TL-WN725N_V3_190529_Win7[.]zip[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

TL-WN725N_V3_190529_Win7.zip.zip
Size

9.7MB
MD5

857a794a572d47e0de545d4f0c38fbd4
SHA1

7f4a55d68b498e84d9a59a15e97d075d99b73dd0
SHA256

5fd744e24cb10d89ca268be5ce2bb3449c23cd394779efed75373e8046b31b54
SHA512

e15e99b359f9462d7ef93adbea88d05a1fced13a1965aca6ad0788fa724e85925e0dae9cd55420dee8988b8085ec4d3cdd4e5495d22153471109f741a55780c0
SSDEEP

196608:KQUyR+wuZS+FP5X5IIf6PcMu8TXoIQ+ViBJGzddkI:dOwBkIICPjTxViUzkI

Score

1^/10

Malware Config

Signatures

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack002/Setup.exe	nsis_installer_1
static1/unpack002/Setup.exe	nsis_installer_2

Files

TL-WN725N_V3_190529_Win7.zip.zip
.zip

Password: infected
TL-WN725N_V3_190529_Win7.zip
.zip
Setup.exe
.exe windows x86

e6a1fee3f8de879a9adf43270d4296be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetFileSize
GetModuleFileNameA
GetVersion
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
Sleep
GetLastError
CreateDirectoryA
CreateProcessA
CreateFileA
GetTempFileNameA
ReadFile
WriteFile
lstrcatA
GetSystemDirectoryA
GetProcAddress
GetExitCodeProcess
WaitForSingleObject
RemoveDirectoryA
lstrcpyA
MoveFileExA
SetFileAttributesA
GetFileAttributesA
SetCurrentDirectoryA
MoveFileA
GetFullPathNameA
GetShortPathNameA
SearchPathA
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalAlloc
GlobalFree
GetModuleHandleA
LoadLibraryExA
FreeLibrary
MulDiv
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
CreateThread

user32

IsWindowVisible
LoadBitmapA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuA
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
DialogBoxParamA
CallWindowProcA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
GetWindowLongA
GetSysColor
CharNextA
ExitWindowsEx
DestroyWindow
CreateDialogParamA
SetTimer
PostQuitMessage
SetForegroundWindow
GetMessagePos
ScreenToClient
CheckDlgButton
LoadCursorA
SetCursor
GetClassInfoA
SetWindowTextA
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

ShellExecuteExA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetFileInfoA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
AdjustTokenPrivileges
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
OpenProcessToken
RegDeleteKeyA
RegCloseKey
RegEnumKeyA
RegEnumValueA
LookupPrivilegeValueA

comctl32

ImageList_Destroy
ImageList_AddMasked
ord17
ImageList_Create

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 104KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/Driver Files/Driver/Windows_7_32bit/RtlExtUI.dll
.dll regsvr32 windows x86

f3b2dd92c703d59ebb05c6dc9bacf48e

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:20:be:3e:b8:66:52:69:27:f9:99:b9:7b:04:34:6e
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/06/2016, 00:00

Not After

24/01/2019, 12:00

Subject

SERIALNUMBER=22671299,CN=Realtek Semiconductor Corp.,O=Realtek Semiconductor Corp.,POSTALCODE=300,STREET=No. 2\, Innovation Road II\, Hsinchu Science Park,L=Hsinchu,ST=Taiwan,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:6d:9d:a5:3e:87:00:9d:33:49:00:00:00:00:00:6d
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/09/2018, 19:45

Not After

20/09/2019, 19:45

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

57:05:ea:67:a8:3e:38:65:d9:e0:d0:c5:b3:4c:d9:7d:a5:e8:10:ce:19:23:82:8a:d5:a7:99:60:bb:48:bb:52
Signer

Actual PE Digest

57:05:ea:67:a8:3e:38:65:d9:e0:d0:c5:b3:4c:d9:7d:a5:e8:10:ce:19:23:82:8a:d5:a7:99:60:bb:48:bb:52

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

13/04/2023, 18:12
Valid: false

65:0b:34:b8:63:71:21:6e:65:53:d5:5a:db:88:4e:05:be:91:d8:e3
Signer

Actual PE Digest

65:0b:34:b8:63:71:21:6e:65:53:d5:5a:db:88:4e:05:be:91:d8:e3

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

SERIALNUMBER=22671299,CN=Realtek Semiconductor Corp.,O=Realtek Semiconductor Corp.,POSTALCODE=300,STREET=No. 2\, Innovation Road II\, Hsinchu Science Park,L=Hsinchu,ST=Taiwan,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

25/06/2018, 03:48
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

fputs
sprintf_s
vsprintf_s
strcat_s
fflush
_except_handler4_common
_amsg_exit
_initterm
_XcptFilter
strcpy_s
strncmp
memcpy
free
malloc
_vsnprintf
_purecall
wcsncpy_s
_vsnwprintf
_itow_s
_wtoi
swprintf_s
wcschr
wcstoul
_wcsnicmp
??_U@YAPAXI@Z
??_V@YAXPAX@Z
__CxxFrameHandler3
??2@YAPAXI@Z
??3@YAXPAX@Z
memset
_fsopen
fclose
_vsnprintf_s

ole32

CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
CoCreateInstance

oleaut32

SysAllocString
SysAllocStringByteLen
VariantInit
VariantClear
SysFreeString

user32

SetWindowsHookExW
SetWindowTextW
MessageBoxA
DestroyWindow
UnhookWindowsHookEx
SetPropW
RemovePropW
GetPropW
CallNextHookEx
GetDlgItem
GetWindowTextW
GetDlgItemTextA
GetParent
PostMessageW
GetDC
GetDialogBaseUnits
ReleaseDC
EnableWindow
MessageBoxW
DialogBoxParamW
IsDlgButtonChecked
EndDialog
CheckDlgButton
SetWindowTextA
GetWindowTextA
SendMessageW

kernel32

TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
Sleep
InterlockedExchange
FileTimeToSystemTime
GetDateFormatA
GetCurrentProcess
SetUnhandledExceptionFilter
GetLastError
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoW
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
CreateFileA
UnhandledExceptionFilter
GetModuleFileNameW
LoadLibraryW
MapViewOfFile
CreateFileMappingW
GetProcAddress
FreeLibrary
DisableThreadLibraryCalls
CreateMutexW
GetLocalTime
CloseHandle
OutputDebugStringA
GetSystemTime
GetCurrentThreadId
WaitForSingleObject
ReleaseMutex

advapi32

RegOpenKeyExA
RegQueryValueExA
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
RegSetValueExW
RegSetValueExA
RegOpenKeyA
RegDeleteValueA
RegDeleteKeyA

comctl32

CreatePropertySheetPageW

ws2_32

send

crypt32

CertCloseStore
CertAddCertificateContextToStore
CertCompareCertificateName
CertOpenSystemStoreA
CertFreeCertificateContext
CertGetNameStringA
CertEnumCertificatesInStore
CertCreateCertificateContext
CertGetCertificateContextProperty

cryptui

CryptUIDlgViewContext

comdlg32

GetOpenFileNameA

gdi32

GetDeviceCaps

mfc42u

ord800
ord2810
ord540
ord1808
ord4229

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/Driver Files/Driver/Windows_7_32bit/Rtlihvs.dll
.dll windows x86

0e855b7873f102fa0c98ea235406b0ff

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:20:be:3e:b8:66:52:69:27:f9:99:b9:7b:04:34:6e
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/06/2016, 00:00

