MDE_File_Sample_335c8374332c79efc5f652584a985df484632262[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

MDE_File_Sample_335c8374332c79efc5f652584a985df484632262.zip
Size

4.1MB
MD5

783076aade4708c95df5dfafc382f9e4
SHA1

f383e19557f22424bc2395e92fefef7e79d6d795
SHA256

cc7d17e6489654846c06cdc421fefda6b9c287f76893328068a595add73ee083
SHA512

6444c41860942cf3d006e632e00430c543a7fab032c103fb6e3a12d929959980c5584e94974d31595fa5f6cf9c13e5bb60e8858c58130e43512c4dee9fc81b57
SSDEEP

98304:OtisO4Zh+axQ3HLvM5RB5Fmg3nenf36uEr2IITaJU+jTs:Otislh++Q3wRBmmuCuX9+jA

Score

1^/10

Malware Config

Signatures

Files

MDE_File_Sample_335c8374332c79efc5f652584a985df484632262.zip
.zip

Password: infected
TradingView Premium Unlocker.zip
.zip
Drivers/Dot4/AMD64/winxp/HPZid412.sys
.exe windows x64

179a94b230188d638f01aaa7a337b155

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ae:a1:01:2d:5c:cb:bf:26:5f:d0:c6:61:3c:1c:c1
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/08/2020, 00:00

Not After

12/08/2021, 12:00

Subject

CN=HP Inc.,OU=HP Cybersecurity,O=HP Inc.,L=Palo Alto,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:97:d7:9f:85:90:6e:a3:18:a4:00:00:00:00:00:97
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/03/2020, 17:47

Not After

05/03/2021, 17:47

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b7:53:e7:10:13:71:1d:d7:dd:e0:b6:bc:f9:d6:37:c8:40:5a:9c:e9:a7:20:d5:56:00:01:b7:bc:da:30:ae:25
Signer

Actual PE Digest

b7:53:e7:10:13:71:1d:d7:dd:e0:b6:bc:f9:d6:37:c8:40:5a:9c:e9:a7:20:d5:56:00:01:b7:bc:da:30:ae:25

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

13/04/2023, 18:12
Valid: false

0d:77:7e:88:8c:49:65:28:35:0a:69:b8:a7:08:f6:5b:5c:9f:d6:ec
Signer

Actual PE Digest

0d:77:7e:88:8c:49:65:28:35:0a:69:b8:a7:08:f6:5b:5c:9f:d6:ec

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=HP Inc.,OU=HP Cybersecurity,O=HP Inc.,L=Palo Alto,ST=California,C=US

20/08/2020, 18:35
Valid: true

Chain 1

CN=HP Inc.,OU=HP Cybersecurity,O=HP Inc.,L=Palo Alto,ST=California,C=US

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoFreeIrp
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
IoAllocateIrp
RtlAppendUnicodeStringToString
RtlCopyUnicodeString
RtlInitUnicodeString
IoCreateDevice
RtlIntegerToUnicodeString
RtlCompareUnicodeString
ZwClose
IoOpenDeviceRegistryKey
ExFreePoolWithTag
ObfReferenceObject
IoDeleteDevice
IoDetachDevice
IoReleaseRemoveLockAndWaitEx
IofCompleteRequest
IoAttachDeviceToDeviceStack
IoInitializeRemoveLockEx
KeInitializeMutex
PoSetPowerState
KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc
IoReleaseCancelSpinLock
IoBuildSynchronousFsdRequest
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
IoGetDeviceProperty
ObfDereferenceObject
RtlQueryRegistryValues
IoAcquireRemoveLockEx
KeSetEvent
KeReleaseMutex
DbgBreakPoint
ZwCreateFile
ZwWriteFile
ZwQueryInformationFile
KeDelayExecutionThread
PoCallDriver
PoStartNextPowerIrp
ZwCreateKey
ZwSetValueKey
ZwQueryValueKey
ZwEnumerateKey
MmMapLockedPagesSpecifyCache
RtlCopyString
RtlInitAnsiString
RtlUnicodeStringToAnsiString
RtlCompareString
KeClearEvent
KeReadStateEvent
KeWaitForMultipleObjects
KeQueryTimeIncrement
IoWMIRegistrationControl
PsTerminateSystemThread
KeSetPriorityThread
ObReferenceObjectByHandle
PsCreateSystemThread
KeBugCheckEx
ExAllocatePoolWithTag
IoReleaseRemoveLockEx
DbgPrint

wmilib.sys

WmiCompleteRequest
WmiSystemControl

Sections

.text
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Drivers/Dot4/AMD64/winxp/HPZipr12.sys
.exe windows x64

f60663cba2fd2150c6b47a2e0cab86b7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3f:d0:e0:11:89:62:94:82:b4:64:d5:d9:fd:03:3b:30
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/06/2014, 00:00

Not After

24/07/2016, 23:59

Subject

CN=Hewlett-Packard Company,O=Hewlett-Packard Company,L=Palo Alto,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:97:d7:9f:85:90:6e:a3:18:a4:00:00:00:00:00:97
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/03/2020, 17:47

Not After

05/03/2021, 17:47

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:57:89:64:d8:b2:4f:2c:3c:03:d6:7b:9a:b4:e1:2c:f2:4b:18:ea:52:00:68:00:40:80:15:71:e6:65:6f:c5
Signer

Actual PE Digest

20:57:89:64:d8:b2:4f:2c:3c:03:d6:7b:9a:b4:e1:2c:f2:4b:18:ea:52:00:68:00:40:80:15:71:e6:65:6f:c5

