2O23-F1LES-S0ft[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

2O23-F1LES-S0ft.rar
Size

16.5MB
MD5

699c763e28c5b268b7393bb53a164566
SHA1

002bf3e2b54be8358dde73d49e9fccb98951ef29
SHA256

8b20c4f222723037b9df600a444b358820f9aa1e51c8e9553cb5465859f9d325
SHA512

4606acc1bde361e191b60e77ec18da3d06a685e114a4ab623bc2f9de43d688b308888b9094759cbbf826d4b3382a85517a03dcd44a04bf6b76326481f4fdd1bd
SSDEEP

393216:+xpdy0arMDXL9fl/2OdvnU2KuS9rZ8/uPiPN4padfuy4:+raIDXL9fl/2OvnUPukZ82GN4padWy4

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/Sounds/Drivers/PSINDvct/WVista/PSINDvct.sys
unpack001/Sounds/Drivers/dvctprov/WVista/dvctprov.sys
unpack001/Sounds/iFilters/ooofilt.dll

Files

2O23-F1LES-S0ft.rar
.rar
LauncherPC.exe
.exe windows x86

Password: 1234

8d593f505cdb816120e808e5cd4d59ba

Code Sign

3f:dc:7a:3e:7e:96:5e:b6:4e:3a:1a:ce:c7:32:b0:e3
Certificate

Issuer

CN=Logitech ZC-9015 USA State of Washington

Not Before

24-12-2022 20:59

Not After

25-12-2032 20:59

Subject

CN=Logitech ZC-9015 USA State of Washington

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:d1:3e:85:fc:c6:9d:b0:a8:b4:dd:47:2d:4f:d5:60:fc:c5:82:a6:ae:42:d0:9b:b0:57:eb:1a:fb:a2:54:76
Signer

Actual PE Digest

30:d1:3e:85:fc:c6:9d:b0:a8:b4:dd:47:2d:4f:d5:60:fc:c5:82:a6:ae:42:d0:9b:b0:57:eb:1a:fb:a2:54:76

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
VirtualProtect
HeapAlloc
GetProcessHeap
GetProcAddress
LoadLibraryA
lstrcatA
VirtualAlloc
CloseHandle
Process32Next
Process32First
CreateToolhelp32Snapshot
FindNextFileW
FindFirstFileW
VirtualAllocExNuma
SetEndOfFile
VirtualFree
GetLogicalProcessorInformationEx
GetCurrentProcess
CreateFileW
CreateFileA
SetStdHandle
WriteConsoleW
LoadLibraryW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
HeapReAlloc
GetLocaleInfoW
ExitProcess
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
GetLastError
HeapFree
RaiseException
RtlUnwind
GetSystemTimeAsFileTime
GetCommandLineA
HeapSetInformation
GetStartupInfoW
LCMapStringW
GetCPInfo
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
WriteFile
GetStdHandle
GetModuleFileNameW
HeapCreate
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetACP
GetOEMCP
IsValidCodePage
HeapSize
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetStringTypeW
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
WriteConsoleW
SetStdHandle
IsProcessorFeaturePresent
DecodePointer
GetCommandLineA
RaiseException
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringW
GetStringTypeW
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapSize
WriteFile
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

ole32

CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoSetProxyBlanket

oleaut32

SysFreeString
VariantClear
VariantInit
SysAllocString

crypt32

CryptStringToBinaryA

user32

CharUpperBuffW

Sections

.text
Size: - Virtual size: 253KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp!+~&
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp!+~&
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp!+~&
Size: 7.6MB - Virtual size: 7.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Sounds/DG/PAV3WSC.exe
.exe windows x86

Password: 1234

e6924013f9544cd1b5edce5063af9cd1

Code Sign

0c:ab:80:ca:72:78:c1:c6:ce:80:a8:f0:14:4b:19:4b
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-04-2020 00:00

Not After

26-05-2021 12:00

Subject

CN=Panda Security S.L.,O=Panda Security S.L.,L=Bilbao,ST=Basque Country,C=ES

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 19:41

Not After

15-04-2021 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 19:41

Not After

15-04-2021 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:2b:f5:aa:54:a4:4b:15:3b:44:ff:8a:d3:cf:66:49
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

06-04-2020 00:00

Not After

26-05-2021 12:00

Subject

CN=Panda Security S.L.,OU=CIT,O=Panda Security S.L.,L=Bilbao,ST=Basque Country,C=ES

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-10-2019 00:00

Not After

17-10-2030 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:4e:65:44:f3:a4:21:31:fe:0b:6c:f1:14:cd:8c:eb:a6:81:22:36:fe:ac:d6:fb:0e:2d:55:9b:07:9e:4f:31
Signer

Actual PE Digest

45:4e:65:44:f3:a4:21:31:fe:0b:6c:f1:14:cd:8c:eb:a6:81:22:36:fe:ac:d6:fb:0e:2d:55:9b:07:9e:4f:31

Digest Algorithm

sha256

PE Digest Matches

true

89:4f:f2:5c:6d:dc:a8:ae:28:60:c9:8b:91:56:2f:d3:b9:0f:b9:73
Signer

Actual PE Digest

89:4f:f2:5c:6d:dc:a8:ae:28:60:c9:8b:91:56:2f:d3:b9:0f:b9:73

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSectionAndSpinCount
SizeofResource
LeaveCriticalSection
GetModuleFileNameW
lstrlenW
DeactivateActCtx
EnterCriticalSection
LockResource
CreateEventW
DeleteCriticalSection
GetCommandLineW
CreateMutexW
ActivateActCtx
ReleaseMutex
K32GetModuleFileNameExW
OpenProcess
GetVersionExW
Process32FirstW
Process32NextW
lstrcmpiW
CreateToolhelp32Snapshot
GetCurrentProcessId
CreateActCtxW
GetModuleHandleW
SetEvent
WaitForSingleObject
InterlockedDecrement
InterlockedIncrement
LoadResource
FindResourceW
LocalFree
CloseHandle
LocalAlloc
GetProcAddress
GetLastError
MultiByteToWideChar
GetACP
Sleep
LoadLibraryW
GetTickCount
CreateProcessW
RaiseException
FreeLibrary
FlushFileBuffers
CreateFileW
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetStringTypeW
RtlUnwind
HeapReAlloc
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
WriteFile
HeapCreate
LCMapStringW
EncodePointer
DecodePointer
HeapFree
ExitProcess
GetCommandLineA
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapSize
HeapAlloc
IsProcessorFeaturePresent
GetCPInfo
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
WideCharToMultiByte

user32

GetSystemMetrics

advapi32

RegisterTraceGuidsW
GetTraceEnableLevel
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableFlags
QueryServiceStatus
StartServiceW
TraceEvent
OpenSCManagerW
CloseServiceHandle
OpenServiceA
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

ole32

OleRun
CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

SafeArrayCopy
LoadRegTypeLi
SafeArrayGetUBound
SafeArrayGetVartype
SafeArrayLock
SafeArrayRedim
VariantChangeType
VariantInit
SafeArrayCreate
SafeArrayUnlock
SafeArrayDestroy
VariantCopy
LoadTypeLi
SafeArrayGetLBound
SysStringLen
SysFreeString
VariantClear
SysAllocString

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sounds/Drivers/NNSDhcp/NNSDhcp.sys
.exe windows x64

Password: 1234

80667d24b9163a005062df0c0e887644

Code Sign

01:85:df:b2:66:16:5f:52:02:5e:7a:5b:14:97:f4:7d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-01-2021 00:00

Not After

23-01-2024 23:59

Subject

SERIALNUMBER=602 715 217,CN=WatchGuard Technologies\, Inc.,O=WatchGuard Technologies\, Inc.,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a57617368696e67746f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:57:ee:4d:65:9a:92:3e:7c:10:00:00:00:00:00:57
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-06-2022 18:08

Not After

01-06-2023 18:08

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-10-2014 20:31

Not After

15-10-2029 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c0:dc:ec:7d:1e:9a:6b:16:27:b5:4b:7a:36:48:0b:4e:66:cb:72:3c:0a:b0:37:0d:89:7f:17:d6:3f:0a:ca:16
Signer

Actual PE Digest

c0:dc:ec:7d:1e:9a:6b:16:27:b5:4b:7a:36:48:0b:4e:66:cb:72:3c:0a:b0:37:0d:89:7f:17:d6:3f:0a:ca:16

Digest Algorithm

sha256

PE Digest Matches

true

c0:dc:ec:7d:1e:9a:6b:16:27:b5:4b:7a:36:48:0b:4e:66:cb:72:3c:0a:b0:37:0d:89:7f:17:d6:3f:0a:ca:16
Signer

Actual PE Digest

c0:dc:ec:7d:1e:9a:6b:16:27:b5:4b:7a:36:48:0b:4e:66:cb:72:3c:0a:b0:37:0d:89:7f:17:d6:3f:0a:ca:16

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoWMIRegistrationControl
IoBuildDeviceIoControlRequest
ExFreePoolWithTag
IoWMIWriteEvent
RtlInitUnicodeString
IoDeleteDevice
MmGetSystemRoutineAddress
IoGetDeviceObjectPointer
IofCompleteRequest
RtlCompareMemory
ObfDereferenceObject
IoCreateDevice
IofCallDriver
KeBugCheckEx
ExAcquireResourceExclusiveLite
KeClearEvent
KeResetEvent
ExReleaseFastMutex
KeLeaveCriticalRegion
ExInitializeNPagedLookasideList
ExAcquireFastMutex
KeSetEvent
ExpInterlockedPushEntrySList
KeInitializeEvent
KeReleaseSpinLock
ExpInterlockedPopEntrySList
KeReleaseSpinLockFromDpcLevel
KeEnterCriticalRegion
ExDeletePagedLookasideList
PsCreateSystemThread
PsTerminateSystemThread
ExAcquireResourceSharedLite
ExReleaseResourceLite
ZwClose
ExQueryDepthSList
ObReferenceObjectByHandle
KeWaitForSingleObject
ExDeleteResourceLite
ExInitializePagedLookasideList
ExInitializeResourceLite
KeWaitForMultipleObjects
KeAcquireSpinLockAtDpcLevel
ExDeleteNPagedLookasideList
KeAcquireSpinLockRaiseToDpc
KeDelayExecutionThread
KeInitializeDpc
KeInitializeTimer
KeSetTimer
KeCancelTimer

Sections

.text
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sounds/Drivers/NNSDhcp/WVista/NNSDhcp.sys
.exe windows x64

Password: 1234

80667d24b9163a005062df0c0e887644

Code Sign

33:00:00:00:dc:34:1a:52:0f:bb:cf:3d:8c:00:00:00:00:00:dc
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10-03-2022 19:58

Not After

08-03-2023 19:58

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18-04-2012 23:48

Not After

18-04-2027 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:85:df:b2:66:16:5f:52:02:5e:7a:5b:14:97:f4:7d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-01-2021 00:00

Not After

23-01-2024 23:59

Subject

SERIALNUMBER=602 715 217,CN=WatchGuard Technologies\, Inc.,O=WatchGuard Technologies\, Inc.,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a57617368696e67746f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c0:dc:ec:7d:1e:9a:6b:16:27:b5:4b:7a:36:48:0b:4e:66:cb:72:3c:0a:b0:37:0d:89:7f:17:d6:3f:0a:ca:16
Signer

Actual PE Digest

c0:dc:ec:7d:1e:9a:6b:16:27:b5:4b:7a:36:48:0b:4e:66:cb:72:3c:0a:b0:37:0d:89:7f:17:d6:3f:0a:ca:16

Digest Algorithm

sha256

PE Digest Matches

true

c0:dc:ec:7d:1e:9a:6b:16:27:b5:4b:7a:36:48:0b:4e:66:cb:72:3c:0a:b0:37:0d:89:7f:17:d6:3f:0a:ca:16
Signer

Actual PE Digest

c0:dc:ec:7d:1e:9a:6b:16:27:b5:4b:7a:36:48:0b:4e:66:cb:72:3c:0a:b0:37:0d:89:7f:17:d6:3f:0a:ca:16

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoWMIRegistrationControl
IoBuildDeviceIoControlRequest
ExFreePoolWithTag
IoWMIWriteEvent
RtlInitUnicodeString
IoDeleteDevice
MmGetSystemRoutineAddress
IoGetDeviceObjectPointer
IofCompleteRequest
RtlCompareMemory
ObfDereferenceObject
IoCreateDevice
IofCallDriver
KeBugCheckEx
ExAcquireResourceExclusiveLite
KeClearEvent
KeResetEvent
ExReleaseFastMutex
KeLeaveCriticalRegion
ExInitializeNPagedLookasideList
ExAcquireFastMutex
KeSetEvent
ExpInterlockedPushEntrySList
KeInitializeEvent
KeReleaseSpinLock
ExpInterlockedPopEntrySList
KeReleaseSpinLockFromDpcLevel
KeEnterCriticalRegion
ExDeletePagedLookasideList
PsCreateSystemThread
PsTerminateSystemThread
ExAcquireResourceSharedLite
ExReleaseResourceLite
ZwClose
ExQueryDepthSList
ObReferenceObjectByHandle
KeWaitForSingleObject
ExDeleteResourceLite
ExInitializePagedLookasideList
ExInitializeResourceLite
KeWaitForMultipleObjects
KeAcquireSpinLockAtDpcLevel
ExDeleteNPagedLookasideList
KeAcquireSpinLockRaiseToDpc
KeDelayExecutionThread
KeInitializeDpc
KeInitializeTimer
KeSetTimer
KeCancelTimer

Sections

.text
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sounds/Drivers/NNSDhcp/WVista/nnsdhcp.cat
Sounds/Drivers/NNSDhcp/WVista/nnsdhcp.inf
Sounds/Drivers/NNSDhcp/nnsdhcp.cat
Sounds/Drivers/NNSDhcp/nnsdhcp.inf
Sounds/Drivers/NNSDns/NNSDns.sys
.exe windows x64

Password: 1234

e77f2b001c1604a8d12f501b02a2959e

Code Sign

01:85:df:b2:66:16:5f:52:02:5e:7a:5b:14:97:f4:7d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-01-2021 00:00

Not After

23-01-2024 23:59

Subject

SERIALNUMBER=602 715 217,CN=WatchGuard Technologies\, Inc.,O=WatchGuard Technologies\, Inc.,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a57617368696e67746f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:57:ee:4d:65:9a:92:3e:7c:10:00:00:00:00:00:57
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-06-2022 18:08

Not After

01-06-2023 18:08

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-10-2014 20:31

Not After

15-10-2029 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bb:d2:69:31:da:60:8b:10:29:f5:e5:1d:5b:95:74:2b:cb:a0:45:d9:bd:72:cd:2b:2f:44:53:7c:6c:94:c3:49
Signer

Actual PE Digest

bb:d2:69:31:da:60:8b:10:29:f5:e5:1d:5b:95:74:2b:cb:a0:45:d9:bd:72:cd:2b:2f:44:53:7c:6c:94:c3:49

Digest Algorithm

sha256

PE Digest Matches

true

bb:d2:69:31:da:60:8b:10:29:f5:e5:1d:5b:95:74:2b:cb:a0:45:d9:bd:72:cd:2b:2f:44:53:7c:6c:94:c3:49
Signer

Actual PE Digest

bb:d2:69:31:da:60:8b:10:29:f5:e5:1d:5b:95:74:2b:cb:a0:45:d9:bd:72:cd:2b:2f:44:53:7c:6c:94:c3:49

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

strstr
ExAllocatePoolWithTag
IoWMIRegistrationControl
IoBuildDeviceIoControlRequest
ExFreePoolWithTag
IoWMIWriteEvent
RtlInitUnicodeString
IoDeleteDevice
MmGetSystemRoutineAddress
IoGetDeviceObjectPointer
IofCompleteRequest
RtlCompareMemory
ObfDereferenceObject
IoCreateDevice
IofCallDriver
KeBugCheckEx
ExAcquireResourceExclusiveLite
KeClearEvent
KeResetEvent
ExReleaseFastMutex
KeLeaveCriticalRegion
ExInitializeNPagedLookasideList
ExAcquireFastMutex
KeSetEvent
ExpInterlockedPushEntrySList
KeInitializeEvent
KeReleaseSpinLock
ExpInterlockedPopEntrySList
KeReleaseSpinLockFromDpcLevel
KeEnterCriticalRegion
ExDeletePagedLookasideList
PsCreateSystemThread
PsTerminateSystemThread
ExAcquireResourceSharedLite
ExReleaseResourceLite
ZwClose
ExQueryDepthSList
ObReferenceObjectByHandle
KeWaitForSingleObject
ExDeleteResourceLite
ExInitializePagedLookasideList
ExInitializeResourceLite
KeWaitForMultipleObjects
KeAcquireSpinLockAtDpcLevel
ExDeleteNPagedLookasideList
KeAcquireSpinLockRaiseToDpc
isdigit
KeDelayExecutionThread
KeInitializeDpc
KeInitializeTimer
KeSetTimer
KeCancelTimer

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sounds/Drivers/NNSDns/WVista/NNSDns.sys
.exe windows x64

Password: 1234

e77f2b001c1604a8d12f501b02a2959e

Code Sign

33:00:00:00:dc:34:1a:52:0f:bb:cf:3d:8c:00:00:00:00:00:dc
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10-03-2022 19:58

Not After

08-03-2023 19:58

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18-04-2012 23:48

Not After

18-04-2027 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:85:df:b2:66:16:5f:52:02:5e:7a:5b:14:97:f4:7d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-01-2021 00:00

Not After

23-01-2024 23:59

Subject

SERIALNUMBER=602 715 217,CN=WatchGuard Technologies\, Inc.,O=WatchGuard Technologies\, Inc.,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a57617368696e67746f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bb:d2:69:31:da:60:8b:10:29:f5:e5:1d:5b:95:74:2b:cb:a0:45:d9:bd:72:cd:2b:2f:44:53:7c:6c:94:c3:49
Signer

Actual PE Digest

bb:d2:69:31:da:60:8b:10:29:f5:e5:1d:5b:95:74:2b:cb:a0:45:d9:bd:72:cd:2b:2f:44:53:7c:6c:94:c3:49

Digest Algorithm

sha256

PE Digest Matches

true

bb:d2:69:31:da:60:8b:10:29:f5:e5:1d:5b:95:74:2b:cb:a0:45:d9:bd:72:cd:2b:2f:44:53:7c:6c:94:c3:49
Signer

Actual PE Digest

bb:d2:69:31:da:60:8b:10:29:f5:e5:1d:5b:95:74:2b:cb:a0:45:d9:bd:72:cd:2b:2f:44:53:7c:6c:94:c3:49

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

strstr
ExAllocatePoolWithTag
IoWMIRegistrationControl
IoBuildDeviceIoControlRequest
ExFreePoolWithTag
IoWMIWriteEvent
RtlInitUnicodeString
IoDeleteDevice
MmGetSystemRoutineAddress
IoGetDeviceObjectPointer
IofCompleteRequest
RtlCompareMemory
ObfDereferenceObject
IoCreateDevice
IofCallDriver
KeBugCheckEx
ExAcquireResourceExclusiveLite
KeClearEvent
KeResetEvent
ExReleaseFastMutex
KeLeaveCriticalRegion
ExInitializeNPagedLookasideList
ExAcquireFastMutex
KeSetEvent
ExpInterlockedPushEntrySList
KeInitializeEvent
KeReleaseSpinLock
ExpInterlockedPopEntrySList
KeReleaseSpinLockFromDpcLevel
KeEnterCriticalRegion
ExDeletePagedLookasideList
PsCreateSystemThread
PsTerminateSystemThread
ExAcquireResourceSharedLite
ExReleaseResourceLite
ZwClose
ExQueryDepthSList
ObReferenceObjectByHandle
KeWaitForSingleObject
ExDeleteResourceLite
ExInitializePagedLookasideList
ExInitializeResourceLite
KeWaitForMultipleObjects
KeAcquireSpinLockAtDpcLevel
ExDeleteNPagedLookasideList
KeAcquireSpinLockRaiseToDpc
isdigit
KeDelayExecutionThread
KeInitializeDpc
KeInitializeTimer
KeSetTimer
KeCancelTimer

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sounds/Drivers/NNSDns/WVista/nnsdns.cat
Sounds/Drivers/NNSDns/WVista/nnsdns.inf
Sounds/Drivers/NNSDns/nnsdns.cat
Sounds/Drivers/NNSDns/nnsdns.inf
Sounds/Drivers/NNSHttp/NNSHttp.sys
.exe windows x64

Password: 1234

1c245e7c7bb2ad1e107bb32ae2057795

Code Sign

01:85:df:b2:66:16:5f:52:02:5e:7a:5b:14:97:f4:7d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-01-2021 00:00

Not After

23-01-2024 23:59

Subject

SERIALNUMBER=602 715 217,CN=WatchGuard Technologies\, Inc.,O=WatchGuard Technologies\, Inc.,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a57617368696e67746f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:57:ee:4d:65:9a:92:3e:7c:10:00:00:00:00:00:57
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-06-2022 18:08

Not After

01-06-2023 18:08

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-10-2014 20:31

Not After

15-10-2029 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e7:1c:d1:e1:34:c7:87:0e:e0:5c:22:6d:b4:60:1e:2a:64:b4:ae:86:71:5c:44:9a:72:21:d0:3d:b8:29:8b:7e
Signer

Actual PE Digest

e7:1c:d1:e1:34:c7:87:0e:e0:5c:22:6d:b4:60:1e:2a:64:b4:ae:86:71:5c:44:9a:72:21:d0:3d:b8:29:8b:7e

Digest Algorithm

sha256

PE Digest Matches

true

e7:1c:d1:e1:34:c7:87:0e:e0:5c:22:6d:b4:60:1e:2a:64:b4:ae:86:71:5c:44:9a:72:21:d0:3d:b8:29:8b:7e
Signer

Actual PE Digest

e7:1c:d1:e1:34:c7:87:0e:e0:5c:22:6d:b4:60:1e:2a:64:b4:ae:86:71:5c:44:9a:72:21:d0:3d:b8:29:8b:7e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoWMIRegistrationControl
IoBuildDeviceIoControlRequest
ExFreePoolWithTag
IoWMIWriteEvent
RtlInitUnicodeString
IoDeleteDevice
MmGetSystemRoutineAddress
IoGetDeviceObjectPointer
IofCompleteRequest
RtlCompareMemory
ObfDereferenceObject
IoCreateDevice
IofCallDriver
_stricmp
_strnicmp
strstr
atoi
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
RtlUnicodeStringToInteger
KeBugCheckEx
RtlUnicodeToMultiByteN
ExAcquireResourceExclusiveLite
KeClearEvent
KeResetEvent
ExReleaseFastMutex
KeLeaveCriticalRegion
ExAcquireFastMutex
KeSetEvent
KeInitializeEvent
KeReleaseSpinLock
KeReleaseSpinLockFromDpcLevel
KeEnterCriticalRegion
PsCreateSystemThread
PsTerminateSystemThread
ExAcquireResourceSharedLite
ExReleaseResourceLite
ZwClose
ObReferenceObjectByHandle
KeWaitForSingleObject
ExDeleteResourceLite
ExInitializeResourceLite
KeWaitForMultipleObjects
KeAcquireSpinLockAtDpcLevel
KeAcquireSpinLockRaiseToDpc
KeInitializeDpc
KeInitializeTimer
KeSetTimer
KeCancelTimer
tolower

Sections

.text
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sounds/Drivers/NNSHttp/WVista/NNSHttp.sys
.exe windows x64

Password: 1234

1c245e7c7bb2ad1e107bb32ae2057795

Code Sign

33:00:00:00:dc:34:1a:52:0f:bb:cf:3d:8c:00:00:00:00:00:dc
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10-03-2022 19:58

Not After

08-03-2023 19:58

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18-04-2012 23:48

Not After

18-04-2027 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:85:df:b2:66:16:5f:52:02:5e:7a:5b:14:97:f4:7d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-01-2021 00:00

Not After

23-01-2024 23:59

Subject

SERIALNUMBER=602 715 217,CN=WatchGuard Technologies\, Inc.,O=WatchGuard Technologies\, Inc.,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a57617368696e67746f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e7:1c:d1:e1:34:c7:87:0e:e0:5c:22:6d:b4:60:1e:2a:64:b4:ae:86:71:5c:44:9a:72:21:d0:3d:b8:29:8b:7e
Signer

Actual PE Digest

e7:1c:d1:e1:34:c7:87:0e:e0:5c:22:6d:b4:60:1e:2a:64:b4:ae:86:71:5c:44:9a:72:21:d0:3d:b8:29:8b:7e

Digest Algorithm

sha256

PE Digest Matches

true

e7:1c:d1:e1:34:c7:87:0e:e0:5c:22:6d:b4:60:1e:2a:64:b4:ae:86:71:5c:44:9a:72:21:d0:3d:b8:29:8b:7e
Signer

Actual PE Digest

e7:1c:d1:e1:34:c7:87:0e:e0:5c:22:6d:b4:60:1e:2a:64:b4:ae:86:71:5c:44:9a:72:21:d0:3d:b8:29:8b:7e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoWMIRegistrationControl
IoBuildDeviceIoControlRequest
ExFreePoolWithTag
IoWMIWriteEvent
RtlInitUnicodeString
IoDeleteDevice
MmGetSystemRoutineAddress
IoGetDeviceObjectPointer
IofCompleteRequest
RtlCompareMemory
ObfDereferenceObject
IoCreateDevice
IofCallDriver
_stricmp
_strnicmp
strstr
atoi
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
RtlUnicodeStringToInteger
KeBugCheckEx
RtlUnicodeToMultiByteN
ExAcquireResourceExclusiveLite
KeClearEvent
KeResetEvent
ExReleaseFastMutex
KeLeaveCriticalRegion
ExAcquireFastMutex
KeSetEvent
KeInitializeEvent
KeReleaseSpinLock
KeReleaseSpinLockFromDpcLevel
KeEnterCriticalRegion
PsCreateSystemThread
PsTerminateSystemThread
ExAcquireResourceSharedLite
ExReleaseResourceLite
ZwClose
ObReferenceObjectByHandle
KeWaitForSingleObject
ExDeleteResourceLite
ExInitializeResourceLite
KeWaitForMultipleObjects
KeAcquireSpinLockAtDpcLevel
KeAcquireSpinLockRaiseToDpc
KeInitializeDpc
KeInitializeTimer
KeSetTimer
KeCancelTimer
tolower