Not After

24/01/2019, 12:00

Subject

SERIALNUMBER=22671299,CN=Realtek Semiconductor Corp.,O=Realtek Semiconductor Corp.,POSTALCODE=300,STREET=No. 2\, Innovation Road II\, Hsinchu Science Park,L=Hsinchu,ST=Taiwan,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:6d:9d:a5:3e:87:00:9d:33:49:00:00:00:00:00:6d
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/09/2018, 19:45

Not After

20/09/2019, 19:45

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

50:4d:c9:1d:40:8c:59:00:58:16:0c:db:c8:df:be:5a:04:ad:29:c1:1a:e4:13:a6:99:3e:a5:05:9b:98:df:c8
Signer

Actual PE Digest

50:4d:c9:1d:40:8c:59:00:58:16:0c:db:c8:df:be:5a:04:ad:29:c1:1a:e4:13:a6:99:3e:a5:05:9b:98:df:c8

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

13/04/2023, 18:12
Valid: false

c9:88:95:6a:43:94:9e:2c:e4:67:0f:bc:0d:fa:2f:a9:8d:88:01:fc
Signer

Actual PE Digest

c9:88:95:6a:43:94:9e:2c:e4:67:0f:bc:0d:fa:2f:a9:8d:88:01:fc

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

SERIALNUMBER=22671299,CN=Realtek Semiconductor Corp.,O=Realtek Semiconductor Corp.,POSTALCODE=300,STREET=No. 2\, Innovation Road II\, Hsinchu Science Park,L=Hsinchu,ST=Taiwan,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

25/06/2018, 03:48
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertEnumCertificatesInStore
CertFreeCertificateContext
CertCloseStore
CryptUnprotectData
CertGetCertificateContextProperty
CertOpenStore

oleaut32

SysStringByteLen
SysAllocString
VariantClear
SysFreeString
VariantInit

kernel32

InterlockedDecrement
GetCurrentThreadId
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
VirtualAlloc
HeapReAlloc
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetCPInfo
GetACP
GetOEMCP
GetDriveTypeA
LCMapStringA
LCMapStringW
GetFileAttributesA
FreeLibrary
InterlockedExchange
LoadLibraryExA
SetStdHandle
WriteConsoleA
SetLastError
WriteConsoleW
SetFilePointer
CreateFileW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
VirtualProtect
GetSystemInfo
VirtualQuery
GetExitCodeProcess
CreateProcessA
CreateFileA
SetEndOfFile
GetProcessHeap
ReadFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
CloseHandle
GetLastError
ReleaseMutex
SetEvent
WaitForSingleObject
ResetEvent
LocalFree
Sleep
LeaveCriticalSection
EnterCriticalSection
GetTempPathW
GetLocalTime
WideCharToMultiByte
CreateMutexA
InitializeCriticalSection
CreateEventA
InterlockedIncrement
TlsFree
CreateThread
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
ExitProcess
GetModuleHandleA
GetProcAddress
RaiseException
GetFullPathNameW
GetCurrentDirectoryW
RtlUnwind
CreateDirectoryW
HeapAlloc
HeapFree
GetVersionExA
GetCommandLineA
VerSetConditionMask
VerifyVersionInfoA
MultiByteToWideChar
WTSGetActiveConsoleSessionId
LocalAlloc
FormatMessageW
GetModuleFileNameA
GetPrivateProfileIntW
GetPrivateProfileStringW
TerminateThread
DeleteCriticalSection
GetConsoleOutputCP
DisableThreadLibraryCalls
OutputDebugStringA
HeapSize
GlobalMemoryStatus
GetVersion
GetUserDefaultLocaleName
GetSystemDefaultLocaleName
GetComputerNameW
InterlockedCompareExchange
GetTickCount64
GetComputerNameA
SetThreadPriority
GetSystemTime
LoadLibraryA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegEnumKeyA
RegOpenKeyA
RegSetValueExA
FreeSid
ConvertSidToStringSidA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
CryptReleaseContext
GetTokenInformation
DuplicateToken
RegDeleteValueA
RegGetValueA
CryptAcquireContextA
CryptGenRandom
RegCreateKeyExA
ImpersonateLoggedOnUser
RevertToSelf
GetUserNameA
LookupAccountNameA
RegCloseKey

ole32

CreateStreamOnHGlobal
CoCreateInstance
CoInitializeEx
CoTaskMemFree
CoUninitialize
CoTaskMemAlloc

iphlpapi

Icmp6CreateFile
GetIpNetTable2
IpRenewAddress
IpReleaseAddress
Icmp6SendEcho2
IcmpCreateFile
IcmpSendEcho
IcmpCloseHandle
GetUnicastIpAddressTable
FreeMibTable
NotifyIpInterfaceChange
GetAdaptersAddresses
CancelMibChangeNotify2
GetAdaptersInfo
NotifyAddrChange
CancelIPChangeNotify
GetIfTable
GetInterfaceInfo
GetIpAddrTable

ws2_32

getaddrinfo
inet_ntoa
WSACleanup
htons
inet_addr
ntohs
WSAStartup

rpcrt4

UuidCreate
RpcStringFreeA
UuidToStringA

user32

GetDesktopWindow
MsgWaitForMultipleObjects
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
GetSystemMetrics

wtsapi32

WTSQuerySessionInformationA
WTSEnumerateSessionsA
WTSFreeMemory
WTSQueryUserToken

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

wlanapi

WlanScan
WlanFreeMemory
WlanRegisterVirtualStationNotification
WlanRegisterNotification
WlanOpenHandle
WlanCloseHandle
WlanGetNetworkBssList
WlanGetProfile
WlanReasonCodeToString
WlanConnect
WlanDisconnect
WlanGetAvailableNetworkList
WlanGetProfileList
WlanQueryInterface
WlanSetSecuritySettings

xmllite

CreateXmlReader

Exports

Exports

Dot11ExtIhvGetVersionInfo
Dot11ExtIhvInitService
Dot11ExtIhvInitVirtualStation

Sections

.text
Size: 876KB - Virtual size: 876KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 55KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/Driver Files/Driver/Windows_7_32bit/TP_PHY_REG_PG_Enc_725v3.txt
plugins/Driver Files/Driver/Windows_7_32bit/TP_TXPWR_LMT_Enc_725v3.txt
plugins/Driver Files/Driver/Windows_7_32bit/netrtwlanu.cat
plugins/Driver Files/Driver/Windows_7_32bit/netrtwlanu.inf
plugins/Driver Files/Driver/Windows_7_32bit/rtlCoInst.dat
plugins/Driver Files/Driver/Windows_7_32bit/rtlCoInst.dll
.dll windows x86

b56ee6cf404c5405eeff689c530d7c80

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:20:be:3e:b8:66:52:69:27:f9:99:b9:7b:04:34:6e
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/06/2016, 00:00

Not After

24/01/2019, 12:00

Subject

SERIALNUMBER=22671299,CN=Realtek Semiconductor Corp.,O=Realtek Semiconductor Corp.,POSTALCODE=300,STREET=No. 2\, Innovation Road II\, Hsinchu Science Park,L=Hsinchu,ST=Taiwan,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:6d:9d:a5:3e:87:00:9d:33:49:00:00:00:00:00:6d
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/09/2018, 19:45

Not After

20/09/2019, 19:45

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b4:8b:6b:ff:2b:cd:83:f9:21:7b:4d:c7:84:39:a2:8c:f9:17:d8:f4:2d:42:30:73:d4:fd:1f:3d:48:9d:c8:82
Signer

Actual PE Digest

b4:8b:6b:ff:2b:cd:83:f9:21:7b:4d:c7:84:39:a2:8c:f9:17:d8:f4:2d:42:30:73:d4:fd:1f:3d:48:9d:c8:82