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

13/04/2023, 18:12
Valid: false

cb:12:0c:07:1f:1f:44:c2:4f:ce:db:67:c0:04:b0:b8:e0:66:9d:71
Signer

Actual PE Digest

cb:12:0c:07:1f:1f:44:c2:4f:ce:db:67:c0:04:b0:b8:e0:66:9d:71

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Hewlett-Packard Company,O=Hewlett-Packard Company,L=Palo Alto,ST=California,C=US

14/08/2015, 17:33
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

KeWaitForSingleObject
IofCallDriver
IoBuildDeviceIoControlRequest
KeInitializeEvent
DbgPrint
RtlInitUnicodeString
ExAllocatePoolWithTag
ExFreePool
IofCompleteRequest
ZwClose
IoOpenDeviceRegistryKey
RtlUnicodeStringToAnsiString
ZwQueryValueKey
ZwCreateKey
KeReleaseMutex
RtlCopyUnicodeString
KeSetEvent
IoFreeIrp
IoAllocateIrp
RtlCompareUnicodeString
RtlAppendUnicodeStringToString
ZwSetValueKey
ZwDeleteValueKey
IoGetDeviceInterfaces
IoOpenDeviceInterfaceRegistryKey
IoSetDeviceInterfaceState
RtlIntegerToUnicodeString
IoDeleteDevice
RtlFreeUnicodeString
IoAttachDeviceToDeviceStack
IoRegisterDeviceInterface
KeInitializeMutex
PoSetPowerState
IoCreateDevice
ObfReferenceObject
IoDetachDevice
DbgBreakPoint
PoCallDriver
PoStartNextPowerIrp
KeBugCheckEx

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Drivers/Dot4/AMD64/winxp/HPZisc12.sys
.exe windows x64

e3103f9cba40bc6159a73d3324182cd9

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ae:a1:01:2d:5c:cb:bf:26:5f:d0:c6:61:3c:1c:c1
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/08/2020, 00:00

Not After

12/08/2021, 12:00

Subject

CN=HP Inc.,OU=HP Cybersecurity,O=HP Inc.,L=Palo Alto,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:97:d7:9f:85:90:6e:a3:18:a4:00:00:00:00:00:97
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/03/2020, 17:47

Not After

05/03/2021, 17:47

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a3:1b:0a:30:de:39:0c:d2:74:ea:5c:02:d8:ea:7f:3e:94:8a:db:17:a2:67:ec:69:27:d1:ba:a0:4a:2a:da:77
Signer

Actual PE Digest

a3:1b:0a:30:de:39:0c:d2:74:ea:5c:02:d8:ea:7f:3e:94:8a:db:17:a2:67:ec:69:27:d1:ba:a0:4a:2a:da:77

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

13/04/2023, 18:12
Valid: false

3c:af:fe:70:92:f1:4a:38:f0:57:0b:94:72:85:60:ad:3e:6e:fa:c8
Signer

Actual PE Digest

3c:af:fe:70:92:f1:4a:38:f0:57:0b:94:72:85:60:ad:3e:6e:fa:c8

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=HP Inc.,OU=HP Cybersecurity,O=HP Inc.,L=Palo Alto,ST=California,C=US

20/08/2020, 18:35
Valid: true

Chain 1

CN=HP Inc.,OU=HP Cybersecurity,O=HP Inc.,L=Palo Alto,ST=California,C=US

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

KeWaitForSingleObject
IofCallDriver
IoBuildDeviceIoControlRequest
KeInitializeEvent
DbgPrint
RtlInitUnicodeString
ExAllocatePoolWithTag
ExFreePool
RtlUnicodeStringToAnsiString
IofCompleteRequest
ZwClose
ZwQueryValueKey
ZwCreateKey
KeReleaseMutex
RtlCopyUnicodeString
_vsnprintf
KeSetEvent
IoFreeIrp
IoAllocateIrp
ZwSetValueKey
RtlCompareUnicodeString
IoOpenDeviceRegistryKey
IoDeleteDevice
IoDetachDevice
IoDeleteSymbolicLink
RtlFreeUnicodeString
IoSetDeviceInterfaceState
RtlAnsiStringToUnicodeString
RtlInitAnsiString
IoAttachDeviceToDeviceStack
IoRegisterDeviceInterface
KeInitializeMutex
PoSetPowerState
IoCreateSymbolicLink
IoCreateDevice
PoCallDriver
PoStartNextPowerIrp
KeBugCheckEx

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Drivers/Dot4/AMD64/winxp/HPZius12.sys
.exe windows x64

d95e4ca5a4268863c9d885f52c903115

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ae:a1:01:2d:5c:cb:bf:26:5f:d0:c6:61:3c:1c:c1
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/08/2020, 00:00

Not After

12/08/2021, 12:00

Subject

CN=HP Inc.,OU=HP Cybersecurity,O=HP Inc.,L=Palo Alto,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:97:d7:9f:85:90:6e:a3:18:a4:00:00:00:00:00:97
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/03/2020, 17:47

Not After

05/03/2021, 17:47

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:e3:9b:29:a1:7a:8d:4f:02:7e:4c:6a:6f:79:e7:61:ec:c6:57:a5:6d:c8:8d:49:eb:35:96:7a:28:bc:4f:72
Signer

Actual PE Digest

20:e3:9b:29:a1:7a:8d:4f:02:7e:4c:6a:6f:79:e7:61:ec:c6:57:a5:6d:c8:8d:49:eb:35:96:7a:28:bc:4f:72