Sections

.text
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sounds/Drivers/NNSHttp/WVista/nnshttp.cat
Sounds/Drivers/NNSHttp/WVista/nnshttp.inf
Sounds/Drivers/NNSHttp/nnshttp.cat
Sounds/Drivers/NNSHttp/nnshttp.inf
Sounds/Drivers/NNSHttps/NNSHttps.sys
.exe windows x64

e56594fd3cacf09c74e083c6ff3fa3c9

Code Sign

01:85:df:b2:66:16:5f:52:02:5e:7a:5b:14:97:f4:7d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-01-2021 00:00

Not After

23-01-2024 23:59

Subject

SERIALNUMBER=602 715 217,CN=WatchGuard Technologies\, Inc.,O=WatchGuard Technologies\, Inc.,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a57617368696e67746f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:57:ee:4d:65:9a:92:3e:7c:10:00:00:00:00:00:57
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-06-2022 18:08

Not After

01-06-2023 18:08

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-10-2014 20:31

Not After

15-10-2029 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ac:fe:f5:8c:3a:5c:cf:8d:6f:51:b3:6a:6e:49:d9:35:90:ae:f5:a3:ed:63:0f:36:46:8c:9d:48:9d:08:3e:c2
Signer

Actual PE Digest

ac:fe:f5:8c:3a:5c:cf:8d:6f:51:b3:6a:6e:49:d9:35:90:ae:f5:a3:ed:63:0f:36:46:8c:9d:48:9d:08:3e:c2

Digest Algorithm

sha256

PE Digest Matches

true

ac:fe:f5:8c:3a:5c:cf:8d:6f:51:b3:6a:6e:49:d9:35:90:ae:f5:a3:ed:63:0f:36:46:8c:9d:48:9d:08:3e:c2
Signer

Actual PE Digest

ac:fe:f5:8c:3a:5c:cf:8d:6f:51:b3:6a:6e:49:d9:35:90:ae:f5:a3:ed:63:0f:36:46:8c:9d:48:9d:08:3e:c2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoWMIRegistrationControl
IoBuildDeviceIoControlRequest
ExFreePoolWithTag
IoWMIWriteEvent
RtlInitUnicodeString
IoDeleteDevice
MmGetSystemRoutineAddress
IoGetDeviceObjectPointer
IofCompleteRequest
RtlCompareMemory
ObfDereferenceObject
IoCreateDevice
IofCallDriver
KeBugCheckEx
RtlUnicodeToMultiByteN
ExAcquireResourceExclusiveLite
KeClearEvent
KeResetEvent
ExReleaseFastMutex
KeLeaveCriticalRegion
ExInitializeNPagedLookasideList
ExAcquireFastMutex
KeSetEvent
ExpInterlockedPushEntrySList
KeInitializeEvent
KeReleaseSpinLock
ExpInterlockedPopEntrySList
KeReleaseSpinLockFromDpcLevel
KeEnterCriticalRegion
ExDeletePagedLookasideList
PsCreateSystemThread
PsTerminateSystemThread
ExAcquireResourceSharedLite
ExReleaseResourceLite
ZwClose
ExQueryDepthSList
ObReferenceObjectByHandle
KeWaitForSingleObject
ExDeleteResourceLite
ExInitializePagedLookasideList
ExInitializeResourceLite
KeWaitForMultipleObjects
KeAcquireSpinLockAtDpcLevel
ExDeleteNPagedLookasideList
KeAcquireSpinLockRaiseToDpc
KeInitializeDpc
KeInitializeTimer
KeSetTimer
KeCancelTimer
KeDelayExecutionThread
__C_specific_handler

Sections

.text
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sounds/Drivers/NNSHttps/WVista/NNSHttps.sys
.exe windows x64

e56594fd3cacf09c74e083c6ff3fa3c9

Code Sign

33:00:00:00:dc:34:1a:52:0f:bb:cf:3d:8c:00:00:00:00:00:dc
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10-03-2022 19:58

Not After

08-03-2023 19:58

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18-04-2012 23:48

Not After

18-04-2027 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:85:df:b2:66:16:5f:52:02:5e:7a:5b:14:97:f4:7d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-01-2021 00:00

Not After

23-01-2024 23:59

Subject

SERIALNUMBER=602 715 217,CN=WatchGuard Technologies\, Inc.,O=WatchGuard Technologies\, Inc.,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a57617368696e67746f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ac:fe:f5:8c:3a:5c:cf:8d:6f:51:b3:6a:6e:49:d9:35:90:ae:f5:a3:ed:63:0f:36:46:8c:9d:48:9d:08:3e:c2
Signer

Actual PE Digest

ac:fe:f5:8c:3a:5c:cf:8d:6f:51:b3:6a:6e:49:d9:35:90:ae:f5:a3:ed:63:0f:36:46:8c:9d:48:9d:08:3e:c2

Digest Algorithm

sha256

PE Digest Matches

true

ac:fe:f5:8c:3a:5c:cf:8d:6f:51:b3:6a:6e:49:d9:35:90:ae:f5:a3:ed:63:0f:36:46:8c:9d:48:9d:08:3e:c2
Signer

Actual PE Digest

ac:fe:f5:8c:3a:5c:cf:8d:6f:51:b3:6a:6e:49:d9:35:90:ae:f5:a3:ed:63:0f:36:46:8c:9d:48:9d:08:3e:c2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoWMIRegistrationControl
IoBuildDeviceIoControlRequest
ExFreePoolWithTag
IoWMIWriteEvent
RtlInitUnicodeString
IoDeleteDevice
MmGetSystemRoutineAddress
IoGetDeviceObjectPointer
IofCompleteRequest
RtlCompareMemory
ObfDereferenceObject
IoCreateDevice
IofCallDriver
KeBugCheckEx
RtlUnicodeToMultiByteN
ExAcquireResourceExclusiveLite
KeClearEvent
KeResetEvent
ExReleaseFastMutex
KeLeaveCriticalRegion
ExInitializeNPagedLookasideList
ExAcquireFastMutex
KeSetEvent
ExpInterlockedPushEntrySList
KeInitializeEvent
KeReleaseSpinLock
ExpInterlockedPopEntrySList
KeReleaseSpinLockFromDpcLevel
KeEnterCriticalRegion
ExDeletePagedLookasideList
PsCreateSystemThread
PsTerminateSystemThread
ExAcquireResourceSharedLite
ExReleaseResourceLite
ZwClose
ExQueryDepthSList
ObReferenceObjectByHandle
KeWaitForSingleObject
ExDeleteResourceLite
ExInitializePagedLookasideList
ExInitializeResourceLite
KeWaitForMultipleObjects
KeAcquireSpinLockAtDpcLevel
ExDeleteNPagedLookasideList
KeAcquireSpinLockRaiseToDpc
KeInitializeDpc
KeInitializeTimer
KeSetTimer
KeCancelTimer
KeDelayExecutionThread
__C_specific_handler

Sections

.text
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sounds/Drivers/NNSHttps/WVista/nnshttps.cat
Sounds/Drivers/NNSHttps/WVista/nnshttps.inf
Sounds/Drivers/NNSHttps/nnshttps.cat
Sounds/Drivers/NNSHttps/nnshttps.inf
Sounds/Drivers/NNSIds/NNSIds.sys
.exe windows x64

64dc166a1bd2f56f7327738288388f78

Code Sign

01:85:df:b2:66:16:5f:52:02:5e:7a:5b:14:97:f4:7d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-01-2021 00:00

Not After

23-01-2024 23:59

Subject

SERIALNUMBER=602 715 217,CN=WatchGuard Technologies\, Inc.,O=WatchGuard Technologies\, Inc.,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a57617368696e67746f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:57:ee:4d:65:9a:92:3e:7c:10:00:00:00:00:00:57
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-06-2022 18:08

Not After

01-06-2023 18:08

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-10-2014 20:31

Not After

15-10-2029 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3c:2c:fc:ea:c5:39:39:2e:2e:37:d9:d4:c8:fb:bc:02:b2:65:bc:95:75:78:cc:24:9d:37:84:e0:aa:dd:21:0f
Signer

Actual PE Digest

3c:2c:fc:ea:c5:39:39:2e:2e:37:d9:d4:c8:fb:bc:02:b2:65:bc:95:75:78:cc:24:9d:37:84:e0:aa:dd:21:0f

Digest Algorithm

sha256

PE Digest Matches

true

3c:2c:fc:ea:c5:39:39:2e:2e:37:d9:d4:c8:fb:bc:02:b2:65:bc:95:75:78:cc:24:9d:37:84:e0:aa:dd:21:0f
Signer

Actual PE Digest

3c:2c:fc:ea:c5:39:39:2e:2e:37:d9:d4:c8:fb:bc:02:b2:65:bc:95:75:78:cc:24:9d:37:84:e0:aa:dd:21:0f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoWMIWriteEvent
KeInitializeMutex
RtlInitUnicodeString
MmGetSystemRoutineAddress
RtlCompareMemory
IofCallDriver
KeBugCheckEx
RtlUnicodeToMultiByteN
ExAcquireResourceExclusiveLite
KeClearEvent
KeResetEvent
ExReleaseFastMutex
KeLeaveCriticalRegion
ExInitializeNPagedLookasideList
ExAcquireFastMutex
KeSetEvent
ExpInterlockedPushEntrySList
KeInitializeEvent
KeReleaseSpinLock
ExpInterlockedPopEntrySList
KeReleaseSpinLockFromDpcLevel
KeEnterCriticalRegion
ExFreePoolWithTag
PsCreateSystemThread
PsTerminateSystemThread
ExAcquireResourceSharedLite
ExReleaseResourceLite
ZwClose
ExQueryDepthSList
ObReferenceObjectByHandle
KeWaitForSingleObject
ExDeleteResourceLite
ExInitializePagedLookasideList
ObfDereferenceObject
ExInitializeResourceLite
KeWaitForMultipleObjects
KeAcquireSpinLockAtDpcLevel
ExDeleteNPagedLookasideList
KeAcquireSpinLockRaiseToDpc
IoGetDeviceObjectPointer
RtlUnicodeStringToInteger
KeInitializeDpc
KeInitializeTimer
KeSetTimer
KeCancelTimer
KeDelayExecutionThread
IoWMIRegistrationControl
ExDeletePagedLookasideList
ExAllocatePoolWithTag
IoBuildDeviceIoControlRequest

hal

KeStallExecutionProcessor
KeQueryPerformanceCounter

Sections

.text
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sounds/Drivers/NNSIds/WVista/NNSIds.sys
.exe windows x64

64dc166a1bd2f56f7327738288388f78

Code Sign

33:00:00:00:dc:34:1a:52:0f:bb:cf:3d:8c:00:00:00:00:00:dc
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10-03-2022 19:58

Not After

08-03-2023 19:58

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18-04-2012 23:48

Not After

18-04-2027 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:85:df:b2:66:16:5f:52:02:5e:7a:5b:14:97:f4:7d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-01-2021 00:00

Not After

23-01-2024 23:59

Subject

SERIALNUMBER=602 715 217,CN=WatchGuard Technologies\, Inc.,O=WatchGuard Technologies\, Inc.,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a57617368696e67746f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3c:2c:fc:ea:c5:39:39:2e:2e:37:d9:d4:c8:fb:bc:02:b2:65:bc:95:75:78:cc:24:9d:37:84:e0:aa:dd:21:0f
Signer

Actual PE Digest

3c:2c:fc:ea:c5:39:39:2e:2e:37:d9:d4:c8:fb:bc:02:b2:65:bc:95:75:78:cc:24:9d:37:84:e0:aa:dd:21:0f

Digest Algorithm

sha256

PE Digest Matches

true

3c:2c:fc:ea:c5:39:39:2e:2e:37:d9:d4:c8:fb:bc:02:b2:65:bc:95:75:78:cc:24:9d:37:84:e0:aa:dd:21:0f
Signer

Actual PE Digest

3c:2c:fc:ea:c5:39:39:2e:2e:37:d9:d4:c8:fb:bc:02:b2:65:bc:95:75:78:cc:24:9d:37:84:e0:aa:dd:21:0f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoWMIWriteEvent
KeInitializeMutex
RtlInitUnicodeString
MmGetSystemRoutineAddress
RtlCompareMemory
IofCallDriver
KeBugCheckEx
RtlUnicodeToMultiByteN
ExAcquireResourceExclusiveLite
KeClearEvent
KeResetEvent
ExReleaseFastMutex
KeLeaveCriticalRegion
ExInitializeNPagedLookasideList
ExAcquireFastMutex
KeSetEvent
ExpInterlockedPushEntrySList
KeInitializeEvent
KeReleaseSpinLock
ExpInterlockedPopEntrySList
KeReleaseSpinLockFromDpcLevel
KeEnterCriticalRegion
ExFreePoolWithTag
PsCreateSystemThread
PsTerminateSystemThread
ExAcquireResourceSharedLite
ExReleaseResourceLite
ZwClose
ExQueryDepthSList
ObReferenceObjectByHandle
KeWaitForSingleObject
ExDeleteResourceLite
ExInitializePagedLookasideList
ObfDereferenceObject
ExInitializeResourceLite
KeWaitForMultipleObjects
KeAcquireSpinLockAtDpcLevel
ExDeleteNPagedLookasideList
KeAcquireSpinLockRaiseToDpc
IoGetDeviceObjectPointer
RtlUnicodeStringToInteger
KeInitializeDpc
KeInitializeTimer
KeSetTimer
KeCancelTimer
KeDelayExecutionThread
IoWMIRegistrationControl
ExDeletePagedLookasideList
ExAllocatePoolWithTag
IoBuildDeviceIoControlRequest

hal

KeStallExecutionProcessor
KeQueryPerformanceCounter

Sections

.text
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sounds/Drivers/NNSIds/WVista/nnsids.cat
Sounds/Drivers/NNSIds/WVista/nnsids.inf
Sounds/Drivers/NNSIds/nnsids.cat
Sounds/Drivers/NNSIds/nnsids.inf
Sounds/Drivers/NNSNHWFP/NNSNHWFP.inf
Sounds/Drivers/NNSNHWFP/NNSNHWFP.sys
.exe windows x64

7d137fadd7b28d6453ea16a3046e199e

Code Sign

01:85:df:b2:66:16:5f:52:02:5e:7a:5b:14:97:f4:7d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-01-2021 00:00

Not After

23-01-2024 23:59

Subject

SERIALNUMBER=602 715 217,CN=WatchGuard Technologies\, Inc.,O=WatchGuard Technologies\, Inc.,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a57617368696e67746f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:57:ee:4d:65:9a:92:3e:7c:10:00:00:00:00:00:57
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-06-2022 18:08

Not After

01-06-2023 18:08

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-10-2014 20:31

Not After

15-10-2029 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:5c:3c:7f:be:a2:43:2a:5b:57:f2:c6:c0:6c:b5:6d:f7:d5:ce:05:74:94:61:19:71:63:bc:91:d4:4b:d4:32
Signer

Actual PE Digest

01:5c:3c:7f:be:a2:43:2a:5b:57:f2:c6:c0:6c:b5:6d:f7:d5:ce:05:74:94:61:19:71:63:bc:91:d4:4b:d4:32

Digest Algorithm

sha256

PE Digest Matches

true

01:5c:3c:7f:be:a2:43:2a:5b:57:f2:c6:c0:6c:b5:6d:f7:d5:ce:05:74:94:61:19:71:63:bc:91:d4:4b:d4:32
Signer

Actual PE Digest

01:5c:3c:7f:be:a2:43:2a:5b:57:f2:c6:c0:6c:b5:6d:f7:d5:ce:05:74:94:61:19:71:63:bc:91:d4:4b:d4:32

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ndis.sys

NdisFreeMemory
NdisAllocateMemoryWithTagPriority
NdisAllocateMdl
NdisFreeMdl
NdisAllocateMemoryWithTag
NdisAllocateNetBufferPool
NdisFreeNetBufferPool
NdisAllocateNetBuffer
NdisFreeNetBuffer
NdisAllocateNetBufferListPool
NdisFreeNetBufferListPool
NdisRetreatNetBufferListDataStart
NdisAdvanceNetBufferListDataStart
NdisGetDataBuffer
NdisCopyFromNetBufferToNetBuffer
NdisCopySendNetBufferListInfo
NdisCopyReceiveNetBufferListInfo

fwpkclnt.sys

FwpsCalloutRegister0
FwpsCalloutRegister1
FwpsCalloutUnregisterById0
FwpsFlowAssociateContext0
FwpsFlowRemoveContext0
FwpsQueryPacketInjectionState0
FwpmBfeStateGet0
FwpmBfeStateSubscribeChanges0
FwpmBfeStateUnsubscribeChanges0
FwpmEngineOpen0
FwpmEngineClose0
FwpmTransactionBegin0
FwpmTransactionCommit0
FwpmTransactionAbort0
FwpmProviderAdd0
FwpmSubLayerAdd0
FwpmCalloutAdd0
FwpmFilterAdd0
FwpsAllocateNetBufferAndNetBufferList0
FwpsFreeNetBufferList0
FwpsInjectMacReceiveAsync0
FwpsInjectMacSendAsync0
FwpsInjectionHandleCreate0
FwpsInjectionHandleDestroy0

ntoskrnl.exe

strcpy_s
wcscpy_s
RtlInitUnicodeString
KeInitializeSpinLock
KeAcquireInStackQueuedSpinLock
KeReleaseInStackQueuedSpinLock
ExAllocatePoolWithTag
ExFreePoolWithTag
IoCreateDevice
IoDeleteDevice
PsGetCurrentProcessId
PsGetCurrentThreadId
swscanf_s
KeInitializeEvent
KeWaitForSingleObject
IoBuildDeviceIoControlRequest
IofCallDriver
IofCompleteRequest
IoGetDeviceObjectPointer
ObfDereferenceObject
KeDelayExecutionThread
MmGetSystemRoutineAddress
IoWMIRegistrationControl
ExQueryDepthSList
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
MmMapLockedPagesSpecifyCache
ZwClose
ZwCreateKey
ZwQueryValueKey
ZwSetValueKey
KeClearEvent
KeResetEvent
KeSetEvent
KeWaitForMultipleObjects
KeAcquireSpinLockAtDpcLevel
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
KeReleaseSpinLockFromDpcLevel
ExAcquireFastMutex
ExReleaseFastMutex
ExInitializePagedLookasideList
ExDeletePagedLookasideList
PsCreateSystemThread
PsTerminateSystemThread
ObReferenceObjectByHandle
sprintf_s
KeBugCheckEx
KeCancelTimer

Sections

.text
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sounds/Drivers/NNSNHWFP/W8/NNSNHWFP.inf
Sounds/Drivers/NNSNHWFP/W8/NNSNHWFP.sys
.exe windows x64

7d137fadd7b28d6453ea16a3046e199e

Code Sign

33:00:00:00:dc:34:1a:52:0f:bb:cf:3d:8c:00:00:00:00:00:dc
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10-03-2022 19:58

Not After

08-03-2023 19:58

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18-04-2012 23:48

Not After

18-04-2027 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:85:df:b2:66:16:5f:52:02:5e:7a:5b:14:97:f4:7d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-01-2021 00:00

Not After

23-01-2024 23:59

Subject

SERIALNUMBER=602 715 217,CN=WatchGuard Technologies\, Inc.,O=WatchGuard Technologies\, Inc.,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a57617368696e67746f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:5c:3c:7f:be:a2:43:2a:5b:57:f2:c6:c0:6c:b5:6d:f7:d5:ce:05:74:94:61:19:71:63:bc:91:d4:4b:d4:32
Signer

Actual PE Digest

01:5c:3c:7f:be:a2:43:2a:5b:57:f2:c6:c0:6c:b5:6d:f7:d5:ce:05:74:94:61:19:71:63:bc:91:d4:4b:d4:32

Digest Algorithm

sha256

PE Digest Matches

true

01:5c:3c:7f:be:a2:43:2a:5b:57:f2:c6:c0:6c:b5:6d:f7:d5:ce:05:74:94:61:19:71:63:bc:91:d4:4b:d4:32
Signer

Actual PE Digest

01:5c:3c:7f:be:a2:43:2a:5b:57:f2:c6:c0:6c:b5:6d:f7:d5:ce:05:74:94:61:19:71:63:bc:91:d4:4b:d4:32

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ndis.sys

NdisFreeMemory
NdisAllocateMemoryWithTagPriority
NdisAllocateMdl
NdisFreeMdl
NdisAllocateMemoryWithTag
NdisAllocateNetBufferPool
NdisFreeNetBufferPool
NdisAllocateNetBuffer
NdisFreeNetBuffer
NdisAllocateNetBufferListPool
NdisFreeNetBufferListPool
NdisRetreatNetBufferListDataStart
NdisAdvanceNetBufferListDataStart
NdisGetDataBuffer
NdisCopyFromNetBufferToNetBuffer
NdisCopySendNetBufferListInfo
NdisCopyReceiveNetBufferListInfo

fwpkclnt.sys

FwpsCalloutRegister0
FwpsCalloutRegister1
FwpsCalloutUnregisterById0
FwpsFlowAssociateContext0
FwpsFlowRemoveContext0
FwpsQueryPacketInjectionState0
FwpmBfeStateGet0
FwpmBfeStateSubscribeChanges0
FwpmBfeStateUnsubscribeChanges0
FwpmEngineOpen0
FwpmEngineClose0
FwpmTransactionBegin0
FwpmTransactionCommit0
FwpmTransactionAbort0
FwpmProviderAdd0
FwpmSubLayerAdd0
FwpmCalloutAdd0
FwpmFilterAdd0
FwpsAllocateNetBufferAndNetBufferList0
FwpsFreeNetBufferList0
FwpsInjectMacReceiveAsync0
FwpsInjectMacSendAsync0
FwpsInjectionHandleCreate0
FwpsInjectionHandleDestroy0

ntoskrnl.exe

strcpy_s
wcscpy_s
RtlInitUnicodeString
KeInitializeSpinLock
KeAcquireInStackQueuedSpinLock
KeReleaseInStackQueuedSpinLock
ExAllocatePoolWithTag
ExFreePoolWithTag
IoCreateDevice
IoDeleteDevice
PsGetCurrentProcessId
PsGetCurrentThreadId
swscanf_s
KeInitializeEvent
KeWaitForSingleObject
IoBuildDeviceIoControlRequest
IofCallDriver
IofCompleteRequest
IoGetDeviceObjectPointer
ObfDereferenceObject
KeDelayExecutionThread
MmGetSystemRoutineAddress
IoWMIRegistrationControl
ExQueryDepthSList
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
MmMapLockedPagesSpecifyCache
ZwClose
ZwCreateKey
ZwQueryValueKey
ZwSetValueKey
KeClearEvent
KeResetEvent
KeSetEvent
KeWaitForMultipleObjects
KeAcquireSpinLockAtDpcLevel
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
KeReleaseSpinLockFromDpcLevel
ExAcquireFastMutex
ExReleaseFastMutex
ExInitializePagedLookasideList
ExDeletePagedLookasideList
PsCreateSystemThread
PsTerminateSystemThread
ObReferenceObjectByHandle
sprintf_s
KeBugCheckEx
KeCancelTimer

Sections

.text
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sounds/Drivers/NNSNHWFP/W8/nnsnhwfp.cat
Sounds/Drivers/NNSNHWFP/nnsnhwfp.cat
Sounds/Drivers/NNSNahsL/W8/NNSNAHSL.sys
.exe windows x64

fa33d5f7b39cfaa31f6dfff8ae848b9e

Code Sign

33:00:00:00:dc:34:1a:52:0f:bb:cf:3d:8c:00:00:00:00:00:dc
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10-03-2022 19:58

Not After

08-03-2023 19:58

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18-04-2012 23:48

Not After

18-04-2027 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:85:df:b2:66:16:5f:52:02:5e:7a:5b:14:97:f4:7d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-01-2021 00:00

Not After

23-01-2024 23:59

Subject

SERIALNUMBER=602 715 217,CN=WatchGuard Technologies\, Inc.,O=WatchGuard Technologies\, Inc.,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a57617368696e67746f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

db:cd:d5:ca:26:4c:84:ea:db:78:df:7b:09:a9:45:39:0c:d1:d0:88:4a:a6:d1:95:1d:49:98:2e:f5:07:69:8d
Signer

Actual PE Digest

db:cd:d5:ca:26:4c:84:ea:db:78:df:7b:09:a9:45:39:0c:d1:d0:88:4a:a6:d1:95:1d:49:98:2e:f5:07:69:8d

Digest Algorithm

sha256

PE Digest Matches

true

db:cd:d5:ca:26:4c:84:ea:db:78:df:7b:09:a9:45:39:0c:d1:d0:88:4a:a6:d1:95:1d:49:98:2e:f5:07:69:8d
Signer

Actual PE Digest

db:cd:d5:ca:26:4c:84:ea:db:78:df:7b:09:a9:45:39:0c:d1:d0:88:4a:a6:d1:95:1d:49:98:2e:f5:07:69:8d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ndis.sys

NdisRegisterDeviceEx
NdisDeregisterDeviceEx
NdisGetDeviceReservedExtension
NdisFRestartFilter
NdisCloseConfiguration
NdisFreeMemory
NdisInitializeEvent
NdisSetEvent
NdisWaitEvent
NdisGetVersion
NdisOpenConfigurationEx
NdisAllocateMemoryWithTagPriority
NdisAllocateCloneOidRequest
NdisFreeCloneOidRequest
NdisAllocateNetBufferPool
NdisFreeNetBufferPool
NdisAllocateNetBuffer
NdisFreeNetBuffer
NdisAllocateNetBufferListPool
NdisFreeNetBufferListPool
NdisFreeNetBufferList
NdisAllocateCloneNetBufferList
NdisFreeCloneNetBufferList
NdisAllocateNetBufferAndNetBufferList
NdisGetDataBuffer
NdisCopyFromNetBufferToNetBuffer
NdisCopySendNetBufferListInfo
NdisCopyReceiveNetBufferListInfo
NdisAllocateMdl
NdisFreeMdl
NdisFRegisterFilterDriver
NdisFDeregisterFilterDriver
NdisFSetAttributes
NdisFSendNetBufferLists
NdisFReturnNetBufferLists
NdisFSendNetBufferListsComplete
NdisFIndicateReceiveNetBufferLists
NdisFOidRequest
NdisFOidRequestComplete
NdisFIndicateStatus
NdisFDevicePnPEventNotify
NdisFNetPnPEvent
NdisFCancelSendNetBufferLists

ntoskrnl.exe

RtlInitUnicodeString
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
IofCompleteRequest
memcpy_s
MmGetSystemRoutineAddress
RtlEqualUnicodeString
RtlGetVersion
RtlCompareMemory
KeInitializeSpinLock
KeAcquireSpinLockAtDpcLevel
KeReleaseSpinLockFromDpcLevel
KeAcquireInStackQueuedSpinLock
KeReleaseInStackQueuedSpinLock
ExAllocatePoolWithTag
ExFreePoolWithTag
ExQueryDepthSList
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
MmMapLockedPagesSpecifyCache
IoWMIRegistrationControl
ZwClose
ZwOpenKey
ZwEnumerateKey
ZwQueryValueKey
ZwCreateKey
ZwSetValueKey
IoBuildDeviceIoControlRequest
IofCallDriver
IoGetDeviceObjectPointer
ObfDereferenceObject