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

13/04/2023, 18:12
Valid: false

05:8a:47:dc:06:4a:06:bb:0a:1f:09:35:bb:17:53:3f:6f:bf:40:7a
Signer

Actual PE Digest

05:8a:47:dc:06:4a:06:bb:0a:1f:09:35:bb:17:53:3f:6f:bf:40:7a

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

SERIALNUMBER=22671299,CN=Realtek Semiconductor Corp.,O=Realtek Semiconductor Corp.,POSTALCODE=300,STREET=No. 2\, Innovation Road II\, Hsinchu Science Park,L=Hsinchu,ST=Taiwan,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

25/06/2018, 03:48
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

malloc
_adjust_fdiv
_initterm
free
fopen
fgets
strtok
fclose
strncmp
_strnicmp
sprintf

setupapi

SetupDiOpenDevRegKey
SetupDiClassGuidsFromNameA
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiSetClassInstallParamsA
SetupDiGetDeviceRegistryPropertyA
SetupDiCallClassInstaller

kernel32

DisableThreadLibraryCalls
Sleep
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetLocaleInfoA
GetSystemDirectoryA
GetLastError
OutputDebugStringA

advapi32

RegOpenKeyA
RegDeleteKeyA
RegCloseKey
RegDeleteValueA
RegSetValueExA
RegQueryValueExA

Exports

Exports

rtlCoInst

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 554B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/Driver Files/Driver/Windows_7_32bit/rtwlanu.sys
.exe windows x86

5dfed9e343093c2eaccb7915b2ca17ca

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:20:be:3e:b8:66:52:69:27:f9:99:b9:7b:04:34:6e
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/06/2016, 00:00

Not After

24/01/2019, 12:00

Subject

SERIALNUMBER=22671299,CN=Realtek Semiconductor Corp.,O=Realtek Semiconductor Corp.,POSTALCODE=300,STREET=No. 2\, Innovation Road II\, Hsinchu Science Park,L=Hsinchu,ST=Taiwan,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:6d:9d:a5:3e:87:00:9d:33:49:00:00:00:00:00:6d
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/09/2018, 19:45

Not After

20/09/2019, 19:45

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:93:78:42:8c:a1:07:0f:e7:d5:dc:81:c6:f2:cd:3f:23:8d:66:ff:af:5a:6f:f8:d1:41:7a:db:1c:38:7b:60
Signer

Actual PE Digest

07:93:78:42:8c:a1:07:0f:e7:d5:dc:81:c6:f2:cd:3f:23:8d:66:ff:af:5a:6f:f8:d1:41:7a:db:1c:38:7b:60

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

13/04/2023, 18:12
Valid: false

76:77:49:e9:6e:f4:ee:0c:dd:9d:65:21:ae:c6:33:06:0b:4b:20:1a
Signer

Actual PE Digest

76:77:49:e9:6e:f4:ee:0c:dd:9d:65:21:ae:c6:33:06:0b:4b:20:1a

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

SERIALNUMBER=22671299,CN=Realtek Semiconductor Corp.,O=Realtek Semiconductor Corp.,POSTALCODE=300,STREET=No. 2\, Innovation Road II\, Hsinchu Science Park,L=Hsinchu,ST=Taiwan,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

25/06/2018, 03:50
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeTickCount
KeWaitForSingleObject
KeClearEvent
RtlCopyUnicodeString
KeSetEvent
PoRegisterPowerSettingCallback
PoUnregisterPowerSettingCallback
IofCompleteRequest
IoWMIRegistrationControl
RtlCompareMemory
MmGetSystemRoutineAddress
ExAllocatePoolWithTag
IoWMIWriteEvent
ExFreePoolWithTag
ZwCreateFile
ZwDeviceIoControlFile
ZwClose
_vsnprintf
KeInitializeEvent
_alldiv
KeFlushQueuedDpcs
RtlUnicodeStringToAnsiString
strncpy
RtlFreeAnsiString
KeBugCheckEx
_aulldiv
KeQuerySystemTime
DbgPrint
memcpy
_aullrem
_aullshr
_allshl
RtlFreeUnicodeString
RtlUnicodeStringToInteger
RtlAnsiStringToUnicodeString
RtlInitAnsiString
KeInitializeMutex
KeReleaseMutex
PsTerminateSystemThread
KeSetPriorityThread
ObReferenceObjectByHandle
PsCreateSystemThread
ObfDereferenceObject
KeInitializeSemaphore
KeReleaseSemaphore
strchr
ZwQueryValueKey
ZwOpenKey
RtlInitString
ZwEnumerateKey
wcsstr
ZwSetValueKey
IoCsqInsertIrp
IoCsqRemoveNextIrp
IoCsqInitialize
RtlGUIDFromString
memset
RtlInitUnicodeString
_allmul
MmMapLockedPagesSpecifyCache

hal

KeStallExecutionProcessor
KfRaiseIrql
KfLowerIrql
KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock
KeQueryPerformanceCounter

ndis.sys

NdisMIndicateReceiveNetBufferLists
NdisMRegisterMiniportDriver
NdisGetVersion
NdisMGetDeviceProperty
NdisMDeregisterMiniportDriver
NdisFreeNetBufferListPool
NdisAllocateNetBufferListPool
NdisFreeMdl
NdisFreeNetBufferList
NdisMFreePort
NdisMNetPnPEvent
NdisMAllocatePort
NdisQueueIoWorkItem
NdisAllocateTimerObject
NdisAllocateNetBufferAndNetBufferList
NdisFreeIoWorkItem
NdisSetTimerObject
NdisSetEvent
NdisAllocateMemoryWithTagPriority
NdisFreeTimerObject
NdisCancelTimerObject
NdisMOidRequestComplete
NdisMIndicateStatusEx
NdisInitializeEvent
NdisReadConfiguration
NdisReadNetworkAddress
NdisWaitEvent
NdisMSleep
NdisOpenConfigurationEx
NdisAllocateMdl
NdisMSendNetBufferListsComplete
NdisMSetMiniportAttributes
NdisRegisterDeviceEx
NdisDeregisterDeviceEx
NdisAllocateIoWorkItem
NdisCloseConfiguration
NdisFreeMemory
NdisCloseFile
NdisUnmapFile
NdisMapFile
NdisOpenFile
NdisInitializeString
NdisWriteConfiguration
NdisResetEvent
NdisMRemoveMiniport

wdfldr.sys

WdfVersionBind
WdfVersionBindClass
WdfVersionUnbindClass
WdfVersionUnbind

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.7MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 537KB - Virtual size: 536KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/Driver Files/Driver/Windows_7_64bit/RtlExtUI.dll
.dll regsvr32 windows x64

2bf7f4adb8ae5e2b654042681a7120d7

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:20:be:3e:b8:66:52:69:27:f9:99:b9:7b:04:34:6e
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/06/2016, 00:00

Not After

24/01/2019, 12:00

Subject

SERIALNUMBER=22671299,CN=Realtek Semiconductor Corp.,O=Realtek Semiconductor Corp.,POSTALCODE=300,STREET=No. 2\, Innovation Road II\, Hsinchu Science Park,L=Hsinchu,ST=Taiwan,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:6d:9d:a5:3e:87:00:9d:33:49:00:00:00:00:00:6d
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/09/2018, 19:45

Not After

20/09/2019, 19:45

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:99:e8:60:cd:f0:68:52:17:8c:41:3d:a2:63:f8:2d:cb:2a:38:94:ec:f4:ce:9f:a3:00:cc:87:c5:90:9c:71
Signer

Actual PE Digest

0a:99:e8:60:cd:f0:68:52:17:8c:41:3d:a2:63:f8:2d:cb:2a:38:94:ec:f4:ce:9f:a3:00:cc:87:c5:90:9c:71

