General

Malware Config

Signatures

Files

• UltimatePSN_Checker_v1.2_Updated.rar

  .rar
• UltimatePSN Checker v1.2 Updated/Cache/EMP.dll

  .dll windows x64

  fc7124d57387852c0a6a634e9130bf57

  
  

  Code Sign

  1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78

  Certificate

  Issuer

  OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

  Not Before

  08-11-2006 00:00

  Not After

  07-11-2021 23:59

  Subject

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  5f:9e:06:26:2d:2e:ed:42:5c:88:6a:47:09:35:04:26

  Certificate

  Issuer

  CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

  Not Before

  06-05-2014 00:00

  Not After

  06-05-2015 23:59

  Subject

  CN=Shenzhen Luyoudashi Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen Luyoudashi Technology Co.\, Ltd.,L=Shenzhen,ST=Guangdong,C=CN

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7

  Certificate

  Issuer

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  08-02-2010 00:00

  Not After

  07-02-2020 23:59

  Subject

  CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  c8:5a:b5:16:4e:b4:8a:ee:c8:9f:12:49:3e:40:4d:ef:28:55:7d:f5

  Signer

  Actual PE Digest

  c8:5a:b5:16:4e:b4:8a:ee:c8:9f:12:49:3e:40:4d:ef:28:55:7d:f5

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=Shenzhen Luyoudashi Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen Luyoudashi Technology Co.\, Ltd.,L=Shenzhen,ST=Guangdong,C=CN

  23-04-2023 10:06

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  kernel32

  IsDebuggerPresent

  GetCurrentProcessId

  GetCurrentThreadId

  GetSystemTimeAsFileTime

  InitializeSListHead

  IsProcessorFeaturePresent

  LoadLibraryA

  UnhandledExceptionFilter

  GetProcAddress

  RtlVirtualUnwind

  RtlLookupFunctionEntry

  RtlCaptureContext

  Exports

  Exports

  EMP

  Sections

  .text

  Size: 3KB - Virtual size: 4KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 3KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 512B - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .EMP0

  Size: 512B - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data2

  Size: 92KB - Virtual size: 92KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .EMP

  Size: 204KB - Virtual size: 204KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .data3

  Size: 612KB - Virtual size: 612KB

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .EMP1

  Size: 1.3MB - Virtual size: 1.3MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 180B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 512B - Virtual size: 233B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• UltimatePSN Checker v1.2 Updated/Data/deploy.dll
• UltimatePSN Checker v1.2 Updated/Data/resource/License.key
• UltimatePSN Checker v1.2 Updated/Data/resource/config.png
• UltimatePSN Checker v1.2 Updated/Data/resource/icon.png

  .dll windows x86

  dae02f32a21e03ce65412f6e56942daa

  
  

  Code Sign

  33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  04-03-2020 18:39

  Not After

  03-03-2021 18:39

  Subject

  CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:0e:90:d2:00:00:00:00:00:03

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  08-07-2011 20:59

  Not After

  08-07-2026 21:09

  Subject

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  3d:89:de:4b:2e:c5:8c:37:07:d3:29:0c:0d:0b:46:58:e9:09:af:7f:2d:43:7b:47:3e:f4:58:e5:de:8f:fd:91

  Signer

  Actual PE Digest

  3d:89:de:4b:2e:c5:8c:37:07:d3:29:0c:0d:0b:46:58:e9:09:af:7f:2d:43:7b:47:3e:f4:58:e5:de:8f:fd:91

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  23-04-2023 10:06

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  mscoree

  _CorDllMain

  Sections

  .text

  Size: 29KB - Virtual size: 29KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1024B - Virtual size: 944B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• UltimatePSN Checker v1.2 Updated/Data/resource/input.dll

  .ps1
• UltimatePSN Checker v1.2 Updated/Data/resource/launcher.bat
• UltimatePSN Checker v1.2 Updated/Data/resource/playstation.cer