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

13/04/2023, 18:12
Valid: false

b1:8d:7f:17:61:97:5e:3a:f3:34:50:9b:e0:59:8f:07:30:00:03:63
Signer

Actual PE Digest

b1:8d:7f:17:61:97:5e:3a:f3:34:50:9b:e0:59:8f:07:30:00:03:63

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=HP Inc.,OU=HP Cybersecurity,O=HP Inc.,L=Palo Alto,ST=California,C=US

20/08/2020, 18:35
Valid: true

Chain 1

CN=HP Inc.,OU=HP Cybersecurity,O=HP Inc.,L=Palo Alto,ST=California,C=US

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoAttachDeviceToDeviceStack
IoCreateDevice
RtlFreeUnicodeString
DbgBreakPoint
RtlCopyUnicodeString
ExAllocatePoolWithTag
IoReleaseRemoveLockEx
IofCompleteRequest
KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc
IofCallDriver
IoAcquireRemoveLockEx
ExFreePool
IoDeleteDevice
IoDetachDevice
IoReleaseRemoveLockAndWaitEx
IoFreeIrp
IoAllocateIrp
PoCallDriver
PoStartNextPowerIrp
IoInitializeRemoveLockEx
RtlQueryRegistryValues
IoReuseIrp
KeSetEvent
KeWaitForSingleObject
IoCancelIrp
KeClearEvent
IoInitializeIrp
IoFreeMdl
MmBuildMdlForNonPagedPool
IoAllocateMdl
MmMapLockedPagesSpecifyCache
KeResetEvent
IoFreeWorkItem
IoQueueWorkItem
IoAllocateWorkItem
KeBugCheckEx
KeInitializeEvent
PoRequestPowerIrp
DbgPrint

usbd.sys

USBD_ParseConfigurationDescriptorEx
USBD_CreateConfigurationRequestEx

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 508B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 198B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Drivers/LanguageIni/ChineseS/Bloody7_ChineseS.ini
Drivers/LanguageIni/ChineseS/Drag-Macro_ChineseS.ini
Drivers/LanguageIni/ChineseS/Install_ChineseS.ini
Drivers/LanguageIni/ChineseS/Oscar-Macro_ChineseS.ini
Drivers/LanguageIni/ChineseT/Bloody7_ChineseT.ini
Drivers/LanguageIni/ChineseT/Drag-Macro_ChineseT.ini
Drivers/LanguageIni/ChineseT/Install_ChineseT.ini
Drivers/LanguageIni/ChineseT/Oscar-Macro_ChineseT.ini
Drivers/LanguageIni/Dutch/Bloody7_Dutch.ini
Drivers/LanguageIni/Dutch/Drag-Macro_Dutch.ini
Drivers/LanguageIni/Dutch/Install_Dutch.ini
Drivers/LanguageIni/Dutch/Oscar-Macro_Dutch.ini
Drivers/LanguageIni/English/Bloody7_English.ini
Drivers/LanguageIni/English/Drag-Macro_English.ini
Drivers/LanguageIni/English/Install_English.ini
Drivers/LanguageIni/English/Oscar-Macro_English.ini
Drivers/LanguageIni/French/Bloody7_French.ini
Drivers/LanguageIni/French/Drag-Macro_French.ini
Drivers/LanguageIni/French/Install_French.ini
Drivers/LanguageIni/French/Oscar-Macro_French.ini
Drivers/LanguageIni/Turkish/Bloody7_Turkish.ini
Drivers/LanguageIni/Turkish/Drag-Macro_Turkish.ini
Drivers/LanguageIni/Turkish/Install_Turkish.ini
Drivers/LanguageIni/Turkish/Oscar-Macro_Turkish.ini
Drivers/hpbuio200l.inf
Drivers/hpbuio200le.inf
Drivers/hpcpu250.cfg
.xml
Drivers/hpcu2506SPS.xml
Drivers/hpcu250u.inf
Drivers/hpfx64bulk.sys
.exe windows x64

0db2ad3b1a4af9617092d37a23a06fa0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:36:22:12:3c:f0:82:cb:da:48:7a:29:c4:2e:4c:05
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12/04/2007, 00:00

Not After

02/06/2008, 23:59

Subject

CN=Hewlett-Packard Company,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IPG,O=Hewlett-Packard Company,L=Boise,ST=Idaho,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:97:d7:9f:85:90:6e:a3:18:a4:00:00:00:00:00:97
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/03/2020, 17:47

Not After

05/03/2021, 17:47

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

36:1d:56:6b:a6:44:8c:1d:ca:7a:79:19:cc:a0:fa:46:f7:30:df:b3:79:51:e1:f9:da:d4:6c:6f:cb:22:ad:e6
Signer

Actual PE Digest

36:1d:56:6b:a6:44:8c:1d:ca:7a:79:19:cc:a0:fa:46:f7:30:df:b3:79:51:e1:f9:da:d4:6c:6f:cb:22:ad:e6

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

13/04/2023, 18:12
Valid: false

22:2e:49:94:ec:cf:98:77:54:66:c7:28:44:9a:6e:74:af:b1:bf:83
Signer

Actual PE Digest

22:2e:49:94:ec:cf:98:77:54:66:c7:28:44:9a:6e:74:af:b1:bf:83

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Hewlett-Packard Company,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IPG,O=Hewlett-Packard Company,L=Boise,ST=Idaho,C=US