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

13/04/2023, 18:12
Valid: false

7a:81:25:7b:f2:94:df:21:87:e3:6c:6a:92:66:67:0a:47:e3:9a:ec
Signer

Actual PE Digest

7a:81:25:7b:f2:94:df:21:87:e3:6c:6a:92:66:67:0a:47:e3:9a:ec

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

SERIALNUMBER=22671299,CN=Realtek Semiconductor Corp.,O=Realtek Semiconductor Corp.,POSTALCODE=300,STREET=No. 2\, Innovation Road II\, Hsinchu Science Park,L=Hsinchu,ST=Taiwan,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

25/06/2018, 03:48
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

fflush
vsprintf_s
strcat_s
_fsopen
??3@YAXPEAX@Z
fclose
fputs
??_U@YAPEAX_K@Z
??_V@YAXPEAX@Z
wcschr
wcstoul
_wtoi
_wcsnicmp
_itow_s
??2@YAPEAX_K@Z
_vsnprintf_s
wcsncpy_s
_vsnwprintf
_purecall
free
malloc
_vsnprintf
strncmp
strcpy_s
_XcptFilter
_initterm
_amsg_exit
__C_specific_handler
__CxxFrameHandler3
memset
sprintf_s
swprintf_s
memcpy

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
StringFromCLSID

oleaut32

SysFreeString
VariantClear
VariantInit
SysAllocStringByteLen
SysAllocString

user32

IsDlgButtonChecked
CheckDlgButton
EndDialog
DialogBoxParamW
MessageBoxA
EnableWindow
GetDialogBaseUnits
GetPropW
SetWindowTextW
GetDlgItemTextA
MessageBoxW
UnhookWindowsHookEx
SetWindowsHookExW
GetDlgItem
ReleaseDC
GetDC
SetPropW
CallNextHookEx
GetParent
PostMessageW
RemovePropW
DestroyWindow
GetWindowTextW
GetWindowTextA
SetWindowTextA
SendMessageW

kernel32

QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
Sleep
CreateFileMappingW
GetLastError
FileTimeToSystemTime
GetDateFormatA
UnmapViewOfFile
MapViewOfFile
CreateFileA
VerifyVersionInfoW
MultiByteToWideChar
VerSetConditionMask
CloseHandle
GetLocalTime
DisableThreadLibraryCalls
GetProcAddress
GetModuleFileNameW
LoadLibraryW
FreeLibrary
CreateMutexW
GetSystemTime
ReleaseMutex
OutputDebugStringA
GetCurrentThreadId
WaitForSingleObject

advapi32

RegCreateKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegSetValueExW
RegDeleteKeyA
RegDeleteValueA
RegOpenKeyA
RegQueryValueExA

comctl32

CreatePropertySheetPageW

crypt32

CertCreateCertificateContext
CertOpenSystemStoreA
CertCompareCertificateName
CertGetNameStringA
CertGetCertificateContextProperty
CertEnumCertificatesInStore
CertCloseStore
CertAddCertificateContextToStore
CertFreeCertificateContext

cryptui

CryptUIDlgViewContext

comdlg32

GetOpenFileNameA

gdi32

GetDeviceCaps

mfc42u

ord626
ord2846
ord1040
ord1812
ord4557

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 622B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/Driver Files/Driver/Windows_7_64bit/Rtlihvs.dll
.dll windows x64

85422f7dfa4940a6953a12fd0e12d874

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:20:be:3e:b8:66:52:69:27:f9:99:b9:7b:04:34:6e
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/06/2016, 00:00

Not After

24/01/2019, 12:00

Subject

SERIALNUMBER=22671299,CN=Realtek Semiconductor Corp.,O=Realtek Semiconductor Corp.,POSTALCODE=300,STREET=No. 2\, Innovation Road II\, Hsinchu Science Park,L=Hsinchu,ST=Taiwan,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:6d:9d:a5:3e:87:00:9d:33:49:00:00:00:00:00:6d
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/09/2018, 19:45

Not After

20/09/2019, 19:45

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

21:da:37:8b:ec:f3:e7:35:22:1d:03:80:90:57:cc:bf:82:e9:d2:94:13:fe:81:46:62:db:60:21:c7:87:d1:4a
Signer

Actual PE Digest

21:da:37:8b:ec:f3:e7:35:22:1d:03:80:90:57:cc:bf:82:e9:d2:94:13:fe:81:46:62:db:60:21:c7:87:d1:4a

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

13/04/2023, 18:12
Valid: false

1f:48:03:b0:37:f0:3d:6a:d5:95:8d:0c:33:8b:5c:f0:ce:31:7f:38
Signer

Actual PE Digest

1f:48:03:b0:37:f0:3d:6a:d5:95:8d:0c:33:8b:5c:f0:ce:31:7f:38

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

SERIALNUMBER=22671299,CN=Realtek Semiconductor Corp.,O=Realtek Semiconductor Corp.,POSTALCODE=300,STREET=No. 2\, Innovation Road II\, Hsinchu Science Park,L=Hsinchu,ST=Taiwan,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

25/06/2018, 03:48
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

crypt32

CryptUnprotectData
CertEnumCertificatesInStore
CertFreeCertificateContext
CertCloseStore
CertGetCertificateContextProperty
CertOpenStore

oleaut32

SysAllocString
SysStringByteLen
VariantInit
VariantClear
SysFreeString

kernel32

GetCurrentThreadId
FlsAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
RtlPcToFileHeader
GetCPInfo
GetACP
GetOEMCP
GetDriveTypeA
LCMapStringW
GetFileAttributesA
FreeLibrary
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
SetStdHandle
FlsGetValue
SetFilePointer
CreateFileW
GetStringTypeW
VirtualProtect
VirtualAlloc
SetThreadStackGuarantee
GetSystemInfo
VirtualQuery
HeapReAlloc
GetExitCodeProcess
CreateProcessA
SetEndOfFile
GetProcessHeap
ReadFile
CompareStringW
SetEnvironmentVariableA
CloseHandle
GetLastError
ReleaseMutex
SetEvent
WaitForSingleObject
ResetEvent
LocalFree
Sleep
LeaveCriticalSection
EnterCriticalSection
GetTempPathW
GetLocalTime
WideCharToMultiByte
CreateMutexA
InitializeCriticalSection
CreateEventA
SetLastError
FlsFree
DecodePointer
EncodePointer
ExitProcess
CreateThread
GetModuleHandleW
GetProcAddress
RaiseException
GetFullPathNameW
GetCurrentDirectoryW
RtlLookupFunctionEntry
CreateDirectoryW
HeapAlloc
HeapFree
RtlUnwindEx
GetVersionExW
GetCommandLineA
FlsSetValue
VerSetConditionMask
VerifyVersionInfoA
MultiByteToWideChar
WTSGetActiveConsoleSessionId
LocalAlloc
FormatMessageW
GetModuleFileNameA
GetPrivateProfileIntW
GetPrivateProfileStringW
TerminateThread
DeleteCriticalSection
WriteConsoleW
DisableThreadLibraryCalls
OutputDebugStringA
CreateFileA
HeapSize
LoadLibraryW
GlobalMemoryStatus
GetVersion
GetModuleHandleA
GetSystemDefaultLocaleName
GetComputerNameW
GetUserDefaultLocaleName
GetComputerNameA
GetTickCount64
GetVersionExA
SetThreadPriority
GetSystemTime
LoadLibraryA