Sections

.text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sounds/Drivers/NNSNahsL/W8/nnsnahsl.cat
Sounds/Drivers/NNSNahsL/W8/nnsnahsl.inf
Sounds/Drivers/NNSPop3/NNSPop3.sys
.exe windows x64

8f1c40326087ac5466699c9400fd6c2c

Code Sign

01:85:df:b2:66:16:5f:52:02:5e:7a:5b:14:97:f4:7d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-01-2021 00:00

Not After

23-01-2024 23:59

Subject

SERIALNUMBER=602 715 217,CN=WatchGuard Technologies\, Inc.,O=WatchGuard Technologies\, Inc.,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a57617368696e67746f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:57:ee:4d:65:9a:92:3e:7c:10:00:00:00:00:00:57
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-06-2022 18:08

Not After

01-06-2023 18:08

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-10-2014 20:31

Not After

15-10-2029 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

00:a2:28:59:42:0d:15:b3:70:d4:8d:c2:53:bb:7e:86:82:f6:eb:51:7a:e9:8a:f8:ee:c4:05:a2:44:8f:bb:37
Signer

Actual PE Digest

00:a2:28:59:42:0d:15:b3:70:d4:8d:c2:53:bb:7e:86:82:f6:eb:51:7a:e9:8a:f8:ee:c4:05:a2:44:8f:bb:37

Digest Algorithm

sha256

PE Digest Matches

true

00:a2:28:59:42:0d:15:b3:70:d4:8d:c2:53:bb:7e:86:82:f6:eb:51:7a:e9:8a:f8:ee:c4:05:a2:44:8f:bb:37
Signer

Actual PE Digest

00:a2:28:59:42:0d:15:b3:70:d4:8d:c2:53:bb:7e:86:82:f6:eb:51:7a:e9:8a:f8:ee:c4:05:a2:44:8f:bb:37

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoWMIRegistrationControl
IoBuildDeviceIoControlRequest
ExFreePoolWithTag
IoWMIWriteEvent
RtlInitUnicodeString
IoDeleteDevice
MmGetSystemRoutineAddress
IoGetDeviceObjectPointer
IofCompleteRequest
RtlCompareMemory
ObfDereferenceObject
IoCreateDevice
IofCallDriver
atoi
KeBugCheckEx
RtlUnicodeToMultiByteN
ExAcquireResourceExclusiveLite
KeClearEvent
KeResetEvent
ExReleaseFastMutex
KeLeaveCriticalRegion
ExAcquireFastMutex
KeSetEvent
KeInitializeEvent
KeReleaseSpinLock
KeReleaseSpinLockFromDpcLevel
KeEnterCriticalRegion
PsCreateSystemThread
PsTerminateSystemThread
ExAcquireResourceSharedLite
ExReleaseResourceLite
ZwClose
ObReferenceObjectByHandle
KeWaitForSingleObject
ExDeleteResourceLite
ExInitializeResourceLite
KeWaitForMultipleObjects
KeAcquireSpinLockAtDpcLevel
KeAcquireSpinLockRaiseToDpc
KeInitializeDpc
KeInitializeTimer
KeSetTimer
KeCancelTimer

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sounds/Drivers/NNSPop3/WVista/NNSPop3.sys
.exe windows x64

8f1c40326087ac5466699c9400fd6c2c

Code Sign

33:00:00:00:dc:34:1a:52:0f:bb:cf:3d:8c:00:00:00:00:00:dc
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10-03-2022 19:58

Not After

08-03-2023 19:58

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18-04-2012 23:48

Not After

18-04-2027 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:85:df:b2:66:16:5f:52:02:5e:7a:5b:14:97:f4:7d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-01-2021 00:00

Not After

23-01-2024 23:59

Subject

SERIALNUMBER=602 715 217,CN=WatchGuard Technologies\, Inc.,O=WatchGuard Technologies\, Inc.,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a57617368696e67746f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

00:a2:28:59:42:0d:15:b3:70:d4:8d:c2:53:bb:7e:86:82:f6:eb:51:7a:e9:8a:f8:ee:c4:05:a2:44:8f:bb:37
Signer

Actual PE Digest

00:a2:28:59:42:0d:15:b3:70:d4:8d:c2:53:bb:7e:86:82:f6:eb:51:7a:e9:8a:f8:ee:c4:05:a2:44:8f:bb:37

Digest Algorithm

sha256

PE Digest Matches

true

00:a2:28:59:42:0d:15:b3:70:d4:8d:c2:53:bb:7e:86:82:f6:eb:51:7a:e9:8a:f8:ee:c4:05:a2:44:8f:bb:37
Signer

Actual PE Digest

00:a2:28:59:42:0d:15:b3:70:d4:8d:c2:53:bb:7e:86:82:f6:eb:51:7a:e9:8a:f8:ee:c4:05:a2:44:8f:bb:37

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoWMIRegistrationControl
IoBuildDeviceIoControlRequest
ExFreePoolWithTag
IoWMIWriteEvent
RtlInitUnicodeString
IoDeleteDevice
MmGetSystemRoutineAddress
IoGetDeviceObjectPointer
IofCompleteRequest
RtlCompareMemory
ObfDereferenceObject
IoCreateDevice
IofCallDriver
atoi
KeBugCheckEx
RtlUnicodeToMultiByteN
ExAcquireResourceExclusiveLite
KeClearEvent
KeResetEvent
ExReleaseFastMutex
KeLeaveCriticalRegion
ExAcquireFastMutex
KeSetEvent
KeInitializeEvent
KeReleaseSpinLock
KeReleaseSpinLockFromDpcLevel
KeEnterCriticalRegion
PsCreateSystemThread
PsTerminateSystemThread
ExAcquireResourceSharedLite
ExReleaseResourceLite
ZwClose
ObReferenceObjectByHandle
KeWaitForSingleObject
ExDeleteResourceLite
ExInitializeResourceLite
KeWaitForMultipleObjects
KeAcquireSpinLockAtDpcLevel
KeAcquireSpinLockRaiseToDpc
KeInitializeDpc
KeInitializeTimer
KeSetTimer
KeCancelTimer

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sounds/Drivers/NNSPop3/WVista/nnspop3.cat
Sounds/Drivers/NNSPop3/WVista/nnspop3.inf
Sounds/Drivers/NNSPop3/nnspop3.cat
Sounds/Drivers/NNSPop3/nnspop3.inf
Sounds/Drivers/NNSProt/NNSProt.sys
.exe windows x64

13c15b2e7214bade09bbfaea21baf890

Code Sign

01:85:df:b2:66:16:5f:52:02:5e:7a:5b:14:97:f4:7d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-01-2021 00:00

Not After

23-01-2024 23:59

Subject

SERIALNUMBER=602 715 217,CN=WatchGuard Technologies\, Inc.,O=WatchGuard Technologies\, Inc.,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a57617368696e67746f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:57:ee:4d:65:9a:92:3e:7c:10:00:00:00:00:00:57
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-06-2022 18:08

Not After

01-06-2023 18:08

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-10-2014 20:31

Not After

15-10-2029 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6b:8a:ca:9d:e3:02:eb:34:59:30:9d:a8:ca:c8:ed:1f:8f:71:54:7d:fe:7c:98:b2:16:88:b7:63:27:9d:61:ef
Signer

Actual PE Digest

6b:8a:ca:9d:e3:02:eb:34:59:30:9d:a8:ca:c8:ed:1f:8f:71:54:7d:fe:7c:98:b2:16:88:b7:63:27:9d:61:ef

Digest Algorithm

sha256

PE Digest Matches

true

6b:8a:ca:9d:e3:02:eb:34:59:30:9d:a8:ca:c8:ed:1f:8f:71:54:7d:fe:7c:98:b2:16:88:b7:63:27:9d:61:ef
Signer

Actual PE Digest

6b:8a:ca:9d:e3:02:eb:34:59:30:9d:a8:ca:c8:ed:1f:8f:71:54:7d:fe:7c:98:b2:16:88:b7:63:27:9d:61:ef

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoWMIWriteEvent
RtlInitUnicodeString
MmGetSystemRoutineAddress
RtlCompareMemory
IofCallDriver
ExSystemTimeToLocalTime
RtlTimeToTimeFields
_wcsicmp
KeLeaveCriticalRegion
KeEnterCriticalRegion
RtlTimeFieldsToTime
ZwCreateKey
ZwSetValueKey
ZwQueryValueKey
ZwClose
KeBugCheckEx
RtlAnsiCharToUnicodeChar
RtlUnicodeToMultiByteN
ExAcquireResourceExclusiveLite
KeClearEvent
KeResetEvent
ExReleaseFastMutex
ExInitializeNPagedLookasideList
ExAcquireFastMutex
KeSetEvent
ExpInterlockedPushEntrySList
KeInitializeEvent
KeReleaseSpinLock
ExpInterlockedPopEntrySList
KeReleaseSpinLockFromDpcLevel
ExFreePoolWithTag
ExDeletePagedLookasideList
PsCreateSystemThread
PsTerminateSystemThread
ExAcquireResourceSharedLite
ExReleaseResourceLite
ExQueryDepthSList
ObReferenceObjectByHandle
KeWaitForSingleObject
ExDeleteResourceLite
ExInitializePagedLookasideList
ObfDereferenceObject
ExInitializeResourceLite
KeWaitForMultipleObjects
KeAcquireSpinLockAtDpcLevel
ExDeleteNPagedLookasideList
KeAcquireSpinLockRaiseToDpc
IoGetDeviceObjectPointer
KeInitializeDpc
KeInitializeTimer
ZwCreateFile
KeSetTimer
KeCancelTimer
ZwWriteFile
ZwSetInformationFile
_stricmp
KeDelayExecutionThread
RtlHashUnicodeString
IoWMIRegistrationControl
ExAllocatePoolWithTag
RtlCompressBuffer
RtlDecompressBuffer
RtlGetCompressionWorkSpaceSize
ZwReadFile
ZwQueryInformationFile
ZwOpenKey
IoBuildDeviceIoControlRequest

hal

KeStallExecutionProcessor
KeQueryPerformanceCounter

Sections

.text
Size: 282KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sounds/Drivers/NNSProt/WVista/NNSProt.sys
.exe windows x64

13c15b2e7214bade09bbfaea21baf890

Code Sign

33:00:00:00:dc:34:1a:52:0f:bb:cf:3d:8c:00:00:00:00:00:dc
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10-03-2022 19:58

Not After

08-03-2023 19:58

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18-04-2012 23:48

Not After

18-04-2027 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:85:df:b2:66:16:5f:52:02:5e:7a:5b:14:97:f4:7d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-01-2021 00:00

Not After

23-01-2024 23:59

Subject

SERIALNUMBER=602 715 217,CN=WatchGuard Technologies\, Inc.,O=WatchGuard Technologies\, Inc.,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a57617368696e67746f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6b:8a:ca:9d:e3:02:eb:34:59:30:9d:a8:ca:c8:ed:1f:8f:71:54:7d:fe:7c:98:b2:16:88:b7:63:27:9d:61:ef
Signer

Actual PE Digest

6b:8a:ca:9d:e3:02:eb:34:59:30:9d:a8:ca:c8:ed:1f:8f:71:54:7d:fe:7c:98:b2:16:88:b7:63:27:9d:61:ef

Digest Algorithm

sha256

PE Digest Matches

true

6b:8a:ca:9d:e3:02:eb:34:59:30:9d:a8:ca:c8:ed:1f:8f:71:54:7d:fe:7c:98:b2:16:88:b7:63:27:9d:61:ef
Signer

Actual PE Digest

6b:8a:ca:9d:e3:02:eb:34:59:30:9d:a8:ca:c8:ed:1f:8f:71:54:7d:fe:7c:98:b2:16:88:b7:63:27:9d:61:ef

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoWMIWriteEvent
RtlInitUnicodeString
MmGetSystemRoutineAddress
RtlCompareMemory
IofCallDriver
ExSystemTimeToLocalTime
RtlTimeToTimeFields
_wcsicmp
KeLeaveCriticalRegion
KeEnterCriticalRegion
RtlTimeFieldsToTime
ZwCreateKey
ZwSetValueKey
ZwQueryValueKey
ZwClose
KeBugCheckEx
RtlAnsiCharToUnicodeChar
RtlUnicodeToMultiByteN
ExAcquireResourceExclusiveLite
KeClearEvent
KeResetEvent
ExReleaseFastMutex
ExInitializeNPagedLookasideList
ExAcquireFastMutex
KeSetEvent
ExpInterlockedPushEntrySList
KeInitializeEvent
KeReleaseSpinLock
ExpInterlockedPopEntrySList
KeReleaseSpinLockFromDpcLevel
ExFreePoolWithTag
ExDeletePagedLookasideList
PsCreateSystemThread
PsTerminateSystemThread
ExAcquireResourceSharedLite
ExReleaseResourceLite
ExQueryDepthSList
ObReferenceObjectByHandle
KeWaitForSingleObject
ExDeleteResourceLite
ExInitializePagedLookasideList
ObfDereferenceObject
ExInitializeResourceLite
KeWaitForMultipleObjects
KeAcquireSpinLockAtDpcLevel
ExDeleteNPagedLookasideList
KeAcquireSpinLockRaiseToDpc
IoGetDeviceObjectPointer
KeInitializeDpc
KeInitializeTimer
ZwCreateFile
KeSetTimer
KeCancelTimer
ZwWriteFile
ZwSetInformationFile
_stricmp
KeDelayExecutionThread
RtlHashUnicodeString
IoWMIRegistrationControl
ExAllocatePoolWithTag
RtlCompressBuffer
RtlDecompressBuffer
RtlGetCompressionWorkSpaceSize
ZwReadFile
ZwQueryInformationFile
ZwOpenKey
IoBuildDeviceIoControlRequest

hal

KeStallExecutionProcessor
KeQueryPerformanceCounter

Sections

.text
Size: 282KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sounds/Drivers/NNSProt/WVista/nnsprot.cat
Sounds/Drivers/NNSProt/WVista/nnsprot.inf
Sounds/Drivers/NNSProt/nnsprot.cat
Sounds/Drivers/NNSProt/nnsprot.inf
Sounds/Drivers/NNSPrv/NNSPrv.sys
.exe windows x64

6dcf2c1e3e5c4bf7c6d1e89ab77e01e6

Code Sign

01:85:df:b2:66:16:5f:52:02:5e:7a:5b:14:97:f4:7d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-01-2021 00:00

Not After

23-01-2024 23:59

Subject

SERIALNUMBER=602 715 217,CN=WatchGuard Technologies\, Inc.,O=WatchGuard Technologies\, Inc.,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a57617368696e67746f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:57:ee:4d:65:9a:92:3e:7c:10:00:00:00:00:00:57
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-06-2022 18:08

Not After

01-06-2023 18:08

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-10-2014 20:31

Not After

15-10-2029 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ca:86:0b:2d:a8:68:50:16:50:df:61:f0:7c:36:89:96:b4:f3:bf:a7:a6:af:27:5a:11:91:9e:cd:0d:82:e0:7f
Signer

Actual PE Digest

ca:86:0b:2d:a8:68:50:16:50:df:61:f0:7c:36:89:96:b4:f3:bf:a7:a6:af:27:5a:11:91:9e:cd:0d:82:e0:7f

Digest Algorithm

sha256

PE Digest Matches

true

ca:86:0b:2d:a8:68:50:16:50:df:61:f0:7c:36:89:96:b4:f3:bf:a7:a6:af:27:5a:11:91:9e:cd:0d:82:e0:7f
Signer

Actual PE Digest

ca:86:0b:2d:a8:68:50:16:50:df:61:f0:7c:36:89:96:b4:f3:bf:a7:a6:af:27:5a:11:91:9e:cd:0d:82:e0:7f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoDeleteDevice
MmGetSystemRoutineAddress
ZwClose
IofCompleteRequest
RtlCompareMemory
IoCreateDevice
IofCallDriver
KeDelayExecutionThread
PsCreateSystemThread
_wcsnicmp
RtlUnicodeStringToInteger
_stricmp
RtlInitUnicodeString
KeLeaveCriticalRegion
RtlTimeToSecondsSince1970
KeSetEvent
KeInitializeEvent
KeEnterCriticalRegion
ZwWaitForSingleObject
PsTerminateSystemThread
KeWaitForSingleObject
_strnicmp
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
ObfDereferenceObject
KeBugCheckEx
KeResetEvent
IoWMIWriteEvent
RtlAnsiCharToUnicodeChar
RtlUnicodeToMultiByteN
ExAcquireResourceExclusiveLite
KeClearEvent
ExReleaseFastMutex
ExFreePoolWithTag
ExAcquireFastMutex
ExpInterlockedPushEntrySList
KeReleaseSpinLock
ExpInterlockedPopEntrySList
KeReleaseSpinLockFromDpcLevel
ExDeletePagedLookasideList
ExAcquireResourceSharedLite
ExReleaseResourceLite
ExQueryDepthSList
ObReferenceObjectByHandle
ExDeleteResourceLite
ExInitializePagedLookasideList
ExInitializeResourceLite
KeWaitForMultipleObjects
KeAcquireSpinLockAtDpcLevel
ExDeleteNPagedLookasideList
KeAcquireSpinLockRaiseToDpc
KeSetPriorityThread
KeQueryPriorityThread
KeInitializeDpc
KeInitializeTimer
ZwCreateFile
KeSetTimer
KeCancelTimer
ZwWriteFile
ZwSetInformationFile
VerSetConditionMask
RtlGetVersion
RtlVerifyVersionInfo
isdigit
strncmp
IoWMIRegistrationControl
ExInitializeNPagedLookasideList
ExAllocatePoolWithTag

ndis.sys

NdisGetDataBuffer

hal

KeStallExecutionProcessor
KeQueryPerformanceCounter

Sections

.text
Size: 426KB - Virtual size: 425KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sounds/Drivers/NNSPrv/WVista/NNSPrv.sys
.exe windows x64

6dcf2c1e3e5c4bf7c6d1e89ab77e01e6

Code Sign

33:00:00:00:dc:34:1a:52:0f:bb:cf:3d:8c:00:00:00:00:00:dc
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10-03-2022 19:58

Not After

08-03-2023 19:58

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18-04-2012 23:48

Not After

18-04-2027 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:85:df:b2:66:16:5f:52:02:5e:7a:5b:14:97:f4:7d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-01-2021 00:00

Not After

23-01-2024 23:59

Subject

SERIALNUMBER=602 715 217,CN=WatchGuard Technologies\, Inc.,O=WatchGuard Technologies\, Inc.,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a57617368696e67746f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ca:86:0b:2d:a8:68:50:16:50:df:61:f0:7c:36:89:96:b4:f3:bf:a7:a6:af:27:5a:11:91:9e:cd:0d:82:e0:7f
Signer

Actual PE Digest

ca:86:0b:2d:a8:68:50:16:50:df:61:f0:7c:36:89:96:b4:f3:bf:a7:a6:af:27:5a:11:91:9e:cd:0d:82:e0:7f

Digest Algorithm

sha256

PE Digest Matches

true

ca:86:0b:2d:a8:68:50:16:50:df:61:f0:7c:36:89:96:b4:f3:bf:a7:a6:af:27:5a:11:91:9e:cd:0d:82:e0:7f
Signer

Actual PE Digest

ca:86:0b:2d:a8:68:50:16:50:df:61:f0:7c:36:89:96:b4:f3:bf:a7:a6:af:27:5a:11:91:9e:cd:0d:82:e0:7f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoDeleteDevice
MmGetSystemRoutineAddress
ZwClose
IofCompleteRequest
RtlCompareMemory
IoCreateDevice
IofCallDriver
KeDelayExecutionThread
PsCreateSystemThread
_wcsnicmp
RtlUnicodeStringToInteger
_stricmp
RtlInitUnicodeString
KeLeaveCriticalRegion
RtlTimeToSecondsSince1970
KeSetEvent
KeInitializeEvent
KeEnterCriticalRegion
ZwWaitForSingleObject
PsTerminateSystemThread
KeWaitForSingleObject
_strnicmp
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
ObfDereferenceObject
KeBugCheckEx
KeResetEvent
IoWMIWriteEvent
RtlAnsiCharToUnicodeChar
RtlUnicodeToMultiByteN
ExAcquireResourceExclusiveLite
KeClearEvent
ExReleaseFastMutex
ExFreePoolWithTag
ExAcquireFastMutex
ExpInterlockedPushEntrySList
KeReleaseSpinLock
ExpInterlockedPopEntrySList
KeReleaseSpinLockFromDpcLevel
ExDeletePagedLookasideList
ExAcquireResourceSharedLite
ExReleaseResourceLite
ExQueryDepthSList
ObReferenceObjectByHandle
ExDeleteResourceLite
ExInitializePagedLookasideList
ExInitializeResourceLite
KeWaitForMultipleObjects
KeAcquireSpinLockAtDpcLevel
ExDeleteNPagedLookasideList
KeAcquireSpinLockRaiseToDpc
KeSetPriorityThread
KeQueryPriorityThread
KeInitializeDpc
KeInitializeTimer
ZwCreateFile
KeSetTimer
KeCancelTimer
ZwWriteFile
ZwSetInformationFile
VerSetConditionMask
RtlGetVersion
RtlVerifyVersionInfo
isdigit
strncmp
IoWMIRegistrationControl
ExInitializeNPagedLookasideList
ExAllocatePoolWithTag

ndis.sys

NdisGetDataBuffer

hal

KeStallExecutionProcessor
KeQueryPerformanceCounter

Sections

.text
Size: 426KB - Virtual size: 425KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sounds/Drivers/NNSPrv/WVista/nnsprv.cat
Sounds/Drivers/NNSPrv/WVista/nnsprv.inf
Sounds/Drivers/NNSPrv/nnsprv.cat
Sounds/Drivers/NNSPrv/nnsprv.inf
Sounds/Drivers/NNSSmtp/NNSSmtp.sys
.exe windows x64

845ffbe5f11184e098e19cb40914fae7

Code Sign

01:85:df:b2:66:16:5f:52:02:5e:7a:5b:14:97:f4:7d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-01-2021 00:00

Not After

23-01-2024 23:59

Subject

SERIALNUMBER=602 715 217,CN=WatchGuard Technologies\, Inc.,O=WatchGuard Technologies\, Inc.,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a57617368696e67746f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:57:ee:4d:65:9a:92:3e:7c:10:00:00:00:00:00:57
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-06-2022 18:08

Not After

01-06-2023 18:08

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-10-2014 20:31

Not After

15-10-2029 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8b:06:85:98:3b:75:28:02:d6:91:6b:95:9b:77:ea:16:f4:0d:a3:b7:b6:dd:ca:81:a2:ba:d7:81:36:7f:a9:ba
Signer

Actual PE Digest

8b:06:85:98:3b:75:28:02:d6:91:6b:95:9b:77:ea:16:f4:0d:a3:b7:b6:dd:ca:81:a2:ba:d7:81:36:7f:a9:ba

Digest Algorithm

sha256

PE Digest Matches

true

8b:06:85:98:3b:75:28:02:d6:91:6b:95:9b:77:ea:16:f4:0d:a3:b7:b6:dd:ca:81:a2:ba:d7:81:36:7f:a9:ba
Signer

Actual PE Digest

8b:06:85:98:3b:75:28:02:d6:91:6b:95:9b:77:ea:16:f4:0d:a3:b7:b6:dd:ca:81:a2:ba:d7:81:36:7f:a9:ba

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoWMIRegistrationControl
IoBuildDeviceIoControlRequest
ExFreePoolWithTag
IoWMIWriteEvent
RtlInitUnicodeString
IoDeleteDevice
MmGetSystemRoutineAddress
IoGetDeviceObjectPointer
IofCompleteRequest
RtlCompareMemory
ObfDereferenceObject
IoCreateDevice
IofCallDriver
KeBugCheckEx
ExAcquireResourceExclusiveLite
KeClearEvent
KeResetEvent
ExReleaseFastMutex
KeLeaveCriticalRegion
ExAcquireFastMutex
KeSetEvent
KeInitializeEvent
KeReleaseSpinLock
KeReleaseSpinLockFromDpcLevel
KeEnterCriticalRegion
PsCreateSystemThread
PsTerminateSystemThread
ExAcquireResourceSharedLite
ExReleaseResourceLite
ZwClose
ObReferenceObjectByHandle
KeWaitForSingleObject
ExDeleteResourceLite
ExInitializeResourceLite
KeWaitForMultipleObjects
KeAcquireSpinLockAtDpcLevel
KeAcquireSpinLockRaiseToDpc

Sections

.text
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sounds/Drivers/NNSSmtp/WVista/NNSSmtp.sys
.exe windows x64

845ffbe5f11184e098e19cb40914fae7

Code Sign

33:00:00:00:dc:34:1a:52:0f:bb:cf:3d:8c:00:00:00:00:00:dc
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10-03-2022 19:58

Not After

08-03-2023 19:58

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18-04-2012 23:48

Not After

18-04-2027 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:85:df:b2:66:16:5f:52:02:5e:7a:5b:14:97:f4:7d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-01-2021 00:00

Not After

23-01-2024 23:59

Subject

SERIALNUMBER=602 715 217,CN=WatchGuard Technologies\, Inc.,O=WatchGuard Technologies\, Inc.,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a57617368696e67746f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8b:06:85:98:3b:75:28:02:d6:91:6b:95:9b:77:ea:16:f4:0d:a3:b7:b6:dd:ca:81:a2:ba:d7:81:36:7f:a9:ba
Signer

Actual PE Digest

8b:06:85:98:3b:75:28:02:d6:91:6b:95:9b:77:ea:16:f4:0d:a3:b7:b6:dd:ca:81:a2:ba:d7:81:36:7f:a9:ba

Digest Algorithm

sha256

PE Digest Matches

true

8b:06:85:98:3b:75:28:02:d6:91:6b:95:9b:77:ea:16:f4:0d:a3:b7:b6:dd:ca:81:a2:ba:d7:81:36:7f:a9:ba
Signer

Actual PE Digest

8b:06:85:98:3b:75:28:02:d6:91:6b:95:9b:77:ea:16:f4:0d:a3:b7:b6:dd:ca:81:a2:ba:d7:81:36:7f:a9:ba

