TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr
Static task
static1
Behavioral task
behavioral1
Sample
setup.exe
Resource
win7-20220812-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
setup.exe
Resource
win10v2004-20220901-en
windows10-2004-x64
17 signatures
150 seconds
Behavioral task
behavioral3
Sample
setupapi.dll
Resource
win7-20221111-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral4
Sample
setupapi.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral5
Sample
verifier.dll
Resource
win7-20221111-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral6
Sample
verifier.dll
Resource
win10v2004-20220901-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
file.zip
-
Size
6.6MB
-
MD5
46be07cf18528003a19ac8ae5d41e85e
-
SHA1
9d466c8bc2f7b051598b0e056f6b1a5a70472d9c
-
SHA256
280cc4d5a78f3b3946c503d4920c71f3c06425414435797faad9a63709b1198e
-
SHA512
f6bca66a3fb5f102cc49888cd89ec92d6c26fa55971bbb78eb3b5424c354846f432e1fe6e2e1e252e34582693c9ef96f6bc00c971b6017ee1f00a211cf732e98
-
SSDEEP
196608:o/teRXPABsnY20VAffUpKxYUVFkbRudGPZsFLw:ssRXPNY20VAq2fHk/C0
Score
1/10
Malware Config
Signatures
Files
-
file.zip.zip
-
setup.exe.exe windows x86
e569e6f445d32ba23766ad67d1e3787f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Imports
kernel32
GetACP
GetExitCodeProcess
LocalFree
CloseHandle
SizeofResource
VirtualProtect
VirtualFree
GetFullPathNameW
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
GetCPInfo
GetStdHandle
GetModuleHandleW
FreeLibrary
HeapDestroy
ReadFile
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
FindResourceW
CreateThread
CompareStringW
LoadLibraryA
ResetEvent
GetVersion
RaiseException
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetFileSize
GetStartupInfoW
GetFileAttributesW
InitializeCriticalSection
GetSystemWindowsDirectoryW
GetThreadPriority
SetThreadPriority
GetCurrentProcess
VirtualAlloc
GetSystemInfo
GetCommandLineW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetWindowsDirectoryW
VerSetConditionMask
GetDiskFreeSpaceW
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
GetSystemDirectoryW
DeleteFileW
GetLocalTime
GetEnvironmentVariableW
WaitForSingleObject
WriteFile
ExitThread
DeleteCriticalSection
TlsGetValue
GetDateFormatW
SetErrorMode
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
GetUserDefaultLangID
RemoveDirectoryW
CreateEventW
SetThreadLocale
GetThreadLocale
comctl32
InitCommonControls
version
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW
user32
CreateWindowExW
TranslateMessage
CharLowerBuffW
CallWindowProcW
CharUpperW
PeekMessageW
GetSystemMetrics
SetWindowLongW
MessageBoxW
DestroyWindow
CharUpperBuffW
CharNextW
MsgWaitForMultipleObjects
LoadStringW
ExitWindowsEx
DispatchMessageW
oleaut32
SysAllocStringLen
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
VariantClear
SysFreeString
SysReAllocStringLen
VariantChangeType
SafeArrayCreate
netapi32
NetWkstaGetInfo
NetApiBufferFree
advapi32
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExW
AdjustTokenPrivileges
GetTokenInformation
ConvertSidToStringSidW
LookupPrivilegeValueW
RegCloseKey
OpenProcessToken
RegOpenKeyExW
Exports
Exports
Sections