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyA
RegOpenKeyA
FreeSid
ConvertSidToStringSidA
RegisterEventSourceW
ReportEventW
DeregisterEventSource
CryptReleaseContext
DuplicateToken
GetTokenInformation
RegDeleteValueA
RegGetValueA
CryptAcquireContextA
CryptGenRandom
RegCreateKeyExA
ImpersonateLoggedOnUser
RevertToSelf
GetUserNameA
LookupAccountNameA
RegCloseKey

ole32

CreateStreamOnHGlobal
CoCreateInstance
CoInitializeEx
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize

iphlpapi

IcmpSendEcho
GetIpNetTable2
GetInterfaceInfo
IpReleaseAddress
IcmpCloseHandle
IcmpCreateFile
Icmp6SendEcho2
Icmp6CreateFile
FreeMibTable
GetUnicastIpAddressTable
NotifyIpInterfaceChange
GetAdaptersAddresses
CancelMibChangeNotify2
GetAdaptersInfo
GetIpAddrTable
GetIfTable
CancelIPChangeNotify
IpRenewAddress
NotifyAddrChange

ws2_32

getaddrinfo
inet_ntoa
WSACleanup
htons
inet_addr
ntohs
WSAStartup

rpcrt4

UuidToStringA
UuidCreate
RpcStringFreeA

user32

GetUserObjectInformationW
GetSystemMetrics
MessageBoxW
GetProcessWindowStation
MsgWaitForMultipleObjects
GetDesktopWindow

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsA
WTSQuerySessionInformationA
WTSQueryUserToken

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

wlanapi

WlanScan
WlanFreeMemory
WlanRegisterVirtualStationNotification
WlanRegisterNotification
WlanOpenHandle
WlanCloseHandle
WlanGetNetworkBssList
WlanGetProfile
WlanReasonCodeToString
WlanDisconnect
WlanConnect
WlanGetAvailableNetworkList
WlanGetProfileList
WlanQueryInterface
WlanSetSecuritySettings

xmllite

CreateXmlReader

Exports

Exports

Dot11ExtIhvGetVersionInfo
Dot11ExtIhvInitService
Dot11ExtIhvInitVirtualStation

Sections

.text
Size: 984KB - Virtual size: 983KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 85KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/Driver Files/Driver/Windows_7_64bit/TP_PHY_REG_PG_Enc_725v3.txt
plugins/Driver Files/Driver/Windows_7_64bit/TP_TXPWR_LMT_Enc_725v3.txt
plugins/Driver Files/Driver/Windows_7_64bit/netrtwlanu.cat
plugins/Driver Files/Driver/Windows_7_64bit/netrtwlanu.inf
plugins/Driver Files/Driver/Windows_7_64bit/rtlCoInst.dat
plugins/Driver Files/Driver/Windows_7_64bit/rtlCoInst.dll
.dll windows x64

49861fc8b24187bb146a41202e5ab2c3

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:20:be:3e:b8:66:52:69:27:f9:99:b9:7b:04:34:6e
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/06/2016, 00:00

Not After

24/01/2019, 12:00

Subject

SERIALNUMBER=22671299,CN=Realtek Semiconductor Corp.,O=Realtek Semiconductor Corp.,POSTALCODE=300,STREET=No. 2\, Innovation Road II\, Hsinchu Science Park,L=Hsinchu,ST=Taiwan,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:6d:9d:a5:3e:87:00:9d:33:49:00:00:00:00:00:6d
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/09/2018, 19:45

Not After

20/09/2019, 19:45

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

16:88:3f:3a:a8:77:b2:3c:c0:8b:a7:7b:0c:1b:97:40:e8:ad:f7:5d:9e:5a:99:9f:f8:8d:4e:20:ef:6e:2d:ba
Signer

Actual PE Digest

16:88:3f:3a:a8:77:b2:3c:c0:8b:a7:7b:0c:1b:97:40:e8:ad:f7:5d:9e:5a:99:9f:f8:8d:4e:20:ef:6e:2d:ba

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

13/04/2023, 18:12
Valid: false

0a:37:73:40:21:86:22:e8:a7:9f:54:7f:61:6d:21:cc:a1:23:51:82
Signer

Actual PE Digest

0a:37:73:40:21:86:22:e8:a7:9f:54:7f:61:6d:21:cc:a1:23:51:82

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

SERIALNUMBER=22671299,CN=Realtek Semiconductor Corp.,O=Realtek Semiconductor Corp.,POSTALCODE=300,STREET=No. 2\, Innovation Road II\, Hsinchu Science Park,L=Hsinchu,ST=Taiwan,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

25/06/2018, 03:48
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

free
_strnicmp
strncmp
fclose
malloc
sprintf
_initterm
memset
fopen
fgets
strtok

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiClassGuidsFromNameA
SetupDiOpenDevRegKey
SetupDiGetDeviceRegistryPropertyA
SetupDiSetClassInstallParamsA
SetupDiCallClassInstaller
SetupDiEnumDeviceInfo

kernel32

DisableThreadLibraryCalls
Sleep
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetLocaleInfoA
GetLastError
OutputDebugStringA
GetSystemDirectoryA

advapi32

RegOpenKeyA
RegDeleteKeyA
RegCloseKey
RegDeleteValueA
RegSetValueExA
RegQueryValueExA

Exports

Exports

rtlCoInst

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/Driver Files/Driver/Windows_7_64bit/rtwlanu.sys
.exe windows x64

d041ece6bae3d6cc2d80d6ef67185b05

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:20:be:3e:b8:66:52:69:27:f9:99:b9:7b:04:34:6e
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/06/2016, 00:00

Not After

24/01/2019, 12:00

Subject

SERIALNUMBER=22671299,CN=Realtek Semiconductor Corp.,O=Realtek Semiconductor Corp.,POSTALCODE=300,STREET=No. 2\, Innovation Road II\, Hsinchu Science Park,L=Hsinchu,ST=Taiwan,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:6d:9d:a5:3e:87:00:9d:33:49:00:00:00:00:00:6d
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/09/2018, 19:45

Not After

20/09/2019, 19:45

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

df:e2:87:ae:cc:fb:00:d3:25:8d:ab:3f:ad:7b:a7:30:de:2a:b2:0d:bb:2f:a0:5f:75:6b:b7:a6:22:15:70:51
Signer

Actual PE Digest

df:e2:87:ae:cc:fb:00:d3:25:8d:ab:3f:ad:7b:a7:30:de:2a:b2:0d:bb:2f:a0:5f:75:6b:b7:a6:22:15:70:51

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

13/04/2023, 18:12
Valid: false

3b:ab:38:f8:d1:a2:6e:87:29:80:1b:7e:89:0b:e0:03:25:77:09:43
Signer

Actual PE Digest

3b:ab:38:f8:d1:a2:6e:87:29:80:1b:7e:89:0b:e0:03:25:77:09:43

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

SERIALNUMBER=22671299,CN=Realtek Semiconductor Corp.,O=Realtek Semiconductor Corp.,POSTALCODE=300,STREET=No. 2\, Innovation Road II\, Hsinchu Science Park,L=Hsinchu,ST=Taiwan,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