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoWMIRegistrationControl
IoBuildDeviceIoControlRequest
ExFreePoolWithTag
IoWMIWriteEvent
RtlInitUnicodeString
IoDeleteDevice
MmGetSystemRoutineAddress
IoGetDeviceObjectPointer
IofCompleteRequest
RtlCompareMemory
ObfDereferenceObject
IoCreateDevice
IofCallDriver
KeBugCheckEx
ExAcquireResourceExclusiveLite
KeClearEvent
KeResetEvent
ExReleaseFastMutex
KeLeaveCriticalRegion
ExAcquireFastMutex
KeSetEvent
KeInitializeEvent
KeReleaseSpinLock
KeReleaseSpinLockFromDpcLevel
KeEnterCriticalRegion
PsCreateSystemThread
PsTerminateSystemThread
ExAcquireResourceSharedLite
ExReleaseResourceLite
ZwClose
ObReferenceObjectByHandle
KeWaitForSingleObject
ExDeleteResourceLite
ExInitializeResourceLite
KeWaitForMultipleObjects
KeAcquireSpinLockAtDpcLevel
KeAcquireSpinLockRaiseToDpc

Sections

.text
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sounds/Drivers/NNSSmtp/WVista/nnssmtp.cat
Sounds/Drivers/NNSSmtp/WVista/nnssmtp.inf
Sounds/Drivers/NNSSmtp/nnssmtp.cat
Sounds/Drivers/NNSSmtp/nnssmtp.inf
Sounds/Drivers/NNSStrm/NNSStrm.sys
.exe windows x64

fd3f2d21cdb0b4772868cc73b4e5ba05

Code Sign

01:85:df:b2:66:16:5f:52:02:5e:7a:5b:14:97:f4:7d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-01-2021 00:00

Not After

23-01-2024 23:59

Subject

SERIALNUMBER=602 715 217,CN=WatchGuard Technologies\, Inc.,O=WatchGuard Technologies\, Inc.,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a57617368696e67746f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:57:ee:4d:65:9a:92:3e:7c:10:00:00:00:00:00:57
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-06-2022 18:08

Not After

01-06-2023 18:08

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-10-2014 20:31

Not After

15-10-2029 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f0:1b:d3:7e:d4:06:b2:50:22:ad:9e:f5:c6:87:9e:85:99:3c:c9:3b:39:6a:c5:e9:2b:fd:fd:95:be:c3:77:92
Signer

Actual PE Digest

f0:1b:d3:7e:d4:06:b2:50:22:ad:9e:f5:c6:87:9e:85:99:3c:c9:3b:39:6a:c5:e9:2b:fd:fd:95:be:c3:77:92

Digest Algorithm

sha256

PE Digest Matches

true

f0:1b:d3:7e:d4:06:b2:50:22:ad:9e:f5:c6:87:9e:85:99:3c:c9:3b:39:6a:c5:e9:2b:fd:fd:95:be:c3:77:92
Signer

Actual PE Digest

f0:1b:d3:7e:d4:06:b2:50:22:ad:9e:f5:c6:87:9e:85:99:3c:c9:3b:39:6a:c5:e9:2b:fd:fd:95:be:c3:77:92

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExFreePoolWithTag
IoWMIWriteEvent
KeInitializeMutex
RtlInitUnicodeString
IoDeleteDevice
MmGetSystemRoutineAddress
IoGetDeviceObjectPointer
IofCompleteRequest
RtlCompareMemory
ObfDereferenceObject
IoCreateDevice
IofCallDriver
KeReleaseMutex
KeWaitForSingleObject
KeDelayExecutionThread
KeLeaveCriticalRegion
KeEnterCriticalRegion
KeBugCheckEx
RtlAnsiCharToUnicodeChar
RtlUnicodeToMultiByteN
ExAcquireResourceExclusiveLite
KeClearEvent
KeResetEvent
ExReleaseFastMutex
ExInitializeNPagedLookasideList
ExAcquireFastMutex
KeSetEvent
ExpInterlockedPushEntrySList
KeInitializeEvent
KeReleaseSpinLock
ExpInterlockedPopEntrySList
KeReleaseSpinLockFromDpcLevel
IoBuildDeviceIoControlRequest
ExDeletePagedLookasideList
PsCreateSystemThread
PsTerminateSystemThread
ExAcquireResourceSharedLite
ExReleaseResourceLite
ZwClose
ExQueryDepthSList
ObReferenceObjectByHandle
ExDeleteResourceLite
ExInitializePagedLookasideList
ExInitializeResourceLite
KeWaitForMultipleObjects
KeAcquireSpinLockAtDpcLevel
ExDeleteNPagedLookasideList
KeAcquireSpinLockRaiseToDpc
KeInitializeDpc
KeInitializeTimer
KeSetTimer
KeCancelTimer
IoWMIRegistrationControl
ExAllocatePoolWithTag
__C_specific_handler

hal

KeStallExecutionProcessor
KeQueryPerformanceCounter

Sections

.text
Size: 285KB - Virtual size: 285KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sounds/Drivers/NNSStrm/WVista/NNSStrm.sys
.exe windows x64

fd3f2d21cdb0b4772868cc73b4e5ba05

Code Sign

33:00:00:00:dc:34:1a:52:0f:bb:cf:3d:8c:00:00:00:00:00:dc
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10-03-2022 19:58

Not After

08-03-2023 19:58

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18-04-2012 23:48

Not After

18-04-2027 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:85:df:b2:66:16:5f:52:02:5e:7a:5b:14:97:f4:7d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-01-2021 00:00

Not After

23-01-2024 23:59

Subject

SERIALNUMBER=602 715 217,CN=WatchGuard Technologies\, Inc.,O=WatchGuard Technologies\, Inc.,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a57617368696e67746f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f0:1b:d3:7e:d4:06:b2:50:22:ad:9e:f5:c6:87:9e:85:99:3c:c9:3b:39:6a:c5:e9:2b:fd:fd:95:be:c3:77:92
Signer

Actual PE Digest

f0:1b:d3:7e:d4:06:b2:50:22:ad:9e:f5:c6:87:9e:85:99:3c:c9:3b:39:6a:c5:e9:2b:fd:fd:95:be:c3:77:92

Digest Algorithm

sha256

PE Digest Matches

true

f0:1b:d3:7e:d4:06:b2:50:22:ad:9e:f5:c6:87:9e:85:99:3c:c9:3b:39:6a:c5:e9:2b:fd:fd:95:be:c3:77:92
Signer

Actual PE Digest

f0:1b:d3:7e:d4:06:b2:50:22:ad:9e:f5:c6:87:9e:85:99:3c:c9:3b:39:6a:c5:e9:2b:fd:fd:95:be:c3:77:92

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExFreePoolWithTag
IoWMIWriteEvent
KeInitializeMutex
RtlInitUnicodeString
IoDeleteDevice
MmGetSystemRoutineAddress
IoGetDeviceObjectPointer
IofCompleteRequest
RtlCompareMemory
ObfDereferenceObject
IoCreateDevice
IofCallDriver
KeReleaseMutex
KeWaitForSingleObject
KeDelayExecutionThread
KeLeaveCriticalRegion
KeEnterCriticalRegion
KeBugCheckEx
RtlAnsiCharToUnicodeChar
RtlUnicodeToMultiByteN
ExAcquireResourceExclusiveLite
KeClearEvent
KeResetEvent
ExReleaseFastMutex
ExInitializeNPagedLookasideList
ExAcquireFastMutex
KeSetEvent
ExpInterlockedPushEntrySList
KeInitializeEvent
KeReleaseSpinLock
ExpInterlockedPopEntrySList
KeReleaseSpinLockFromDpcLevel
IoBuildDeviceIoControlRequest
ExDeletePagedLookasideList
PsCreateSystemThread
PsTerminateSystemThread
ExAcquireResourceSharedLite
ExReleaseResourceLite
ZwClose
ExQueryDepthSList
ObReferenceObjectByHandle
ExDeleteResourceLite
ExInitializePagedLookasideList
ExInitializeResourceLite
KeWaitForMultipleObjects
KeAcquireSpinLockAtDpcLevel
ExDeleteNPagedLookasideList
KeAcquireSpinLockRaiseToDpc
KeInitializeDpc
KeInitializeTimer
KeSetTimer
KeCancelTimer
IoWMIRegistrationControl
ExAllocatePoolWithTag
__C_specific_handler

hal

KeStallExecutionProcessor
KeQueryPerformanceCounter

Sections

.text
Size: 285KB - Virtual size: 285KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sounds/Drivers/NNSStrm/WVista/nnsstrm.cat
Sounds/Drivers/NNSStrm/WVista/nnsstrm.inf
Sounds/Drivers/NNSStrm/nnsstrm.cat
Sounds/Drivers/NNSStrm/nnsstrm.inf
Sounds/Drivers/NNSpicc/NNSpicc.sys
.exe windows x64

eef0bee7d47d01fe22d3d1083ecb12f1

Code Sign

01:85:df:b2:66:16:5f:52:02:5e:7a:5b:14:97:f4:7d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-01-2021 00:00

Not After

23-01-2024 23:59

Subject

SERIALNUMBER=602 715 217,CN=WatchGuard Technologies\, Inc.,O=WatchGuard Technologies\, Inc.,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a57617368696e67746f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:57:ee:4d:65:9a:92:3e:7c:10:00:00:00:00:00:57
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-06-2022 18:08

Not After

01-06-2023 18:08

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-10-2014 20:31

Not After

15-10-2029 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c7:ce:9b:6c:f0:79:91:a1:d6:de:23:3d:65:27:96:48:39:f8:35:14:5a:6a:a2:a5:79:de:16:75:89:fe:93:3f
Signer

Actual PE Digest

c7:ce:9b:6c:f0:79:91:a1:d6:de:23:3d:65:27:96:48:39:f8:35:14:5a:6a:a2:a5:79:de:16:75:89:fe:93:3f

Digest Algorithm

sha256

PE Digest Matches

true

c7:ce:9b:6c:f0:79:91:a1:d6:de:23:3d:65:27:96:48:39:f8:35:14:5a:6a:a2:a5:79:de:16:75:89:fe:93:3f
Signer

Actual PE Digest

c7:ce:9b:6c:f0:79:91:a1:d6:de:23:3d:65:27:96:48:39:f8:35:14:5a:6a:a2:a5:79:de:16:75:89:fe:93:3f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExFreePoolWithTag
IoWMIWriteEvent
KeLeaveCriticalRegion
RtlInitUnicodeString
IoDeleteDevice
MmGetSystemRoutineAddress
KeInitializeEvent
KeEnterCriticalRegion
IoGetDeviceObjectPointer
ZwQueryValueKey
ZwClose
IofCompleteRequest
KeWaitForSingleObject
RtlCompareMemory
ObfDereferenceObject
IoCreateDevice
IofCallDriver
ZwOpenKey
RtlUnicodeStringToInteger
_wcsicmp
wcsrchr
KeBugCheckEx
RtlAnsiCharToUnicodeChar
RtlUnicodeToMultiByteN
ExAcquireResourceExclusiveLite
KeClearEvent
KeResetEvent
ExReleaseFastMutex
ExInitializeNPagedLookasideList
ExAcquireFastMutex
KeSetEvent
ExpInterlockedPushEntrySList
KeReleaseSpinLock
IoBuildDeviceIoControlRequest
KeReleaseSpinLockFromDpcLevel
ExDeletePagedLookasideList
PsCreateSystemThread
PsTerminateSystemThread
ExAcquireResourceSharedLite
ExReleaseResourceLite
ExQueryDepthSList
ObReferenceObjectByHandle
ExDeleteResourceLite
ExInitializePagedLookasideList
ExInitializeResourceLite
KeWaitForMultipleObjects
KeAcquireSpinLockAtDpcLevel
ExDeleteNPagedLookasideList
KeAcquireSpinLockRaiseToDpc
KeInitializeDpc
KeInitializeTimer
KeSetTimer
KeCancelTimer
tolower
KeDelayExecutionThread
IoWMIRegistrationControl
ExpInterlockedPopEntrySList
ExAllocatePoolWithTag

hal

KeStallExecutionProcessor
KeQueryPerformanceCounter

Sections

.text
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sounds/Drivers/NNSpicc/WVista/NNSpicc.sys
.exe windows x64

eef0bee7d47d01fe22d3d1083ecb12f1

Code Sign

33:00:00:00:dc:34:1a:52:0f:bb:cf:3d:8c:00:00:00:00:00:dc
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10-03-2022 19:58

Not After

08-03-2023 19:58

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18-04-2012 23:48

Not After

18-04-2027 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:85:df:b2:66:16:5f:52:02:5e:7a:5b:14:97:f4:7d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-01-2021 00:00

Not After

23-01-2024 23:59

Subject

SERIALNUMBER=602 715 217,CN=WatchGuard Technologies\, Inc.,O=WatchGuard Technologies\, Inc.,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a57617368696e67746f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c7:ce:9b:6c:f0:79:91:a1:d6:de:23:3d:65:27:96:48:39:f8:35:14:5a:6a:a2:a5:79:de:16:75:89:fe:93:3f
Signer

Actual PE Digest

c7:ce:9b:6c:f0:79:91:a1:d6:de:23:3d:65:27:96:48:39:f8:35:14:5a:6a:a2:a5:79:de:16:75:89:fe:93:3f

Digest Algorithm

sha256

PE Digest Matches

true

c7:ce:9b:6c:f0:79:91:a1:d6:de:23:3d:65:27:96:48:39:f8:35:14:5a:6a:a2:a5:79:de:16:75:89:fe:93:3f
Signer

Actual PE Digest

c7:ce:9b:6c:f0:79:91:a1:d6:de:23:3d:65:27:96:48:39:f8:35:14:5a:6a:a2:a5:79:de:16:75:89:fe:93:3f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExFreePoolWithTag
IoWMIWriteEvent
KeLeaveCriticalRegion
RtlInitUnicodeString
IoDeleteDevice
MmGetSystemRoutineAddress
KeInitializeEvent
KeEnterCriticalRegion
IoGetDeviceObjectPointer
ZwQueryValueKey
ZwClose
IofCompleteRequest
KeWaitForSingleObject
RtlCompareMemory
ObfDereferenceObject
IoCreateDevice
IofCallDriver
ZwOpenKey
RtlUnicodeStringToInteger
_wcsicmp
wcsrchr
KeBugCheckEx
RtlAnsiCharToUnicodeChar
RtlUnicodeToMultiByteN
ExAcquireResourceExclusiveLite
KeClearEvent
KeResetEvent
ExReleaseFastMutex
ExInitializeNPagedLookasideList
ExAcquireFastMutex
KeSetEvent
ExpInterlockedPushEntrySList
KeReleaseSpinLock
IoBuildDeviceIoControlRequest
KeReleaseSpinLockFromDpcLevel
ExDeletePagedLookasideList
PsCreateSystemThread
PsTerminateSystemThread
ExAcquireResourceSharedLite
ExReleaseResourceLite
ExQueryDepthSList
ObReferenceObjectByHandle
ExDeleteResourceLite
ExInitializePagedLookasideList
ExInitializeResourceLite
KeWaitForMultipleObjects
KeAcquireSpinLockAtDpcLevel
ExDeleteNPagedLookasideList
KeAcquireSpinLockRaiseToDpc
KeInitializeDpc
KeInitializeTimer
KeSetTimer
KeCancelTimer
tolower
KeDelayExecutionThread
IoWMIRegistrationControl
ExpInterlockedPopEntrySList
ExAllocatePoolWithTag

hal

KeStallExecutionProcessor
KeQueryPerformanceCounter

Sections

.text
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sounds/Drivers/NNSpicc/WVista/nnspicc.cat
Sounds/Drivers/NNSpicc/WVista/nnspicc.inf
Sounds/Drivers/NNSpicc/nnspicc.cat
Sounds/Drivers/NNSpicc/nnspicc.inf
Sounds/Drivers/PSINDvct/W10/PSINDVCT.cat
Sounds/Drivers/PSINDvct/W10/PSINDvct.inf
Sounds/Drivers/PSINDvct/W10/PSINDvct.sys
.exe windows x64

f399d42f96818bdb5d318e50c3ca1497

Code Sign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 19:55

Not After

15-04-2021 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

54:f1:68:c3:c1:0a:96:49:a2:cc:00:79
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

18-12-2017 12:29

Not After

27-01-2021 15:16

Subject

SERIALNUMBER=B48435218,CN=Panda Security S.L.,O=Panda Security S.L.,STREET=SANTIAGO DE COMPOSTELA 12,L=Bilbao,ST=Bizkaia,C=ES,1.3.6.1.4.1.311.60.2.1.3=#13024553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19-02-2018 00:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:3a:6a:e3:33:70:8f:da:7a:7b:00:00:00:00:00:3a
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-03-2020 17:31

Not After

05-03-2021 17:31

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-10-2014 20:31

Not After

15-10-2029 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5e:06:be:a3:96:ce:0a:8c:97:b7:0b:de:41:d5:2e:b4:88:e0:5b:21:46:d7:65:2f:e5:8e:12:0b:09:80:28:ff
Signer

Actual PE Digest

5e:06:be:a3:96:ce:0a:8c:97:b7:0b:de:41:d5:2e:b4:88:e0:5b:21:46:d7:65:2f:e5:8e:12:0b:09:80:28:ff

Digest Algorithm

sha256

PE Digest Matches

true

5e:06:be:a3:96:ce:0a:8c:97:b7:0b:de:41:d5:2e:b4:88:e0:5b:21:46:d7:65:2f:e5:8e:12:0b:09:80:28:ff
Signer

Actual PE Digest

5e:06:be:a3:96:ce:0a:8c:97:b7:0b:de:41:d5:2e:b4:88:e0:5b:21:46:d7:65:2f:e5:8e:12:0b:09:80:28:ff

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoWMIRegistrationControl
ExFreePoolWithTag
IoWMIWriteEvent
KeLeaveCriticalRegion
IoSetHardErrorOrVerifyDevice
RtlInitUnicodeString
IoDeleteDevice
KeSetEvent
ExNotifyCallback
MmGetSystemRoutineAddress
KeInitializeEvent
RtlGetVersion
IoReleaseRemoveLockEx
IoDetachDevice
KeEnterCriticalRegion
KeDelayExecutionThread
RtlFreeUnicodeString
PsCreateSystemThread
InitSafeBootMode
PoStartNextPowerIrp
ZwClose
IofCompleteRequest
IoReleaseRemoveLockAndWaitEx
KeWaitForSingleObject
IoGetAttachedDeviceReference
IoAttachDeviceToDeviceStack
PoCallDriver
RtlCompareUnicodeString
RtlCompareMemory
ObfDereferenceObject
IoInitializeRemoveLockEx
IoCreateDevice
ExCreateCallback
DbgPrint
IofCallDriver
ExAcquireResourceExclusiveLite
ZwCreateKey
RtlCreateUnicodeString
RtlUpcaseUnicodeString
ExInitializeNPagedLookasideList
IoBuildSynchronousFsdRequest
wcsncpy
ExpInterlockedPushEntrySList
IoAcquireRemoveLockEx
ZwSetValueKey
ExpInterlockedPopEntrySList
ObQueryNameString
wcsrchr
wcsstr
IoGetDeviceObjectPointer
ZwQueryValueKey
RtlGUIDFromString
ExReleaseResourceLite
ExQueryDepthSList
ObReferenceObjectByHandle
IoGetDeviceInterfaces
ExDeleteResourceLite
_wcsupr
IoOpenDeviceRegistryKey
ExInitializeResourceLite
IoGetDeviceProperty
ObOpenObjectByPointer
ExDeleteNPagedLookasideList
RtlLengthSid
ZwOpenKey
PsGetCurrentThreadId
PsGetCurrentProcessId
RtlCopyUnicodeString
KeBugCheckEx
ZwSetSecurityObject
IoDeviceObjectType
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
wcschr
_wcsnicmp
RtlAddAccessAllowedAce
RtlGetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
MmHighestUserAddress
ExAllocatePoolWithTag
PsGetVersion
__C_specific_handler

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 246B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sounds/Drivers/PSINDvct/WVista/PSINDvct.inf
Sounds/Drivers/PSINDvct/WVista/PSINDvct.sys
.exe windows x64

f399d42f96818bdb5d318e50c3ca1497

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoWMIRegistrationControl
ExFreePoolWithTag
IoWMIWriteEvent
KeLeaveCriticalRegion
IoSetHardErrorOrVerifyDevice
RtlInitUnicodeString
IoDeleteDevice
KeSetEvent
ExNotifyCallback
MmGetSystemRoutineAddress
KeInitializeEvent
RtlGetVersion
IoReleaseRemoveLockEx
IoDetachDevice
KeEnterCriticalRegion
KeDelayExecutionThread
RtlFreeUnicodeString
PsCreateSystemThread
InitSafeBootMode
PoStartNextPowerIrp
ZwClose
IofCompleteRequest
IoReleaseRemoveLockAndWaitEx
KeWaitForSingleObject
IoGetAttachedDeviceReference
IoAttachDeviceToDeviceStack
PoCallDriver
RtlCompareUnicodeString
RtlCompareMemory
ObfDereferenceObject
IoInitializeRemoveLockEx
IoCreateDevice
ExCreateCallback
DbgPrint
IofCallDriver
ExAcquireResourceExclusiveLite
ZwCreateKey
RtlCreateUnicodeString
RtlUpcaseUnicodeString
ExInitializeNPagedLookasideList
IoBuildSynchronousFsdRequest
wcsncpy
ExpInterlockedPushEntrySList
IoAcquireRemoveLockEx
ZwSetValueKey
ExpInterlockedPopEntrySList
ObQueryNameString
wcsrchr
wcsstr
IoGetDeviceObjectPointer
ZwQueryValueKey
RtlGUIDFromString
ExReleaseResourceLite
ExQueryDepthSList
ObReferenceObjectByHandle
IoGetDeviceInterfaces
ExDeleteResourceLite
_wcsupr
IoOpenDeviceRegistryKey
ExInitializeResourceLite
IoGetDeviceProperty
ObOpenObjectByPointer
ExDeleteNPagedLookasideList
RtlLengthSid
ZwOpenKey
PsGetCurrentThreadId
PsGetCurrentProcessId
RtlCopyUnicodeString
KeBugCheckEx
ZwSetSecurityObject
IoDeviceObjectType
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
wcschr
_wcsnicmp
RtlAddAccessAllowedAce
RtlGetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
MmHighestUserAddress
ExAllocatePoolWithTag
PsGetVersion
__C_specific_handler

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 246B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sounds/Drivers/PSINDvct/WVista/psindvct.cat
Sounds/Drivers/W10/PSBoot.sys
.exe windows x64

ff7fc431c09ffd39de61c3d117f0bfa8

Code Sign

33:00:00:00:57:ee:4d:65:9a:92:3e:7c:10:00:00:00:00:00:57
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-06-2022 18:08

Not After

01-06-2023 18:08

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-10-2014 20:31

Not After

15-10-2029 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:85:df:b2:66:16:5f:52:02:5e:7a:5b:14:97:f4:7d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-01-2021 00:00

Not After

23-01-2024 23:59

Subject

SERIALNUMBER=602 715 217,CN=WatchGuard Technologies\, Inc.,O=WatchGuard Technologies\, Inc.,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a57617368696e67746f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

94:aa:ce:20:fd:45:53:2c:7d:2a:5a:b8:d3:a4:17:63:a9:f6:08:29:f2:c5:d9:f6:26:b1:e7:5a:bf:58:48:4f
Signer

Actual PE Digest

94:aa:ce:20:fd:45:53:2c:7d:2a:5a:b8:d3:a4:17:63:a9:f6:08:29:f2:c5:d9:f6:26:b1:e7:5a:bf:58:48:4f

Digest Algorithm

sha256

PE Digest Matches

true

94:aa:ce:20:fd:45:53:2c:7d:2a:5a:b8:d3:a4:17:63:a9:f6:08:29:f2:c5:d9:f6:26:b1:e7:5a:bf:58:48:4f
Signer

Actual PE Digest

94:aa:ce:20:fd:45:53:2c:7d:2a:5a:b8:d3:a4:17:63:a9:f6:08:29:f2:c5:d9:f6:26:b1:e7:5a:bf:58:48:4f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

_wcsicmp
ExAllocatePoolWithTag
ExFreePoolWithTag
ExSystemTimeToLocalTime
RtlTimeToTimeFields
DbgPrint
IoDeleteDevice
IoDetachDevice
ZwReadFile
RtlInitUnicodeString
NtQueryDirectoryFile
ZwSetInformationFile
ZwCreateFile
ZwClose
ZwDeleteFile
PsGetCurrentThreadId
ZwQueryInformationFile
ZwWriteFile
ExQueueWorkItem
RtlUnicodeStringToAnsiString
RtlCompareString
KeDelayExecutionThread
ObQueryNameString
IoGetDeviceObjectPointer
IofCompleteRequest
RtlFreeAnsiString
IoAttachDeviceToDeviceStack
PoCallDriver
ObfReferenceObject
ObfDereferenceObject
IoCreateDevice
IoRegisterFsRegistrationChange
IofCallDriver
_stricmp
strncmp
RtlAnsiStringToUnicodeString
ExInitializeNPagedLookasideList
ZwQuerySymbolicLinkObject
ExpInterlockedPushEntrySList
RtlAppendUnicodeToString
RtlInitAnsiString
RtlGetVersion
KeReleaseSpinLock
ExpInterlockedPopEntrySList
PsSetCreateProcessNotifyRoutine
ZwOpenSymbolicLinkObject
RtlFreeUnicodeString
strncpy
PsCreateSystemThread
IoGetCurrentProcess
RtlAppendUnicodeStringToString
ExQueryDepthSList
RtlCompareUnicodeString
CmRegisterCallback
RtlCopyUnicodeString
MmIsAddressValid
CmUnRegisterCallback
ExDeleteNPagedLookasideList
KeAcquireSpinLockRaiseToDpc
IoDeleteSymbolicLink
InitSafeBootMode
IoCreateSymbolicLink
ZwSetValueKey
ZwQueryValueKey
ZwOpenKey
KeBugCheckEx
__C_specific_handler

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sounds/Drivers/W10/pskmad.sys
.exe windows x64

fd6f187973877c1a6575a7291b30f617

Code Sign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 19:55

Not After

15-04-2021 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

54:f1:68:c3:c1:0a:96:49:a2:cc:00:79
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

