyboardLayout
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow

kernel32

Sleep
VirtualFree
VirtualAlloc
lstrlenW
lstrcpynW
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsDBCSLeadByteEx
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetConsoleOutputCP
GetConsoleCP
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwind
RaiseException
ExitProcess
ExitThread
SwitchToThread
GetCurrentThreadId
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
WriteFile
SetFilePointer
SetEndOfFile
ReadFile
GetFileType
GetFileSize
CreateFileW
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
LocalFree
LocalAlloc
GetModuleHandleW
FreeLibrary
lstrcmpW
WritePrivateProfileStringW
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
WaitForMultipleObjects
WaitCommEvent
VirtualQueryEx
VirtualQuery
VirtualFree
VirtualAlloc
UnmapViewOfFile
TryEnterCriticalSection
TransmitCommChar
SystemTimeToFileTime
SwitchToThread
SuspendThread
Sleep
SizeofResource
SetupComm
SetThreadPriority
SetThreadLocale
SetLastError
SetFileTime
SetFilePointer
SetFileAttributesW
SetEvent
SetErrorMode
SetEndOfFile
SetCurrentDirectoryW
SetCommTimeouts
SetCommState
SetCommMask
ResumeThread
ResetEvent
RemoveDirectoryW
ReadFile
RaiseException
QueryDosDeviceW
PurgeComm
IsDebuggerPresent
MultiByteToWideChar
MulDiv
MapViewOfFile
LockResource
LocalFree
LocalFileTimeToFileTime
LoadResource
LoadLibraryW
LeaveCriticalSection
IsValidLocale
IsDBCSLeadByte
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalHandle
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetVolumeInformationW
GetVersionExW
GetVersion
GetTimeZoneInformation
GetTickCount
GetThreadPriority
GetThreadLocale
GetTempPathW
GetSystemInfo
GetStdHandle
GetShortPathNameW
GetProcAddress
GetPrivateProfileStringW
GetOverlappedResult
GetModuleHandleW
GetModuleFileNameW
GetLogicalDrives
GetLogicalDriveStringsW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileTime
GetFileSize
GetFileAttributesW
GetExitCodeThread
GetDriveTypeW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCommModemStatus
GetCPInfoExW
GetCPInfo
GetACP
FreeResource
InterlockedIncrement
InterlockedExchangeAdd
InterlockedExchange
InterlockedDecrement
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FlushFileBuffers
FindResourceW
FindNextFileW
FindNextChangeNotification
FindFirstFileW
FindCloseChangeNotification
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsW
EscapeCommFunction
EnumSystemLocalesW
EnumResourceNamesW
EnumCalendarInfoW
EnterCriticalSection
DeleteFileW
DeleteCriticalSection
CreateThread
CreateFileMappingW
CreateFileW
CreateEventW
CreateDirectoryW
CompareStringA
CompareStringW
CloseHandle
ClearCommError
CancelIo
Sleep
MulDiv
FindFirstChangeNotificationA

msimg32

GradientFill
AlphaBlend

gdi32

UnrealizeObject
StretchDIBits
StretchBlt
StartPage
StartDocW
SetWindowOrgEx
SetWindowExtEx
SetWinMetaFileBits
SetViewportOrgEx
SetViewportExtEx
SetTextColor
SetTextAlign
SetStretchBltMode
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RoundRect
RestoreDC
ResizePalette
Rectangle
RectVisible
RealizePalette
PtVisible
Polyline
Polygon
PolyPolyline
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PatBlt
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetViewportOrgEx
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
GetTextAlign
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetOutlineTextMetricsW
GetObjectW
GetNearestPaletteIndex
GetNearestColor
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetCurrentPositionEx
GetClipBox
GetCharWidthW
GetBrushOrgEx
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExtFloodFill
ExtCreatePen
ExcludeClipRect
EnumFontsW
EnumFontFamiliesExW
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePolygonRgn
CreatePenIndirect
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateEnhMetaFileW
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CombineRgn
CloseEnhMetaFile
Chord
BitBlt
ArcTo
Arc
AngleArc
AbortDoc

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ole32

ReleaseStgMedium
RevokeDragDrop
OleUninitialize
OleInitialize
StgIsStorageFile
StgOpenStorage
StgCreateDocfile
CoTaskMemFree
CoTaskMemAlloc
CoCreateGuid
CLSIDFromProgID
StringFromCLSID
CoCreateInstance
CoGetMalloc
CoUninitialize
CoInitialize
IsEqualGUID
CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemFree
DoDragDrop
RegisterDragDrop