25/06/2018, 03:50
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

KeClearEvent
KeWaitForSingleObject
KeSetEvent
PoUnregisterPowerSettingCallback
PoRegisterPowerSettingCallback
RtlCopyUnicodeString
IofCompleteRequest
IoWMIRegistrationControl
RtlCompareMemory
MmGetSystemRoutineAddress
ExFreePoolWithTag
IoWMIWriteEvent
ExAllocatePoolWithTag
ZwClose
ZwDeviceIoControlFile
ZwCreateFile
_vsnprintf
KeInitializeEvent
KeFlushQueuedDpcs
RtlFreeAnsiString
strncpy
RtlUnicodeStringToAnsiString
KeBugCheckEx
DbgPrint
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlUnicodeStringToInteger
RtlFreeUnicodeString
KeInitializeMutex
KeReleaseMutex
PsTerminateSystemThread
PsCreateSystemThread
ObReferenceObjectByHandle
ObfDereferenceObject
KeInitializeSemaphore
KeReleaseSemaphore
RtlInitString
ZwOpenKey
ZwQueryValueKey
strchr
wcsstr
ZwEnumerateKey
ZwSetValueKey
IoCsqInsertIrp
IoCsqInitialize
IoCsqRemoveNextIrp
RtlGUIDFromString
KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc
MmMapLockedPagesSpecifyCache
RtlInitUnicodeString

hal

KeStallExecutionProcessor
KeQueryPerformanceCounter

ndis.sys

NdisOpenConfigurationEx
NdisMSleep
NdisMIndicateReceiveNetBufferLists
NdisAllocateNetBufferAndNetBufferList
NdisAllocateMdl
NdisFreeNetBufferListPool
NdisAllocateNetBufferListPool
NdisFreeNetBufferList
NdisFreeMdl
NdisMDeregisterMiniportDriver
NdisMGetDeviceProperty
NdisMRegisterMiniportDriver
NdisGetVersion
NdisCloseConfiguration
NdisMNetPnPEvent
NdisMAllocatePort
NdisAllocateMemoryWithTagPriority
NdisQueueIoWorkItem
NdisFreeIoWorkItem
NdisAllocateIoWorkItem
NdisFreeTimerObject
NdisCancelTimerObject
NdisSetTimerObject
NdisAllocateTimerObject
NdisSetEvent
NdisMOidRequestComplete
NdisMIndicateStatusEx
NdisReadConfiguration
NdisMFreePort
NdisInitializeEvent
NdisInitializeString
NdisOpenFile
NdisMapFile
NdisUnmapFile
NdisCloseFile
NdisFreeMemory
NdisWriteConfiguration
NdisWaitEvent
NdisResetEvent
NdisMSendNetBufferListsComplete
NdisMSetMiniportAttributes
NdisMRemoveMiniport
NdisRegisterDeviceEx
NdisDeregisterDeviceEx
NdisReadNetworkAddress

wdfldr.sys

WdfVersionBindClass
WdfVersionUnbindClass
WdfVersionBind
WdfVersionUnbind

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.5MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 410KB - Virtual size: 410KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/Driver Files/ISSetup.dll
.dll regsvr32 windows x86

d2de62954e2245a65e4524f1ce87517e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

WaitForInputIdle

gdi32

CreatePalette

advapi32

LookupPrivilegeValueA

shell32

SHGetMalloc

ole32

WriteClassStm

oleaut32

BSTR_UserFree

rpcrt4

UuidCreate

winmm

mciSendCommandA

version

GetFileVersionInfoA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProductSKU
InstallEngineTypelib
RemoveEngineTypelib

Sections

.text
Size: 390KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 131KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
plugins/Driver Files/Setup
.exe windows x86

8f244019e52c417786599750d44c515a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

kernel32

LoadLibraryExA
QueryPerformanceFrequency
CreateEventA
ReadFile
CompareStringA
CompareStringW
GlobalSize
SizeofResource
FreeResource
SearchPathA
FindNextFileA
GetTempFileNameA
GetExitCodeProcess
TerminateProcess
OpenProcess
GetLocalTime
InitializeCriticalSection
GetCurrentProcessId
GetVersion
LeaveCriticalSection
EnterCriticalSection
GetCurrentThread
VirtualQuery
VirtualProtect
UnmapViewOfFile
GetShortPathNameA
MapViewOfFile
CreateFileMappingA
SetEvent
ResetEvent
QueryPerformanceCounter
SystemTimeToFileTime
lstrcmpA
MoveFileExA
GetDiskFreeSpaceA
GetSystemDirectoryA
GetSystemInfo
IsBadReadPtr
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
lstrcpyA
lstrlenA
Sleep
CloseHandle
CreateProcessA
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
RemoveDirectoryA
DeleteFileA
ResumeThread
SetThreadContext
MulDiv
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
SetEndOfFile
FlushFileBuffers
SetStdHandle
IsBadCodePtr
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
HeapSize
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
TlsGetValue
TlsAlloc
CreateDirectoryA
FindFirstFileA
FindClose
lstrcmpiA
lstrcpynA
WriteFile
GetDriveTypeA
SetFilePointer
GetFileAttributesA
ReleaseMutex
GetPrivateProfileIntA
lstrcatA
LoadLibraryA
GetSystemDefaultLangID
CreateMutexA
FreeLibrary
SetErrorMode
GetTickCount
FindResourceExA
FindResourceA
LoadResource
LockResource
GetWindowsDirectoryA
InterlockedDecrement
LocalFree
InterlockedIncrement
FormatMessageA
GetTempPathA
GetVersionExA
CreateFileA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
GetLastError
SetLastError
WaitForSingleObject
ExitProcess
GetCurrentProcess
DuplicateHandle
GetThreadContext
VirtualProtectEx
WriteProcessMemory
FlushInstructionCache
TlsSetValue
GetCurrentThreadId
GetCommandLineA
GetStartupInfoA
RaiseException
HeapAlloc
HeapFree
RtlUnwind
DeleteCriticalSection
InterlockedExchange
GetFileSize

user32

SetWindowLongA
SetWindowTextA
SendMessageA
GetDlgItem
wsprintfA
WaitForInputIdle
CharUpperA
MessageBoxA
DialogBoxIndirectParamA
SetDlgItemTextA
MsgWaitForMultipleObjects
CharLowerBuffA
SetFocus
BeginPaint
EndPaint
LoadStringA
FillRect
ScreenToClient
GetWindowTextLengthA
GetWindowTextA
GetWindowPlacement
SendDlgItemMessageA
GetMessageA
DefWindowProcA
GetParent
GetWindow
SystemParametersInfoA
MapWindowPoints
SetWindowPos
GetPropA
EnableMenuItem
SetPropA
RemovePropA
ShowWindow
IsWindow
GetSysColor
LoadImageA
CreateDialogParamA
GetDC
ReleaseDC
SetActiveWindow
PeekMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
CreateDialogIndirectParamA
SetForegroundWindow
GetDesktopWindow
GetClientRect
EnableWindow
IsWindowEnabled
GetWindowDC
UpdateWindow
InvalidateRect
DrawIcon
MapDialogRect
GetClassNameA
CallWindowProcA
DrawFocusRect
InflateRect
DrawTextA
CopyRect
EnumChildWindows
CreateWindowExA
RegisterClassExA
IntersectRect
GetDlgItemTextA
GetWindowLongA
GetWindowRect
MoveWindow
EndDialog
LoadIconA

gdi32

CreateCompatibleBitmap
CreateDCA
GetStockObject
GetTextExtentPoint32A
CreatePatternBrush
DeleteMetaFile
SetMetaFileBitsEx
SetStretchBltMode
SelectClipRgn
SetPixel
PatBlt
PlayMetaFile
StretchBlt
CreateBitmap
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
CreateDIBitmap
SaveDC
SetBkMode
SetTextColor
TextOutA
RestoreDC
GetTextExtentPointA
CreateFontIndirectA
SetBkColor
CreateRectRgn
DeleteObject
CreateSolidBrush
GetDIBColorTable
GetSystemPaletteEntries
CreatePalette
CreateHalftonePalette
GetDeviceCaps
GetObjectA
CreateCompatibleDC
UnrealizeObject
SelectPalette
RealizePalette
SelectObject
BitBlt
DeleteDC
SetMapMode

advapi32

RegCloseKey
RegQueryValueA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyExA
RegEnumKeyA
RegOpenKeyA
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
OpenThreadToken

shell32

SHGetPathFromIDListA
SHGetMalloc
ShellExecuteExA
SHGetSpecialFolderLocation

ole32

CoInitialize
CoUninitialize

oleaut32

SysFreeString
SysAllocString
SysAllocStringLen
SysReAllocStringLen
SysStringLen
GetErrorInfo
VariantClear
VariantChangeType

lz32

LZOpenFileA
LZCopy
LZClose

rpcrt4

RpcStringFreeA
UuidCreate
UuidToStringA

Sections

.text
Size: 288KB - Virtual size: 286KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/Driver Files/_Setup.dll
.dll windows x86