13/04/2023, 18:12
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoFreeWorkItem
KeInitializeEvent
IoFreeMdl
IoBuildPartialMdl
IoAllocateWorkItem
KeBugCheckEx
PoSetSystemState
IoBuildDeviceIoControlRequest
MmUnmapLockedPages
IoAllocateMdl
IoQueueWorkItem
KeWaitForSingleObject
IoDeleteDevice
RtlInitUnicodeString
ExAllocatePoolWithTag
IofCallDriver
IoCreateDevice
RtlCopyUnicodeString
IoIsWdmVersionAvailable
IoAttachDeviceToDeviceStack
IofCompleteRequest
RtlFreeUnicodeString
IoDetachDevice
ExFreePool
RtlQueryRegistryValues
__C_specific_handler
_local_unwind

usbd.sys

USBD_ParseConfigurationDescriptorEx
USBD_ParseDescriptors
USBD_CreateConfigurationRequestEx

hpfx64gen.sys

CancelRequest
GenericRegisterInterface
InitializeGenericExtension
GenericDispatchPnp
StartPacket
GetSizeofGenericExtension
IsWin98
GenericReleaseRemoveLock
GenericAcquireRemoveLock
GetCurrentDevicePowerState
StartNextPacket
GenericSaveRestoreComplete
GenericDispatchPower
GenericGetSystemAddressForMdl

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 305B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Drivers/hpfx64gen.sys
.exe windows x64

e4f56dccae8c3b6877b7b5c6456f1984

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:36:22:12:3c:f0:82:cb:da:48:7a:29:c4:2e:4c:05
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12/04/2007, 00:00

Not After

02/06/2008, 23:59

Subject

CN=Hewlett-Packard Company,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IPG,O=Hewlett-Packard Company,L=Boise,ST=Idaho,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:97:d7:9f:85:90:6e:a3:18:a4:00:00:00:00:00:97
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/03/2020, 17:47

Not After

05/03/2021, 17:47

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d1:e7:74:3c:e1:8f:43:be:72:2a:87:8c:a8:03:8e:be:04:4b:01:75:30:82:7c:4d:c6:06:16:29:4a:03:f3:20
Signer

Actual PE Digest

d1:e7:74:3c:e1:8f:43:be:72:2a:87:8c:a8:03:8e:be:04:4b:01:75:30:82:7c:4d:c6:06:16:29:4a:03:f3:20

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

13/04/2023, 18:12
Valid: false

1d:85:29:4e:bf:fc:fc:ad:bd:07:61:06:11:dc:85:13:24:00:b6:f8
Signer

Actual PE Digest

1d:85:29:4e:bf:fc:fc:ad:bd:07:61:06:11:dc:85:13:24:00:b6:f8

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Hewlett-Packard Company,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IPG,O=Hewlett-Packard Company,L=Boise,ST=Idaho,C=US

13/04/2023, 18:12
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

KeAcquireSpinLockAtDpcLevel
IoReleaseCancelSpinLock
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
IofCompleteRequest
ExAllocatePoolWithTag
KeSetEvent
KeInitializeEvent
RtlUnicodeStringToAnsiString
PoSetPowerState
MmMapLockedPagesSpecifyCache
ExFreePool
KeWaitForSingleObject
IofCallDriver
KeClearEvent
KeReleaseSpinLockFromDpcLevel
IoGetAttachedDeviceReference
ObfDereferenceObject
IoInvalidateDeviceState
KeLeaveCriticalRegion
IoRegisterDeviceInterface
IoSetDeviceInterfaceState
IoBuildSynchronousFsdRequest
KeEnterCriticalRegion
RtlFreeUnicodeString
PoStartNextPowerIrp
ZwClose
IoFreeIrp
PoCallDriver
IoAllocateIrp
ExQueueWorkItem
IoOpenDeviceRegistryKey
PoRegisterDeviceForIdleDetection
RtlInitUnicodeString
ZwSetValueKey
PoRequestPowerIrp
IoCancelIrp
ZwQueryValueKey
KeBugCheckEx

Exports

Exports

AbortAllRequests
AbortRequests
AllowAllRequests
AllowRequests
AreRequestsBeingAborted
CancelRequest
CheckAnyBusyAndStall
CheckBusyAndStall
CleanupAllRequests
CleanupGenericExtension
CleanupRequests
GenericAcquireRemoveLock
GenericCacheControlRequest
GenericCleanupAllRequests
GenericCleanupControlRequests
GenericDeregisterInterface
GenericDispatchPnp
GenericDispatchPower
GenericEnableInterface
GenericGetDeviceCapabilities
GenericGetSystemAddressForMdl
GenericGetVersion
GenericHandlePowerIoctl
GenericIdleDevice
GenericInitializeRemoveLock
GenericMarkDeviceBusy
GenericRegisterForIdleDetection
GenericRegisterInterface
GenericReleaseRemoveLock
GenericReleaseRemoveLockAndWait
GenericSaveRestoreComplete
GenericSetDeviceState
GenericUncacheControlRequest
GenericWakeupControl
GenericWakeupFromIdle
GetCurrentDevicePowerState
GetCurrentIrp
GetSizeofGenericExtension
InitializeGenericExtension
InitializeQueue
IsWin98
RestartAllRequests
RestartRequests
StallAllRequests
StallAllRequestsAndNotify
StallRequests
StallRequestsAndNotify
StartNextPacket
StartPacket
WaitForCurrentIrp
WaitForCurrentIrps

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 158B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Drivers/hpmco250.dll
.dll windows x64

2196f6d10fdb057dd2982f0f6d478ef9

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ae:a1:01:2d:5c:cb:bf:26:5f:d0:c6:61:3c:1c:c1
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/08/2020, 00:00

Not After

12/08/2021, 12:00

Subject

CN=HP Inc.,OU=HP Cybersecurity,O=HP Inc.,L=Palo Alto,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:97:d7:9f:85:90:6e:a3:18:a4:00:00:00:00:00:97
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/03/2020, 17:47