  .exe windows x64

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Sections

  Size: 6.7MB - Virtual size: 6.7MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  Size: 266KB - Virtual size: 265KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  Size: 5.2MB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  Size: 624KB - Virtual size: 624KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

• UltimatePSN Checker v1.2 Updated/Data/resource/settings.json
• UltimatePSN Checker v1.2 Updated/Data/resource/setup.dll

  .vbs
• UltimatePSN Checker v1.2 Updated/Data/resource/st.dll

  .vbs
• UltimatePSN Checker v1.2 Updated/Engine/Settings.xml

  .xml .js
• UltimatePSN Checker v1.2 Updated/License.key
• UltimatePSN Checker v1.2 Updated/README.txt
• UltimatePSN Checker v1.2 Updated/UltimatePSN Checker v1.2.exe

  .exe windows x86

  
  

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_BYTES_REVERSED_LO

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_BYTES_REVERSED_HI

  Sections

  CODE

  Size: 615KB - Virtual size: 614KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  DATA

  Size: 12KB - Virtual size: 11KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  BSS

  Size: - Virtual size: 4KB

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 11KB - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: - Virtual size: 16B

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 512B - Virtual size: 57B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 42KB - Virtual size: 42KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1.0MB - Virtual size: 1.0MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• UltimatePSN Checker v1.2 Updated/settings.json

  .dll windows x64

  fc7124d57387852c0a6a634e9130bf57

  
  

  Code Sign

  1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78

  Certificate

  Issuer

  OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

  Not Before

  08-11-2006 00:00

  Not After

  07-11-2021 23:59

  Subject

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  5f:9e:06:26:2d:2e:ed:42:5c:88:6a:47:09:35:04:26

  Certificate

  Issuer

  CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

  Not Before

  06-05-2014 00:00

  Not After

  06-05-2015 23:59

  Subject

  CN=Shenzhen Luyoudashi Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen Luyoudashi Technology Co.\, Ltd.,L=Shenzhen,ST=Guangdong,C=CN

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7

  Certificate

  Issuer

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  08-02-2010 00:00

  Not After

  07-02-2020 23:59

  Subject

  CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  c8:5a:b5:16:4e:b4:8a:ee:c8:9f:12:49:3e:40:4d:ef:28:55:7d:f5

  Signer

  Actual PE Digest

  c8:5a:b5:16:4e:b4:8a:ee:c8:9f:12:49:3e:40:4d:ef:28:55:7d:f5

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=Shenzhen Luyoudashi Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen Luyoudashi Technology Co.\, Ltd.,L=Shenzhen,ST=Guangdong,C=CN

  23-04-2023 10:06

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  kernel32

  IsDebuggerPresent

  GetCurrentProcessId

  GetCurrentThreadId

  GetSystemTimeAsFileTime

  InitializeSListHead

  IsProcessorFeaturePresent

  LoadLibraryA

  UnhandledExceptionFilter

  GetProcAddress

  RtlVirtualUnwind

  RtlLookupFunctionEntry

  RtlCaptureContext

  Exports

  Exports

  EMP

  Sections

  .text

  Size: 3KB - Virtual size: 4KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 3KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 512B - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .EMP0

  Size: 512B - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data2

  Size: 92KB - Virtual size: 92KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .EMP

  Size: 204KB - Virtual size: 204KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .data3

  Size: 612KB - Virtual size: 612KB

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .EMP1

  Size: 1.3MB - Virtual size: 1.3MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 180B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 512B - Virtual size: 233B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• UltimatePSN Checker v1.2 Updated/validator.dll

  .dll windows x86

  50f64a1d9783342119da2ac75a894235

  
  