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:69:39:c4:75:d5:3c:1d:70:99:2d:b8:a8:7e:b7:d3
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

10/02/2006, 00:00

Not After

20/02/2008, 23:59

Subject

CN=Macrovision Corporation,OU=ENGINEERING,O=Macrovision Corporation,L=Schaumburg,ST=Illinois,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

ff:3a:7f:c5:ca:c7:9c:8d:98:90:62:14:aa:1d:71:6e:82:34:c3:b8
Signer

Actual PE Digest

ff:3a:7f:c5:ca:c7:9c:8d:98:90:62:14:aa:1d:71:6e:82:34:c3:b8

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Macrovision Corporation,OU=ENGINEERING,O=Macrovision Corporation,L=Schaumburg,ST=Illinois,C=US

13/04/2023, 18:12
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 4KB - Virtual size: 6B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/Driver Files/data1.cab
plugins/Driver Files/data1.hdr
plugins/Driver Files/data2.cab
plugins/Driver Files/layout.bin
plugins/Driver Files/setup.ini
plugins/Driver Files/setup.inx
plugins/Driver Files/setup.iss
plugins/Driver Files/uninstall.iss
plugins/Driver Files/update.iss
plugins/setupUi.dll
.dll windows x86

7b78688864f7f8734a5a3cab95ad73af

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetVersionExW
GetTickCount
GetModuleFileNameW
GetModuleHandleW
GetVersionExA
FreeLibrary
GetProcAddress
MulDiv
GetFullPathNameW
FreeResource
SetLastError
FindFirstFileW
FindClose
FindResourceW
SizeofResource
LoadResource
LockResource
Sleep
HeapCreate
HeapAlloc
HeapFree
GetCurrentProcess
InterlockedCompareExchange
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushInstructionCache
InterlockedExchange
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetModuleHandleA
SetFilePointer
SetStdHandle
LCMapStringW
LCMapStringA
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
CloseHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
HeapSize
GetModuleFileNameA
GetStdHandle
WriteFile
VirtualAlloc
VirtualFree
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RaiseException
ReadFile
HeapReAlloc
GetSystemTimeAsFileTime
RtlUnwind
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetProcessHeap
GetLastError
GetTimeZoneInformation
HeapDestroy
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThreadId
GetLocalTime
GlobalUnlock
GlobalLock
lstrcpyW
LoadLibraryW
SetCurrentDirectoryW
lstrcpynW
MultiByteToWideChar
lstrcpyA
GlobalFree
GlobalAlloc
lstrcpynA
WideCharToMultiByte
ExitProcess
InterlockedDecrement
InterlockedIncrement
CreateFileW
lstrlenA

user32

SetWindowLongW
GetWindowLongW
GetCursorPos
IsIconic
ShowWindow
PostMessageW
SendMessageW
SetWindowPos
GetActiveWindow
MapWindowPoints
GetClientRect
GetParent
GetWindowRect
GetMonitorInfoW
MonitorFromWindow
GetWindow
MessageBoxW
CallWindowProcW
FindWindowExW
DestroyWindow
DestroyCursor
LoadCursorW
UnregisterClassW
GetDlgItem
DefWindowProcW
CreateWindowExW
InvertRect
FillRect
DrawIconEx
RegisterClassExW
CopyRect
IsRectEmpty
SetRect
GetDesktopWindow
IsWindowEnabled
SetActiveWindow
EnableWindow
UpdateLayeredWindow
PtInRect
MapVirtualKeyA
CharLowerBuffW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
DrawTextW
IsWindowVisible
SystemParametersInfoA
GetSystemMetrics
EnableMenuItem
GetKeyState
ClientToScreen
LoadIconW
CreateIconFromResource
LoadImageW
LoadBitmapW
GetFocus
CharNextW
GetIconInfo
OffsetRect
IsMenu
AppendMenuW
CreatePopupMenu
DestroyMenu
SetForegroundWindow
TrackPopupMenu
GetSysColor
GetMenuItemCount
GetMenuItemInfoW
SetLayeredWindowAttributes
BeginPaint
EndPaint
PostQuitMessage
GetClassNameW
TrackMouseEvent
AnimateWindow
IsZoomed
SetCaretPos
GetCaretBlinkTime
CreateCaret
HideCaret
GetCapture
ReleaseCapture
DestroyIcon
SetWindowTextW
SetFocus
SetCapture
ReleaseDC
GetDC
ScreenToClient
InvalidateRect
IsWindow
UpdateWindow
KillTimer
SetTimer
SetCursor
UnionRect
IntersectRect
InflateRect
EqualRect

gdi32

SetViewportOrgEx
CreateBitmap
CreateRoundRectRgn
CreateCompatibleDC
StretchBlt
DeleteDC
CreateSolidBrush
SelectObject
Rectangle
SetBkMode
CreateFontIndirectW
GetClipBox
GetDeviceCaps
SetGraphicsMode
EnumFontsW
GetStockObject
GetObjectW
DeleteObject
BitBlt
GetViewportOrgEx
GetCurrentObject
CreateCompatibleBitmap
CreateDIBSection
CombineRgn
PtInRegion
RectInRegion
GetRgnBox
OffsetRgn
SetRectRgn
SetTextColor
GetTextColor
ExtSelectClipRgn
SaveDC
CreateRectRgnIndirect
RestoreDC
ExcludeClipRect
IntersectClipRect
CreateRectRgn
GetTextExtentPoint32W
RoundRect
Ellipse
SetWorldTransform
GetWorldTransform
Polyline
Arc
Chord
CreatePen
CreatePatternBrush
GetClipRgn

shell32

SHGetPathFromIDListW
Shell_NotifyIconW
ShellExecuteW
SHBrowseForFolderW

ole32

CoCreateInstance
CreateBindCtx
OleLockRunning
IIDFromString
CLSIDFromString
CLSIDFromProgID
CreateStreamOnHGlobal
OleInitialize
CoTaskMemFree
OleUninitialize

oleaut32

SysAllocString
SysFreeString
GetErrorInfo

shlwapi

StrToIntExW

gdiplus

GdipDrawImageRectI
GdipGraphicsClear
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSaveImageToFile
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipFree

imm32

ImmGetContext
ImmReleaseContext

msimg32

GradientFill
AlphaBlend

Exports

Exports

BindControlAndNSISScript
BindingProgress
ClosePage
FindChildByName
FindStringByName
GetControlProperties
InitWindow
NSISMessageBox
NSISOpenFolderDialog
NSISScriptSendMessage
NSISSetProgBarRange
NSISSetProgBarValue
SetControlProperties
ShowPage