Not After

05/03/2021, 17:47

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:e0:5e:d4:ca:45:20:2d:4a:e0:d3:b7:a0:d9:95:9b:94:8a:61:2e:34:2d:f8:f9:e3:76:7e:d9:5a:d5:79:21
Signer

Actual PE Digest

0d:e0:5e:d4:ca:45:20:2d:4a:e0:d3:b7:a0:d9:95:9b:94:8a:61:2e:34:2d:f8:f9:e3:76:7e:d9:5a:d5:79:21

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

13/04/2023, 18:12
Valid: false

99:28:2c:7a:91:2b:c0:ff:06:bf:16:96:c2:b5:39:76:92:47:a3:a2
Signer

Actual PE Digest

99:28:2c:7a:91:2b:c0:ff:06:bf:16:96:c2:b5:39:76:92:47:a3:a2

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=HP Inc.,OU=HP Cybersecurity,O=HP Inc.,L=Palo Alto,ST=California,C=US

20/08/2020, 18:35
Valid: true

Chain 1

CN=HP Inc.,OU=HP Cybersecurity,O=HP Inc.,L=Palo Alto,ST=California,C=US

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

winspool.drv

GetPrinterDriverW
EnumPrintersW
SetPrinterW
OpenPrinterW
GetPrinterDataW
ClosePrinter
GetPrinterW

kernel32

FlushFileBuffers
OutputDebugStringW
GetStringTypeW
GetConsoleCP
GlobalFree
GlobalAlloc
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW
CloseHandle
GetLastError
IsValidCodePage
LCMapStringW
HeapReAlloc
LoadLibraryExW
GetModuleFileNameW
WriteFile
LeaveCriticalSection
EncodePointer
DecodePointer
GetCommandLineA
GetCurrentThreadId
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
HeapSize
HeapFree
HeapAlloc
CreateFileW
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
EnterCriticalSection

advapi32

RegCloseKey
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW

setupapi

SetupDiCreateDeviceInterfaceRegKeyW
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInstanceIdW

Exports

Exports

UPDCoInstallerEntryProc

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Drivers/hpmews02.dat
Drivers/hpmews02.inf
Drivers/hpmldm02.dat
Drivers/hpmldm02.dll
.dll windows x64

2e512837b0af04cf7490aca4d222bf7b

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ae:a1:01:2d:5c:cb:bf:26:5f:d0:c6:61:3c:1c:c1
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/08/2020, 00:00

Not After

12/08/2021, 12:00

Subject

CN=HP Inc.,OU=HP Cybersecurity,O=HP Inc.,L=Palo Alto,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:97:d7:9f:85:90:6e:a3:18:a4:00:00:00:00:00:97
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/03/2020, 17:47

Not After

05/03/2021, 17:47

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:cd:6c:a7:fb:6c:ef:c2:30:a5:db:ce:aa:82:c0:d4:d2:7d:50:11:f8:1e:33:6a:c3:5f:ef:a8:34:1a:19:a1
Signer

Actual PE Digest

01:cd:6c:a7:fb:6c:ef:c2:30:a5:db:ce:aa:82:c0:d4:d2:7d:50:11:f8:1e:33:6a:c3:5f:ef:a8:34:1a:19:a1

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

13/04/2023, 18:12
Valid: false

ab:15:e3:7a:23:3f:4d:ea:20:b0:4c:27:5b:3c:26:79:d7:39:1d:75
Signer

Actual PE Digest

ab:15:e3:7a:23:3f:4d:ea:20:b0:4c:27:5b:3c:26:79:d7:39:1d:75

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=HP Inc.,OU=HP Cybersecurity,O=HP Inc.,L=Palo Alto,ST=California,C=US

20/08/2020, 18:35
Valid: true

Chain 1

CN=HP Inc.,OU=HP Cybersecurity,O=HP Inc.,L=Palo Alto,ST=California,C=US

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

setupapi

SetupCopyOEMInfA
SetupDiGetSelectedDriverA
SetupDiGetDriverInfoDetailA
SetupOpenInfFileA
SetupFindFirstLineA
SetupGetStringFieldA
SetupCloseInfFile
SetupDiGetDeviceInstanceIdA
SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiCreateDeviceInterfaceRegKeyA
SetupDiDestroyDeviceInfoList

psapi

EnumProcessModules
GetModuleBaseNameA

kernel32

LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
InitializeCriticalSection
TlsAlloc
GlobalReAlloc
GlobalHandle
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GetModuleFileNameA
SetErrorMode
GlobalGetAtomNameA
lstrcmpA
GetThreadLocale
lstrcmpW
LoadLibraryA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalFlags
GetLocaleInfoA
FreeLibrary
GetCPInfo
GetOEMCP
SetFilePointer
FlushFileBuffers
HeapAlloc
HeapFree
HeapReAlloc
RtlUnwindEx
FlsSetValue
GetCommandLineA
GetProcessHeap
RaiseException
RtlPcToFileHeader
HeapSize
ExitProcess
GetACP
FlsGetValue
FlsFree
FlsAlloc
IsDebuggerPresent
LCMapStringA
LCMapStringW
GetStdHandle
HeapSetInformation
HeapCreate
HeapDestroy
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetModuleFileNameW
GlobalLock
GlobalUnlock
FindResourceA
LoadResource
LockResource
SizeofResource
SetLastError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetPrivateProfileStringA
Sleep
GetVersionExA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GetFullPathNameA
GetWindowsDirectoryA
lstrcpynA
GlobalFree
lstrlenA
lstrcmpiA
CompareStringA
FormatMessageA
LocalFree
CloseHandle
WriteFile
OutputDebugStringA
GetCurrentProcess
GetTempPathA
CreateFileA
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar