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Copy
ImageList_LoadImageW
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_SetOverlayImage
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

msvcrt

memset
memcpy

shell32

SHGetFileInfoW
ShellExecuteW
Shell_NotifyIconW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc
SHGetDesktopFolder
SHGetInstanceExplorer

comdlg32

CommDlgExtendedError
PrintDlgW
ChooseFontW
ChooseColorW
GetSaveFileNameW
GetOpenFileNameW

winspool.drv

OpenPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter
GetDefaultPrinterW

winmm

timeGetTime
timeGetDevCaps
timeEndPeriod
timeBeginPeriod

Sections

.text
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 7.7MB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 76B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 332KB - Virtual size: 331KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
HP/db.mdb

Sharing

General

Malware Config

Signatures

Files

f94cd55198e70e43ac10995641c12ba4

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 96B

.rsrc Size: 1024B - Virtual size: 824B

.reloc Size: 512B - Virtual size: 112B

c0e0366fb5cf7bcb45c9c635aee08727

Headers

File Characteristics

Imports

ntoskrnl.exe

wmilib.sys

usbd.sys

Sections

.text Size: 43KB - Virtual size: 43KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 1KB

.pdata Size: 2KB - Virtual size: 2KB

INIT Size: 3KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 888B

.reloc Size: 512B - Virtual size: 60B

5bd26fa42f206fa9e2851e44a902d4c4

Headers

File Characteristics

Imports

ntoskrnl.exe

usbd.sys

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 14KB

.data Size: 256B - Virtual size: 240B

.edata Size: 96B - Virtual size: 85B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 864B - Virtual size: 864B

.reloc Size: 736B - Virtual size: 728B

009db8c0ddd9770e87245a5e25a0ac32

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

wmilib.sys

usbd.sys

Sections

.text Size: 30KB - Virtual size: 30KB

.rdata Size: 544B - Virtual size: 536B

.data Size: 832B - Virtual size: 824B

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 864B - Virtual size: 848B

.reloc Size: 1KB - Virtual size: 1KB

30988d9c08b8b14a0a75a83f53f4d010

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

23:0e:72:90:dd:bb:fa:3c:3d:ce:c1:57:25:73:2f:4aCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

bd:8a:59:13:51:9a:b0:46:62:07:b2:70:2d:0a:d3:2a:31:dd:65:d8Signer

Signature Validations

Verification

.text
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 96B

.rsrc
Size: 1024B - Virtual size: 824B

.reloc
Size: 512B - Virtual size: 112B

.text
Size: 43KB - Virtual size: 43KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 1KB

.pdata
Size: 2KB - Virtual size: 2KB

INIT
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 888B

.reloc
Size: 512B - Virtual size: 60B

.text
Size: 14KB - Virtual size: 14KB

.data
Size: 256B - Virtual size: 240B

.edata
Size: 96B - Virtual size: 85B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 864B - Virtual size: 864B

.reloc
Size: 736B - Virtual size: 728B

.text
Size: 30KB - Virtual size: 30KB

.rdata
Size: 544B - Virtual size: 536B

.data
Size: 832B - Virtual size: 824B

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 864B - Virtual size: 848B

.reloc
Size: 1KB - Virtual size: 1KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

23:0e:72:90:dd:bb:fa:3c:3d:ce:c1:57:25:73:2f:4a
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

bd:8a:59:13:51:9a:b0:46:62:07:b2:70:2d:0a:d3:2a:31:dd:65:d8
Signer

17/02/2012, 03:46
Valid: false

.text
Size: 28KB - Virtual size: 28KB

.data
Size: 512B - Virtual size: 19KB

.pdata
Size: 1024B - Virtual size: 756B

.rsrc
Size: 4KB - Virtual size: 4KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

23:0e:72:90:dd:bb:fa:3c:3d:ce:c1:57:25:73:2f:4a
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

7e:c0:30:ba:8e:cd:57:25:88:90:2c:75:90:ed:d9:a0:bd:a3:95:9b
Signer

17/02/2012, 03:27
Valid: false

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 39KB

.rsrc
Size: 8KB - Virtual size: 4KB

.text
Size: 4.3MB - Virtual size: 4.3MB

.itext
Size: 10KB - Virtual size: 9KB

.data
Size: 58KB - Virtual size: 58KB

.bss
Size: - Virtual size: 7.7MB

.idata
Size: 18KB - Virtual size: 17KB