Sections

.text
Size: 618KB - Virtual size: 618KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/soui-sys-resource.dll
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/uires/Translator/lang_Chinese_tr.xml
plugins/uires/Translator/lang_Dutch.xml
plugins/uires/Translator/lang_English.xml
plugins/uires/Translator/lang_French(France).xml
plugins/uires/Translator/lang_German.xml
plugins/uires/Translator/lang_Indonesian.xml
plugins/uires/Translator/lang_Japanese.xml
plugins/uires/Translator/lang_Korean.xml
plugins/uires/Translator/lang_LatinSpanish.xml
plugins/uires/Translator/lang_Polish.xml
plugins/uires/Translator/lang_Portuguese(Brazil).xml
plugins/uires/Translator/lang_Russian.xml
plugins/uires/Translator/lang_Spanish.xml
plugins/uires/Translator/lang_Thai.xml
plugins/uires/Translator/lang_Ukraine.xml
plugins/uires/Translator/lang_VN.xml
plugins/uires/image/SearchCard_gif.gif
.gif
plugins/uires/image/Uninstall.ico
plugins/uires/image/WPS_des.png
.png
plugins/uires/image/WPS_logo.png
.png
plugins/uires/image/bkg_install_finish.png
.png
plugins/uires/image/bkg_msgbox.png
.png
plugins/uires/image/close_win_btn.png
.png
plugins/uires/image/close_win_btn_bak.png
.png
plugins/uires/image/custom_button.png
.png
plugins/uires/image/edit_input.png
.png
plugins/uires/image/fail_check.png
.png
plugins/uires/image/install_driver_ico.png
.png
plugins/uires/image/install_wpstool_ico.png
.png
plugins/uires/image/installing.gif
.gif
plugins/uires/image/logo.ico
plugins/uires/image/maintain_mode_bkg.png
.png
plugins/uires/image/mini_win_btn.png
.png
plugins/uires/image/msgbox_close_btn.png
.png
plugins/uires/image/msgbox_icon.png
.png
plugins/uires/image/path_select_btn.png
.png
plugins/uires/image/progbar_bkg.png
.png
plugins/uires/image/progbar_full.png
.png
plugins/uires/image/radio_bkg.png
.png
plugins/uires/image/radio_bkg_bak.png
.png
plugins/uires/image/radio_check.png
.png
plugins/uires/image/radio_check_bak.png
.png
plugins/uires/image/radio_select.png
.png
plugins/uires/image/radio_select_bak.png
.png
plugins/uires/image/remove_icon.png
.png
plugins/uires/image/removing.gif
.gif
plugins/uires/image/repair_icon.png
.png
plugins/uires/image/repairing.gif
.gif
plugins/uires/image/searching.gif
.gif
plugins/uires/image/shadow.png
.png
plugins/uires/image/short_btn_no.png
.png
plugins/uires/image/short_btn_yes.png
.png
plugins/uires/image/short_btn_yes_wpstool.png
.png
plugins/uires/image/step_btn.png
.png
plugins/uires/image/success_check.png
.png
plugins/uires/uires.idx
.xml
plugins/uires/xml/dlg_main.xml
plugins/uires/xml/init.xml
plugins/uires/xml/msgbox.xml
plugins/uires/xml/page_askinstalldriverwpstool.xml
.xml
plugins/uires/xml/page_askinstallwpstool.xml
.xml
plugins/uires/xml/page_askrebootcomputer.xml
.xml
plugins/uires/xml/page_cardnotexist.xml
.xml
plugins/uires/xml/page_driverinstallfinish.xml
.xml
plugins/uires/xml/page_installingdriver.xml
.xml
plugins/uires/xml/page_installingwpstool.xml
.xml
plugins/uires/xml/page_maintain.xml
.xml
plugins/uires/xml/page_pathselect.xml
.xml
plugins/uires/xml/page_removefinish.xml
.xml
plugins/uires/xml/page_removingdriver.xml
.xml
plugins/uires/xml/page_removingwpstool.xml
.xml
plugins/uires/xml/page_repairfinish.xml
.xml
plugins/uires/xml/page_repairingdriver.xml
.xml
plugins/uires/xml/page_repairingwpstool.xml
.xml
plugins/uires/xml/page_searchingcard.xml
.xml
plugins/uires/xml/page_wpstoolinstallfinish.xml
.xml
readme.txt

Sharing

General

Malware Config

Signatures

Files

Password: infected

e6a1fee3f8de879a9adf43270d4296be

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 105KB

.ndata Size: - Virtual size: 104KB

.rsrc Size: 121KB - Virtual size: 120KB

f3b2dd92c703d59ebb05c6dc9bacf48e

Code Sign

61:20:4d:b4:00:00:00:00:00:27Certificate

Key Usages

03:20:be:3e:b8:66:52:69:27:f9:99:b9:7b:04:34:6eCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

33:00:00:00:6d:9d:a5:3e:87:00:9d:33:49:00:00:00:00:00:6dCertificate

Extended Key Usages

61:0b:aa:c1:00:00:00:00:00:09Certificate

Key Usages

57:05:ea:67:a8:3e:38:65:d9:e0:d0:c5:b3:4c:d9:7d:a5:e8:10:ce:19:23:82:8a:d5:a7:99:60:bb:48:bb:52Signer

Signature Validations

Verification

13/04/2023, 18:12 Valid: false

65:0b:34:b8:63:71:21:6e:65:53:d5:5a:db:88:4e:05:be:91:d8:e3Signer

Signature Validations

Verification

25/06/2018, 03:48 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ole32

oleaut32

user32

kernel32

advapi32

comctl32

ws2_32

crypt32

cryptui

comdlg32

gdi32

mfc42u

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 56KB

.data Size: 1KB - Virtual size: 13KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 5KB - Virtual size: 4KB

0e855b7873f102fa0c98ea235406b0ff

Code Sign

61:20:4d:b4:00:00:00:00:00:27Certificate

Key Usages

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 105KB

.ndata
Size: - Virtual size: 104KB

.rsrc
Size: 121KB - Virtual size: 120KB

61:20:4d:b4:00:00:00:00:00:27
Certificate

03:20:be:3e:b8:66:52:69:27:f9:99:b9:7b:04:34:6e
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

33:00:00:00:6d:9d:a5:3e:87:00:9d:33:49:00:00:00:00:00:6d
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

57:05:ea:67:a8:3e:38:65:d9:e0:d0:c5:b3:4c:d9:7d:a5:e8:10:ce:19:23:82:8a:d5:a7:99:60:bb:48:bb:52
Signer

13/04/2023, 18:12
Valid: false

65:0b:34:b8:63:71:21:6e:65:53:d5:5a:db:88:4e:05:be:91:d8:e3
Signer

25/06/2018, 03:48
Valid: false

.text
Size: 56KB - Virtual size: 56KB

.data
Size: 1KB - Virtual size: 13KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 5KB - Virtual size: 4KB

61:20:4d:b4:00:00:00:00:00:27
Certificate

03:20:be:3e:b8:66:52:69:27:f9:99:b9:7b:04:34:6e
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

33:00:00:00:6d:9d:a5:3e:87:00:9d:33:49:00:00:00:00:00:6d
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

50:4d:c9:1d:40:8c:59:00:58:16:0c:db:c8:df:be:5a:04:ad:29:c1:1a:e4:13:a6:99:3e:a5:05:9b:98:df:c8
Signer

13/04/2023, 18:12
Valid: false

c9:88:95:6a:43:94:9e:2c:e4:67:0f:bc:0d:fa:2f:a9:8d:88:01:fc
Signer

25/06/2018, 03:48
Valid: false

.text
Size: 876KB - Virtual size: 876KB

.data
Size: 55KB - Virtual size: 76KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 54KB - Virtual size: 53KB

61:20:4d:b4:00:00:00:00:00:27
Certificate

03:20:be:3e:b8:66:52:69:27:f9:99:b9:7b:04:34:6e
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

33:00:00:00:6d:9d:a5:3e:87:00:9d:33:49:00:00:00:00:00:6d
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

b4:8b:6b:ff:2b:cd:83:f9:21:7b:4d:c7:84:39:a2:8c:f9:17:d8:f4:2d:42:30:73:d4:fd:1f:3d:48:9d:c8:82
Signer