user32

DrawTextExA
GrayStringA
DestroyMenu
PostQuitMessage
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
GetClassLongPtrA
SetPropA
GetPropA
RemovePropA
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetWindowLongPtrA
SetWindowLongPtrA
GetMessageTime
GetMessagePos
MapWindowPoints
DrawTextA
SetForegroundWindow
GetClientRect
GetMenu
PostMessageA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetWindowTextA
LoadCursorA
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
GetWindowThreadProcessId
GetWindowLongA
GetParent
GetLastActivePopup
IsWindowEnabled
TabbedTextOutA
wsprintfA
GetSystemMetrics
ClientToScreen
SetWindowTextA
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
UnhookWindowsHookEx
EnableWindow
MessageBoxA
UnregisterClassA
SetWindowsHookExA
CallNextHookEx
DispatchMessageA
SendMessageA
GetKeyState
PeekMessageA
ValidateRect
GetFocus

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
RegDeleteKeyA
RegSetValueExA

shlwapi

PathFindFileNameA
PathFindExtensionA

oleacc

CreateStdAccessibleObject
LresultFromObject

gdi32

DeleteDC
GetStockObject
RestoreDC
SaveDC
DeleteObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
SetMapMode
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetDeviceCaps
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

CoSetup

Sections

.text
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Drivers/hpmldm02.inf
Drivers/hpmprein.config
.xml
Drivers/hppdbulkio.sys
.exe windows x64

9cace606dc89ca54abee01b7de5594f3

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

77:7c:08:ea:c1:73:b9:68:4b:24:c9:0f:f2:63:5d:e9
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

17/04/2008, 00:00

Not After

02/06/2009, 23:59

Subject

CN=Hewlett-Packard Company,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IPG,O=Hewlett-Packard Company,L=Boise,ST=Idaho,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:97:d7:9f:85:90:6e:a3:18:a4:00:00:00:00:00:97
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/03/2020, 17:47

Not After

05/03/2021, 17:47

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

af:3b:46:86:f8:40:2c:c6:ef:bb:42:8b:75:4b:dc:93:45:2a:dd:07:2e:7b:54:d6:4e:56:f5:e3:97:e7:51:6a
Signer

Actual PE Digest

af:3b:46:86:f8:40:2c:c6:ef:bb:42:8b:75:4b:dc:93:45:2a:dd:07:2e:7b:54:d6:4e:56:f5:e3:97:e7:51:6a

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

13/04/2023, 18:12
Valid: false

6c:6b:8e:81:14:55:59:17:db:45:ef:a2:a8:0c:d9:18:37:89:5a:9c
Signer

Actual PE Digest

6c:6b:8e:81:14:55:59:17:db:45:ef:a2:a8:0c:d9:18:37:89:5a:9c

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Hewlett-Packard Company,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IPG,O=Hewlett-Packard Company,L=Boise,ST=Idaho,C=US

13/04/2023, 18:12
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoAllocateIrp
MmUnmapLockedPages
IoQueueWorkItem
IoAllocateMdl
IoFreeIrp
KeAcquireSpinLockRaiseToDpc
PoSetSystemState
IoBuildPartialMdl
KeBugCheckEx
KeWaitForSingleObject
IoAllocateWorkItem
ExFreePool
IoCancelIrp
IoFreeMdl
KeReleaseSpinLock
KeInitializeEvent
IoFreeWorkItem
IoDeleteDevice
RtlInitUnicodeString
ExAllocatePoolWithTag
IofCallDriver
IoCreateDevice
RtlCopyUnicodeString
IoIsWdmVersionAvailable
IofCompleteRequest
IoAttachDeviceToDeviceStack
RtlFreeUnicodeString
IoDetachDevice
IoBuildDeviceIoControlRequest
RtlQueryRegistryValues
__C_specific_handler
_local_unwind

hppdgenio.sys

GenericSaveRestoreComplete
StartNextPacket
StartPacket
CancelRequest
GenericUncacheControlRequest
InitializeGenericExtension
GenericRegisterInterface
GenericDispatchPnp
GenericDispatchPower
GetSizeofGenericExtension
IsWin98
GenericReleaseRemoveLock
GenericAcquireRemoveLock
GetCurrentDevicePowerState
GenericCacheControlRequest
GenericGetSystemAddressForMdl

usbd.sys

USBD_ParseDescriptors
USBD_CreateConfigurationRequestEx
USBD_ParseConfigurationDescriptorEx

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 305B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Drivers/hppdgenio.sys
.exe windows x64

dfec8bfa180807bafcc9ae796aec0564

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

77:7c:08:ea:c1:73:b9:68:4b:24:c9:0f:f2:63:5d:e9
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

17/04/2008, 00:00

Not After

02/06/2009, 23:59

Subject

CN=Hewlett-Packard Company,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IPG,O=Hewlett-Packard Company,L=Boise,ST=Idaho,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:97:d7:9f:85:90:6e:a3:18:a4:00:00:00:00:00:97
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/03/2020, 17:47

Not After

05/03/2021, 17:47

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9d:9d:1d:81:00:e8:03:bd:e7:20:e5:36:07:b7:5b:bd:00:fa:ba:d4:97:ef:68:9d:04:21:7f:9a:1e:98:26:fa
Signer

Actual PE Digest

9d:9d:1d:81:00:e8:03:bd:e7:20:e5:36:07:b7:5b:bd:00:fa:ba:d4:97:ef:68:9d:04:21:7f:9a:1e:98:26:fa