.text Size: 718KB - Virtual size: 718KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.itext Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 14KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: - Virtual size: 27KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.didata Size: 512B - Virtual size: 420B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 512B - Virtual size: 154B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: - Virtual size: 24B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 93B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 191KB - Virtual size: 191KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
setupapi.dll.dll windows x64
03f310fd1bd3afc702f5db7aa523cddf
Code Sign
33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3cCertificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before02/09/2021, 18:23Not After01/09/2022, 18:23SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19/10/2011, 18:41Not After19/10/2026, 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
eb:0e:1f:1e:ae:fe:05:e7:31:eb:3c:56:a2:f8:77:ab:c9:ad:98:35:3d:cf:f6:0e:27:f6:76:d4:ff:bb:c9:f9Signer
Actual PE Digesteb:0e:1f:1e:ae:fe:05:e7:31:eb:3c:56:a2:f8:77:ab:c9:ad:98:35:3d:cf:f6:0e:27:f6:76:d4:ff:bb:c9:f9Digest Algorithmsha256PE Digest MatchestrueSignature Validations
TrustedfalseVerification
Signing CertificateCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US07/02/2023, 20:47 Valid: false
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
Imports
msvcrt
free
wcsspn
toupper
swscanf
_beginthreadex
_amsg_exit
malloc
_initterm
_wcslwr
_lock
_beginthread
iswctype
_vsnprintf
_resetstkoflw
__CxxFrameHandler4
??3@YAXPEAX@Z
_purecall
_errno
_wcstoui64
??_V@YAXPEAX@Z
_wtoi
_ultow_s
_itow_s
wcscpy_s
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_CxxThrowException
__CxxFrameHandler3
memcpy
memmove
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
wcstoul
_unlock
wcsncmp
__dllonexit
_onexit
memset
wcsnlen
__C_specific_handler
_endthread
wcstol
towupper
wcsstr
memcmp
_wcsnicmp
wcschr
_wcsicmp
wcsrchr
_vsnwprintf
_XcptFilter
wcscmp
ntdll
RtlGUIDFromString
RtlRandomEx
RtlFormatCurrentUserKeyPath
RtlFreeUnicodeString
NtDeleteKey
NtOpenKey
NtCreateKey
NtQueryValueKey
NtSetValueKey
NtDeleteValueKey
NtEnumerateKey
NtSetInformationFile
NtQueryInformationFile
NtSetInformationThread
NtQueryInformationThread
NtQuerySystemInformation
RtlInitUnicodeStringEx
RtlUnicodeStringToInteger
RtlUpcaseUnicodeChar
RtlMultiByteToUnicodeN
RtlMultiByteToUnicodeSize
RtlUnicodeToMultiByteN
RtlUnicodeToMultiByteSize
NtCreateTransaction
NtCommitTransaction
RtlImageNtHeader
EtwEventSetInformation
RtlIoEncodeMemIoResource
RtlUnsubscribeWnfStateChangeNotification
RtlNtStatusToDosError
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
RtlPrefixUnicodeString
EtwEventUnregister
EtwEventRegister
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
RtlNtStatusToDosErrorNoTeb
RtlHashUnicodeString
RtlInitUnicodeString
RtlGetVersion
EtwEventWriteTransfer
EtwTraceMessage
NtClose
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
RaiseException
SetLastError
UnhandledExceptionFilter
SetErrorMode
GetLastError
api-ms-win-core-string-obsolete-l1-1-0
lstrcmpiW
lstrcmpW
api-ms-win-core-kernel32-legacy-l1-1-0
MoveFileW
DosDateTimeToFileTime
api-ms-win-core-handle-l1-1-0
CloseHandle
DuplicateHandle
api-ms-win-core-synch-l1-1-0
EnterCriticalSection
ResetEvent
DeleteCriticalSection
InitializeCriticalSection
WaitForMultipleObjectsEx
WaitForSingleObject
CreateEventW
AcquireSRWLockExclusive
SleepEx
CreateMutexW
ReleaseMutex
ReleaseSRWLockExclusive
LeaveCriticalSection
WaitForSingleObjectEx
SetEvent
api-ms-win-core-libraryloader-l1-2-1
LoadLibraryW
FindResourceW
api-ms-win-core-libraryloader-l1-2-0
GetModuleFileNameW