18-12-2017 12:29

Not After

27-01-2021 15:16

Subject

SERIALNUMBER=B48435218,CN=Panda Security S.L.,O=Panda Security S.L.,STREET=SANTIAGO DE COMPOSTELA 12,L=Bilbao,ST=Bizkaia,C=ES,1.3.6.1.4.1.311.60.2.1.3=#13024553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19-02-2018 00:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:25:3a:27:38:69:0a:34:51:c1:00:00:00:00:00:25
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-09-2018 21:30

Not After

06-09-2019 21:30

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-10-2014 20:31

Not After

15-10-2029 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e9:c7:38:81:0c:8a:c5:8c:3d:bd:d8:1a:96:24:ac:79:b8:ca:f0:dc:d0:d4:3d:69:e7:c0:13:10:16:49:15:d1
Signer

Actual PE Digest

e9:c7:38:81:0c:8a:c5:8c:3d:bd:d8:1a:96:24:ac:79:b8:ca:f0:dc:d0:d4:3d:69:e7:c0:13:10:16:49:15:d1

Digest Algorithm

sha256

PE Digest Matches

true

e9:c7:38:81:0c:8a:c5:8c:3d:bd:d8:1a:96:24:ac:79:b8:ca:f0:dc:d0:d4:3d:69:e7:c0:13:10:16:49:15:d1
Signer

Actual PE Digest

e9:c7:38:81:0c:8a:c5:8c:3d:bd:d8:1a:96:24:ac:79:b8:ca:f0:dc:d0:d4:3d:69:e7:c0:13:10:16:49:15:d1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoWMIRegistrationControl
ExFreePoolWithTag
IoWMIWriteEvent
RtlInitUnicodeString
MmGetSystemRoutineAddress
IoGetCurrentProcess
IofCompleteRequest
RtlCompareMemory
sprintf
ZwCreateKey
ExInitializeNPagedLookasideList
IoDeleteDevice
RtlGetVersion
ZwQueryValueKey
ZwClose
RtlCharToInteger
IoCreateSymbolicLink
wcscspn
ExDeleteNPagedLookasideList
MmSystemRangeStart
MmUnmapLockedPages
PsProcessType
KeSetTargetProcessorDpc
KeQueryActiveProcessors
ZwFsControlFile
PsLookupProcessByProcessId
InitializeSListHead
ZwQuerySymbolicLinkObject
ZwSetEaFile
ZwReadFile
ZwMapViewOfSection
ExpInterlockedPushEntrySList
IoCreateFile
MmHighestUserAddress
KeInitializeDpc
KeAcquireQueuedSpinLock
ExpInterlockedPopEntrySList
KeReleaseQueuedSpinLock
MmUnmapIoSpace
MmBuildMdlForNonPagedPool
ZwOpenSymbolicLinkObject
IoFreeMdl
MmGetVirtualForPhysical
ZwSetInformationFile
KeDetachProcess
KeDelayExecutionThread
MmGetPhysicalAddress
ZwWaitForSingleObject
PsCreateSystemThread
MmMapLockedPagesSpecifyCache
ZwUnmapViewOfSection
ZwQueryDirectoryFile
PsTerminateSystemThread
MmIsDriverVerifying
MmMapIoSpace
KeInsertQueueDpc
ZwQueryEaFile
ZwQueryVolumeInformationFile
ObReferenceObjectByHandle
MmProbeAndLockPages
KeRevertToUserAffinityThread
RtlEnumerateGenericTableAvl
MmUnlockPages
PsGetCurrentProcessId
KeSetSystemAffinityThread
MmIsAddressValid
ObfDereferenceObject
ZwCreateSection
KeNumberProcessors
ZwQueryInformationFile
ZwWriteFile
ObReferenceObjectByPointer
ObOpenObjectByPointer
KeStackAttachProcess
IoAllocateMdl
ZwQuerySystemInformation
KeBugCheckEx
IoCreateDevice
ZwSetSecurityObject
IoDeviceObjectType
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
wcschr
_wcsnicmp
RtlLengthSid
RtlAddAccessAllowedAce
RtlGetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
ZwOpenKey
ZwSetValueKey
RtlFreeUnicodeString
__C_specific_handler

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sounds/Drivers/dvctprov/W10/dvctprov.cat
Sounds/Drivers/dvctprov/W10/dvctprov.inf
Sounds/Drivers/dvctprov/W10/dvctprov.sys
.exe windows x64

915f1b722fe87ac3e1c211dcc505ee6a

Code Sign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 19:55

Not After

15-04-2021 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

54:f1:68:c3:c1:0a:96:49:a2:cc:00:79
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

18-12-2017 12:29

Not After

27-01-2021 15:16

Subject

SERIALNUMBER=B48435218,CN=Panda Security S.L.,O=Panda Security S.L.,STREET=SANTIAGO DE COMPOSTELA 12,L=Bilbao,ST=Bizkaia,C=ES,1.3.6.1.4.1.311.60.2.1.3=#13024553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19-02-2018 00:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:3b:cd:6b:d8:3b:c6:71:b8:fe:00:00:00:00:00:3b
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-03-2020 17:31

Not After

05-03-2021 17:31

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-10-2014 20:31

Not After

15-10-2029 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d5:fa:46:0e:8e:35:0a:e1:a1:f6:aa:61:e1:02:95:ae:70:bd:ac:77:6b:b3:47:97:02:a9:a7:89:05:7d:5b:5b
Signer

Actual PE Digest

d5:fa:46:0e:8e:35:0a:e1:a1:f6:aa:61:e1:02:95:ae:70:bd:ac:77:6b:b3:47:97:02:a9:a7:89:05:7d:5b:5b

Digest Algorithm

sha256

PE Digest Matches

true

d5:fa:46:0e:8e:35:0a:e1:a1:f6:aa:61:e1:02:95:ae:70:bd:ac:77:6b:b3:47:97:02:a9:a7:89:05:7d:5b:5b
Signer

Actual PE Digest

d5:fa:46:0e:8e:35:0a:e1:a1:f6:aa:61:e1:02:95:ae:70:bd:ac:77:6b:b3:47:97:02:a9:a7:89:05:7d:5b:5b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExAcquireResourceExclusiveLite
ExAllocatePoolWithTag
ExFreePoolWithTag
RtlCreateUnicodeString
KeLeaveCriticalRegion
RtlInitUnicodeString
KeEnterCriticalRegion
RtlFreeUnicodeString
ExAcquireResourceSharedLite
ExReleaseResourceLite
RtlCompareUnicodeString
ExDeleteResourceLite
ExInitializeResourceLite
ExUnregisterCallback
IoWMIRegistrationControl
IoWMIWriteEvent
PsSetLoadImageNotifyRoutine
_wcsnicmp
MmGetSystemRoutineAddress
RtlGetVersion
KeDelayExecutionThread
wcsrchr
PsCreateSystemThread
PsTerminateSystemThread
PsRemoveLoadImageNotifyRoutine
ExRegisterCallback
RtlCompareMemory
ObfDereferenceObject
ExCreateCallback
DbgPrint
IofCallDriver
KeClearEvent
KeSetEvent
KeInitializeEvent
ObReferenceObjectByHandle
KeWaitForSingleObject
PsThreadType
RtlTimeFieldsToTime
KeBugCheckEx
KeReleaseSpinLock
KeReleaseSpinLockFromDpcLevel
ZwClose
KeWaitForMultipleObjects
KeAcquireSpinLockAtDpcLevel
KeAcquireSpinLockRaiseToDpc
IoGetDeviceObjectPointer
KeInitializeDpc
KeInitializeTimer
ZwCreateFile
KeSetTimer
KeCancelTimer
ZwWriteFile
RtlAnsiCharToUnicodeChar
IoBuildDeviceIoControlRequest
RtlCompressBuffer
RtlDecompressBuffer
RtlGetCompressionWorkSpaceSize
ZwReadFile
ZwSetInformationFile
ZwQueryValueKey
ZwQueryInformationFile
ZwOpenKey

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sounds/Drivers/dvctprov/WVista/dvctprov.cat
Sounds/Drivers/dvctprov/WVista/dvctprov.inf
Sounds/Drivers/dvctprov/WVista/dvctprov.sys
.exe windows x64

915f1b722fe87ac3e1c211dcc505ee6a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExAcquireResourceExclusiveLite
ExAllocatePoolWithTag
ExFreePoolWithTag
RtlCreateUnicodeString
KeLeaveCriticalRegion
RtlInitUnicodeString
KeEnterCriticalRegion
RtlFreeUnicodeString
ExAcquireResourceSharedLite
ExReleaseResourceLite
RtlCompareUnicodeString
ExDeleteResourceLite
ExInitializeResourceLite
ExUnregisterCallback
IoWMIRegistrationControl
IoWMIWriteEvent
PsSetLoadImageNotifyRoutine
_wcsnicmp
MmGetSystemRoutineAddress
RtlGetVersion
KeDelayExecutionThread
wcsrchr
PsCreateSystemThread
PsTerminateSystemThread
PsRemoveLoadImageNotifyRoutine
ExRegisterCallback
RtlCompareMemory
ObfDereferenceObject
ExCreateCallback
DbgPrint
IofCallDriver
KeClearEvent
KeSetEvent
KeInitializeEvent
ObReferenceObjectByHandle
KeWaitForSingleObject
PsThreadType
RtlTimeFieldsToTime
KeBugCheckEx
KeReleaseSpinLock
KeReleaseSpinLockFromDpcLevel
ZwClose
KeWaitForMultipleObjects
KeAcquireSpinLockAtDpcLevel
KeAcquireSpinLockRaiseToDpc
IoGetDeviceObjectPointer
KeInitializeDpc
KeInitializeTimer
ZwCreateFile
KeSetTimer
KeCancelTimer
ZwWriteFile
RtlAnsiCharToUnicodeChar
IoBuildDeviceIoControlRequest
RtlCompressBuffer
RtlDecompressBuffer
RtlGetCompressionWorkSpaceSize
ZwReadFile
ZwSetInformationFile
ZwQueryValueKey
ZwQueryInformationFile
ZwOpenKey

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sounds/Drivers/psinaflt/PSINAflt.sys
.exe windows x64

420bcae1712938249347fefa04018574

Code Sign

01:85:df:b2:66:16:5f:52:02:5e:7a:5b:14:97:f4:7d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-01-2021 00:00

Not After

23-01-2024 23:59

Subject

SERIALNUMBER=602 715 217,CN=WatchGuard Technologies\, Inc.,O=WatchGuard Technologies\, Inc.,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a57617368696e67746f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:57:ee:4d:65:9a:92:3e:7c:10:00:00:00:00:00:57
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-06-2022 18:08

Not After

01-06-2023 18:08

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-10-2014 20:31

Not After

15-10-2029 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:e6:07:bc:23:e8:b4:fe:93:2d:58:3b:76:8d:d9:b7:aa:9e:d2:e3:60:70:61:d8:60:e9:16:47:44:74:c8:0c
Signer

Actual PE Digest

2e:e6:07:bc:23:e8:b4:fe:93:2d:58:3b:76:8d:d9:b7:aa:9e:d2:e3:60:70:61:d8:60:e9:16:47:44:74:c8:0c

Digest Algorithm

sha256

PE Digest Matches

true

2e:e6:07:bc:23:e8:b4:fe:93:2d:58:3b:76:8d:d9:b7:aa:9e:d2:e3:60:70:61:d8:60:e9:16:47:44:74:c8:0c
Signer

Actual PE Digest

2e:e6:07:bc:23:e8:b4:fe:93:2d:58:3b:76:8d:d9:b7:aa:9e:d2:e3:60:70:61:d8:60:e9:16:47:44:74:c8:0c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoWMIRegistrationControl
ExFreePoolWithTag
IoWMIWriteEvent
RtlInitUnicodeString
IoDeleteDevice
MmGetSystemRoutineAddress
RtlGetVersion
IofCompleteRequest
RtlCompareMemory
IofCallDriver
KeInitializeGuardedMutex
KeAcquireGuardedMutex
KeReleaseGuardedMutex
RtlHashUnicodeString
KeLeaveCriticalRegion
KeEnterCriticalRegion
RtlCompareUnicodeString
RtlCreateUnicodeString
RtlAppendUnicodeToString
wcsrchr
ZwQueryValueKey
ZwClose
RtlCopyUnicodeString
ZwOpenKey
RtlFreeUnicodeString
RtlCopySid
IoFreeWorkItem
KeDelayExecutionThread
wcsstr
IoAllocateWorkItem
IoQueueWorkItem
ExAcquireResourceExclusiveLite
ExAcquireResourceSharedLite
ExReleaseResourceLite
RtlTimeToSecondsSince1980
ExDeleteResourceLite
ExInitializeResourceLite
KeClearEvent
ExInitializeNPagedLookasideList
KeSetEvent
ExpInterlockedPushEntrySList
KeInitializeEvent
ExpInterlockedPopEntrySList
ExQueryDepthSList
KeWaitForSingleObject
ExDeleteNPagedLookasideList
KeBugCheckEx
IoCreateDevice
ObOpenObjectByPointer
ZwSetSecurityObject
IoDeviceObjectType
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
wcschr
_wcsnicmp
RtlLengthSid
RtlAddAccessAllowedAce
RtlGetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
ZwCreateKey
ZwSetValueKey
KeResetEvent
KeReleaseSpinLock
KeReleaseSpinLockFromDpcLevel
ExDeletePagedLookasideList
ExInitializePagedLookasideList
ObfDereferenceObject
KeAcquireSpinLockAtDpcLevel
KeAcquireSpinLockRaiseToDpc
IoGetDeviceObjectPointer
ObDereferenceObjectDeferDelete
IoBuildDeviceIoControlRequest
KeReleaseInStackQueuedSpinLock
ZwQuerySymbolicLinkObject
KeAcquireInStackQueuedSpinLock
ZwOpenSymbolicLinkObject
ZwEnumerateValueKey
RtlAnsiCharToUnicodeChar
RtlCompressBuffer
RtlDecompressBuffer
RtlGetCompressionWorkSpaceSize
ZwReadFile
RtlTimeFieldsToTime
ZwSetInformationFile
ZwCreateFile
ZwFlushBuffersFile
ZwQueryInformationFile
ZwWriteFile
__C_specific_handler

Sections

.text
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sounds/Drivers/psinaflt/W7/PSINAflt.sys
.exe windows x64

420bcae1712938249347fefa04018574

Code Sign

33:00:00:00:dc:34:1a:52:0f:bb:cf:3d:8c:00:00:00:00:00:dc
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10-03-2022 19:58

Not After

08-03-2023 19:58

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18-04-2012 23:48

Not After

18-04-2027 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:85:df:b2:66:16:5f:52:02:5e:7a:5b:14:97:f4:7d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-01-2021 00:00

Not After

23-01-2024 23:59

Subject

SERIALNUMBER=602 715 217,CN=WatchGuard Technologies\, Inc.,O=WatchGuard Technologies\, Inc.,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a57617368696e67746f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:e6:07:bc:23:e8:b4:fe:93:2d:58:3b:76:8d:d9:b7:aa:9e:d2:e3:60:70:61:d8:60:e9:16:47:44:74:c8:0c
Signer

Actual PE Digest

2e:e6:07:bc:23:e8:b4:fe:93:2d:58:3b:76:8d:d9:b7:aa:9e:d2:e3:60:70:61:d8:60:e9:16:47:44:74:c8:0c

Digest Algorithm

sha256

PE Digest Matches

true

2e:e6:07:bc:23:e8:b4:fe:93:2d:58:3b:76:8d:d9:b7:aa:9e:d2:e3:60:70:61:d8:60:e9:16:47:44:74:c8:0c
Signer

Actual PE Digest

2e:e6:07:bc:23:e8:b4:fe:93:2d:58:3b:76:8d:d9:b7:aa:9e:d2:e3:60:70:61:d8:60:e9:16:47:44:74:c8:0c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoWMIRegistrationControl
ExFreePoolWithTag
IoWMIWriteEvent
RtlInitUnicodeString
IoDeleteDevice
MmGetSystemRoutineAddress
RtlGetVersion
IofCompleteRequest
RtlCompareMemory
IofCallDriver
KeInitializeGuardedMutex
KeAcquireGuardedMutex
KeReleaseGuardedMutex
RtlHashUnicodeString
KeLeaveCriticalRegion
KeEnterCriticalRegion
RtlCompareUnicodeString
RtlCreateUnicodeString
RtlAppendUnicodeToString
wcsrchr
ZwQueryValueKey
ZwClose
RtlCopyUnicodeString
ZwOpenKey
RtlFreeUnicodeString
RtlCopySid
IoFreeWorkItem
KeDelayExecutionThread
wcsstr
IoAllocateWorkItem
IoQueueWorkItem
ExAcquireResourceExclusiveLite
ExAcquireResourceSharedLite
ExReleaseResourceLite
RtlTimeToSecondsSince1980
ExDeleteResourceLite
ExInitializeResourceLite
KeClearEvent
ExInitializeNPagedLookasideList
KeSetEvent
ExpInterlockedPushEntrySList
KeInitializeEvent
ExpInterlockedPopEntrySList
ExQueryDepthSList
KeWaitForSingleObject
ExDeleteNPagedLookasideList
KeBugCheckEx
IoCreateDevice
ObOpenObjectByPointer
ZwSetSecurityObject
IoDeviceObjectType
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
wcschr
_wcsnicmp
RtlLengthSid
RtlAddAccessAllowedAce
RtlGetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
ZwCreateKey
ZwSetValueKey
KeResetEvent
KeReleaseSpinLock
KeReleaseSpinLockFromDpcLevel
ExDeletePagedLookasideList
ExInitializePagedLookasideList
ObfDereferenceObject
KeAcquireSpinLockAtDpcLevel
KeAcquireSpinLockRaiseToDpc
IoGetDeviceObjectPointer
ObDereferenceObjectDeferDelete
IoBuildDeviceIoControlRequest
KeReleaseInStackQueuedSpinLock
ZwQuerySymbolicLinkObject
KeAcquireInStackQueuedSpinLock
ZwOpenSymbolicLinkObject
ZwEnumerateValueKey
RtlAnsiCharToUnicodeChar
RtlCompressBuffer
RtlDecompressBuffer
RtlGetCompressionWorkSpaceSize
ZwReadFile
RtlTimeFieldsToTime
ZwSetInformationFile
ZwCreateFile
ZwFlushBuffersFile
ZwQueryInformationFile
ZwWriteFile
__C_specific_handler

Sections

.text
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sounds/Drivers/psinaflt/W7/psinaflt.cat
Sounds/Drivers/psinaflt/W7/psinaflt.inf
Sounds/Drivers/psinaflt/psinaflt.cat
Sounds/Drivers/psinaflt/psinaflt.inf
Sounds/Drivers/psinelam/W10/psinelam.cat
Sounds/Drivers/psinelam/W10/psinelam.inf
Sounds/Drivers/psinelam/W10/psinelam.sys
.exe windows x64

46c5957c333d67de89ade30bad85d130

Code Sign

33:00:00:04:9c:57:74:24:81:a5:93:7c:d8:00:00:00:00:04:9c
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-06-2022 17:43

Not After

01-06-2023 17:43

Subject

CN=Microsoft Windows Early Launch Anti-malware Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-07-2010 20:40

Not After

06-07-2025 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2b:f7:1d:fa:60:a0:c9:fe:75:32:08:84:a2:0a:33:01:e8:16:99:62:d8:e2:7f:9d:4e:6a:15:7e:e5:2b:9e:ea
Signer

Actual PE Digest

2b:f7:1d:fa:60:a0:c9:fe:75:32:08:84:a2:0a:33:01:e8:16:99:62:d8:e2:7f:9d:4e:6a:15:7e:e5:2b:9e:ea

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoRegisterBootDriverCallback
RtlCopyUnicodeString
DbgPrintEx
IoWMIRegistrationControl
MmGetSystemRoutineAddress
_vsnwprintf
IoUnregisterBootDriverCallback
RtlInitUnicodeString

wdfldr.sys

WdfVersionUnbindClass
WdfVersionUnbind
WdfVersionBind
WdfVersionBindClass

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sounds/Drivers/psinfile/PSINFile.sys
.exe windows x64

4fa82f92514a1308008689ad29aebfe2

Code Sign

01:85:df:b2:66:16:5f:52:02:5e:7a:5b:14:97:f4:7d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-01-2021 00:00

Not After

23-01-2024 23:59

Subject

SERIALNUMBER=602 715 217,CN=WatchGuard Technologies\, Inc.,O=WatchGuard Technologies\, Inc.,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a57617368696e67746f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:57:ee:4d:65:9a:92:3e:7c:10:00:00:00:00:00:57
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-06-2022 18:08

Not After

01-06-2023 18:08

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-10-2014 20:31

Not After

15-10-2029 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b4:73:6f:08:64:8a:f9:82:d7:27:3d:e3:a0:53:a9:f9:7d:62:74:cf:fe:fa:70:42:fb:34:47:72:51:04:03:84
Signer

Actual PE Digest

b4:73:6f:08:64:8a:f9:82:d7:27:3d:e3:a0:53:a9:f9:7d:62:74:cf:fe:fa:70:42:fb:34:47:72:51:04:03:84

Digest Algorithm

sha256

PE Digest Matches

true

b4:73:6f:08:64:8a:f9:82:d7:27:3d:e3:a0:53:a9:f9:7d:62:74:cf:fe:fa:70:42:fb:34:47:72:51:04:03:84
Signer

Actual PE Digest

b4:73:6f:08:64:8a:f9:82:d7:27:3d:e3:a0:53:a9:f9:7d:62:74:cf:fe:fa:70:42:fb:34:47:72:51:04:03:84

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

RtlCopySid
RtlValidSid
PsGetThreadId
RtlEqualUnicodeString
RtlFreeUnicodeString
ExDeletePagedLookasideList
PsGetCurrentThreadId
ExInitializePagedLookasideList
ObOpenObjectByPointer
RtlLengthSid
IoIsFileOriginRemote
IoFreeWorkItem
ExConvertExclusiveToSharedLite
IoAllocateWorkItem
RtlConvertSidToUnicodeString
IoGetTopLevelIrp
PsGetCurrentProcessId
IoQueueWorkItem
IoFileObjectType
SeQueryInformationToken
ObReferenceObjectByHandle
RtlCompareUnicodeString
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
RtlAppendUnicodeStringToString
KeReleaseInStackQueuedSpinLock
KeAcquireInStackQueuedSpinLock
KeBugCheckEx
RtlCopyUnicodeString
ZwQueryValueKey
RtlAppendUnicodeToString
ZwOpenKey
ZwClose
ZwSetValueKey
ExInitializeResourceLite
ExDeleteResourceLite
IofCompleteRequest
KeDelayExecutionThread
MmGetSystemRoutineAddress
IoDeleteDevice
IoWMIWriteEvent
IoWMIRegistrationControl
KeClearEvent
IofCallDriver
ObfDereferenceObject
RtlCompareMemory
IoUnregisterPlugPlayNotification
IoGetDeviceObjectPointer
IoVolumeDeviceToDosName
RtlInitUnicodeString
IoRegisterPlugPlayNotification
ExFreePoolWithTag
IoBuildDeviceIoControlRequest
ExAllocatePoolWithTag
ExDeleteNPagedLookasideList
KeWaitForSingleObject
ExQueryDepthSList
KeReleaseGuardedMutex
ExpInterlockedPopEntrySList
KeInitializeEvent
ExpInterlockedPushEntrySList
KeSetEvent
KeAcquireGuardedMutex
ExInitializeNPagedLookasideList
KeInitializeGuardedMutex
RtlPrefixUnicodeString
IoCreateDevice
ZwSetSecurityObject
IoDeviceObjectType
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
wcschr
_wcsnicmp
RtlAddAccessAllowedAce
RtlGetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
ZwCreateKey
ObDereferenceObjectDeferDelete
RtlAnsiCharToUnicodeChar
RtlCompressBuffer
RtlDecompressBuffer
RtlGetCompressionWorkSpaceSize
ZwReadFile
RtlTimeFieldsToTime
ZwSetInformationFile
ZwCreateFile
ZwFlushBuffersFile
ZwQueryInformationFile
ZwWriteFile

fltmgr.sys

FltReleaseFileNameInformation
FltGetTransactionContext
FltSetTransactionContext
FltEnlistInTransaction
FltClose
FltCreateFile
FltIsDirectory
FltFindExtraCreateParameter
FltGetEcpListFromCallbackData
FltSetStreamContext
FltCancelFileOpen
FltQueryInformationFile
FltCompletePendedPostOperation
FltAllocateDeferredIoWorkItem
FltReferenceContext
FltGetRequestorProcessId
FltGetStreamContext
FltQueueDeferredIoWorkItem
FltGetInstanceContext
FltFreeDeferredIoWorkItem
FltGetDeviceObject
FltParseFileNameInformation
FltGetFileNameInformation
FltGetFileNameInformationUnsafe
FltGetDestinationFileNameInformation
FltAcquireResourceShared
FltAcquireResourceExclusive
FltReleaseResource
FltStartFiltering
FltRegisterFilter
FltUnregisterFilter
FltGetVolumeName
FltAllocateContext
FltReleaseContext
FltGetDiskDeviceObject
FltSetInstanceContext

Sections

.text
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sounds/Drivers/psinfile/W7/PSINFile.inf
Sounds/Drivers/psinfile/W7/PSINFile.sys
.exe windows x64

4fa82f92514a1308008689ad29aebfe2

Code Sign

33:00:00:00:dc:34:1a:52:0f:bb:cf:3d:8c:00:00:00:00:00:dc
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10-03-2022 19:58

Not After

08-03-2023 19:58

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18-04-2012 23:48

Not After

18-04-2027 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:85:df:b2:66:16:5f:52:02:5e:7a:5b:14:97:f4:7d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-01-2021 00:00

Not After

23-01-2024 23:59

Subject

SERIALNUMBER=602 715 217,CN=WatchGuard Technologies\, Inc.,O=WatchGuard Technologies\, Inc.,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a57617368696e67746f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b4:73:6f:08:64:8a:f9:82:d7:27:3d:e3:a0:53:a9:f9:7d:62:74:cf:fe:fa:70:42:fb:34:47:72:51:04:03:84
Signer

Actual PE Digest

b4:73:6f:08:64:8a:f9:82:d7:27:3d:e3:a0:53:a9:f9:7d:62:74:cf:fe:fa:70:42:fb:34:47:72:51:04:03:84

Digest Algorithm

sha256

PE Digest Matches

true

b4:73:6f:08:64:8a:f9:82:d7:27:3d:e3:a0:53:a9:f9:7d:62:74:cf:fe:fa:70:42:fb:34:47:72:51:04:03:84
Signer

Actual PE Digest

b4:73:6f:08:64:8a:f9:82:d7:27:3d:e3:a0:53:a9:f9:7d:62:74:cf:fe:fa:70:42:fb:34:47:72:51:04:03:84