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

13/04/2023, 18:12
Valid: false

f8:0f:33:6b:bc:61:da:0d:2a:6a:a2:0d:c4:f7:5e:c2:75:71:cd:45
Signer

Actual PE Digest

f8:0f:33:6b:bc:61:da:0d:2a:6a:a2:0d:c4:f7:5e:c2:75:71:cd:45

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Hewlett-Packard Company,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IPG,O=Hewlett-Packard Company,L=Boise,ST=Idaho,C=US

13/04/2023, 18:12
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoReleaseCancelSpinLock
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
IofCompleteRequest
KeAcquireSpinLockAtDpcLevel
KeSetEvent
KeInitializeEvent
RtlUnicodeStringToAnsiString
PoSetPowerState
MmMapLockedPagesSpecifyCache
ExFreePool
KeWaitForSingleObject
IofCallDriver
ExAllocatePoolWithTag
KeClearEvent
KeReleaseSpinLockFromDpcLevel
KeLeaveCriticalRegion
IoRegisterDeviceInterface
IoSetDeviceInterfaceState
IoBuildSynchronousFsdRequest
KeEnterCriticalRegion
RtlFreeUnicodeString
IoGetAttachedDeviceReference
ObfDereferenceObject
IoInvalidateDeviceState
PoRegisterDeviceForIdleDetection
RtlInitUnicodeString
ZwSetValueKey
PoRequestPowerIrp
IoCancelIrp
ZwQueryValueKey
PoStartNextPowerIrp
ZwClose
IoFreeIrp
PoCallDriver
IoAllocateIrp
ExQueueWorkItem
IoOpenDeviceRegistryKey
KeBugCheckEx

Exports

Exports

AbortAllRequests
AbortRequests
AllowAllRequests
AllowRequests
AreRequestsBeingAborted
CancelRequest
CheckAnyBusyAndStall
CheckBusyAndStall
CleanupAllRequests
CleanupGenericExtension
CleanupRequests
GenericAcquireRemoveLock
GenericCacheControlRequest
GenericCleanupAllRequests
GenericCleanupControlRequests
GenericDeregisterInterface
GenericDispatchPnp
GenericDispatchPower
GenericEnableInterface
GenericGetDeviceCapabilities
GenericGetSystemAddressForMdl
GenericGetVersion
GenericHandlePowerIoctl
GenericIdleDevice
GenericInitializeRemoveLock
GenericMarkDeviceBusy
GenericRegisterForIdleDetection
GenericRegisterInterface
GenericReleaseRemoveLock
GenericReleaseRemoveLockAndWait
GenericSaveRestoreComplete
GenericSetDeviceState
GenericUncacheControlRequest
GenericWakeupControl
GenericWakeupFromIdle
GetCurrentDevicePowerState
GetCurrentIrp
GetSizeofGenericExtension
InitializeGenericExtension
InitializeQueue
IsWin98
RestartAllRequests
RestartRequests
StallAllRequests
StallAllRequestsAndNotify
StallRequests
StallRequestsAndNotify
StartNextPacket
StartPacket
WaitForCurrentIrp
WaitForCurrentIrps

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 158B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Drivers/hppewnd.inf
Drivers/hppfaxnd.inf
Drivers/hppldcoi.config
.xml
Drivers/hppscnd.inf
Drivers/hpzid4vp.inf
Drivers/hpzipa23.inf
Drivers/hpzipr23.inf
Drivers/hpzius23.inf
Drivers/p6a4arww.cab
.cab
Drivers/p6a4bgww.cab
.cab
Drivers/p6a4csww.cab
.cab
Drivers/p6a4daww.cab
.cab
Drivers/p6a4deww.cab
.cab
Drivers/p6a4elww.cab
.cab
Drivers/p6a4enww.cab
.cab
Drivers/p6a4esww.cab
.cab
Drivers/p6a4etww.cab
.cab
Drivers/p6a4fiww.cab
.cab
Drivers/p6a4frww.cab
.cab
Drivers/p6a4heww.cab
.cab
Drivers/p6a4hrww.cab
.cab
Drivers/p6a4huww.cab
.cab
Drivers/p6a4idww.cab
.cab
Drivers/p6a4jaww.cab
.cab
Drivers/p6a4kkww.cab
.cab
Drivers/p6a4koww.cab
.cab
Drivers/p6a4ltww.cab
.cab
Drivers/p6a4lvww.cab
.cab
Drivers/p6a4nlww.cab
.cab
Drivers/p6a4noww.cab
.cab
Drivers/p6a4plww.cab
.cab
Drivers/p6a4ptww.cab
.cab
Drivers/p6a4roww.cab
.cab
Drivers/p6a4svww.cab
.cab
Drivers/p6a4trww.cab
.cab
Drivers/p6a4zhcn.cab
.cab
Drivers/p6a4zhtw.cab
.cab
TradingView Premium Unlocker.exe
.exe windows x86

55598916d3559b7ff87df57da236c990

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:01:2e:b9:8c:70:3a:a9:b0:6d:26:43:55:e9:fe:39
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/11/2020, 00:00

Not After

08/11/2023, 23:59

Subject

CN=TeamSpeak Systems GmbH,O=TeamSpeak Systems GmbH,L=Krün,ST=Bayern,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2d:e2:0b:68:bc:36:30:81:41:53:b2:cc:9f:15:66:b8:77:0d:a5:05
Signer

Actual PE Digest

2d:e2:0b:68:bc:36:30:81:41:53:b2:cc:9f:15:66:b8:77:0d:a5:05

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=TeamSpeak Systems GmbH,O=TeamSpeak Systems GmbH,L=Krün,ST=Bayern,C=DE