GetProcAddress
LoadResource
GetModuleFileNameA
FreeLibrary
LoadStringW
FindResourceExW
GetModuleHandleW
GetModuleHandleA
LockResource
FreeResource
SizeofResource
LoadLibraryExA
LoadLibraryExW
api-ms-win-core-timezone-l1-1-0
FileTimeToSystemTime
SystemTimeToFileTime
api-ms-win-core-string-l1-1-0
GetStringTypeExW
WideCharToMultiByte
CompareStringW
CompareStringOrdinal
MultiByteToWideChar
api-ms-win-core-heap-l1-1-0
HeapFree
HeapAlloc
GetProcessHeap
HeapReAlloc
api-ms-win-core-processenvironment-l1-1-0
GetCurrentDirectoryW
GetCommandLineA
GetEnvironmentVariableW
SetCurrentDirectoryW
ExpandEnvironmentStringsW
api-ms-win-core-shlwapi-legacy-l1-1-0
PathParseIconLocationW
api-ms-win-core-localization-l1-2-0
GetLocaleInfoW
GetThreadLocale
FormatMessageW
GetThreadUILanguage
LCMapStringW
api-ms-win-core-synch-l1-2-0
Sleep
InitOnceBeginInitialize
InitOnceComplete
api-ms-win-core-sysinfo-l1-1-0
GetWindowsDirectoryW
GetSystemWindowsDirectoryW
GetSystemTimeAsFileTime
GetTickCount64
GetLocalTime
GetTickCount
GetSystemInfo
GetSystemDirectoryW
api-ms-win-core-datetime-l1-1-0
GetDateFormatW
api-ms-win-core-heap-l2-1-0
LocalFree
LocalAlloc
LocalReAlloc
api-ms-win-core-processthreads-l1-1-0
TlsAlloc
TlsGetValue
GetExitCodeProcess
OpenThreadToken
TlsSetValue
TlsFree
GetExitCodeThread
OpenProcessToken
GetCurrentThread
GetCurrentProcess
TerminateProcess
GetStartupInfoW
CreateProcessW
GetCurrentProcessId
GetCurrentThreadId
SetThreadToken
api-ms-win-core-sysinfo-l1-2-0
GetNativeSystemInfo
VerSetConditionMask
api-ms-win-core-file-l2-1-2
CopyFileW
api-ms-win-core-file-l2-1-0
MoveFileExW
CopyFileExW
CreateHardLinkW
api-ms-win-core-privateprofile-l1-1-0
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileSectionW
api-ms-win-core-version-l1-1-0
GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW
api-ms-win-core-sidebyside-l1-1-0
ReleaseActCtx
ActivateActCtx
CreateActCtxW
DeactivateActCtx
api-ms-win-core-kernel32-legacy-l1-1-1
VerifyVersionInfoW
api-ms-win-core-wow64-l1-1-1
IsWow64Process2
api-ms-win-core-memory-l1-1-0
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
VirtualProtect
VirtualQuery
api-ms-win-core-privateprofile-l1-1-1
WritePrivateProfileSectionW
api-ms-win-core-localization-obsolete-l1-2-0
GetSystemDefaultUILanguage
api-ms-win-core-rtlsupport-l1-1-0
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
kernel32
LZCopy
LZClose
LZOpenFileW
api-ms-win-core-debug-l1-1-0
OutputDebugStringW
api-ms-win-eventing-classicprovider-l1-1-0
TraceMessage
api-ms-win-core-util-l1-1-0
EncodePointer
DecodePointer
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
Exports
Exports
CMP_GetBlockedDriverInfo
CMP_GetServerSideDeviceInstallFlags
CMP_Init_Detection
CMP_Report_LogOn
CMP_WaitNoPendingInstallEvents
CMP_WaitServicesAvailable
CM_Add_Driver_PackageW
CM_Add_Empty_Log_Conf
CM_Add_Empty_Log_Conf_Ex
CM_Add_IDA
CM_Add_IDW
CM_Add_ID_ExA
CM_Add_ID_ExW
CM_Add_Range
CM_Add_Res_Des
CM_Add_Res_Des_Ex
CM_Apply_PowerScheme
CM_Connect_MachineA
CM_Connect_MachineW
CM_Create_DevNodeA
CM_Create_DevNodeW
CM_Create_DevNode_ExA
CM_Create_DevNode_ExW
CM_Create_Range_List
CM_Delete_Class_Key
CM_Delete_Class_Key_Ex
CM_Delete_DevNode_Key
CM_Delete_DevNode_Key_Ex
CM_Delete_Device_Interface_KeyA
CM_Delete_Device_Interface_KeyW
CM_Delete_Device_Interface_Key_ExA
CM_Delete_Device_Interface_Key_ExW
CM_Delete_Driver_PackageW
CM_Delete_PowerScheme
CM_Delete_Range
CM_Detect_Resource_Conflict
CM_Detect_Resource_Conflict_Ex
CM_Disable_DevNode