  Code Sign

  c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40

  Certificate

  Issuer

  CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

  Not Before

  10-01-1997 07:00

  Not After

  31-12-2020 07:00

  Subject

  CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

  c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40

  Certificate

  Issuer

  CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

  Not Before

  10-01-1997 07:00

  Not After

  31-12-2020 07:00

  Subject

  CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

  61:47:52:ba:00:00:00:00:00:04

  Certificate

  Issuer

  CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  16-09-2006 01:53

  Not After

  16-09-2011 02:03

  Subject

  CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  61:49:7c:ed:00:00:00:00:00:05

  Certificate

  Issuer

  CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  16-09-2006 01:55

  Not After

  16-09-2011 02:05

  Subject

  CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2

  Certificate

  Issuer

  CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

  Not Before

  16-09-2006 01:04

  Not After

  15-09-2019 07:00

  Subject

  CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba

  Certificate

  Issuer

  CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

  Not Before

  04-04-2006 17:44

  Not After

  26-04-2012 07:00

  Subject

  CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageContentCommitment

  KeyUsageCertSign

  KeyUsageCRLSign

  61:46:9e:cb:00:04:00:00:00:65

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  04-04-2006 19:43

  Not After

  04-10-2007 19:53

  Subject

  CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  f7:70:e2:42:9a:d8:ac:d3:80:f7:72:5c:76:ce:b2:e1:96:69:e6:f7

  Signer

  Actual PE Digest

  f7:70:e2:42:9a:d8:ac:d3:80:f7:72:5c:76:ce:b2:e1:96:69:e6:f7

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  05-04-2007 01:53

  Valid: false

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  ntdll

  RtlUnwind

  kernel32

  LocalAlloc

  SetEvent

  GetLastError

  CreateThread

  CreateFileW

  LoadLibraryW

  FreeLibrary

  GetProcAddress

  DeviceIoControl

  GetOverlappedResult

  CreateEventW

  GetTickCount

  QueryPerformanceCounter

  GetCurrentThreadId

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  TerminateProcess

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  GetCommandLineA

  HeapFree

  GetVersionExA

  HeapAlloc

  GetProcessHeap

  ExitProcess

  GetModuleHandleA

  TlsAlloc

  SetLastError

  TlsFree

  TlsSetValue

  TlsGetValue

  Sleep

  SetHandleCount

  GetStdHandle

  GetFileType

  GetStartupInfoA

  GetModuleFileNameA

  FreeEnvironmentStringsA

  GetEnvironmentStrings

  GetCurrentProcess

  WideCharToMultiByte

  GetEnvironmentStringsW

  HeapDestroy

  DuplicateHandle

  VirtualFree

  WriteFile

  InterlockedExchange

  VirtualQuery

  GetACP

  GetOEMCP

  GetCPInfo

  VirtualAlloc

  HeapReAlloc

  IsBadWritePtr

  LoadLibraryA

  RaiseException

  IsBadReadPtr

  IsBadCodePtr

  SetFilePointer

  MultiByteToWideChar

  GetLocaleInfoA

  GetStringTypeA

  GetStringTypeW

  LCMapStringA

  LCMapStringW

  SetStdHandle

  VirtualProtect

  GetSystemInfo

  FlushFileBuffers

  LocalFree

  LeaveCriticalSection

  EnterCriticalSection

  DeleteCriticalSection

  InitializeCriticalSection

  CloseHandle

  FreeEnvironmentStringsW

  HeapCreate

  advapi32

  TraceMessage

  setupapi

  SetupDiDestroyDeviceInfoList

  SetupDiGetClassDevsW

  SetupDiEnumDeviceInterfaces

  SetupDiGetDeviceInterfaceDetailW

  Exports

  Exports

  DllMain

  XInputEnable

  XInputGetBatteryInformation

  XInputGetCapabilities

  XInputGetDSoundAudioDeviceGuids

  XInputGetKeystroke

  XInputGetState

  XInputSetState

  Sections

  .text

  Size: 60KB - Virtual size: 59KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 3KB - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 1024B - Virtual size: 960B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 5KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