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

RtlCopySid
RtlValidSid
PsGetThreadId
RtlEqualUnicodeString
RtlFreeUnicodeString
ExDeletePagedLookasideList
PsGetCurrentThreadId
ExInitializePagedLookasideList
ObOpenObjectByPointer
RtlLengthSid
IoIsFileOriginRemote
IoFreeWorkItem
ExConvertExclusiveToSharedLite
IoAllocateWorkItem
RtlConvertSidToUnicodeString
IoGetTopLevelIrp
PsGetCurrentProcessId
IoQueueWorkItem
IoFileObjectType
SeQueryInformationToken
ObReferenceObjectByHandle
RtlCompareUnicodeString
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
RtlAppendUnicodeStringToString
KeReleaseInStackQueuedSpinLock
KeAcquireInStackQueuedSpinLock
KeBugCheckEx
RtlCopyUnicodeString
ZwQueryValueKey
RtlAppendUnicodeToString
ZwOpenKey
ZwClose
ZwSetValueKey
ExInitializeResourceLite
ExDeleteResourceLite
IofCompleteRequest
KeDelayExecutionThread
MmGetSystemRoutineAddress
IoDeleteDevice
IoWMIWriteEvent
IoWMIRegistrationControl
KeClearEvent
IofCallDriver
ObfDereferenceObject
RtlCompareMemory
IoUnregisterPlugPlayNotification
IoGetDeviceObjectPointer
IoVolumeDeviceToDosName
RtlInitUnicodeString
IoRegisterPlugPlayNotification
ExFreePoolWithTag
IoBuildDeviceIoControlRequest
ExAllocatePoolWithTag
ExDeleteNPagedLookasideList
KeWaitForSingleObject
ExQueryDepthSList
KeReleaseGuardedMutex
ExpInterlockedPopEntrySList
KeInitializeEvent
ExpInterlockedPushEntrySList
KeSetEvent
KeAcquireGuardedMutex
ExInitializeNPagedLookasideList
KeInitializeGuardedMutex
RtlPrefixUnicodeString
IoCreateDevice
ZwSetSecurityObject
IoDeviceObjectType
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
wcschr
_wcsnicmp
RtlAddAccessAllowedAce
RtlGetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
ZwCreateKey
ObDereferenceObjectDeferDelete
RtlAnsiCharToUnicodeChar
RtlCompressBuffer
RtlDecompressBuffer
RtlGetCompressionWorkSpaceSize
ZwReadFile
RtlTimeFieldsToTime
ZwSetInformationFile
ZwCreateFile
ZwFlushBuffersFile
ZwQueryInformationFile
ZwWriteFile

fltmgr.sys

FltReleaseFileNameInformation
FltGetTransactionContext
FltSetTransactionContext
FltEnlistInTransaction
FltClose
FltCreateFile
FltIsDirectory
FltFindExtraCreateParameter
FltGetEcpListFromCallbackData
FltSetStreamContext
FltCancelFileOpen
FltQueryInformationFile
FltCompletePendedPostOperation
FltAllocateDeferredIoWorkItem
FltReferenceContext
FltGetRequestorProcessId
FltGetStreamContext
FltQueueDeferredIoWorkItem
FltGetInstanceContext
FltFreeDeferredIoWorkItem
FltGetDeviceObject
FltParseFileNameInformation
FltGetFileNameInformation
FltGetFileNameInformationUnsafe
FltGetDestinationFileNameInformation
FltAcquireResourceShared
FltAcquireResourceExclusive
FltReleaseResource
FltStartFiltering
FltRegisterFilter
FltUnregisterFilter
FltGetVolumeName
FltAllocateContext
FltReleaseContext
FltGetDiskDeviceObject
FltSetInstanceContext

Sections

.text
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sounds/Drivers/psinfile/W7/psinfile.cat
Sounds/Drivers/psinfile/psinfile.cat
Sounds/Drivers/psinfile/psinfile.inf
Sounds/Drivers/psinknc/PSINKNC.sys
.exe windows x64

d175a80a44ffd621240e51befee4e7ed

Code Sign

01:85:df:b2:66:16:5f:52:02:5e:7a:5b:14:97:f4:7d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-01-2021 00:00

Not After

23-01-2024 23:59

Subject

SERIALNUMBER=602 715 217,CN=WatchGuard Technologies\, Inc.,O=WatchGuard Technologies\, Inc.,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a57617368696e67746f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:57:ee:4d:65:9a:92:3e:7c:10:00:00:00:00:00:57
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-06-2022 18:08

Not After

01-06-2023 18:08

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-10-2014 20:31

Not After

15-10-2029 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

75:d6:d5:de:ee:c8:4e:4b:9c:de:2e:e3:0d:fc:b0:10:63:25:95:a1:74:e7:04:82:b1:fc:2f:ad:51:19:58:ba
Signer

Actual PE Digest

75:d6:d5:de:ee:c8:4e:4b:9c:de:2e:e3:0d:fc:b0:10:63:25:95:a1:74:e7:04:82:b1:fc:2f:ad:51:19:58:ba

Digest Algorithm

sha256

PE Digest Matches

true

75:d6:d5:de:ee:c8:4e:4b:9c:de:2e:e3:0d:fc:b0:10:63:25:95:a1:74:e7:04:82:b1:fc:2f:ad:51:19:58:ba
Signer

Actual PE Digest

75:d6:d5:de:ee:c8:4e:4b:9c:de:2e:e3:0d:fc:b0:10:63:25:95:a1:74:e7:04:82:b1:fc:2f:ad:51:19:58:ba

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoDeleteSymbolicLink
RtlInitUnicodeString
IoDeleteDevice
IoCreateSymbolicLink
MmIsAddressValid
IoCreateDevice
KeInitializeGuardedMutex
KeAcquireGuardedMutex
KeReleaseGuardedMutex
IofCompleteRequest
KeDelayExecutionThread
ZwMapViewOfSection
IoCsqInsertIrp
MmMapLockedPagesSpecifyCache
ZwUnmapViewOfSection
ZwClose
IoCsqRemoveNextIrp
ZwCreateSection
ExAllocatePoolWithTag
IoWMIRegistrationControl
ExFreePoolWithTag
IoWMIWriteEvent
MmGetSystemRoutineAddress
RtlCompareMemory
ZwCreateDirectoryObject
RtlGetVersion
ZwMakeTemporaryObject
IoUnregisterFsRegistrationChange
IoRegisterFsRegistrationChange
KeSetEvent
KeInitializeEvent
KeWaitForSingleObject
ZwQueryValueKey
ZwOpenKey
KeReleaseSpinLock
IoCsqInitialize
KeAcquireSpinLockRaiseToDpc
PsLookupProcessByProcessId
PsGetProcessCreateTimeQuadPart
RtlHashUnicodeString
ObfDereferenceObject
KeLeaveCriticalRegion
KeEnterCriticalRegion
MmUnmapLockedPages
MmSecureVirtualMemory
MmBuildMdlForNonPagedPool
IoFreeMdl
KeUnstackDetachProcess
MmProbeAndLockPages
MmUnlockPages
PsGetCurrentProcessId
MmUnsecureVirtualMemory
ObOpenObjectByPointer
KeStackAttachProcess
IoAllocateMdl
KeBugCheckEx
ExAcquireResourceExclusiveLite
KeClearEvent
KeResetEvent
ExReleaseFastMutex
ExInitializeNPagedLookasideList
ExAcquireFastMutex
ExpInterlockedPushEntrySList
ExpInterlockedPopEntrySList
KeReleaseSpinLockFromDpcLevel
ExDeletePagedLookasideList
PsCreateSystemThread
PsTerminateSystemThread
ExReleaseResourceLite
KeQueryTimeIncrement
ExQueryDepthSList
ObReferenceObjectByHandle
ExDeleteResourceLite
ExInitializePagedLookasideList
ExInitializeResourceLite
KeWaitForMultipleObjects
KeAcquireSpinLockAtDpcLevel
ExDeleteNPagedLookasideList
RtlCompressBuffer
RtlDecompressBuffer
RtlGetCompressionWorkSpaceSize
ZwReadFile
RtlTimeFieldsToTime
ZwSetInformationFile
ZwCreateFile
ZwFlushBuffersFile
ZwQueryInformationFile
ZwWriteFile
RtlAnsiCharToUnicodeChar
__C_specific_handler

Sections

.text
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 788B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sounds/Drivers/psinknc/W7/PSINKNC.sys
.exe windows x64

d175a80a44ffd621240e51befee4e7ed

Code Sign

33:00:00:00:dc:34:1a:52:0f:bb:cf:3d:8c:00:00:00:00:00:dc
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10-03-2022 19:58

Not After

08-03-2023 19:58

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18-04-2012 23:48

Not After

18-04-2027 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:85:df:b2:66:16:5f:52:02:5e:7a:5b:14:97:f4:7d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-01-2021 00:00

Not After

23-01-2024 23:59

Subject

SERIALNUMBER=602 715 217,CN=WatchGuard Technologies\, Inc.,O=WatchGuard Technologies\, Inc.,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a57617368696e67746f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

75:d6:d5:de:ee:c8:4e:4b:9c:de:2e:e3:0d:fc:b0:10:63:25:95:a1:74:e7:04:82:b1:fc:2f:ad:51:19:58:ba
Signer

Actual PE Digest

75:d6:d5:de:ee:c8:4e:4b:9c:de:2e:e3:0d:fc:b0:10:63:25:95:a1:74:e7:04:82:b1:fc:2f:ad:51:19:58:ba

Digest Algorithm

sha256

PE Digest Matches

true

75:d6:d5:de:ee:c8:4e:4b:9c:de:2e:e3:0d:fc:b0:10:63:25:95:a1:74:e7:04:82:b1:fc:2f:ad:51:19:58:ba
Signer

Actual PE Digest

75:d6:d5:de:ee:c8:4e:4b:9c:de:2e:e3:0d:fc:b0:10:63:25:95:a1:74:e7:04:82:b1:fc:2f:ad:51:19:58:ba

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoDeleteSymbolicLink
RtlInitUnicodeString
IoDeleteDevice
IoCreateSymbolicLink
MmIsAddressValid
IoCreateDevice
KeInitializeGuardedMutex
KeAcquireGuardedMutex
KeReleaseGuardedMutex
IofCompleteRequest
KeDelayExecutionThread
ZwMapViewOfSection
IoCsqInsertIrp
MmMapLockedPagesSpecifyCache
ZwUnmapViewOfSection
ZwClose
IoCsqRemoveNextIrp
ZwCreateSection
ExAllocatePoolWithTag
IoWMIRegistrationControl
ExFreePoolWithTag
IoWMIWriteEvent
MmGetSystemRoutineAddress
RtlCompareMemory
ZwCreateDirectoryObject
RtlGetVersion
ZwMakeTemporaryObject
IoUnregisterFsRegistrationChange
IoRegisterFsRegistrationChange
KeSetEvent
KeInitializeEvent
KeWaitForSingleObject
ZwQueryValueKey
ZwOpenKey
KeReleaseSpinLock
IoCsqInitialize
KeAcquireSpinLockRaiseToDpc
PsLookupProcessByProcessId
PsGetProcessCreateTimeQuadPart
RtlHashUnicodeString
ObfDereferenceObject
KeLeaveCriticalRegion
KeEnterCriticalRegion
MmUnmapLockedPages
MmSecureVirtualMemory
MmBuildMdlForNonPagedPool
IoFreeMdl
KeUnstackDetachProcess
MmProbeAndLockPages
MmUnlockPages
PsGetCurrentProcessId
MmUnsecureVirtualMemory
ObOpenObjectByPointer
KeStackAttachProcess
IoAllocateMdl
KeBugCheckEx
ExAcquireResourceExclusiveLite
KeClearEvent
KeResetEvent
ExReleaseFastMutex
ExInitializeNPagedLookasideList
ExAcquireFastMutex
ExpInterlockedPushEntrySList
ExpInterlockedPopEntrySList
KeReleaseSpinLockFromDpcLevel
ExDeletePagedLookasideList
PsCreateSystemThread
PsTerminateSystemThread
ExReleaseResourceLite
KeQueryTimeIncrement
ExQueryDepthSList
ObReferenceObjectByHandle
ExDeleteResourceLite
ExInitializePagedLookasideList
ExInitializeResourceLite
KeWaitForMultipleObjects
KeAcquireSpinLockAtDpcLevel
ExDeleteNPagedLookasideList
RtlCompressBuffer
RtlDecompressBuffer
RtlGetCompressionWorkSpaceSize
ZwReadFile
RtlTimeFieldsToTime
ZwSetInformationFile
ZwCreateFile
ZwFlushBuffersFile
ZwQueryInformationFile
ZwWriteFile
RtlAnsiCharToUnicodeChar
__C_specific_handler

Sections

.text
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 788B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sounds/Drivers/psinknc/W7/psinknc.cat
Sounds/Drivers/psinknc/W7/psinknc.inf
Sounds/Drivers/psinknc/psinknc.cat
Sounds/Drivers/psinknc/psinknc.inf
Sounds/Drivers/psinproc/PSINProc.sys
.exe windows x64

653b02b07b2936d662fe4f4d1f61c8f2

Code Sign

01:85:df:b2:66:16:5f:52:02:5e:7a:5b:14:97:f4:7d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-01-2021 00:00

Not After

23-01-2024 23:59

Subject

SERIALNUMBER=602 715 217,CN=WatchGuard Technologies\, Inc.,O=WatchGuard Technologies\, Inc.,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a57617368696e67746f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:57:ee:4d:65:9a:92:3e:7c:10:00:00:00:00:00:57
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-06-2022 18:08

Not After

01-06-2023 18:08

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-10-2014 20:31

Not After

15-10-2029 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

99:d0:0e:e2:de:23:b7:e0:ab:7d:c0:3b:27:93:07:9c:53:6c:88:57:4a:16:b8:82:cb:13:7f:ea:65:33:45:19
Signer

Actual PE Digest

99:d0:0e:e2:de:23:b7:e0:ab:7d:c0:3b:27:93:07:9c:53:6c:88:57:4a:16:b8:82:cb:13:7f:ea:65:33:45:19

Digest Algorithm

sha256

PE Digest Matches

true

99:d0:0e:e2:de:23:b7:e0:ab:7d:c0:3b:27:93:07:9c:53:6c:88:57:4a:16:b8:82:cb:13:7f:ea:65:33:45:19
Signer

Actual PE Digest

99:d0:0e:e2:de:23:b7:e0:ab:7d:c0:3b:27:93:07:9c:53:6c:88:57:4a:16:b8:82:cb:13:7f:ea:65:33:45:19

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoBuildDeviceIoControlRequest
ExFreePoolWithTag
IoRegisterPlugPlayNotification
RtlInitUnicodeString
IoVolumeDeviceToDosName
IoGetDeviceObjectPointer
ZwQueryValueKey
IoUnregisterPlugPlayNotification
RtlCompareMemory
ObfDereferenceObject
IofCallDriver
ZwOpenKey
PsRemoveCreateThreadNotifyRoutine
MmGetSystemRoutineAddress
PsSetCreateThreadNotifyRoutine
PsGetCurrentThreadId
PsGetCurrentProcessId
IoWMIRegistrationControl
IoWMIWriteEvent
IoDeleteDevice
KeDelayExecutionThread
ExAllocatePoolWithTag
ExDeleteResourceLite
ExInitializeResourceLite
PsLookupProcessByProcessId
PsGetProcessCreateTimeQuadPart
IoGetTopLevelIrp
PsGetThreadId
ZwQuerySystemInformation
PsSetCreateProcessNotifyRoutine
ZwTerminateProcess
RtlAppendUnicodeToString
RtlCopyUnicodeString
IoThreadToProcess
PsProcessType
PsGetProcessId
KeBugCheckEx
ObOpenObjectByPointer
ZwQueryInformationProcess
ZwOpenProcess
PsThreadType
ZwClose
ExDeleteNPagedLookasideList
KeWaitForSingleObject
ExQueryDepthSList
KeReleaseGuardedMutex
ExpInterlockedPopEntrySList
KeInitializeEvent
ExpInterlockedPushEntrySList
KeSetEvent
KeAcquireGuardedMutex
ExInitializeNPagedLookasideList
KeClearEvent
KeInitializeGuardedMutex
IofCompleteRequest
IoCreateDevice
ZwSetSecurityObject
IoDeviceObjectType
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
wcschr
_wcsnicmp
RtlLengthSid
RtlAddAccessAllowedAce
RtlGetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
ZwCreateKey
ZwSetValueKey
RtlFreeUnicodeString
KeUnstackDetachProcess
KeStackAttachProcess
ExDeletePagedLookasideList
ExInitializePagedLookasideList
ObDereferenceObjectDeferDelete
KeReleaseInStackQueuedSpinLock
ZwQuerySymbolicLinkObject
KeAcquireInStackQueuedSpinLock
ZwOpenSymbolicLinkObject
RtlAnsiCharToUnicodeChar
RtlCompressBuffer
RtlDecompressBuffer
RtlGetCompressionWorkSpaceSize
ZwReadFile
RtlTimeFieldsToTime
ZwSetInformationFile
ZwCreateFile
ZwFlushBuffersFile
ZwQueryInformationFile
ZwWriteFile
__C_specific_handler

fltmgr.sys

FltObjectDereference
FltGetVolumeFromFileObject
FltReleaseFileNameInformation
FltGetFileNameInformation
FltGetRequestorProcessId
FltGetInstanceContext
FltAcquireResourceShared
FltAcquireResourceExclusive
FltReleaseResource
FltStartFiltering
FltRegisterFilter
FltUnregisterFilter
FltGetVolumeName
FltAllocateContext
FltReleaseContext
FltGetDiskDeviceObject
FltSetInstanceContext

Sections

.text
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 434B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sounds/Drivers/psinproc/W7/PSINProc.inf
Sounds/Drivers/psinproc/W7/PSINProc.sys
.exe windows x64

653b02b07b2936d662fe4f4d1f61c8f2

Code Sign

33:00:00:00:dc:34:1a:52:0f:bb:cf:3d:8c:00:00:00:00:00:dc
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10-03-2022 19:58

Not After

08-03-2023 19:58

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18-04-2012 23:48

Not After

18-04-2027 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:85:df:b2:66:16:5f:52:02:5e:7a:5b:14:97:f4:7d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-01-2021 00:00

Not After

23-01-2024 23:59

Subject

SERIALNUMBER=602 715 217,CN=WatchGuard Technologies\, Inc.,O=WatchGuard Technologies\, Inc.,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a57617368696e67746f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

99:d0:0e:e2:de:23:b7:e0:ab:7d:c0:3b:27:93:07:9c:53:6c:88:57:4a:16:b8:82:cb:13:7f:ea:65:33:45:19
Signer

Actual PE Digest

99:d0:0e:e2:de:23:b7:e0:ab:7d:c0:3b:27:93:07:9c:53:6c:88:57:4a:16:b8:82:cb:13:7f:ea:65:33:45:19

Digest Algorithm

sha256

PE Digest Matches

true

99:d0:0e:e2:de:23:b7:e0:ab:7d:c0:3b:27:93:07:9c:53:6c:88:57:4a:16:b8:82:cb:13:7f:ea:65:33:45:19
Signer

Actual PE Digest

99:d0:0e:e2:de:23:b7:e0:ab:7d:c0:3b:27:93:07:9c:53:6c:88:57:4a:16:b8:82:cb:13:7f:ea:65:33:45:19

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoBuildDeviceIoControlRequest
ExFreePoolWithTag
IoRegisterPlugPlayNotification
RtlInitUnicodeString
IoVolumeDeviceToDosName
IoGetDeviceObjectPointer
ZwQueryValueKey
IoUnregisterPlugPlayNotification
RtlCompareMemory
ObfDereferenceObject
IofCallDriver
ZwOpenKey
PsRemoveCreateThreadNotifyRoutine
MmGetSystemRoutineAddress
PsSetCreateThreadNotifyRoutine
PsGetCurrentThreadId
PsGetCurrentProcessId
IoWMIRegistrationControl
IoWMIWriteEvent
IoDeleteDevice
KeDelayExecutionThread
ExAllocatePoolWithTag
ExDeleteResourceLite
ExInitializeResourceLite
PsLookupProcessByProcessId
PsGetProcessCreateTimeQuadPart
IoGetTopLevelIrp
PsGetThreadId
ZwQuerySystemInformation
PsSetCreateProcessNotifyRoutine
ZwTerminateProcess
RtlAppendUnicodeToString
RtlCopyUnicodeString
IoThreadToProcess
PsProcessType
PsGetProcessId
KeBugCheckEx
ObOpenObjectByPointer
ZwQueryInformationProcess
ZwOpenProcess
PsThreadType
ZwClose
ExDeleteNPagedLookasideList
KeWaitForSingleObject
ExQueryDepthSList
KeReleaseGuardedMutex
ExpInterlockedPopEntrySList
KeInitializeEvent
ExpInterlockedPushEntrySList
KeSetEvent
KeAcquireGuardedMutex
ExInitializeNPagedLookasideList
KeClearEvent
KeInitializeGuardedMutex
IofCompleteRequest
IoCreateDevice
ZwSetSecurityObject
IoDeviceObjectType
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
wcschr
_wcsnicmp
RtlLengthSid
RtlAddAccessAllowedAce
RtlGetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
ZwCreateKey
ZwSetValueKey
RtlFreeUnicodeString
KeUnstackDetachProcess
KeStackAttachProcess
ExDeletePagedLookasideList
ExInitializePagedLookasideList
ObDereferenceObjectDeferDelete
KeReleaseInStackQueuedSpinLock
ZwQuerySymbolicLinkObject
KeAcquireInStackQueuedSpinLock
ZwOpenSymbolicLinkObject
RtlAnsiCharToUnicodeChar
RtlCompressBuffer
RtlDecompressBuffer
RtlGetCompressionWorkSpaceSize
ZwReadFile
RtlTimeFieldsToTime
ZwSetInformationFile
ZwCreateFile
ZwFlushBuffersFile
ZwQueryInformationFile
ZwWriteFile
__C_specific_handler

fltmgr.sys

FltObjectDereference
FltGetVolumeFromFileObject
FltReleaseFileNameInformation
FltGetFileNameInformation
FltGetRequestorProcessId
FltGetInstanceContext
FltAcquireResourceShared
FltAcquireResourceExclusive
FltReleaseResource
FltStartFiltering
FltRegisterFilter
FltUnregisterFilter
FltGetVolumeName
FltAllocateContext
FltReleaseContext
FltGetDiskDeviceObject
FltSetInstanceContext

Sections

.text
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 434B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sounds/Drivers/psinproc/W7/psinproc.cat
Sounds/Drivers/psinproc/psinproc.cat
Sounds/Drivers/psinproc/psinproc.inf
Sounds/Drivers/psinprot/PSINProt.sys
.exe windows x64

e54de0d07d3548110ce2b887fdd0ec7a

Code Sign

01:85:df:b2:66:16:5f:52:02:5e:7a:5b:14:97:f4:7d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-01-2021 00:00

Not After

23-01-2024 23:59

Subject

SERIALNUMBER=602 715 217,CN=WatchGuard Technologies\, Inc.,O=WatchGuard Technologies\, Inc.,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a57617368696e67746f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:57:ee:4d:65:9a:92:3e:7c:10:00:00:00:00:00:57
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-06-2022 18:08

Not After

01-06-2023 18:08

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-10-2014 20:31

Not After

15-10-2029 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

57:3b:e9:f8:f6:a6:bb:7f:a8:71:71:54:35:8c:78:60:c7:6c:05:ed:af:71:7f:49:f9:f6:84:c9:9b:6b:88:0e
Signer

Actual PE Digest

57:3b:e9:f8:f6:a6:bb:7f:a8:71:71:54:35:8c:78:60:c7:6c:05:ed:af:71:7f:49:f9:f6:84:c9:9b:6b:88:0e

Digest Algorithm

sha256

PE Digest Matches

true

57:3b:e9:f8:f6:a6:bb:7f:a8:71:71:54:35:8c:78:60:c7:6c:05:ed:af:71:7f:49:f9:f6:84:c9:9b:6b:88:0e
Signer

Actual PE Digest

57:3b:e9:f8:f6:a6:bb:7f:a8:71:71:54:35:8c:78:60:c7:6c:05:ed:af:71:7f:49:f9:f6:84:c9:9b:6b:88:0e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

RtlCompareMemory
RtlInitUnicodeString
ZwQueryValueKey
ZwClose
ZwOpenKey
KeClearEvent
KeInitializeGuardedMutex
ExInitializeNPagedLookasideList
KeAcquireGuardedMutex
KeSetEvent
ExpInterlockedPushEntrySList
KeInitializeEvent
ExpInterlockedPopEntrySList
KeReleaseGuardedMutex
ExQueryDepthSList
KeWaitForSingleObject
ExDeleteNPagedLookasideList
ExAllocatePoolWithTag
IoWMIRegistrationControl
ExFreePoolWithTag
IoWMIWriteEvent
IoDeleteDevice
MmGetSystemRoutineAddress
IofCompleteRequest
IofCallDriver
RtlUpcaseUnicodeChar
KeDelayExecutionThread
IoThreadToProcess
ZwOpenThreadTokenEx
ZwOpenProcessTokenEx
ZwQueryInformationToken
ObOpenObjectByPointer
PsLookupThreadByThreadId
RtlLengthSid
KeLeaveCriticalRegion
KeEnterCriticalRegion
KeBugCheckEx
RtlAnsiCharToUnicodeChar
IoCreateDevice
ZwSetSecurityObject
IoDeviceObjectType
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
wcschr
_wcsnicmp
RtlAddAccessAllowedAce
RtlGetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
ZwCreateKey
ZwSetValueKey
RtlFreeUnicodeString
ExAcquireResourceExclusiveLite
ExIsResourceAcquiredSharedLite
KeReleaseSpinLock
KeReleaseSpinLockFromDpcLevel
ExDeletePagedLookasideList
ExAcquireResourceSharedLite
ExReleaseResourceLite
ExDeleteResourceLite
ExInitializePagedLookasideList
ObfDereferenceObject
ExInitializeResourceLite
KeAcquireSpinLockAtDpcLevel
KeAcquireSpinLockRaiseToDpc
IoGetDeviceObjectPointer
ObDereferenceObjectDeferDelete
IoBuildDeviceIoControlRequest
RtlCompressBuffer
RtlDecompressBuffer
RtlGetCompressionWorkSpaceSize
ZwReadFile
RtlTimeFieldsToTime
ZwSetInformationFile
ZwCreateFile
ZwFlushBuffersFile
ZwQueryInformationFile
ZwWriteFile