CM_Disable_DevNode_Ex
CM_Disconnect_Machine
CM_Dup_Range_List
CM_Duplicate_PowerScheme
CM_Enable_DevNode
CM_Enable_DevNode_Ex
CM_Enumerate_Classes
CM_Enumerate_Classes_Ex
CM_Enumerate_EnumeratorsA
CM_Enumerate_EnumeratorsW
CM_Enumerate_Enumerators_ExA
CM_Enumerate_Enumerators_ExW
CM_Find_Range
CM_First_Range
CM_Free_Log_Conf
CM_Free_Log_Conf_Ex
CM_Free_Log_Conf_Handle
CM_Free_Range_List
CM_Free_Res_Des
CM_Free_Res_Des_Ex
CM_Free_Res_Des_Handle
CM_Free_Resource_Conflict_Handle
CM_Get_Child
CM_Get_Child_Ex
CM_Get_Class_Key_NameA
CM_Get_Class_Key_NameW
CM_Get_Class_Key_Name_ExA
CM_Get_Class_Key_Name_ExW
CM_Get_Class_NameA
CM_Get_Class_NameW
CM_Get_Class_Name_ExA
CM_Get_Class_Name_ExW
CM_Get_Class_Registry_PropertyA
CM_Get_Class_Registry_PropertyW
CM_Get_Depth
CM_Get_Depth_Ex
CM_Get_DevNode_Custom_PropertyA
CM_Get_DevNode_Custom_PropertyW
CM_Get_DevNode_Custom_Property_ExA
CM_Get_DevNode_Custom_Property_ExW
CM_Get_DevNode_Registry_PropertyA
CM_Get_DevNode_Registry_PropertyW
CM_Get_DevNode_Registry_Property_ExA
CM_Get_DevNode_Registry_Property_ExW
CM_Get_DevNode_Status
CM_Get_DevNode_Status_Ex
CM_Get_Device_IDA
CM_Get_Device_IDW
CM_Get_Device_ID_ExA
CM_Get_Device_ID_ExW
CM_Get_Device_ID_ListA
CM_Get_Device_ID_ListW
CM_Get_Device_ID_List_ExA
CM_Get_Device_ID_List_ExW
CM_Get_Device_ID_List_SizeA
CM_Get_Device_ID_List_SizeW
CM_Get_Device_ID_List_Size_ExA
CM_Get_Device_ID_List_Size_ExW
CM_Get_Device_ID_Size
CM_Get_Device_ID_Size_Ex
CM_Get_Device_Interface_AliasA
CM_Get_Device_Interface_AliasW
CM_Get_Device_Interface_Alias_ExA
CM_Get_Device_Interface_Alias_ExW
CM_Get_Device_Interface_ListA
CM_Get_Device_Interface_ListW
CM_Get_Device_Interface_List_ExA
CM_Get_Device_Interface_List_ExW
CM_Get_Device_Interface_List_SizeA
CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_List_Size_ExA
CM_Get_Device_Interface_List_Size_ExW
CM_Get_First_Log_Conf
CM_Get_First_Log_Conf_Ex
CM_Get_Global_State
CM_Get_Global_State_Ex
CM_Get_HW_Prof_FlagsA
CM_Get_HW_Prof_FlagsW
CM_Get_HW_Prof_Flags_ExA
CM_Get_HW_Prof_Flags_ExW
CM_Get_Hardware_Profile_InfoA
CM_Get_Hardware_Profile_InfoW
CM_Get_Hardware_Profile_Info_ExA
CM_Get_Hardware_Profile_Info_ExW
CM_Get_Log_Conf_Priority
CM_Get_Log_Conf_Priority_Ex
CM_Get_Next_Log_Conf
CM_Get_Next_Log_Conf_Ex
CM_Get_Next_Res_Des
CM_Get_Next_Res_Des_Ex
CM_Get_Parent
CM_Get_Parent_Ex
CM_Get_Res_Des_Data
CM_Get_Res_Des_Data_Ex
CM_Get_Res_Des_Data_Size
CM_Get_Res_Des_Data_Size_Ex
CM_Get_Resource_Conflict_Count
CM_Get_Resource_Conflict_DetailsA
CM_Get_Resource_Conflict_DetailsW
CM_Get_Sibling
CM_Get_Sibling_Ex
CM_Get_Version
CM_Get_Version_Ex
CM_Import_PowerScheme
CM_Install_DevNodeW
CM_Install_DevNode_ExW
CM_Intersect_Range_List
CM_Invert_Range_List
CM_Is_Dock_Station_Present
CM_Is_Dock_Station_Present_Ex
CM_Is_Version_Available
CM_Is_Version_Available_Ex
CM_Locate_DevNodeA
CM_Locate_DevNodeW
CM_Locate_DevNode_ExA
CM_Locate_DevNode_ExW
CM_Merge_Range_List
CM_Modify_Res_Des
CM_Modify_Res_Des_Ex
CM_Move_DevNode
CM_Move_DevNode_Ex
CM_Next_Range
CM_Open_Class_KeyA
CM_Open_Class_KeyW
CM_Open_Class_Key_ExA
CM_Open_Class_Key_ExW
CM_Open_DevNode_Key
CM_Open_DevNode_Key_Ex
CM_Open_Device_Interface_KeyA
CM_Open_Device_Interface_KeyW
CM_Open_Device_Interface_Key_ExA
CM_Open_Device_Interface_Key_ExW
CM_Query_And_Remove_SubTreeA
CM_Query_And_Remove_SubTreeW
CM_Query_And_Remove_SubTree_ExA
CM_Query_And_Remove_SubTree_ExW
CM_Query_Arbitrator_Free_Data
CM_Query_Arbitrator_Free_Data_Ex
CM_Query_Arbitrator_Free_Size