13/04/2023, 18:12
Valid: true

Chain 1

CN=TeamSpeak Systems GmbH,O=TeamSpeak Systems GmbH,L=Krün,ST=Bayern,C=DE

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

ReleaseDC

gdi32

CreateDCA

ole32

CoInitializeEx

oleaut32

SysFreeString

Sections

.MPRESS1
Size: 3.1MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

179a94b230188d638f01aaa7a337b155

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

02:ae:a1:01:2d:5c:cb:bf:26:5f:d0:c6:61:3c:1c:c1Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

33:00:00:00:97:d7:9f:85:90:6e:a3:18:a4:00:00:00:00:00:97Certificate

Extended Key Usages

61:0b:aa:c1:00:00:00:00:00:09Certificate

Key Usages

b7:53:e7:10:13:71:1d:d7:dd:e0:b6:bc:f9:d6:37:c8:40:5a:9c:e9:a7:20:d5:56:00:01:b7:bc:da:30:ae:25Signer

Signature Validations

Verification

13/04/2023, 18:12 Valid: false

0d:77:7e:88:8c:49:65:28:35:0a:69:b8:a7:08:f6:5b:5c:9f:d6:ecSigner

Signature Validations

Verification

20/08/2020, 18:35 Valid: true

Chain 1

Headers

File Characteristics

Imports

ntoskrnl.exe

wmilib.sys

Sections

.text Size: 153KB - Virtual size: 152KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 1KB - Virtual size: 1KB

.pdata Size: 7KB - Virtual size: 7KB

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 920B

.reloc Size: 1024B - Virtual size: 590B

f60663cba2fd2150c6b47a2e0cab86b7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

3f:d0:e0:11:89:62:94:82:b4:64:d5:d9:fd:03:3b:30Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

33:00:00:00:97:d7:9f:85:90:6e:a3:18:a4:00:00:00:00:00:97Certificate

Extended Key Usages

61:0b:aa:c1:00:00:00:00:00:09Certificate

Key Usages

20:57:89:64:d8:b2:4f:2c:3c:03:d6:7b:9a:b4:e1:2c:f2:4b:18:ea:52:00:68:00:40:80:15:71:e6:65:6f:c5Signer

Signature Validations

Verification

13/04/2023, 18:12 Valid: false

cb:12:0c:07:1f:1f:44:c2:4f:ce:db:67:c0:04:b0:b8:e0:66:9d:71Signer

Signature Validations

Verification

14/08/2015, 17:33 Valid: false

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 38KB - Virtual size: 37KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 500B

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

02:ae:a1:01:2d:5c:cb:bf:26:5f:d0:c6:61:3c:1c:c1
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

33:00:00:00:97:d7:9f:85:90:6e:a3:18:a4:00:00:00:00:00:97
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

b7:53:e7:10:13:71:1d:d7:dd:e0:b6:bc:f9:d6:37:c8:40:5a:9c:e9:a7:20:d5:56:00:01:b7:bc:da:30:ae:25
Signer

13/04/2023, 18:12
Valid: false

0d:77:7e:88:8c:49:65:28:35:0a:69:b8:a7:08:f6:5b:5c:9f:d6:ec
Signer

20/08/2020, 18:35
Valid: true

.text
Size: 153KB - Virtual size: 152KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 1KB - Virtual size: 1KB

.pdata
Size: 7KB - Virtual size: 7KB

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 920B

.reloc
Size: 1024B - Virtual size: 590B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

3f:d0:e0:11:89:62:94:82:b4:64:d5:d9:fd:03:3b:30
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

33:00:00:00:97:d7:9f:85:90:6e:a3:18:a4:00:00:00:00:00:97
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

20:57:89:64:d8:b2:4f:2c:3c:03:d6:7b:9a:b4:e1:2c:f2:4b:18:ea:52:00:68:00:40:80:15:71:e6:65:6f:c5
Signer

13/04/2023, 18:12
Valid: false

cb:12:0c:07:1f:1f:44:c2:4f:ce:db:67:c0:04:b0:b8:e0:66:9d:71
Signer

14/08/2015, 17:33
Valid: false

.text
Size: 38KB - Virtual size: 37KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 500B

.pdata
Size: 2KB - Virtual size: 1KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 944B

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

02:ae:a1:01:2d:5c:cb:bf:26:5f:d0:c6:61:3c:1c:c1
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

33:00:00:00:97:d7:9f:85:90:6e:a3:18:a4:00:00:00:00:00:97
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

a3:1b:0a:30:de:39:0c:d2:74:ea:5c:02:d8:ea:7f:3e:94:8a:db:17:a2:67:ec:69:27:d1:ba:a0:4a:2a:da:77
Signer

13/04/2023, 18:12
Valid: false

3c:af:fe:70:92:f1:4a:38:f0:57:0b:94:72:85:60:ad:3e:6e:fa:c8
Signer

20/08/2020, 18:35
Valid: true

.text
Size: 22KB - Virtual size: 21KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 500B

.pdata
Size: 1024B - Virtual size: 888B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 920B

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

02:ae:a1:01:2d:5c:cb:bf:26:5f:d0:c6:61:3c:1c:c1
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

33:00:00:00:97:d7:9f:85:90:6e:a3:18:a4:00:00:00:00:00:97
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

20:e3:9b:29:a1:7a:8d:4f:02:7e:4c:6a:6f:79:e7:61:ec:c6:57:a5:6d:c8:8d:49:eb:35:96:7a:28:bc:4f:72
Signer

13/04/2023, 18:12
Valid: false

b1:8d:7f:17:61:97:5e:3a:f3:34:50:9b:e0:59:8f:07:30:00:03:63
Signer

20/08/2020, 18:35
Valid: true