Sections

.text
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sounds/Drivers/psinprot/W7/PSINProt.sys
.exe windows x64

ac4dfa4aa738ad678a8030fdf8712256

Code Sign

33:00:00:00:dc:34:1a:52:0f:bb:cf:3d:8c:00:00:00:00:00:dc
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10-03-2022 19:58

Not After

08-03-2023 19:58

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18-04-2012 23:48

Not After

18-04-2027 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:85:df:b2:66:16:5f:52:02:5e:7a:5b:14:97:f4:7d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-01-2021 00:00

Not After

23-01-2024 23:59

Subject

SERIALNUMBER=602 715 217,CN=WatchGuard Technologies\, Inc.,O=WatchGuard Technologies\, Inc.,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a57617368696e67746f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:8d:f3:98:eb:33:51:f8:a3:d5:47:2f:cd:66:40:7f:c4:3a:5f:cb:bf:3f:8f:6d:13:36:5b:00:e7:46:17:eb
Signer

Actual PE Digest

1d:8d:f3:98:eb:33:51:f8:a3:d5:47:2f:cd:66:40:7f:c4:3a:5f:cb:bf:3f:8f:6d:13:36:5b:00:e7:46:17:eb

Digest Algorithm

sha256

PE Digest Matches

true

1d:8d:f3:98:eb:33:51:f8:a3:d5:47:2f:cd:66:40:7f:c4:3a:5f:cb:bf:3f:8f:6d:13:36:5b:00:e7:46:17:eb
Signer

Actual PE Digest

1d:8d:f3:98:eb:33:51:f8:a3:d5:47:2f:cd:66:40:7f:c4:3a:5f:cb:bf:3f:8f:6d:13:36:5b:00:e7:46:17:eb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

RtlCompareMemory
RtlInitUnicodeString
ZwQueryValueKey
ZwClose
ZwOpenKey
KeClearEvent
KeInitializeGuardedMutex
ExInitializeNPagedLookasideList
KeAcquireGuardedMutex
KeSetEvent
ExpInterlockedPushEntrySList
KeInitializeEvent
ExpInterlockedPopEntrySList
KeReleaseGuardedMutex
ExQueryDepthSList
KeWaitForSingleObject
ExDeleteNPagedLookasideList
ExAllocatePoolWithTag
IoWMIRegistrationControl
ExFreePoolWithTag
IoWMIWriteEvent
IoDeleteDevice
MmGetSystemRoutineAddress
IofCompleteRequest
IofCallDriver
RtlUpcaseUnicodeChar
KeDelayExecutionThread
IoThreadToProcess
ZwOpenThreadTokenEx
ZwOpenProcessTokenEx
ZwQueryInformationToken
ObOpenObjectByPointer
PsLookupThreadByThreadId
RtlLengthSid
KeLeaveCriticalRegion
KeEnterCriticalRegion
KeBugCheckEx
RtlAnsiCharToUnicodeChar
IoCreateDevice
ZwSetSecurityObject
IoDeviceObjectType
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
wcschr
_wcsnicmp
RtlAddAccessAllowedAce
RtlGetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
ZwCreateKey
ZwSetValueKey
RtlFreeUnicodeString
ExAcquireResourceExclusiveLite
ExIsResourceAcquiredSharedLite
KeReleaseSpinLock
KeReleaseSpinLockFromDpcLevel
ExDeletePagedLookasideList
ExAcquireResourceSharedLite
ExReleaseResourceLite
ExDeleteResourceLite
ExInitializePagedLookasideList
ObfDereferenceObject
ExInitializeResourceLite
KeAcquireSpinLockAtDpcLevel
KeAcquireSpinLockRaiseToDpc
IoFreeWorkItem
IoGetDeviceObjectPointer
IoAllocateWorkItem
IoQueueWorkItem
IoBuildDeviceIoControlRequest
RtlCompressBuffer
RtlDecompressBuffer
RtlGetCompressionWorkSpaceSize
ZwReadFile
RtlTimeFieldsToTime
ZwSetInformationFile
ZwCreateFile
ZwQueryInformationFile
ZwWriteFile

Sections

.text
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sounds/Drivers/psinprot/W7/psinprot.cat
Sounds/Drivers/psinprot/W7/psinprot.inf
Sounds/Drivers/psinprot/psinprot.cat
Sounds/Drivers/psinprot/psinprot.inf
Sounds/Drivers/psinreg/PSINReg.sys
.exe windows x64

9ba9a8fdb340cf2f20700fc7fccd8ab4

Code Sign

01:85:df:b2:66:16:5f:52:02:5e:7a:5b:14:97:f4:7d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-01-2021 00:00

Not After

23-01-2024 23:59

Subject

SERIALNUMBER=602 715 217,CN=WatchGuard Technologies\, Inc.,O=WatchGuard Technologies\, Inc.,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a57617368696e67746f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:57:ee:4d:65:9a:92:3e:7c:10:00:00:00:00:00:57
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-06-2022 18:08

Not After

01-06-2023 18:08

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-10-2014 20:31

Not After

15-10-2029 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6d:ee:aa:04:15:dc:f5:1e:ec:52:5c:33:5e:5a:7c:4d:e5:8a:ac:38:ba:5a:26:55:91:3a:e4:05:50:99:38:b8
Signer

Actual PE Digest

6d:ee:aa:04:15:dc:f5:1e:ec:52:5c:33:5e:5a:7c:4d:e5:8a:ac:38:ba:5a:26:55:91:3a:e4:05:50:99:38:b8

Digest Algorithm

sha256

PE Digest Matches

true

6d:ee:aa:04:15:dc:f5:1e:ec:52:5c:33:5e:5a:7c:4d:e5:8a:ac:38:ba:5a:26:55:91:3a:e4:05:50:99:38:b8
Signer

Actual PE Digest

6d:ee:aa:04:15:dc:f5:1e:ec:52:5c:33:5e:5a:7c:4d:e5:8a:ac:38:ba:5a:26:55:91:3a:e4:05:50:99:38:b8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoWMIRegistrationControl
IoDeleteSymbolicLink
ExFreePoolWithTag
IoWMIWriteEvent
RtlInitUnicodeString
MmGetSystemRoutineAddress
IofCompleteRequest
RtlCompareMemory
IofCallDriver
IoDeleteDevice
RtlGetVersion
ObQueryNameString
ZwQueryValueKey
ZwClose
IoCreateSymbolicLink
PsGetCurrentThreadId
PsGetCurrentProcessId
ObfDereferenceObject
ZwQueryInformationFile
ZwOpenKey
ObOpenObjectByPointer
ExReleaseFastMutex
ExAcquireFastMutex
KeInitializeEvent
ExTryToAcquireFastMutex
ExDeleteResourceLite
ExInitializeResourceLite
KeBugCheckEx
IoCreateDevice
ZwSetSecurityObject
IoDeviceObjectType
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
wcschr
_wcsnicmp
RtlLengthSid
RtlAddAccessAllowedAce
RtlGetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
ZwCreateKey
ZwSetValueKey
RtlFreeUnicodeString
KeClearEvent
IoGetDeviceObjectPointer
ObDereferenceObjectDeferDelete
IoBuildDeviceIoControlRequest
RtlCompressBuffer
RtlDecompressBuffer
RtlGetCompressionWorkSpaceSize
ZwReadFile
RtlTimeFieldsToTime
ZwSetInformationFile
ZwCreateFile
ZwFlushBuffersFile
ZwWriteFile
RtlAnsiCharToUnicodeChar
__C_specific_handler

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sounds/Drivers/psinreg/W7/PSINReg.inf
Sounds/Drivers/psinreg/W7/PSINReg.sys
.exe windows x64

9ba9a8fdb340cf2f20700fc7fccd8ab4

Code Sign

33:00:00:00:dc:34:1a:52:0f:bb:cf:3d:8c:00:00:00:00:00:dc
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10-03-2022 19:58

Not After

08-03-2023 19:58

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18-04-2012 23:48

Not After

18-04-2027 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:85:df:b2:66:16:5f:52:02:5e:7a:5b:14:97:f4:7d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-01-2021 00:00

Not After

23-01-2024 23:59

Subject

SERIALNUMBER=602 715 217,CN=WatchGuard Technologies\, Inc.,O=WatchGuard Technologies\, Inc.,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a57617368696e67746f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6d:ee:aa:04:15:dc:f5:1e:ec:52:5c:33:5e:5a:7c:4d:e5:8a:ac:38:ba:5a:26:55:91:3a:e4:05:50:99:38:b8
Signer

Actual PE Digest

6d:ee:aa:04:15:dc:f5:1e:ec:52:5c:33:5e:5a:7c:4d:e5:8a:ac:38:ba:5a:26:55:91:3a:e4:05:50:99:38:b8

Digest Algorithm

sha256

PE Digest Matches

true

6d:ee:aa:04:15:dc:f5:1e:ec:52:5c:33:5e:5a:7c:4d:e5:8a:ac:38:ba:5a:26:55:91:3a:e4:05:50:99:38:b8
Signer

Actual PE Digest

6d:ee:aa:04:15:dc:f5:1e:ec:52:5c:33:5e:5a:7c:4d:e5:8a:ac:38:ba:5a:26:55:91:3a:e4:05:50:99:38:b8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoWMIRegistrationControl
IoDeleteSymbolicLink
ExFreePoolWithTag
IoWMIWriteEvent
RtlInitUnicodeString
MmGetSystemRoutineAddress
IofCompleteRequest
RtlCompareMemory
IofCallDriver
IoDeleteDevice
RtlGetVersion
ObQueryNameString
ZwQueryValueKey
ZwClose
IoCreateSymbolicLink
PsGetCurrentThreadId
PsGetCurrentProcessId
ObfDereferenceObject
ZwQueryInformationFile
ZwOpenKey
ObOpenObjectByPointer
ExReleaseFastMutex
ExAcquireFastMutex
KeInitializeEvent
ExTryToAcquireFastMutex
ExDeleteResourceLite
ExInitializeResourceLite
KeBugCheckEx
IoCreateDevice
ZwSetSecurityObject
IoDeviceObjectType
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
wcschr
_wcsnicmp
RtlLengthSid
RtlAddAccessAllowedAce
RtlGetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
ZwCreateKey
ZwSetValueKey
RtlFreeUnicodeString
KeClearEvent
IoGetDeviceObjectPointer
ObDereferenceObjectDeferDelete
IoBuildDeviceIoControlRequest
RtlCompressBuffer
RtlDecompressBuffer
RtlGetCompressionWorkSpaceSize
ZwReadFile
RtlTimeFieldsToTime
ZwSetInformationFile
ZwCreateFile
ZwFlushBuffersFile
ZwWriteFile
RtlAnsiCharToUnicodeChar
__C_specific_handler

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sounds/Drivers/psinreg/W7/psinreg.cat
Sounds/Drivers/psinreg/psinreg.cat
Sounds/Drivers/psinreg/psinreg.inf
Sounds/Fonts/MyriadPro-Bold.otf
Sounds/Fonts/MyriadPro-BoldCond.otf
Sounds/Fonts/MyriadPro-BoldCondIt.otf
Sounds/Fonts/MyriadPro-BoldIt.otf
Sounds/Fonts/MyriadPro-Cond.otf
Sounds/Fonts/MyriadPro-CondIt.otf
Sounds/Fonts/MyriadPro-It.otf
Sounds/Fonts/MyriadPro-Regular.otf
Sounds/Fonts/MyriadPro-Semibold.otf
Sounds/Fonts/MyriadPro-SemiboldIt.otf
Sounds/Fonts/Oxygen-Bold.ttf
Sounds/Fonts/Oxygen-Light.ttf
Sounds/Fonts/Oxygen-Regular.ttf
Sounds/Lang/chi-tw/Dictionary.rar
.rar
Sounds/Lang/chi/Dictionary.rar
.rar
Sounds/Lang/eng/Dictionary.rar
.rar
Sounds/Lang/fin/Dictionary.rar
.rar
Sounds/Lang/fre/Dictionary.rar
.rar
Sounds/Lang/ger/Dictionary.rar
.rar
Sounds/Lang/hun/Dictionary.rar
.rar
Sounds/Lang/ita/Dictionary.rar
.rar
Sounds/Lang/jpn/Dictionary.rar
.rar
Sounds/Lang/pol/Dictionary.rar
.rar
Sounds/Lang/por/Dictionary.rar
.rar
Sounds/Lang/rus/Dictionary.rar
.rar
Sounds/Lang/spa/Diccionario.pnd
.xml
Sounds/Lang/spa/Dictionary.rar
.rar
Sounds/Lang/spa/PSUNDict.pnd
.xml
Sounds/Lang/swe/Dictionary.rar
.rar
Sounds/WAWorks/Diagnostic.ini
Sounds/WAWorks/Policies.ini
Sounds/WAWorks/RptMng.ini
Sounds/alert.wav
Sounds/alert2.wav
Sounds/connect.wav
Sounds/disconnect.wav
Sounds/email.wav
Sounds/expert.wav
Sounds/iFilters/msvcp90.dll
.dll windows x86

2dec2d42421b088bfcddeba53b046464

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-08-2007 00:23

Not After

23-02-2009 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-09-2006 01:53

Not After

16-09-2011 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-09-2006 01:53

Not After

16-09-2011 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

42:16:d7:12:ad:45:e9:ed:7f:3e:46:a2:db:df:4f:7c:57:4d:4c:e5
Signer

Actual PE Digest

42:16:d7:12:ad:45:e9:ed:7f:3e:46:a2:db:df:4f:7c:57:4d:4c:e5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr90

_Getmonths
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
log
abort
fputc
fputs
__iob_func
rand_s
fgetc
ungetc
fflush
setvbuf
fwrite
fgetpos
fseek
fsetpos
fclose
_wfsopen
mbstowcs_s
atan2
cos
exp
ldexp
pow
sin
sqrt
tan
fgetwc
fputwc
ungetwc
memcpy
_Strftime
strcspn
sprintf_s
_realloc_crt
setlocale
_malloc_crt
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
_Getdays
towlower
towupper
strcmp
_create_locale
_ui64toa_s
_free_locale
__pctype_func
_errno
___mb_cur_max_l_func
___lc_codepage_func
___lc_handle_func
__crtCompareStringA
___lc_collate_cp_func
__crtLCMapStringA
isupper
_calloc_crt
islower
__crtGetStringTypeW
__crtLCMapStringW
__crtCompareStringW
isspace
tolower
strtod
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__clean_type_info_names_internal
___mb_cur_max_func
??_V@YAXPAX@Z
_Gettnames
localeconv
free
??0exception@std@@QAE@ABQBDH@Z
__CxxFrameHandler3
??2@YAPAXI@Z
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
??0exception@std@@QAE@XZ
memset
memchr
strlen
memcmp
wcslen
memmove_s
memcpy_s
??3@YAXPAX@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
__uncaught_exception
??0exception@std@@QAE@ABQBD@Z

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
Sleep
InterlockedDecrement
InterlockedIncrement
GetLocaleInfoA
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
InterlockedCompareExchange
GetSystemTimeAsFileTime

Exports

Exports

??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAD@Z
??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAD@Z
??$?5DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?5GU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAG@Z
??$?5GU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@PAG@Z
??$?5GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?5MDU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$complex@M@0@@Z
??$?5MGU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$complex@M@0@@Z
??$?5M_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$complex@M@0@@Z
??$?5NDU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$complex@N@0@@Z
??$?5NGU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$complex@N@0@@Z
??$?5N_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$complex@N@0@@Z
??$?5ODU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$complex@O@0@@Z
??$?5OGU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$complex@O@0@@Z
??$?5O_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$complex@O@0@@Z
??$?5U?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAC@Z
??$?5U?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAE@Z
??$?5U?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAC@Z
??$?5U?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAE@Z
??$?5_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AA_W@Z
??$?5_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@PA_W@Z
??$?5_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?6GU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@G@Z
??$?6GU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@PBG@Z
??$?6GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?6MDU?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$complex@M@0@@Z
??$?6MGU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$complex@M@0@@Z
??$?6M_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$complex@M@0@@Z
??$?6NDU?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$complex@N@0@@Z
??$?6NGU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$complex@N@0@@Z
??$?6N_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$complex@N@0@@Z
??$?6ODU?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$complex@O@0@@Z
??$?6OGU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$complex@O@0@@Z
??$?6O_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$complex@O@0@@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@C@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@E@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBC@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBE@Z
??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z
??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@_W@Z
??$?6_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?8M@std@@YA_NABMABV?$complex@M@0@@Z
??$?8M@std@@YA_NABV?$complex@M@0@0@Z
??$?8M@std@@YA_NABV?$complex@M@0@ABM@Z
??$?8N@std@@YA_NABNABV?$complex@N@0@@Z
??$?8N@std@@YA_NABV?$complex@N@0@0@Z
??$?8N@std@@YA_NABV?$complex@N@0@ABN@Z
??$?8O@std@@YA_NABOABV?$complex@O@0@@Z
??$?8O@std@@YA_NABV?$complex@O@0@0@Z
??$?8O@std@@YA_NABV?$complex@O@0@ABO@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?9M@std@@YA_NABMABV?$complex@M@0@@Z
??$?9M@std@@YA_NABV?$complex@M@0@0@Z
??$?9M@std@@YA_NABV?$complex@M@0@ABM@Z
??$?9N@std@@YA_NABNABV?$complex@N@0@@Z
??$?9N@std@@YA_NABV?$complex@N@0@0@Z
??$?9N@std@@YA_NABV?$complex@N@0@ABN@Z
??$?9O@std@@YA_NABOABV?$complex@O@0@@Z
??$?9O@std@@YA_NABV?$complex@O@0@0@Z
??$?9O@std@@YA_NABV?$complex@O@0@ABO@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?DM@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$?DM@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$?DM@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$?DN@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$?DN@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$?DN@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$?DO@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$?DO@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$?DO@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$?GM@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$?GM@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$?GM@std@@YA?AV?$complex@M@0@ABV10@@Z
??$?GM@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$?GN@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$?GN@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$?GN@std@@YA?AV?$complex@N@0@ABV10@@Z
??$?GN@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$?GO@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$?GO@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$?GO@std@@YA?AV?$complex@O@0@ABV10@@Z
??$?GO@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@DABV10@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@G@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@GABV10@@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z
??$?HM@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$?HM@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$?HM@std@@YA?AV?$complex@M@0@ABV10@@Z
??$?HM@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$?HN@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$?HN@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$?HN@std@@YA?AV?$complex@N@0@ABV10@@Z
??$?HN@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$?HO@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$?HO@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$?HO@std@@YA?AV?$complex@O@0@ABV10@@Z
??$?HO@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@_WABV10@@Z
??$?KM@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$?KM@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$?KM@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$?KN@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$?KN@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$?KN@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$?KO@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$?KO@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$?KO@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?NDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?NDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?NDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?NGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?NGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?NGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?N_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?N_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?N_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?ODU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?ODU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?ODU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?OGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?OGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?OGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?O_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?O_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?O_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?PDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?PDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?PDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?PGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?PGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?PGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?P_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?P_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?P_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$_Fabs@M@std@@YAMABV?$complex@M@0@PAH@Z
??$_Fabs@N@std@@YANABV?$complex@N@0@PAH@Z
??$_Fabs@O@std@@YAOABV?$complex@O@0@PAH@Z
??$abs@M@std@@YAMABV?$complex@M@0@@Z
??$abs@N@std@@YANABV?$complex@N@0@@Z
??$abs@O@std@@YAOABV?$complex@O@0@@Z
??$arg@M@std@@YAMABV?$complex@M@0@@Z
??$arg@N@std@@YANABV?$complex@N@0@@Z
??$arg@O@std@@YAOABV?$complex@O@0@@Z
??$conj@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$conj@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$conj@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$cos@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$cos@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$cos@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$cosh@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$cosh@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$cosh@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$exp@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$exp@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$exp@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@D@Z
??$getline@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$getline@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@G@Z
??$getline@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$getline@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@_W@Z
??$imag@M@std@@YAMABV?$complex@M@0@@Z
??$imag@N@std@@YANABV?$complex@N@0@@Z
??$imag@O@std@@YAOABV?$complex@O@0@@Z
??$log10@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$log10@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$log10@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$log@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$log@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$log@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$norm@M@std@@YAMABV?$complex@M@0@@Z
??$norm@N@std@@YANABV?$complex@N@0@@Z
??$norm@O@std@@YAOABV?$complex@O@0@@Z
??$polar@M@std@@YA?AV?$complex@M@0@ABM0@Z
??$polar@M@std@@YA?AV?$complex@M@0@ABM@Z
??$polar@N@std@@YA?AV?$complex@N@0@ABN0@Z
??$polar@N@std@@YA?AV?$complex@N@0@ABN@Z
??$polar@O@std@@YA?AV?$complex@O@0@ABO0@Z
??$polar@O@std@@YA?AV?$complex@O@0@ABO@Z
??$pow@M@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$pow@M@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$pow@M@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$pow@M@std@@YA?AV?$complex@M@0@ABV10@H@Z
??$pow@N@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$pow@N@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$pow@N@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$pow@N@std@@YA?AV?$complex@N@0@ABV10@H@Z
??$pow@O@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$pow@O@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$pow@O@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$pow@O@std@@YA?AV?$complex@O@0@ABV10@H@Z
??$real@M@std@@YAMABV?$complex@M@0@@Z
??$real@N@std@@YANABV?$complex@N@0@@Z
??$real@O@std@@YAOABV?$complex@O@0@@Z
??$sin@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$sin@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$sin@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$sinh@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$sinh@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$sinh@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$sqrt@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$sqrt@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$sqrt@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$tan@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$tan@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$tan@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$tanh@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$tanh@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$tanh@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??0?$_Complex_base@MU_C_float_complex@@@std@@QAE@ABM0@Z
??0?$_Complex_base@NU_C_double_complex@@@std@@QAE@ABN0@Z
??0?$_Complex_base@OU_C_ldouble_complex@@@std@@QAE@ABO0@Z
??0?$_Mpunct@D@std@@IAE@PBDI_N1@Z
??0?$_Mpunct@D@std@@QAE@ABV_Locinfo@1@I_N1@Z
??0?$_Mpunct@D@std@@QAE@I_N@Z
??0?$_Mpunct@G@std@@IAE@PBDI_N1@Z
??0?$_Mpunct@G@std@@QAE@ABV_Locinfo@1@I_N1@Z
??0?$_Mpunct@G@std@@QAE@I_N@Z
??0?$_Mpunct@_W@std@@IAE@PBDI_N1@Z
??0?$_Mpunct@_W@std@@QAE@ABV_Locinfo@1@I_N1@Z
??0?$_Mpunct@_W@std@@QAE@I_N@Z
??0?$_String_val@DV?$allocator@D@std@@@std@@IAE@V?$allocator@D@1@@Z
??0?$_String_val@DV?$allocator@D@std@@@std@@QAE@ABV01@@Z
??0?$_String_val@GV?$allocator@G@std@@@std@@IAE@V?$allocator@G@1@@Z
??0?$_String_val@GV?$allocator@G@std@@@std@@QAE@ABV01@@Z
??0?$_String_val@_WV?$allocator@_W@std@@@std@@IAE@V?$allocator@_W@1@@Z
??0?$_String_val@_WV?$allocator@_W@std@@@std@@QAE@ABV01@@Z
??0?$allocator@D@std@@QAE@ABV01@@Z
??0?$allocator@D@std@@QAE@XZ
??0?$allocator@G@std@@QAE@ABV01@@Z
??0?$allocator@G@std@@QAE@XZ
??0?$allocator@X@std@@QAE@ABV01@@Z
??0?$allocator@X@std@@QAE@XZ
??0?$allocator@_W@std@@QAE@ABV01@@Z
??0?$allocator@_W@std@@QAE@XZ
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_filebuf@GU?$char_traits@G@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_filebuf@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_filebuf@_WU?$char_traits@_W@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_filebuf@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PBGHH@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PB_WHH@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@PBDHH@Z
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@PBGHH@Z
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@PB_WHH@Z
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@XZ
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAE@PBDHH@Z
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAE@PBGHH@Z
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAE@PB_WHH@Z
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAE@XZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBGHH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PB_WHH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@PBDHH@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@PBGHH@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@PB_WHH@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@XZ
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAE@PBDHH@Z
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAE@PBGHH@Z
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAE@PB_WHH@Z
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N1@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N1@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_istringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@H@Z
??0?$basic_istringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBGHH@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PB_WHH@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@PBDHH@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@PBGHH@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@PB_WHH@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@XZ
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAE@PBDHH@Z
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAE@PBGHH@Z
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAE@PB_WHH@Z
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@_N@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@H@Z
??0?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@IIABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@V?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@1@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@II@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@IIABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IGABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG0@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGIABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@V?$_String_const_iterator@GU?$char_traits@G@std@@V?$allocator@G@2@@1@0@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@II@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@IIABV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@I_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@I_WABV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WABV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WIABV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@V?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_stringbuf@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@H@Z
??0?$basic_stringbuf@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@H@Z
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??0?$codecvt@DDH@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@DDH@std@@QAE@I@Z
??0?$codecvt@GDH@std@@IAE@PBDI@Z
??0?$codecvt@GDH@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@GDH@std@@QAE@I@Z
??0?$codecvt@_WDH@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@_WDH@std@@QAE@I@Z
??0?$collate@D@std@@IAE@PBDI@Z
??0?$collate@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$collate@D@std@@QAE@I@Z
??0?$collate@G@std@@IAE@PBDI@Z
??0?$collate@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$collate@G@std@@QAE@I@Z
??0?$collate@_W@std@@IAE@PBDI@Z
??0?$collate@_W@std@@QAE@ABV_Locinfo@1@I@Z
??0?$collate@_W@std@@QAE@I@Z
??0?$complex@M@std@@QAE@ABM0@Z
??0?$complex@M@std@@QAE@ABU_C_double_complex@@@Z
??0?$complex@M@std@@QAE@ABU_C_float_complex@@@Z
??0?$complex@M@std@@QAE@ABU_C_ldouble_complex@@@Z
??0?$complex@M@std@@QAE@ABV?$complex@N@1@@Z
??0?$complex@M@std@@QAE@ABV?$complex@O@1@@Z
??0?$complex@N@std@@QAE@ABN0@Z
??0?$complex@N@std@@QAE@ABU_C_double_complex@@@Z
??0?$complex@N@std@@QAE@ABU_C_ldouble_complex@@@Z
??0?$complex@N@std@@QAE@ABV?$complex@M@1@@Z
??0?$complex@N@std@@QAE@ABV?$complex@O@1@@Z
??0?$complex@O@std@@QAE@ABO0@Z
??0?$complex@O@std@@QAE@ABU_C_ldouble_complex@@@Z
??0?$complex@O@std@@QAE@ABV?$complex@M@1@@Z
??0?$complex@O@std@@QAE@ABV?$complex@N@1@@Z
??0?$ctype@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@D@std@@QAE@PBF_NI@Z
??0?$ctype@G@std@@IAE@PBDI@Z
??0?$ctype@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@G@std@@QAE@I@Z
??0?$ctype@_W@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@_W@std@@QAE@I@Z
??0?$messages@D@std@@IAE@PBDI@Z
??0?$messages@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$messages@D@std@@QAE@I@Z
??0?$messages@G@std@@IAE@PBDI@Z
??0?$messages@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$messages@G@std@@QAE@I@Z
??0?$messages@_W@std@@IAE@PBDI@Z
??0?$messages@_W@std@@QAE@ABV_Locinfo@1@I@Z
??0?$messages@_W@std@@QAE@I@Z
??0?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$money_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$money_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$money_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0?$moneypunct@D$00@std@@IAE@PBDI@Z
??0?$moneypunct@D$00@std@@QAE@ABV_Locinfo@1@I_N@Z
??0?$moneypunct@D$00@std@@QAE@I@Z
??0?$moneypunct@D$0A@@std@@IAE@PBDI@Z
??0?$moneypunct@D$0A@@std@@QAE@ABV_Locinfo@1@I_N@Z
??0?$moneypunct@D$0A@@std@@QAE@I@Z
??0?$moneypunct@G$00@std@@IAE@PBDI@Z
??0?$moneypunct@G$00@std@@QAE@ABV_Locinfo@1@I_N@Z
??0?$moneypunct@G$00@std@@QAE@I@Z
??0?$moneypunct@G$0A@@std@@IAE@PBDI@Z
??0?$moneypunct@G$0A@@std@@QAE@ABV_Locinfo@1@I_N@Z
??0?$moneypunct@G$0A@@std@@QAE@I@Z
??0?$moneypunct@_W$00@std@@IAE@PBDI@Z
??0?$moneypunct@_W$00@std@@QAE@ABV_Locinfo@1@I_N@Z
??0?$moneypunct@_W$00@std@@QAE@I@Z
??0?$moneypunct@_W$0A@@std@@IAE@PBDI@Z
??0?$moneypunct@_W$0A@@std@@QAE@ABV_Locinfo@1@I_N@Z
??0?$moneypunct@_W$0A@@std@@QAE@I@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z