CM_Query_Arbitrator_Free_Size_Ex
CM_Query_Remove_SubTree
CM_Query_Remove_SubTree_Ex
CM_Query_Resource_Conflict_List
CM_Reenumerate_DevNode
CM_Reenumerate_DevNode_Ex
CM_Register_Device_Driver
CM_Register_Device_Driver_Ex
CM_Register_Device_InterfaceA
CM_Register_Device_InterfaceW
CM_Register_Device_Interface_ExA
CM_Register_Device_Interface_ExW
CM_Remove_SubTree
CM_Remove_SubTree_Ex
CM_Request_Device_EjectA
CM_Request_Device_EjectW
CM_Request_Device_Eject_ExA
CM_Request_Device_Eject_ExW
CM_Request_Eject_PC
CM_Request_Eject_PC_Ex
CM_RestoreAll_DefaultPowerSchemes
CM_Restore_DefaultPowerScheme
CM_Run_Detection
CM_Run_Detection_Ex
CM_Set_ActiveScheme
CM_Set_Class_Registry_PropertyA
CM_Set_Class_Registry_PropertyW
CM_Set_DevNode_Problem
CM_Set_DevNode_Problem_Ex
CM_Set_DevNode_Registry_PropertyA
CM_Set_DevNode_Registry_PropertyW
CM_Set_DevNode_Registry_Property_ExA
CM_Set_DevNode_Registry_Property_ExW
CM_Set_HW_Prof
CM_Set_HW_Prof_Ex
CM_Set_HW_Prof_FlagsA
CM_Set_HW_Prof_FlagsW
CM_Set_HW_Prof_Flags_ExA
CM_Set_HW_Prof_Flags_ExW
CM_Setup_DevNode
CM_Setup_DevNode_Ex
CM_Test_Range_Available
CM_Uninstall_DevNode
CM_Uninstall_DevNode_Ex
CM_Unregister_Device_InterfaceA
CM_Unregister_Device_InterfaceW
CM_Unregister_Device_Interface_ExA
CM_Unregister_Device_Interface_ExW
CM_Write_UserPowerKey
DoesUserHavePrivilege
DriverStoreAddDriverPackageA
DriverStoreAddDriverPackageW
DriverStoreDeleteDriverPackageA
DriverStoreDeleteDriverPackageW
DriverStoreEnumDriverPackageA
DriverStoreEnumDriverPackageW
DriverStoreFindDriverPackageA
DriverStoreFindDriverPackageW
ExtensionPropSheetPageProc
InstallCatalog
InstallHinfSection
InstallHinfSectionA
InstallHinfSectionW
IsUserAdmin
MyFree
MyMalloc
MyRealloc
PnpEnumDrpFile
PnpIsFileAclIntact
PnpIsFileContentIntact
PnpIsFilePnpDriver
PnpRepairWindowsProtectedDriver
SetupAddInstallSectionToDiskSpaceListA
SetupAddInstallSectionToDiskSpaceListW
SetupAddSectionToDiskSpaceListA
SetupAddSectionToDiskSpaceListW
SetupAddToDiskSpaceListA
SetupAddToDiskSpaceListW
SetupAddToSourceListA
SetupAddToSourceListW
SetupAdjustDiskSpaceListA
SetupAdjustDiskSpaceListW
SetupBackupErrorA
SetupBackupErrorW
SetupCancelTemporarySourceList
SetupCloseFileQueue
SetupCloseInfFile
SetupCloseLog
SetupCommitFileQueue
SetupCommitFileQueueA
SetupCommitFileQueueW
SetupConfigureWmiFromInfSectionA
SetupConfigureWmiFromInfSectionW
SetupCopyErrorA
SetupCopyErrorW
SetupCopyOEMInfA
SetupCopyOEMInfW
SetupCreateDiskSpaceListA
SetupCreateDiskSpaceListW
SetupDecompressOrCopyFileA
SetupDecompressOrCopyFileW
SetupDefaultQueueCallback
SetupDefaultQueueCallbackA
SetupDefaultQueueCallbackW
SetupDeleteErrorA
SetupDeleteErrorW
SetupDestroyDiskSpaceList
SetupDiApplyPowerScheme
SetupDiAskForOEMDisk
SetupDiBuildClassInfoList
SetupDiBuildClassInfoListExA
SetupDiBuildClassInfoListExW
SetupDiBuildDriverInfoList
SetupDiCallClassInstaller
SetupDiCancelDriverInfoSearch
SetupDiChangeState
SetupDiClassGuidsFromNameA
SetupDiClassGuidsFromNameExA
SetupDiClassGuidsFromNameExW
SetupDiClassGuidsFromNameW
SetupDiClassNameFromGuidA
SetupDiClassNameFromGuidExA
SetupDiClassNameFromGuidExW
SetupDiClassNameFromGuidW
SetupDiCreateDevRegKeyA
SetupDiCreateDevRegKeyW
SetupDiCreateDeviceInfoA
SetupDiCreateDeviceInfoList
SetupDiCreateDeviceInfoListExA
SetupDiCreateDeviceInfoListExW
SetupDiCreateDeviceInfoW
SetupDiCreateDeviceInterfaceA
SetupDiCreateDeviceInterfaceRegKeyA
SetupDiCreateDeviceInterfaceRegKeyW
SetupDiCreateDeviceInterfaceW
SetupDiDeleteDevRegKey
SetupDiDeleteDeviceInfo
SetupDiDeleteDeviceInterfaceData
SetupDiDeleteDeviceInterfaceRegKey
SetupDiDestroyClassImageList
SetupDiDestroyDeviceInfoList
SetupDiDestroyDriverInfoList
SetupDiDrawMiniIcon
SetupDiEnumDeviceInfo
SetupDiEnumDeviceInterfaces
SetupDiEnumDriverInfoA
SetupDiEnumDriverInfoW
SetupDiGetActualModelsSectionA
SetupDiGetActualModelsSectionW
SetupDiGetActualSectionToInstallA
SetupDiGetActualSectionToInstallExA
SetupDiGetActualSectionToInstallExW
SetupDiGetActualSectionToInstallW
SetupDiGetClassBitmapIndex
SetupDiGetClassDescriptionA
SetupDiGetClassDescriptionExA
SetupDiGetClassDescriptionExW
SetupDiGetClassDescriptionW
SetupDiGetClassDevPropertySheetsA
SetupDiGetClassDevPropertySheetsW
SetupDiGetClassDevsA
SetupDiGetClassDevsExA
SetupDiGetClassDevsExW
SetupDiGetClassDevsW
SetupDiGetClassImageIndex
SetupDiGetClassImageList
SetupDiGetClassImageListExA
SetupDiGetClassImageListExW
SetupDiGetClassInstallParamsA
SetupDiGetClassInstallParamsW
SetupDiGetClassPropertyExW
SetupDiGetClassPropertyKeys
SetupDiGetClassPropertyKeysExW
SetupDiGetClassPropertyW
SetupDiGetClassRegistryPropertyA
SetupDiGetClassRegistryPropertyW
SetupDiGetCustomDevicePropertyA
SetupDiGetCustomDevicePropertyW
SetupDiGetDeviceInfoListClass
SetupDiGetDeviceInfoListDetailA
SetupDiGetDeviceInfoListDetailW
SetupDiGetDeviceInstallParamsA
SetupDiGetDeviceInstallParamsW
SetupDiGetDeviceInstanceIdA
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceInterfaceAlias
SetupDiGetDeviceInterfaceDetailA
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceInterfacePropertyKeys
SetupDiGetDeviceInterfacePropertyW
SetupDiGetDevicePropertyKeys
SetupDiGetDevicePropertyW
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDriverInfoDetailA
SetupDiGetDriverInfoDetailW
SetupDiGetDriverInstallParamsA
SetupDiGetDriverInstallParamsW
SetupDiGetHwProfileFriendlyNameA
SetupDiGetHwProfileFriendlyNameExA
SetupDiGetHwProfileFriendlyNameExW
SetupDiGetHwProfileFriendlyNameW
SetupDiGetHwProfileList
SetupDiGetHwProfileListExA
SetupDiGetHwProfileListExW
SetupDiGetINFClassA
SetupDiGetINFClassW
SetupDiGetSelectedDevice
SetupDiGetSelectedDriverA
SetupDiGetSelectedDriverW
SetupDiGetWizardPage
SetupDiInstallClassA
SetupDiInstallClassExA
SetupDiInstallClassExW
SetupDiInstallClassW
SetupDiInstallDevice
SetupDiInstallDeviceInterfaces
SetupDiInstallDriverFiles
SetupDiLoadClassIcon
SetupDiLoadDeviceIcon
SetupDiMoveDuplicateDevice
SetupDiOpenClassRegKey
SetupDiOpenClassRegKeyExA
SetupDiOpenClassRegKeyExW
SetupDiOpenDevRegKey
SetupDiOpenDeviceInfoA
SetupDiOpenDeviceInfoW
SetupDiOpenDeviceInterfaceA
SetupDiOpenDeviceInterfaceRegKey
SetupDiOpenDeviceInterfaceW
SetupDiRegisterCoDeviceInstallers
SetupDiRegisterDeviceInfo
SetupDiRemoveDevice
SetupDiRemoveDeviceInterface
SetupDiReportAdditionalSoftwareRequested
SetupDiReportDeviceInstallError
SetupDiReportDriverNotFoundError
SetupDiReportDriverPackageImportationError
SetupDiReportGenericDriverInstalled
SetupDiReportPnPDeviceProblem
SetupDiRestartDevices
SetupDiSelectBestCompatDrv
SetupDiSelectDevice
SetupDiSelectOEMDrv
SetupDiSetClassInstallParamsA
SetupDiSetClassInstallParamsW
SetupDiSetClassPropertyExW
SetupDiSetClassPropertyW
SetupDiSetClassRegistryPropertyA
SetupDiSetClassRegistryPropertyW
SetupDiSetDeviceInstallParamsA
SetupDiSetDeviceInstallParamsW
SetupDiSetDeviceInterfaceDefault
SetupDiSetDeviceInterfacePropertyW
SetupDiSetDevicePropertyW
SetupDiSetDeviceRegistryPropertyA
SetupDiSetDeviceRegistryPropertyW