Sections

.text
Size: 525KB - Virtual size: 524KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sounds/iFilters/msvcr90.dll
.dll windows x86

0fda4497453286b1daa098623dfc53ce

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-08-2007 00:23

Not After

23-02-2009 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-09-2006 01:53

Not After

16-09-2011 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-09-2006 01:53

Not After

16-09-2011 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

54:13:79:94:a8:94:70:d8:e8:ea:19:5c:85:d8:c4:57:81:82:2d:8c
Signer

Actual PE Digest

54:13:79:94:a8:94:70:d8:e8:ea:19:5c:85:d8:c4:57:81:82:2d:8c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetSystemWindowsDirectoryW
GetSystemDirectoryW
GetLongPathNameW
GetCurrentThreadId
TlsGetValue
DebugBreak
OutputDebugStringA
GetCommandLineA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ExitThread
CloseHandle
GetLastError
ResumeThread
CreateThread
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThread
FindNextFileA
FindFirstFileA
FindClose
FindNextFileW
FindFirstFileW
GetLogicalDrives
GetDiskFreeSpaceA
FileTimeToSystemTime
FileTimeToLocalFileTime
SetErrorMode
Beep
GetFileAttributesA
SetFileAttributesA
SetEnvironmentVariableA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeA
GetCurrentProcessId
CreateDirectoryA
MoveFileA
RemoveDirectoryA
DeleteFileA
GetFileAttributesW
SetEnvironmentVariableW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
MoveFileW
RemoveDirectoryW
GetDriveTypeW
DeleteFileW
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
LoadLibraryA
FreeLibrary
CreateProcessW
ReadFile
DuplicateHandle
GetCurrentProcess
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetLocalTime
WideCharToMultiByte
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetLocalTime
MultiByteToWideChar
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
RtlUnwind
RaiseException
HeapFree
HeapAlloc
GetProcessHeap
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
HeapSize
HeapReAlloc
VirtualAlloc
HeapValidate
HeapCompact
HeapWalk
VirtualProtect
GetSystemInfo
VirtualQuery
SetHandleCount
GetFileType
GetStartupInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
CreateFileA
FlushFileBuffers
CreatePipe
CreateFileW
SetStdHandle
ReadConsoleInputA
SetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
ReadConsoleInputW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
IsDBCSLeadByteEx
ReadConsoleA
ReadConsoleW
SetEndOfFile
GetFileInformationByHandle
PeekNamedPipe
InterlockedExchange
LockFile
UnlockFile
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
FreeEnvironmentStringsA
GetEnvironmentStrings
QueryPerformanceCounter
GetTickCount
GetStringTypeW
GetStringTypeA
LCMapStringA
LCMapStringW
CompareStringA
CompareStringW
GetLocaleInfoW
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
LoadLibraryW
GetModuleHandleA

Exports

Exports

$I10_OUTPUT
??0__non_rtti_object@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
??0bad_typeid@std@@QAE@ABV01@@Z
??0bad_typeid@std@@QAE@PBD@Z
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABQBDH@Z
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
??1__non_rtti_object@std@@UAE@XZ
??1bad_cast@std@@UAE@XZ
??1bad_typeid@std@@UAE@XZ
??1exception@std@@UAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??2@YAPAXIHPBDH@Z
??3@YAXPAX@Z
??4__non_rtti_object@std@@QAEAAV01@ABV01@@Z
??4bad_cast@std@@QAEAAV01@ABV01@@Z
??4bad_typeid@std@@QAEAAV01@ABV01@@Z
??4exception@std@@QAEAAV01@ABV01@@Z
??8type_info@@QBE_NABV0@@Z
??9type_info@@QBE_NABV0@@Z
??_7__non_rtti_object@std@@6B@
??_7bad_cast@std@@6B@
??_7bad_typeid@std@@6B@
??_7exception@@6B@
??_7exception@std@@6B@
??_Fbad_cast@std@@QAEXXZ
??_Fbad_typeid@std@@QAEXXZ
??_U@YAPAXI@Z
??_U@YAPAXIHPBDH@Z
??_V@YAXPAX@Z
?_Name_base@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z
?_Name_base_internal@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z
?_Type_info_dtor@type_info@@CAXPAV1@@Z
?_Type_info_dtor_internal@type_info@@CAXPAV1@@Z
?_ValidateExecute@@YAHP6GHXZ@Z
?_ValidateRead@@YAHPBXI@Z
?_ValidateWrite@@YAHPAXI@Z
?_inconsistency@@YAXXZ
?_invalid_parameter@@YAXPBG00II@Z
?_is_exception_typeof@@YAHABVtype_info@@PAU_EXCEPTION_POINTERS@@@Z
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
?_open@@YAHPBDHH@Z
?_query_new_handler@@YAP6AHI@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AHI@ZH@Z
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?_sopen@@YAHPBDHHH@Z
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?_wopen@@YAHPB_WHH@Z
?_wsopen@@YAHPB_WHHH@Z
?before@type_info@@QBEHABV1@@Z
?name@type_info@@QBEPBDPAU__type_info_node@@@Z
?raw_name@type_info@@QBEPBDXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZH@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZH@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?swprintf@@YAHPAGIPBGZZ
?swprintf@@YAHPA_WIPB_WZZ
?terminate@@YAXXZ
?unexpected@@YAXXZ
?vswprintf@@YAHPA_WIPB_WPAD@Z
?what@exception@std@@UBEPBDXZ
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CRT_RTC_INIT
_CRT_RTC_INITW
_CreateFrameInfo
_CxxThrowException
_EH_prolog
_FindAndUnlinkFrame
_Getdays
_Getmonths
_Gettnames
_HUGE
_IsExceptionObjectToBeDestroyed
_NLG_Dispatch2
_NLG_Return
_NLG_Return2
_Strftime
_XcptFilter
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__CppXcptFilter
__CxxCallUnwindDelDtor
__CxxCallUnwindDtor
__CxxCallUnwindStdDelDtor
__CxxCallUnwindVecDtor
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
__STRINGTOLD_L
__TypeMatch
___fls_getvalue@4
___fls_setvalue@8
___lc_codepage_func
___lc_collate_cp_func
___lc_handle_func
___mb_cur_max_func
___mb_cur_max_l_func
___setlc_active_func
___unguarded_readlc_active_add_func
__argc
__argv
__badioinfo
__clean_type_info_names_internal
__control87_2
__create_locale
__crtCompareStringA
__crtCompareStringW
__crtGetLocaleInfoW
__crtGetStringTypeW
__crtLCMapStringA
__crtLCMapStringW
__daylight
__dllonexit
__doserrno
__dstbias
__fpecode
__free_locale
__get_app_type
__get_current_locale
__get_flsindex
__get_tlsindex
__getmainargs
__initenv
__iob_func
__isascii
__iscsym
__iscsymf
__iswcsym
__iswcsymf
__lc_clike
__lc_codepage
__lc_collate_cp
__lc_handle
__lconv
__lconv_init
__libm_sse2_acos
__libm_sse2_acosf
__libm_sse2_asin
__libm_sse2_asinf
__libm_sse2_atan
__libm_sse2_atan2
__libm_sse2_atanf
__libm_sse2_cos
__libm_sse2_cosf
__libm_sse2_exp
__libm_sse2_expf
__libm_sse2_log
__libm_sse2_log10
__libm_sse2_log10f
__libm_sse2_logf
__libm_sse2_pow
__libm_sse2_powf
__libm_sse2_sin
__libm_sse2_sinf
__libm_sse2_tan
__libm_sse2_tanf
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__amblksiz
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__wpgmptr
__pctype_func
__pioinfo
__pwctype_func
__pxcptinfoptrs
__report_gsfailure
__set_app_type
__set_flsgetvalue
__setlc_active
__setusermatherr
__strncnt
__swprintf_l
__sys_errlist
__sys_nerr
__threadhandle
__threadid
__timezone
__toascii
__tzname
__unDName
__unDNameEx
__unDNameHelper
__uncaught_exception
__unguarded_readlc_active
__vswprintf_l
__wargv
__wcserror
__wcserror_s
__wcsncnt
__wgetmainargs
__winitenv
_abnormal_termination
_abs64
_access
_access_s
_acmdln
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_adjust_fdiv
_aexit_rtn
_aligned_free
_aligned_malloc
_aligned_msize
_aligned_offset_malloc
_aligned_offset_realloc
_aligned_offset_recalloc
_aligned_realloc
_aligned_recalloc
_amsg_exit
_assert
_atodbl
_atodbl_l
_atof_l
_atoflt
_atoflt_l
_atoi64
_atoi64_l
_atoi_l
_atol_l
_atoldbl
_atoldbl_l
_beep
_beginthread
_beginthreadex
_byteswap_uint64
_byteswap_ulong
_byteswap_ushort
_c_exit
_cabs
_callnewh
_calloc_crt
_cexit
_cgets
_cgets_s
_cgetws
_cgetws_s
_chdir
_chdrive
_chgsign
_chkesp
_chmod
_chsize
_chsize_s
_clearfp
_close
_commit
_commode
_configthreadlocale
_control87
_controlfp
_controlfp_s
_copysign
_cprintf
_cprintf_l
_cprintf_p
_cprintf_p_l
_cprintf_s
_cprintf_s_l
_cputs
_cputws
_creat
_create_locale
_crt_debugger_hook
_cscanf
_cscanf_l
_cscanf_s
_cscanf_s_l
_ctime32
_ctime32_s
_ctime64
_ctime64_s
_cwait
_cwprintf
_cwprintf_l
_cwprintf_p
_cwprintf_p_l
_cwprintf_s
_cwprintf_s_l
_cwscanf
_cwscanf_l
_cwscanf_s
_cwscanf_s_l
_daylight
_decode_pointer
_difftime32
_difftime64
_dosmaperr
_dstbias
_dup
_dup2
_dupenv_s
_ecvt
_ecvt_s
_encode_pointer
_encoded_null
_endthread
_endthreadex
_environ
_eof
_errno
_except_handler2
_except_handler3
_except_handler4_common
_execl
_execle
_execlp
_execlpe
_execv
_execve
_execvp
_execvpe
_exit
_expand
_fclose_nolock
_fcloseall
_fcvt
_fcvt_s
_fdopen
_fflush_nolock
_fgetchar
_fgetwc_nolock
_fgetwchar
_filbuf
_filelength
_filelengthi64
_fileno
_findclose
_findfirst32
_findfirst32i64
_findfirst64
_findfirst64i32
_findnext32
_findnext32i64
_findnext64
_findnext64i32
_finite
_flsbuf
_flushall
_fmode
_fpclass
_fpieee_flt
_fpreset
_fprintf_l
_fprintf_p
_fprintf_p_l
_fprintf_s_l
_fputchar
_fputwc_nolock
_fputwchar
_fread_nolock
_fread_nolock_s
_free_locale
_freea
_freea_s
_freefls
_fscanf_l
_fscanf_s_l
_fseek_nolock
_fseeki64
_fseeki64_nolock
_fsopen
_fstat32
_fstat32i64
_fstat64
_fstat64i32
_ftell_nolock
_ftelli64
_ftelli64_nolock
_ftime32
_ftime32_s
_ftime64
_ftime64_s
_ftol
_fullpath
_futime32
_futime64
_fwprintf_l
_fwprintf_p
_fwprintf_p_l
_fwprintf_s_l
_fwrite_nolock
_fwscanf_l
_fwscanf_s_l
_gcvt
_gcvt_s
_get_amblksiz
_get_current_locale
_get_daylight
_get_doserrno
_get_dstbias
_get_errno
_get_fmode
_get_heap_handle
_get_invalid_parameter_handler
_get_osfhandle
_get_output_format
_get_pgmptr
_get_printf_count_output
_get_purecall_handler
_get_sbh_threshold
_get_terminate
_get_timezone
_get_tzname
_get_unexpected
_get_wpgmptr
_getc_nolock
_getch
_getch_nolock
_getche
_getche_nolock
_getcwd
_getdcwd
_getdcwd_nolock
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp
_getpid
_getptd
_getsystime
_getw
_getwch
_getwch_nolock
_getwche
_getwche_nolock
_getws
_getws_s
_global_unwind2
_gmtime32

Sections

.text
Size: 598KB - Virtual size: 598KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sounds/iFilters/ooofilt.dll
.dll regsvr32 windows x86

65fe882b6ba3a6a88d7f9e130e69301e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

StringFromCLSID
CoTaskMemAlloc
CoTaskMemFree

advapi32

RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegQueryInfoKeyA
RegCloseKey
RegSetValueExA
RegDeleteKeyA
RegEnumKeyExA

kernel32

GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
InterlockedIncrement
InterlockedDecrement
DisableThreadLibraryCalls
GetSystemDefaultLCID
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleW
GetVersionExW
GetShortPathNameW
LocalFree
FormatMessageA
Sleep
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
InterlockedExchange

msvcp90

?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@V?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@1@0@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?swap@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXAAV12@@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
?clear@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXXZ
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z
?allocate@?$allocator@D@std@@QAEPADI@Z
?deallocate@?$allocator@D@std@@QAEXPADI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z

msvcr90

_invalid_parameter_noinfo
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
_wcsicmp
memset
perror
wcstombs
_purecall
memmove_s
_stricmp
_close
_write
_open
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
free
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
_time64
ferror
??2@YAPAXI@Z
??_V@YAXPAX@Z
??0exception@std@@QAE@XZ
memcpy
??3@YAXPAX@Z
?what@exception@std@@UBEPBDXZ
realloc
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
rand
srand
memmove
__CxxFrameHandler3
malloc
fopen
fread
fwrite
ftell
_ftelli64
fseek
_fseeki64
fclose

user32

LoadStringW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetVersionInfo

Sections

.text
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sounds/news.wav
Sounds/ok.wav
Sounds/stops.wav
Sounds/tick.wav
Sounds/timeout.wav
Sounds/wait.wav
d3dcompiler_47.dll
.dll windows x64

4004e7f7eff525b82926d9696cb4db19

Code Sign

33:00:00:00:c3:3b:b8:10:d6:ab:75:9c:84:00:00:00:00:00:c3
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-09-2016 17:58

Not After

07-09-2018 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=AOC+OU=nCipher DSE ESN:D236-37DA-9761,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:79:7c:2e:57:4e:52:e1:ca:d6:00:01:00:00:01:79
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-08-2017 20:11

Not After

11-08-2018 20:11

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:cc:b5:5b:42:17:07:60:13:11:00:00:00:00:01:cc
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-09-2017 18:07

Not After

12-09-2018 18:07

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-07-2010 20:40

Not After

06-07-2025 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:ac:68:cf:5d:17:21:66:80:b3:3a:75:5a:f7:9b:a8:cf:a4:a9:ea:0a:d8:7f:7f:64:68:e2:b3:93:a4:eb:9a
Signer

Actual PE Digest

90:ac:68:cf:5d:17:21:66:80:b3:3a:75:5a:f7:9b:a8:cf:a4:a9:ea:0a:d8:7f:7f:64:68:e2:b3:93:a4:eb:9a

Digest Algorithm

sha256

PE Digest Matches

true

fa:90:fa:70:4f:be:7b:a4:ac:bd:95:97:95:be:bb:d0:a7:a6:8b:11
Signer

Actual PE Digest

fa:90:fa:70:4f:be:7b:a4:ac:bd:95:97:95:be:bb:d0:a7:a6:8b:11

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_unlock
_lock
??1type_info@@UEAA@XZ
strncpy_s
malloc
_strnicmp
atoi
isdigit
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
_callnewh
_isnan
_purecall
__isascii
_clearfp
_controlfp
_strdup
_mbstrlen
_vsnwprintf
strtoul
isxdigit
isalpha
atof
strchr
setlocale
strnlen
__dllonexit
modf
isspace
wcsncmp
wcsncpy_s
_wcsicmp
memcpy
memset
fclose
bsearch
qsort
strcat_s
strstr
_onexit
memcmp
strcmp
_snwprintf_s
__unDName
fread
fseek
_wfsopen
wcstoul
_fileno
sscanf_s
_filelengthi64
towlower
_wcsnicmp
_wsplitpath_s
wcscpy_s
wcsncat_s
wcsrchr
swprintf_s
_wfullpath
_wmakepath_s
_time64
_chsize_s
_close
_read
_write
_lseeki64
_get_osfhandle
_open_osfhandle
_wcsdup
wcscat_s
ftell
_mbscmp
_memicmp
_wgetenv
toupper
_atoi64
_errno
strtod
__CxxFrameHandler3
_strtoui64
?terminate@@YAXXZ
_CxxThrowException
tan
strrchr
tolower
_finite
_fpclass
memmove
strcpy_s
memcpy_s
isalnum
getenv
free
_stricmp
sprintf_s
_vsnprintf
strncmp
_wsopen
acos
asin
atan
atan2
ceil
cos
cosh
exp
floor
floorf
fmod
log
pow
sin
sinh
sqrt
tanh

kernel32

GetModuleFileNameA
GetEnvironmentVariableA
HeapCreate
lstrcmpiA
CreateFileA
SetLastError
FlushViewOfFile
MapViewOfFileEx
SetFilePointer
InitializeCriticalSectionAndSpinCount
ExpandEnvironmentStringsW
DeviceIoControl
SetFilePointerEx
SetEndOfFile
GetFileType
DeleteFileW
SetFileAttributesW
LCMapStringW
GetFileAttributesW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
LocalFree
LocalAlloc
LoadLibraryExW
DisableThreadLibraryCalls
MultiByteToWideChar
WideCharToMultiByte
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringA
HeapAlloc
GetProcessHeap
HeapFree
WriteFile
FreeLibrary
VirtualFree
VirtualAlloc
GetSystemInfo
CreateFileW
GetLastError
GetFileSizeEx
ReadFile
CloseHandle
Sleep
TlsAlloc
TlsSetValue
HeapDestroy
TlsGetValue
TlsFree
GetFullPathNameW
GetFullPathNameA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
GetProcAddress

advapi32

CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExW
RegOpenKeyExW
CryptDestroyHash
RegCloseKey

rpcrt4

UuidCreate

Exports

Exports

D3DAssemble
D3DCompile
D3DCompile2
D3DCompileFromFile
D3DCompressShaders
D3DCreateBlob
D3DCreateFunctionLinkingGraph
D3DCreateLinker
D3DDecompressShaders
D3DDisassemble
D3DDisassemble10Effect
D3DDisassemble11Trace
D3DDisassembleRegion
D3DGetBlobPart
D3DGetDebugInfo
D3DGetInputAndOutputSignatureBlob
D3DGetInputSignatureBlob
D3DGetOutputSignatureBlob
D3DGetTraceInstructionOffsets
D3DLoadModule
D3DPreprocess
D3DReadFileToBlob
D3DReflect
D3DReflectLibrary
D3DReturnFailure1
D3DSetBlobPart
D3DStripShader
D3DWriteBlobToFile
DebugSetMute

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 868KB - Virtual size: 867KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
templates/ADX.tpl
templates/BollingerBands.tpl
templates/Layers.tpl
templates/Momentum.tpl
templates/OptimizationReport.htm
.html
templates/Popular.tpl
templates/StatementDetailed.htm
.html
templates/Volume.tpl
templates/Williams.tpl
templates/statement.htm
.html
templates/strategytester.htm
.html

Sharing

General

Malware Config

Signatures

Files

Password: 1234

8d593f505cdb816120e808e5cd4d59ba

Code Sign

3f:dc:7a:3e:7e:96:5e:b6:4e:3a:1a:ce:c7:32:b0:e3Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

30:d1:3e:85:fc:c6:9d:b0:a8:b4:dd:47:2d:4f:d5:60:fc:c5:82:a6:ae:42:d0:9b:b0:57:eb:1a:fb:a2:54:76Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

oleaut32

crypt32

user32

Sections

.text Size: - Virtual size: 253KB

.rdata Size: - Virtual size: 55KB

.data Size: - Virtual size: 2.6MB

.vmp!+~& Size: - Virtual size: 3.4MB

.vmp!+~& Size: 1KB - Virtual size: 1KB

.vmp!+~& Size: 7.6MB - Virtual size: 7.6MB

.reloc Size: 2KB - Virtual size: 1KB

.rsrc Size: 124KB - Virtual size: 123KB

Password: 1234

e6924013f9544cd1b5edce5063af9cd1

Code Sign

0c:ab:80:ca:72:78:c1:c6:ce:80:a8:f0:14:4b:19:4bCertificate

Extended Key Usages

Key Usages

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

07:2b:f5:aa:54:a4:4b:15:3b:44:ff:8a:d3:cf:66:49Certificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

45:4e:65:44:f3:a4:21:31:fe:0b:6c:f1:14:cd:8c:eb:a6:81:22:36:fe:ac:d6:fb:0e:2d:55:9b:07:9e:4f:31Signer

89:4f:f2:5c:6d:dc:a8:ae:28:60:c9:8b:91:56:2f:d3:b9:0f:b9:73Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 92KB - Virtual size: 91KB

.rdata Size: 21KB - Virtual size: 21KB

.data Size: 5KB - Virtual size: 13KB

3f:dc:7a:3e:7e:96:5e:b6:4e:3a:1a:ce:c7:32:b0:e3
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

30:d1:3e:85:fc:c6:9d:b0:a8:b4:dd:47:2d:4f:d5:60:fc:c5:82:a6:ae:42:d0:9b:b0:57:eb:1a:fb:a2:54:76
Signer

.text
Size: - Virtual size: 253KB

.rdata
Size: - Virtual size: 55KB

.data
Size: - Virtual size: 2.6MB

.vmp!+~&
Size: - Virtual size: 3.4MB

.vmp!+~&
Size: 1KB - Virtual size: 1KB

.vmp!+~&
Size: 7.6MB - Virtual size: 7.6MB

.reloc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 124KB - Virtual size: 123KB

0c:ab:80:ca:72:78:c1:c6:ce:80:a8:f0:14:4b:19:4b
Certificate

61:1c:b2:8a:00:00:00:00:00:26
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

61:1c:b2:8a:00:00:00:00:00:26
Certificate

07:2b:f5:aa:54:a4:4b:15:3b:44:ff:8a:d3:cf:66:49
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

45:4e:65:44:f3:a4:21:31:fe:0b:6c:f1:14:cd:8c:eb:a6:81:22:36:fe:ac:d6:fb:0e:2d:55:9b:07:9e:4f:31
Signer

89:4f:f2:5c:6d:dc:a8:ae:28:60:c9:8b:91:56:2f:d3:b9:0f:b9:73
Signer

.text
Size: 92KB - Virtual size: 91KB

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 9KB - Virtual size: 9KB

01:85:df:b2:66:16:5f:52:02:5e:7a:5b:14:97:f4:7d
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

33:00:00:00:57:ee:4d:65:9a:92:3e:7c:10:00:00:00:00:00:57
Certificate

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

c0:dc:ec:7d:1e:9a:6b:16:27:b5:4b:7a:36:48:0b:4e:66:cb:72:3c:0a:b0:37:0d:89:7f:17:d6:3f:0a:ca:16
Signer

c0:dc:ec:7d:1e:9a:6b:16:27:b5:4b:7a:36:48:0b:4e:66:cb:72:3c:0a:b0:37:0d:89:7f:17:d6:3f:0a:ca:16
Signer

.text
Size: 75KB - Virtual size: 74KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 11KB

.pdata
Size: 2KB - Virtual size: 2KB

PAGE
Size: 1024B - Virtual size: 908B

INIT
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 856B

.reloc
Size: 512B - Virtual size: 96B

33:00:00:00:dc:34:1a:52:0f:bb:cf:3d:8c:00:00:00:00:00:dc
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

01:85:df:b2:66:16:5f:52:02:5e:7a:5b:14:97:f4:7d
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

c0:dc:ec:7d:1e:9a:6b:16:27:b5:4b:7a:36:48:0b:4e:66:cb:72:3c:0a:b0:37:0d:89:7f:17:d6:3f:0a:ca:16
Signer

c0:dc:ec:7d:1e:9a:6b:16:27:b5:4b:7a:36:48:0b:4e:66:cb:72:3c:0a:b0:37:0d:89:7f:17:d6:3f:0a:ca:16
Signer

.text
Size: 75KB - Virtual size: 74KB

.rdata
Size: 5KB - Virtual size: 5KB