SetupDiSetDriverInstallParamsA
SetupDiSetDriverInstallParamsW
SetupDiSetSelectedDevice
SetupDiSetSelectedDriverA
SetupDiSetSelectedDriverW
SetupDiUnremoveDevice
SetupDuplicateDiskSpaceListA
SetupDuplicateDiskSpaceListW
SetupEnumInfSectionsA
SetupEnumInfSectionsW
SetupEnumPublishedInfA
SetupEnumPublishedInfW
SetupFindFirstLineA
SetupFindFirstLineW
SetupFindNextLine
SetupFindNextMatchLineA
SetupFindNextMatchLineW
SetupFreeSourceListA
SetupFreeSourceListW
SetupGetBackupInformationA
SetupGetBackupInformationW
SetupGetBinaryField
SetupGetFieldCount
SetupGetFileCompressionInfoA
SetupGetFileCompressionInfoExA
SetupGetFileCompressionInfoExW
SetupGetFileCompressionInfoW
SetupGetFileQueueCount
SetupGetFileQueueFlags
SetupGetInfDriverStoreLocationA
SetupGetInfDriverStoreLocationW
SetupGetInfFileListA
SetupGetInfFileListW
SetupGetInfInformationA
SetupGetInfInformationW
SetupGetInfPublishedNameA
SetupGetInfPublishedNameW
SetupGetInfSections
SetupGetIntField
SetupGetLineByIndexA
SetupGetLineByIndexW
SetupGetLineCountA
SetupGetLineCountW
SetupGetLineTextA
SetupGetLineTextW
SetupGetMultiSzFieldA
SetupGetMultiSzFieldW
SetupGetNonInteractiveMode
SetupGetSourceFileLocationA
SetupGetSourceFileLocationW
SetupGetSourceFileSizeA
SetupGetSourceFileSizeW
SetupGetSourceInfoA
SetupGetSourceInfoW
SetupGetStringFieldA
SetupGetStringFieldW
SetupGetTargetPathA
SetupGetTargetPathW
SetupGetThreadLogToken
SetupInitDefaultQueueCallback
SetupInitDefaultQueueCallbackEx
SetupInitializeFileLogA
SetupInitializeFileLogW
SetupInstallFileA
SetupInstallFileExA
SetupInstallFileExW
Sections
.text Size: 872KB - Virtual size: 868KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 212KB - Virtual size: 208KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 28KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3.3MB - Virtual size: 3.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
verifier.dll.dll windows x64
8bf144f6fdf48da3cc6073dd4bd7b5d4
Code Sign
33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32Certificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before02/05/2019, 21:24Not After02/05/2020, 21:24SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19/10/2011, 18:41Not After19/10/2026, 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
d5:74:c3:ea:7c:d0:b3:3b:38:49:1e:e7:bb:99:67:72:6c:c0:9d:be:e0:54:e0:99:31:b5:3a:95:05:af:a0:28Signer
Actual PE Digestd5:74:c3:ea:7c:d0:b3:3b:38:49:1e:e7:bb:99:67:72:6c:c0:9d:be:e0:54:e0:99:31:b5:3a:95:05:af:a0:28Digest Algorithmsha256PE Digest MatchestrueSignature Validations
TrustedfalseVerification
Signing CertificateCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US07/02/2023, 20:47 Valid: false
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
ntdll
RtlDllShutdownInProgress
RtlCompareUnicodeString
NtQuerySystemTime
RtlAllocateHeap
RtlRandom
NtQueryPerformanceCounter
RtlInitUnicodeString
RtlCaptureStackBackTrace
RtlEnterCriticalSection
RtlInitializeCriticalSection
RtlLeaveCriticalSection
DbgPrint
RtlDeleteCriticalSection
NtFreeVirtualMemory
RtlGetUserInfoHeap
RtlDestroyHeap
RtlValidateHeap
RtlInitializeGenericTableAvl
RtlInitializeSRWLock
DbgPrintEx
NtQueryVirtualMemory
RtlDeleteElementGenericTableAvl
NtQuerySystemInformation
NtOpenEvent
RtlUpcaseUnicodeChar
NtQueryInformationProcess
RtlReleaseSRWLockExclusive
RtlLookupElementGenericTableAvl
RtlAcquireSRWLockExclusive
NtAllocateVirtualMemory
RtlInsertElementGenericTableAvl
RtlAcquireSRWLockShared
RtlReleaseSRWLockShared
NtReadVirtualMemory
RtlEnumerateGenericTableAvl
RtlInitializeCriticalSectionEx
RtlSizeHeap
RtlSetUserFlagsHeap
NtQueryEvent
NtProtectVirtualMemory
RtlSetUserValueHeap
RtlFreeHeap
RtlFlushSecureMemoryCache
RtlSetHeapInformation
RtlCreateHeap
RtlUnlockHeap
RtlLockHeap
RtlRaiseException
LdrLockLoaderLock
LdrUnlockLoaderLock
RtlCaptureContext
RtlReportException
NtTerminateProcess
LdrGetProcedureAddress
LdrUnloadDll
LdrLoadDll
RtlDecodePointer
RtlInitAnsiString
RtlEncodePointer
RtlFreeAnsiString
LdrFindResource_U
RtlUnicodeStringToAnsiString
LdrAccessResource
LdrQueryImageFileKeyOption
LdrQueryImageFileExecutionOptions
RtlImageNtHeader
EtwEventWriteTransfer
RtlSetEnvironmentVariable
EtwEventUnregister
EtwEventRegister
NtWriteVirtualMemory
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnhandledExceptionFilter
memmove
__C_specific_handler
_vsnwprintf
_wcsicmp
_vsnprintf
sscanf_s
wcstoul
RtlVerifyVersionInfo
wcsstr
_stricmp
VerSetConditionMask
RtlQueryHeapInformation
NtOpenThread
NtSuspendThread
NtClose
LdrQueryProcessModuleInformation
RtlNtStatusToDosError
NtResumeThread
RtlAddVectoredExceptionHandler
RtlEqualUnicodeString
LdrGetDllHandle
RtlDeleteResource
RtlAcquireResourceShared
NtDelayExecution
RtlAcquirePebLock
RtlReleaseResource
RtlInitializeResource
RtlAcquireResourceExclusive
RtlRemoveVectoredExceptionHandler
NtQueryInformationThread
RtlFindClearBitsAndSet
NtQueryObject
RtlReleasePebLock
RtlInterlockedPushEntrySList
RtlSplay
RtlDelete
RtlInitializeSListHead
RtlpWaitForCriticalSection
RtlInitializeCriticalSectionAndSpinCount
RtlTryEnterCriticalSection
RtlConvertExclusiveToShared
RtlRaiseStatus
RtlConvertSharedToExclusive
RtlInterlockedPopEntrySList
LdrFindEntryForAddress
iswspace
RtlEnumerateGenericTableWithoutSplayingAvl
_wcsnicmp
RtlQueryDepthSList
NtCreateEvent
RtlDeregisterWait
NtSetEvent
RtlRegisterWait
NtOpenProcessTokenEx
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
NtOpenKey
RtlConvertSidToUnicodeString
NtQueryInformationToken
NtDeleteValueKey
NtSetValueKey
NtQueryValueKey
NtGetContextThread
RtlDeregisterWaitEx
RtlWalkFrameChain
NtClearEvent
RtlFreeUnicodeString
RtlSetThreadPoolStartFunc
RtlCheckForOrphanedCriticalSections
NtWaitForMultipleObjects
NtCreateKey
NtWaitForSingleObject
NtCreateSection
NtUnmapViewOfSection
NtOpenSection
NtMapViewOfSection
__chkstk
memcpy
memset
Exports
Exports
AVrfAPILookupCallback
VerifierAddFreeMemoryCallback
VerifierCheckPageHeapAllocation
VerifierCreateRpcPageHeap
VerifierDeleteFreeMemoryCallback
VerifierDestroyRpcPageHeap
VerifierDisableFaultInjectionExclusionRange
VerifierDisableFaultInjectionTargetRange
VerifierEnableFaultInjectionExclusionRange
VerifierEnableFaultInjectionTargetRange
VerifierEnumerateResource
VerifierForceNormalHeap
VerifierGetInfoForException
VerifierGetMemoryForDump
VerifierGetPropertyValueByName
VerifierGetProviderHelper
VerifierIsAddressInAnyPageHeap
VerifierIsCurrentThreadHoldingLocks
VerifierIsDllEntryActive
VerifierIsPerUserSettingsEnabled
VerifierQueryRuntimeFlags
VerifierRedirectStopFunctions
VerifierSetFaultInjectionProbability
VerifierSetFlags
VerifierSetRuntimeFlags
VerifierStopMessage
Sections
.text Size: 163KB - Virtual size: 163KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 37KB - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 30KB - Virtual size: 105KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 132KB - Virtual size: 132KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